Repository files navigation

• Download and import the Internet2-SDX virtual machine (VM) image, below, in VirtualBox and you are all set :)

$ wget http://sites.noise.gatech.edu/~shahbaz/internet2-sdx.ova

The username and password for the VM are 'sdx'.

1. Follow the instructions,here, to setup the VirtualBox and enable SSH access on your VM.

2. Visit the following sites to learn about Pyretic, POX, and Mininet:

• Pyretic
• POX
• Mininet

The SDX platform runs as a module on top of the Pyretic runtime. It consists ofmain.py file, which reads thesdx_global.cfg andsdx_policies.cfg configuration files. Thesdx_global.cfg points to the topology file e.g.,topology/mininet.topo, that contains information about the overall topology of the IXP i.e., how many autonomous systems (ASes) are connected, which ports they are connected to, and who they are peering with at the IXP. Whereas, thesdx_policies.cfg lists the active policies for each participant which will be composed together, processed and applied to each incoming packet. Here's an example configuration:

• sdx_global.cfg

["topology/mininet.topo"]

• topology/mininet.topo

{"A": {"Ports": [{"Id":1,"MAC":"00:00:00:00:00:01"}],"Peers": ["B"]},"B": {"Ports": [{"Id":2,"MAC":"00:00:00:00:00:02"}],"Peers": ["A","C"]},"C": {"Ports": [{"Id":3,"MAC":"00:00:00:00:00:03"},                        {"Id":4,"MAC":"00:00:00:00:00:04"}],"Peers": ["B"]}}

• sdx_policies.cfg

{"A": ["pyretic.sdx.policies.inbound_traffic_engineering_ip_prefixes.participant_A"],"B": ["pyretic.sdx.policies.inbound_traffic_engineering_ip_prefixes.participant_B"],"C": ["pyretic.sdx.policies.inbound_traffic_engineering_ip_prefixes.participant_C"]}

The policies are provided under thepolicies folder. Participants can write any type of policy using the language constructs provided in Pyretic. Each participant writes policies in its own python script which reads the announced prefixes from the accompanyinglocal.cfg file at run time. Following is an example of thetraffic offloading policy:

• python policy

...defpolicy(participant,fwd):'''        Specify participant policy    '''participants=parse_config(cwd+"/pyretic/sdx/policies/traffic_offloading_ip_prefixes/local.cfg")return (        (parallel([match(dstip=participants["A"]["IPP"][i])foriinrange(len(participants["A"]["IPP"]))])>>modify(srcmac=participant.phys_ports[0].mac)>>fwd(participant.peers['A']))+        (parallel([match(dstip=participants["B"]["IPP"][i])foriinrange(len(participants["B"]["IPP"]))])>>fwd(participant.phys_ports[0]))+         (parallel([match(dstip=participants["C"]["IPP"][i])foriinrange(len(participants["C"]["IPP"]))])>>modify(srcmac=participant.phys_ports[0].mac)>>fwd(participant.peers['C']))    )...

• local.cfg

{"A": {"IPP": ["110.0.0.0/16"]},"B": {"IPP": ["120.0.0.0/16"]},"C": {"IPP": ["130.0.0.0/16"]}}

We use mininet, as a rapid prototyping and development platform, for building and testing the applications written atop SDX Platform. For each policy, listed in thepolicies/ folder, we provide an accompanying mininet script, underscripts/ folder, that creates and configures a network according to the topology written in thetopology/mininet.topo file. (At the moment, we have hardcoded the topology in the scripts. In later versions, we will provide an automated model for reading the topology information from thetopology/mininet.topo and configuring the network accordingly). Once the network is setup, the script then generates test packets to perform functional testing tailored for the given policies.

• Example script (scripts/sdx_mininet_simple.py):

