Lab: Introduction to Software Defined Networking
Introduction and prerequisites
This exercise is to
Learn basic OpenvSwitch (OVS) commands using Mininet and OpenFlow (OF) specification.
Get familiar with the OpenDaylight (ODL) controller.
Inspect the flows between hosts in a network.
In this exercise you will set up a cloud networking environment and gain experience on OVS and OF1.3 commands for manipulation of flows. You will also become familiar with and apply the basic concepts of SDN and flows as defined by OpenFlow.
The following resources and tools are required for this exercise session:
- Any modern web browser,
- Any modern SSH client application,
- An AWS account.
You will perform this exercise on a virtual machine on AWS that you create a provided image. It has all the required software already installed. If you don't mind doing more work you can also use your own Linux VM and install the software manually (see section "Manual installation").
Create your exercise VM from provided image
Login to your AWS account. Switch the console to the Paris region. If you haven't done it already, create a key pair for this region.
Create a new security group named netlab:
- Allow SSH from anywhere
Launch a new instance:
- AMI: Select Community AMIs and search MSE T-ClComp Networking Lab (ami-0b78a05cdb278768d)
- Instance type: t2.small
- Security group: netlab
Login to the instance via SSH.
We recommend to have several terminal windows open in parallel. You
can login several times from your local machine, or use a terminal
byobu on the instance (already installed).
Start with a VM with
- 2 GB memory
- Ubuntu 16.04 LTS
Update the packages:
sudo apt update sudo apt upgrade
Install Mininet, the OpenFlow reference switch, and Open vSwitch:
git clone git://github.com/mininet/mininet cd mininet git checkout -b 2.2.2 2.2.2 # select version 2.2.2 cd .. mininet/util/install.sh -nfv # install Mininet, the OpenFlow reference switch, and Open vSwitch
Test Mininet installation:
sudo mn --test pingall
Install Java JDK 1.8:
sudo apt install openjdk-8-jre
curl -O https://nexus.opendaylight.org/content/repositories/public/org/opendaylight/integration/distribution-karaf/0.6.4-Carbon/distribution-karaf-0.6.4-Carbon.tar.gz tar xzf distribution-karaf-0.6.4-Carbon.tar.gz
The entire session will take 90 minutes.
OpenFlow (OF): An open standard that enables researchers to run experimental network protocols without requiring vendors to expose the internal workings of their network devices. OpenFlow is currently being implemented by major vendors, with OpenFlow-enabled switches now commercially available.
Open vSwitch (OVS): A virtual switch, which can be fully controlled via command line utilities and the Openflow (OF) protocol. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag).
Mininet: A network emulator, which uses OVS. It creates a realistic virtual network, running real kernel, switch and application code, on a single machine (VM, cloud or native).
Task 1 - Basic Usage of OVS
In this task you will learn how to manually create a bridge with ports by using OVS command line tools. You will also learn how to inspect the configuration.
The task is to create a virtual switch, generally called "bridge" in OVS. Bridges have ports, which define the topology of the bridge. OVS bridge ports have a port name and an OpenFlow identifier, which is used as reference by flows.
ovs-vsctl command lets you read and manipulate the OVS topology. Further,
ovs-ofctl command lets you read and manipulate flows on your OVS bridges.
For your convenience, here are the most common commands to manipulate topology
and flows. (You may refer to the man page for more).
ovs-vsctl: ovs-vswitchd management utility list-br add-br br0 add-port br0 eth0 list-ifaces br0 ovs-ofctl: OpenFlow switch management utility show SWITCH dump-flows SWITCH add-flow SWITCH FLOW
Note: Since you are creating system resources the respective linux commands require root privileges. This can be assumed by using
sudopreceding each command, or more conveniently by launching a root shell with
sudo su -(be careful, though).
Create a bridge (name:
s1) with 3 ports (names:
Verify the correct creation of the bridge and ports by displaying the configuration.
Find out how to see the mapping between port names and their respective OpenFlow identifiers. The respective command prints port statistics with detailed information about all interfaces.
Task 2 - SDN with OVS and Mininet
In order to experiment with a virtual bridge and SDN we need an environment that allows us to connect senders and receivers to virtual bridges. Mininet is a tool for such a purpose. Recent versions of Mininet support SDN and create and connect a built-in SDN Controller automatically.
To start Mininet with a clean environment, run on the command line as super user the command
which will reset the Mininet environment to zero and then
to start Mininet and enter its command-line shell (you will see the
Mininet creates per default a so-called "single topology", which is one single virtual learning switch, an SDN controller, and two hosts connected to the switch. This scenario is is equal to two VMs connected to a virtual switch on an OpenStack compute node, see image below.
Mininet comes with a number of built-in network topologies:
- Minimal: One switch and two hosts (default)
- Single: One switch and n hosts.
- Linear: Several (n) switches in series, each connected to a host.
- Tree: Switches in a multilevel tree topology, tree depth and number of hosts are parameters.
- and more.
--topo allows to select the topology and parameterize it
(e.g., number of switches).
Subtask 2.1 - Mininet Topology
Start a clean Mininet session with a single switch and two hosts (minimal topology).
View what Mininet has created. In the Mininet shell, find out how to view the topology, the port and network interface configuration and naming. Draw a schematic picture including the entire information.
- Use the built-in Mininet commands. Try
helpin the shell for further info.
- Use the built-in Mininet commands. Try
In another terminal window use the OVS commands to display the virtual switch configuration created by Mininet. Can you see the mapping of ports (1-3) to interfaces (s1-ethx)?
Use the OVS commands to display the current flow configuration of the virtual switch. Explain why there are no flows visible.
