TECH Software Defined Networking Floodlight Tutorial James WonKi
- Slides: 26
TECH Software Defined Networking: Floodlight Tutorial James Won-Ki Hong Department of Computer Science and Engineering POSTECH, Korea jwkhong@postech. ac. kr CSED 702 Y: Software Defined Networking 1/24
Outline v v Introduction Overview Installation Floodlight Tutorial § Rest API usage § Native API usage v Demo TECH § Demo scenarios § Demo presentation CSED 702 Y: Software Defined Networking 2/24
Introduction v Floodlight TECH § A completely open, free, Apache-licensed Java-based Open. Flow controller • • Open sourced, currently hosted in github Apache licensed use for any purpose Java-based (forked from Beacon) Currently support Open. Flow v 1. 0 and v 1. 3 § Open. Flow. J (Loxi) • A new Open. Flow API with support for OF 1. [0 -3+] • Open. Flow multi-version support, Bug resilience • Loxigen • A tool that generates Open. Flow protocol libraries for a number of languages • Support C, Python, Java and an auto-generated wireshark dissector in Lua • Currently used by many Open. Flow controllers (e. g. , ONOS, floodlight …) CSED 702 Y: Software Defined Networking 3/24
Floodlight Overview (1/2) v Floodlight Architecture § A controller + a collection of applications built on top of Floodlight Circuit Pusher (python) Open. Stack. Quantum Plugin (python) Your Applications … REST Applications REST API (Implement Restlet Routable Interface) Module Applications Firewall Static. Flow Entry. Pusher Port. Down Reconciliation Forwarding Hub Learning Switch TECH Your Applications … Java API VNF Floodlight Controller Module Manager Thread Pool Device Manager Topology Service Packet Streamer Link Discovery Jython Sever Flow Cache Web UI Unit Tests Storage Memory No. SQL Open. Flow Services Switches Controller Memory Perf. Mon CSED 702 Y: Software Defined Networking Trace Counter Store 4/24
Floodlight Overview (2/2) v Application Modules § Routing/Forwarding • Default reactive packet forwarding application § Learning switch • Example learning switch application, can replace routing/forwarding § Static Flow Entry Pusher • Install specific flow entry (match + action) to a specific switch § Firewall • An application to apply ACL rules to allow/deny traffic based on specified match § Port Down Reconciliation § Virtual Network Filter (VNF) • Simple MAC-based network isolation application v Core REST APIs TECH § Static Flow Pusher REST API • Allow the user to proactively insert/delete/list the flows to Open. Flow switch § Firewall REST API • Allow the user to insert/delete/list rules for firewall CSED 702 Y: Software Defined Networking 5/24
Floodlight Installation v Native Installation from Source TECH § Recommended OS: any version of Linux distribution § Procedures • Install pre-requisite software packages $ sudo apt-get install openjdk-7 -jdk $ sudo apt-get install ant # yum install java-1. 7. 0 -openjdk-devel # yum install ant Ubuntu EPEL • Download source from github and build the stable version $ git clone git: //github. com/floodlight. git $ cd floodlight $ git checkout v 1. 0 $ ant • Run the floodlight #. /floodlight. sh • Access floodlight dashboard • http: //floodlight_ip_address: 8080/ui/index. html CSED 702 Y: Software Defined Networking 6/24
Configuration of Floodlight v Configuration TECH § Configuration files for Floodlight modules • Enumeration of ALL modules compiled in the floodlight. jar binary • “src/main/resources/METAINF/services/net. floodlightcontroller. core. module. IFloodlight. Module” • Enumeration of modules selected to load/run • “src/main/resources/floodlightdefault. properties” • Also place to configure certain parameters • E. g. , REST API server, web UI port, default timeout values and etc. • If you implement a new module, you need to update above two files to take effect § Configuration file for logging • Floodlight relies on org. slf 4 j. Logger to log debug messages • Located at scan="true"> $FLOODLIGHT_ROOT/logback. xml <configuration <appender name="STDOUT"> <encoder> <pattern>%level [%logger: %thread] %msg%n</pattern> </encoder> </appender> <root level="INFO"> <appender-ref ref="STDOUT" /> </root> <logger name="org" level="WARN"/> <logger name="net. floodlightcontroller" level="INFO"/> <logger name="net. floodlightcontroller. logging" level="WARN"/> </configuration> CSED 702 Y: Software Defined Networking 7/24
