Fabrizio Granelli fabrizio.granelli@unitn.it

SDN LABORATORY

Downloads for SDN Lab

¨ Download the VMs fromhttps://github.com/mininet/openflow-tutorial/wiki/Installing-Required-Software

¨ Verify software requirements:

Refer to https://github.com/mininet/openflow-tutorial/wiki/Home for more details

OS Type OS VersionVirtualization Software

X Server Terminal

Windows 7+ VirtualBox Xming PuTTY

Windows XP VirtualBox Xming PuTTY

MacOS X 10.7-10.9 Lion/Mountain Lion/ Mavericks

VirtualBoxdownload and install XQuartz

Terminal.app (built in)

Linux Ubuntu 10.04+ VirtualBoxX server already installed

gnome terminal + SSH built in

OpenFlowbuildingblocks

ControllerNOX

SlicingSoftwareFlowVisorExpedient

3

ControllerApplicationsLAVIENVI(GUI) Aggregationn-Casting

NetFPGASoftwareRef.Switch

BroadcomRef.Switch

OpenWRT PCEngineWiFiAP

CommercialSwitches StanfordProvided

OpenFlowSwitches

SNAC

StanfordProvided

Monitoring/debuggingtoolsoflopsoftrace openseer

OpenVSwitch

HP,NEC,Pronto,Juniper..andmany

more

Beacon Helios Maestro

Trend

ComputerIndustry NetworkIndustry

Openinterfacetohardware

Manyoperatingsystems,orManyversions

Openinterfacetohardware

Isolated“slices”

5

SwitchBasedVirtualizationExists for NEC, HP switches but not flexible enough

NormalL2/L3Processing

Flow Table

Production VLANs

Research VLAN 1

Controller

Research VLAN 2

Flow Table

Controller

6

FlowVisor-basedVirtualization

OpenFlow Switch

OpenFlowProtocol

OpenFlow FlowVisor & Policy Control

Fabrizio’sController

Bob’sControllerAlice’s

Controller

OpenFlowProtocol

OpenFlow Switch

OpenFlow Switch

7

Topologydiscoveryisperslice

OpenFlowProtocol

OpenFlowFlowVisor & Policy Control

Broadcast Multicast

OpenFlowProtocol

httpLoad-balancer

FlowVisor-basedVirtualization

OpenFlow Switch

OpenFlow Switch

OpenFlow Switch

8

SeparationnotonlybyVLANs,butanyL1-L4pattern

dl_dst=FFFFFFFFFFFF tp_src=80, ortp_dst=80

FlowSpace:MapsPacketstoSlices

FlowVisorMessageHandling

OpenFlowFirmware

DataPath

AliceController

BobController

CathyController

FlowVisorOpenFlow

OpenFlow

Packet

Exception

PolicyCheck:Isthisruleallowed?

PolicyCheck:Whocontrolsthispacket?

FullLineRateForwarding

Rule

Packet

Introduction to Mininet

¨ Mininet¤ A network emulator which creates realistic virtual network

¤ Runs real kernel, switch and application code on a single machine

¤ Provides both Command Line Interface (CLI) and Application Programming Interface (API)n CLI: interactive commanding

n API: automation

¤ Abstractionn Host: emulated as an OS level process

n Switch: emulated by using software-based switchn E.g., Open vSwitch, SoftSwitch

Mininet Installation (1/2)

¨ Mininet VM Installation¤ The easiest and most fool-proof way of installing Mininet

¤ Proceduresn Download the Mininet pre-installed VM image

n Download and install one of the hypervisors (e.g., VirtualBox, Qemu, VMware Workstation, VMware Fusion, or KVM)

n Import VM image into selected hypervisor

¨ Native Installation from Source¤ Recommended OS: Ubuntu 11.10 and later

¤ Proceduresn Download source from github

n Full installation: Mininet + Open vSwtich + wireshark + etc.

n Minimum installation: + Mininet + Open vSwitch

$ git clone git://github.com/mininet/mininet

$ mininet/util/install.sh -a $ mininet/util/install.sh -fnv

Mininet Installation (2/2)

¨ Native Installation from Package¤ Recommended OS: Ubuntu 12.04 and later¤ Procedures

n Remove all previously installed Mininet and Open vSwitch

n Install Mininet package according to your Ubuntu version (choose one of them!)

n Deactive OpenvSwitch controller if it is running

n You can also install additional software from mininet source

$ sudo rm -rf /usr/local/bin/mn /usr/local/bin/mnexec \/usr/local/lib/python*/*/*mininet* \/usr/local/bin/ovs-* /usr/local/sbin/ovs-*

$ sudo apt-get install mininet$ sudo apt-get install mininet/quantal-backports$ sudo apt-get install mininet/precise-backports

