Software Defined Networking: Demo
Welcome back to the course on Computer Network and Internet Protocols. So, in the lastclasses we are discussing about this software defined networking concept. So, today wewill see then implementation of a Software Defined Architecture, Software DefinedNetworking architecture and in our network emulator platform called mininet and we aretalking about these OpenFlow protocol. So, we will see that how you can utilize thisOpenFlow protocol on top of our mininet architecture to send or receive packets or toemulate our network topology inside your computer. So, let us have our journey on thismininet and OpenFlow controllers.(Refer Slide Time: 00:59)So, till now we have earlier looked into different socket programming aspects. So, youcan actually in mininet you can run all these different socket programming and see thatthe packets are actually traversing in the network.(Refer Slide Time: 01:15)Now to capture the packets in the internet, we have a nice traffic analysis tool calledWireshark. So, let me first show you a demo of this Wireshark and see how you canactually capture the packets and analyze individual packets in the network.(Refer Slide Time: 01:34)So, here there is this Wireshark interface. So, let me just open it from the scratch, so thatthe things become easier for you. So, we opened a Wireshark tool.(Refer Slide Time: 01:54)So, in that Wireshark tool, this is the Wireshark home screen ok. So, here you can see allthe interfaces which are there in this machine, where you will be able to capture thepackets. Now this particular machine it is connected to the wireless LAN.(Refer Slide Time: 02:15)Here you can see it is connected to this academic SSID to the Wi-Fi router. So, we usethis WLAN 0 interface, where it is receiving some packet; here you can see that there is asmall graph which is going on. So, it basically capture the packets which are there.(Refer Slide Time: 02:40)So, let us start capturing the packet in WLAN 0 interface. So, here it is capturing thepackets in WLAN 0 interface.(Refer Slide Time: 02:48)So, we will open some website. So, let us refresh this Google website or go to the Gmailwebsite, so that we can get certain packets. Now come back to the Wireshark, stop theWireshark interface and here you can see all the packet. So, you can see there are lots ofpackets where the protocol field. So, here we have the protocol field the protocol field isGBSP. So, this GBSP is something called GIGE vision protocol which is used inTeamViewer kind of application which currently I am using for recording. So, it iscapturing lot lots of such packets GBSP kind of packet it should also capture certain TCPpacket.(Refer Slide Time: 03:34)So, here is some TCP packets you can see so here are the TCP packets. Now wheneveryou are selecting one of these packets. So, let me choose one packet here.(Refer Slide Time: 03:50)So, the protocol it shows us TLS version 1.2 which is the transport layer securityencrypted TLS encrypted packet. So, the Google whenever it sends the packet over theTCP protocol, it uses TLS to ensure the security at the transport layer.(Refer Slide Time: 04:11)Now, inside this packet if you look into this second window, this second window actuallygives you the packet details at the different layers. So, this is a nice way to visualize the 5layers of the TCP/IP protocol stack. So, here let us start looking into again this top downapproach the way we are following the course.So, where you can see that you have this SSL packet which is the encrypted data bits thatwe have, after that we have these HTTP header. So, in that HTTP header we areconnecting to a proxy just contains the proxy information, because the packets that weare sending from this machine, it is sent to HTTP proxy server, and from that HTTPproxy server it is going to Google.So, the packet which is sending to Google it is inside that secure socket layer that layerwhich is the encrypted data. So, you can see that it contains this application data protocolit says about HTTP over TLS. So, here it gives the application data the TLS version 1.2the length, and the encrypted application data, so this is the encrypted part of theapplication data. So, there are three different TLS record blocks. So, the entire data isdivided into three different TLS blocks and that contains the entire application data. Thenthis HTTP extension which contains the proxy information, then we have thetransmission control protocol at the TCP port. So, you can see that the TCP details arethere. So, here my source port is 8080, the destination TCP port is 54768, the streamindex is something like 1, the single stream the segment lane it contains the TCPsequence number that we have seen for the transmission control protocol, the nextsequence number, the acknowledgement number, and the header length, certain TCPflags.So, in the TCP header there were multiple flags. So, those flag bits are here the windowsize the receiver advertised window size, and accordingly the calculated window size.And the checksum field, the urgent pointer, then the TCP option field, and the sequence,and the acknowledgement field.(Refer Slide Time: 06:38)Then you can look into the IP header. The next header is the IP header. Inside the IPheader you can see that the source address and the destination address. Now the sourceaddress that I have 172 dot 16 dot 2 dot 30 that is the IP of the proxy address that wehave in our IIT Kharagpur network. And the destination address is 10 dot 146 dot 58 dot130 that is the address of this machine.(Refer Slide Time: 07:07)So, if you if you just try to see the IP of this machine you can see that say so in theethernet address the loopback address well. So, here you can see that the WLAN addressis it is connected to the wireless LAN interface. So, the address is 10 dot 146 dot 50 dot130 the address of this machine. So, here also the destination address is 10 dot 146 dot58 dot 130 the address of this machine. So, the packet has been received from the HTTPproxy that we have IIT, in IIT Kharagpur to this machine and the different field in the IPheader. So the IP header length the flag bits in the IP header, the fragmentationinformation. Then the upper layer protocol, so it is using TCP protocol, then the sourcedestination, this IP layer header information.(Refer Slide Time: 08:28)Then you have this ethernet information. So, the ethernet information you can see fromhere and finally, the link layer information.(Refer Slide Time: 08:34)So, the data link layer has two sub part the logical link control and the MAC. So, thisframe information that is coming from the MAC and this ethernet information comingfrom the LLC. It contains the packet arrival time, the epoch time, the frame length anddifferent other fields which are there to indicate the link layer information. That wayusing Wireshark you can actually look into different type of packets say for example, youcan see that this is a TCP SYN packets. So, it is marked as a SYN. So, if you look intothe TCP header for this packet, well yeah the TCP header.(Refer Slide Time: 09:24)So, if you look into the TCP header for that packet you can see that the SYN bit is set.So, it is basically a SYN packet to initialize the TCP connection. So, you can see that aSYN is so here you can see interestingly the TCP three way handshaking mechanism. So,the SYN packet has been sent with sequence number 0 and certain window size, thenyou can see a SYN ACK; then followed by another ACK. So, this three way handshakingis happening here.So, that way using this Wireshark tool you can actually capture all the packets which iscoming in your machine. And you can analyze them you can see what are the differentpackets coming to your machine and how to process those packet look into differentheader fields at a different layer of the protocol stack and explore it further ok. So, that isbrief idea about how you can do the packet analysis using Wireshark ok.(Refer Slide Time: 10:29)So, next we will look into that how you can emulate a computer network in a singlemachine? So, that is the emulator platform which is again is a SDN based tool that weare going to discuss in little details. So, in computer network the best way to learn acomputer network is experimenting it on the existing network so that is always.So, if you run your own protocol if you say design a protocol implement it and make arun on a on your network, so that is the best way to do. But the problem is that if thiskind of existing network it may not be available for everyone. So, to get access to anexisting network is a difficulty.So, some time it may happen that you have a limited access to the network. For example,we have certain limited access in IIT Kharagpur network you cannot run anything overthe IIT Kharagpur network. Because it is a public network and if you want to design yourprivate network or want to set up your private network it is expensive to make a setup ofyour private network. So, that is why what we do? You try to emulate a network topologyin a computer.So, there are multiple simulation platform which has been used historically to understandthe behavior of a computer network. But simulation platform has many limitationbecause it is not using the exact protocol stack which is running inside your machine. So,that is why many of the time a simulated network does not give you an ideal informationabout how your protocol can perform in a real environment. But on the other hand theemulated network has that capacity.So, in a case of a emulated network the difference from the simulated network is that youare not simulating in a hypothetical, or a virtual environment rather what you are doing?You are utilizing the network protocol stack the implementation inside the kernel itselfthe actual implementation which is going to run in a real network. And on that emulatedplatform you are testing that how the performance of your network is going to be. So, theadvantage is that it is independent of the existing network and it can be set up as requiredok.