Floodlight REST API (1/3) v Static Flow Pusher API URI Description Arguments /. . . /json Add/delete static flow HTTP POST data (add), HTTP DELETE (deletion) /…/list/<switch>/json List static flows switch: Valid Switch DPID or "all" /…/clear/<switch>/json Clear static flows switch: Valid Switch DPID or "all" v REST API Example TECH § Insert a flow on switch 1 (in port 1, out port 2) curl -d '{"switch": "00: 00: 01", "name": "flow-mod-1", "cookie": "0", "priority": "32768", "ingress-port": "1", "active": "true", "actions": "output=2"}' http: //<controller_ip>: 8080/. . . /json § List all inserted flows curl http: //<controller_ip>: 8080/wm/core/switch/1/flow/json; § Delete a static flow by its name ‘flow-mod-1’ curl -X DELETE -d '{"name": "flow-mod-1"}' http: //<controller_ip>: 8080/wm/staticflowentrypusher/json CSED 702 Y: Software Defined Networking 8/24
Floodlight REST API (2/3) URI Method URI Arguments Data /…/<op>/json GET op: status, enable, None disable, storage. Rules, subnetmask query the status of, enable, and disable the firewall /…/rules/json GET None List all existing rules in json format POST None {"<field 1>": "<value 1>", "<field 2>": "<value 2>", . . . } Create new firewall rule Ex. "src-mac": "<xx: xx: xx: xx>" None v REST DELETE API Example TECH {"<ruleid>": "<int>"} Description "field": "value" pairs below in any order and combination: Delete a rule by ruleid § Show whether the firewall is enabled or disabled curl http: //localhost: 8080/wm/firewall/module/status/json § Enable or Disable the firewall curl http: //localhost: 8080/wm/firewall/module/enable/json curl http: //localhost: 8080/wm/firewall/module/disable/json CSED 702 Y: Software Defined Networking 9/24
Floodlight REST API (3/3) ECH v REST API Example § Adding an ALLOW rule for all flows to pass through switch 00: 00: 01 curl -X POST -d '{"switchid": "00: 00: 01"}' http: //localhost: 8080/wm/firewall/rules/json § Adding an ALLOW rule for all flows between IP host 10. 0. 0. 3 and host 10. 0. 0. 7 (default action is allow, no need to specify) curl -X POST -d '{"src-ip": "10. 0. 0. 3/32", "dst-ip": "10. 0. 0. 7/32"}' http: //localhost: 8080/wm/firewall/rules/json curl -X POST -d '{"src-ip": "10. 0. 0. 7/32", "dst-ip": "10. 0. 0. 3/32"}' http: //localhost: 8080/wm/firewall/rules/json § Adding an ALLOW rule for UDP, and then block port 5010 curl -X POST -d '{"src-ip": "10. 0. 0. 3/32", "dst-ip": "10. 0. 0. 7/32", "nw-proto": "UDP" }' http: //localhost: 8080/wm/firewall/rules/json curl -X POST -d '{"src-ip": "10. 0. 0. 3/32", "dst-ip": "10. 0. 0. 7/32", "nw-proto": "UDP", "tp-src": "5010", "action": "DENY" }' http: //. . . /rules/json CSED 702 Y: Software Defined Networking 10/24
How to Write a Module? (1/2) ECH v A Module Creation § Create a class § Implement IFloodlight. Module interface public class Your. Module. Name implements IFloodlight. Module {…} § Add unimplemented methods @Override public Collection< Class< ? extends IFloodlight. Service >> get. Module. Services() { // Add services to Collection< Class< ? extends IFloodlight. Service >> l // if you have any, otherwise just return null. . . return null; } @Override public Map< Class< ? extends IFloodlight. Service >, IFloodlight. Service > get. Service. Impls() { // Add corresponding service implementation class to // Map< Class< ? extends IFloodlight. Service >, IFloodlight. Service > m, // if you have any, otherwise just return null. . . return null; } CSED 702 Y: Software Defined Networking 11/24
