The data plane is represented by a router, as most of the routers are closed source we cannot use them out of the box. Hence we use OpenWRT which a open source linux based firmware for unmanageable routers. Prebuilt images of openwrt with openflow 1.0 for LinkSys WRT54GL,TP-LINK TL- WR1043ND (v1.7),TP-LINK TL- WR1043ND (v1.8) are available here.  For TP-link TL-WR841N, pre built images with OpenFlow 1.0 are V9, V10, V11. Otherwise you can flash stock Chaos Calmer 15.05 image and then install OpenFlow 1.0 or OpenFlow1.3 by simple command

  opkg install   <package name>

If your router is not listed you’ll have to build image from source as per instructions here

Its highly recommend to use TP-link TL-WR841N v9, instructions given in this article are intended for WR841 v9 specifically.

WARNING: Flashing an unofficial firmware voids your warranty,and could turn your router into useless ‘brick’. Perform the operation at your own risk.

1.Connect your router to computer & point your browser to 192.168.0.1 ; login with credentials (Username:admin,Password:admin)

2.In left pane navigate to system tools –> Firmware upgrade, Check if the Hardware version is correct. Browse to the downloaded image final_image.bin & upgrade.

3.Refresh the page after process is completed,the tplink interface will vanish. Reboot router.

4. Through commnandline/terminal run

telnet 192.168.1.1 

then set password for router access using

passwd

then exit the router using command ‘exit’. To get access of router after this you’ll have to use

ssh root@192.168.1.1

Now following two steps are specific to OpenFlow 1.0 to avoid slicing error.                                 1) Copy functions.sh from lib to etc [25].

 # cp /lib/functions.sh /etc

if [[ "$mode" == "inband" ]]
then
	echo "Configuring OpenFlow switch for inband control" 
[ -n "$dpid" ] && {
ofdatapath punix:/var/run/dp0.sock -i "$dpports" --no-slicing
--local-port=tap:tap0 "--pidfile=$pidfile" -d "$dpid" &
	}||{
ofdatapath punix:/var/run/dp0.sock -i "$dpports" --no-slicing 
--local-port=tap:tap0 "--pidfile=$pidfile" &
}
else
	echo "Configuring OpenFlow switch for out-of-band control" 
[ -n "$dpid" ] && {
ofdatapath punix:/var/run/dp0.sock -i "$dpports" --no-slicing
--no-local-port "--pidfile=$pidfile" -d "$dpid" &
	}||{
ofdatapath punix:/var/run/dp0.sock -i "$dpports" --no-slicing 
--no-local-port "--pidfile=$pidfile" &
}

To set configuration of router

1.Edit the openflow file

vi  /etc/config/openflow

enter ip address of raspberry pi instead of 192.168.0.2

config 'ofswitch'
        option 'dp' 'dp0'
        option 'dpid' '000000000009'
        option 'ofports' 'eth1 wlan0 wlan0-1 wlan0-2'
        option 'ofctl' 'tcp:192.168.0.2:6633'
        option 'mode'  'outofband'

2. Edit the network configuration file

vi  /etc/config/network

  
config  interface 'loopback'        
    option ifname 'lo'              
    option proto 'static' 
    option ipaddr '127.0.0.1' 
    option netmask '255.0.0.0'         
                                    
config interface 'lan'                                              
    option ifname 'eth0.1'         
    option proto 'static' 
    option type 'bridge'
    option ipaddr '192.168.0.1' 
    option netmask '255.255.255.0'  

config interface 'wifi'
    option proto 'static'
                                   
config interface 'lan2'             
     option ifname 'eth0.2'         
     option proto 'static'          

config interface 'lan3'             
     option ifname 'eth0.3'          
     option proto 'static'           
                                                                      
config interface 'lan4'             
    option ifname 'eth0.4'          
    option proto 'static'           
                                    
config interface 'wan'              
    option ifname 'eth1'            
    option proto 'dhcp'

config switch                                                        
    option name 'eth0'              
    option reset '1'                
    option enable_vlan '1'          
                                                                
