Workshop on Software Defined Networks Network Programming, Mininet and Other Tools Spring 2014 (many) slides stolen from Yotam Harchol and David Hay (HUJI)
Agenda Introduction to mininet Introduction to Python Networking tools Installing mininet and its prerequisites Write a simple OpenFlow controller
mininet MiniNet creates scalable Software-Defined Networks (up to hundreds of nodes) using OpenFlow, on a single PC It allows to quickly create, interact with and customize a software defined network prototype with complex topologies, and can be used to emulate real networks – all on your PC MiniNet can work with any kind of OpenFlow controller It takes seconds to install it Easy to program Of course, it is an open source project
Python Python is a very easy-to-use programming (scripting) language Interpreter based language We will use it to program the RYU OpenFlow controller We begin with a short introduction…
Values and Types Python is dynamically typed (no need to declare variables, or their type; parameters have no types) Indentation is crucial: there are no { } blocks. Blocks are determined according to the indentation of the text Indentation recommendations: Be consistent – always use the same indentation sequence Use editor indent support , e.g. auto replace tab with spaces Our Convention: 4 spaces We use Python 2.7.x, NOT Python 3 Detailed documentation: http://www.python.org/doc/ A nice beginners’ book: http://thinkpython.com
Python Functions Defining functions in Python is easy: def say_hello(first_name, last_name): full_name = first_name + ' ' + last_name print 'Hello ' + full_name + '!' And calling it later: say_hello('John', 'Doe') Function name Parameters Four spaces
Python Classes Python can be used as an Object-Oriented language Let's define a new class: import math class Point2D: def __init__(self, x, y): self.x = x self.y = y def get_distance(self, p): d = math.sqrt(math.pow(self.x - p.x, 2) + math.pow(self.y - p.y, 2)) return d To create an instance: p1 = Point(1, 1) p2 = Point(2, 2) print p1.get_distance(p2) We need this for math functions Everything inside the block is the class self is the new this Constructor Class method self must be expected in every class method as the first parameter. However, when calling these methods we do not pass an argument for it
Call whatever super-constructor you would like Python Classes We can also inherit other classes: # continues from previous slide... class Point3D(Point2D): def __init__(self, x, y, z): Point2D.__init__(self, x, y) self.z = z def get_distance(self, p): d = math.sqrt(math.pow(self.x - p.x, 2) + math.pow(self.y - p.y, 2) + math.pow(self.z - p.z, 2)) return d Defines superclass (can be more than one!) Call whatever super-constructor you would like Overriding method
Python Decorators Decorators are used to twist functions/methods. def log_on_entry(method): def _method(self): print 'on-entry‘, return method(self) return _method class aClass(object): @log_on_entry def a_method(self): print self, 'a_method is called' a = aClass() a.a_method() Same as: class aClass(object) print 'a_method is called' a_method = log_on_entry(a_method) The output will be: on-entry <main.aClass object at 0x7fc75eaf4d10> a_method is called. A function that get a function and return a function Used as a decorator for a class method More Reading: - Python Decorators - PEP 318 -- decorators for functions and methods
ifconfig ifconfig is a unix command-line tool that prints the available network interfaces of the machine Example:
TcpDump tcpdump is a unix command-line tool for packet sniffing and capturing It is highly customizable and very easy to use We will use tcpdump to capture traffic in our mininet network, in order to verify that things work as expected Example:
WireShark WireShark is a GUI software that provides capabilities that are similar to tcpdump It allows easy filtering of packets, TCP stream grouping, and more advanced features
Ping ping sends ICMP echo request and waits for response Useful for quickly testing your network Example:
hping3 hping (or hping3) is a command-line tool for generating traffic It can also modify and spoof layers 3/4 header fields Example: hping3 is not installed by default on the mininet VM. You should install it using the command: sudo apt-get install hping3
Scapy Scapy is a python package for packet manipulation It can be used to manually create packets with customized L2-L7 data Packets can be sent to network or stored in a PCAP file http://www.secdev.org/projects/scapy/
SSH (Secure Shell) ssh is a tool for secure shell connection between unix machines Native in Linux In windows can be found in Cygwin project or use PUTTY We will use ssh to connect to the mininet machine and work with it Example:
SCP (Secure Copy) scp uses ssh to securely transfer files between hosts We can use scp to transfer files to/from the mininet machine In windows we have WinSCP Example:
Environment Structure Hosting System - Linux Network Simulator - Mininet controller: RYU NOX OpenFlow Software Switch imp. Open vSwitch switches: import Hosts: Binaries (e.g. wget, tcpdump) import
Environment Illustration Hosting Machine / OS - Any ??? VM player aplication - VirtualBox Virtual Machine (VM) Shared folder Hosting System - Linux Network Simulator Mininet ??? NOX Xming
Setup Install VirtualBox available for Windows, Linux and Mac Or use existing Linux machine follow the instructions for parts 1 through 4 of the OpenFlow Tutorial With a few exceptions and additions: Use MiniNet OVA image from here: http://www.cs.princeton.edu/courses/archive/fall13/cos597E/assignments/tester.ova When adding a new network adapter (in Settings>Network>Adapter2) Make sure that you select "Cable Connected" under "Advanced“. You might need to disable windows firewall for the host-only adapter (e.g. adapter name “VirtualBox Host-Only Network”). You can share a folder from you PC inside the VM (instead of copying files).