Ubuntu 13.04Ubuntu 12.10Ubuntu 12.04

$ sudo service openvswitch-controller stop$ sudo update-rc.d openvswitch-controller disable

$ git clone git://github.com/mininet/mininet$ mininet/util/install.sh -fw

Mininet Tutorial (1/7)

¨ Mininet Command Line Interface Usage¤ Interact with hosts and switches

n Start a minimal topology

n Start a minimal topology using a remote controller

n Start a custom topology

n Display nodes

n Display links

n Dump information about all nodes

$ sudo mn

mininet> nodes

mininet> net

mininet> dump

$ sudo mn --controller=remote,ip=[IP_ADDDR],port=[listening port]

$ sudo mn --custom [topo_script_path] --topo=[topo_name]

Mininet Tutorial (2/7)

¨ Mininet Command Line Interface Usage¤ Interact with hosts and switches

n Check the IP address of a certain node

n Print the process list from a host process

¤ Test connectivity between hostsn Verify the connectivity by pinging from host0 to host1

n Verify the connectivity between all hosts

mininet> h1 ifconfig -a

mininet> h1 ps -a

mininet> h1 ping -c 1 h2

mininet> pingall

Mininet Tutorial (3/7)

¨ Mininet Command Line Interface Usage¤ Run a regression test

n Traffic receive preparation

n Traffic generation from client

¤ Link variations

¤ Python Interpretern Print accessible local variables

n Execute a method through invoking mininet API

$ sudo mn -link tc,bw=[bandwidth],delay=[delay_in_millisecond]

mininet> iperf -s -u -p [port_num] &

mininet> iperf -c [IP] -u -t [duration] -b [bandwidth] -p [port_num] &

$ py locals()

$ py [mininet_name_space].[method]

Mininet Tutorial (4/7)

¨ Mininet Application Programming Interface Usage¤ Low-level API: nodes and links

n mininet.node.Noden A virtual network node, which is a simply in a network namespace

n mininet.link.Linkn A basic link, which is represented as a pair of nodes

Class Method Description

Node

MAC/setMAC Return/Assign MAC address of a node or specific interface

IP/setIP Return/Assign IP address of a node or specific interface

cmd Send a command, wait for output, and return it

terminate Send kill signal to Node and clean up after it

Link Link Create a link to another node, make two new interfaces

h1 = Host( 'h1' )h2 = Host( 'h2' )s1 = OVSSwitch( 's1', inNamespace=False )c0 = Controller( 'c0', inNamespace=False )Link( h1, s1 )Link( h2, s1 )h1.setIP( '10.1/8' )h2.setIP( '10.2/8' )

c0.start()s1.start( [ c0 ] )print h1.cmd( 'ping -c1', h2.IP() )s1.stop()c0.stop()

Mininet Tutorial (5/7)

¨ Mininet Application Programming Interface Usage¤ Middle-level API: network object

n mininet.net.Mininetn Network emulation with hosts spawned in network namespaces

Class Method Description

Net

addHost Add a host to network

addSwitch Add a switch to network

addLink Link two nodes into together

addController Add a controller to network

getNodeByName Return node(s) with given name(s)

start Start controller and switches

stop Stop the controller, switches and hosts

ping Ping between all specified hosts and return all data

net = Mininet()h1 = net.addHost( 'h1' )h2 = net.addHost( 'h2' )s1 = net.addSwitch( 's1' )c0 = net.addController( 'c0' )net.addLink( h1, s1 )net.addLink( h2, s1 )

net.start()print h1.cmd( 'ping -c1', h2.IP() )CLI( net )net.stop()

Mininet Tutorial (6/7)

¨ Mininet Application Programming Interface Usage¤ High-level API: topology templates

n mininet.topo.Topon Data center network representation for structured multi-trees

Class Method Description

Topo

Methods similar to net E.g., addHost, addSwitch, addLink,

addNode Add node to graph

addPort Generate port mapping for new edge

switches Return all switches

Hosts/nodes/switches/links Return all hosts

isSwitch Return true if node is a switch, return false otherwise

class SingleSwitchTopo( Topo ):"Single Switch Topology"def build( self, count=1):

hosts = [ self.addHost( 'h%d' % i )for i in range( 1, count + 1 ) ]

s1 = self.addSwitch( 's1' )for h in hosts:

self.addLink( h, s1 )

net = Mininet( topo=SingleSwitchTopo( 3 ) )net.start()CLI( net )net.stop()

Mininet Tutorial (7/7)

¨ Mininet Application Programming Interface Usage¤ Customized topology# cat custom.py

