APNIC SDN Workshop Lab

1

©APNIC Created: 4 Sept 2017 Updated: 20 July 2019

OpenFlow Configuration Lab

Objective: As part of this hands-on module, you will configure a standalone OpenFlow network using Mininet and analyse the flow entries created by the inbuilt controller. Next, you will configure the Mininet network to use an external OpenDayLight (ODL) controller - observe the exchange of OF messages between the contoller and the virtual switches, along with new flows being added into the flow table. The following base topology will be used for Part-1. Note that the IP addresses are examples only. When working on your lab, use the actual IP addresses of your VMs (or as indicated by your instructors). For the purpose of this guide, we use the IP address of 192.168.1.X to refer to the Mininet VM.

Monday, July 22, 2019

2

For Part-2 and Part-3, the following topology will be used. For the purpose of this guide, we use the IP address of `192.168.1.X` to refer to the Mininet VM and the IP address of `192.168.1.Y` to refer to the OpenDayLight VM.

Lab Notes As a minimum, we recommend the following hardware specifications:

• Intel i5 or i7 processor • 6GB of RAM • 25GB of free hard disk space

Basic steps:

1. Install VirtualBox 2. Install Wireshark 3. Import and configure Mininet VM to VirtualBox 4. Build and test a simple standalone Mininet network 5. Import ODL VM to VirtualBox 6. Build and test a simple Mininet network using an external ODL controller.

APNIC SDN Workshop Lab

3

©APNIC Created: 4 Sept 2017 Updated: 20 July 2019

Lab Exercise

Part - I 1. Install VirtualBox

Installation steps: • Either, download the appropriate install package for your operating system from:

https://www.virtualbox.org/wiki/Downloads, OR

• Use the supplied installer to install using default parameters.

2. Install Wireshark

Installation steps: • Either, download the appropriate install package for your operating system from:

https://www.wireshark.org/download.html OR

• Use the supplied installer to install using default parameters.

3. Import (and configure) Mininet VM on VirtualBox

• Download Mininet VM Mininet VM images are available at: https://github.com/mininet/mininet/wiki/Mininet-VM-Images In order to save time, your instructor will provide you a mininet OVA virtual appliance locally to create an Ubuntu virtual machine on VirtualBox. Simply double-click the file mininet.ova to import it into VirtualBox. Ensure that you select the option to re-initialise all MAC addresses Or Generate MAC addresses for all network adapters

• Network settings of the Mininet VM Within VirtualBox, go into the Settings for the VM and ensure that the first network adapter is attached to ‘Bridged Adapter’ as shown below (the interface name depends on your host OS; the following is an example on OS X):

Monday, July 22, 2019

4

• Start the Mininet VM from VirtualBox Log in using the following credentials:

Username: mininet Password: mininet

• Check the IP address configuration of the Mininet VM: mininet@mininet-vm:~$ ip addr show Verify that the interface eth0 has been assigned an address from the same range as your host machine (LAN) interface.

• SSH to the Mininet virtual machine:

ssh mininet@192.168.1.X

APNIC SDN Workshop Lab

5

©APNIC Created: 4 Sept 2017 Updated: 20 July 2019

4. Build a standalone Mininet network

• Create a simple network on the Mininet VM: mininet@mininet-vm:~$ sudo mn --mac --controller="none" The above command creates a network with:   1 switch, s1   2 hosts, h1 and h2   h1 eth0 connected to s1 eth0   h2 eth0 connected to s1 eth1   no OpenFlow controller

The above command will put you into the Mininet shell: mininet>

• Try the following commands in the Mininet CLI to get an understanding of the network:

mininet> nodes mininet> net mininet> dump

• Attempt pings between the hosts mininet> h1 ping h2 mininet> h2 ping h1 Do the pings succeed? Why?

• Check the flow table of the switch:

mininet> dpctl dump-flows Can you explain what you see?

h2h1

s1eth0

eth0 eth1

eth0

Monday, July 22, 2019

6

• Exit the Mininet CLI: mininet> exit

• Create another simple network on the Mininet VM but this time use the default controller. mininet@mininet-vm:~$ sudo mn --mac The above command creates a network with:   1 switch, s1   2 hosts, h1 and h2   h1 eth0 connected to s1 eth0   h2 eth0 connected to s1 eth1   the default OpenFlow controller for Mininet

The above command will put you back into the Mininet shell: mininet>

• Try the following commands in the Mininet CLI to get an understanding of the network:

mininet> nodes mininet> net mininet> dump

• Check the flow table of the switch:

mininet> dpctl dump-flows Can you explain what you see?

h2h1

s1eth0

eth0 eth1

eth0

Controller, c0

APNIC SDN Workshop Lab

7

©APNIC Created: 4 Sept 2017 Updated: 20 July 2019

• Attempt pings between the hosts

mininet> h1 ping h2 mininet> h2 ping h1 Do the pings succeed? Why?

