Thanks Murphy and Zarifis for your help,
Now, I'm able to run the l2_porting_slicer on Mininet successfully !, when
I ported this same setup onto GENI (http://www.geni.net/) platform the
blocking of flows based on IP addresses and TCP/UDP port numbers was
successful.Somehow the grouping of switch ports and blocking flows based on
switch ports is causing issues and the hosts that are connected are unable
to ping.
In order to make it work I commented it out following code, in
l2_port_slicer:
Code-Commented-1
#group = self.port_groups.get(event.port)
#if group is None:
# log.debug("Dropping packets from non-grouped port %s.%i",
# dpid_to_str(event.dpid), event.port)
# drop(5)
# return
and
Code-Commented-2
# Send to all other ports in this group
#for p in group:
msg.actions.append(of.ofp_action_output(port = of.OFPP_FLOOD)) # *(and
made this change for flooding)*
Also made changes to config file accordingly. After I made above changes,
hosts where reachable and could test blocking flows based on TCP/UDP ports
and IP addresses.
I collected following logs when for different scenarios as described below:
(It also includes few additional log messages for explanatory and debugging
purpose)
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Case: Only Code-Commented-1
input: ssh and ping.
------------------------------------------------------------------------------------------------------------------------------------------------------------
POX 0.0.0 / Copyright 2011-2012 James McCauley, et al.
########## switch ports ###########
1
2
###################################
DPID::::
00-02-b3-35-f7-ab
************ DATA SET *****************
***************************************
group::: (1, 2)
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:65:cb:d5>00:02:b3:35:f7:ab:IP]
IPP
[IP+ICMP 10.10.2.2>10.10.1.1 (cs:2393 v:4 hl:5 l:84 t:64)]
group::: None
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:35:f7:ab>00:03:47:73:90:06:IP]
IPP
[IP+ICMP 10.10.2.2>10.10.1.1 (cs:2493 v:4 hl:5 l:84 t:63)]
group::: None
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:35:f7:ab>00:02:b3:65:cb:d5:IP]
IPP
[IP+ICMP 10.10.1.2>10.10.2.2 (cs:aeee v:4 hl:5 l:112 t:64)]
group::: (1, 2)
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:03:47:73:90:06>00:02:b3:35:f7:ab:IP]
IPP
[IP+ICMP 10.10.1.1>10.10.2.2 (cs:dbbf v:4 hl:5 l:84 t:64)]
group::: None
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:35:f7:ab>00:02:b3:65:cb:d5:IP]
IPP
[IP+ICMP 10.10.1.1>10.10.2.2 (cs:dcbf v:4 hl:5 l:84 t:63)]
group::: None
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:35:f7:ab>00:03:47:73:90:06:IP]
IPP
[IP+ICMP 10.10.1.2>10.10.1.1 (cs:2c6d v:4 hl:5 l:112 t:64)]
group::: (1, 2)
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:65:cb:d5>00:02:b3:35:f7:ab:IP]
IPP
[IP+ICMP 10.10.2.2>10.10.1.1 (cs:2393 v:4 hl:5 l:84 t:64)]
group::: None
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:35:f7:ab>00:03:47:73:90:06:IP]
IPP
[IP+ICMP 10.10.2.2>10.10.1.1 (cs:2493 v:4 hl:5 l:84 t:63)]
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONCLUSION: before the controller ran, SSH and ping both worked. After
the controller ran, SSH and ping both did not work.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
----------------------------------------------------------------------------------------------------------------------------------------------------------
case: Both code parts described above are UN-Commented/ included in the script.
input: SSH and ping
------------------------------------------------------------------------------------------------------------------------------------------------------------
output:
t@pc-0:~/pox# ./pox.py log --format="%(asctime)s: %(message)s"
--file=pox.log,w log.level --DEBUG NMA_ver3 --config=switches.json >>
log.txt
DEBUG:core:POX 0.0.0 going up...
DEBUG:core:Running on CPython (2.7.3/Sep 21 2012 14:43:48)
DEBUG:core:Platform is Linux-2.6.32-24-generic-pae-i686-with-Ubuntu-10.04-lucid
INFO:core:POX 0.0.0 is up.
