yy 编写
软件环境的搭建:(2条消息) SDN mininet OVS ryu 安装之路_×的博客-CSDN博客https://blog.csdn.net/weixin_43944134/article/details/104657239
RYU+Mininet+OVS,当然也可以使用其他的控制器。
RYU:主要是启动防火墙功能,我们直接使用默认的RYU的rest_firewall.py就行
Mininet:主要是拓扑构建以及一些设置,撰写python代码构建拓扑以及配置相关
OVS:(1条消息) OVS技术介绍(四十一)_bob62856的博客-CSDN博客_ovshttps://blog.csdn.net/qq_20817327/article/details/105588569
链接:(1条消息) Mininet--topo类型-py创建自定义拓扑网络_不见天高的博客-CSDN博客_mininet中topo参数用于指定自定义拓扑文件https://blog.csdn.net/wuliangtianzu/article/details/82689347#:~:text=Mininet%E8%87%AA%E5%8A%A8%E5%88%9B%E5%BB%BA%E7%BD%91%E7%BB%9C%E6%8B%93%E6%89%91%201%201.liner%20%E5%8D%95%E4%B8%80%E6%8B%93%E6%89%91%20single%E5%AE%9A%E5%88%B6%E7%9A%84%E6%8B%93%E6%89%91%E9%87%8C%E5%8F%AA%E6%9C%89%E4%B8%80%E4%B8%AA%E4%BA%A4%E6%8D%A2%E6%9C%BA%EF%BC%8C%E4%B8%BB%E6%9C%BA%E6%95%B0%E9%87%8F%E8%87%AA%E7%94%B1%E6%8C%87%E5%AE%9A%EF%BC%8C%E5%91%88%E6%94%BE%E5%B0%84%E7%8A%B6%EF%BC%8C%E9%80%9A%E8%BF%87%E5%A6%82%E4%B8%8B%E5%91%BD%E4%BB%A4%E5%88%9B%E5%BB%BA%E6%8B%93%E6%89%91%EF%BC%9A%20%23--topo%3Dsingle%2C5%3A%20%E6%8C%87%E5%AE%9A%E6%8B%93%E6%89%91%E7%B1%BB%E5%9E%8B%E4%BB%A5%E5%8F%8A%E4%B8%BB%E6%9C%BA%E6%95%B0%E9%87%8F%20...,5%205.reversed%E5%8F%8D%E5%90%91%E6%8B%93%E6%89%91%20%E8%BF%99%E7%A7%8D%E6%8B%93%E6%89%91%E7%B1%BB%E5%9E%8B%E4%B8%8Esingle%E5%8D%95%E4%B8%80%E6%8B%93%E6%89%91%E7%B1%BB%E5%9E%8B%E7%9B%B8%E5%90%8C%EF%BC%8C%E9%80%9A%E8%BF%87%E5%A6%82%E4%B8%8B%E5%91%BD%E4%BB%A4%E5%88%9B%E5%BB%BA%E6%8B%93%E6%89%91%EF%BC%9A%20...%206%206.turse%E7%8E%AF%E5%BD%A2%E6%8B%93%E6%89%91%20%E4%B8%AA%E4%BA%BA%E4%B8%8D%E6%98%AF%E5%BE%88%E7%90%86%E8%A7%A3%E4%B9%9F%E5%BE%88%E5%B0%91%E7%94%A8%E5%88%B0%EF%BC%8C%E8%BF%99%E9%87%8C%E4%B8%8D%E5%81%9A%E4%BB%8B%E7%BB%8D%EF%BC%8C%E6%9C%89%E5%85%B4%E8%B6%A3%E5%8F%AF%E4%BB%A5%E7%99%BE%E5%BA%A6%E8%87%AA%E6%9F%A5%E3%80%82%20
三个函数
增加主机:
addHost('hostname')
增加交换机:
addSwitch('switchname')
增加链路:
addLink(node1,node2,node1_port,node2_port)
示例python代码:
from mininet.topo import Topo
class MyTopo(Topo):
def __init__(self):
# initilaize topology
Topo.__init__(self)
# add hosts and switches
host1 = self.addHost('h1')
host2 = self.addHost('h2')
host3 = self.addHost('h3')
host4 = self.addHost('h4')
switch1 = self.addSwitch('s1')
switch2 = self.addSwitch('s2')
# add links
self.addLink(host1, switch1, 1, 1)
self.addLink(host2, switch1, 1, 2)
self.addLink(host3, switch2, 1, 1)
