2015初赛练习题

搭建环境

  • sudo apt-get install build-essential default-jdk ant python-dev
  • sudo apt-get install git
  • git clone git://github.com/floodlight/floodlight.git
  • cd floodlight
  • ant # 根据build.xml会生成target目录
  • java -jar target/floodlight.jar
  • http://localhost:8080/ui/index.html
  • ssh登陆mininet
  • sudo mn –custom ~/topo-2sw-2host.py –topo mytopo –controller=remote,ip=192.168.56.103,port=6653

关于sudo apt-get install build-essential default-jdk ant python-dev eclipse

  • 这是配置Floodlight是首先用到的一句话,安装了四个包
  • dpkg -s build-essential default-jdk ant python-dev eclipse 可以查看各个包的信息
  • sudo apt-cache depends build-essential 可以查看这个包的依赖信息,表示这些依赖的都已经装好了
  • apt-get安装的jdk就不用配置环境变量了如果自动安装的就不需要配置环境变量了,配置环境变量的目的是告诉系统
  • 有这样一些资源,典型的是你使用tab键能够找到可以运行的程序,如果这个程序的位置没有设置在path环境变量里面就无法自动提示
  • linux发行版通常会把类库的头文件和相关的pkg-config分拆成一个单独的xxx-dev(el)包.
  • 以python为例, 以下情况你是需要python-dev的
  • 你需要自己安装一个源外的python类库, 而这个类库内含需要编译的调用python api的c/c++文件 //如:安装使用WiringpisPi库需要python-dev
  • 你自己写的一个程序编译需要链接libpythonXX.(a|so)
  • (注:以上不含使用ctypes/ffi或者裸dlsym方式直接调用libpython.so)
  • 其他正常使用python或者通过安装源内的python类库的不需要python-dev.

第一题:基础题

第1小题:简单网络

  • 搭建自己的拓扑
  • 我所有的拓扑文件都放到了~/目录下
    //topo-2sw-2host.py
    """Custom topology example
    Two directly connected switches plus a host for each switch:
       host --- switch --- switch --- host
    Adding the 'topos' dict with a key/value pair to generate our newly defined
    topology enables one to pass in '--topo=mytopo' from the command line.
    """
    from mininet.topo import Topo
    class MyTopo( Topo ):
        "Simple topology example."
        def __init__( self ):
            "Create custom topo."
            # Initialize topology
            Topo.__init__( self )
            # Add hosts and switches
            leftHost = self.addHost( 'h1' )
            rightHost = self.addHost( 'h2' )
            leftSwitch = self.addSwitch( 's3' )
            rightSwitch = self.addSwitch( 's4' )
            # Add links
            self.addLink( leftHost, leftSwitch )
            self.addLink( leftSwitch, rightSwitch )
            self.addLink( rightSwitch, rightHost )
    topos = { 'mytopo': ( lambda: MyTopo() ) }
  • sudo mn –custom ~/topo-2sw-2host.py –topo mytopo –controller=remote,ip=192.168.56.103,port=6653
  • 修改默认流表转发路径:Ubuntu ~/floodlight/src/main/resources/floodlightdefault.properties
  • cp floodlightdefault.properties floodlightdefault.properties.noforwarding
  • cp floodlightdefault.properties floodlightdefault.properties.forwarding
  • cp floodlightdefault.properties.noforwarding floodlightdefault.properties
  • ant一下(这个不用),会根据属性文件自动加载模块
  • 将第一行forwarding那句话加#注释,重新ant一下