How to Write a Module? (2/2) ECH v A Module Creation § Add unimplemented methods @Override public Collection< Class< ? extends IFloodlight. Service >> get. Module. Dependencies() { // wire the module up to the module loading system // we tell the module loader that we depend on IFloodlight. Provider. Service. . . Collection< Class< ? extends IFloodlight. Service >> l = new Array. List< Class< ? extends IFloodlight. Service >>(); l. add( IFloodlight. Provider. Service. class ); return l; } @Override public void init( Floodlight. Module. Context context ) throws Floodlight. Module. Exception { // add initialization logic into this method // this method is invoked early in the controller startup process // in this example, we obtain a Floodlight. Provider. Service instance from context floodlight. Provider = context. get. Service. Impl( IFloodlight. Provider. Service. class ); } @Override public void start. Up( Floodlight. Module. Context context ) throws Floodlight. Module. Exception { // add basic program logic in here // this method is invoked when initialization phase is over. . . } CSED 702 Y: Software Defined Networking 12/24
How to Listen Open. Flow Message? (1/2) ECH v Listen All Open. Flow Messages § Write a module by implementing IFloodlight. Module interface § Implement IOFMessage. Listener interface public class Your. Module. Name implements IOFMessage. Listener, IFloodlight. Module {…} § Add unimplemented methods @Override public String get. Name() { // add a customized name for our message listener. . . return Your. Module. Name. class. get. Simple. Name(); } @Override public boolean is. Callback. Ordering. Prereq( OFType type, String name ) { // true: process OF message after the module which has “name” return false; } @Override public boolean is. Callback. Ordering. Postreq( OFType type, String name ) { // true: process OF message before the module which as “name” return false; } CSED 702 Y: Software Defined Networking 13/24
How to Listen Open. Flow Message? (2/2) ECH v Listen All Open. Flow Messages § Add unimplemented methods @Override public Command receive( IOFSwitch sw, OFMessage msg, Floodlight. Context cntx ) { // this method is invoked when controller receive a OF message from switch // sw: the switch instance that sends this Open. Flow message // msg: Open. Flow message instance // cntx: floodlight’s context instance. . . // Command. CONTINUE: allow this message to continue to be handled by other handlers // Command. STOP: disallow other handlers to process this message anymore return Command. CONTINUE; } With receive method, we can capture the PACKET_IN / Flow. Removed OF message only. To capture other OF messages which sent from controller to switch, we have to re-implement OFSwitch class CSED 702 Y: Software Defined Networking 14/24
How to Listen Open. Flow Switch? (1/2) ECH v Listen All Open. Flow Switches § Write a module by implementing IFloodlight. Module interface § Implement IOFSwitch. Listener interface public class Your. Module. Name implements IOFSwitch. Listener, IFloodlight. Module {…} § Add unimplemented methods @Override public void switch. Added( Datapath. Id switch. Id ) { // this method is invoked when a switch becomes known to controller // E. g. , a switch is connected at some controller } @Override public void switch. Removed( Datapath. Id switch. Id ) { // this method is invoked when a switch disconnects with a controller } @Override public void switch. Activated( Datapath. Id switch. Id ) { // this method is invoked when a switch becomes active on controller } CSED 702 Y: Software Defined Networking 15/24
How to Listen Open. Flow Switch? (2/2) ECH v Listen All Open. Flow Switches § Add unimplemented methods @Override public void switch. Port. Changed( Datapath. Id switch. Id, OFPort. Desc port, Port. Change. Type type ) { // this method is invoked when a port on a known switch changes // port: a port descriptor which has meta information of the port // type: five port change types // ADD a newly added port // DELETE a removed port from switch // UP a newly activated port // DOWN a deactivated port // OTHER_UPDATE any other changes to the port } @Override public void switch. Changed( Datapath. Id switch. Id ) { // this method is invoked when any non-port related information // change after a switch. Added, currently unused. . . } CSED 702 Y: Software Defined Networking 16/24
