一、实验目的
1.能够运用 wireshark 对 OpenFlow 协议数据交互过程进行抓包;
2.能够借助包解析工具,分析与解释 OpenFlow协议的数据包交互过程与机制。
二、实验环境
1.下载虚拟机软件VMware Workstation;
2.在虚拟机中安装Ubuntu,并完整安装Mininet;
三、实验要求
(一)基本要求
1.搭建下图所示拓扑,完成相关 IP 配置,并实现主机与主机之间的 IP 通信。用抓包软件获取控制器与交换机之间的通信数据包。
| 主机 | IP地址 |
| h1 | 192.168.0.101/24 |
| h2 | 192.168.0.102/24 |
| h3 | 192.168.0.103/24 |
| h4 | 192.168.0.104/24 |
具体步骤
- 在终端输入以下命令并搭建拓扑
- 进入root用户下
- mininet/examples/miniedit.py
- 配置网段 (点击Edit -> Preferences)
网段为实验要求中的192.168.0.0/24
OK保存退出
3.配置IP地址(点击File -> Export Level 2 Script)
并保存为py文件
图中mxh22.py为自定义,根据学号可自行修改
使用vi或vim编辑mxh22.py文件中下图中的信息(行数为30-33)
查看行数的命令为 :set nu
修改完成后 :wq 保存退出
3.查看抓包结果,分析OpenFlow协议中交换机与控制器的消息交互过程,画出相关交互图或流程图。
新建终端
打开wireshark,命令为sudo wireshark
如果在用户视图则直接wireshark,下图为管理员视图操作
运行sudo wireshark命令,并选择any模式进行抓包
开启另一个终端,命令行运行mxh22.py文件,运行pingall
注:顺序不可乱,先打开wireshark进行抓包,再去执行Python文件,如出现找不到包的情况则关闭重新打开
(1)Hello
注:如果抓不到hello包,需要先打开wireshark抓包再运行python文件
- 控制器6633端口(我最高能支持OpenFlow 1.0) ---> 交换机53202端口
- 交换机53202端口(我最高能支持OpenFlow 1.5)--- 控制器6633端口
于是双方建立连接,并使用OpenFlow 1.0 - (2)Features Request / Set Conig
- 控制器6633端口(我需要你的特征信息) ---> 交换机53202端口
- 控制器6633端口(请按照我给你的flag和max bytes of packet进行配置) ---> 交换机53202端口
- flag:指示交换机如何处理 IP 分片数据包
- max bytes of packet:当交换机无法处理到达的数据包时,向控制器发送如何处理的最大字节数,本实验中控制器发送的值是0x0080,即128字节。
-
(3)Port_Status
- 当交换机端口发生变化时,告知控制器相应的端口状态。
(4)Features Reply - 交换机53202端口(这是我的特征信息,请查收)--- 控制器6633端口
-
(5)Packet_in
- 有两种情况:
- 交换机查找流表,发现没有匹配条目时
- 有匹配条目但是对应的action是OUTPUT=CONTROLLER时
- 交换机53202端口(有数据包进来,请指示)--- 控制器6633端口
- 分析抓取的数据包,可以发现是因为交换机发现此时自己并没有匹配的流表(Reason: No matching flow (table-miss flow entry) (0)),所以要问控制器如何处理
-
(6)Flow_mod
- 分析抓取的flow_mod数据包,控制器通过6633端口向交换机53202端口、交换机53214端口下发流表项,指导数据的转发处理
- 分析抓取的flow_mod数据包,控制器通过6633端口向交换机53202端口、交换机53214端口下发流表项,指导数据的转发处理
-
(7)Packet_out
控制器6633端口(请按照我给你的action进行处理) ---> 交换机53202端口
-
(8)交互图
3.回答问题:交换机与控制器建立通信时是使用TCP协议还是UDP协议?- 分析wireshark抓包,可以看出交换器与控制器建立通信时使用的是TCP协议。
-
(二)进阶要求
1.将抓包结果对照OpenFlow源码,了解OpenFlow主要消息类型对应的数据结构定义。
(1)Hello
struct ofp_header {
uint8_t version; /* OFP_VERSION. */
uint8_t type; /* One of the OFPT_ constants. */
uint16_t length; /* Length including this ofp_header. */
uint32_t xid; /* Transaction id associated with this packet.
