$24
CS Programming Assignment Semester 1 Solution
Overview
In this assignment, you will learn to use the Mininet network emulation environment to setup a virtual network, and program the OpenFlow controller POX to implement several network applications. Through this project, you will learn (1) to setup a virtual network by creating virtual hosts, switches and links and connecting them together, (2) to set parameters such as link capacity, and (3) to implement applications such as firewall and premium service class for this network.
Figure 1. The logical overview of the system environment.
The virtual network created by the Mininet emulator resides in a virtual machine (VM) in the host machine. A pre-configured VM image with Mininet installed can be downloaded from Mininet’s official site. This Mininet VM image itself also comes with the POX controller (under ~/pox).
However, we recommend that you install the POX controller on another virtual machine (Ubuntu 14.04 is recommended), or on your own host machine, to help yourself get a clear view of how the controller runs and communicates with the virtual network in the Mininet VM. Figure 1 provides a logical view of the environment you will work on.
1
CS4226 Internet Architecture
Task 1: Building a Virtual Network (15%)
In this section, your task is to build a virtual network in the Mininet network emulation environment. The network topology is given in an input file. Below is an example of a network topology, consisting of 7 hosts, 4 switches and 11 links that connect them together, as shown in Figure 2. In this network, the 7 hosts (with IP addresses from 10.0.0.1 to 10.0.0.7) are connected with 4 switches (with dpid from 1 to 4) by 7 links. The 4 switches are then connected together by 4 links. The capacity of each link is also shown in the figure.
Figure 2. An example of network topology with 7 hosts, 4 switches and 11 links.
You need to build a network with the topology and specifications described in the input file topology.in. The first line of the file has 3 integers and , indicating that there
are hosts (ℎ1, ℎ2, … , ℎ ), switches ( 1, 2, … , ) and links in the network. The following are lines of tuples in the form of < 1, 2, > that describe the links,
meaning that 1 and 2 are connected via a bi-directional link of capacity
Mb/s at both directions. A partial input file for the network in Figure 2 looks like follows:
7411
h1,s1,10
h2,s1,10
h3,s2,10
h4,s2,10
…
The sample input file topology.in for the network in Figure 2 will be provided for your reference. You will also get a template of script written in Python, based on which you can add your own code to create the hosts, switches and links in Mininet.
2
CS4226 Internet Architecture
Task 2: Learning Switch (25%)
Building a virtual network is not enough for the network to operate. In order for the hosts to communicate with each other, the switches need to know how to correctly route a packet to its destination. In this part, your task is to implement the application of self-learning switches using the POX controller, which enables the switches to learn how to route packets without any prior knowledge of the network.
The key idea is to record the MAC address and the corresponding port number when receiving a packet that does not match any entry in the forwarding table. Thus, the switches can gradually learn the port number for reaching each host in the network. In the following part, we provide a simple example for illustration.
Figure 3. Example of a self-learning switch: Initial state
Initially, the switch has no knowledge of the three computers A, B and C that connect to it as is shown in Figure 3. When Computer A sends a frame to Computer B, the switch does not know how to route the frame. It then floods this frame to all the ports, hoping that Computer B could receive it and reply.
Although now the switch still knows nothing about Computer B, it has learnt that Computer A can be reached by port 1. It then adds this entry into its forwarding table as is shown in Figure 4, so that a frame destined for Computer A will be routed to port 1 in the future. Similarly, when the reply from Computer B comes back, the switch can subsequently learn that port 2 corresponds to Computer B.
3
CS4226 Internet Architecture
Figure 4. Example of a self-learning switch: Learning MAC address of A.
Task 3: Fault-Tolerance Functionality (15%)
In addition to a basic Learning Switch (Task 2), you also need to implement a fault-tolerance functionality for it. In reality, links could be down due to hardware or software failures. In the Mininet environment, we will emulate such dynamic scenarios during runtime by bringing down/up links (see http://mininet.org/walkthrough/#link-updown for more information). Your learning switch should be able to tolerant this kind of situations.
The basic idea is to attach a time-to-live or TTL value to entries in the routing tables. Any outdated entry, i.e., an entry for which the duration between the current time and the creation time exceeds the TTL value, will be removed from the routing tables. After that, the switch can broadcast to construct a new routing table entry even if the network topology has changed.
Task 4: Firewall (15%)
In this section, you will implement a layer-3 firewall application using the POX controller. The application needs to block 2 types of traffic flows: 1) the TCP traffic sent to a certain host on a certain port, and 2) the TCP traffic originated from a certain host to another host on a certain port. You will be provided with an input file including a number of lines in the form of
10.0.0.4,4001
10.0.0.2,10.0.0.5,1000
the TCP traffic sent to host ℎ4 (10.0.0.4) on port 4001 and the TCP traffic from host ℎ2 (10.0.0.2) to host ℎ5 (10.0.0.5) on port 1000 should be blocked.
