Description of the exercise

This assignment will introduce you to OpenFlow basics using Mininet. First you'll be setting up a virtual machine equipped with tools and applications for testing and configuring a Mininet OpenFlow environment. Later on, you'll modify the example OpenFlow controllers to apply your own forwarding rules to the switches in Mininet.

Additional reading

• VirtualBox - VirtualBox downloads and documentation
• OpenFlow - Enabling Innovation in Campus Networks
• Pox Wiki - Pox documentation resource
• Mininet documentation
• Pyretic - Python version of Frenetic northbound API

1. Preparation

Unlike the previous exercises, this exercise is done using your own personal computer or computers in the Paniikki computer class room (C106). If you use your own computer you'll first need to install VirtualBox from the link above and X-server (Xming for Windows or XQuartz for Mac OSX). Linux distributions usually have X-server preinstalled.

2. Setting up the Mininet virtual machine

First, you need to download the VirtualBox Mininet image found in https://bitbucket.org/reich/pyretic-vms/downloads/Pyretic-0.2.2-i386.zip. Import the image in VirtualBox and set up a host-only networking adapter to the imported VM instance. This interface will be used for connecting to the Mininet environment using ssh.

Fire up the VM instance and log into it using login name mininet and password mininet. Type in the following command to fetch an IP address to the host-only networking adapter eth1:

sudo dhclient eth1

You should now be able to connect to the VM with X forwarding enabled using ssh and the address returned by the dhclient. 

3. Mininet

Start Mininet using single mn command which defines a topology of a single switch and three hosts. In addition the command must define that the OpenFlow controller is remote and the hosts will automatically get ascending mac addresses and static ARP entries. Adding ARP entries is important for assignments 4, 5 and 6. By testing connectivity you should notice, that the hosts are not able to connect since there is no controller connected. We are not going to connect a controller, but use a dpctl tool to install the flows.

Run the following commands and test the connectivity again:
dpctl add-flow tcp:127.0.0.1:6634 in_port=1,actions=output:2
dpctl add-flow tcp:127.0.0.1:6634 in_port=2,actions=output:1

Take a look into example scripts in /home/mininet/mininet/examples and using the scripts as template create a python script that creates a tree-topology described below:

In the script include commands to start the network, dump the link information of hosts and switches. (See: dumpNodeConnections() -function.) Finally test the connectivity with pingall.

4. POX OpenFlow Controller

Instead of using the reference controller we'll next connect a POX OpenFlow controller to the Mininet effectively changing the network behaviour according to the modules loaded in POX.

POX is preinstall in the VM image. Start up POX with a hub-like controller module /home/mininet/pox/pox/forwarding/hub.py, which floods all traffic to every port in switch except the input port. Start Mininet with the command used in assignment 3.1. Verify the hub behaviour with tcpdump at h1, h2 and h3 (xterm h1 h2 h3). Your mission is to alter the hub module to direct all traffic from switch port 1 to port 2 and vice versa. Take a look into /home/mininet/pox/pox/forwarding for examples. Verify functionality by tcpdump.

To run pox modules: "pox.py pox.directory.file" e.g. "pox.py pox.forwarding.hub". 

5. Pyretic Northbound API

As demonstrated in the previous assignments, one can control a switch remotely using dpctl and low-level python commands. However, constructing complex applications like firewalling, load-balancing or such using only low-level tools can be tricky. Pyretic (Python Frenetic) raises the abstraction level thus enabling developers more powerful tools over programmable switches.

Pyretic is preinstalled in the VM image. Start up pyretic with high verbosity mode (-v high) and mac_learner.py module. This module is a layer-2 learning switch. Start Mininet with the command used in assignment 3.1 and open up xterms for each host (xterm h1 h2 h3). Begin monitoring the interfaces from each machine using tcpdump. Ping from h1 to h2.

6. Implementing Layer-2 firewall in Pyretic

Next you will be extending the functionality of the switch with mac address filtering using Pyretic. A list of source and destination mac address pairs is presented below. You'll need to drop all the traffic between these two end-points.

You can use pyretic/tutorial/of_tutorial as a base and extend it to filter the addresses. One way to insert a large amount of MAC address rules is to create a csv file and use python's csv-library to iterate throught the list. However, you are allowed to manually insert the addresses into the code as well.

Start up Mininet with the command used in assignment 3.1, but change the amount of hosts connected to the switch to 8. Run pyretic with your newly created firewall-module. Capture the OpenFlow FlowMod, PacketIn and PacketOut messages using wireshark with filter "of". Observe the network behaviour with Mininet-command pingall.

After finishing the firewall module you should see the following output when executing pingall at Mininet console:

mininet> pingall
*** Ping: testing ping reachability
h1 -> h2 h3 h4 h5 h6 h7 X 
h2 -> h1 h3 h4 h5 h6 X h8 
h3 -> h1 h2 h4 h5 X h7 h8 
h4 -> h1 h2 h3 X h6 h7 h8 
h5 -> h1 h2 h3 X h6 h7 h8 
h6 -> h1 h2 X h4 h5 h7 h8 
h7 -> h1 X h3 h4 h5 h6 h8 
h8 -> X h2 h3 h4 h5 h6 h7 
*** Results: 14% dropped (48/56 received)