Exercises pyretic debugging: Difference between revisions

From NET Wiki
Jump to navigation Jump to search
(Created page with "= Exercise: Pyretic Debugging = '''HINT:''' You might have to use the "$ dpctl dump-flows tcp:127.0.0.1:6634" or "mininet> dpctl dump-flows" command frequently. ** In this deb...")
 
 
(5 intermediate revisions by the same user not shown)
Line 2: Line 2:
'''HINT:''' You might have to use the "$ dpctl dump-flows tcp:127.0.0.1:6634" or "mininet> dpctl dump-flows" command frequently.   
'''HINT:''' You might have to use the "$ dpctl dump-flows tcp:127.0.0.1:6634" or "mininet> dpctl dump-flows" command frequently.   
** In this debugging exercise, we take solutions available in the Internet for the gardenwall problem and try to fix bugs in it.
** In this debugging exercise, we take solutions available in the Internet for the gardenwall problem and try to fix bugs in it.
** We have done kinetic firewall in exercise VII and imitated the same firewall using pox in exercise VIII. Now, we will imitate the same firewall using pyretic.
** The basic solution is taken from the Internet [https://projects.gwdg.de/projects/mayutan-public/repository/raw/courses/SDN/2017_2018_WS/exercises/pyretic_gardenwall_internetsolution1.py], test if it is able to block h1 when "infected". Note that we will only use the "infected == True" for this exercise.
** The basic solution is taken from the Internet [https://dl.dropboxusercontent.com/u/1652374/SDN_Course/Exercises/pyretic_gardenwall_internetsolution1.py], test if it is able to block h1 when "infected". Note that we will only use the "infected == True" for this exercise.
*** Copy the above code into /home/mininet/pyretic/pyretic/examples as pyretic_gardenwall_internetsolution.py
*** Copy the above code into /home/mininet/pyretic/pyretic/examples as gardenwall_internetsolution.py
*** start controller (in /home/mininet/pyretic folder):  
*** start controller (in /home/mininet/pyretic folder): pyretic.py pyretic.examples.gardenwall_internetsolution
    $pyretic.py pyretic.examples.pyretic_gardenwall_internetsolution
*** start mininet: sudo mn --controller=remote --topo=single,3 --mac --arp
*** start mininet:  
    $ sudo mn --controller=remote --topo=single,3 --mac --arp
*** check h1 ping h2
*** check h1 ping h2
*** Now infect h1 (in /home/mininet/pyretic/pyretic/kinetic folder): python json_sender.py -n infected -l True --flow="{srcmac=00:00:00:00:00:01}" -a 127.0.0.1 -p 50001
*** Now infect h1 (in /home/mininet/pyretic/pyretic/kinetic folder):  
    $ python json_sender.py -n infected -l True --flow="{srcmac=00:00:00:00:00:01}" -a 127.0.0.1 -p 50001
**** NOTE: it is a "small L(-l) and not numeric 1"
**** Note what happens on the pyretic window
 
*** check h1 ping h2. We should be able to observe that this traffic is blocked.
*** check h1 ping h2. We should be able to observe that this traffic is blocked.
*** Now, we move on to the debugging part
 
**** check h2 ping h3, what happens?  
== Now, we move on to the debugging part ==
**** Now, modify the given code to allow h2 traffic to pass through to h3, when h1 is "infected".  
* check h2 ping h3, what happens?  
** Now, check if the "exempt" case is working fine too
* Now, modify the given code to allow h2 traffic to pass through to h3, when h1 is "infected".  
** if time permits, check and improve code to allow h1 to ping h2
* Now, check if the "exempt" case is working fine too (i.e if h1 is "infected" and "exempt", send it to h3 instead of blocking it)
** If time permits, try fixing [https://dl.dropboxusercontent.com/u/1652374/SDN_Course/Exercises/pyretic_gardenwall_internetsolution.py this] code for the "infected" case.
  $ python json_sender.py -n exempt -l True --flow="{srcmac=00:00:00:00:00:01}" -a 127.0.0.1 -p 50001
** (Extra: Not Needed): Try fixing [https://projects.gwdg.de/projects/mayutan-public/repository/raw/courses/SDN/2017_2018_WS/exercises/pyretic_gardenwall_internetsolution.py this] code for the "infected" case.

Latest revision as of 13:15, 12 October 2017

Exercise: Pyretic Debugging

HINT: You might have to use the "$ dpctl dump-flows tcp:127.0.0.1:6634" or "mininet> dpctl dump-flows" command frequently.

    • In this debugging exercise, we take solutions available in the Internet for the gardenwall problem and try to fix bugs in it.
    • The basic solution is taken from the Internet [1], test if it is able to block h1 when "infected". Note that we will only use the "infected == True" for this exercise.
      • Copy the above code into /home/mininet/pyretic/pyretic/examples as pyretic_gardenwall_internetsolution.py
      • start controller (in /home/mininet/pyretic folder):
    $pyretic.py pyretic.examples.pyretic_gardenwall_internetsolution
      • start mininet:
    $ sudo mn --controller=remote --topo=single,3 --mac --arp
      • check h1 ping h2
      • Now infect h1 (in /home/mininet/pyretic/pyretic/kinetic folder):
    $ python json_sender.py -n infected -l True --flow="{srcmac=00:00:00:00:00:01}" -a 127.0.0.1 -p 50001
        • NOTE: it is a "small L(-l) and not numeric 1"
        • Note what happens on the pyretic window
      • check h1 ping h2. We should be able to observe that this traffic is blocked.

Now, we move on to the debugging part

  • check h2 ping h3, what happens?
  • Now, modify the given code to allow h2 traffic to pass through to h3, when h1 is "infected".
  • Now, check if the "exempt" case is working fine too (i.e if h1 is "infected" and "exempt", send it to h3 instead of blocking it)
  $ python json_sender.py -n exempt -l True --flow="{srcmac=00:00:00:00:00:01}" -a 127.0.0.1 -p 50001
    • (Extra: Not Needed): Try fixing this code for the "infected" case.