LEN_DPID = 16from mininet.topo import Topoclass MyTopo( Topo ):

def name_dpid( self, index ):dpid = '%02d' % ( index )zeros = '0' * ( LEN_DPID - len( dpid ) )name = 's%02d' % ( index )return { 'name':name, 'dpid':zeros + dpid }

def build( self, count=1):hosts = [ self.addHost( 'h%d' % i )

for i in range( 1, count + 1 ) ]s1 = self.addSwitch( **self.name_dpid(1) )for h in hosts:

self.addLink( h, s1 )

topos = { 'mytopo': MyTopo }

# mn --custom custom.py --topo mytopo,3*** Creating network*** Adding controller*** Adding hosts:h1 h2 h3

More examples can be found here:https://github.com/mininet/mininet/tree/master/examples

Two Flow Insertion Methods

¨ Reactive Flow Insertion¤ A non-matched packet reaches an OpenFlow switch, it is sent to the

controller, based on the packet an appropriate flow is inserted

¨ Proactive Flow Insertion¤ Flow can be inserted proactively by the controller in switches before packet

arrive

OpenFlowController

host1 host2switch1 (reactive) switch2 (proactive)

acquireroute

insertflow

SRC DST ACT …SRC DST ACT …

h1 h2 p1

SRC DST ACT …

h1 h2 p1

Mininet OpenFlow tutorial

¨ Download the VMs fromhttps://github.com/mininet/openflow-tutorial/wiki/Installing-Required-Software

¨ Verify software requirements:

Refer to https://github.com/mininet/openflow-tutorial/wiki/Home for more details

OS Type OS VersionVirtualization Software

X Server Terminal

Windows 7+ VirtualBox Xming PuTTY

Windows XP VirtualBox Xming PuTTY

MacOS X 10.7-10.9 Lion/Mountain Lion/ Mavericks

VirtualBoxdownload and install XQuartz

Terminal.app (built in)

Linux Ubuntu 10.04+ VirtualBoxX server already installed

gnome terminal + SSH built in

Mininet VM Setup

¨ Once you have downloaded the .ovf image,¤ Start up VirtualBox, then select File>Import Appliance

and select the .ovf image that you downloaded.

¨ You may also be able to simply double-click the .ovf file to open it up in your installed virtualizationprogram.¤ Next, press the "Import" button.

¨ This step will take a while - the unpacked image isabout 3 GB.

Setting up the VM for ssh access

¨ If you are running VirtualBox, you should make sure your VM hastwo network interfaces. One should be a NAT interface that it can use to access the Internet, and the other should be a host-onlyinterface to enable it to communicate with the host machine. For example, your NAT interface could be eth0 and have a 10.x IP address, and your host-only interface could be eth1 and have a 192.168.x IP address. You should ssh into the host-only interface atits associated IP address. Both interfaces should be configured usingDHCP.

¨ From the virtual machine console, log in to the VM, then enter:

¨ You should see three interfaces(eth0, eth1, lo), Both eth0 and eth1 should have IP address assigned. If this is not the case, type

¨ For the access to the VM:

$ ifconfig -a

$ sudo dhclient ethX

$ ssh -X [user]@[Guest IP Here]

Alternative: using the VM GUI

¨ Log in to the VM console window, and type:

¨ At this point, you should be able to start an X11 session in the VM console window by typing:

$ sudo apt-get update && sudo apt-get install xinit lxdevirtualbox-guest-dkms

$ startx

Development Tools

¨ OpenFlow Controller: sits above the OpenFlow interface. The OpenFlow referencedistribution includes a controller that acts as an Ethernet learning switch in combination with an OpenFlow switch. You'll run it and look at messages being sent. Then, in the next section, you'll write our own controller on top of NOX or Beacon (platforms for writing controller applications).

¨ OpenFlow Switch: sits below the OpenFlow interface. The OpenFlow referencedistribution includes a user-space software switch. Open vSwitch is another software but kernel-based switch, while there is a number of hardware switches availablefrom Broadcom (Stanford Indigo release), HP, NEC, and others.

¨ ovs-ofctl: command-line utility that sends quick OpenFlow messages, useful for viewing switch port and flow stats or manually inserting flow entries.

¨ Wireshark: general (non-OF-specific) graphical utility for viewing packets. The OpenFlow reference distribution includes a Wireshark dissector, which parsesOpenFlow messages sent to the OpenFlow default port (6633) in a convenientlyreadable way.

¨ iperf: general command-line utility for testing the speed of a single TCP connection.¨ Mininet: network emulation platform. Mininet creates a virtual OpenFlow network -

controller, switches, hosts, and links - on a single real or virtual machine. More Mininet details can be found at the Mininet web page.

¨ cbench: utility for testing the flow setup rate of OpenFlow controllers.

Start a simple network

$ sudo mn --topo single,3 --mac --switch ovsk --controller remote

What did we do?

¨ Created 3 virtual hosts, each with a separate IP address.

¨ Created a single OpenFlow software switch in the kernel with 3 ports.

¨ Connected each virtual host to the switch with a virtualethernet cable.