Message Objects and Builders ECH v Open. Flow. J § Instance creation • Complex OF message types factory. create. Builder(); • Simple value objects IPv 4. of(“ 1. 2. 3. 4/24”); § Message objects and builders Factory create. Builder() Message Builder set. Foo(foo) set. Bar(bar) get. Message() CSED 702 Y: Software Defined Networking 17/24
How to Add a New Flow to a Switch? (1/4) ECH v Push a Flow. Mod Message to a Switch § Write a module by implementing IFloodlight. Module interface § Instantiate a IOFSwitch. Service instance in init method @Override public void init( Floodlight. Module. Context context ) throws Floodlight. Module. Exception { // need to declear switch. Service variable as global within this class switch. Service = context. get. Service. Impl( IOFSwitch. Service. class ); } § Instantiate a IOFSwitch instance by providing a Datapath. Id @Override public void switch. Added( Datapath. Id switch. Id ) { IOFSwitch sw = switch. Service. get. Switch( switch. Id ); // Flow. Mod message generation logic. . . } CSED 702 Y: Software Defined Networking 18/24
How to Add a New Flow to a Switch? (2/4) v Push a Flow. Mod Message to a Switch § Generate a unidirectional Flow. Mod for matching IP traffic IOFSwitch sw = switch. Service. get. Switch( switch. Id ); int APP_ID = 1; int USR = 2; // generate a Match Filter Match. Builder mb = sw. get. OFFactory(). build. Match(); // here, we only would like to match // source and destination IP addresses IPv 4 Address src. Ip = IPv 4 Address. of("10. 0. 0. 1" ); IPv 4 Address dst. Ip = IPv 4 Address. of("10. 0. 0. 2" ); mb. set. Exact( Match. Field. IPV 4_SRC, src. Ip ); mb. set. Exact( Match. Field. IPV 4_DST, dst. Ip ); mb. set. Exact( Match. Field. ETH_TYPE, Eth. Type. IPv 4 ); // first register an APP_ID to App. Cookie. . . App. Cookie. register. App( APP_ID, "Flow. Mod. Sample" ); // generate a cookie (for identification purpose) U 64 cookie = App. Cookie. make. Cookie( APP_ID, USR ); // generate an action list List<OFAction> al = new Array. List<OFAction>(); ECH // set output port as 2 OFPort out. Port = OFPort. of. Int( 2 ); OFAction action = sw. get. OFFactory(). actions(). build. Output(). set. Port(out. Port). set. Max. Len(Integer. MAX_VALUE). build(); // insert the defined action to action list al. add( action ); // start to build an OFFlow. Mod Message OFFlow. Mod. Builder fmb = sw. get. OFFactory(). build. Flow. Add(); fmb. set. Cookie( cookie ). set. Hard. Timeout(FLOWMOD_DEFAULT_HARD_TIMEOUT). set. Idle. Timeout(FLOWMOD_DEFAULT_IDLE_TIMEOUT). set. Buffer. Id( OFBuffer. Id. NO_BUFFER ). set. Match( mb. build() ). set. Actions( al ). set. Priority(FLOWMOD_DEFAULT_PRIORITY); // finally write it out to switch sw. write( fmb. build() ); sw. flush(); CSED 702 Y: Software Defined Networking 19/24
How to Add a New Flow to a Switch? (3/4) v Push a Flow. Mod Message to a Switch § Generate a unidirectional Flow. Mod for matching ARP traffic IOFSwitch sw = switch. Service. get. Switch( switch. Id ); int APP_ID = 1; int USR = 2; // generate a Match Filter Match. Builder mb = sw. get. OFFactory(). build. Match(); // here, we only would like to match // source and destination IP addresses IPv 4 Address src. Ip = IPv 4 Address. of("10. 0. 0. 1" ); IPv 4 Address dst. Ip = IPv 4 Address. of("10. 0. 0. 