Workshop on Software Defined Networks
Download
Report
Transcript Workshop on Software Defined Networks
Workshop on Software Defined
Networks
Network Programming, Mininet and
Other Tools
Spring 2014
(many) slides stolen from Yotam Harchol and
David Hay (HUJI)
Agenda
• Introduction to mininet
• Introduction to Python
• Networking tools
• Installing mininet and its prerequisites
• Write a simple OpenFlow controller
2
mininet
• MiniNet creates scalable Software-Defined Networks (up to
hundreds of nodes) using OpenFlow, on a single PC
• It allows to quickly create, interact with and customize a
software defined network prototype with complex topologies,
and can be used to emulate real networks – all on your PC
• MiniNet can work with any kind of OpenFlow controller
• It takes seconds to install it
• Easy to program
• Of course, it is an
open source project
3
Python
• Python is a very easy-to-use programming (scripting) language
• Interpreter based language
• We will use it to program the RYU OpenFlow controller
• We begin with a short introduction…
4
Values and Types
• Python is dynamically typed (no need to declare variables, or
their type; parameters have no types)
• Indentation is crucial: there are no { } blocks. Blocks are
determined according to the indentation of the text
• Indentation recommendations:
– Be consistent – always use the same indentation sequence
– Use editor indent support , e.g. auto replace tab with spaces
– Our Convention: 4 spaces
• We use Python 2.7.x, NOT Python 3
• Detailed documentation: http://www.python.org/doc/
• A nice beginners’ book: http://thinkpython.com
5
Python Functions
Defining functions in Python is easy:
Function name
Parameters
Foursay_hello(first_name,
spaces
def
last_name):
full_name = first_name + ' ' + last_name
print 'Hello ' + full_name + '!'
And calling it later:
say_hello('John', 'Doe')
6
Python Classes
Python can be used as an Object-Oriented language
We need this for
mathdefine
functions
Let's
a new
class:
Everything inside
self
is the
new this
the block
is the
class
Constructor
import math
class Point2D:
def __init__(self, x, y):
self.x = x
self.y Class
= y method
self must be expected in every class
def get_distance(self,
method as the p):
first parameter. However,
d = math.sqrt(math.pow(self.x
p.x,
when calling these methods we- do
not 2) +
pass an argument for it- p.y, 2))
math.pow(self.y
return d
To create an instance:
p1 = Point(1, 1)
p2 = Point(2, 2)
print p1.get_distance(p2)
7
Python Classes
We can also inherit other classes:
Defines superclass
# continues from
slide...
(canprevious
be more than
one!)
Call whatever super-constructor
class Point3D(Point2D):
you would like
def __init__(self, x, y, z):
Point2D.__init__(self, x, y)
Overriding
self.z
= z method
def get_distance(self, p):
d = math.sqrt(math.pow(self.x - p.x, 2) +
math.pow(self.y - p.y, 2) +
math.pow(self.z - p.z, 2))
return d
8
Python Decorators
• Decorators are used to twist functions/methods.
def log_on_entry(method):
def _method(self):
print 'on-entry‘,
return method(self)
return _method
A function that get a function
and return a function
class aClass(object):
Used as a decorator
@log_on_entry
for a class method
def a_method(self):
print self, 'a_method is called'
a = aClass()
a.a_method()
Same as:
class aClass(object)
More Reading:
- Python Decorators
- PEP 318 -- decorators for functions and methods
def a_method(self):
print 'a_method is called'
a_method = log_on_entry(a_method)
The output will be:
on-entry <main.aClass object at 0x7fc75eaf4d10> a_method is called.