                                    
config switch_vlan                                               
    option device 'eth0'                                          
    option vlan '1'                                             
    option ports '1 0t'             
                                                                  config switch_vlan                                         
    option device 'eth0'                                   
    option vlan '2'                                          
    option ports '2 0t'             
                                                                 config switch_vlan                                            
    option device 'eth0'                                      
    option vlan '3'                                     
    option ports '3 0t'             
                         
config switch_vlan                                          
    option device 'eth0'                                   
    option vlan '4'                                     
    option ports '4 0t'

3.Edit the wireless configuration

vi  /etc/config/wireless

config wifi-device  radio0
	option type     mac80211
	option channel  11
	option hwmode	11g
	option path	'platform/qca953x_wmac'
	option htmode	HT20
	option disabled 0

config wifi-iface wlan0
	option device   radio0
	option network  wifi
	option mode     ap
	option ssid     OpenWrtOne
	option encryption none


config wifi-iface wlan2
       option device   radio0
       option network  wifi
        option mode     ap
        option ssid     OpenWrtTwo
        option encryption none

config wifi-iface wlan3
        option device   radio0
        option network  wifi
        option mode     ap
        option ssid     OpenWrtThree
        option encryption none

config wifi-iface wlan5
        option device   radio0
        option network  lan
        option mode     ap
	option ssid OpenWrtXS
	option encryption psk2
        option key  openwrtxs 

As we have decided to use raspberry pi as controller, we will see how to install our python based controller POX in this tutorial. Before that it assumed that you have installed a raspbian operating system on Raspberry Pi. You can refer this tutorial to install raspbian.

Its highly recommended that you do not use headless configuration(without connecting keyboard,display etc.) for Raspberry Pi, still if you’re keen on using headless configuration for sake of portability, follow this guide and set up a static ip for Pi so that you know which ip to ssh to.

1)  Boot pi by connecting it to 5v power supply.
2)  Login using default credentials                                                                                               username:raspberry                                                                                                                                                 password:pi
3)  Run
git clone http://github.com/noxrepo/pox
cloning will take some time.

Note: Google Drive links may not work or might be expired. You can find the scripts here

Tutorial no 7

                                         Dynamic Host Control Protocol (DHCP)  configuration allows dynamic IP address allocation to hosts in network. Certain IP addresses range is defined called DHCP Pool. When host are connecting to network node they request IP address from DHCP server. And from DHCP Pool IP address is assigned to hosts. So, we don’t have to manually give static IP addresses to hosts.

                                      In the POX we have default script called dhcpd in the folder pox/pox/misc which gives ip to host from the range 192.168.0.0 to 192.168.0.254. This is default range of this script. You can modify according to your need. I have modified to 5.6.0.0 to 5.6.0.254 , which is new DHCP pool.

1) Mininet by default assigns IP address to hosts. So, I have made topology script with two hosts & with no IP assigned to it. Script is available here. Save the topology script in pox/ext location. You can use command line editor nano. Copy the code and save using key ‘CTRL+O’

2) I have saved script with name mininet-test.py, run script using command

sudo python ./mininet-test.py

3) You can check host has no IP by default by command

dump

4)Now run script dhcpd.py from pox/pox/misc on controller.

./pox.py –log.level – -DEBUG misc.dhcpd

5)Lets check our hosts got IP address from DHCP server or not.

Xterm h1 h2                                                                                                                                                             Ifconfig

Unfortunately not. This script is not perfect DHCP.

6) In general hosts request IP from DHCP server automatically. But here we have to request DHCP server from host mannualy. I know its quite disappointing.

sudo dhclient h1-eth0                                                                                                                                              sudo dhclient h2-eth0

Now you can see, our hosts are happy with newly assigned IP addresses. To check IP use command,

ifconfig -a

                         You can see hosts  have now IP addresses from the pool 5.6.0.0-5.6.0.254, note that default pool is 192.168.0.0-192.168.0.254 & this script edited with new pool. You can also pass the parameters to define new pool.

Note: Google Drive links may not work or might be expired. You can find the scripts here

Tutorial no 11

                               So, in all the tutorials we covered before, we have used default controller scripts & default topologies. In this tutorial we are going to design our custom topology and custom controller scripts.