(Refer Slide Time: 12:38)Now, here are the different parts or different components of computer networks in aphysical network. So, you have the routers, you have the switches, you have differenthost and the server and you have the link.(Refer Slide Time: 12:53)Now, in a virtual domain, or an emulated domain whenever we are emulating it usingthis mininet platform. So, we call mininet as a network inside the computer, a emulatednetwork inside the computer. So, these routers are implemented using called somethingcalled a virtual namespace for legacy network or Open vSwitch for software differentgiven network.So, Open vSwitch is a tool chain which provides switch implementation in an openplatform, open platform, or open source platform. You have that Open vSwitchimplementation and using Open vSwitch you can emulate a switch using the kernelprotocol stack which is there in your Linux operating system. Then a switch can again beemulated using a Open vSwitch platform, host can be emulated using a virtualnamespace, a namespace is basically instance of the protocol stack which works like aindividual hosts.So, you have this entire protocol stack implementation inside your computer. Now youare creating a virtual instance of that protocol stack and emulating it at as an individualhost. So, this entire architecture you can just think of the way we do the operating systemlevel virtualization. So, I think that you have heard about this kind of virtual machine,and the tools like virtual box.So, in a tool like virtual box what we do? We do the operating system levelvirtualization. So, you have this virtual box on top of you can have multiple vms whichare running, and inside every vm you can run one different operating system. So, one vmcan host a ubuntu operating system, another vm can host a say windows operatingsystem, a third vm can host a fedora operating system. And all this thing can run on topof a host operating system.In a similar way here we are emulating the network using this virtual namespace, and avirtual switch concept where the network protocol stack implementation is there insideyour kernel. And we are creating a virtualized instance of that protocol stack. So,whenever you are creating constructing a virtual host; that means, you are creating youare taking a virtual instance of the entire TCP/IP protocol stack of the 5 layers andconsidering it as a virtual namespace. So, the term namespace actually indicates a virtualinstance of this end to end protocol stack.So, you are taking a virtual instance of that and considering it as an as an a individualhost. Now if we are going to implement a switch or a router then at the layer three of theprotocol stack you need to run the routing functionalities, or at layer two of the protocolstack you have to run the switching functionalities, or layer two functionalities, so thatyou can implement with the help of this Open vSwitch.So, the Open vSwitch will adopt the virtual switching functionalities or the routingfunctionalities on top of that namespace the protocol stack namespace. And then you canemulate the links the physical links using virtual links.(Refer Slide Time: 15:49)Now, this is a kind of simple computer network in the physical domain you have onehost which is running say a browser like Firefox, it is connected to a network switch or arouter that is again connected to a HTTP server. So, using the browser you can browsethe data from the HTTP server.(Refer Slide Time: 16:08)Now, the same thing you can implement inside a single machine. So, here you have yourLinux kernel; in that Linux kernel you have this Open vSwitch kernel module which runsthe switching functionalities by taking a virtualized instance of that TCP/IP protocolstack and then you have two different namespaces host namespaces. So, these twodifferent host name paces, again have a virtual instance of these 5 layers of the TCP/IPprotocol stack, and they are in the application site you are running a Firefox, then youhave a Linux kernel which has this virtual implementation of the protocol stack and thenthe ethernet 0 which is a virtual link which is connected to this Open vSwitch kernelmodule.So, it is connected with this logical switch at the virtual switch and the other host namespace you have HTTP server running at the application and the remaining part of theprotocol stack along with the virtual link through this eth 0 which is being connected. So,that way the physical network you can implement in a machine using this virtual instanceinstances of the network.
