Download and run Mininet on a virtual machine or Linux-based device by following the instructions provided on https://mininet.org/download/, and verify its functionality using the guide at https://mininet.org/walkthrough/. Once it is set up and running, you can use the CLI to create topologies and connect remote controllers such as POX.
The custom topology file can be run using the following command:
sudo mn --custom custom --topo custom
For the Firewall to be immplemented using the Pox controller navigate to the directory where you have POX installed and run the POX controller specifying the path to the script as an argument. for example if it is saved as firewall-pox.py in the same directory, you can run the following code:
./pox.py firewall-pox forwarding.l2_learning
ONOS can be installed using the following github repository: https://github.com/jatj/sdn_onos/blob/master/INSTALL.md
Once set up you can connect it with your topologies on mininet and acccess the ONOS GUI at http://localhost:8181/onos/ui where localhost is the local IP of your VM or device if you're using Linux.
We will be setting up a layer 2 firewall by taking advantage of a pre-installed ONOS application called acl. An ACL or Access Control List is a list containing rules that are used to filter network traffic. We will be creating rules to deny traffic between certain hosts. First, start by activating the application from the ONOS CLI.
karaf@root > app activate org.onosproject.acl
Activated org.onosproject.acl
This application exposes a REST API that allows us to add and remove rules and is available on http://local:8181/onos/v1/acl . The current active acl rules can be seen on http://local:8181/onos/v1/acl/rules.
We can implement a firewall using the firewall.py script which blocks traffic between the MAC pairs present in the firewall-policies.csv, the delete_firewall.py script removes all ACL rules.
Once the firewall.py script is run, the added rules can be viewed as such:
The pingall will now block the connecctions mentioned in the CSV file.
A subsytem called an Intent Framework will be utilized for this. Make sure you have the openflow app activated on ONOS. Set up a torus topology:
sudo mn --topo torus,3,3 --mac --switch ovs,protocols=OpenFlow14 --controller remote,ip=172.17.0.2
Activate the vpls app:
karaf@root > app activate org.onosproject.vpls
Activated org.onosproject.vpls
Define interface of each host:
karaf@root > interface-add of:0000000000000101/1 h1
Interface added
karaf@root > interface-add of:0000000000000102/1 h2
Interface added
karaf@root > interface-add of:0000000000000203/1 h6
Interface added
Create a vpls and add each interface into it:
karaf@root > vpls create vpls1
karaf@root > vpls add-if vpls1 h1
karaf@root > vpls add-if vpls1 h2
karaf@root > vpls add-if vpls1 h6
You can check the created intents by the vpls app fron the Intents view in the GUI.
Break some links using the follwoing commands:
mininet> link s1x3 s2x3 down
mininet> link s2x2 s2x3 down
The intents will use different routes as per avaialability. The intents can be visualised by using the gui app and deactivating gui2 app.