In the Mininet shell initiate a ping between the two hosts. While the ping is running, check the flows and relate them to the hosts.
Why do now some flows appear and what are the types of flows can you see?
Check the man page of
ovs-ofctland tell what are the possible actions to apply to the flows.
Subtask 2.2 - Flow Programming
In the previous task the application that runs within the controller was provided, it was the so-called “learning switch”. In this task you will learn how to do manually configure the SDN controller in order to enforce any specific behaviour.
OpenFlow Pipelining: When a packet enters the bridge it is fed into the OpenFlow pipeline. Flow tables get inspected for matching entries in accordance to the configured order (flow priority and table order). If a match is found, the actions specified in the rule are applied, otherwise, the next lower priority flow is inspected for possible matching, and so on (see lecture).
Program two flows on the existing Mininet topology. Add flows to the bridge such that the following requirements are met:
- All ICMP traffic that enters the bridge gets dropped. Then delete the flow.
- All the traffic entering the port with interface
Drop the existing Mininet topology and create a new one with the following specification: linear topology with 3 hosts. After that, apply the following rule:
All ICMP traffic that enters the port with interface
s2-eth2gets dropped. Start pinging between the three nodes and see which ICMP communication has been affected by this rule.
Restart Mininet without the default built-in controller. One way of doing this is to tell Minnet that it should use an external, so called “remote” controller. You achieve this by using the option
--controller=remotewhen starting Mininet. Try to ping between the nodes. Explain the difference.
Program flows on the bridge to establish a Layer-2 connection between the hosts. Hint: recall the non-OpenFlow pipeline of the switch.
After that, delete all flows.
With the completion of these exercises you learnt how to create different virtual topologies with Mininet, and to program flows on the bridge. You also were able to visualize the effect of the flows that you installed on the bridge. Finally you had a brief intro of the following exercise and the role of SDN. If you did the last two steps correctly, you would have noticed that the ping does not work with remote controller and you need to program a normal flow in order to establish the L2 connection (the ping) back.
Task 3 - OpenDaylight Controller
In this task you will set up an OpenDaylight controller and install some useful features in the run-time of the controller software. You will also use the ODL as external (remote) controller for a Mininet experiment. In this scenario the ODL (remote) controller is in charge of the topology, and not the default (internal) controller from Mininet as in the previous exercises.
Subtask 3.1 - ODL Runtime and Mininet
Navigate into the ODL environment. For that, issue the following commands before starting the controller itself:
Start the OpenDaylight controller (as superuser):
Install the following features:
feature:install odl-restconf odl-l2switch-switch odl-mdsal-apidocs odl-dlux-core odl-l2switch-switch-ui
This will take some time to complete. Make sure to wait long enough for the controller to start completely. You can monitor the controller logs (in a separate terminal session) with:
tail -f data/log/karaf.log
Some of the last log messages before it is ready look like the following:
INFO | config-pusher | [...] All configuration snapshots have been pushed successfully.
Restart Mininet with a remote controller, a "tree topology" with 4
hosts and 3 switches using the
Note: Use the Mininet option for connecting to a remote controller
--controller=remote,ip=127.0.0.1. This will connect to
the controller on the default port 6633. Do not attempt to use
localhost instead of
127.0.0.1, it will not work.
The expected output looks similar to the topology in Figure 1.
Figure 1: Two-level Tree topology in Mininet with 4 hosts and 3 switches.
- When launching Mininet make sure that it connects successfully to the remote controller (verify Mininet displays a corresponding message).
- Check out the initial flow setup by OpenDaylight on the bridge and explain it.
- Ping between some of the hosts, look at the installed flows again and explain them.
If the pings in Mininet fail, do the following:
Verify that the controller is listening on port 6633 by running
sudo lsof -i -n -P | grep '(LISTEN)'
You should see a java process listening on this port.
To reset ODL: Exit from the ODL shell. Delete the contents of the data directory
sudo rm -rf data/*
Start ODL and install the features again.
Subtask 3.2 - ODL topology representation
To see the topology setup in OpenDaylight point your browser to
- Make sure you have opened port 8181 for TCP connections in the security group.
- OpenDaylight greets you with a login dialog. Userid/password is admin/admin.
- Note: Don't try to simply type
http://<IP_OF_INSTANCE>:8181/, it will not work.
To see the API Rest documentation of the ODL controller point your browser to
For example find the "network-topology" APIs and check network topology details with the following API:
ODL maintains the entire information related to topology and flows
that it installs on the bridges. In order to retrieve them via REST
you can use
curl in a separate terminal session on the VM or your
browser and get the XML or JSON from this example URL:
This is the current operational data in the ODL inventory related to specific node and table. Take a look at the data contained in the output and try to identify the nodes and the flows.
curl -u admin:admin http://<IP_OF_INSTANCE>:8181/restconf/operational/opendaylight-inventory:nodes/node/openflow:1/table/0/ | python -m json.tool
Or without Python
With the following call, you can query the current operational data in
the ODL inventory related to specific node connector. Take a look at
the data contained in the output. Now get the ports description and
the flows of a specific bridge with this method and via
ovs-ofctl. Then try to relate the data: Find two specific flows in
each output, which refer to the same installed flows.
curl -u admin:admin http://<IP_OF_INSTANCE>:8181/restconf/operational/opendaylight-inventory:nodes/node/openflow:1/node-connector/openflow:1:1 | python -m json.tool
In this exercise you had a hands-on with a widely used SDN controller and learnt how to manipulate with the run time environment, inspect the topology and test the Mininet connectivity.
At the end of the exercise session:
- Delete all VMs and security groups that were created by your team.