Lab: Introduction to Software Defined Networking

Introduction and prerequisites

This exercise is to

  • Learn basic OpenvSwitch (OVS) commands using Mininet and OpenFlow (OF) specification.

  • Get familiar with the OpenDaylight (ODL) controller.

  • Inspect the flows between hosts in a network.

In this exercise you will set up a cloud networking environment and gain experience on OVS and OF1.3 commands for manipulation of flows. You will also become familiar with and apply the basic concepts of SDN and flows as defined by OpenFlow.

The following resources and tools are required for this exercise session:

  • Any modern web browser,
  • Any modern SSH client application,
  • An AWS account.

You will perform this exercise on a virtual machine on AWS that you create a provided image. It has all the required software already installed. If you don't mind doing more work you can also use your own Linux VM and install the software manually (see section "Manual installation").

Create your exercise VM from provided image

Login to your AWS account. Switch the console to the Paris region. If you haven't done it already, create a key pair for this region.

Create a new security group named netlab:

  • Allow SSH from anywhere

Launch a new instance:

  • AMI: Select Community AMIs and search MSE T-ClComp Networking Lab (ami-0b78a05cdb278768d)
  • Instance type: t2.small
  • Security group: netlab

Login to the instance via SSH.

We recommend to have several terminal windows open in parallel. You can login several times from your local machine, or use a terminal mutliplexer like byobu on the instance (already installed).

Manual installation

Start with a VM with

  • 2 GB memory
  • Ubuntu 16.04 LTS

Update the packages:

sudo apt update
sudo apt upgrade

Install Mininet, the OpenFlow reference switch, and Open vSwitch:

git clone git://github.com/mininet/mininet
cd mininet
git checkout -b 2.2.2 2.2.2 # select version 2.2.2
cd ..
mininet/util/install.sh -nfv # install Mininet, the OpenFlow reference switch, and Open vSwitch

Test Mininet installation:

sudo mn --test pingall

Install Java JDK 1.8:

sudo apt install openjdk-8-jre

Install OpenDaylight:

curl -O https://nexus.opendaylight.org/content/repositories/public/org/opendaylight/integration/distribution-karaf/0.6.4-Carbon/distribution-karaf-0.6.4-Carbon.tar.gz
tar xzf distribution-karaf-0.6.4-Carbon.tar.gz

Time

The entire session will take 90 minutes.

Glossary

  • OpenFlow (OF): An open standard that enables researchers to run experimental network protocols without requiring vendors to expose the internal workings of their network devices. OpenFlow is currently being implemented by major vendors, with OpenFlow-enabled switches now commercially available.

  • Open vSwitch (OVS): A virtual switch, which can be fully controlled via command line utilities and the Openflow (OF) protocol. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag).

  • Mininet: A network emulator, which uses OVS. It creates a realistic virtual network, running real kernel, switch and application code, on a single machine (VM, cloud or native).

Task 1 - Basic Usage of OVS

In this task you will learn how to manually create a bridge with ports by using OVS command line tools. You will also learn how to inspect the configuration.

The task is to create a virtual switch, generally called "bridge" in OVS. Bridges have ports, which define the topology of the bridge. OVS bridge ports have a port name and an OpenFlow identifier, which is used as reference by flows.

The ovs-vsctl command lets you read and manipulate the OVS topology. Further, the ovs-ofctl command lets you read and manipulate flows on your OVS bridges. For your convenience, here are the most common commands to manipulate topology and flows. (You may refer to the man page for more).

ovs-vsctl: ovs-vswitchd management utility
        list-br
        add-br br0
        add-port br0 eth0
        list-ifaces br0

ovs-ofctl: OpenFlow switch management utility
        show SWITCH
        dump-flows SWITCH
        add-flow SWITCH FLOW
  • Note: Since you are creating system resources the respective linux commands require root privileges. This can be assumed by using sudo preceding each command, or more conveniently by launching a root shell with sudo su - (be careful, though).

  • Create a bridge (name: s1) with 3 ports (names: p1, p2, p3).

  • Verify the correct creation of the bridge and ports by displaying the configuration.