  • 手动下发流表

    curl -d '{"switch":"00:00:00:00:00:00:00:03","name":"flow-mod-1","cookie":"0","priority":"32767","in_port":"1","active":"true","actions":"output=2"}' http://192.168.56.103:8080/wm/staticflowpusher/json
    curl -d '{"switch":"00:00:00:00:00:00:00:03","name":"flow-mod-2","cookie":"0","priority":"32767","in_port":"2","active":"true","actions":"output=1"}' http://192.168.56.103:8080/wm/staticflowpusher/json
    curl -d '{"switch":"00:00:00:00:00:00:00:04","name":"flow-mod-3","cookie":"0","priority":"32767","in_port":"1","active":"true","actions":"output=2"}' http://192.168.56.103:8080/wm/staticflowpusher/json
    curl -d '{"switch":"00:00:00:00:00:00:00:04","name":"flow-mod-4","cookie":"0","priority":"32767","in_port":"2","active":"true","actions":"output=1"}' http://192.168.56.103:8080/wm/staticflowpusher/json
  • json 把actions属性值置空就可以实现无法ping通
  • URL: http://localhost:8080/wm/staticflowpusher/json
  • 在Postman中一次只能一个
{
    "switch": "00:00:00:00:00:00:00:03",
    "name": "flow-mod-1",
    "cookie": "0",
    "priority": "32767",
    "in_port": "1",
    "active": "true",
    "actions": "output=2"
}
{
    "switch": "00:00:00:00:00:00:00:03",
    "name": "flow-mod-2",
    "cookie": "0",
    "priority": "32767",
    "in_port": "2",
    "active": "true",
    "actions": "output=1"
}
{
    "switch": "00:00:00:00:00:00:00:04",
    "name": "flow-mod-3",
    "cookie": "0",
    "priority": "32767",
    "in_port": "1",
    "active": "true",
    "actions": "output=2"
}
{
    "switch": "00:00:00:00:00:00:00:04",
    "name": "flow-mod-4",
    "cookie": "0",
    "priority": "32767",
    "in_port": "2",
    "active": "true",
    "actions": "output=1"
}

第2小题:访问限制

  • 搭建自己的拓扑
    //AccesslimitTopo.py
    from mininet.topo import Topo
    class MyTopo( Topo ):
        "Simple topology example."
        def __init__( self ):
            "Create custom topo."
            # Initialize topology
            Topo.__init__( self )
            # Add hosts and switches
            Host1 = self.addHost( 'Host1' )
            Server1 = self.addHost( 'Server1' )
            Switch1 = self.addSwitch( 'Switch1' )
            Switch2 = self.addSwitch( 'Switch2' )
            # Add links
            self.addLink( Host1,Switch1 )
            self.addLink( Switch1, Switch2 )
            self.addLink( Switch2, Server1 )
    topos = { 'mytopo': ( lambda: MyTopo() ) }
    //Serer1.py
    import SimpleHTTPServer
    import SocketServer
    class SETHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
        def createHTML(self):
            html = file("/home/mininet/Server1.html", "r")
            for line in html:
                self.wfile.write(line)
        def do_GET(self):
            print "GET"
            print self.headers;
            self.createHTML()
        def do_POST(self):
            print "POST"
            print self.headers;
            length = int(self.headers.getheader('content-length'))
            qs = self.rfile.read(length)
            url=urldecode(qs)
            print "url="
            print url
            self.createHTML()
    Handler = SETHandler
    PORT = 80
    httpd = SocketServer.TCPServer(("", PORT), Handler)
    print "Start Server1......"
    print "serving at port", PORT
    httpd.serve_forever()
//Serer1.html
<html>
    <head><title>Server1title>head>
    <body bgcolor="red"><p align="center">
            Hello , this is Server1!p>body>
html>
  • 把forwarding的模块加上
  • mininet> xterm Server1 && python Serer1/Serer1.py
  • mininet> xterm Host1 && wget -O - 10.0.0.2 或者 wget -O http://10.0.0.2 O参数是显示在命令行
  • 注意查看一下Server1.py中的html文件的位置
  • mininet> Server1 firefox localhost 访问Server1提供的静态网页
  • 限制访问服务器流表 mininet
    Switch1 dpctl add-flow tcp:127.0.0.1:6634 in_port=1,idle_timeout=60,actions=output:2
    Switch1 dpctl add-flow tcp:127.0.0.1:6634 in_port=2,idle_timeout=60,actions=output:1
    Switch2 dpctl add-flow tcp:127.0.0.1:6634 in_port=1,idle_timeout=60,actions=output:2
    Switch2 dpctl add-flow tcp:127.0.0.1:6634 in_port=2,idle_timeout=60,actions=output:1
  • 访问限制流表 floodlight
  • URL: http://localhost:8080/wm/staticflowpusher/json
{
    "switch": "00:00:00:00:00:00:00:01",
    "name": "flow-mod-1",
    "cookie": "0",
    "priority": "32767",
    "in_port": "1",
    "idle_timeout": "60",
    "active": "true",
    "actions": "output=2"
}
{
    "switch": "00:00:00:00:00:00:00:01",
    "name": "flow-mod-2",
    "cookie": "0",
    "priority": "32767",
    "in_port": "2",
    "idle_timeout": "60",
    "active": "true",
    "actions": "output=1"
}
{
    "switch": "00:00:00:00:00:00:00:02",
    "name": "flow-mod-3",
    "cookie": "0",
    "priority": "32767",
    "in_port": "1",
    "idle_timeout": "60",
    "active": "true",
    "actions": "output=2"
}
{
    "switch": "00:00:00:00:00:00:00:02",
    "name": "flow-mod-4",
    "cookie": "0",
    "priority": "32767",
    "in_port": "2",
    "idle_timeout": "60",
    "active": "true",
    "actions": "output=1"
}