9
ifconfig
• ifconfig is a unix command-line tool that prints the available
network interfaces of the machine
• Example:
10
TcpDump
• tcpdump is a unix command-line tool for packet sniffing and
capturing
• It is highly customizable and very easy to use
• We will use tcpdump to capture traffic in our mininet
network, in order to verify that things work as expected
• Example:
11
WireShark
• WireShark is a GUI software that provides
capabilities that are similar to tcpdump
• It allows easy filtering of packets, TCP stream
grouping, and more advanced features
12
Ping
• ping sends ICMP echo request and waits for response
• Useful for quickly testing your network
• Example:
13
hping3
• hping (or hping3) is a command-line tool for generating traffic
• It can also modify and spoof layers 3/4 header fields
• Example:
hping3 is not installed by default on the mininet VM. You should install it using the command:
14
sudo apt-get install hping3
Scapy
• Scapy is a python package for packet
manipulation
• It can be used to manually create packets with
customized L2-L7 data
• Packets can be sent to network or stored in a
PCAP file
• http://www.secdev.org/projects/scapy/
15
SSH (Secure Shell)
• ssh is a tool for secure shell connection between unix
machines
• Native in Linux
• In windows can be found in Cygwin project or use PUTTY
• We will use ssh to connect to the mininet machine and work
with it
• Example:
16
SCP (Secure Copy)
• scp uses ssh to securely transfer files between hosts
• We can use scp to transfer files to/from the mininet machine
• In windows we have WinSCP
• Example:
17
Environment Structure
Hosting System - Linux
Network Simulator - Mininet
RYU
controller:
OpenFlow
Software Switch
imp.
Open vSwitch
import
switches:
Binaries (e.g. wget,
tcpdump)
import
Hosts:
18
NOX
Environment Illustration
???
Hosting Machine / OS - Any
VM player aplication - VirtualBox
Virtual Machine (VM)
Hosting System - Linux
Shared folder
???
Network Simulator
Mininet
NOX
19
Xming
Setup
• Install VirtualBox
– available for Windows, Linux and Mac
– Or use existing Linux machine
• follow the instructions for parts 1 through 4 of the OpenFlow Tutorial
• With a few exceptions and additions:
– Use MiniNet OVA image from here:
http://www.cs.princeton.edu/courses/archive/fall13/cos597E/assignments/tester.ova
– When adding a new network adapter (in Settings>Network>Adapter2)
Make sure that you select "Cable Connected" under "Advanced“.
– You might need to disable windows firewall for the host-only adapter
(e.g. adapter name “VirtualBox Host-Only Network”).
– You can share a folder from you PC inside the VM (instead of copying
files).
20
Connecting to the MiniNet VM
• Start mininet VM (and the management VM if applicable)
• In the mininet VM, login using the user/pass
mininet/mininet, then run ifconfig to find the IP address of
the mininet machine
• In the linux machine, open a Terminal window (in Mac, open
Xterm or XQuartz)
• ssh to the mininet machine with X forwarding:
ssh -YX mininet@<IP Address>
when prompted for password, type: mininet
– You can later setup public key exchange to avoid typing password each login
• You are connected!
21
Share a folder with VM
• From virtual box:
– Set CDROM from image:
"%ProgramFiles%\Oracle\VirtualBox\VBoxGuestAdditions.iso“
– set shared shared folder (e.g. sdn_code)
• From VM console:
– mount -t iso9660 -o ro /dev/cdrom1 /media/cdrom
– cd /media/cdrom
– sudo sh ./VBoxLinuxAdditions.run
– sudo mount -t vboxsf sdn_code /mnt
22
Run MiniNet
• Now that you are connected to the mininet machine, you can
start the simulation:
– Type:
sudo mn -c
sudo mn --topo single,3 --mac --switch ovsk
This will run mininet with the default controller (NOX),
a single Open vSwitch switch and three hosts that are connected to it
– In the mininet console, type:
xterm h1 h2 h3
This will open three terminal windows, each one for a different host
– In the window of host h1, type:
tcpdump -XX -i h1-eth0
– In the window of host h2, type:
ping –c 4 10.0.0.1
– You are supposed to see the relevant ARP and ICMP packets in h1
terminal
23
Running mininet with External Controllers
• Mininet can also work with a controller that runs somewhere
else in the network, or just outside the VM
• There are many choices for OpenFlow controllers, such as
NOX (C++), POX and RYU (Python), FloodLight (Java), and
more
• To use mininet with such a controller, just specify its IP and
port when starting mininet:
sudo mn -c
sudo mn --topo single,3 --mac --switch ovsk \
--controller remote \
--ip=<controller ip> \
--port=<openFlowPort (6633 by default)>
• If the remote controller is located on the same machine, there
is no need to specify the IP address
24
Running mininet from python
from mininet.net import Mininet
…
def scratchNet( cname='controller', cargs='-v ptcp:' ):
info( "*** Creating nodes\n" )
controller = Node( 'c0', inNamespace=False )
switch = Node( 's0', inNamespace=False )
h0 = Node( 'h0' )
h1 = Node( 'h1' )
info( "*** Creating links\n" )
Link( h0, switch )
Link( h1, switch )
info( "*** Configuring hosts\n" )
h0.setIP( '192.168.123.1/24' )
h1.setIP( '192.168.123.2/24' )
…
h0.cmdPrint( 'ping -c1 ' + h1.IP() )
25
…
if __name__ == '__main__':
info( '*** Scratch network demo (kernel datapath)\n' )
Mininet.init()
scratchNet()
RYU
• We will use the RYU controller as it cross-platform and
supports the advanced OpenFlow1.3 features.