2" ); mb. set. Exact( Match. Field. ARP_SPA, src. Ip ); mb. set. Exact( Match. Field. ARP_TPA, dst. Ip ); mb. set. Exact( Match. Field. ETH_TYPE, Eth. Type. ARP ); // first register an APP_ID to App. Cookie. . . App. Cookie. register. App( APP_ID, "Flow. Mod. Sample" ); // generate a cookie (for identification purpose) U 64 cookie = App. Cookie. make. Cookie( APP_ID, USR ); // generate an action list List<OFAction> al = new Array. List<OFAction>(); ECH // set output port as 2 OFPort out. Port = OFPort. of. Int( 2 ); OFAction action = sw. get. OFFactory(). actions(). build. Output(). set. Port(out. Port). set. Max. Len(Integer. MAX_VALUE). build(); // insert the defined action to action list al. add( action ); // start to build an OFFlow. Mod Message OFFlow. Mod. Builder fmb = sw. get. OFFactory(). build. Flow. Add(); fmb. set. Cookie( cookie ). set. Hard. Timeout(FLOWMOD_DEFAULT_HARD_TIMEOUT). set. Idle. Timeout(FLOWMOD_DEFAULT_IDLE_TIMEOUT). set. Buffer. Id( OFBuffer. Id. NO_BUFFER ). set. Match( mb. build() ). set. Actions( al ). set. Priority(FLOWMOD_DEFAULT_PRIORITY); // finally write it out to switch sw. write( fmb. build() ); sw. flush(); CSED 702 Y: Software Defined Networking 20/24
How to Add a New Flow to a Switch? (4/4) ECH v More on Match § Address masking uses either net masking or CIDR • Match the first three octets • Net masking: 10. 1. 2. 0/255. 0 • CIDR: 10. 1. 2. 0/24 • Match the last one octet • Net masking: 0. 0. 0. 3/0. 0. 0. 255 • CIDR: N/A. . . Match. Builder mb = sw. get. OFFactory(). build. Match(); String src. Ip. Str = “ 10. 1. 2. 0/255. 0”; String dst. Ip. Str = “ 20. 1. 0. 0/255. 0. 0”; mb. set. Masked( Match. Field. IPV 4_SRC, IPv 4 Address. With. Mask. of( src. Ip. Str ) ); mb. set. Masked( Match. Field. IPV 4_DST, IPv 4 Address. With. Mask. of( dst. Ip. Str ) ); . . . § Check whether the current match support the designated field. . . Match. Builder mb = sw. get. OFFactory(). build. Match(); mb. supports( Match. Field. IPv 6_SRC ); . . . CSED 702 Y: Software Defined Networking 21/24
DEMO Scenarios ECH v Construct a Customized Topology Using Mininet § A topology with two hosts and five switches v Scenario § Setup the flow in proactive manner § Ping from host 1 to host 2 § Ping from all hosts to the other hosts 1 0 1 2 2 2 1 switch 2 switch 3 3 host 1 Route #1 1 3 2 switch 1 switch 5 1 2 switch 4 0 host 2 Route #2 CSED 702 Y: Software Defined Networking 22/24
Testbed Jython App Java App ECH RESTbased App Static Flow Pusher Not standardized yet, use proprietary APIs Northbound API Floodlight Controller Southbound API OVS Switch Host OVS Switch Host Implement Open. Flow Protocol OVS Switch Host mininet CSED 702 Y: Software Defined Networking 23/24
DEMO Execution Procedures ECH v Procedures § Add/load the newly implemented module (proactive flow insertion) § Start Floodlight controller daemon # $FLOODLIGHT_PATH/floodlight. sh § Initialize Mininet by specifying custom topology $ sudo mn --custom. /topo. py --topo mytopo --controller=remote, ip=127. 0. 0. 1, port=6653 § Initiate a ICMP request from host 1 mininet> h 1 ping h 2 § Initiate ICMP requests from all hosts mininet> pingall Topology script: http: //dpnm. postech. ac. kr/cs 702/2015/src/topo. py Floodlight module: http: //dpnm. postech. ac. kr/cs 702/2015/src/floodlight/Flow. Mod. Sample. java CSED 702 Y: Software Defined Networking 24/24
Q&A ECH CSED 702 Y: Software Defined Networking 25/24
References ECH v Open. Flow. J-Loxi § https: //github. com/floodlight/loxigen/wiki/Open. Flow. J-Loxi v Floodlight Official Site § http: //www. projectfloodlight. org/floodlight/ v Floodlight Source § https: //github. com/floodlight CSED 702 Y: Software Defined Networking 26/24
Sdn overview
Mininet sdn tutorial
Floodlight controller installation
Wonki hong
Data plane control plane and management plane
Python event manager
Floodlight controller
Floodlight controller
A collection well defined objects
Low tech assistive technology
The trailside killer
James russell odom and james clayton lawson
7 ci
Software defined radio forum
Diy sdr receiver
Softrock sdr
Abstractions for software defined networks
Vbcable_setup
Software defined radio
Ctech evs
George james software
Lawson software tutorial
Cebos qad
Esteem software training
Dfd tutorial
Configuration management tutorial
Amos tutorial
