sdn command line controller lab

Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com

Software Defined NetworkingLab

Using Mininetand the

POX ControllerLast Update 2014.02.04

2.1.0

1

Sources

• This lab uses the OpenFlow Tutorial sample lab from

• http://archive.openflow.org/wk/index.php/OpenFlow_Tutorial#Download_Files

• and content from the book Software Defined Networking with OpenFlow by Siamak Azodolmolky

Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 2

The SDN Lab

• For this lab on SDN we will be using Mininet to create the SDN hardware and OpenFlow commands to define how the hardware acts


What is Mininet

• Mininet is a network emulator, not a simulator

• It can be used to create virtual hosts, hubs, switches, controllers, and links

• The code used in Mininet can be used with no or minimal changes on real SDN OpenFlow networks


Flow of the Lab

• In this lab you will– Simulate a multi-switch, multi-host network

with Mininet– Create flow tables from the command line– Setup a controller to download the flow

entries– View OpenFlow messages with Wireshark


Flow of the Lab

• After the tutorial, you can apply what you've learned to physical networks based on software switches or SDN capable hardware switches at line rate

• Here are the steps we will go through


Flow of the Lab

– Download the virtual machine– Setup the virtual machine– Check the setup in Linux– Create the network– Examine the network– Work with basic OpenFlow commands– Add a controller


Download the Virtual Machine

• For this lab a virtual machine appliance in ovf format must be downloaded from the OpenFlow Tutorial website here– https://github.com/downloads/mininet/

mininet/mininet-2.0.0-113012-amd64-ovf.zip• Download this file• Expand the zip file• You should see these files


Download the Virtual Machine


Setup the Virtual Machine

• To import this appliance into VirtualBox– Select

• File– Import Appliance

» Select the ovf image» Press the Import button

• This lab requires two virtual NICs– The first one should be set to host-only

network– The second one to NAT


Check Linux

• Mininet is a command line tool that runs in Linux

• The Mininet prompt looks like this– mininet>

• The Linux prompt ends with a $ for a normal user

• It ends in # for the root account


Check Linux

• We will use the sudo command to run the Linux commands with root privileges at the normal user prompt


Check Linux

• Start the virtual machine• Login to Linux• The login is

– mininet– mininet

• The screen should look like this


Check Linux


Check Linux

• Let’s see if the two network interfaces are setup correctly

• At the Linux prompt enter– ifconfig


Check Linux

• Three interfaces should appear• Two physical interfaces called

– eth0– eth1– And the loopback interface


Check Linux

• One of the physical interfaces should have a 192 address and the other a 10 address

• We will access the virtual machine using a terminal program using the 192 address

• If either of the eth Ethernet interfaces are missing, run this command– sudo dhclient ethx

• Where the x in ethx is the number of the interface


Check Linux


Check Linux

• As you can see the eth1 interface is missing

• After the dhclient command is run this appears


Check Linux


Create the Network

• Pay close attention to the prompt shown for each command

• It makes a difference• The basic network we will start with looks

like this


Create the Network


Create the Network

• H2 H3 and H4 are just generic end devices

• In the real world they would be PCs, printers, VOIP telephones and so forth

• The others are the SDN devices - a switch and a controller


Create the Network

• These commands can be entered in the VirtualBox window from the keyboard

• Or a terminal program such as Putty can be used so the commands can be pasted

• Let’s start Putty and connect to the virtual machine

• Use the 192 IP address• Putty defaults to SSH


Create the Network

• So just enter the address and click open• The login in is the same as before

– mininet– mininet


Create the Network


Create the Network

• To paste a command, copy it from here and right click on the command prompt shown in Putty

• The virtual machine is setup with Mininet installed and ready to run

• Issue this command to create the SDN devices and links for this lab


Create the Network

• It all goes on one line in Linux– $ sudo mn --topo single,3 --mac --switch ovsk --controller remote

• This tells Mininet to start up a three host, single – openvSwitch based - switch topology, set the MAC address of each host equal to its IP, and point to a remote controller which defaults to the localhost

• The screen should look like this


Create the Network


Create the Network

• Here's what Mininet just did– Created three virtual hosts– Created a single OpenFlow software switch

with three ports– Connected each virtual host to the switch with

a virtual Ethernet cable– Set the MAC address of each host equal to its

IP address– Configured the OpenFlow switch to connect to

the controllerCopyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 30

Create the Network

• These devices do the following– An OpenFlow Controller

• The controller creates and transfer to the flow commands to the switches

– An OpenFlow Switch• This is a software based switch that takes

commands from the controller that are used to handle the frames it receives


Examine the Network

• Notice that the Linux prompt is gone• This is the mininet prompt• Let’s see what we made• At the Mininet prompt enter

– mininet>nodes• This should appear


Examine the Network


Examine the Network

• We can also see the network using– mininet>net

• And see information about all the nodes with– mininet>dump


Examine the Network


Work With OpenFlow

• In OpenFlow to look at a switch’s flow table the dpctl – data path control command can be used

• Most OpenFlow switches start up with a passive listening port - 6634 - from which you can poll the switch, without having to add debugging code to the controller


Work With OpenFlow

• For example the command– $ dpctl show tcp:127.0.0.1:6634

• will connect to the switch and dump out its port state and capabilities

• This command can be run from the Mininet prompt as well in this form– mininet>dpctl show