• RYU is available in a Mininet VM
• RYU is written in Python
26
A Simple OpenFlow Controller
• We will now write our own controller logic, as a Python class
that will be loaded by RYU instead of its own native code
• At first, OpenFlow switches have nothing in their flow tables
– Unless the controller does something, switches will ask it what to do
every time they receive a packet
– With no controller (or non-responsive controller as we begin with),
they will not forward packets at all
• Let's start with a very simple controller, that makes switches
to behave as simple hubs…
27
A Simple OpenFlow Controller
Host 1
MAC:
…00-00-01
From:
…00-00-03
To:
…00-00-02
From:
…00-00-03
To:
…00-00-02
Host 3
MAC:
…00-00-03
From:
…00-00-03
To:
…00-00-02
Switch 1
Port 4
From:
…00-00-03
To:
…00-00-02
Hub Behavior
28
MAC:
…00-00-02
Port 2
Port 1
Port 3
Host 2
Host 4
MAC:
…00-00-04
Write a Simple OpenFlow Controller
• To make the behavior of a hub, once receiving a packet from a
switch, the controller should tell the switch to simply flood
the packet
• It can also teach the switch to flood packets forever
OpenFlow
Controller
Host 1
MAC:
…00-00-01
From:
…00-00-03
OpenFlow
To: Packet
…00-00-02
buffer_id=1
out_port =
FLOOD
From:
…00-00-03
OpenFlow
To:
Packet
…00-00-02
Host 3
29
MAC:
…00-00-03
From:
…00-00-03
To:
…00-00-02
MAC:
…00-00-02
buffer_id=1
in_port = 3
Port 2
Port 1
Port 3
Host 2
Switch 1
Port 4
From:
…00-00-03
To:
…00-00-02
Host 4
MAC:
…00-00-04
A Simple OpenFlow Controller
30
Helpful Materials
• OpenFlow specifications (we work with 1.3)
• RYU documentation
• Mininet API reference and examples
• This presentation (temporary):
http://www.cs.tau.ac.il/~schiffli/sdn/
31
Projects
• Router
– Create a network router over OpenFlow devices in a large
dynamic network with sub-nets and VLANs.
• Load-balancer
– Implement a dynamic load balancer according to current
traffic status. An advanced feature might be to turn on\off
server Virtual Machines when traffic is very high/low
(requires interaction with the virtualization platform)
• Firewall
– Implement a stateful firewall with a configurable policy. It
should be able to enforce policy even when a host
changed its position in the network.
32
• Manage multicast traffic
– Build a controller over OF switches to enable a
reliable robust and efficient multicast video streaming
across the network. The network contains: video
streamer servers and clients. The controller should
route the efficiently the video stream from the
servers to the clients. The controller should be able to
new servers, duplicate servers (servers providing the
same data), new clients, server failures etc.
• Distributed controller
– Implement a framework to support splitting a
controller app to several control servers allowing to
load balance control traffic and backups for the
controller.
33
• Hierarchical controller
– Implement a controller library that allow to
encapsulate a sub-network as a single SDN switch
and control it with higher level controller.
• Fault tolerant SDN
– Implement a controller app that allow to transmit
messages from any node to any node as long as
there is connectivity. The mechanisim should work
without intervation of the controller during the
failure but allows the conroller to optimise the
network.
34
Coming soon
• Workshop forum (in English!)
35
• Questions?
36