                                 You will find this tutorial very interesting, because till now we have created topologies in Command Line Interface ofMininet. And here we have Graphical Interface. We will use cloud application called VND (Virtual Network Descriptor) to create topology and controller script. This VND tool is developed by Ramon Fontes, Federal Institute of Bahia, Brasil and available on

www.ramonfontes.com/vnd                                                                                                                   (Note:- You should have updated flash player in your system to work with VND)

1) Visit above link to getting started with VND.

2)To create topology, select hosts, OpenFlow switch and OpenFlow controller. Use Ethernet links to connect hosts.

3) After that lets focus on controller configuration. Now we will define simple flow rule for host1 and host2 traffic.

Select controller POX

Ingress port=1, Output=2      # packets coming from port 1 are forwarded to port 2                  Ingress port=2, Output=1      # packets coming from port 2 are forwarded to port 1

4) After all configurations, download the both topology and controller scripts.

5) Then as usual save the scripts in pox/ext folder and run it

You can verify results using ping

This video tutorial will clear how to use VND.

Note: Google Drive links may not work or might be expired. You can find the scripts here

Tutorial no 10

                   DataPathController(DPCTL) is command line tool which sends OpenFlow messages to switch. Using this tool we get switch port and flow statistic also flow entries. We can also add flow rules in OpenFlowswitch using DPCTL. It’s very great tool to communicate switch directly without OpenFlowController.

In this tutorial, we use DPCTL to get flow status from switch and also we will learn how to add flow rule in switch using DPCTL.

1) Lets create a simple topology with one switch and 6 hosts.

>sudo mn – -topo single,6  – -mac – -switch ovsk – -controller remote

2) Now we will add flow rule for host1 and host2

dpctl add-flow tcp:127.0.0.1:6634 in_port=1, actions:output=2 

dpctl add-flow tcp:127.0.0.1:6634 in_port=2, actions:output=1

So data can be forwarded between port 1 & port 2 (i.e. Between host1 and host2)(Note:- You can choose switch instead s1 according to your topology. 127.0.0.1 is localhost IP since switch is inside mininet , it will be changed practically by switch IP address)

3) you can verify the flows installed in switch or not.

>s1 dpctl dump-flows tcp:127.0.0.1:6634

4) To check results we can use ping utility.

>pingall

Here we have connectivity between hosts 1 & 2 only, since we have added rule for port1 and port2 (i.e. host1 and host2)

5) Similarly you can add various flow rules using DPCTL without need of controller. Here I have listed some DPCTL commands

i) Manually shut up, shut down, flood, nonflood packets

>s1 dpctl mod-port tcp:127.0.0.1:6634 2 down    # down port no. 2

>s1 dpctl mod-port tcp:127.0.0.1:66343 up       # up port no. 13

>s1 dpctl dump-ports tcp:127.0.0.1:6634# gives physical port information, RX-TX  counters, error counters                                                                                                       

Note: Google Drive links may not work or might be expired. You can find the scripts here

Tutorial no 8

L2_firewall

                        Firewall is security approach in networking. Design aspect of  firewall are according need of administrator. Here we are going to implement layer2 MAC based firewall which forwards only listed  MAC host’s packets and rejects other’s traffic. It is somewhat similar to NOX’s pyswitch in that it installs. POX does not contain firewall scripts. You can copy code or can download from here.

1) To save code of l2_firewall script, ssh into mininet and go to pox/ext. Open nano Copy and paste the code. Use key ‘CTRL+O’ to save code and ‘CTRL+X’ to exit nano editor. I have saved code with name l2_firewall.py

2) Now we will create topology with one controller one switch and 3 hosts.

We are going to forward packets of hosts with MAC 00:00:00:00:00:1, 00:00:00:00:00:2 and packets from other hosts (host3) are dropped.

Now let’s run firewall scripts which we have saved in pox/ext .

