https://xiongan.host/index.php/tag/SDN/ https://xiongan.host/index.php/archives/206/ 2023-05-11T10:25:41+08:00 使用Postman下发流表实验环境检查查看Opendaylight控制器登陆Opendaylight控制器，在查看控制器主机的6633端口监听状态root@guest-virtual-machine:/home/guest# netstat -an|grep 6633关闭防火墙sudo ufw disable访问WEB页面在OVS主机(Miniet主机)中创建拓扑结构，并测试连通性sudo mn --topo=single,3 --controller=remote,ip=192.168.123.10,port=6633 --switch ovsk,protocols=OpenFlow13在控制器页面查看到的拓扑图使用postman查看交换机id信息，交换机id为1http://192.168.123.10:8080/restconf/operational/network-topology:network-topology下发第一条流表PUThttp://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/1主机1的MAC地址:00:0c:29:91:9c:e6 主机2的MAC地址:42:59:6f:b2:ee:64<?xml version="1.0" encoding="UTF-8" standalone="no"?> <flow xmlns="urn:opendaylight:flow:inventory"> <priority>200</priority> <flow-name>Foo1</flow-name> <idle-timeout>0</idle-timeout> <hard-timeout>0</hard-timeout> <match> <ethernet-match> <ethernet-source> <address>00:0c:29:91:9c:e6</address> </ethernet-source> <ethernet-destination> <address>42:59:6f:b2:ee:64</address> </ethernet-destination> </ethernet-match> </match> <id>1</id> <table_id>0</table_id> <instructions> <instruction> <order>0</order> <apply-actions> <action> <order>0</order> <output-action> <output-node-connector>2</output-node-connector> </output-action> </action> </apply-actions> </instruction> </instructions> </flow>下发第二条流表http://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/2<?xml version="1.0" encoding="UTF-8" standalone="no"?> <flow xmlns="urn:opendaylight:flow:inventory"> <priority>200</priority> <flow-name>Foo1</flow-name> <idle-timeout>0</idle-timeout> <hard-timeout>0</hard-timeout> <match> <ethernet-match> <ethernet-source> <address>42:59:6f:b2:ee:64</address> </ethernet-source> <ethernet-destination> <address>00:0c:29:91:9c:e6</address> </ethernet-destination> </ethernet-match> </match> <id>2</id> <table_id>0</table_id> <instructions> <instruction> <order>0</order> <apply-actions> <action> <order>0</order> <output-action> <output-node-connector>1</output-node-connector> </output-action> </action> </apply-actions> </instruction> </instructions> </flow>登陆交换机，查看流表ovs-ofctl dump-flows s1删除第一条流表http://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/1删除第二条流表http://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/2 https://xiongan.host/index.php/archives/204/ 2023-05-06T20:34:03+08:00 防DDoS攻击SDN应用开发基础环境Opendaylight + Mininet （安装好karaf等组件）Open vSwitch 2.3.1实验步骤查看控制器ip和交换机的连接状态登录控制器，查看端口是否处于监听状态netstat -an|grep 6633登录交换机，查看交换机与控制器的连接情况root@guest-virtual-machine:/home/guest# ovs-vsctl show 2e6efe16-6875-4feb-8451-7da554fbd3c8   ovs_version: "2.0.2" //以上是交换机与控制器未连接成功，需要手动连接，显示以下的“is_connected：true” root@guest-virtual-machine:/home/guest# ovs-vsctl add-br br-sw root@guest-virtual-machine:/home/guest# ovs-vsctl set-controller br-sw tcp:192.168.123.10:6633 root@guest-virtual-machine:/home/guest# ovs-vsctl show登陆主机，查看主机与控制器连接情况，如果没连接，需要手动连接登录交换机，连接控制器（基于OVSDB协议创建一个新的连接）ovs-vsctl set-manager tcp:192.168.123.10:6640安装sFlow将sFlow安装包上传至控制器，并解压登录交换机，部署sFlow Agentovs-vsctl -- --id=@sflow create sflow agent=s1 target=\"192.168.123.10:6633\" header=128 sampling=10 polling=1 -- set bridge br-sw sflow=@sflow查看已配置的sFlow Agent信息ovs-vsctl list sflow登录控制器，启动sFlow验证防DDoS攻击打开浏览器，查看状态http://192.168.123.10:8008/html/index.html#status https://xiongan.host/index.php/archives/198/ 2023-04-14T00:25:00+08:00 安装OVS主机名ip角色ovs192.168.123.10ovs首先连接SSH用finalshell连接，需要提前配置好ip和网卡上传ovs源文件，并解压进入目录，执行./configure，生成Makefile文件然后进入编译安装make make install实验六-OpenDaylight及Postman实现流表下发使用Opendaylight虚拟机安装jdk1.8，并启动opendaylight安装组件：首先清理旧数据DELETE http://127.0.0.1:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:1/然后CLI命令行里再次清理sudo mn -c生成拓扑并连接 OpenDaylightsudo mn --topo=single,3 --controller=remote,ip=本机ip,port=6633 --switch ovsk,protocols=OpenFlow13使用 Postman 填入 JSON 格式的 http 请求//以下内容是Body中需要填写的 {   "flow": [         {             "id": "1",             "match": {                 "in-port": "1",                 "ethernet-match": {                     "ethernet-type": {                         "type": "0x0800"                     }                 },                 "ipv4-destination": "10.0.0.3/32"             },             "instructions": {                 "instruction": [                     {                         "order": "0",                         "apply-actions": {                             "action": [                                 {                                     "order": "0",                                     "drop-action": {}                                 }                             ]                         }                     }                 ]             },             "flow-name": "flow1",             "priority": "65535",             "hard-timeout": "5", //此处需要修改间隔，意味着h1 ping h3 有5秒时间是中断的             "cookie": "2",             "table_id": "0"         }     ] }现在CLI中h1 ping h3，再去PUT数据链接测试成功，结果符合预期鸣谢:小桂哥,King https://xiongan.host/index.php/archives/193/ 2023-03-24T11:20:00+08:00 Karaf使用ssh可能会连接不上，需要配置本地VM8的网卡，或者ssh，推荐下面方法vi /etc/ssh/sshd_config //最后添加一行 PermitRootLogin yes //保存后重启服务器即可用远程工具连接Ubuntu主机首先连接虚拟机上传安装包，解压缩并进入目录中，启动控制台root@guest-virtual-machine:/home/guest# tar -zxvf distribution-karaf-0.3.0-Lithium.tar.gz root@guest-virtual-machine:/home/guest# cd distribution-karaf-0.3.0-Lithium //启动一(不推荐) root@guest-virtual-machine:/home/guest# ./bin/karaf //启动二（后台运行） root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# ./bin/start root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# ./bin/client -u karaf安装opendaylight组件//安装REST API功能 opendaylight-user@root>feature:install odl-restconf //安装L2交换机和OpenFlow功能 opendaylight-user@root>feature:install odl-l2switch-switch-ui opendaylight-user@root>feature:install odl-openflowplugin-flow-services-ui //安装Karaf控制台的md-sal功能 opendaylight-user@root>feature:install odl-mdsal-apidocs //安装DLUX功能 0.3.0无需安装，0.6.0可以安装 //opendaylight-user@root>feature:install odl-dluxapps-applications //opendaylight-user@root>feature:install odl-faas-all //列出所有组件 opendaylight-user@root>feature:list验证opendaylight功能首先查看ip地址：连接控制器root@guest-virtual-machine:/home/guest# mn --controller=remote,ip=192.168.123.10,port=6633mininet> pingall *** Ping: testing ping reachability h1 -> h2 h2 -> h1 *** Results: 0% dropped (2/2 received)访问web控制器（账号密码admin）卸载opendaylight组件opendaylight-user@root>logoutlogout退出，回到上一目录中root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# rm -rf data root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# ./bin/karaf clean opendaylight-user@root>feature:list -i查看已安装组件，确认已卸载