春风十里不如你 —— Taozi - OpenDaylight
https://xiongan.host/index.php/tag/OpenDaylight/
-
【SDN】使用Postman下发流表
https://xiongan.host/index.php/archives/206/
2023-05-11T10:25:41+08:00
使用Postman下发流表实验环境检查查看Opendaylight控制器登陆Opendaylight控制器,在查看控制器主机的6633端口监听状态root@guest-virtual-machine:/home/guest# netstat -an|grep 6633关闭防火墙sudo ufw disable访问WEB页面在OVS主机(Miniet主机)中创建拓扑结构,并测试连通性sudo mn --topo=single,3 --controller=remote,ip=192.168.123.10,port=6633 --switch ovsk,protocols=OpenFlow13在控制器页面查看到的拓扑图使用postman查看交换机id信息,交换机id为1http://192.168.123.10:8080/restconf/operational/network-topology:network-topology下发第一条流表PUThttp://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/1主机1的MAC地址:00:0c:29:91:9c:e6
主机2的MAC地址:42:59:6f:b2:ee:64<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<flow xmlns="urn:opendaylight:flow:inventory">
<priority>200</priority>
<flow-name>Foo1</flow-name>
<idle-timeout>0</idle-timeout>
<hard-timeout>0</hard-timeout>
<match>
<ethernet-match>
<ethernet-source>
<address>00:0c:29:91:9c:e6</address>
</ethernet-source>
<ethernet-destination>
<address>42:59:6f:b2:ee:64</address>
</ethernet-destination>
</ethernet-match>
</match>
<id>1</id>
<table_id>0</table_id>
<instructions>
<instruction>
<order>0</order>
<apply-actions>
<action>
<order>0</order>
<output-action>
<output-node-connector>2</output-node-connector>
</output-action>
</action>
</apply-actions>
</instruction>
</instructions>
</flow>下发第二条流表http://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/2<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<flow xmlns="urn:opendaylight:flow:inventory">
<priority>200</priority>
<flow-name>Foo1</flow-name>
<idle-timeout>0</idle-timeout>
<hard-timeout>0</hard-timeout>
<match>
<ethernet-match>
<ethernet-source>
<address>42:59:6f:b2:ee:64</address>
</ethernet-source>
<ethernet-destination>
<address>00:0c:29:91:9c:e6</address>
</ethernet-destination>
</ethernet-match>
</match>
<id>2</id>
<table_id>0</table_id>
<instructions>
<instruction>
<order>0</order>
<apply-actions>
<action>
<order>0</order>
<output-action>
<output-node-connector>1</output-node-connector>
</output-action>
</action>
</apply-actions>
</instruction>
</instructions>
</flow>登陆交换机,查看流表ovs-ofctl dump-flows s1删除第一条流表http://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/1删除第二条流表http://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/2
-
【SDN】防DDoS攻击应用开发
https://xiongan.host/index.php/archives/204/
2023-05-06T20:34:03+08:00
防DDoS攻击SDN应用开发基础环境Opendaylight + Mininet (安装好karaf等组件)Open vSwitch 2.3.1实验步骤查看控制器ip和交换机的连接状态登录控制器,查看端口是否处于监听状态netstat -an|grep 6633登录交换机,查看交换机与控制器的连接情况root@guest-virtual-machine:/home/guest# ovs-vsctl show
2e6efe16-6875-4feb-8451-7da554fbd3c8
ovs_version: "2.0.2"
//以上是交换机与控制器未连接成功,需要手动连接,显示以下的“is_connected:true”
root@guest-virtual-machine:/home/guest# ovs-vsctl add-br br-sw
root@guest-virtual-machine:/home/guest# ovs-vsctl set-controller br-sw tcp:192.168.123.10:6633
root@guest-virtual-machine:/home/guest# ovs-vsctl show登陆主机,查看主机与控制器连接情况,如果没连接,需要手动连接登录交换机,连接控制器(基于OVSDB协议创建一个新的连接)ovs-vsctl set-manager tcp:192.168.123.10:6640安装sFlow将sFlow安装包上传至控制器,并解压登录交换机,部署sFlow Agentovs-vsctl -- --id=@sflow create sflow agent=s1 target=\"192.168.123.10:6633\" header=128 sampling=10 polling=1 -- set bridge br-sw sflow=@sflow查看已配置的sFlow Agent信息ovs-vsctl list sflow登录控制器,启动sFlow验证防DDoS攻击打开浏览器,查看状态http://192.168.123.10:8008/html/index.html#status
-
【mininet】Opendaylight下的路由实验
https://xiongan.host/index.php/archives/200/
2023-04-18T21:12:00+08:00
简单的路由实验路由实验首先运行Opendaylight,并安装好组件编辑路由脚本脚本#!/usr/bin/python
import time
from mininet.net import Mininet
from mininet.node import Controller, RemoteController, OVSKernelSwitch,UserSwitch
from mininet.cli import CLI
from mininet.log import setLogLevel
from mininet.link import Link, TCLink
def topology():
"Create a network."