3) We can check results using pingall You can observe there is connectivity between host1 (00:00:00:00:00:1) and host2 (00:00:00:00:00:2) since we have allowed forwarding rule for the firewall script. Similarly we can change the MAC in the script and forward traffic or set layer2 firewall rule based on MAC address of devices.

4) You can also check ping result from indidual hosts using XTERM.

 Credits: Firewall script from Nick Feamster’s coursera SDN course

Note: Google Drive links may not work or might be expired. You can find the scripts here

Tutorial no 9

                            Portblocker is way to block TCP ports. For that we use a forwarding component which does fine-grained flows (e.g., l2_learning), and then intercept the PacketIn events. When you see a packet you want to block, kill the event.  This will keep l2_learning from seeing the event and installing a flow for it.

The source code for port_blocker is not in POX. You can copy following code or download from here. Save this code in pox/ext folder.

Here we will block port 80 i.e. HTTP port.

1) To save code of port_blocker script, ssh into mininet and open nano Copy and paste the code. Use key ‘CTRL+O’ to save code and ‘CTRL+X’ to exit nano editor. I have saved code with name port_blocker.py

2) Now we will create topology with one controller, one switch and 6 hosts.

3) We are going to block port 80. Lets first check port 80 is working. For that we will run simply l2_learning.py. We can use two hosts. On one host we run server and from second we request HTTP service by using curl utility(about curl installation refer IP_loadbancer tutorial)

Xterm h1 h2

Then on host1 run server by command

sudo python –m SimpleHTTPServer 80

On host2, request http service

curl 10.0.0.1

Here ip of host1 and host2 are 10.0.0.1,10.0.0.2 respectively.

Here you can see host2 getting HTTP reply from server (host1).

Now we will run our port_blocker.py script which is saved in pox/ext folder.

sudo python pox.py log.level –DEBUG forwarding.l2_learning port_blocker -–ports=80

 (Here you can change tcp port number)

So if host2 request service from host1(i.e. HTTP server), the packets are blocked. Observe the blocked packets on controller.

Note: Google Drive links may not work or might be expired. You can find the scripts here

Tutorial no 6

                                     This component (which started in the carp branch) is a simple TCP load balancer. It takes a service_ip and a list of server IP addresses. And the http requests from different clients will be directed to different pre-defined http servers. The server is chosen based on round robin scheduling. 

                                       New TCP flows to the service IP will be randomly redirected to one of the server IPs. Servers are periodically probed to see if they’re alive by sending them ARPs. By default, it will make the first switch that connects into a load balancer and ignore the other switches. If you have a topology with multiple switches, it probably makes more sense to specify which one should be the load balancer, and this can be done with the –-dpid command line option. In this case, you probably want the rest of the switches to do something worthwhile (like forward traffic), and you may have to create a component that does this for you. For example, you might create a simple component which does the same thing as forwarding.l2_learning on all the switches besides the load balancer.

1) Here to request service from HTTP servers we need utility curl. To install curl in mininet we need internet. We can connect mininet to internet using NAT interface eth1. Before that lets check eth1 has got an ip address or not using command.

ifconfig -a

Here you can see my eth1 interface has no IP address. We can get it from DHCP pool by using command

sudo dhclient eth1

Now you can verify it.

2)Now lets install curl                                                                                                                                               sudo apt-get install curl

3)We will create topology with 6 hosts with one controller and ofswitch.

4)To run ip_loadbalancer we need pass arguments.

./pox.py misc.ip_loadbalancer –ip=<Service IP> –servers=<Server1 IP>,<Server2 IP>,… [–dpid=<dpid>]

Let host 1 and host 2 are the http servers with IP addresses 10.0.0.1, 10.0.0.2 respectively. Also 10.0.1.1 is service IP address.

5)Now with help of xterm utility we get interface to hosts and servers. For that we use command                                                                                                                                                                     Xterm h1 h2 h3 h4 h5 h6

6) Now we run simple server on host1 and host2 on port 8080 [HTTP] using command python –m SimpleHTTPServer 80

Now we have started our servers.

7) Now other hosts can request service from 10.0.1.1

curl 10.0.1.1                                                                                                                                                            Observe the traffic pattern on servers (host1, host2) and on controller.