  • Find out how to see the mapping between port names and their respective OpenFlow identifiers. The respective command prints port statistics with detailed information about all interfaces.

Task 2 - SDN with OVS and Mininet

In order to experiment with a virtual bridge and SDN we need an environment that allows us to connect senders and receivers to virtual bridges. Mininet is a tool for such a purpose. Recent versions of Mininet support SDN and create and connect a built-in SDN Controller automatically.

To start Mininet with a clean environment, run on the command line as super user the command

mn -c

which will reset the Mininet environment to zero and then

mn

to start Mininet and enter its command-line shell (you will see the prompt mininet>).

Mininet creates per default a so-called "single topology", which is one single virtual learning switch, an SDN controller, and two hosts connected to the switch. This scenario is is equal to two VMs connected to a virtual switch on an OpenStack compute node, see image below.

Mininet comes with a number of built-in network topologies:

  • Minimal: One switch and two hosts (default)
  • Single: One switch and n hosts.
  • Linear: Several (n) switches in series, each connected to a host.
  • Tree: Switches in a multilevel tree topology, tree depth and number of hosts are parameters.
  • and more.

The option --topo allows to select the topology and parameterize it (e.g., number of switches).

Subtask 2.1 - Mininet Topology

Start a clean Mininet session with a single switch and two hosts (minimal topology).

  • View what Mininet has created. In the Mininet shell, find out how to view the topology, the port and network interface configuration and naming. Draw a schematic picture including the entire information.

    • Use the built-in Mininet commands. Try help in the shell for further info.
  • In another terminal window use the OVS commands to display the virtual switch configuration created by Mininet. Can you see the mapping of ports (1-3) to interfaces (s1-ethx)?

  • Use the OVS commands to display the current flow configuration of the virtual switch. Explain why there are no flows visible.

  • In the Mininet shell initiate a ping between the two hosts. While the ping is running, check the flows and relate them to the hosts.

  • Why do now some flows appear and what are the types of flows can you see?

  • Check the man page of ovs-ofctl and tell what are the possible actions to apply to the flows.

Subtask 2.2 - Flow Programming

In the previous task the application that runs within the controller was provided, it was the so-called “learning switch”. In this task you will learn how to do manually configure the SDN controller in order to enforce any specific behaviour.

OpenFlow Pipelining: When a packet enters the bridge it is fed into the OpenFlow pipeline. Flow tables get inspected for matching entries in accordance to the configured order (flow priority and table order). If a match is found, the actions specified in the rule are applied, otherwise, the next lower priority flow is inspected for possible matching, and so on (see lecture).

  • Program two flows on the existing Mininet topology. Add flows to the bridge such that the following requirements are met:

    • All ICMP traffic that enters the bridge gets dropped. Then delete the flow.
    • All the traffic entering the port with interface s1-eth1 gets dropped.
  • Drop the existing Mininet topology and create a new one with the following specification: linear topology with 3 hosts. After that, apply the following rule:

    • All ICMP traffic that enters the port with interface s2-eth2 gets dropped. Start pinging between the three nodes and see which ICMP communication has been affected by this rule.

    • Restart Mininet without the default built-in controller. One way of doing this is to tell Minnet that it should use an external, so called “remote” controller. You achieve this by using the option --controller=remote when starting Mininet. Try to ping between the nodes. Explain the difference.

    • Program flows on the bridge to establish a Layer-2 connection between the hosts. Hint: recall the non-OpenFlow pipeline of the switch.

    • After that, delete all flows.

With the completion of these exercises you learnt how to create different virtual topologies with Mininet, and to program flows on the bridge. You also were able to visualize the effect of the flows that you installed on the bridge. Finally you had a brief intro of the following exercise and the role of SDN. If you did the last two steps correctly, you would have noticed that the ping does not work with remote controller and you need to program a normal flow in order to establish the L2 connection (the ping) back.

Task 3 - OpenDaylight Controller

In this task you will set up an OpenDaylight controller and install some useful features in the run-time of the controller software. You will also use the ODL as external (remote) controller for a Mininet experiment. In this scenario the ODL (remote) controller is in charge of the topology, and not the default (internal) controller from Mininet as in the previous exercises.

