搭建环境
- sudo apt-get install build-essential default-jdk ant python-dev
- sudo apt-get install git
- git clone git://github.com/floodlight/floodlight.git
- cd floodlight
- ant # 根据build.xml会生成target目录
- java -jar target/floodlight.jar
- http://localhost:8080/ui/index.html
- ssh登陆mininet
- sudo mn –custom ~/topo-2sw-2host.py –topo mytopo –controller=remote,ip=192.168.56.103,port=6653
关于sudo apt-get install build-essential default-jdk ant python-dev eclipse
- 这是配置Floodlight是首先用到的一句话,安装了四个包
- dpkg -s build-essential default-jdk ant python-dev eclipse 可以查看各个包的信息
- sudo apt-cache depends build-essential 可以查看这个包的依赖信息,表示这些依赖的都已经装好了
- apt-get安装的jdk就不用配置环境变量了如果自动安装的就不需要配置环境变量了,配置环境变量的目的是告诉系统
- 有这样一些资源,典型的是你使用tab键能够找到可以运行的程序,如果这个程序的位置没有设置在path环境变量里面就无法自动提示
- linux发行版通常会把类库的头文件和相关的pkg-config分拆成一个单独的xxx-dev(el)包.
- 以python为例, 以下情况你是需要python-dev的
- 你需要自己安装一个源外的python类库, 而这个类库内含需要编译的调用python api的c/c++文件 //如:安装使用WiringpisPi库需要python-dev
- 你自己写的一个程序编译需要链接libpythonXX.(a|so)
- (注:以上不含使用ctypes/ffi或者裸dlsym方式直接调用libpython.so)
- 其他正常使用python或者通过安装源内的python类库的不需要python-dev.
第一题:基础题
第1小题:简单网络
- 搭建自己的拓扑
- 我所有的拓扑文件都放到了~/目录下
//topo-2sw-2host.py
"""Custom topology example
Two directly connected switches plus a host for each switch:
host --- switch --- switch --- host
Adding the 'topos' dict with a key/value pair to generate our newly defined
topology enables one to pass in '--topo=mytopo' from the command line.
"""
from mininet.topo import Topo
class MyTopo( Topo ):
"Simple topology example."
def __init__( self ):
"Create custom topo."
# Initialize topology
Topo.__init__( self )
# Add hosts and switches
leftHost = self.addHost( 'h1' )
rightHost = self.addHost( 'h2' )
leftSwitch = self.addSwitch( 's3' )
rightSwitch = self.addSwitch( 's4' )
# Add links
self.addLink( leftHost, leftSwitch )
self.addLink( leftSwitch, rightSwitch )
self.addLink( rightSwitch, rightHost )
topos = { 'mytopo': ( lambda: MyTopo() ) }
- sudo mn –custom ~/topo-2sw-2host.py –topo mytopo –controller=remote,ip=192.168.56.103,port=6653
- 修改默认流表转发路径:Ubuntu ~/floodlight/src/main/resources/floodlightdefault.properties
- cp floodlightdefault.properties floodlightdefault.properties.noforwarding
- cp floodlightdefault.properties floodlightdefault.properties.forwarding
- cp floodlightdefault.properties.noforwarding floodlightdefault.properties
- ant一下(这个不用),会根据属性文件自动加载模块
将第一行forwarding那句话加#注释,重新ant一下
手动下发流表
curl -d '{"switch":"00:00:00:00:00:00:00:03","name":"flow-mod-1","cookie":"0","priority":"32767","in_port":"1","active":"true","actions":"output=2"}' http://192.168.56.103:8080/wm/staticflowpusher/json
curl -d '{"switch":"00:00:00:00:00:00:00:03","name":"flow-mod-2","cookie":"0","priority":"32767","in_port":"2","active":"true","actions":"output=1"}' http://192.168.56.103:8080/wm/staticflowpusher/json
curl -d '{"switch":"00:00:00:00:00:00:00:04","name":"flow-mod-3","cookie":"0","priority":"32767","in_port":"1","active":"true","actions":"output=2"}' http://192.168.56.103:8080/wm/staticflowpusher/json
curl -d '{"switch":"00:00:00:00:00:00:00:04","name":"flow-mod-4","cookie":"0","priority":"32767","in_port":"2","active":"true","actions":"output=1"}' http://192.168.56.103:8080/wm/staticflowpusher/json
- json 把actions属性值置空就可以实现无法ping通
- URL: http://localhost:8080/wm/staticflowpusher/json
- 在Postman中一次只能一个
{
"switch": "00:00:00:00:00:00:00:03",
"name": "flow-mod-1",
"cookie": "0",
"priority": "32767",
"in_port": "1",
"active": "true",
"actions": "output=2"
}
{
"switch": "00:00:00:00:00:00:00:03",
"name": "flow-mod-2",
"cookie": "0",
"priority": "32767",
"in_port": "2",
"active": "true",
"actions": "output=1"
}
{
"switch": "00:00:00:00:00:00:00:04",
"name": "flow-mod-3",
"cookie": "0",
"priority": "32767",
"in_port": "1",
"active": "true",
"actions": "output=2"
}
{
"switch": "00:00:00:00:00:00:00:04",
"name": "flow-mod-4",
"cookie": "0",
"priority": "32767",
"in_port": "2",
"active": "true",
"actions": "output=1"
}第2小题:访问限制
- 搭建自己的拓扑
//AccesslimitTopo.py
from mininet.topo import Topo
class MyTopo( Topo ):
"Simple topology example."
def __init__( self ):
"Create custom topo."