• Check the flow table of the switch again:

mininet> dpctl dump-flows What do you see now? Analyse the entries in the table.

• Wait for the flows to timeout (until the output of the following command is again empty)

mininet> dpctl dump-flows

• Enable snooping to see the OF message flow between the switch and controller.

mininet> dpctl snoop &

• Wait for the flows to timeout (until the output of the following command is again empty)

mininet> dpctl dump-flows

• Check the flow table again.

mininet> dpctl dump-flows What do you see now?

• Ping between the hosts again

mininet> h1 ping h2 mininet> h2 ping h1

• Check the flow table now. mininet> dpctl dump-flows What do you see now?

• Exit from the Mininet CLI:

mininet> exit

Monday, July 22, 2019

8

Part - II

1. Install and configure OpenDayLight on Ubuntu VM In order to save time, your instructor will provide you a ubuntu.ova virtual appliance which has precompiled ODL.

Simply double-click the file ubuntu.ova and import it into VirtualBox. Ensure that you select the option to re-initialise all MAC addresses Or Generate MAC addresses for all network adapters

• Verify the network settings of the ubuntu (ODL) VM

Within VirtualBox, go into the Settings for the VM and ensure that the first network adapter is attached to ‘Bridged Adapter’ as shown below (the interface name depends on your host OS; the following is an example on OS X):

Adapter 1:

• Start the Ubuntu-ODL VM and login with the following credentials: Username: apnic Password: apnic

• Check the IP address of the server:

apnic@ubuntu:~$ ip addr show

Verify that the interface enp0s3 has been assigned an address from the same range as your host machine (LAN) interface.

• SSH into the Ubuntu-ODL VM:

ssh apnic@192.168.1.Y

APNIC SDN Workshop Lab

9

©APNIC Created: 4 Sept 2017 Updated: 20 July 2019

** Note that OpenDayLight uses Apache Karaf technology (http://karaf.apache.org/) which allows the entire distribution to be contained in a single folder.

• Run OpenDaylight: apnic@ubuntu:~$ cd karaf-0.8.4

apnic@ubuntu:~$ ./bin/karaf

The above command will take you to the OpenDayLight shell as shown below:

• Open the OpenDayLight GUI. Browse to the following URL on any browser (use your IP address in place of Y):

http://192.168.1.Y:8181/index.html

Monday, July 22, 2019

10

Login using the following credentials: Username: admin Password: admin

• To log out of OpenDaylight (for your information only):

opendaylight-user@root> system:shutdown

2. Build a Mininet network using the OpenDaylight OpenFlow controller For this part of the lab, you will need to work with a partner to capture packets/messages exchanged between the ODL controller and the mininet switch. One of you will use your Mininet setup while the other will use their ODL setup - connect a Mininet network running on one machine to an ODL controller running on another physical machine.

Installation and configuration steps: • Start Wireshark and select interface corresponding to your LAN or WiFi interface to capture

• Create a display filter within Wireshark for openflow_v4 • Create a simple network on the Mininet VM that connects to the ODL controller (replace Y

with the controller VM address): mininet@mininet-vm:~$ sudo mn --mac

--controller=remote,ip=192.168.1.Y,port=6633 --switch ovs,protocols=OpenFlow13

APNIC SDN Workshop Lab

11

©APNIC Created: 4 Sept 2017 Updated: 20 July 2019

The above command creates a network with: o 1 switch, s1 o 2 hosts, h1 and h2 o h1 eth0 connected to s1 eth0 o h2 eth0 connected to s1 eth1 o Remote OpenFlow controller @192.168.1.Y

The above command will put you into the mininet CLI: mininet>

• Check the flow table of the switch:

mininet> dpctl dump-flows --protocols=OpenFlow13 Can you explain what you see? • Open the OpenDayLight GUI to view the topology

http://192.168.1.Y:8181/index.html (use your IP address in place of Y)

• At this point, stop the Wireshark capture and analyse the OpenFlow messages that have

been sniffed. In particular, attempt to relate the FLOW_MOD messages with the contents of the flow table that you displayed earlier (refer the slides where necessary).

• Re-start the Wireshark capture.

• Attempt pinging between h1 and h2

mininet> h1 ping h2

Do the pings succeed? Why?

h2h1

s1eth0

eth0 eth1

eth0

OpenDaylightcontroller, c0

Attendee2

Attendee1

Monday, July 22, 2019

12

• Check the flow table of the switch again:

mininet> dpctl dump-flows --protocols=OpenFlow13

What do you see now? Analyse the entries in the table.

• Open up OpenDayLight GUI again:

http://192.168.1.Y:8181/index.html

Reload the topology. Has anything changed?

• At this point, stop the Wireshark capture and analyse the OpenFlow messages that have

been sniffed. In particular, pay attention to the Packet-In and Flow_Mod messages.