¨ Set the MAC address of each host equal to its IP.¨ Configure the OpenFlow switch to connect to a remote

controller.

$ sudo mn --topo single,3 --mac --switch ovsk --controller remote

Some relevant mininet commands

¨ To see the list of nodes available, in the Mininet console, run:

¨ To see a list of available commands, in the Mininet console, run:

¨ To run a single command on a node, prepend the command with the nameof the node. For example, to check the IP of a virtual host, in the Mininetconsole, run:

¨ The alternative - better for running interactive commands and watchingdebug output - is to spawn an xterm for one or more virtual hosts. In the Mininet console, run:

¨ If Mininet is not working correctly (or has crashed and needs to be restarted), first quit Mininet if necessary (using the exit command, or control-D), and then try clearing any residual state or processes using:

mininet> nodes

mininet> h1 ifconfig

mininet> help

mininet> xterm h1 h2

$ sudo mn -c

ovs-ofctl example usage

¨ Create another terminal window:

¨ The show command connects to the switch and dumps out its port state and capabilities.

¨ Here's a more useful command:

¨ Since we haven't started any controller yet, the flow-table should be empty.

$ sudo ovs-ofctl show s1

$ sudo ovs-ofctl dump-flows s1

Ping test

¨ Now, go back to the mininet console and try to ping h2 from h1. In the Mininet console:

¨ Note that the name of host h2 is automatically replacedwhen running commands in the Mininet console with its IP address (10.0.0.2).

¨ Do you get any replies? Why? Why not?As you sawbefore, switch flow table is empty.

¨ Besides that, there is no controller connected to the switch and therefore the switch doesn't know what to do with incoming traffic, leading to ping failure.

mininet> h1 ping -c3 h2

Ping test – manual config

¨ You'll use ovs-ofctl to manually install the necessaryflows. In your SSH terminal:

¨ This will forward packets coming at port 1 to port 2 and vice-versa. Verify by checking the flow-table:

¨ Run the ping command again. In your mininet console:

¨ Do you get replies now? Check the flow-table againand look the statistics for each flow entry. Is this whatyou expected to see based on the ping traffic?

# sudo ovs-ofctl add-flow s1 in_port=1,actions=output:2# sudo ovs-ofctl add-flow s1 in_port=2,actions=output:1

# ovs-ofctl dump-flows s1

mininet> h1 ping -c3 h2

Run Wireshark

¨ The VM image includes the OpenFlow Wireshark dissector pre-installed. Wireshark is extremely useful for watching OpenFlowprotocol messages, as well as general debugging.

¨ You'll probably get a warning message for using wireshark with rootaccess. Press OK.

¨ Now, set up a filter for OpenFlow control traffic, by using the ’tcpport 6653' filter (Capture->Options).

¨ Click on Capture->Interfaces in the menu bar. Click on the Start button next to 'lo', the loopback interface. You may see some packets going by.

¨ Press the apply button to apply the filter to all recorded traffic.

(See https://wiki.wireshark.org/OpenFlow for more info on OF supportin Wireshark)

$ sudo wireshark &

Start basic controller

¨ With the Wireshark dissector listening, start the OpenFlow reference controller. In your SSH terminal:

¨ This starts a simple controller that acts as a learningswitch without installing any flow-entries. The parameters represent the listening port for the controller (6653) and the verbose option ‘-v’

¨ You should see a bunch of messages displayed in Wireshark, from the Hello exchange onwards.

$ sudo controller –v ptcp:6653 &

Using the controller

¨ First, we need to delete the flowtable in the switchand the ARP tables in the hosts:

¨ Do the ping in the Mininet console:

¨ Repeat the command: what happens?

mininet> h1 ping -c1 h2

sudo ovs-ofctl del-flows s1mininet> h1 ip -s -s neigh flush allmininet> h2 ip -s -s neigh flush all

Benchmark controller w/iperf

¨ We will benchmark the reference controller in mininet¨ In the mininet console run:

¨ This Mininet command runs an iperf TCP server on onevirtual host, then runs an iperf client on a second virtualhost. Once connected, they blast packets between eachother and report the results.

¨ Now compare with the user-space switch. In the mininetconsole:

¨ Start the same Mininet with the user-space switch:

mininet> iperf

mininet> exit

$ sudo mn --topo single,3 --controller remote --switch user

Benchmark controller w/iperf

¨ Run one more iperf test with the referencecontroller:

¨ With the user-space switch, packets must cross from user-space to kernel-space and back on every hop, rather than staying in the kernel as they go throughthe switch. The user-space switch is easier to modify(no kernel oops'es to deal with), but slower for simulation.

¨ Exit Mininet:

mininet> iperf

mininet> exit

Slicing using FlowVisor

¨ See the following tutorial

Fabrizio Granellifabrizio.granelli@unitn.it

Any questions?