The basic idea is that when a connection between the switch and the controller is up, the application installs flow entries that drop all the TCP packets satisfying at least one of two types of rules described in the input file.
4
CS4226 Internet Architecture
Task 5: Premium Traffic (30%)
In this part, your task is to implement a premium class of traffic for certain hosts to receive higher bandwidth. Sometimes, hosts may desire higher received bandwidth in order to guarantee the quality of its tasks. Such hosts can pay extra for the premium class of traffic which guarantees at least Mb/s of bandwidth, while the others stay in the normal class, for which the received bandwidth is limited to at most Mb/s. In our topology, assume a link between a host and a switch has the capacity of Mb/s, then is set to be 0.8 × , while is 0.5 × . For simplicity, we also assume that links between switches will never become the bottleneck.
For Task 3 and 4, you will be provided with a file policy.in that describes the policies for the firewall and premium traffic. The file starts with a line of two integers and , indicating that there are different firewall rules and hosts that have paid for the premium class of traffic. Each firewall policy is expressed in either: 1) < dst_ , > or,
2) < _ , _ , >, followed by lines listing the hosts. An example of the file is shown as follows:
2 3
10.0.0.4,4001
10.0.0.2,10.0.0.5,1000
10.0.0.1
10.0.0.3
10.0.0.7
The above example shows that given the topology shown in Figure 2, the first line indicates there are 2 firewall rules and 3 hosts have paid for the premium class of traffic. ℎ1 (10.0.0.1), ℎ3 (10.0.0.3) and ℎ7 (10.0.0.7) are guaranteed to receive at least 8 Mb/s bandwidth, while the received bandwidth of other hosts is upper-bounded by 5 Mb/s.
The key idea of this application is to set up queues with different bandwidths at the interfaces of the switches using the ovs-vsctl tool that configures the Open vSwitch. Basically, ovs-vsctl helps to set up QoS queues in the Mininet virtual networks. When a packet arrives, the controller checks whether it belongs to premium or normal traffic, and then sends the packet to the corresponding queues.
Handling Conflicts
The POX controller supports multiple concurrent applications. However, it is possible that one application will be in conflict with another application. In this assignment, the premium traffic application should not allow communication which is blocked by the firewall application. You are to make sure that no conflicting rules are installed by two different applications.
OpenFlow message structure ofp_flow_mod has an attribute called priority.
Conflicts can be handled by setting different priority values to different rules.
5
CS4226 Internet Architecture
Problem in POX’s Default Configuration
When you need to flood packets in POX, remember ofp.OFPP_ALL (which is by default ofp.OFPP_FLOOD packet is not actually flooded.
to modify the attribute port to ) to avoid the situation that the
Understanding Provided Files
mininetTopo.py The script template for creating the required network topology.
controller.py A skeleton for the controller.
topology.in A sample input file for building the virtual network. During the
demo, your program should be able to read another given input file.
policy.in A sample input file for firewall policies and premium traffic.
Similarly, another input file will be given for the demo.
Submission Guideline
You need to submit two Python program files, named mininetTopo.py and controller.py. The first program should take the topology file topology.in as input, and create the required virtual network. The second program should take the policy file policy.in as input, and implement the firewall and premium traffic applications. In addition, please submit a short summary report that describes the design of your implementation.
Please submit your assignment BEFORE 23:59:59, 20 November (Sun) THROUGH LumiNUS. Submissions after the deadline will be penalized in grades. Add your name and student number as a comment in the codes you submit, and also at the beginning of your summary report. Create a zip file consisting of the codes and summary report, and name it with your student number, for example, “A0123456X.zip” if your student number is A0123456X. Submissions in any other formats will be penalized.
You are strongly encouraged to test your codes thoroughly before submission. Your assignment (*.zip) should be submitted into the “Submission” folder in the LumiNUS workbin (the “Programming Assignment/” folder). If you have further questions in submission, please send an email to your TA: maoyancan@u.nus.edu.
Demo
You need to demonstrate your implementation to the TA. In general, the TA will use a set of topology and policy files different from the given examples to test your programs. To test Task 1, we will run pingall command and expect to see that all hosts can ping each other. To test Task 2 and Task 3, Mininet’s link down command, pingall and iperf will be used to measure the accessibility and throughput between different hosts. For Task 4, we will use iperf to test whether the traffic satisfying one of firewall rules is blocked. To test Task 5, iperf will be used to measure the achieved throughput for different hosts from different service classes.
The demo will be scheduled after your final exam. The demo will be conducted through the online zoom session, where you need to share the screen and show the
6
CS4226 Internet Architecture
execution results to your TA. Each student will have to select a 1-hour time slot on LumiNUS, which is shared among 6 students. The detailed dates for demo and time slots selection will be later announced on LumiNUS.
7
