Computer Networks-Assignment 3 Packet Filtering in Software Defined Networks Solved

GOAL: 

Software-Defined Networking (SDN) is a recently proposed networking paradigm in which the data and control planes are decoupled from one another. One can think of the control plane as being the networks "brain", i.e., it is responsible for making all decisions, for example, how to forward data, while the data plane is what actually moves the data. In traditional networks, both the control- and data planes are tightly integrated and implemented in the forwarding devices that comprise a network. The SDN control plane is implemented by the "controller" and the data plane by "switches". The controller acts as the "brain" of the network and sends commands ("rules") to the switches on how to handle traffic. OpenFlow has emerged as the de facto SDN standard and specifies how the controller, and the switches communicate as well as the rules controllers install on switches. In this assignment, the students will be exploring how to create and manage different network topologies with OpenFlow switches and SDN controllers. Especially, the students will learn on deploying ad-hoc flow rules on the OpenFlow switches via an SDN controller. This way, the switches can necessarily filter the required packets and implement a simple packet filter firewall.  

 

Disclaimer: This assignment can be done in groups of 2 students. You may choose the same partner with whom you did the assignment#2. 

Environment Setup: 

You can use the prior Ubuntu VM that you used in assignment-2. However, you need to install the Mininet emulator and POX controller as per the below instructions.  Installing Mininet 

~$ sudo apt install mininet

 

To check if it is installed properly – run the below command. This will create a simple test network and you can use “pingall” command to see if host1 can ping to host2 or not. ~$ sudo mn  

 

Installing POX controller (through source) 

~$ git clone http://github.com/noxrepo/pox

~$ cd pox

~/pox$ git checkout dart

 

To run pox controller, you need to run the pox.py or debug-pox.py file as below.

~/pox$ ./pox.py “your_controller_module”

Task-1: Programming to create a custom network topology
Mininet is also programmable using the python programming language. A set of sample topologies are provided in the “assign4starter.zip”. Download and unzip this file in the Ubuntu VM and you'll find two different directories: topo and pox. Ignore the pox directory for now (it's used in Task-2 and above). In the topo folder there are a variety of python files. Each defines a topology, run the part1 file with command “sudo python assign4starter/topos/part1.py”. It will drop you into the CLI with the network topology defined in the python script.

1)      Your task here is to modify part1.py to represent the following network topology

  

Where [x] means you create a host named x, {y} means a switch named y, and --- means there is a link between the node and the switch.

2)      After creating the above architecture, provide the two items in a part1 folder in a compressed file: a) Your modified part1.py file; (b) Screenshots of the iperf, dump, and pingall commands (from mininet) in pdf format.

 

Note: To run the part-1, you may need to install the openvswitch-testcontroller. sudo apt-get install openvswitch-testcontroller sudo ln /usr/bin/ovs-testcontroller /usr/bin/ovs-controller

Task-2: SDN Controller using POX  
 

In task 1, you experimented with Mininet using its internal controller. In this (and future) task, you will instead be using a custom controller to send commands to the switches. Here, we will be using the POX controller, which is written in Python. For this part, you will create a simple firewall using OpenFlow-enabled switches. The term "firewall" is derived from building construction: a firewall is a wall you place in buildings to stop a fire from spreading. In the case of networking, it is the act of providing security by not letting specified traffic pass through the firewall. This feature is good for minimizing attack vectors and limiting the network "surface" exposed to attackers.  

 

In this part, you are provided with the Mininet topology, part2.py, to setup your network which assumes a remote controller listening on the default IP address and port number 127.0.0.1:6633. You do not need to (and should not) modify this file. The topology that this script will setup is as follows. Note that h1 and h4 are on the same subnet and a different one from h2 and h3.

  

For part-2, you are also provided with a skeleton POX controller (under pox folder): “part2controller.py”. This file is required to be modified to create the firewall that implements the following rules.

  

Then, you need to deploy this new controller and run mininet under the new topology provided in

“part2.py”.

 

To run this part: 

1.      You need to place part2controller.py in ~/pox/ext/ directory. Then from the pox directory, run “./pox.py part2controller”

2.      Ensure, in the topology program the following import statement is added:  

“from mininet.node import RemoteController”

3.      Ensure that in the topology program’s main, mininet call uses the RemoteController:

net = Mininet (topo=t, controller=RemoteController)

 

 

Note: Basically, your Firewall should allow all ARP and ICMP traffic to pass. However, any other type of traffic should be dropped. It is acceptable to flood the allowable traffic out all ports. Be careful! Flow tables match the rule with highest priority first, where priority is established based on the order rules are placed in the table. When you create a rule in the POX controller, you need to also have POX "install" the rule in the switch. This makes it so the switch "remembers" what to do for a few seconds. Do not handle each packet individually inside of the controller! Hint: To do this, look up ofp_flow_mod. The OpenFlow tutorial (specifically " Sending OpenFlow messages with POX") and the POX Wiki are both useful resources for understanding how to use POX.