• I am going to open another Putty connection to do this


Work With OpenFlow


Work With OpenFlow

• This command looks at the flow table– $ dpctl dump-flows tcp:127.0.0.1:6634– or– mininet>dpctl dump-flows

• Since we haven't started a controller yet, the flow-table should be empty


Work With OpenFlow


Work With OpenFlow

• With the virtual hardware setup let’s check network connectivity from the Mininet console– mininet>h1 ping –c3 h2

• The syntax for ping in mininet is– Ping from – h1 here– Number of pings – 3 times in this example– Ping to – h2 here


Work With OpenFlow

• For a continuous ping h1 ping h2• CRTL c to stop the ping


Work With OpenFlow


Work With OpenFlow

• Did you get any replies• As you saw before, the switch flow table is

empty• Besides that, the controller is not yet

configured to provide flow handling instructions to the switch and therefore the switch doesn't know what to do with incoming traffic, leading to ping failure


Work With OpenFlow

• Let’s add some flows using dpctl first• The dpctl command can do this on an

individual switch without a controller• These flows are meant to be transitory• As we are working with this in a lab rather

than in a realtime line rate network we need to increase the timeout before we add any flows or we will have to keep reentering the flows


Work With OpenFlow

• To increase the timeout to 5 minutes enter this command– $dpctl add-flow tcp:127.0.0.1:6634 in_port=1,idle_timeout=300,actions=output:2

• Now we can add the flow commands• This is an example of a proactive entry to

the flow table as it will be added before the traffic it will handle has crossed the network

• In the other lab we will use reactive modeCopyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com 48

Work With OpenFlow

• Type this all on one line– $ dpctl add-flow tcp:127.0.0.1:6634 in_port=1,actions=output:2

• And this also all on one line– $ dpctl add-flow tcp:127.0.0.1:6634 in_port=2,actions=output:1


Work With OpenFlow

• This will forward packets coming to port 1 to port 2 and vice-versa

• Verify this by checking the flow-table with– $ dpctl dump-flows tcp:127.0.0.1:6634


Work With OpenFlow


Work With OpenFlow

• Run the ping command again in the mininet console– mininet> h1 ping -c3 h2

• Did you get replies now


Work With OpenFlow


Work With OpenFlow

• Check the flow-table again and look at the statistics for each flow entry

• Is this what you expected to see based on the ping traffic


Activate Wireshark

• Wireshark is useful here to examine the traffic generated by OpenFlow

• The virtual machine being used for this lab has Wireshark already installed

• Let’s see how we get it working in this environment

• We will have to use a new SSH session using X11 as Wireshark uses a GUI interface


Activate Wireshark

• To run an application that uses a GUI X11 is required

• This can be done at either end• Under Windows, the Xming server must

be running, and you must make an SSH connection with X11 forwarding enabled


Activate Wireshark

• First, search the Internet for and download the Xming server

• Install it• Start Xming• Xming will not show any window, but you

can verify that it is running by looking for its process in Window's task bar


Activate Wireshark

• Second, make an SSH connection with X11 forwarding enabled

• If you are using Putty, you can connect to the lab by entering the VM's IP address for the 192 address NIC and enabling X11 forwarding


Activate Wireshark

• To enable X11 forwarding from Putty's GUI, go to PuttyConnection | SSH | X11, then click on Enable X11 Forwarding, as shown in the following screenshot


Activate Wireshark


Activate Wireshark

• Or X11 can be added to the VM itself• To install X11 and a simple window

manager, from the VM console window enter– $ sudo apt-get update– $ sudo apt-get install xinit flwm

• Start an X11 session in the VM console window by typing– $ startx


Activate Wireshark

• Now start Wireshark as a background process– $sudo wireshark $

• Click on OK to clear any error messages


Observe SDN Traffic

• Start a capture in Wireshark using the loopback interface

• Create and apply a filter for just the OpenFlow traffic by entering a display filter in Wireshark using the string– of


Load the Controller

• To generate some traffic we will load a controller as that is the next step anyway

• There are a number of software based or hardware based controllers that can be used in an SDN

• In this example we will load the POX controller

• The developers of this controller say this about it


POX Controller

– POX is NOX‘s younger sibling– At its core, it’s a platform for the rapid

development and prototyping of network control software using Python

– Meaning, at a very basic level, it’s one of a growing number of frameworks (including NOX, Floodlight, Trema, etc., etc.) for helping you write an OpenFlow controller


POX Controller

– POX also goes beyond this– As well as being a framework for interacting

with OpenFlow switches, we’re using it as the basis for some of our ongoing work to help build the emerging discipline of Software Defined Networking

– We’re using it to explore and prototype distribution, SDN debugging, network virtualization, controller design, and programming models


Load the Controller

• To start POX enter these commands– $cd pox– ./pox.py forwarding.l2_learning

• If the command prompt does not appear after running this command, press enter


Load the Controller


Observe SDN Traffic

• Switch back to the Wireshark window to see the activity as the controller loads


Observe SDN Traffic


Summary

• We now have a complete Software Defined Network whose actions are defined by OpenFlow


sdn command line controller lab

Technology

mininet mininet

virtual machine copyright

check linux copyright

check linux mininet

controller copyright

sdn lab

files copyright

wireshark copyright