                     
Tutorial No.1

                       Here you will get hands-on experience on real SDN network. Here we will build simple Local Area Network (LAN) with SDN. Now recall our SDN architecture. To create LAN with sdn what we require-

1)Hosts

2)Data forwarding plane

3)Data controlling plane

4)Programing Interface

1) Hosts :- Hosts are nothing but workstations/terminals among which we are going to create network (or LAN). We can use computer or mobile phone as host.

2) Data forwarding plane:- There are OpenFlow enabled switches available in the market but their set up cost is reasonable only for enterprise or campus level network at large scale. But we are creating LAN for experimental purpose or on very small scale to handle 6-7 hosts So we will use unmanageable router as our data forwarding plane. We are using TPLink 841 N (V9.0) router for this purpose. Its cost is near about $20-25. But TPLink has own firmware image installed in their devices. To make it OpenFlow enabled we have to change its firmware image(Unbricking). We will learn how to unbrick TPLink 841 N router in next tutorial.

3) Data controlling plane:- Job of the control plane is to match packet header field and instruct (install flow or rule in) forwarding plane about taking corresponding required action on packet. Hence our controller should capable to handle high packet data with good clock frequency, RAM, peripheral support, Ethernet support. For controller we have options like Raspberry Pi ,Intel’s Beaglebone, RouterBoard etc. We are going to use Raspberry Pi B+ as control plane in our LAN. And its cost is $35-45.

Raspberry Pi B+ Features:-

1)700 MHz clock

2)512 MB RAM

3)32 GB Expandable Memory

4)4 USB Ports, 1 Ethernet Port

5)SD card Slot

6)HDMI, Composite Video output

7)ARM7 processor

4) Programing Interface

As SDN promises directly programmable network, we should have to programing interface to our data & control plane. Control plane is itself Linux based platform so we can easily install our controller on it. We will use python based POX controller right now. In future we will also try for java, c, ruby, erlang etc. based controllers. And on data plane we will use open source embedded firmware OpenWRT. You will get more cleared in upcoming tutorials.

Therefore to design our SDN enabled Local Area Network we require,

1) Hosts:- Laptop, mobile phones or Tablets

2) Data forwarding plane:- TPLink 841N V9.0 with OpenWRT (OpenFlow1.0)

3) Data control plane:- Raspberry Pi B+ with POX

Estimate Cost of Setup is $55-70 (This cost may vary according to exchange rate of your country)

Note:-For testing and experiments purpose, you can use the openwrt devices listed here, whereas for testing/implementing in real network scenery on large scale, refer ONF vendor list having plenty of sdn SDN Controller, switches etc.

Note: Google Drive links may not work or might be expired. You can find the scripts here

Tutorial no 3

Testing layer 3 script l3_learning.py

                            Router is network intelligent device works on IP addresses unlike switch working on MAV address. Hence it is termed as intelligent than switch or hub. This component is not quite a router, but it’s also definitely not an L2 switch. It’s an L3-learning-switchy-thing. Perhaps the most useful aspect of it is that it serves as a pretty good example of using POX’s packet library to examine and construct ARP requests and replies.

                              l3_learning does not really care about conventional IP stuff like subnets – it just learns where IP addresses are. Unfortunately, hosts usually do care about that stuff. Specifically, if a host has a gateway set for some subnet, it really wants to communicate with that subnet through that gateway. To handle this, you can specify “fake gateways” in the commandline to l3_learning, which will make hosts happy. For example, if you have some machines which think they’re on 10.x.x.x and others that think they’re on 192.168.0.x and they think there are gateways at the “.1” addresses:

      We need hosts from different network. You can download script from here for topology of two hosts having IP 192.168.50.10, 192.168.10.10 i.e. from different network.

1) You can use nano editor to save the topology script in pox>ext location. Copy and paste the code in nano editor save using key ‘CTRL+O’ and exit editor by ‘CTRL+X’.

2) To run script

> sudo python ./mininet_script.py

3) Now run l3_learning script with fake gateways i.e. fakeways

4) Verify results using ping

h1 ping h2

h2 ping h1