Connecting to the MiniNet VM Start mininet VM (and the management VM if applicable) In the mininet VM, login using the user/pass mininet/mininet, then run ifconfig to find the IP address of the mininet machine In the linux machine, open a Terminal window (in Mac, open Xterm or XQuartz) ssh to the mininet machine with X forwarding: ssh -YX mininet@<IP Address> when prompted for password, type: mininet You can later setup public key exchange to avoid typing password each login You are connected! SKIP
Share a folder with VM From virtual box: From VM console: Set CDROM from image: "%ProgramFiles%\Oracle\VirtualBox\VBoxGuestAdditions.iso“ set shared shared folder (e.g. sdn_code) From VM console: mount -t iso9660 -o ro /dev/cdrom1 /media/cdrom cd /media/cdrom sudo sh ./VBoxLinuxAdditions.run sudo mount -t vboxsf sdn_code /mnt
Run MiniNet Now that you are connected to the mininet machine, you can start the simulation: Type: sudo mn -c sudo mn --topo single,3 --mac --switch ovsk This will run mininet with the default controller (NOX), a single Open vSwitch switch and three hosts that are connected to it In the mininet console, type: xterm h1 h2 h3 This will open three terminal windows, each one for a different host In the window of host h1, type: tcpdump -XX -i h1-eth0 In the window of host h2, type: ping –c 4 10.0.0.1 You are supposed to see the relevant ARP and ICMP packets in h1 terminal SKIP
Running mininet with External Controllers Mininet can also work with a controller that runs somewhere else in the network, or just outside the VM There are many choices for OpenFlow controllers, such as NOX (C++), POX and RYU (Python), FloodLight (Java), and more To use mininet with such a controller, just specify its IP and port when starting mininet: sudo mn -c sudo mn --topo single,3 --mac --switch ovsk \ --controller remote \ --ip=<controller ip> \ --port=<openFlowPort (6633 by default)> If the remote controller is located on the same machine, there is no need to specify the IP address SKIP
Running mininet from python from mininet.net import Mininet … def scratchNet( cname='controller', cargs='-v ptcp:' ): info( "*** Creating nodes\n" ) controller = Node( 'c0', inNamespace=False ) switch = Node( 's0', inNamespace=False ) h0 = Node( 'h0' ) h1 = Node( 'h1' ) info( "*** Creating links\n" ) Link( h0, switch ) Link( h1, switch ) info( "*** Configuring hosts\n" ) h0.setIP( '192.168.123.1/24' ) h1.setIP( '192.168.123.2/24' ) h0.cmdPrint( 'ping -c1 ' + h1.IP() ) … if __name__ == '__main__': info( '*** Scratch network demo (kernel datapath)\n' ) Mininet.init() scratchNet()
RYU We will use the RYU controller as it cross-platform and supports the advanced OpenFlow1.3 features. RYU is available in a Mininet VM RYU is written in Python
A Simple OpenFlow Controller We will now write our own controller logic, as a Python class that will be loaded by RYU instead of its own native code At first, OpenFlow switches have nothing in their flow tables Unless the controller does something, switches will ask it what to do every time they receive a packet With no controller (or non-responsive controller as we begin with), they will not forward packets at all Let's start with a very simple controller, that makes switches to behave as simple hubs…
A Simple OpenFlow Controller From: …00-00-03 To: …00-00-02 From: …00-00-03 To: …00-00-02 Switch 1 Host 1 MAC: …00-00-01 Host 3 …00-00-03 Host 2 …00-00-02 Host 4 …00-00-04 Port 1 Port 2 Port 3 Port 4 From: …00-00-03 To: …00-00-02 From: …00-00-03 To: …00-00-02 Hub Behavior
Write a Simple OpenFlow Controller To make the behavior of a hub, once receiving a packet from a switch, the controller should tell the switch to simply flood the packet It can also teach the switch to flood packets forever OpenFlow Controller From: …00-00-03 To: …00-00-02 From: …00-00-03 To: …00-00-02 Switch 1 Host 1 MAC: …00-00-01 Host 3 …00-00-03 Host 2 …00-00-02 Host 4 …00-00-04 OpenFlow Packet buffer_id=1 out_port = FLOOD OpenFlow Packet buffer_id=1 in_port = 3 Port 1 Port 2 Port 3 Port 4 From: …00-00-03 To: …00-00-02 From: …00-00-03 To: …00-00-02
A Simple OpenFlow Controller
Helpful Materials OpenFlow specifications (we work with 1.3) RYU documentation Mininet API reference and examples This presentation (temporary): http://www.cs.tau.ac.il/~schiffli/sdn/
Projects Router Load-balancer Firewall Create a network router over OpenFlow devices in a large dynamic network with sub-nets and VLANs. Load-balancer Implement a dynamic load balancer according to current traffic status. An advanced feature might be to turn on\off server Virtual Machines when traffic is very high/low (requires interaction with the virtualization platform) Firewall Implement a stateful firewall with a configurable policy. It should be able to enforce policy even when a host changed its position in the network.
Manage multicast traffic Build a controller over OF switches to enable a reliable robust and efficient multicast video streaming across the network. The network contains: video streamer servers and clients. The controller should route the efficiently the video stream from the servers to the clients. The controller should be able to new servers, duplicate servers (servers providing the same data), new clients, server failures etc. Distributed controller Implement a framework to support splitting a controller app to several control servers allowing to load balance control traffic and backups for the controller.
Hierarchical controller Implement a controller library that allow to encapsulate a sub-network as a single SDN switch and control it with higher level controller. Fault tolerant SDN Implement a controller app that allow to transmit messages from any node to any node as long as there is connectivity. The mechanisim should work without intervation of the controller during the failure but allows the conroller to optimise the network.
Coming soon Workshop forum (in English!)
Questions?