Software Defined Networking: Demo-Part 2
So, now how you can create such kind of topologies in a network in a computer, we canuse the mininet tool I will show you a demo of that mininet tool, but before going to thatjust showing you some simple comments inside the mininet tool.So, this mininet tool you can this is a open source tool, you can install it from the mininetwebsite. So, from the mininet website you can even get the image under different kind ofoperating system or you can also get the source, you can compile it from the source andinstall it to your Linux based machine. So, in the mininet command if you type thecommand like mn mn is corresponds to the mininet minus topo single 2 what it will do?It will create a topology like this; it will have a single instance of the switch and twodifferent hosts.So, if you make it mn minus minus topo, single 3, then you have a single switch withthree different hosts. If you make it as mn minus minus topo linear 3, it will create alinear topology of the three switches and one host will connect with each of the switch.So, this is the topology corresponds to that.(Refer Slide Time: 18:27)And then if you want to create say a complicated topology, so, here what we are doingthat we are creating a topology like this linear 2, 3 and this is a kind of SDN topologythat we are going to implement. In the last lecture we have discussed about this SDNarchitecture we have the switches, and the switches are connected to a controller. So, thatthing we are going to emulate here using this SDN mininet networking platform.So, what we are going to do, we are having this mn minus minus topo; linear 2, 3, linear2, 3 means you have a linear topology of two switches which are being connected andthree host are connected with every individual switches, and then we have specifyingminus minus controller equal to remote. That means, we are having a controller which isthere in the remote machine and that controller is connected to the switches. Now in thatcontroller you have to load individual controller software.So, in the last class we are discussing that there can be multiple such controller platformslike Ryu like that porks like open daylight, like floodlight, there are different kind ofcontrollers you can pick up your favorite controllers and attach it with this virtualcontroller that you are designed. And then with that virtual controller you can actually tryto do the experiments by setting up by writing your code inside the controller, by writingyour network application inside the controller and then running it over this kind ofemulated network. So, now let us go for a demo of this entire procedure.(Refer Slide Time: 20:04)So, what we are going to do is first we,(Refer Slide Time: 20:09)so, so, first we will run a mininet instance with we create a topology of a single switchand three different host. So, let us do it pseudo mn minus minus topo. So, you have torun it is in the pseudo instances, because it run as a Ryu you are going to access thekernel protocol stack.So, that is you require the root access, single comma 3 the way I have shown you earlierlike we have a single switch with three different hosts connected to that switch. Thenminus minus mac, minus minus controller remote, minus minus switch ovsk. So, here itsays that I am going to have a controller which is now going to connected with theswitch and those which are of type ovsk switches.So, I have to give the root password oh sorry I have made a typo here it should becontroller ok. Now you can see here what has happened first whenever it is trying to addthe controller, it was not able to contact the remote controller at the local machine. So,we are saying that we are going to run the controller in the local machine.So, the controller normally runs in two different out of the two different port 6653 or6633. So, it is searching for the controller, but currently we have not executed anycontroller. So, it was not able to find the controller and it has added three different hosth1 h2 and h3 and added a switches called s1 and the links are h1 to s1, h2 to s1 and h3 tos1 a kind of star topology. So, three hosts are connected to one switch.So, it has configured the three hosts, started the controller, but the controller it was notable to connect and one switch has been started. So, now, you got the mininet consolehere, now from that mininet console if you try to say ping something. So, we make thecommand as h1 ping h2.So, whenever we write h1 ping h2; that means, from the virtual namespace of h1, theprotocol stack which is there the actual protocol stack which is there from there we aregoing to execute the ping command and we are trying to ping the host h2. So, here if youtry to ping it you can see that it is not getting pinged.(Refer Slide Time: 23:22)So, it says that the destination host is unreachable.(Refer Slide Time: 23:29)Similarly, if you try to ping from say h2 ping h3, none of the machines will get pinged itsays destination host unreachable.(Refer Slide Time: 23:46)Now, let us run the controller. So, what will do under this mininet directory, we have weare going to use the Ryu controller.So, we are going to the directory Ryu and starting the controller. So, ovs vsctl. So, thisovs vsctl command is used to start a controller and attach it with a corresponding ovsswitch set bridge, we are trying to set the controller in the bridge mode and it will beconnected with s1. So, s1 is going to work as a bridge mode with which the controller isgetting connected then protocols equal to OpenFlow 13.So, we are specifying that we are going to use OpenFlow version 1.3 as my protocolsmrl. So, the password now we are going to start the controller. So, what we have donehere we have with this ovs vsctl command with this s1 which is working as the bridgemode with that we have configured it with this OpenFlow version 1.3 protocol stack,now we are going to run the switch run the controller. So, to run the controller we aregoing to