Changes between Initial Version and Version 1 of GENIExperimenter/Tutorials/OpenFlowOVS/FirewallExecute

11/20/15 04:57:56 (7 years ago)



  • GENIExperimenter/Tutorials/OpenFlowOVS/FirewallExecute

    v1 v1  
     1= OpenFlow Firewall =
     3''This exercise is based on as assignment by [ Sonia Famy, Ethan Blanton and Sriharsha Gangam of Purdue University].''
     5For this experiment we will run an !OpenFlow Firewall. 
     7[[Image(, 50%, nolink)]]
     15            <table border="0">
     16              <tr>
     17                <td >
     18                 <ol type="a">
     19            <li>Log into <tt>switch</tt> and run the following commands to download and run the firewall controller:
     21sudo apt-get install python-pip python-dev libxml2-dev libxslt-dev zlib1g-dev
     22sudo pip install oslo.config
     26Run a simple learning switch controller:
     28cd /tmp/ryu
     29./bin/ryu-manager --verbose ryu/app/
     32<li> Verify simple connectivity by logging into <tt>right</tt> ping <tt>left</tt>
     34ping left
     36Notice the printouts of the ryu simple switch controller.
     39   Stop your controller by Ctrl-c and remove all your flows
     41sudo ovs-ofctl del-flows br0
     43<li> Make your switch into a firewall by downloading and running the appropriate Ryu controller:
     46tar xvfz gpo-ryu-firewall.tar.gz
     47cd gpo-ryu-firewall/
     50<b> WARNING </b> If at some point your controller prints an error, kill it (ctrc-c) and start it again.
     51 </li>
     52            <li>Log into <tt>right</tt> and run a <tt>nc</tt> server:
     54nc -l 5001
     57            <li>Log into <tt>left</tt> and run a <tt>nc</tt> client:
     59nc 5001
     61            <li>Type some text in <tt>left</tt> and it should appear in <tt>right</tt> and vise versa.</li>
     62            <li>In the terminal for <tt>switch</tt> you should see messages about the flow being passed or not:
     64Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '', 'dip': ''}
     65Allow Connection rule {'dport': '5001', 'dip': '', 'sip': '', 'sport': 'any'}
     68            <li><tt>CTRL-C</tt> to kill <tt>nc</tt> in each terminal. </li>
     69            <li>Run a <tt>nc</tt> server on port 5002, then 5003.
     70       <ul>
     71         <li> Compare the observed behavior to the contents of <tt>~/gpo-ryu-firewall/fw.conf</tt>.  <i>Does the behavior match the configuration file?</i>
     72         <li> Stop the Firewall controller and run a simple switch controller. Is there any traffic being blocked now? Don't forget to delete the flows after you stop the controller</li>
     73         <li>  Feel free to modify the configuration file to allow more traffic.</li>
     74      </ul>
     76           </ol>
     79= [.. Return to the main page] =