Contents [hide]
Intro
Welcome to a new series of articles that will be structured as lessons with the target of bringing SDN closer to everyone’s understanding.Each article will present a topic plus one or more exercises that will show that topic in action. The lessons will wrap up with some questions asking the readers to exercise on their own and provide the answers. As you see, the approach is pretty similar to the networking quizzes, but with SDN ones, I also make an introduction to the topic since all this is relatively new.
When I started my personal SDN journey, it was difficult to find a place to start, so I began reading articles, viewing presentations or listening to different videos, all trying to demonstrate (mostly theoretically) the advantages, the applications or limitations of this new technology.
I am a person who learns best by “doing”, by individual testing, so I have decided to start these articles in order to help other network engineers with their beginnings in SDN.
In parallel, I will continue my series of network quizzes and solutions, hoping that time will allow me to do so…
Having started treating SDN topics clearly shows that I believe in this new approach in networking ! Of course, there are a lot of presentations about SDN and OpenFlow, all discussing their benefits and application in todays networks, but one of the arguments that convinced me was an analogy to the computer industry evolution from vertically integrated, closed, proprietary, relatively slow innovation, specialized-hardware, specialized-feature systems to horizontal, open interface, rapid innovation ones.
What is Software Defined Networking (SDN)?
SDN (Software Defined Networking) is a network architecture that breaks the vertical integration by separating the control logic (control plane) from the underlying routers and switches that will become simple forwarding elements (data plane).The key terms to remember about SDN (four pillars) are:[2]
- 1. the control and data planes are decoupled.
- 2. forwarding decisions are flow-based instead of destination-based
- 3. control logic is moved to an external entity, called SDN controller or NOS (Network Operatying System)
- 4. network is programmable through applications running on top of the controller (the fundamental characteristic of SDN)
The switches generated with Mininet will be just simple forwarding devices, without any “brain” of their own (no control plane). The new networking paradigm with SDN is: control plane is separated from the data plane so such switches will only do what they are instructed by an external controller. Whenever a switch (or a forwarding device, generally speaking) does not know how to deal with some packets, it will simply send them to the controller (or contact the controller referrencing some buffer-ids – more on this later on).
Mininet supports research, development, learning, prototyping, testing, debugging, and any other tasks that could benefit from having a complete experimental network on a laptop or other PC.[2]
This may require a little bit of programming knowledge (Python), but you can also get it along the way..
Installing and Running Mininet
The installation of Mininet is pretty straight forward – in summary:- 1. download the Mininet VM image,
- 2. open it with your favourite virtualization system (Virtual Box, VMware, VMFusion, Qemu or KVM)
- 3. then perform the walkthrough that will teach you how to use it (the entire walkthrough should take under an hour – no need to go though all of it now, just familiarize yourself with the basic commands).
sudo mn will create a topology consisting of one controller (c0), one switch (s1) and two hosts (h1 and h2).To help you start up, here are the most important options for running Mininet:
--topo=TOPOrepresents the topology of the virtual network, where TOPO could be:minimal– this is the default topology with 1 switch and 2 hostssingle,X– a single switch with X hosts attached to itlinear,X– creates X switches connected in a linear/daisy-chain fashion, each switch with one host attachedtree,X– a tree topology with X fanout
--switch=SWITCHcreates different type of switches, such as:ovsk– this is the default Open vSwitch that comes preinstalled in the VMuser– this is a switch running in software namespace (much slower)
--controller=CONTROLLERwhere CONTROLLER can be:ovsc– this creates the default OVS Controller that comes preinstalled in the VMnox– this creates the well-known NOX controllerremote– does not create a controller but instead listens for connections from external controllers
--macset easy-to-read MAC addresses for the devices
In order to “control” the switch (add and view the status of the flows on the switch) we will use an utility called DPCTL that allows direct control and visibility over switch’s flow table without the need to add debugging code to the controller. Most OpenFlow switches have a passive listening port running on TCP 6634 (by default) that can be used to poll flows and counters or to manually insert flow entries. Do not confuse the dpctl utility with a controller (it’s not the same thing)!
You can use this utility directly under the mininet prompt or in a separate console by connecting to the listening port as indicated below:
dpctl COMMAND tcp:127.0.0.1:6634 OPTIONS where COMMAND can be:- show
- dump-flows
- add-flow
STEP 1: Start Mininet with a single switch (the default, Open vSwitch = ovsk) and 3 hosts:
mininet@mininet-vm:~$ sudo mn --topo=single,3 --mac --switch=ovsk --controller=remote *** Creating network *** Adding controller Unable to contact the remote controller at 127.0.0.1:6633 *** Adding hosts: h1 h2 h3 *** Adding switches: s1 *** Adding links: (h1, s1) (h2, s1) (h3, s1) *** Configuring hosts h1 h2 h3 *** Starting controller *** Starting 1 switches s1 *** Starting CLI: mininet> mininet> nodes available nodes are: c0 h1 h2 h3 s1 mininet> mininet> mininet> net h1 h1-eth0:s1-eth1 h2 h2-eth0:s1-eth2 h3 h3-eth0:s1-eth3 s1 lo: s1-eth1:h1-eth0 s1-eth2:h2-eth0 s1-eth3:h3-eth0 c0 mininet> mininet> dump <Host h1: h1-eth0:10.0.0.1 pid=9730> <Host h2: h2-eth0:10.0.0.2 pid=9731> <Host h3: h3-eth0:10.0.0.3 pid=9732> <OVSSwitch s1: lo:127.0.0.1,s1-eth1:None,s1-eth2:None,s1-eth3:None pid=9735> <RemoteController c0: 127.0.0.1:6633 pid=9723> mininet>
STEP 2: Open terminals for each host and run tcpdump on each host
Attention: for Windows users, make sure you installed & run Xming, plus you enabled X-forwarding in your putty!
STEP 3: Test connectivity between h1 and h2: on host h1 perform a “ping -c3 10.0.0.2” (the IP address of host h2)
- ping will fail, because the switch does NOT know what to do with such traffic (and remember, we don’t run any controller)
- checking the list of flows on the switch will show an empty list (again, nobody told the switch how to deal with the flows/traffic)
Use the dpctl utility to manually install flows on the switch that will allow connectivity between host h1 and host h2.
Attention: we need two rules to achieve a bidirectional connectivity (echo request and echo replies):
>dpctl add-flow tcp:127.0.0.1:6634 in_port=1,actions=output:2= everything received on port 1 (in_port) send out on port 2dpctl add-flow tcp:127.0.0.1:6634 in_port=2,actions=output:1= everything received on port 2 (return traffic) send out on port 1
- ping is successful
- tcpdump on host h2 shows the traffic from/to h1 (ARP and ICMP)
- tcpdump on host h3 does not see anything (not even the ARP which should be broadcast)!
SDN Exercise #1
The first exercise in the SDN series will use the above setup, but with the additional requirement of treating ARP traffic as broadcast:- ARP requests (no matter input port) are flooded on all switch ports
- ICMP traffic between hosts h1 and h2 is unicasted on the relevant ports
Post your answer in the ‘Comments’ section below and subscribe to this blog to get more interesting SDN lessons and quizzes.
After completing this exercise, you should be able to see this:
– ICMP echo requests from host h1 to h2 are only seen by h2 (highlighted in yellow)
References:
(http://www.costiser.ro/)
