• Flowvisor
Skip to end of metadata
Go to start of metadata

 

 Objective

 

In this exercise you will learn how to manipulate FlowVisor. You will achieve this by creating different types of slicing. First, you will create topology based slicing. Then you will create protocol based slicing. In both cases some programs have been prepared to enable to verify whether your slicing is correct. Therefore it is essential that you do you exercise work in the FlowVisor directory which has been prepared. For example, for topology exercise, use the directory flowvisor/flowvisor-topo. 

 

Download the VM here.

The username and password for the VM are both openflow.

 

 FlowVisor Recap.

 

Before jumping into the exercises perhaps we should recall the FlowVisor API calls which can be reached by using the command fvctl as shown below:

 

 

 FlowVisor API

 

 listSlices

                  Displays the currently configured slices.

 

 getSliceInfo <slicename>

                  Displays the slicename's controller URL, contact information, and who created this slice.

 

 createSlice <slicename> <controller_url> <email>

                  Creates a new slice.  Note that the slicename cannot contain

                  any of the following characters: !:=[] or new lines.  The controller

                  URL is of the form tcp:hostname[:port] so "tcp:controller.myco.com"

                  or "tcp:127.0.0.1:12345", with the default port being 6633.  The email

                  is used as the administrive contact point if there is a problem with

                  the slice.

 

 changeSlice <slicename> <key> <value>

                  Allow a slice user to change values associated with their slice.

                  Currently only "contact_email", "controller_host" and "controller_port"

                  are changable.

 

 deleteSlice <slicename>

                  Deletes a slice and removed all of the flowspace corresponding to the

                  slice.

 

 changePasswd <slicename>

                  Change the password for slice slicename.

 

 listFlowSpace

                  Lists the FlowVisor's flow-based slice policy rules, i.e., the flowspace.

 

 removeFlowSpace <ID>

                  Removes rule with id=ID.

 

 addFlowSpace <DPID> <PRIORITY> <FLOW_MATCH> <SLICEACTIONS>

                  Creates a new rule and returns the new rule's ID.  See below for the format of DPID, FLOW_MATCH, and SLICEACTIONS.

 

 changeFlowSpace <ID> <DPID> <PRIORITY> <FLOW_MATCH> <SLICEACTIONS>

                  Replaces rule ID with a new rule with the specificed parameters.  See below for the format of DPID, FLOW_MATCH, and SLICEACTIONS.

 

      

 FLOW_MATCH structure

 

 The following field assignments describe how a flow matches a packet.  If any of these assignments is omitted from the flow syntax, the field is treated as a wildcard; thus, if all of them are omitted, the resulting flow matches all packets.  The string  all

       or any is used to specify a flow that matches all packets.

 

       in_port=port_no

              Matches physical port port_no.  Switch ports are numbered as displayed by fvctl getDeviceInfo DPID.

 

       dl_vlan=vlan

              Matches IEEE 802.1q virtual LAN tag vlan.  Specify 0xffff as vlan to match packets that are not tagged with a virtual LAN; otherwise, specify a number between 0 and 4095, inclusive, as the 12-bit VLAN ID to match.

 

       dl_src=mac

              Matches Ethernet source address mac, which should be specified as 6 pairs of hexadecimal digits delimited by colons, e.g. 00:0A:E4:25:6B:B0.

 

       dl_dst=mac

              Matches Ethernet destination address mac.

 

       dl_type=ethertype

              Matches Ethernet protocol type ethertype, which should be specified as a integer between 0 and 65535, inclusive, either in decimal or as a hexadecimal number prefixed by 0x, e.g. 0x0806 to match ARP packets.

 

       nw_src=ip[/netmask]

              Matches IPv4 source address ip, which should be specified as an IP address, e.g. 192.168.1.1.  The optional netmask allows matching only on an IPv4 address prefix.  The netmask is specificed "CIDR-style", i.e., 192.168.1.0/24.

 

       nw_dst=ip[/netmask]

              Matches IPv4 destination address ip.

 

       nw_proto=proto

              Matches IP protocol type proto, which should be specified as a decimal number between 0 and 255, inclusive, e.g. 6 to match TCP packets.

 

       nw_tos=tos/dscp

              Matches ToS/DSCP (only 6-bits, not modify reserved 2-bits for future use) field of IPv4 header tos/dscp, which should be specified as a decimal number between 0 and 255, inclusive.

 

       tp_src=port

              Matches  transport-layer (e.g., TCP, UDP, ICMP) source port port, which should be specified as a decimal number between 0 and 65535 (in the case of TCP or UDP) or between 0 and 255 (in the case of ICMP), inclusive, e.g. 80 to match packets originating

              from a HTTP server.

 

       tp_dst=port

              Matches transport-layer destination port port.

 

 Slice Actions struct

 

Slice  actions  is  a  comma separated list of slices that have control over a specific FlowSpace.  Slice actions are of the form "Slice:slicename1=perm[Slice:slicename2=perm[...]]".  Each slice can have three types of permissions over a flowspace: DELEGATE,

       READ, and WRITE.  Permissions are currently a bitmask specified as an integer, with DELEGATE=1, READ=2, WRITE=4.  So, "Slice:alice=5,bob=2" would give Alice's slice DELEGATE and WRITE permissions (1+4=5), but Bob only READ permissions.  Improving this inter?

       face is on the TODO list.  For example,

 

        fvctl addFlowSpace all 2 any Slice:slice1=4,Slice:slice2=2

 

 Topology (or port-based) Slicing

 

 

In this exercise we are going to cut up the topology and each slice will have a subset of the full topology given here.

 

 

 

The mininet topology given will create this topology, to start it run:

 

 

The sudo password is openflow

 

Since we have included a slice visualizer here, there are few guidelines to follow to ensure that everything works:

 

* create three slices named respectively "first", "second", and "third"

* At a minimum when adding flowspace you must at least specify the DPID and the in_port, otherwise the visualizer will be confused. ;)

 

From this point on, you are on your own. Go ahead and create the slices and flowspace. Once you think you have something which is working do the following:

 

 

Then point your browser on your host operating system to http://192.168.56.101:8000

 

You should see a webpage containing something similar to below.

 

 

If you mouseover the router in your browswer you should be able to see the DPID of the device.

 

Try various port-based slices. See how creative you can be. If you are feeling adventurous, you can add more switches in the topo.py file and restart mininet. 

 

 Protocol based slicing

 

Here, we will create protocol based slices as shown in the diagram below:

 

 

A mininet script file has been prepared to build this topology. Moreover, it has been augmented such that each mininet host is running an ssh, http, and telnet daemon. To start this mininet setup run:

 

 

Then create your slices  make sure you place your hosts in the correct slice. Then, point each slice to a controller. This could be multiple NOX instances simply running on different ports. It fine to have them run a simple learning switch each. For example start NOX in a new terminal by running:

 

 

Note that there are multiple ways to configure FlowVisor here. Some are more naive than others. _Hint:_ You can use an extra slice to make you configuration of your protocol based slices simpler. 

Once you think you have correctly sliced your network, you can start an xterm for each mininet host by running 

 

 

at the mininet terminal where h10 is the name of the host. Change that to get a shell for another host.  

If you have configured everything correctly you should see the following your your telnet slice:

 

 

and for the ssh slice:

 

and finally for the http slice (you can use lynx or wget, firefox will not work):

 

 

If you have not configured FlowVisor correctly and you end up somehow logging into the wrote machine a nasty message will be waiting for you ;).

 

 

  • No labels