Exercises pyretic firewall: Difference between revisions

From NET Wiki
Jump to navigation Jump to search
Line 5: Line 5:
   $ sudo mn --controller remote --topo=single,3 --mac --arp
   $ sudo mn --controller remote --topo=single,3 --mac --arp


* (20P) Run the pyretic hub example  
== (20P) Run the pyretic hub example ==
   $ cd pyretic
   $ cd pyretic
   $ pyretic.py –v high pyretic.examples.pyretic_hub
   $ pyretic.py –v high pyretic.examples.pyretic_hub
Line 20: Line 20:
** Look into the hub code: pyretic/pyretic/examples/pyretic_hub
** Look into the hub code: pyretic/pyretic/examples/pyretic_hub


* (20P) Run the pyretic switch example  
== (20P) Run the pyretic switch example ==
*** $ pyretic.py –v high pyretic.examples.pyretic_switch1
  $ pyretic.py –v high pyretic.examples.pyretic_switch1
** restart mininet
  $ sudo mn --controller remote --topo=single,3 --mac --arp
** Verify that the hosts can ping each other
** Verify that the hosts can ping each other
*** > xterm h1 h2 h3
  mininet> xterm h1 h2 h3
*** h2$ tcpdump -xx -n -i h2-eth0
  h2$ tcpdump -xx -n -i h2-eth0
*** h3$ tcpdump -xx -n -i h3-eth0
  h3$ tcpdump -xx -n -i h3-eth0
*** h1$ ping -c1 10.0.0.2
  h1$ ping -c1 10.0.0.2
** Observe what happens when you do  
** Observe what happens when you do  
*** h1$ ping -c1 10.0.0.5
  h1$ ping -c1 10.0.0.5
** Look into the switch code: pyretic/pyretic/examples/pyretic_switch1.py
** Look into the switch code: pyretic/pyretic/examples/pyretic_switch1.py


* (60P) Implement a layer 2 firewall that runs alongside the MAC learning module on the pyretic OpenFlow Controller.
== (60P) Implement a layer 2 firewall that runs alongside the MAC learning module on the pyretic OpenFlow Controller ==
** Your firewall should be agnostic to the underlying topology
** Your firewall should be agnostic to the underlying topology
** Write code to block h1 to h2 and h2 to h1 (Mac IDs: 00:00:00:00:00:01, 00:00:00:00:00:02)
** Write code to block h1 to h2 and h2 to h1 (Mac IDs: 00:00:00:00:00:01, 00:00:00:00:00:02)

Revision as of 11:45, 24 February 2017

Exercise: Pyretic Firewall

  • Aim: Pyretic based firewall
  • Topology [1]
  • Put the following files([2]) in folder: pyretic/pyretic/examples
 $ sudo mn --controller remote --topo=single,3 --mac --arp

(20P) Run the pyretic hub example

 $ cd pyretic
 $ pyretic.py –v high pyretic.examples.pyretic_hub
    • Verify that the hosts can ping each other
 $ h1 ping h2 
 $ h1 ping h3
    • then
 $ mininet> xterm h1 h2 h3
 h2$ tcpdump -xx -n -i h2-eth0
 h3$ tcpdump -xx -n -i h3-eth0
 h1$ ping -c1 10.0.0.2
    • Observe what happens when you do
 h1$ ping -c1 10.0.0.5
    • Look into the hub code: pyretic/pyretic/examples/pyretic_hub

(20P) Run the pyretic switch example

 $ pyretic.py –v high pyretic.examples.pyretic_switch1
    • restart mininet
  $ sudo mn --controller remote --topo=single,3 --mac --arp
    • Verify that the hosts can ping each other
  mininet> xterm h1 h2 h3
  h2$ tcpdump -xx -n -i h2-eth0
  h3$ tcpdump -xx -n -i h3-eth0
  h1$ ping -c1 10.0.0.2
    • Observe what happens when you do
  h1$ ping -c1 10.0.0.5
    • Look into the switch code: pyretic/pyretic/examples/pyretic_switch1.py

(60P) Implement a layer 2 firewall that runs alongside the MAC learning module on the pyretic OpenFlow Controller

    • Your firewall should be agnostic to the underlying topology
    • Write code to block h1 to h2 and h2 to h1 (Mac IDs: 00:00:00:00:00:01, 00:00:00:00:00:02)
    • Start with pyretic_firewall.py
    • See in pyretic_firewall.py for instructions on how to test the code as well as how to write the code
    • To Test run:
      • sudo mn --controller remote --topo=single,3 --mac --arp
      • pyretic.py –v high pyretic.examples.pyretic_firewall
Retrieved from "https://wiki.net.informatik.uni-goettingen.de/index.php?title=Exercises_pyretic_firewall&oldid=4931"