Final result

To verify, we will launch Mininet on the virtual machine desktop so we can use xterm on h1 and launch Wireshark within the host to see the arp reply. After launching Mininet, simply type in xterm h1 to launch a terminal window for h1, and type in wireshark at the h1 terminal window to launch Wireshark. Choose h1-eth0 as the interface to capture packets on:

Mininet and h1 Wireshark

We can try to ping from h1 to h2 with two packets:

 mininet> h1 ping -c 2 h2
 PING 192.168.2.10 (192.168.2.10) 56(84) bytes of data.
 From 192.168.1.10 icmp_seq=1 Destination Host Unreachable
 From 192.168.1.10 icmp_seq=2 Destination Host Unreachable

--- 192.168.2.10 ping statistics ---
 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1004ms
 pipe 2
 mininet>

On the controller screen, we can see the two ARP entries, one from h1 for 192.168.1.1 and the other for h2 from the gateways:

 EVENT ofp_event->MySimpleStaticRouter EventOFPPacketIn
 Received ARP for 192.168.1.1
 ('ethernet', ethernet(dst='ff:ff:ff:ff:ff:ff',ethertype=2054,src='00:00:00:00:00:01'))
 ('arp', arp(dst_ip='192.168.1.1',dst_mac='00:00:00:00:00:00',hlen=6,hwtype=1,opcode=1,plen=4,proto=2048,src_ip='192.168.1.10',src_mac='00:00:00:00:00:01'))
 datapath: 1 in_port: 1
 EVENT ofp_event->MySimpleStaticRouter EventOFPPacketIn
 Received ARP for 192.168.2.1
 ('ethernet', ethernet(dst='ff:ff:ff:ff:ff:ff',ethertype=2054,src='00:00:00:00:00:02'))
 ('arp', arp(dst_ip='192.168.2.1',dst_mac='00:00:00:00:00:00',hlen=6,hwtype=1,opcode=1,plen=4,proto=2048,src_ip='192.168.2.10',src_mac='00:00:00:00:00:02'))
 datapath: 2 in_port: 1

In the h1-eth0 packet capture, we can see the arp reply:

S1 Gateway ARP Reply

We can also see the ICMP request and reply from h1 to h2:

ICMP Request and Response

The final piece we will touch on for this section is the spoofing of the MAC address of the gateway. Of course, in accordance with the Ethernet standard, when we transfer from port to port, we need to rewrite the source and destination MACs. For example, had we kept everything the same but used the 00:00:00:00:00:10 MAC address for 192.168.1.1 on s1, h2 would have received the following ICMP packet from h1:


H1 to H2 ICMP without MAC spoofing

Since the MAC address was not modified, h2 would not know the packet is destined for it and would simply drop it. Of course, we can use the OpenFlow action OFPactionSetField to rewrite the destination MAC address, but I have chosen to use spoofing to illustrate an important point. The point is that in a software-defined scenario, we have total control of our network. We cannot bypass certain restrictions, such as host ARP, but once the packet enters the network, we are free to route and modify based on our needs.

In the next section, we will take a look at how to add REST APIs to our static router so we can change flows dynamically.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.188.187.165