Version 5 (modified by, 5 years ago) (diff)


Internet2 FlowSpace Firewall Tests

This page outlines testing planned for the Advanced Layer 2 Services (AL2S) FlowSpace Firewall (FSF) feature.

The tests will verify the ability of FSF to provide advertised features for various scenarios that will use both ION and AL2S GENI endpoints. GENI slices will be setup to validate the following:

  • FSF ability to support a simple learning switch controller for various topologies.
  • FSF ability to support multiple concurrent add/delete learning switch controller request.
  • Verify ability to use different learning switch controller implementations (FloodLight, POX)
  • Ability to query statistics for switch, links, firewall rules with FloodLight rest API.


  • Functional testing will start with simple 2 node topology connected to AL2s.
  • All ION to AL2S cross-connects will be used to verify ability to support OpenFlow connections.
  • Testing assumed that GENI networks stitching is available for OESS.
  • End-point traffic types generated will include UDP, TCP, ICMP using various tools.

FSF-T1 Functional Tests

  1. Create slice which results in VLANs allocation between AL2S InstaGENI end-point
  2. Delete VLANs and verify release of VLANs via AL2S router proxy.
  3. Submit multiple concurrent requests to add and to delete flow spaces.
  4. Query FSF status and rules via FloodLight rest API.
  5. Generate traffic outside of pre-defined flowspace and verify that it is handled properly.

Topology Scenarios

FSF-T2 Two Site tests

Initial testing will take place with two sites that are already connected to AL2S. Functional testing will also be executed in this topology.

Connection details for this 2 node topology:

Missouri InstaGENI:
VLANs: 1150-1160
AL2S end-point: KANS
ION cross connect:

Stanford InstaGENI:
VLANs: 1630-1639
AL2S end-point: SUNN
ION cross connect:

FSF-T3 ION to AL2S interconnects tests

Both slices shown will be setup using each of the 10 interconnects between ION and AL2s:

ION to AL2S cross-connects The following cross-connects will be verified in the OpenFlow topologies shown above are:

  1. sdn-sw.losa e1/1 <-> rtr.losa:port=et-10/0/0
  2. sdn-sw.atla e15/1 <-> rtr.atla:port=xe-0/3/0
  3. sdn-sw.chic e3/1 <-> rtr.chic:port=et-10/0/0
  4. sdn-sw.clev e5/1 <-> rtr.clev:port=et-5/0/0
  5. sdn-sw.hous e15/3 <-> rtr.hous:port=xe-0/1/3
  6. sdn-sw.kans e15/1 <-> rtr.kans:port=xe-0/0/3
  7. sdn-sw.newy32aoa e3/2 <-> rtr.newy:port=et-5/0/0
  8. sdn-sw.salt e15/1 <-> rtr.salt:port=xe-0/1/1
  9. e-2/0/0.0 <->
  1. sdn-sw.wash e5/2 <-> rtr.wash:port=et-9/0/0

FSF-T4 Linear topology tests

Multiple concurrent version of this topology will be set up by multiple users:

FSF-T5 Star Topology tests

Multiple concurrent version of this topology will be set up by multiple users:

Attachments (4)

Download all attachments as: .zip