DEBUG:openflow.of_01:Listening on 0.0.0.0:6633
INFO:openflow.of_01:[00-02-b3-35-f7-ab 1] connected
DEBUG:NMA_ver3:Connection [00-02-b3-35-f7-ab 1]
DEBUG:NMA_ver3:transparent: 1
DEBUG:NMA_ver3:[(IPAddr('204.168.1.0'), 32)]
DEBUG:NMA_ver3:set([21, 22])
DEBUG:NMA_ver3:{1: (1, 2), 2: (1, 2)}
DEBUG:NMA_ver3:srcIP: 10.10.2.2
DEBUG:NMA_ver3:dstIP:10.10.1.1
DEBUG:NMA_ver3:IP Packet
DEBUG:NMA_ver3:passed IP filter
DEBUG:NMA_ver3:passed TCP/UDP filter
INFO:NMA_ver3:00-02-b3-35-f7-ab: Flood hold-down expired -- flooding
DEBUG:NMA_ver3:Port for 00:02:b3:35:f7:ab unknown -- flooding
DEBUG:NMA_ver3:srcIP: 10.10.2.2
DEBUG:NMA_ver3:dstIP:10.10.1.1
DEBUG:NMA_ver3:IP Packet
DEBUG:NMA_ver3:passed IP filter
DEBUG:NMA_ver3:passed TCP/UDP filter
DEBUG:NMA_ver3:Port for 00:02:b3:35:f7:ab unknown -- flooding
DEBUG:NMA_ver3:srcIP: 10.10.2.2
DEBUG:NMA_ver3:dstIP:10.10.1.1
DEBUG:NMA_ver3:IP Packet
DEBUG:NMA_ver3:passed IP filter
DEBUG:NMA_ver3:passed TCP/UDP filter
DEBUG:NMA_ver3:Port for 00:02:b3:35:f7:ab unknown -- flooding
DEBUG:NMA_ver3:srcIP: 10.10.2.2
DEBUG:NMA_ver3:dstIP:10.10.1.1
DEBUG:NMA_ver3:IP Packet
DEBUG:NMA_ver3:passed IP filter
DEBUG:NMA_ver3:passed TCP/UDP filter
DEBUG:NMA_ver3:Port for 00:02:b3:35:f7:ab unknown -- flooding
DEBUG:NMA_ver3:srcIP: 10.10.2.2
DEBUG:NMA_ver3:dstIP:10.10.1.1
DEBUG:NMA_ver3:IP Packet
DEBUG:NMA_ver3:passed IP filter
DEBUG:NMA_ver3:Banned TCP/UDP port: 22
^CINFO:core:Going down...
INFO:openflow.of_01:[00-02-b3-35-f7-ab 1] disconnected
INFO:core:Down.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CONCLUSION: Both SSH and Ping were working before the controller.
After the controller started, both SSH(blocked) and ping stopped
working.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
---------------------------------------------------------------------------------------------------------------------------------------------------------
case: Only Code-Commented-2
input: ssh n ping
------------------------------------------------------------------------------------------------------------------------------------------
output:
POX 0.0.0 / Copyright 2011-2012 James McCauley, et al.
########## switch ports ###########
1
2
###################################
DPID::::
00-02-b3-35-f7-ab
************ DATA SET *****************
***************************************
group::: (1, 2)
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:65:cb:d5>00:02:b3:35:f7:ab:IP]
IPP
[IP+ICMP 10.10.2.2>10.10.1.1 (cs:2393 v:4 hl:5 l:84 t:64)]
p-> 1
p-> 2
group::: (1, 2)
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:65:cb:d5>00:02:b3:35:f7:ab:IP]
IPP
[IP+ICMP 10.10.2.2>10.10.1.1 (cs:2393 v:4 hl:5 l:84 t:64)]
p-> 1
p-> 2
group::: (1, 2)
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:65:cb:d5>00:02:b3:35:f7:ab:IP]
IPP
[IP+ICMP 10.10.2.2>10.10.1.1 (cs:2393 v:4 hl:5 l:84 t:64)]
p-> 1
p-> 2
group::: (1, 2)
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:65:cb:d5>00:02:b3:35:f7:ab:IP]
IPP
[IP+ICMP 10.10.2.2>10.10.1.1 (cs:2393 v:4 hl:5 l:84 t:64)]
p-> 1
p-> 2
group::: (1, 2)
packet:::
<class 'pox.lib.packet.ethernet.ethernet'>
[00:02:b3:65:cb:d5>00:02:b3:35:f7:ab:IP]
IPP
[IP+TCP 10.10.2.2>10.10.1.1 (cs:ac5d v:4 hl:5 l:60 t:64)]
TCP or UDP
++++++++++++++++++++++++++++++++++++++++++
CONCLUSION ssh and ping both not working after controller came on.
++++++++++++++++++++++++++++++++++++++++++
Though I could not capture it i the above cases, I could also see the
following log message:
*Dropping packets from non-grouped port..... *when I included the
code-1 in the script.
Does any one have a clue which triggered this issue ?
Thanks & Regards,
Shashaankar
*Research Assistant (Systems Research Lab)*
*North Carolina State University*
*Computer Science Dept.*
314-609-9035
On Sat, Nov 24, 2012 at 11:26 PM, Kyriakos Zarifis <[email protected]>wrote:
> Hi there,
>
> (1) runs because you run mininet with its default controller (no
> controller options), which runs a reference openflow controller which I
> assume does some basic forwarding by default (
> http://yuba.stanford.edu/foswiki/bin/view/OpenFlow/MininetWalkthrough#Interact_with_Hosts_and_Switches)
>
> (2) is not doing what you want because first you pass invalid options for
> a controller to mininet and then you run it with no controller (which
> causes the out of range error because mininet looks for the first
> controller in an empty array of defined controllers)
>
> What (I think) you are trying to do (correct me if I'm wrong) is you are
> trying to connect mininet to a pox controller that is running outside
> mininet's VM.
> In order to do that you need to start your pox, running whatever
> components you want (in this case the port slicer, which would be something
> like "./pox.py log.level --DEBUG l2_port_slicer --config=switches.json"
> as explained in l2_port_slicer.py, and then run mininet separately, telling
> it to connect to the pox instance you just started. So you need to use the
> "remote" option to tell it that ( as explained in the bottom of the page
> here
> http://yuba.stanford.edu/foswiki/bin/view/OpenFlow/MininetWalkthrough#Remote_Controller)
>
> On Sat, Nov 24, 2012 at 1:50 PM, shashaankar reddy <
> [email protected]> wrote:
>
>> http://www.noxathome.org/x/Murphy/l2_port_slicer.py
>
>
>
