Floodlight 用Static Flow Pusher 改变流表
实验拓扑:
1.登录mininet
sudo ssh -x openflow@openflow
2.启动floodlight
写一个把启动floodlight小脚本,用shell来运行
#!/bin/sh
cd /home/fei/workspace/floodlight-0.90/target
java -jar floodlight.jar 终端中运行这个脚本
3.构建拓扑
sudo mn --topo single,3 --controller=remote --ip=192.168.131.129 --port=6633
4.h2,h3,h4三个host相互ping,可以看到默认是可以拼通的,而且从每个host,第一个ping包time值比较大,可以猜测出默认转发端口是floodlight控制器
可以在floodlight包的
src/main/resources/floodlightdefault.properties
net.floodlightcontroller.forwarding.Forwarding
5.至此基本网络已经完成,接下来我们使用Static Flow Pusher 改变流表,让h2 ping不通h3,h4。 h3与h4能ping通,转发口使用floodlight控制器,我们设置从端口1的数据从端口1转发回去,也可以在actions域置为空,则丢弃从端口1来的包。
python代码:
import httplib
import json
class StaticFlowPusher(object):
def __init__(self, server):
self.server = server
def get(self, data):
ret = self.rest_call({}, 'GET')
return json.loads(ret[2])
def set(self, data):
ret = self.rest_call(data, 'POST')
return ret[0] == 200
def remove(self, objtype, data):
ret = self.rest_call(data, 'DELETE')
return ret[0] == 200
def rest_call(self, data, action):
path = '/wm/staticflowentrypusher/json'
headers = {
'Content-type': 'application/json',
'Accept': 'application/json',
}
body = json.dumps(data)
conn = httplib.HTTPConnection(self.server, 8080)
conn.request(action, path, body, headers)
response = conn.getresponse()
ret = (response.status, response.reason, response.read())
print ret
conn.close()
return ret
pusher = StaticFlowPusher('192.168.131.129') #控制器ip
flow1 = {
'switch':"00:00:00:00:00:00:00:01",
"name":"flow-mod-1",
"cookie":"0",
"priority":"32768",
"ingress-port":"1",
"active":"true",
"actions":"output=1"
}
flow2 = {
'switch':"00:00:00:00:00:00:00:01",
"name":"flow-mod-2",
"cookie":"0",
"priority":"32768",
"ingress-port":"2",
"active":"true",
"actions":"output=flood"
}
flow3 = {
'switch':"00:00:00:00:00:00:00:01",
"name":"flow-mod-3",
"cookie":"0",
"priority":"32768",
"ingress-port":"3",
"active":"true",
"actions":"output=flood"
}
#添加流表flow1,flow2,flow3
pusher.set(flow1)
pusher.set(flow2)
pusher.set(flow3)
运行python flow1.py,可以看到按代码添加了3个流表
在mininet执行
dpctl dump-flows tcp:127.0.0.1:6634
也可以在floodlight的web页面看到流表项
实验结果如下:
(1)h3与h4能ping通
(2)h2与h3不能ping通,当然h2与h4也是如此
下面将流表flow2,flow3项"actions":"output=flood"字段改成相应的端口,即2转发到3,3转发到2
通过ping h3,h4,可以看到第一个ping 包time值明显缩小,因为添加了直接转发的表项,而不是上面那样的经过控制器,不过跟后面的包time值还不是一个数量级,因为对控制器不是很熟悉,这些细节还有待学习。
