一、實驗目的
- 能夠編寫程序調用OpenDaylight REST API實現特定網絡功能;
- 能夠編寫程序調用Ryu REST API實現特定網絡功能。
二、實驗環境
- 下載虛擬機軟件Oracle VisualBox或VMware;
- 在虛擬機中安裝Ubuntu 20.04 Desktop amd64,並完整安裝Mininet、OpenDaylight(Carbon版本)、Postman和Ryu;
三、實驗要求
(一)基本要求
-
OpenDaylight
(1) 利用Mininet平台搭建下圖所示網絡拓撲,並連接OpenDaylight;
-
創建拓撲
sudo mn --topo=single,3 --controller=remote,ip=127.0.0.1,port=6633 --switch ovsk,protocols=OpenFlow10
(2) 編寫Python程序,調用OpenDaylight的北向接口下發指令刪除s1上的流表數據。
#!/usr/bin/python import requests from requests.auth import HTTPBasicAuth def http_delete(url): url= url headers = {'Content-Type':'application/json'} resp = requests.delete(url, headers=headers, auth=HTTPBasicAuth('admin', 'admin')) return resp if __name__ == "__main__": url = 'http://127.0.0.1:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:1/' resp = http_delete(url) print(resp.content)(3) 編寫Python程序,調用OpenDaylight的北向接口下發硬超時流表,實現拓撲內主機h1和h3網絡中斷20s。
#!/usr/bin/python import requests from requests.auth import HTTPBasicAuth def http_put(url,jstr): url= url headers = {'Content-Type':'application/json'} resp = requests.put(url,jstr,headers=headers,auth=HTTPBasicAuth('admin', 'admin')) return resp if __name__ == "__main__": url='http://127.0.0.1:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:1/flow-node-inventory:table/0/flow/1' with open('timeout.json') as f: jstr = f.read() resp = http_put(url,jstr) print (resp.content)timeout.json
{ "flow": [ { "id": "1", "match": { "in-port": "1", "ethernet-match": { "ethernet-type": { "type": "0x0800" } }, "ipv4-destination": "10.0.0.3/32" }, "instructions": { "instruction": [ { "order": "0", "apply-actions": { "action": [ { "order": "0", "drop-action": {} } ] } } ] }, "flow-name": "flow1", "priority": "65535", "hard-timeout": "20", "cookie": "2", "table_id": "0" } ] }效果如下:
(4) 編寫Python程序,調用OpenDaylight的北向接口獲取s1上活動的流表數。
#!/usr/bin/python import requests from requests.auth import HTTPBasicAuth def http_get(url): url= url headers = {'Content-Type':'application/json'} resp = requests.get(url,headers=headers,auth=HTTPBasicAuth('admin','admin')) return resp if __name__ == "__main__": url='http://127.0.0.1:8181/restconf/operational/opendaylight-inventory:nodes/node/openflow:1/flow-node-inventory:table/0/opendaylight-flow-table-statistics:flow-table-statistics' resp = http_get(url) print(resp.content)
-
-
Ryu
(1) 編寫Python程序,調用Ryu的北向接口,實現上述OpenDaylight實驗拓撲上相同的硬超時流表下發。#!/usr/bin/python import requests if __name__ == "__main__": url = 'http://127.0.0.1:8080/stats/flowentry/add' with open("addtimeout.json") as f: jstr = f.read() headers = {'Content-Type': 'application/json'} res = requests.post(url, jstr, headers=headers) print (res.content)addtimeout.json
{ "dpid": 1, "cookie": 1, "cookie_mask": 1, "table_id": 0, "hard_timeout": 20, "priority": 65535, "flags": 1, "match":{ "in_port":1 }, "actions":[ ] }
(2) 利用Mininet平台搭建下圖所示網絡拓撲,要求支持OpenFlow 1.3協議,主機名、交換機名以及端口對應正確。拓撲生成后需連接Ryu,且Ryu應能夠提供REST API服務。
#!/usr/bin/env python from mininet.topo import Topo class MyTopo(Topo): def __init__(self): Topo.__init__(self) self.addSwitch("s1") self.addSwitch("s2") self.addHost("h1") self.addHost("h2") self.addHost("h3") self.addHost("h4") self.addLink("s1", "h1") self.addLink("s1", "h2") self.addLink("s2", "h3") self.addLink("s2", "h4") self.addLink("s1", "s2") topos = {'mytopo': (lambda: MyTopo())}連接ryu
ryu-manager ryu.app.simple_switch_13 ryu.app.ofctl_rest創建拓撲
sudo mn --custom topo.py --topo mytopo --mac --controller=remote,ip=127.0.0.1,port=6633 --switch ovsk,protocols=OpenFlow13(3) 整理一個Shell腳本,參考Ryu REST API的文檔,利用curl命令,實現和實驗2相同的VLAN。
VLAN_ID Hosts 0 h1 h3 1 h2 h4 shell腳本
# 將主機1,2發送來的包打上vlan標記 curl -X POST -d '{ "dpid": 1, "priority": 1, "match":{ "in_port": 1 }, "actions":[ { "type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged "ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame }, { "type": "SET_FIELD", "field": "vlan_vid", # Set VLAN ID "value": 4096 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096) }, { "type": "OUTPUT", "port": 3 } ] }' http://localhost:8080/stats/flowentry/add curl -X POST -d '{ "dpid": 1, "priority": 1, "match":{ "in_port": 2 }, "actions":[ { "type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged "ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame }, { "type": "SET_FIELD", "field": "vlan_vid", # Set VLAN ID "value": 4097 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096) }, { "type": "OUTPUT", "port": 3 } ] }' http://localhost:8080/stats/flowentry/add # 將主機3,4發送來的包取出vlan標記 curl -X POST -d '{ "dpid": 1, "priority": 1, "match":{ "vlan_vid": 0 }, "actions":[ { "type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged "ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame }, { "type": "OUTPUT", "port": 1 } ] }' http://localhost:8080/stats/flowentry/add