Ryu manager, going to run Ryu manager in the verbose mode.So, that we can see what is going to happen here and the controller program that we aregoing to run. So, on the controller you have to run certain applications. So, thatapplication will take care of configuring your switches that we have learned in the lastclass, it will configure the switch and it will install the forwarding rules inside thatswitch.So, here we have written a python script, which is actually a default python script usedinside the Ryu controller and that python script actually works like application of aforwarding manager. It helps you to forward the packet from one machine to anothermachine. So, we are going to run that one, it is simple switch with version 13 dot py. So,that is the python application which you have written or indeed it was a defaultapplication in Ryu; once you install Ryu you can get that as well. So, that particularapplication we are going to run here ok.(Refer Slide Time: 26:33)So, it has executed that one, and after that it has getting connected with thecorresponding switch now, let us try to run it; h1 ping h2.(Refer Slide Time: 26:48)Now you can see it is getting pinged and when it is getting pinged let us look into fewevents which are happening here.(Refer Slide Time: 27:03)Here you can see there was some event which has been locked. So, this event you cansee certain packets are coming to the controller and based on that packet, it isconfiguring the corresponding switches.So, the controller events are being logged here.(Refer Slide Time: 27:23)And here it is getting pinged and we have an interesting observation here, if you lookinto the response time of the switches. So, you can see that the first packet that was sentit has a longer time. It it has taken a time of 4.84 milli second whereas, the remainingping packet it has took around 0.16 millisecond and 0.03 millisecond, 0.02 millisecondssomething like that, but the first one has taken certain more time why that is so?If you remember in the last class that I have discussed, that how this entire controllerarchitecture is going to work for the first packet whenever it reaches to the switch, theswitch does not have any information about how to process that packet or how toforward that packet. So, what the switch has done the switch will send or generate aOpenFlow event, which will reach to the controller. So, the event we can see in the othertab the OpenFlow event that have been generated.So, this OpenFlow events will be generated and it will be sent to the correspondingswitch, and then that particular switch will send that event to the correspondingcontroller, the Ryu controller application that we are running. So, that particularapplication the switching application, it will generate the rules and configure the switchwith that particular rule and then the packet will get forwarded and during that inbetween time, the packet will remain inside the buffer of the switch.So, for the initial packet we see a certain longer delay for, but for the remaining packetthat delays are less.(Refer Slide Time: 29:01)Again if I run it, you can see that the delays is comparatively lesser. Only for the firsttime it has took that initial longer time. Similarly now in this case if I run it in a differentcase.So, earlier I have done h1 ping h2, now say run it from the h2 host.(Refer Slide Time: 29:25)So, if we run the ping from h2 host to h3, again you can see that the first packet has tooksome longer time to forward the things. So, that way you can actually run this entirecontroller and the switches and emulate the topology by using this mininet emulatornetwork emulator platform.(Refer Slide Time: 29:44)Now, briefly and you can see here that all these events have again executed for differentnodes. Now let us look into the application that we had written in python. So, I willquickly show you the application which is there.(Refer Slide Time: 30:06)So, inside the app directory you can see that there are multiple applications which arethere. So, you can actually play with these applications which are there and then willstart writing your own application using this python programming. So, simple switch 13dot py ok.(Refer Slide Time: 30:30)So, here what we basically do? A simple switch thirteen class has been defined andinside that, we are defining different functionalities. The initial the initial functionalitiesthe a switch feature handler which handle different features inside the switch and thenthe interesting part is this add flow things.(Refer Slide Time: 30:50)So, this add flow will add a new rule corresponds to a new flow. So, what it will do. So,this add flow it will call this packet in handler.(Refer Slide Time: 31:07)So, this packet in handler actually handle one OpenFlow packet. So, whenever ourpacket in event occurs; that means, a packet is waiting at the switch and you havereceived that packet in event at the controller side.So, that is something we wanted to discuss in this particular class.So, hope you got an idea about how to process these entire things and run a SDNcontroller in your local machine. So, I will I will suggest you to play with this mininetemulator platform and the different kind of protocol that you are learning execute it ontop of that.So, you can even execute a socket programming from this individual host, just like wehave executed the ping application. You can run your socket programming applicationand run it here. So, explore it further. So, hopefully you will get a nice understanding ornice insight of this network protocol stack so thank you all for attending this class.
Log in to save your progress and obtain a certificate in Alison’s free Advanced Diploma in Computer Networks and Internet Protocol online course
Sign up to save your progress and obtain a certificate in Alison’s free Advanced Diploma in Computer Networks and Internet Protocol online course
Please enter you email address and we will mail you a link to reset your password.