https://xiongan.host/index.php/tag/mininet/ https://xiongan.host/index.php/archives/204/ 2023-05-06T20:34:03+08:00 防DDoS攻击SDN应用开发基础环境Opendaylight + Mininet （安装好karaf等组件）Open vSwitch 2.3.1实验步骤查看控制器ip和交换机的连接状态登录控制器，查看端口是否处于监听状态netstat -an|grep 6633登录交换机，查看交换机与控制器的连接情况root@guest-virtual-machine:/home/guest# ovs-vsctl show 2e6efe16-6875-4feb-8451-7da554fbd3c8   ovs_version: "2.0.2" //以上是交换机与控制器未连接成功，需要手动连接，显示以下的“is_connected：true” root@guest-virtual-machine:/home/guest# ovs-vsctl add-br br-sw root@guest-virtual-machine:/home/guest# ovs-vsctl set-controller br-sw tcp:192.168.123.10:6633 root@guest-virtual-machine:/home/guest# ovs-vsctl show登陆主机，查看主机与控制器连接情况，如果没连接，需要手动连接登录交换机，连接控制器（基于OVSDB协议创建一个新的连接）ovs-vsctl set-manager tcp:192.168.123.10:6640安装sFlow将sFlow安装包上传至控制器，并解压登录交换机，部署sFlow Agentovs-vsctl -- --id=@sflow create sflow agent=s1 target=\"192.168.123.10:6633\" header=128 sampling=10 polling=1 -- set bridge br-sw sflow=@sflow查看已配置的sFlow Agent信息ovs-vsctl list sflow登录控制器，启动sFlow验证防DDoS攻击打开浏览器，查看状态http://192.168.123.10:8008/html/index.html#status https://xiongan.host/index.php/archives/200/ 2023-04-18T21:12:00+08:00 简单的路由实验路由实验首先运行Opendaylight，并安装好组件编辑路由脚本脚本#!/usr/bin/python import time from mininet.net import Mininet from mininet.node import Controller, RemoteController, OVSKernelSwitch,UserSwitch from mininet.cli import CLI from mininet.log import setLogLevel from mininet.link import Link, TCLink def topology():   "Create a network."   net = Mininet( controller=RemoteController, link=TCLink, switch=OVSKernelSwitch )   print "*** Creating nodes ***"   h1 = net.addHost( 'h1', mac='00:00:00:00:00:01', ip='10.123.10.1/24' )   h2 = net.addHost( 'h2', mac='00:00:00:00:00:02', ip='10.123.10.2/24' )   h3 = net.addHost( 'h3', mac='00:00:00:00:00:03', ip='10.123.1.1/24' )   s1 = net.addSwitch( 's1', listenPort=6673, mac='00:00:00:00:00:11' )   s2 = net.addSwitch( 's2', listenPort=6674, mac='00:00:00:00:00:12' )   c0 = net.addController( 'c0', controller=RemoteController, ip='127.0.0.1', port=6633 )   print "*** Creating links ***"   net.addLink(s1, h1, 1, 0)   net.addLink(s2, h3, 1, 0)   Link(h2, s1, intfName1='h2-eth0')   Link(h2, s2, intfName1='h2-eth1')   h2.cmd('ifconfig h2-eth1 10.123.1.2 netmask 255.255.255.0')   h2.cmd('sysctl net.ipv4.ip_forward=1')   h1.cmd('route add default gw 10.123.10.2')   h3.cmd('route add default gw 10.123.1.2')   print "*** Starting network ***"   net.build()   c0.start()   s1.start( [c0] )   s2.start( [c0] )   print "*** Running CLI ***"   CLI( net )   print "*** Stopping network ***"   net.stop() if __name__ == '__main__':   setLogLevel( 'info' )   topology()运行脚本python router.py两个交换机下发转发规则：root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s1 in_port=1,actions=output:2 root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s1 in_port=2,actions=output:1 root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s2 in_port=1,actions=output:2 root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s2 in_port=2,actions=output:1在CLI命令行里执行mininet> h1 route add default gw 10.123.10.2 mininet> h3 route add default gw 10.123.1.2 mininet> h1 ping 10.123.10.2 mininet> h1 ping 10.123.1.2这时候再次测试h1 ping h3 就可以通举例环境继承上述，再添加一个h4，使他们都可以通mininet> py net.addHost( 'h4', mac='00:00:00:00:00:04', ip='10.123.123.1/24' ) mininet> py net.addSwitch( 's3', listenPort=6675, mac='00:00:00:00:00:13' )创建链路mininet> py net.addLink(s3, h4, 1, 0) mininet> py net.addLink(h2, s3, intfName1='h2-eth2')环境继承上述，再添加一个h4，使他们都可以通//添加h4设备 h4 = net.addHost( 'h4', mac='00:00:00:00:00:04', ip='10.123.123.1/24' ) //添加s3交换机 s3 = net.addSwitch( 's3', listenPort=6675, mac='00:00:00:00:00:13' ) //添加s3和h4的链路 net.addLink(s3, h4, 1, 0) //设置ip端口 h2.cmd('ifconfig h2-eth2 10.123.123.2 netmask 255.255.255.0') //设置h4的网关 h4.cmd('route add default gw 10.123.123.2') //开启s3 s3.start( [c0] )