实验7:基于REST API的SDN北向应用实践
实验7:基于REST API的SDN北向应用实践
一、实验目的
- 能够编写程序调用OpenDaylight REST API实现特定网络功能;
- 能够编写程序调用Ryu REST API实现特定网络功能。
二、实验环境
- 下载虚拟机软件Oracle VisualBox或VMware;
- 在虚拟机中安装Ubuntu 20.04 Desktop amd64,并完整安装Mininet、OpenDaylight(Carbon版本)、Postman和Ryu;
三、实验要求
(一)基本要求
OpenDaylight
(1) 利用Mininet平台搭建下图所示网络拓扑,并连接OpenDaylight;
(2) 编写Python程序,调用OpenDaylight的北向接口下发指令删除s1上的流表数据。
def del_flow_table():
url = 'http://127.0.0.1:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:1/'
res = requests.delete(url, auth=HTTPBasicAuth('admin', 'admin'))
print(f"resp of del request is: {str(res.content)}")
(3) 编写Python程序,调用OpenDaylight的北向接口下发硬超时流表,实现拓扑内主机h1和h3网络中断20s。
def out_flow_table():
url = 'http://127.0.0.1:8181/restconf/config/opendaylight-inventory:nodes/node/openflow:1/flow-node-inventory:table/0/flow/1'
data = {
"flow": [
{
"id": "1",
"match": {
"in-port": "1",
"ethernet-match": {
"ethernet-type": {
"type": "0x0800"
}
},
"ipv4-destination": "10.0.0.3/32"
},
"instructions": {
"instruction": [
{
"order": "0",
"apply-actions": {
"action": [
{
"order": "0",
"drop-action": {}
}
]
}
}
]
},
"flow-name": "flow1",
"priority": "65535",
"hard-timeout": "20",
"cookie": "2",
"table_id": "0"
}
]
}
res = requests.put(url, json=data, auth=HTTPBasicAuth('admin', 'admin'))
print(f"resp of out table request is: {str(res.content)}")
(4) 编写Python程序,调用OpenDaylight的北向接口获取s1上活动的流表数。
def get_flow_table():
url = 'http://127.0.0.1:8181/restconf/operational/opendaylight-inventory:nodes/node/openflow:1/flow-node-inventory:table/0/opendaylight-flow-table-statistics:flow-table-statistics'
res = requests.get(url, auth=HTTPBasicAuth('admin', 'admin'))
print(f"resp of get table request is: {str(res.content)}")
- