SDN Command Line Controller Lab
Download
Report
Transcript SDN Command Line Controller Lab
Software Defined Networking
Lab
Using Mininet
and the
POX Controller
Last Update 2014.02.04
2.1.0
Copyright 2014 Kenneth M. Chipps Ph.D.
www.chipps.com
1
Sources
• This lab uses the OpenFlow Tutorial
sample lab from
• http://archive.openflow.org/wk/index.php/O
penFlow_Tutorial#Download_Files
• and content from the book Software
Defined Networking with OpenFlow by
Siamak Azodolmolky
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
2
The SDN Lab
• For this lab on SDN we will be using
Mininet to create the SDN hardware and
OpenFlow commands to define how the
hardware acts
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
3
What is Mininet
• Mininet is a network emulator, not a
simulator
• It can be used to create virtual hosts,
hubs, switches, controllers, and links
• The code used in Mininet can be used with
no or minimal changes on real SDN
OpenFlow networks
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
4
Flow of the Lab
• In this lab you will
– Simulate a multi-switch, multi-host network
with Mininet
– Create flow tables from the command line
– Setup a controller to download the flow
entries
– View OpenFlow messages with Wireshark
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
5
Flow of the Lab
• After the tutorial, you can apply what
you've learned to physical networks based
on software switches or SDN capable
hardware switches at line rate
• Here are the steps we will go through
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
6
Flow of the Lab
– Download the virtual machine
– Setup the virtual machine
– Check the setup in Linux
– Create the network
– Examine the network
– Work with basic OpenFlow commands
– Add a controller
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
7
Download the Virtual Machine
• For this lab a virtual machine appliance in
ovf format must be downloaded from the
OpenFlow Tutorial website here
– https://github.com/downloads/mininet/mininet/
mininet-2.0.0-113012-amd64-ovf.zip
• Download this file
• Expand the zip file
• You should see these files
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
8
Download the Virtual Machine
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
9
Setup the Virtual Machine
• To import this appliance into VirtualBox
– Select
• File
– Import Appliance
» Select the ovf image
» Press the Import button
• This lab requires two virtual NICs
– The first one should be set to host-only
network
– The second one to NAT
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
10
Check Linux
• Mininet is a command line tool that runs in
Linux
• The Mininet prompt looks like this
– mininet>
• The Linux prompt ends with a $ for a
normal user
• It ends in # for the root account
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
11
Check Linux
• We will use the sudo command to run the
Linux commands with root privileges at the
normal user prompt
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
12
Check Linux
• Start the virtual machine
• Login to Linux
• The login is
– mininet
– mininet
• The screen should look like this
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
13
Check Linux
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
14
Check Linux
• Let’s see if the two network interfaces are
setup correctly
• At the Linux prompt enter
– ifconfig
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
15
Check Linux
• Three interfaces should appear
• Two physical interfaces called
– eth0
– eth1
– And the loopback interface
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
16
Check Linux
• One of the physical interfaces should have
a 192 address and the other a 10 address
• We will access the virtual machine using a
terminal program using the 192 address
• If either of the eth Ethernet interfaces are
missing, run this command
– sudo dhclient ethx
• Where the x in ethx is the number of the
interface
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
17
Check Linux
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
18
Check Linux
• As you can see the eth1 interface is
missing
• After the dhclient command is run this
appears
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
19
Check Linux
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
20
Create the Network
• Pay close attention to the prompt shown
for each command
• It makes a difference
• The basic network we will start with looks
like this
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
21
Create the Network
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
22
Create the Network
• H2 H3 and H4 are just generic end
devices
• In the real world they would be PCs,
printers, VOIP telephones and so forth
• The others are the SDN devices - a switch
and a controller
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
23
Create the Network
• These commands can be entered in the
VirtualBox window from the keyboard
• Or a terminal program such as Putty can
be used so the commands can be pasted
• Let’s start Putty and connect to the virtual
machine
• Use the 192 IP address
• Putty defaults to SSH
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
24
Create the Network
• So just enter the address and click open
• The login in is the same as before
– mininet
– mininet
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
25
Create the Network
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
26
Create the Network
• To paste a command, copy it from here
and right click on the command prompt
shown in Putty
• The virtual machine is setup with Mininet
installed and ready to run
• Issue this command to create the SDN
devices and links for this lab
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
27
Create the Network
• It all goes on one line in Linux
– $ sudo mn --topo single,3 --mac --switch ovsk --controller remote
• This tells Mininet to start up a three host,
single – openvSwitch based - switch
topology, set the MAC address of each
host equal to its IP, and point to a remote
controller which defaults to the localhost
• The screen should look like this
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
28
Create the Network
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
29
Create the Network
• Here's what Mininet just did
– Created three virtual hosts
– Created a single OpenFlow software switch
with three ports
– Connected each virtual host to the switch with
a virtual Ethernet cable
– Set the MAC address of each host equal to its
IP address
– Configured the OpenFlow switch to connect to
the controller
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
30
Create the Network
• These devices do the following
– An OpenFlow Controller
• The controller creates and transfer to the flow
commands to the switches
– An OpenFlow Switch
• This is a software based switch that takes
commands from the controller that are used to
handle the frames it receives
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
31
Examine the Network
•
•
•
•
Notice that the Linux prompt is gone
This is the mininet prompt
Let’s see what we made
At the Mininet prompt enter
– mininet>nodes
• This should appear
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
32
Examine the Network
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
33
Examine the Network
• We can also see the network using
– mininet>net
• And see information about all the nodes
with
– mininet>dump
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
34
Examine the Network
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
35
Work With OpenFlow
• In OpenFlow to look at a switch’s flow
table the dpctl – data path control
command can be used
• Most OpenFlow switches start up with a
passive listening port - 6634 - from which
you can poll the switch, without having to
add debugging code to the controller
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
36
Work With OpenFlow
• For example the command
– $ dpctl show tcp:127.0.0.1:6634
• will connect to the switch and dump out its
port state and capabilities
• This command can be run from the
Mininet prompt as well in this form
– mininet>dpctl show
• I am going to open another Putty
connection to do this
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
37
Work With OpenFlow
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
38
Work With OpenFlow
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
39
Work With OpenFlow
• This command looks at the flow table
– $ dpctl dump-flows tcp:127.0.0.1:6634
– or
– mininet>dpctl dump-flows
• Since we haven't started a controller yet,
the flow-table should be empty
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
40
Work With OpenFlow
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
41
Work With OpenFlow
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
42
Work With OpenFlow
• With the virtual hardware setup let’s check
network connectivity from the Mininet
console
– mininet>h1 ping –c3 h2
• The syntax for ping in mininet is
– Ping from – h1 here
– Number of pings – 3 times in this example
– Ping to – h2 here
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
43
Work With OpenFlow
• For a continuous ping h1 ping h2
• CRTL c to stop the ping
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
44
Work With OpenFlow
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
45
Work With OpenFlow
• Did you get any replies
• As you saw before, the switch flow table is
empty
• Besides that, the controller is not yet
configured to provide flow handling
instructions to the switch and therefore the
switch doesn't know what to do with
incoming traffic, leading to ping failure
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
46
Work With OpenFlow
• Let’s add some flows using dpctl first
• The dpctl command can do this on an
individual switch without a controller
• These flows are meant to be transitory
• As we are working with this in a lab rather
than in a realtime line rate network we
need to increase the timeout before we
add any flows or we will have to keep
reentering the flows
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
47
Work With OpenFlow
• To increase the timeout to 5 minutes enter
this command
– $dpctl add-flow tcp:127.0.0.1:6634 in_port=1,idle_timeout=300,actions=output:2
• Now we can add the flow commands
• This is an example of a proactive entry to
the flow table as it will be added before the
traffic it will handle has crossed the
network
• In the other lab we will use reactive mode