第二题:提高题

第1小题:代理访问

  • 要添加forwarding模块
  • flt && sshxm && sudomn ProxyaccessTopo.py && pingall
    //ProxyaccessTopo.py
    from mininet.topo import Topo
    class MyTopo( Topo ):
        def __init__( self ):
            Topo.__init__( self )
            host1 = self.addHost('Host1')
            host2 = self.addHost('Host2')
            server1 = self.addHost('Server1')
            proxy1 = self.addHost('Proxy1')
            switch1 = self.addSwitch('Switch1')
            switch2 = self.addSwitch('Switch2')
            switch3 = self.addSwitch('Switch3')
            self.addLink( host1,switch1 )
            self.addLink( host2,switch1 )
            self.addLink( switch1,switch2)
            self.addLink( switch2,switch3)
            self.addLink( server1,switch2)
            self.addLink(proxy1,switch3)
    topos={'mytopo':(lambda:MyTopo())}
  • curl -X PUT http://localhost:8080/wm/firewall/module/enable/json
  • 在交换机上启用防火墙。由于默认情况下防火墙拒绝所有流量,只有明确的允许规则可以允许流量通过,因此目前防火墙阻隔所有数据包的通行
  • curl -X POST -d ‘{“switchid”: “00:00:00:00:00:00:00:01”}’ http://localhost:8080/wm/firewall/rules/json
  • curl -X POST -d ‘{“switchid”: “00:00:00:00:00:00:00:02”}’ http://localhost:8080/wm/firewall/rules/json
  • curl -X POST -d ‘{“switchid”: “00:00:00:00:00:00:00:03”}’ http://localhost:8080/wm/firewall/rules/json
  • 防火墙默认阻隔一切数据流量,因此需首先允许拓扑内设备间的数据交换,即添加允许规则,使流量能够在Switch1、Switch2和Switch3之间流通
  • curl -X POST -d ‘{“src-ip”: “10.0.0.1/32”, “dst-ip”: “10.0.0.3/32”, “action”:”DENY”}’ http://localhost:8080/wm/firewall/rules/json
  • 由于Host1为普通用户,因此原则上丌允许其访问代理服务器Proxy1。但是在第四步中由于允许交换机间的包交换而打开了Proxy1不Host1乊间的通路,因此必须单独指定deny劢作,阻隔Host1和Proxy1乊间的数据流劢。由于Host2(代理用户)未受影响,因此Host2仍然能够访问Proxy1

第2小题:流表管理

你可能感兴趣的:(SDN,&&,网络)