defsimple(cli,controllerIP):"Create and test SDX Simple Module"print"Creating the topology with one IXP switch and three participating ASs\n\n"topo=SingleSwitchTopo(k=3)net=Mininet(topo,controller=lambdaname:RemoteController('c0',controllerIP ),autoSetMacs=True)net.start()hosts=net.hostsprint"Configuring participating ASs\n\n"forhostinhosts:ifhost.name=='h1':host.cmd('ifconfig lo:40 110.0.0.1 netmask 255.255.255.0 up')host.cmd('route add -net 120.0.0.0 netmask 255.255.255.0 gw 10.0.0.2 h1-eth0')host.cmd('route add -net 130.0.0.0 netmask 255.255.255.0 gw 10.0.0.2 h1-eth0')ifhost.name=='h2':host.cmd('route add -net 110.0.0.0 netmask 255.255.255.0 gw 10.0.0.1 h2-eth0')host.cmd('ifconfig lo:40 120.0.0.1 netmask 255.255.255.0 up')host.cmd('route add -net 130.0.0.0 netmask 255.255.255.0 gw 10.0.0.3 h2-eth0')ifhost.name=='h3':host.cmd('route add -net 110.0.0.0 netmask 255.255.255.0 gw 10.0.0.2 h3-eth0')host.cmd('route add -net 120.0.0.0 netmask 255.255.255.0 gw 10.0.0.2 h3-eth0')host.cmd('ifconfig lo:40 130.0.0.1 netmask 255.255.255.0 up')if (cli):# Running CLICLI(net)else:print"Running the Ping Tests\n\n"forhostinhosts:ifhost.name=='h1':host.cmdPrint('ping -c 5 -I 110.0.0.1 130.0.0.1')net.stop()print"\n\nExperiment Complete !\n\n"

We have provided three examples in the code repository: (1) A simple policy, (2), traffic-offloading policy, and (3) inbound-TE policy. Each has two flavors, one is using only the IP addresses and the other one using IP prefixes (this is a new feature provided in the latest release of Pyretic).

Each of these examples, assume three participants, A, B and C; all having a peering relationship with each other. A and B connect to only one port at the IXP, while C connects at two ports namely (C1, and C2). We implement asingle topology in mininet, where the three participants are connecting to a single switch.

Here, we will show the steps needed to run the SDX platform using two examples:

In simple policy, we only enable connectivity between A and B and block all communication with C. Note, that C still maintains a peering relationship with A and B but the data-plane policy enforced by the SDX platform will not allow any data traffic to passthrough from A and B to C. Here're the steps for running the simple policy:

1. Make sure thatsdx_global.cfg has the following content:

["topology/mininet.topo"]

2. Change thesdx_policies.cfg to have the following:

{"A": ["pyretic.sdx.policies.simple.participant_A"],"B": ["pyretic.sdx.policies.simple.participant_B"],"C": ["pyretic.sdx.policies.simple.participant_C"]}

3. Run SDX platform

$cd~/pyretic$ ./pyretic.py pyretic.sdx.main

4. In an other terminal, run thesdx_mininet_simple.py script:

$cd~/pyretic/pyretic/sdx/scripts$ sudo sdx_mininet_simple.py

Once running you should see that participant A can ping participant B. To perform the ping test with C, run mininet in cli mode:

$ sudo sdx_mininet_simple.py --cli

Then in the mininet prompt, run the following:

mininet> ping -c 5 -I 110.0.0.1 130.0.0.1

The ping test will fail this time as there is no rule installed on the switch for packets going from A to C.

In inbout-TE policy, we do traffic engineering on the traffic coming to C from A or B. We distribute the traffic based on the IP prefixes. In this example, all traffic coming for the IP prefix130.0.0.0/16 will be routed to port C1 and for140.0.0.0/16 will be routed to C2. Here're the steps for running this policy:

1. Make sure thatsdx_global.cfg has the following content:

["topology/mininet.topo"]

2. Change thesdx_policies.cfg to have the following:

{"A": ["pyretic.sdx.policies.inbound_traffic_engineering_ip_prefixes.participant_A"],"B": ["pyretic.sdx.policies.inbound_traffic_engineering_ip_prefixes.participant_B"],"C": ["pyretic.sdx.policies.inbound_traffic_engineering_ip_prefixes.participant_C"]}

3. Run SDX platform

$cd~/pyretic$ ./pyretic.py pyretic.sdx.main

4. In an other terminal, run thesdx_mininet_inbound_traffic_engineering.py script:

$cd~/pyretic/pyretic/sdx/scripts$ sudo sdx_mininet_inbound_traffic_engineering.py

Once running you should see that the pings originating from C1, with source IP130.0.0.1, for A are passing but the ones with source IP140.0.0.1 are not. Similarly, the opposite happens for C2. This is because the replies for the ping, with source IP140.0.0.1, from C1 are being sent to C2 based on the traffic-engineering rule applied by the SDX platform.

Please contact us atmuhammad.shahbaz@gatech.edu oragupta80@gatech.edu for any questions or concerns.

For more information, visit our project page atnoise-lab.net/projects/software-defined-networking/sdx.