Subtask 3.1 - ODL Runtime and Mininet

Navigate into the ODL environment. For that, issue the following commands before starting the controller itself:

cd distribution-karaf-0.6.4-Carbon

Start the OpenDaylight controller (as superuser):

sudo ./bin/karaf 

Install the following features:

feature:install odl-restconf odl-l2switch-switch odl-mdsal-apidocs odl-dlux-core odl-l2switch-switch-ui

This will take some time to complete. Make sure to wait long enough for the controller to start completely. You can monitor the controller logs (in a separate terminal session) with:

tail -f data/log/karaf.log

Some of the last log messages before it is ready look like the following:

INFO  | config-pusher | [...] All configuration snapshots have been pushed successfully.

Restart Mininet with a remote controller, a "tree topology" with 4 hosts and 3 switches using the fan-out and depth parameters.

Note: Use the Mininet option for connecting to a remote controller like this: --controller=remote,ip=127.0.0.1. This will connect to the controller on the default port 6633. Do not attempt to use localhost instead of 127.0.0.1, it will not work.

The expected output looks similar to the topology in Figure 1.

Figure 1: Two-level Tree topology in Mininet with 4 hosts and 3 switches.

  • When launching Mininet make sure that it connects successfully to the remote controller (verify Mininet displays a corresponding message).
  • Check out the initial flow setup by OpenDaylight on the bridge and explain it.
  • Ping between some of the hosts, look at the installed flows again and explain them.

Troubleshooting:

If the pings in Mininet fail, do the following:

  • Verify that the controller is listening on port 6633 by running

    sudo lsof -i -n -P | grep '(LISTEN)'
    

    You should see a java process listening on this port.

  • To reset ODL: Exit from the ODL shell. Delete the contents of the data directory

    sudo rm -rf data/*
    

    Start ODL and install the features again.

Subtask 3.2 - ODL topology representation

To see the topology setup in OpenDaylight point your browser to

http://<IP_OF_INSTANCE>:8181/index.html
  • Make sure you have opened port 8181 for TCP connections in the security group.
  • OpenDaylight greets you with a login dialog. Userid/password is admin/admin.
  • Note: Don't try to simply type http://<IP_OF_INSTANCE>:8181/, it will not work.

To see the API Rest documentation of the ODL controller point your browser to

http://<IP_OF_INSTANCE>:8181/apidoc/explorer/index.html

For example find the "network-topology" APIs and check network topology details with the following API:

GET /operational/network-topology:network-topology/

ODL maintains the entire information related to topology and flows that it installs on the bridges. In order to retrieve them via REST you can use curl in a separate terminal session on the VM or your browser and get the XML or JSON from this example URL:

http://<IP_OF_INSTANCE>:8181/restconf/operational/opendaylight-inventory:nodes/node/openflow:1/table/0/

This is the current operational data in the ODL inventory related to specific node and table. Take a look at the data contained in the output and try to identify the nodes and the flows.

curl -u admin:admin http://<IP_OF_INSTANCE>:8181/restconf/operational/opendaylight-inventory:nodes/node/openflow:1/table/0/ | python -m json.tool

Or without Python

http://<IP_OF_INSTANCE>:8181/restconf/operational/opendaylight-inventory:nodes/node/openflow:1/table/0/

With the following call, you can query the current operational data in the ODL inventory related to specific node connector. Take a look at the data contained in the output. Now get the ports description and the flows of a specific bridge with this method and via ovs-ofctl. Then try to relate the data: Find two specific flows in each output, which refer to the same installed flows.

curl -u admin:admin http://<IP_OF_INSTANCE>:8181/restconf/operational/opendaylight-inventory:nodes/node/openflow:1/node-connector/openflow:1:1 | python -m json.tool

In this exercise you had a hands-on with a widely used SDN controller and learnt how to manipulate with the run time environment, inspect the topology and test the Mininet connectivity.

Cleanup

At the end of the exercise session:

  • Delete all VMs and security groups that were created by your team.