SDN 5

F igur e 1: Sam ple layered data center topology

F igure 2: Clos topology with 2 core switche::i and fan out = 2

Procedure:

• Step 0: Install Mininet and POX

o Mininet is a network emulator that allows you to create and run virtual
networks on a single machine. POX is a network controller that allows
you to program and control the behavior of the network using Python
scripts.
o You can install these tools by following the instructions on their
websites: http://mininet.org/download/ and
https://github.com/noxrepo/pox
o Alternatively, you can use a virtual machine image provided by the course
that already has these tools installed. You can download it from here:
https://drive.google.com/file/d/1y9v9Z0n1yQl7y8J6wYw6j0p6bY
4D7fL2/view
o To run the virtual machine, you need to install
VirtualBox:
https://www.virtualbox.org/wiki/Downloads
o To access the virtual machine, you need to use
SSH: https://www.ssh.com/ssh/putty/download
• Step 1: Run the script clos topo.py to create the data center network
topology in Mininet

• This script is provided by the course and it defines the structure and
parameters of the network. The network consists of four layers: core,
 aggregation, edge, and host. Each layer has a number of switches and links
that connect them. The switches are OpenFlow- enabled and can be
controlled by POX.
• To run the script, you need to open a terminal and type: sudo
python clos topo.py
• This will create the network topology and start Mininet. You will see a
prompt like this: mininet>
• You can use various commands to interact with the network, such as
pingall, dump, nodes, etc. You can see a list of commands by typing
help.
• Step 2: Run the script CloudNetController.py to start the POX
controller that will manage the network
o This script is provided by the course and it contains the code
relating to the SDN applications that you will implement. The script
uses POX’s API to communicate with the switches and install flow
rules on them. The script also defines some helper functions and
classes that you will use in your tasks.
o To run the script, you need to open another terminal and type:
./pox.py log.level --DEBUG CloudNetController
o This will start POX and load the script. You will see some messages
like this: INFO:core:POX 0.5.0 (carp) is up.
o The controller will connect to the switches and send them some
initial flow rules. You will see some messages like
this: DEBUG:CloudNetController:Installing initial flow rules for switch
s1
• Step 3: Implement basic routing

o To do this, we need to write a function

called task1 shortest path routing that takes two parameters: src and dst, which are the
source and destination host names, respectively.
o The function should return a list of switch names that form the shortest
path between the source and destination hosts. For example, if the
shortest path from h1 to h4 is s1-s2-s4, the function should return [‘s1’,
‘s2’, ‘s4’].
o To find the shortest path, you can use
the get shortest path function that is provided by the script. This function takes two parameters:
src and dst, which

are the source and destination switch names, respectively. It returns a list of switch names that form the
shortest path between them.
For example, if the shortest path from s1 to s4 is s1-s2-s4, the function returns [‘s1’, ‘s2’, ‘s4’].
• To use the get shortest path function, you need to map the
host names to switch names. You can use
the host to switch dictionary that is provided by the script. This dictionary maps each host name to its
connected switch name. For example, host_to_switch[‘h1’] returns ‘s1’.
• To write the function, you can follow these steps:
 o Initialize an empty list called path.
o Get the switch name of the source host by using
the host to switch dictionary and store it in a variable called
src switch.
o Get the switch name of the destination host by using
the host to switch dictionary and store it in a variable called
dst switch.
o Call the get shortest path function
with src switch and dst switch as parameters and store the result in
a variable called switch path.
o Append src switch to path.
o Loop through switch path from index 1 to the end and
append each element to path.
o Append dst switch to path.
o Return path.
 Step 4: Implement firewall policies to block traffic between certain hosts
or applications
o In this task, you need to write a function
called task2 firewall policies that takes three parameters: src, dst, and app, which are the source
host name, destination host name, and application name, respectively.
o The function should return a boolean value that indicates whether the
traffic should be blocked or not. For example, if there is a firewall policy
that blocks traffic from h1 to h2 for app1, the function should return
True when called with src=‘h1’, dst=‘h2’, and app=‘app1’.
o To implement the firewall policies, you can use
the firewall policies list that is provided by the script. This list contains tuples of three elements: source host
name, destination host name, and application name. Each tuple represents a firewall policy that blocks traffic
between those hosts for that application.

For example, (‘h1’, ‘h2’, ‘app1’) means that traffic from h1 to h2 for app1 is blocked.
To write the function, you can follow these steps:
•
o Initialize a variable called blocked with False.
o Loop through the firewall policies list and check if
there is a tuple that matches the parameters.
o If there is a match, set blocked to True and break out of the loop.
o Return blocked.
 Step 5: Implement virtual network slicing to isolate different
tenants or applications
o In this task, you need to write a function
called task3 virtual network slicing that takes three parameters: src, dst, and app, which
are the source host name, destination host name, and application name, respectively.
o The function should return a boolean value that indicates whether
the traffic should be allowed or not. For example, if there is a
virtual network slice that isolates tenant1 from tenant2, the function
 should return False when called with src=‘h1’, dst=‘h3’, and
app=‘app1’, where h1 belongs to tenant1 and h3 belongs to tenant2.
o To implement the virtual network slicing, you can use the
virtual network slices dictionary that is provided.

Python Implementation of the above:

def taskl shortest path routing(src, dst)

# Initialize an empty list called path
path []
# Get the switch name of the source host by using the host to switch
dictionary
src switch host to switch[src]
dst switch host to switch[dst]
switch path get shortest path(src switch, dst switch)
# Append src switch to path
path.append(src switch)
# Loop through switch path from index l to the end and append each
element to path
for i in range(l, len(switch path))
path.append(switch path[i])
# Append dst switch to path
path.append(dst switch)
# Return path
return path

def task2 firewall policies(src, dst,app):

# Initialize a variable called blocked withFalse blocked False
# Loop through the firewall policies list and check if there is atuple that matches the parameters
for policy in firewall policies:
# If there is a match, set blocked to True and break out of theloop if policy (src, dst, app):
blocked True break
# Return blocked return
blocked
def task3 virtual network slicing(src, dst,app):
# Get the tenant name of the source host by using thehost to tenant dictionary
src tenant host to tenant[src]
# Get the tenant name of the destination host by using thehost to tenant dictionary
dst tenant host to tenant[dst]
# Check if the source and destination hosts belong to the same tenant if src tenant dst tenant:
# If they do, return True to allow thetraffic return True
else:
# If they don't, check if there is a virtual network slice thatallows traffic between them for that
application
# Use the virtual network slices dictionary to get the list ofapplications that are allowed for each pair of
tenants
# Use the tuple (src tenant, dst tenant) as the key to accessthe dictionary
allowed apps virtual network slices[(src tenant,
dst tenant)] # Check if the application is in the list of allowedapps
if app in allowed apps:
# If it is, return True to allow thetraffic return True
else:
# If it isn't, return False to block thetraffic return False

Figure 4: Expected Output