Exercises pyretic firewall

Exercise: Pyretic Firewall

  • Aim: Pyretic based firewall
  • Topology [1]
  • Put the following files([2]) in folder: pyretic/pyretic/examples
 $ sudo mn --controller remote --topo=single,3 --mac --arp
  • (20P) Run the pyretic hub example
 $ cd pyretic
 $ pyretic.py –v high pyretic.examples.pyretic_hub
    • Verify that the hosts can ping each other
 $ h1 ping h2 
 $ h1 ping h3
    • then
 $ mininet> xterm h1 h2 h3
 h2$ tcpdump -xx -n -i h2-eth0
 h3$ tcpdump -xx -n -i h3-eth0
 h1$ ping -c1 10.0.0.2
    • Observe what happens when you do
 h1$ ping -c1 10.0.0.5
    • Look into the hub code: pyretic/pyretic/examples/pyretic_hub
  • (20P) Run the pyretic switch example
      • $ pyretic.py –v high pyretic.examples.pyretic_switch1
    • Verify that the hosts can ping each other
      • > xterm h1 h2 h3
      • h2$ tcpdump -xx -n -i h2-eth0
      • h3$ tcpdump -xx -n -i h3-eth0
      • h1$ ping -c1 10.0.0.2
    • Observe what happens when you do
      • h1$ ping -c1 10.0.0.5
    • Look into the switch code: pyretic/pyretic/examples/pyretic_switch1.py
  • (60P) Implement a layer 2 firewall that runs alongside the MAC learning module on the pyretic OpenFlow Controller.
    • Your firewall should be agnostic to the underlying topology
    • Write code to block h1 to h2 and h2 to h1 (Mac IDs: 00:00:00:00:00:01, 00:00:00:00:00:02)
    • Start with pyretic_firewall.py
    • See in pyretic_firewall.py for instructions on how to test the code as well as how to write the code
    • To Test run:
      • sudo mn --controller remote --topo=single,3 --mac --arp
      • pyretic.py –v high pyretic.examples.pyretic_firewall