net = Mininet( controller=RemoteController, link=TCLink, switch=OVSKernelSwitch )
print "*** Creating nodes ***"
h1 = net.addHost( 'h1', mac='00:00:00:00:00:01', ip='10.123.10.1/24' )
h2 = net.addHost( 'h2', mac='00:00:00:00:00:02', ip='10.123.10.2/24' )
h3 = net.addHost( 'h3', mac='00:00:00:00:00:03', ip='10.123.1.1/24' )
s1 = net.addSwitch( 's1', listenPort=6673, mac='00:00:00:00:00:11' )
s2 = net.addSwitch( 's2', listenPort=6674, mac='00:00:00:00:00:12' )
c0 = net.addController( 'c0', controller=RemoteController, ip='127.0.0.1', port=6633 )
print "*** Creating links ***"
net.addLink(s1, h1, 1, 0)
net.addLink(s2, h3, 1, 0)
Link(h2, s1, intfName1='h2-eth0')
Link(h2, s2, intfName1='h2-eth1')
h2.cmd('ifconfig h2-eth1 10.123.1.2 netmask 255.255.255.0')
h2.cmd('sysctl net.ipv4.ip_forward=1')
h1.cmd('route add default gw 10.123.10.2')
h3.cmd('route add default gw 10.123.1.2')
print "*** Starting network ***"
net.build()
c0.start()
s1.start( [c0] )
s2.start( [c0] )
print "*** Running CLI ***"
CLI( net )
print "*** Stopping network ***"
net.stop()
if __name__ == '__main__':
setLogLevel( 'info' )
topology()运行脚本python router.py两个交换机下发转发规则:root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s1 in_port=1,actions=output:2
root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s1 in_port=2,actions=output:1
root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s2 in_port=1,actions=output:2
root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s2 in_port=2,actions=output:1在CLI命令行里执行mininet> h1 route add default gw 10.123.10.2
mininet> h3 route add default gw 10.123.1.2
mininet> h1 ping 10.123.10.2
mininet> h1 ping 10.123.1.2这时候再次测试h1 ping h3 就可以通举例环境继承上述,再添加一个h4,使他们都可以通mininet> py net.addHost( 'h4', mac='00:00:00:00:00:04', ip='10.123.123.1/24' )
mininet> py net.addSwitch( 's3', listenPort=6675, mac='00:00:00:00:00:13' )创建链路mininet> py net.addLink(s3, h4, 1, 0)
mininet> py net.addLink(h2, s3, intfName1='h2-eth2')环境继承上述,再添加一个h4,使他们都可以通//添加h4设备
h4 = net.addHost( 'h4', mac='00:00:00:00:00:04', ip='10.123.123.1/24' )
//添加s3交换机
s3 = net.addSwitch( 's3', listenPort=6675, mac='00:00:00:00:00:13' )
//添加s3和h4的链路
net.addLink(s3, h4, 1, 0)
//设置ip端口
h2.cmd('ifconfig h2-eth2 10.123.123.2 netmask 255.255.255.0')
//设置h4的网关
h4.cmd('route add default gw 10.123.123.2')
//开启s3
s3.start( [c0] )
-
【OpenDaylight】及Postman实现流表下发
https://xiongan.host/index.php/archives/198/
2023-04-14T00:25:00+08:00
安装OVS主机名ip角色ovs192.168.123.10ovs首先连接SSH用finalshell连接,需要提前配置好ip和网卡上传ovs源文件,并解压进入目录,执行./configure,生成Makefile文件然后进入编译安装make
make install实验六-OpenDaylight及Postman实现流表下发使用Opendaylight虚拟机安装jdk1.8,并启动opendaylight安装组件:首先清理旧数据DELETE http://127.0.0.1:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:1/然后CLI命令行里再次清理sudo mn -c生成拓扑并连接 OpenDaylightsudo mn --topo=single,3 --controller=remote,ip=本机ip,port=6633 --switch ovsk,protocols=OpenFlow13使用 Postman 填入 JSON 格式的 http 请求//以下内容是Body中需要填写的
{
"flow": [
{
"id": "1",
"match": {
"in-port": "1",
"ethernet-match": {
