Exercises pyretic firewall: Difference between revisions

From NET Wiki
Jump to navigation Jump to search
(Created page with "= Exercise: Pyretic Firewall = * Aim: Pyretic based firewall * Topology [https://dl.dropboxusercontent.com/u/1652374/SDN_course_WS2015-2016/Exercises/ex3/1.firewall-fig.pdf] * Pu...")
 
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
* Topology [https://dl.dropboxusercontent.com/u/1652374/SDN_course_WS2015-2016/Exercises/ex3/1.firewall-fig.pdf]
* Topology [https://dl.dropboxusercontent.com/u/1652374/SDN_course_WS2015-2016/Exercises/ex3/1.firewall-fig.pdf]
* Put the following files([https://dl.dropboxusercontent.com/u/1652374/SDN_course_WS2015-2016/Exercises/ex4/pyretic_firewall_students.zip]) in folder: pyretic/pyretic/examples  
* Put the following files([https://dl.dropboxusercontent.com/u/1652374/SDN_course_WS2015-2016/Exercises/ex4/pyretic_firewall_students.zip]) in folder: pyretic/pyretic/examples  
* $ sudo mn --controller remote --topo=single,3 --mac --arp
 


* (20P) Run the pyretic hub example  
== (20P) Run the pyretic hub example ==
*** $ pyretic.py –v high pyretic.examples.pyretic_hub
  $ sudo mn --controller remote --topo=single,3 --mac --arp
  $ cd pyretic
  $ pyretic.py –v high pyretic.examples.pyretic_hub
** Verify that the hosts can ping each other
** Verify that the hosts can ping each other
*** > xterm h1 h2 h3
  $ h1 ping h2
*** h2$ tcpdump -xx -n -i h2-eth0
  $ h1 ping h3
*** h3$ tcpdump -xx -n -i h3-eth0
** then
*** h1$ ping -c1 10.0.0.2
  $ mininet> xterm h1 h2 h3
  h2$ tcpdump -xx -n -i h2-eth0
  h3$ tcpdump -xx -n -i h3-eth0
  h1$ ping -c1 10.0.0.2
** Observe what happens when you do  
** Observe what happens when you do  
*** h1$ ping -c1 10.0.0.5
  h1$ ping -c1 10.0.0.5
** Look into the hub code: pyretic/pyretic/examples/pyretic_hub
** Look into the hub code: pyretic/pyretic/examples/pyretic_hub


* (20P) Run the pyretic switch example  
== (20P) Run the pyretic switch example ==
*** $ pyretic.py –v high pyretic.examples.pyretic_switch1
  $ pyretic.py –v high pyretic.examples.pyretic_switch1
** restart mininet
  $ sudo mn --controller remote --topo=single,3 --mac --arp
** Verify that the hosts can ping each other
** Verify that the hosts can ping each other
*** > xterm h1 h2 h3
  mininet> xterm h1 h2 h3
*** h2$ tcpdump -xx -n -i h2-eth0
  h2$ tcpdump -xx -n -i h2-eth0
*** h3$ tcpdump -xx -n -i h3-eth0
  h3$ tcpdump -xx -n -i h3-eth0
*** h1$ ping -c1 10.0.0.2
  h1$ ping -c1 10.0.0.2
** Observe what happens when you do  
** Observe what happens when you do  
*** h1$ ping -c1 10.0.0.5
  h1$ ping -c1 10.0.0.5
** Look into the switch code: pyretic/pyretic/examples/pyretic_switch1.py
** Look into the switch code: pyretic/pyretic/examples/pyretic_switch1.py


* (60P) Implement a layer 2 firewall that runs alongside the MAC learning module on the pyretic OpenFlow Controller.
== (60P) Implement a layer 2 firewall that runs alongside the MAC learning module on the pyretic OpenFlow Controller ==
** Your firewall should be agnostic to the underlying topology
** Your firewall should be agnostic to the underlying topology
** Write code to block h1 to h2 and h2 to h1 (Mac IDs: 00:00:00:00:00:01, 00:00:00:00:00:02)
** Write code to block h1 to h2 and h2 to h1 (Mac IDs: 00:00:00:00:00:01, 00:00:00:00:00:02)
Line 33: Line 40:
** See in pyretic_firewall.py for instructions on how to test the code as well as how to write the code
** See in pyretic_firewall.py for instructions on how to test the code as well as how to write the code
** To Test run:
** To Test run:
*** sudo mn --controller remote --topo=single,3 --mac --arp
  $ sudo mn --controller remote --topo=single,3 --mac --arp
*** pyretic.py –v high pyretic.examples.pyretic_firewall
  $ pyretic.py –v high pyretic.examples.pyretic_firewall

Latest revision as of 11:49, 24 February 2017

Exercise: Pyretic Firewall

  • Aim: Pyretic based firewall
  • Topology [1]
  • Put the following files([2]) in folder: pyretic/pyretic/examples


(20P) Run the pyretic hub example

 $ sudo mn --controller remote --topo=single,3 --mac --arp
 $ cd pyretic
 $ pyretic.py –v high pyretic.examples.pyretic_hub
    • Verify that the hosts can ping each other
 $ h1 ping h2 
 $ h1 ping h3
    • then
 $ mininet> xterm h1 h2 h3
 h2$ tcpdump -xx -n -i h2-eth0
 h3$ tcpdump -xx -n -i h3-eth0
 h1$ ping -c1 10.0.0.2
    • Observe what happens when you do
 h1$ ping -c1 10.0.0.5
    • Look into the hub code: pyretic/pyretic/examples/pyretic_hub

(20P) Run the pyretic switch example

 $ pyretic.py –v high pyretic.examples.pyretic_switch1
    • restart mininet
  $ sudo mn --controller remote --topo=single,3 --mac --arp
    • Verify that the hosts can ping each other
  mininet> xterm h1 h2 h3
  h2$ tcpdump -xx -n -i h2-eth0
  h3$ tcpdump -xx -n -i h3-eth0
  h1$ ping -c1 10.0.0.2
    • Observe what happens when you do
  h1$ ping -c1 10.0.0.5
    • Look into the switch code: pyretic/pyretic/examples/pyretic_switch1.py

(60P) Implement a layer 2 firewall that runs alongside the MAC learning module on the pyretic OpenFlow Controller

    • Your firewall should be agnostic to the underlying topology
    • Write code to block h1 to h2 and h2 to h1 (Mac IDs: 00:00:00:00:00:01, 00:00:00:00:00:02)
    • Start with pyretic_firewall.py
    • See in pyretic_firewall.py for instructions on how to test the code as well as how to write the code
    • To Test run:
  $ sudo mn --controller remote --topo=single,3 --mac --arp
  $ pyretic.py –v high pyretic.examples.pyretic_firewall
Retrieved from "https://wiki.net.informatik.uni-goettingen.de/index.php?title=Exercises_pyretic_firewall&oldid=4932"