This is a warm-up exercise to introduce you to the basics of Software Defined Networking and a few of its applications. We will be using OpenFlow, an open communication protocol developed by Stanford University in 2008, that gives access to the forwarding plane of the network switches and routers over the network. You will use a simulator called Mininet to simulate a network topology that uses Openflow switches.

In this exercise, we will assume that you have already set up the Mininet environment. Please follow the instructions here , if you haven’t already done so.

At the end, there will be a small quiz regarding various activities you will do in this exercise, so make sure that you perform each activity carefully.

Network Topology

The network you'll use in this exercise includes 3 hosts and a switch (and, eventually, an OpenFlow controller, but we'll get to that in the later exercises):

Command Line Notations

In this environment, you will be working with the following command line notations:

mininet> - mininet specific commands are typed here

$ - linux commands with user level privileges are typed here

# - command with sudo level access are typed here

Create the Virtual Network

To create the above network in the VM, in an SSH terminal, enter:

$ sudo mn --topo single,3 --mac --switch ovsk --controller remote

Command Breakdown:

‘sudo mn’: This starts mininet. Mininet always requires sudo to run.

‘--topo single,3’: This tells mininet to start using the topology of a ‘single’ switch and 3 hosts.

‘--mac’: This tells mininet to assign each host a sequential mac address, matching its IP address.

‘--switch ovsk’: This tells mininet that the switches are to be of the type ovsk, this is the type for Openflow,

‘--controller remote’: This tells mininet that each Openflow switch is to talk to a controller, which is located at a remote location.

Mininet Basic Commands

Since you’ll be working in Mininet for the whole tutorial, it’s worth learning a few Mininet-specific commands: To see the list of nodes available, in the Mininet console, run:

mininet> nodes

To see a list of available commands, in the Mininet console, run:

mininet> help

To run a single command on a node, prepend the command with the name of the node. For example, to check the IP of a virtual host, in the Mininet console, run:

mininet> h2 ifconfig

The alternative - better for running interactive commands and watching debug output - is to spawn an xterm for one or more virtual hosts. In the Mininet console, run:

mininet> xterm h2 h3

You can close these windows now, as we’ll run through most commands in the Mininet console.

If Mininet is not working correctly (or has crashed and needs to be restarted), first quit Mininet if necessary (using the exit command, or control-D), and then try clearing any residual state or processes using:

$ sudo mn -c

and running Mininet again.

Using dpctl

dpctl is a utility that comes with the OpenFlow reference distribution and enables visibility and control over a single switch’s flow table. It is especially useful for debugging, by viewing flow state and flow counters. Most OpenFlow switches can start up with a passive listening port (in your current setup this is 6634), from which you can poll the switch, without having to add debugging code to the controller.

Create a second SSH window if you don’t already have one, and run:

$ dpctl show tcp:127.0.0.1:6634

The ’show’ command connects to the switch and dumps out its port state and capabilities. Here’s a more useful command:

$ dpctl dump-flows tcp:127.0.0.1:6634

Since we haven’t started any controller yet, the flow-table should be empty.

Ping Test

Now, go back to the mininet console and try to ping h3 from h2. In the Mininet console:

mininet> h2 ping -c3 h3

Note that the name of host h3 is automatically replaced when running commands in the Mininet console with its IP address (10.0.0.3).

Do you get any replies? Why? Why not?

As you saw before, switch flow table is empty. Besides that, there is no controller connected to the switch and therefore the switch doesn’t know what to do with incoming traffic, leading to ping failure.

You’ll use dpctl to manually install the necessary flows. In your SSH terminal:

$ dpctl add-flow tcp:127.0.0.1:6634 in_port=2,actions=output:3

$ dpctl add-flow tcp:127.0.0.1:6634 in_port=3,actions=output:2

This will forward packets coming at port 2 to port 3 and vice-versa. Verify by checking the flow-table:

$ dpctl dump-flows tcp:127.0.0.1:6634

Run the ping command again. In your mininet console:

mininet> h2 ping -c3 h3

Do you get replies now? Check the flow-table again and look the statistics for each flow entry. Is this what you expected to see based on the ping traffic? NOTE: if you didn’t see any ping replies coming through, it might be the case that the flow-entries expired before you start your ping test. When you do a ”dpctl dump-flows” you can see an ”idle timeout” option for each entry. This means that the flow will expire after this many secs if there is no incoming traffic. Run again respecting this limit, or install a flow-entry with longer timeout.

$ dpctl add-flow tcp:127.0.0.1:6634 in_port=2,idle_timeout=120,actions=output:3

Benchmark Controller with iperf

iperf is a command-line tool for checking speeds between two computers. Here, you'll benchmark the reference controller. In your SSH terminal:

$ controller ptcp:

This will start a simple controller that acts as a learning switch without installing any flow-entries.

Now, in the mininet console run:

mininet> iperf

This Mininet command runs an iperf TCP server on one virtual host, then runs an iperf client on a second virtual host. Once connected, they blast packets between each other and report the results.

Now compare with the user-space switch. In the mininet console:

mininet> exit

Start the same Mininet with the user-space switch:

$ sudo mn --topo single,3 --controller remote --switch user

[Note: As pointed by many on the discussion forum the "--mac" flag causes user-space switch to fail when performing iperf or ping tests. A tourble-ticket has been generated on the mininet github to resolve this issue. In the meantime, I have omitted the "--mac" flag and it should work for now.]

Here we have used ‘user’ with --switch option instead of ‘ovsk’. This loads mininet with user-space switch. Run one more iperf test with the reference controller:

mininet> iperf

See a difference? With the user-space switch, packets must cross from user-space to kernel-space and back on every hop, rather than staying in the kernel as they go through the switch. The user-space switch is easier to modify, but slower for simulation.

Changing Link Parameters

Mininet 2.0 allows you to set link parameters. In the SSH terminal, run mininet with following settings:

$ sudo mn --topo single,3 --mac --controller remote --switch ovsk --link tc,bw=10,delay=10ms

Now, in the mininet console:

mininet> h1 ping -c10 h2

As the delay for each link is 10 ms, the round trip time (RTT) should be about 40 ms, since the ICMP request traverses two links (one to the switch, one to the destination) and the ICMP reply traverses two links coming back.

Exit Mininet:

mininet> exit

Terms

OpenFlow Interface: a standard open interface between the OpenFlow controller and the OpenFlow programmable devices (i.e., switches etc)

OpenFlow Controller: sits above the OpenFlow interface. The OpenFlow reference distribution includes a controller that acts as an Ethernet learning switch in combination with an OpenFlow switch. You'll run it and look at messages being sent.

OpenFlow Switch: sits below the OpenFlow interface. The OpenFlow reference distribution includes a user-space software switch. Open vSwitch is another software but kernel-based switch, while there is a number of hardware switches available from Broadcom (Stanford Indigo release), HP, NEC, and others.

dpctl: command-line utility that sends quick OpenFlow messages, useful for viewing switch port and flow stats, plus manually inserting flow entries.

Wireshark: general (non-OF-specific) graphical utility for viewing packets. The OpenFlow reference distribution includes a Wireshark dissector, which parses OpenFlow messages sent to the OpenFlow default port (6633) in a conveniently readable way.

iperf: general command-line utility for testing the speed of a single TCP connection.

Mininet: network emulation platform. Mininet creates a virtual OpenFlow network - controller, switches, hosts, and links - on a single real or virtual machine. More Mininet details can be found at the Mininet web page .

cbench: utility for testing the flow setup rate of OpenFlow controllers.