春风十里不如你 —— Taozi - OpenDaylight https://xiongan.host/index.php/tag/OpenDaylight/ zh-CN Thu, 11 May 2023 10:25:41 +0800 Thu, 11 May 2023 10:25:41 +0800 【SDN】使用Postman下发流表 https://xiongan.host/index.php/archives/206/ https://xiongan.host/index.php/archives/206/ Thu, 11 May 2023 10:25:41 +0800 admin 使用Postman下发流表

实验环境检查

查看Opendaylight控制器

68324582647

登陆Opendaylight控制器,在查看控制器主机的6633端口监听状态

root@guest-virtual-machine:/home/guest# netstat -an|grep 6633

68324632013

关闭防火墙

sudo ufw disable

访问WEB页面

68324642802

在OVS主机(Miniet主机)中创建拓扑结构,并测试连通性

sudo mn --topo=single,3 --controller=remote,ip=192.168.123.10,port=6633 --switch ovsk,protocols=OpenFlow13

68324677224

在控制器页面查看到的拓扑图

68324681237

使用postman查看交换机id信息,交换机id为1

http://192.168.123.10:8080/restconf/operational/network-topology:network-topology

68324733334

下发第一条流表

PUT

http://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/1

68324871215

主机1的MAC地址:00:0c:29:91:9c:e6
主机2的MAC地址:42:59:6f:b2:ee:64
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<flow xmlns="urn:opendaylight:flow:inventory">
<priority>200</priority>
<flow-name>Foo1</flow-name>
<idle-timeout>0</idle-timeout>
<hard-timeout>0</hard-timeout>
<match>
<ethernet-match>
<ethernet-source>
<address>00:0c:29:91:9c:e6</address>
</ethernet-source>
<ethernet-destination>
<address>42:59:6f:b2:ee:64</address>
</ethernet-destination>
</ethernet-match>
</match>
<id>1</id>
<table_id>0</table_id>
<instructions>
<instruction>
<order>0</order>
<apply-actions>
<action>
<order>0</order>
<output-action>
<output-node-connector>2</output-node-connector>
</output-action>
</action>
</apply-actions>
</instruction>
</instructions>
</flow>

下发第二条流表

http://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/2
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<flow xmlns="urn:opendaylight:flow:inventory">
<priority>200</priority>
<flow-name>Foo1</flow-name>
<idle-timeout>0</idle-timeout>
<hard-timeout>0</hard-timeout>
<match>
<ethernet-match>
<ethernet-source>
<address>42:59:6f:b2:ee:64</address>
</ethernet-source>
<ethernet-destination>
<address>00:0c:29:91:9c:e6</address>
</ethernet-destination>
</ethernet-match>
</match>
<id>2</id>
<table_id>0</table_id>
<instructions>
<instruction>
<order>0</order>
<apply-actions>
<action>
<order>0</order>
<output-action>
<output-node-connector>1</output-node-connector>
</output-action>
</action>
</apply-actions>
</instruction>
</instructions>
</flow>

68324910358

登陆交换机,查看流表

ovs-ofctl dump-flows s1

删除第一条流表

http://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/1

68324966554

删除第二条流表

http://192.168.123.10:8080/restconf/config/opendaylight-inventory:nodes/node/openflow:1/table/0/flow/2

68324977418

]]>
0 https://xiongan.host/index.php/archives/206/#comments https://xiongan.host/index.php/feed/tag/OpenDaylight/
【SDN】防DDoS攻击应用开发 https://xiongan.host/index.php/archives/204/ https://xiongan.host/index.php/archives/204/ Sat, 06 May 2023 20:34:03 +0800 admin 防DDoS攻击SDN应用开发

基础环境

  • Opendaylight + Mininet (安装好karaf等组件)
  • Open vSwitch 2.3.1

实验步骤

查看控制器ip和交换机的连接状态

登录控制器,查看端口是否处于监听状态

netstat -an|grep 6633

68336330055

登录交换机,查看交换机与控制器的连接情况

root@guest-virtual-machine:/home/guest# ovs-vsctl show
2e6efe16-6875-4feb-8451-7da554fbd3c8
    ovs_version: "2.0.2"
//以上是交换机与控制器未连接成功,需要手动连接,显示以下的“is_connected:true”
root@guest-virtual-machine:/home/guest# ovs-vsctl add-br br-sw
root@guest-virtual-machine:/home/guest# ovs-vsctl set-controller br-sw tcp:192.168.123.10:6633
root@guest-virtual-machine:/home/guest# ovs-vsctl show