"ethernet-type": {
"type": "0x0800"
}
},
"ipv4-destination": "10.0.0.3/32"
},
"instructions": {
"instruction": [
{
"order": "0",
"apply-actions": {
"action": [
{
"order": "0",
"drop-action": {}
}
]
}
}
]
},
"flow-name": "flow1",
"priority": "65535",
"hard-timeout": "5", //此处需要修改间隔,意味着h1 ping h3 有5秒时间是中断的
"cookie": "2",
"table_id": "0"
}
]
}现在CLI中h1 ping h3,再去PUT数据链接测试成功,结果符合预期鸣谢:小桂哥,King
-
【OpenDaylight】使用界面下发流表
https://xiongan.host/index.php/archives/196/
2023-04-05T23:13:53+08:00
OpenDaylight使用界面下发流表主机名ip角色controller192.168.123.10控制器1ovs192.168.123.20交换机pc1192.168.123.30主机1实验步骤环境检查登陆控制器1,查看该端口是否处监听状态root@guest-virtual-machine:/home/guest# netstat -an | grep 6633
tcp 0 0 192.168.123.10:44024 192.168.123.10:6633 ESTABLISHED
tcp6 0 0 :::6633 :::* LISTEN
tcp6 0 0 192.168.123.10:6633 192.168.123.10:44024 ESTABLISHED保证控制器6633处监听状态后,使用root登陆交换机,查看交换机与控制器1的连接情况注:如果连接不成功会显示‘’fail_mode:secure‘’则需要命令手动在交换机内重连#ovs-vsctl del-controller br-sw
#ovs-vsctl set-controller br=sw tcp:192.168.123.10:6633查看主机的ip地址:注:主机为获取到ip地址,需要手动重连#ovs-vsctl del-controller br-sw
#ovs-vsctl set-controller br=sw tcp:192.168.123.10:6633下发流表切换到交换机,设置OpenFlow协议版本为1.0root@guest-virtual-machine:/home/guest# ovs-vsctl set bridge br-sw protocols=OpenFlow10访问控制器web UI,点击‘Nodes’ ‘1’为节点连接的具体信息展开所有目录展开具体配置补全node id、table id、flow id展开流表的相关参数
-
【OpenDaylight】Karaf的使用
https://xiongan.host/index.php/archives/193/
2023-03-24T11:20:00+08:00
Karaf使用ssh可能会连接不上,需要配置本地VM8的网卡,或者ssh,推荐下面方法vi /etc/ssh/sshd_config
//最后添加一行
PermitRootLogin yes
//保存后重启服务器即可用远程工具连接Ubuntu主机首先连接虚拟机上传安装包,解压缩并进入目录中,启动控制台root@guest-virtual-machine:/home/guest# tar -zxvf distribution-karaf-0.3.0-Lithium.tar.gz
root@guest-virtual-machine:/home/guest# cd distribution-karaf-0.3.0-Lithium
//启动一(不推荐)
root@guest-virtual-machine:/home/guest# ./bin/karaf
//启动二(后台运行)
root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# ./bin/start
root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# ./bin/client -u karaf安装opendaylight组件//安装REST API功能
opendaylight-user@root>feature:install odl-restconf
//安装L2交换机和OpenFlow功能
opendaylight-user@root>feature:install odl-l2switch-switch-ui
opendaylight-user@root>feature:install odl-openflowplugin-flow-services-ui
//安装Karaf控制台的md-sal功能
opendaylight-user@root>feature:install odl-mdsal-apidocs
//安装DLUX功能 0.3.0无需安装,0.6.0可以安装
//opendaylight-user@root>feature:install odl-dluxapps-applications
//opendaylight-user@root>feature:install odl-faas-all
//列出所有组件
opendaylight-user@root>feature:list验证opendaylight功能首先查看ip地址:连接控制器root@guest-virtual-machine:/home/guest# mn --controller=remote,ip=192.168.123.10,port=6633mininet> pingall
*** Ping: testing ping reachability
h1 -> h2
h2 -> h1
*** Results: 0% dropped (2/2 received)访问web控制器(账号密码admin)卸载opendaylight组件opendaylight-user@root>logoutlogout退出,回到上一目录中root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# rm -rf data
root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# ./bin/karaf clean
opendaylight-user@root>feature:list -i查看已安装组件,确认已卸载