# Initialize topology
Topo.__init__( self )
# Add hosts and switches
Host1 = self.addHost( 'Host1' )
Server1 = self.addHost( 'Server1' )
Switch1 = self.addSwitch( 'Switch1' )
Switch2 = self.addSwitch( 'Switch2' )
# Add links
self.addLink( Host1,Switch1 )
self.addLink( Switch1, Switch2 )
self.addLink( Switch2, Server1 )
topos = { 'mytopo': ( lambda: MyTopo() ) } //Serer1.py
import SimpleHTTPServer
import SocketServer
class SETHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
def createHTML(self):
html = file("/home/mininet/Server1.html", "r")
for line in html:
self.wfile.write(line)
def do_GET(self):
print "GET"
print self.headers;
self.createHTML()
def do_POST(self):
print "POST"
print self.headers;
length = int(self.headers.getheader('content-length'))
qs = self.rfile.read(length)
url=urldecode(qs)
print "url="
print url
self.createHTML()
Handler = SETHandler
PORT = 80
httpd = SocketServer.TCPServer(("", PORT), Handler)
print "Start Server1......"
print "serving at port", PORT
httpd.serve_forever()//Serer1.html
<html>
<head><title>Server1</title></head>
<body bgcolor="red"><p align="center">
Hello , this is Server1!</p></body>
</html>
- 把forwarding的模块加上
- mininet> xterm Server1 && python Serer1/Serer1.py
- mininet> xterm Host1 && wget -O - 10.0.0.2 或者 wget -O http://10.0.0.2 O参数是显示在命令行
- 注意查看一下Server1.py中的html文件的位置
- mininet> Server1 firefox localhost 访问Server1提供的静态网页
- 限制访问服务器流表 mininet
Switch1 dpctl add-flow tcp:127.0.0.1:6634 in_port=1,idle_timeout=60,actions=output:2
Switch1 dpctl add-flow tcp:127.0.0.1:6634 in_port=2,idle_timeout=60,actions=output:1
Switch2 dpctl add-flow tcp:127.0.0.1:6634 in_port=1,idle_timeout=60,actions=output:2
Switch2 dpctl add-flow tcp:127.0.0.1:6634 in_port=2,idle_timeout=60,actions=output:1
- 访问限制流表 floodlight
- URL: http://localhost:8080/wm/staticflowpusher/json
{
"switch": "00:00:00:00:00:00:00:01",
"name": "flow-mod-1",
"cookie": "0",
"priority": "32767",
"in_port": "1",
"idle_timeout": "60",
"active": "true",
"actions": "output=2"
}
{
"switch": "00:00:00:00:00:00:00:01",
"name": "flow-mod-2",
"cookie": "0",
"priority": "32767",
"in_port": "2",
"idle_timeout": "60",
"active": "true",
"actions": "output=1"
}
{
"switch": "00:00:00:00:00:00:00:02",
"name": "flow-mod-3",
"cookie": "0",
"priority": "32767",
"in_port": "1",
"idle_timeout": "60",
"active": "true",
"actions": "output=2"
}
{
"switch": "00:00:00:00:00:00:00:02",
"name": "flow-mod-4",
"cookie": "0",
"priority": "32767",
"in_port": "2",
"idle_timeout": "60",
"active": "true",
"actions": "output=1"
}第二题:提高题
第1小题:代理访问
- 要添加forwarding模块
- flt && sshxm && sudomn ProxyaccessTopo.py && pingall
//ProxyaccessTopo.py
from mininet.topo import Topo
class MyTopo( Topo ):
def __init__( self ):
Topo.__init__( self )
host1 = self.addHost('Host1')
host2 = self.addHost('Host2')
server1 = self.addHost('Server1')
proxy1 = self.addHost('Proxy1')
switch1 = self.addSwitch('Switch1')
switch2 = self.addSwitch('Switch2')
switch3 = self.addSwitch('Switch3')
self.addLink( host1,switch1 )
self.addLink( host2,switch1 )
self.addLink( switch1,switch2)
self.addLink( switch2,switch3)
self.addLink( server1,switch2)
self.addLink(proxy1,switch3)
topos={'mytopo':(lambda:MyTopo())}
- curl -X PUT http://localhost:8080/wm/firewall/module/enable/json
- 在交换机上启用防火墙。由于默认情况下防火墙拒绝所有流量,只有明确的允许规则可以允许流量通过,因此目前防火墙阻隔所有数据包的通行
- curl -X POST -d ‘{“switchid”: “00:00:00:00:00:00:00:01”}’ http://localhost:8080/wm/firewall/rules/json
- curl -X POST -d ‘{“switchid”: “00:00:00:00:00:00:00:02”}’ http://localhost:8080/wm/firewall/rules/json
- curl -X POST -d ‘{“switchid”: “00:00:00:00:00:00:00:03”}’ http://localhost:8080/wm/firewall/rules/json
- 防火墙默认阻隔一切数据流量,因此需首先允许拓扑内设备间的数据交换,即添加允许规则,使流量能够在Switch1、Switch2和Switch3之间流通
- curl -X POST -d ‘{“src-ip”: “10.0.0.1/32”, “dst-ip”: “10.0.0.3/32”, “action”:”DENY”}’ http://localhost:8080/wm/firewall/rules/json
- 由于Host1为普通用户,因此原则上丌允许其访问代理服务器Proxy1。但是在第四步中由于允许交换机间的包交换而打开了Proxy1不Host1乊间的通路,因此必须单独指定deny劢作,阻隔Host1和Proxy1乊间的数据流劢。由于Host2(代理用户)未受影响,因此Host2仍然能够访问Proxy1
扫一扫
1337
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