68336341161

登陆主机,查看主机与控制器连接情况,如果没连接,需要手动连接

登录交换机,连接控制器(基于OVSDB协议创建一个新的连接)

ovs-vsctl set-manager tcp:192.168.123.10:6640

68336412963

安装sFlow

将sFlow安装包上传至控制器,并解压

68336484626

登录交换机,部署sFlow Agent

ovs-vsctl -- --id=@sflow create sflow agent=s1 target=\"192.168.123.10:6633\" header=128 sampling=10 polling=1 -- set bridge br-sw sflow=@sflow

68336511422

查看已配置的sFlow Agent信息

ovs-vsctl list sflow

68336517033

登录控制器,启动sFlow

68336550170

验证防DDoS攻击

打开浏览器,查看状态

http://192.168.123.10:8008/html/index.html#status

68336584307

]]>
1 https://xiongan.host/index.php/archives/204/#comments https://xiongan.host/index.php/feed/tag/OpenDaylight/
【mininet】Opendaylight下的路由实验 https://xiongan.host/index.php/archives/200/ https://xiongan.host/index.php/archives/200/ Tue, 18 Apr 2023 21:12:00 +0800 admin 简单的路由实验

路由实验

首先运行Opendaylight,并安装好组件

68155958600

编辑路由脚本脚本

#!/usr/bin/python
import time
from mininet.net import Mininet
from mininet.node import Controller, RemoteController, OVSKernelSwitch,UserSwitch
from mininet.cli import CLI
from mininet.log import setLogLevel
from mininet.link import Link, TCLink
def topology():
    "Create a network."
    net = Mininet( controller=RemoteController, link=TCLink, switch=OVSKernelSwitch )
    print "*** Creating nodes ***"
    h1 = net.addHost( 'h1', mac='00:00:00:00:00:01', ip='10.123.10.1/24' )
    h2 = net.addHost( 'h2', mac='00:00:00:00:00:02', ip='10.123.10.2/24' )
    h3 = net.addHost( 'h3', mac='00:00:00:00:00:03', ip='10.123.1.1/24' )
    s1 = net.addSwitch( 's1', listenPort=6673, mac='00:00:00:00:00:11' )
    s2 = net.addSwitch( 's2', listenPort=6674, mac='00:00:00:00:00:12' )
    c0 = net.addController( 'c0', controller=RemoteController, ip='127.0.0.1', port=6633 )
    print "*** Creating links ***"
    net.addLink(s1, h1, 1, 0)
    net.addLink(s2, h3, 1, 0)
    Link(h2, s1, intfName1='h2-eth0')
    Link(h2, s2, intfName1='h2-eth1')
    h2.cmd('ifconfig h2-eth1 10.123.1.2 netmask 255.255.255.0')
    h2.cmd('sysctl net.ipv4.ip_forward=1')
    h1.cmd('route add default gw 10.123.10.2')
    h3.cmd('route add default gw 10.123.1.2')
    print "*** Starting network ***"
    net.build()
    c0.start()
    s1.start( [c0] )
    s2.start( [c0] )
    print "*** Running CLI ***"
    CLI( net )
    print "*** Stopping network ***"
    net.stop()
if __name__ == '__main__':
    setLogLevel( 'info' )
    topology()

运行脚本

python router.py

68155974153

两个交换机下发转发规则:

root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s1 in_port=1,actions=output:2
root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s1 in_port=2,actions=output:1
root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s2 in_port=1,actions=output:2
root@guest-virtual-machine:/home/guest# ovs-ofctl add-flow s2 in_port=2,actions=output:1

在CLI命令行里执行

mininet> h1 route add default gw 10.123.10.2
mininet> h3 route add default gw 10.123.1.2
mininet> h1 ping 10.123.10.2
mininet> h1 ping 10.123.1.2

68156011191

这时候再次测试h1 ping h3 就可以通

68156034980

举例

环境继承上述,再添加一个h4,使他们都可以通

mininet> py net.addHost( 'h4', mac='00:00:00:00:00:04', ip='10.123.123.1/24' )
mininet> py net.addSwitch( 's3', listenPort=6675, mac='00:00:00:00:00:13' )

image-20230416143505205

创建链路

mininet> py net.addLink(s3, h4, 1, 0)
mininet> py net.addLink(h2, s3, intfName1='h2-eth2')

image-20230416145756561

环境继承上述,再添加一个h4,使他们都可以通

//添加h4设备
h4 = net.addHost( 'h4', mac='00:00:00:00:00:04', ip='10.123.123.1/24' )
//添加s3交换机
s3 = net.addSwitch( 's3', listenPort=6675, mac='00:00:00:00:00:13' )
//添加s3和h4的链路
net.addLink(s3, h4, 1, 0)
//设置ip端口
h2.cmd('ifconfig h2-eth2 10.123.123.2 netmask 255.255.255.0')
//设置h4的网关
h4.cmd('route add default gw 10.123.123.2')
//开启s3
s3.start( [c0] )

8908

0230

0230

0230

0230

0230

]]>
0 https://xiongan.host/index.php/archives/200/#comments https://xiongan.host/index.php/feed/tag/OpenDaylight/
【OpenDaylight】及Postman实现流表下发 https://xiongan.host/index.php/archives/198/ https://xiongan.host/index.php/archives/198/ Fri, 14 Apr 2023 00:25:00 +0800 admin 安装OVS
主机名ip角色
ovs192.168.123.10ovs

首先连接SSH

用finalshell连接,需要提前配置好ip和网卡

上传ovs源文件,并解压

68120158273

进入目录,执行./configure,生成Makefile文件

68120164422

然后进入编译安装

make
make install

68120167841

实验六-OpenDaylight及Postman实现流表下发

使用Opendaylight虚拟机

安装jdk1.8,并启动opendaylight

68120286124

安装组件:

68120391184

首先清理旧数据

DELETE http://127.0.0.1:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:1/

image-20230413235336190

然后CLI命令行里再次清理

sudo mn -c

生成拓扑并连接 OpenDaylight

sudo mn --topo=single,3 --controller=remote,ip=本机ip,port=6633 --switch ovsk,protocols=OpenFlow13

68120401669

68120403714

使用 Postman 填入 JSON 格式的 http 请求

image-20230413235939496

image-20230413235900248

//以下内容是Body中需要填写的
{
    "flow": [
         {
             "id": "1",
             "match": {
                 "in-port": "1",
                 "ethernet-match": {
                     "ethernet-type": {
                         "type": "0x0800"
                     }
                 },
                 "ipv4-destination": "10.0.0.3/32"
             },
             "instructions": {
                 "instruction": [
                     {
                         "order": "0",
                         "apply-actions": {
                             "action": [
                                 {
                                     "order": "0",
                                     "drop-action": {}
                                 }
                             ]
                         }
                     }
                 ]
             },
             "flow-name": "flow1",
             "priority": "65535",
             "hard-timeout": "5", //此处需要修改间隔,意味着h1 ping h3 有5秒时间是中断的
             "cookie": "2",
             "table_id": "0"
         }
     ]
 }

现在CLI中h1 ping h3,再去PUT数据链接

测试成功,结果符合预期

image-20230414000211597

鸣谢:小桂哥,King

]]>
0 https://xiongan.host/index.php/archives/198/#comments https://xiongan.host/index.php/feed/tag/OpenDaylight/
【OpenDaylight】使用界面下发流表 https://xiongan.host/index.php/archives/196/ https://xiongan.host/index.php/archives/196/ Wed, 05 Apr 2023 23:13:53 +0800 admin OpenDaylight使用界面下发流表
主机名ip角色
controller192.168.123.10控制器1
ovs192.168.123.20交换机
pc1192.168.123.30主机1