Replies use the same id as was in the request
to facilitate pairing. */
};/* OFPT_HELLO. This message has an empty body, but implementations must
* ignore any data included in the body, to allow for future extensions. */struct ofp_hello {
struct ofp_header header;
};
- 对应
-
(2)Features Request
- 与Hello中的数据格式相同
-
(3)Set Conig
/* Switch configuration. */struct ofp_switch_config {
struct ofp_header header;
uint16_t flags; /* OFPC_* flags. */
uint16_t miss_send_len; /* Max bytes of new flow that datapath should
send to the controller. */
};
- 对应
-
(4)Port_Status
/* A physical port has changed in the datapath */struct ofp_port_status {
struct ofp_header header;
uint8_t reason; /* One of OFPPR_*. */
uint8_t pad[7]; /* Align to 64-bits. */
struct ofp_phy_port desc;
};
- 对应
-
(5)Features Reply
/* Description of a physical port */struct ofp_phy_port {
uint16_t port_no;
uint8_t hw_addr[OFP_ETH_ALEN];
char name[OFP_MAX_PORT_NAME_LEN]; /* Null-terminated */
uint32_t config; /* Bitmap of OFPPC_* flags. */
uint32_t state; /* Bitmap of OFPPS_* flags. */
/* Bitmaps of OFPPF_* that describe features. All bits zeroed if
* unsupported or unavailable. */
uint32_t curr; /* Current features. */
uint32_t advertised; /* Features being advertised by the port. */
uint32_t supported; /* Features supported by the port. */
uint32_t peer; /* Features advertised by peer. */
};/* Switch features. */struct ofp_switch_features {
struct ofp_header header;
uint64_t datapath_id; /* Datapath unique ID. The lower 48-bits are for
a MAC address, while the upper 16-bits are
implementer-defined. */
uint32_t n_buffers; /* Max packets buffered at once. */
uint8_t n_tables; /* Number of tables supported by datapath. */
uint8_t pad[3]; /* Align to 64-bits. */
/* Features. */
uint32_t capabilities; /* Bitmap of support "ofp_capabilities". */
uint32_t actions; /* Bitmap of supported "ofp_action_type"s. */
/* Port info.*/
struct ofp_phy_port ports[0]; /* Port definitions. The number of ports
is inferred from the length field in
the header. */
};
对应
-
(6)Packet_in
/* Why is this packet being sent to the controller? */enum ofp_packet_in_reason {
OFPR_NO_MATCH, /* No matching flow. */
OFPR_ACTION /* Action explicitly output to controller. */
};
/* Packet received on port (datapath -> controller). */struct ofp_packet_in {
struct ofp_header header;
uint32_t buffer_id; /* ID assigned by datapath. */
uint16_t total_len; /* Full length of frame. */
uint16_t in_port; /* Port on which frame was received. */
uint8_t reason; /* Reason packet is being sent (one of OFPR_*) */
uint8_t pad;
uint8_t data[0]; /* Ethernet frame, halfway through 32-bit word,
so the IP header is 32-bit aligned. The
amount of data is inferred from the length
field in the header. Because of padding,
offsetof(struct ofp_packet_in, data) ==
sizeof(struct ofp_packet_in) - 2. */
};
-
(7)Flow_mod
/* Fields to match against flows */struct ofp_match {
uint32_t wildcards; /* Wildcard fields. */
uint16_t in_port; /* Input switch port. */
uint8_t dl_src[OFP_ETH_ALEN]; /* Ethernet source address. */
uint8_t dl_dst[OFP_ETH_ALEN]; /* Ethernet destination address. */
uint16_t dl_vlan; /* Input VLAN id. */
uint8_t dl_vlan_pcp; /* Input VLAN priority. */
uint8_t pad1[1]; /* Align to 64-bits */
uint16_t dl_type; /* Ethernet frame type. */
uint8_t nw_tos; /* IP ToS (actually DSCP field, 6 bits). */
uint8_t nw_proto; /* IP protocol or lower 8 bits of
* ARP opcode. */
uint8_t pad2[2]; /* Align to 64-bits */
uint32_t nw_src; /* IP source address. */
uint32_t nw_dst; /* IP destination address. */
uint16_t tp_src; /* TCP/UDP source port. */
uint16_t tp_dst; /* TCP/UDP destination port. */
};/* Flow setup and teardown (controller -> datapath). */struct ofp_flow_mod {
struct ofp_header header;
struct ofp_match match; /* Fields to match */
uint64_t cookie; /* Opaque controller-issued identifier. */
/* Flow actions. */
uint16_t command; /* One of OFPFC_*. */
uint16_t idle_timeout; /* Idle time before discarding (seconds). */
uint16_t hard_timeout; /* Max time before discarding (seconds). */
uint16_t priority; /* Priority level of flow entry. */
uint32_t buffer_id; /* Buffered packet to apply to (or -1).
Not meaningful for OFPFC_DELETE*. */
uint16_t out_port; /* For OFPFC_DELETE* commands, require
matching entries to include this as an
output port. A value of OFPP_NONE
indicates no restriction. */
uint16_t flags; /* One of OFPFF_*. */
struct ofp_action_header actions[0]; /* The action length is inferred
from the length field in the
header. */
};
对应
-
(8)Packet_out
/* Action header that is common to all actions. The length includes the
* header and any padding used to make the action 64-bit aligned.
* NB: The length of an action *must* always be a multiple of eight. */struct ofp_action_header {
uint16_t type; /* One of OFPAT_*. */
uint16_t len; /* Length of action, including this
header. This is the length of action,
including any padding to make it
64-bit aligned. */
uint8_t pad[4];
};OFP_ASSERT(sizeof(struct ofp_action_header) == 8);
/* Send packet (controller -> datapath). */struct ofp_packet_out {
struct ofp_header header;
uint32_t buffer_id; /* ID assigned by datapath (-1 if none). */
uint16_t in_port; /* Packet's input port (OFPP_NONE if none). */
uint16_t actions_len; /* Size of action array in bytes. */
struct ofp_action_header actions[0]; /* Actions. */
/* uint8_t data[0]; */ /* Packet data. The length is inferred
from the length field in the header.
(Only meaningful if buffer_id == -1.) */
};
-
四、个人总结
- 实验难度:适中
- 实验过程遇到的困难及解决办法:
- 打开wireshark后创建拓扑,过滤出Openflow数据包,发现一些数据包没有找到,重新看了文件,并上网查阅资料后发现要先打开wireshark再执行Python文件,进行pingall即可找到。
- 个人感想:本次实验是结课实验,实验难度相对于平常练习会有难度一些,需要建立拓扑后在wireshark中操作,首先要能够熟练使用wireshark,其次就是找包的时候数据很多,容易错过,需要很细心。通过阅读openflow的源码,能理清楚其中的数据结构,并和实际抓到的包的详细信息对应起来,从而理解openflow协议的数据包交互过程。除此之外,对wireshark中过滤器的使用也有了更深刻的了解,对openflow协议有了更深刻的认识,整理实验报告的过程中能够加深对整个交互过程的理解,截图较多,整理起来需要足够的耐心。实验中遇到的问题都得到了解决,对mininet的一些命令行操作也更加的熟练。
- 本文为学院sdn结课作业,仅供参考,如有问题欢迎留言指正。
1941
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