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
48
Work With OpenFlow
• Type this all on one line
– $ dpctl add-flow tcp:127.0.0.1:6634 in_port=1,actions=output:2
• And this also all on one line
– $ dpctl add-flow tcp:127.0.0.1:6634 in_port=2,actions=output:1
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
49
Work With OpenFlow
• This will forward packets coming to port 1
to port 2 and vice-versa
• Verify this by checking the flow-table with
– $ dpctl dump-flows tcp:127.0.0.1:6634
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
50
Work With OpenFlow
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
51
Work With OpenFlow
• Run the ping command again in the
mininet console
– mininet> h1 ping -c3 h2
• Did you get replies now
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
52
Work With OpenFlow
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
53
Work With OpenFlow
• Check the flow-table again and look at the
statistics for each flow entry
• Is this what you expected to see based on
the ping traffic
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
54
Activate Wireshark
• Wireshark is useful here to examine the
traffic generated by OpenFlow
• The virtual machine being used for this lab
has Wireshark already installed
• Let’s see how we get it working in this
environment
• We will have to use a new SSH session
using X11 as Wireshark uses a GUI
interface
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
55
Activate Wireshark
• To run an application that uses a GUI X11
is required
• This can be done at either end
• Under Windows, the Xming server must
be running, and you must make an SSH
connection with X11 forwarding enabled
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
56
Activate Wireshark
• First, search the Internet for and download
the Xming server
• Install it
• Start Xming
• Xming will not show any window, but you
can verify that it is running by looking for
its process in Window's task bar
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
57
Activate Wireshark
• Second, make an SSH connection with
X11 forwarding enabled
• If you are using Putty, you can connect to
the lab by entering the VM's IP address for
the 192 address NIC and enabling X11
forwarding
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
58
Activate Wireshark
• To enable X11 forwarding from Putty's
GUI, go to PuttyConnection | SSH | X11,
then click on Enable X11 Forwarding, as
shown in the following screenshot
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
59
Activate Wireshark
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
60
Activate Wireshark
• Or X11 can be added to the VM itself
• To install X11 and a simple window
manager, from the VM console window
enter
– $ sudo apt-get update
– $ sudo apt-get install xinit flwm
• Start an X11 session in the VM console
window by typing
– $ startx
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
61
Activate Wireshark
• Now start Wireshark as a background
process
– $sudo wireshark $
• Click on OK to clear any error messages
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
62
Observe SDN Traffic
• Start a capture in Wireshark using the
loopback interface
• Create and apply a filter for just the
OpenFlow traffic by entering a display filter
in Wireshark using the string
– of
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
63
Load the Controller
• To generate some traffic we will load a
controller as that is the next step anyway
• There are a number of software based or
hardware based controllers that can be
used in an SDN
• In this example we will load the POX
controller
• The developers of this controller say this
about it
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
64
POX Controller
– POX is NOX‘s younger sibling
– At its core, it’s a platform for the rapid
development and prototyping of network
control software using Python
– Meaning, at a very basic level, it’s one of a
growing number of frameworks (including
NOX, Floodlight, Trema, etc., etc.) for helping
you write an OpenFlow controller
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
65
POX Controller
– POX also goes beyond this
– As well as being a framework for interacting
with OpenFlow switches, we’re using it as the
basis for some of our ongoing work to help
build the emerging discipline of Software
Defined Networking
– We’re using it to explore and prototype
distribution, SDN debugging, network
virtualization, controller design, and
programming models
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
66
Load the Controller
• To start POX enter these commands
– $cd pox
– ./pox.py forwarding.l2_learning
• If the command prompt does not appear
after running this command, press enter
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
67
Load the Controller
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
68
Observe SDN Traffic
• Switch back to the Wireshark window to
see the activity as the controller loads
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
69
Observe SDN Traffic
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
70
Summary
• We now have a complete Software
Defined Network whose actions are
defined by OpenFlow
Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com
71