实验步骤

环境检查

登陆控制器1,查看该端口是否处监听状态

root@guest-virtual-machine:/home/guest# netstat -an | grep 6633
tcp        0      0 192.168.123.10:44024    192.168.123.10:6633     ESTABLISHED
tcp6       0      0 :::6633                 :::*                    LISTEN     
tcp6       0      0 192.168.123.10:6633     192.168.123.10:44024    ESTABLISHED

保证控制器6633处监听状态后,使用root登陆交换机,查看交换机与控制器1的连接情况

连接情况

注:如果连接不成功会显示‘’fail_mode:secure‘’

则需要命令手动在交换机内重连

#ovs-vsctl del-controller br-sw
#ovs-vsctl set-controller br=sw tcp:192.168.123.10:6633

查看主机的ip地址:

控制器的ip地址

注:主机为获取到ip地址,需要手动重连

#ovs-vsctl del-controller br-sw
#ovs-vsctl set-controller br=sw tcp:192.168.123.10:6633

下发流表

切换到交换机,设置OpenFlow协议版本为1.0

root@guest-virtual-machine:/home/guest# ovs-vsctl set bridge br-sw protocols=OpenFlow10

访问控制器web UI,点击‘Nodes’ ‘1’为节点连接的具体信息

请输入图片描述

请输入图片描述

展开所有目录

所有目录

展开具体配置

具体配置

补全node id、table id、flow id

请输入图片描述

请输入图片描述

请输入图片描述

展开流表的相关参数

请输入图片描述

]]>
0 https://xiongan.host/index.php/archives/196/#comments https://xiongan.host/index.php/feed/tag/OpenDaylight/
【OpenDaylight】Karaf的使用 https://xiongan.host/index.php/archives/193/ https://xiongan.host/index.php/archives/193/ Fri, 24 Mar 2023 11:20:00 +0800 admin Karaf使用

ssh可能会连接不上,需要配置本地VM8的网卡,或者ssh,推荐下面方法

vi /etc/ssh/sshd_config
//最后添加一行
PermitRootLogin yes
//保存后重启服务器即可用远程工具连接Ubuntu主机

首先连接虚拟机

image-20230324103545964

上传安装包,解压缩并进入目录中,启动控制台

root@guest-virtual-machine:/home/guest# tar -zxvf distribution-karaf-0.3.0-Lithium.tar.gz
root@guest-virtual-machine:/home/guest# cd distribution-karaf-0.3.0-Lithium
//启动一(不推荐)
root@guest-virtual-machine:/home/guest# ./bin/karaf
//启动二(后台运行)
root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# ./bin/start
root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# ./bin/client -u karaf

image-20230324104253817

安装opendaylight组件

//安装REST API功能
opendaylight-user@root>feature:install odl-restconf
//安装L2交换机和OpenFlow功能
opendaylight-user@root>feature:install odl-l2switch-switch-ui
opendaylight-user@root>feature:install odl-openflowplugin-flow-services-ui
//安装Karaf控制台的md-sal功能
opendaylight-user@root>feature:install odl-mdsal-apidocs
//安装DLUX功能 0.3.0无需安装,0.6.0可以安装
//opendaylight-user@root>feature:install odl-dluxapps-applications
//opendaylight-user@root>feature:install odl-faas-all
//列出所有组件
opendaylight-user@root>feature:list

image-20230324105618145

验证opendaylight功能

首先查看ip地址:

image-20230324110258172

连接控制器

root@guest-virtual-machine:/home/guest# mn --controller=remote,ip=192.168.123.10,port=6633
mininet> pingall
*** Ping: testing ping reachability
h1 -> h2 
h2 -> h1 
*** Results: 0% dropped (2/2 received)

访问web控制器(账号密码admin)

image-20230324110455866

image-20230324110537387

卸载opendaylight组件

opendaylight-user@root>logout

logout退出,回到上一目录中

root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# rm -rf data
root@guest-virtual-machine:/home/guest/distribution-karaf-0.3.0-Lithium# ./bin/karaf clean
opendaylight-user@root>feature:list -i

查看已安装组件,确认已卸载

image-20230324110931770

]]>
5 https://xiongan.host/index.php/archives/193/#comments https://xiongan.host/index.php/feed/tag/OpenDaylight/