self.addLink(host4, switch2, 1, 2)
topos = {'mytopo': (lambda: MyTopo())}
在对应文件的目录下执行
sudo mn --custom mininet_topo.py --topo mytopo
注意:不推荐使用
使用命令:运行mininet/examples下的miniedit.py
注意:可能会遇到报错
因为mininet运行需要python2和python3的支持,所以需要软连接一下,让mininet两个python环境都可以使用。
详细可以参考:解决mininet运行报错“ImportError: No module named mininet.log” - 旺得福000 - 博客园 (cnblogs.com)https://www.cnblogs.com/fjlinww/p/13388427.html#:~:text=%E9%97%AE%E9%A2%98%E6%8F%8F%E8%BF%B0%EF%BC%9A%20%E8%BF%90%E8%A1%8Cminiedit.py%E6%97%B6%E6%8A%A5%E9%94%99%20ImportError%3A%20No%20module%20named,mininet.log%20%E5%88%86%E6%9E%90%20%EF%BC%9A%E6%AD%A4%E6%97%B6miniedit.py%E9%9C%80%E8%A6%81%E7%94%A8python3%E6%89%8D%E8%83%BD%E8%BF%90%E8%A1%8C%EF%BC%8C%E4%BD%86%E6%98%AF%E5%8F%88%E9%81%87%E5%88%B0%E5%8F%A6%E4%B8%80%E4%B8%AA%E9%97%AE%E9%A2%98%EF%BC%8C%E5%A6%82%E6%9E%9C%E7%94%A8python3%E8%BF%90%E8%A1%8Cminiedit.py%EF%BC%8C%E9%82%A3%E4%B9%88%E6%89%A7%E8%A1%8CExport%20Level%202%20Script%E4%BF%9D%E5%AD%98%E6%8B%93%E6%89%91%E6%97%B6%E4%B9%9F%E4%BC%9A%E6%8A%A5%E9%94%99%EF%BC%8C%E5%BF%85%E9%A1%BB%E5%8F%88%E5%9B%9E%E5%88%B0python2%E8%BF%90%E8%A1%8Cminiedit.py%E6%89%8D%E8%83%BD%E6%88%90%E5%8A%9F%E4%BF%9D%E5%AD%98%E3%80%82
命令:sudo mn --custom mininet_topo.py --topo mytopo
作用:主要是查看各个交换机上的流表
命令:sudo ovs-vsctl set Bridge s1 protocols=OpenFlow13
命令:ryu-manager rest_firewall.py
注意到:ryu-manager这个命令可以同时启用多个py文件
可以看到,ryu已经获取了拓扑中的各个交换机,每个交换机的编号是16位数字
Ubuntu中在浏览器输入:http://localhost:8080/firewall/module/status
初始状态都是disable的
开启交换机enable的
命令:curl -X PUT http://localhost:8080/firewall/module/enable/0000000000000001
设置一些特殊的报文可以通过交换机
命令:curl -X POST -d '{"nw_src": "10.0.0.2", "nw_dst": "10.0.0.1", "nw_proto": "ICMP"}' http://127.0.0.1:8080/firewall/rules/0000000000000001
import requests
data = '{"nw_src": "10.0.0.2", "nw_dst": "10.0.0.1", "nw_proto": "ICMP"}'
response = requests.post('http://127.0.0.1:8080/firewall/rules/0000000000000001', data=data)
允许IP包进行通信
命令:
curl -X POST -d ’{"nw_src": "10.0.0.2/32", "nw_dst": "10.0.0.3/32"}’
查看交换机的流表规则
sudo ovs-ofctl -O openflow13 dump-flows s1
阻塞数据包
命令:curl -X POST -d ’{"nw_src": "10.0.0.3/32", "nw_dst": "10.0.0.2/32", "nw_proto": "ICMP", "actions": "DENY", "priority": "10"}’
命令:curl http://localhost:8080/firewall/rules/0000000000000001
curl -X DELETE -d ’{"rule_id": "5"}’ http://localhost:8080/firewall/rules
/0000000000000001