• Exit from the Mininet CLI:

mininet> exit • If time permits, repeat the above steps for the following topologies:

sudo mn --mac --topo=tree,3 --controller=remote,ip=192.168.1.Y,port=6633 --switch ovs,protocols=OpenFlow13

sudo mn --mac --topo=linear,4 --controller=remote,ip=192.168.1.Y,port=6633 --switch ovs,protocols=OpenFlow13

Part – III

1. Add/Delete/Modify flow entries using the OpenFlow Manager in ODL

• Start a new topology in mininet:

mininet@mininet-vm:~$ sudo mn --mac --controller=remote,ip=192.168.1.Y,port=6633 --topo single,3 --switch ovs,protocols=OpenFlow13

The above command creates a network with: 1 switch, s1 3 hosts, h1-h3 Remote OpenFlow controller 192.168.1.Y

APNIC SDN Workshop Lab

13

©APNIC Created: 4 Sept 2017 Updated: 20 July 2019

• Attempt to ping each of the hosts. mininet> pingall

• Open the OpenDayLight GUI to check the topology

http://192.168.1.Y:8181/index.html (use your IP address in place of Y)

  Click Topology on the left side navigation menu, the click the Reload button You should see the topology with 3 hosts connected to 1 switch

• Without closing the ODL controller, open a new Terminal window on ubuntu machine and start the OpenFlow Manager (which has been preinstalled to save time)

apnic@ubuntu:~$ cd OpenDaylight-Openflow-App

  Before we start the OpenFlow Manager, using your favourite editor, we need to configure the controller base URL (assign the IP address of your controller) in the env.module.js file located in directory ofm/src/common/config as shown below:

apnic@ubuntu:~/OpenDaylight-Openflow-App$ sudo vi ofm/src/common/config/env.module.js

  set the baseURL from localhost to your controller IP address (for controller port, ODL

username and ODL password the default values match)

[baseURL: "http://localhost:”] to [baseURL: "http://192.168.1.Y:”]

Monday, July 22, 2019

14

• Now start the OpenFlow Manager:

apnic@ubuntu:~/OpenDaylight-Openflow-App$ sudo grunt If you want to stop grunt, simply press Ctrl+C.

• Open the OpenFlow Manager GUI from the browser

http://192.168.1.Y:9000

  Note that OpenFlow Manager is connected to ODL as shown below:

Source: https://github.com/CiscoDevNet/OpenDaylight-Openflow-App

• Tick the 'Show host devices' box. You can see the same topology.

APNIC SDN Workshop Lab

15

©APNIC Created: 4 Sept 2017 Updated: 20 July 2019

• Click on Flow Management link on top to see the flow entries:

• Click on the 'View' icon, to see details of the flow entry. Once finished, click 'Back' to return to the list of flow entries.

Monday, July 22, 2019

16

• Compare the flows seen on the OFM dashboard with the flow entries on Mininet: dpctl dump-flow --protocols=OpenFlow13

2. Create and Add flows from OpenFlow manager to the OF switch

• Let us create and add a flow entry from the OFM, that drops any packet from the host h1 to h2

  Click the window for managing flows:

• From the dropdown button under Device, select the right OpenFlow switch (openflow:1). It shows the properties related to the switch.

APNIC SDN Workshop Lab

17

©APNIC Created: 4 Sept 2017 Updated: 20 July 2019

• In General properties, input appropriate data (example below):

Table 0 ID 102 Priority 30

• From the General properties area on the left panel, click the button next to Cookie to add a value for cookie (example below):

Cookie 0x102

Monday, July 22, 2019

18

• Add the Source MAC and Destination MAC from the Match area (h1 and h2’s MAC given below)

Source MAC 00:00:00:00:00:01 Destination MAC 00:00:00:00:00:02

• From the Actions area on the left panel, add the action Drop. Notice that the action has been added to the properties on the right.

APNIC SDN Workshop Lab

19

©APNIC Created: 4 Sept 2017 Updated: 20 July 2019

• Click Show preview . You can click the cross at the top right to close the preview.

• Click Send request. You should notice that there is 1 in Success.

Monday, July 22, 2019

20

• Click Back to return to Flow table page and reload.

  Note that when you click the reload button, the flow will be applied on the device. Under the

Operational column, you can see that it is “ON DEVICE”

• Look at the flow entries on Mininet (look for the flow with cookie 0x102 which was defined in the previous steps).

mininet> dpctl dump-flows --protocols=OpenFlow13

• Check reachability between devices. mininet> h1 ping h2 -c4 mininet> h1 ping h3 -c4 mininet> h2 ping h2 -c4

• The results of the ping checks should be as follows (traffic from h1 to h2 should dropped). h1 ping h2 failed h1 ping h3 succeeded h2 ping h3 succeeded

• This is the end of the lab