curl -X POST -d '{ "dpid": 1, "priority": 1, "match":{ "vlan_vid": 1 }, "actions":[ { "type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged "ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame }, { "type": "OUTPUT", "port": 2 } ] }' http://localhost:8080/stats/flowentry/add # 將主機3,4發送來的包打上vlan標記 curl -X POST -d '{ "dpid": 2, "priority": 1, "match":{ "in_port": 1 }, "actions":[ { "type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged "ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame }, { "type": "SET_FIELD", "field": "vlan_vid", # Set VLAN ID "value": 4096 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096) }, { "type": "OUTPUT", "port": 3 } ] }' http://localhost:8080/stats/flowentry/add curl -X POST -d '{ "dpid": 2, "priority": 1, "match":{ "in_port": 2 }, "actions":[ { "type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged "ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame }, { "type": "SET_FIELD", "field": "vlan_vid", # Set VLAN ID "value": 4097 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096) }, { "type": "OUTPUT", "port": 3 } ] }' http://localhost:8080/stats/flowentry/add curl -X POST -d '{ "dpid": 2, "priority": 1, "match":{ "vlan_vid": 0 }, "actions":[ { "type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged "ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame }, { "type": "OUTPUT", "port": 1 } ] }' http://localhost:8080/stats/flowentry/add curl -X POST -d '{ "dpid": 2, "priority": 1, "match":{ "vlan_vid": 1 }, "actions":[ { "type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged "ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame }, { "type": "OUTPUT", "port": 2 } ] }' http://localhost:8080/stats/flowentry/add執行后效果如下:
成功划分VLAN
(二)進階要求
編程實現基本要求第2部分Ryu(3)中的VLAN划分。
python代碼
#!/usr/bin/python
import json
import requests
if __name__ == "__main__":
url = 'http://127.0.0.1:8080/stats/flowentry/add'
headers = {'Content-Type': 'application/json'}
flow1 = {
"dpid": 1,
"priority": 1,
"match":{
"in_port": 1
},
"actions":[
{
"type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "SET_FIELD",
"field": "vlan_vid", # Set VLAN ID
"value": 4096 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096)
},
{
"type": "OUTPUT",
"port": 3
}
]
}
flow2 = {
"dpid": 1,
"priority": 1,
"match":{
"in_port": 2
},
"actions":[
{
"type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "SET_FIELD",
"field": "vlan_vid", # Set VLAN ID
"value": 4097 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096)
},
{
"type": "OUTPUT",
"port": 3
}
]
}
flow3 = {
"dpid": 1,
"priority": 1,
"match":{
"vlan_vid": 0
},
"actions":[
{
"type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "OUTPUT",
"port": 1
}
]
}
flow4 = {
"dpid": 1,
"priority": 1,
"match": {
"vlan_vid": 1
},
"actions": [
{
"type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "OUTPUT",
"port": 2
}
]
}
flow5 = {
"dpid": 2,
"priority": 1,
"match": {
"in_port": 1
},
"actions": [
{
"type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "SET_FIELD",
"field": "vlan_vid", # Set VLAN ID
"value": 4096 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096)
},
{
"type": "OUTPUT",
"port": 3
}
]
}
flow6 = {
"dpid": 2,
"priority": 1,
"match": {
"in_port": 2
},
"actions": [
{
"type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "SET_FIELD",
"field": "vlan_vid", # Set VLAN ID
"value": 4097 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096)
},
{
"type": "OUTPUT",
"port": 3
}
]
}
flow7 = {
"dpid": 2,
"priority": 1,
"match": {
"vlan_vid": 0
},
"actions": [
{
"type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "OUTPUT",
"port": 1
}
]
}
flow8 = {
"dpid": 2,
"priority": 1,
"match":{
"vlan_vid": 1
},
"actions":[
{
"type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "OUTPUT",
"port": 2
}
]
}
res1 = requests.post(url, json.dumps(flow1), headers=headers)
res2 = requests.post(url, json.dumps(flow2), headers=headers)
res3 = requests.post(url, json.dumps(flow3), headers=headers)
res4 = requests.post(url, json.dumps(flow4), headers=headers)
res5 = requests.post(url, json.dumps(flow5), headers=headers)
res6 = requests.post(url, json.dumps(flow6), headers=headers)
res7 = requests.post(url, json.dumps(flow7), headers=headers)
res8 = requests.post(url, json.dumps(flow8), headers=headers)
執行效果如下:
四、個人總結
-
實驗難度:較難
有前幾次實驗的積累這次實驗相對來說比較順利,但是由於對前面的知識地部分遺忘,所以在剛開始做實驗時還是有一點找不到方向,但是經過知識的回顧,還是能比較明確的知道每一步的做法。
-
實驗過程遇到的困難:
1.問題:調用OpenDaylight的北向接口下發指令刪除s1上的流表數據時出現如下錯誤反饋
解決方案:我原本以為是我請求的方式有問題導致無法找到流表信息,詢問老師后發現是因為原先沒有下發流表或者是之前已經將流表刪除,所以無法進行刪除流表操作
2.問題:調用Ryu的北向接口實現硬超時流表下發前創建拓撲無法ping通
解決方案:建立拓撲時應該使用OpenFlow1.3,使用OpenFlow1.0會出現無法ping通的情況
-
個人感想:
通過這次實驗,我進一步了解了OpenDaylight和Ryu的使用,對如何閱讀官方文檔也有了自己的心得,除此之外還進一步學習了python的request庫,把原本快要遺忘的知識重新學習鞏固了起來,總體上這次實驗還是有很大收獲。