14-817/18-739E Network Security and Management

Assignment 1 (due in class Thursday Jan 23, 2014):

In this assignment, you will learn the basics of running Mininet in a VirtualBox virtual machine.

First, install Virtual Box on your computer. Then, download and install the custom virtual machine for the course. (Do not use the VM referenced at the OpenFlow Tutorial Web site. Our custom VM works on a wider variety of platforms, and has software installed that you'll need on future assignments.) See the video instructions.

To install the VM, start VirtualBox, and then select File>Import Appliance and select the downloaded ova file. Then, press the Import button.

Then, follow the instructions for parts 1 through 4 of the OpenFlow Tutorial.

  • When following the instructions for "Set Up Network Access" (in Settings>Network>Adapter2) you will create a host-only interface for accessing your VM by SSH. Make sure that you select "Cable Connected" under "Advanced", while your machine is powered off, to ensure that this interface is "plugged in". (If your attempt to assign the interface an IP address (using dhclient) fails, check that your host-only interface has the "Cable Connected" -- again, while the VM is powered down.)
  • OS X Mountain Lion users: To enable X11 forwarding through OS X native terminal, you must install XQuartz, which isn't shipped with the OS anymore.
  • The instructions in Section 4.8 are incorrect, replace "$ sudo mn --topo single,3 --mac --controller remote --switch user" with "$ sudo mn --topo single,3 --mac".
You may also find the MiniNet Sample Workflow for more details.

You do not need to submit any written materials for this assignment.

Ask your fellow students for help, in person or on Piazza, if you get stuck in the process.

Assignment 2 (due 11:59pm Monday Feb 10th, 2014):

In this assignment, you will learn some basic SDN programming on the POX controller platform. Complete Section 5.1 of the tutorial on POX, using your existing VM from assignment 1 rather than installing a new VM. You do not need to install POX as stated in the tutorial. It is already installed on your VM. There are three components in this assignments.

  1. Implementing a "simple" learning switch using pox/misc/of_tutorial.py as mentioned in the tutorial (step 5). "Simple" here means the switch performs (only) the following steps for a received packet:

    1. Use source mac address and switch port to update the (mac address, port) table.
    2. If the port corresponding to the destination mac address is already known, send the packet out of that port. Otherwise, flood the packet.

    The task of the controller is to program the switch accordingly via appropriate openflow messages.

  2. Modify the above simple learning switch to include the logic blocking IP traffic between host 2 and host 3.
  3. Extend this program to count all traffic going to or leaving host 1. Note that it is not sufficient to set up a counter and increment it in _handle_PacketIn, because _handle_PacketIn is only called when a packet arrives at the controller (i.e., for the first packet of a given flow).
  4. You could support the traffic monitoring in several ways. The most elegant way is for your program to send the switch a statistics request to read the counters associated with all rules forwarding to/from host 1.

Assignment 3 (due 11:59pm Wednesday Feb 26th, 2014):

In this assignment, you will experiment policy compositions in POX and learn to use some basic SDN programming on the Pyretic platform, using the same VM from assignment 1.

  1. Task 1:

    Implement in POX a module that does mac learning, firewalling and monitoring. Implement two versions of this module: (1): monitoring all traffic, whether or not the firewall drops the traffic and (2) monitor only the traffic that successfully passes through the firewall.

  2. Task 2:
    1. Read the Pyretic Documentation.
    2. Update your pyretic repo (from inside the VM)

       $ cd ~/pyretic
       $ git pull
       $ git checkout tester
       $ sudo pip install ipaddr
    3. Implement a simple mac learning module

    4. Write a simple firewalling module that blocks traffic between hosts 2 and 3

    5. Write a simple monitoring module that counts all packets going to or leaving host 1

    6. Write a module that imports each of the above and does firewalling and then mac learning while at the same time monitoring. Write two versions of this module: (i) monitoring all traffic, whether or not the firewall drops the traffic and (ii) monitor only the traffic that successfully passes through the firewall

  3. Extra credit: Recreate all the composition scenarios from the Frenetic paper both in POX and Pyretic.
You can submit your code using blackboard.

Last updated: Wed Feb 12, 2014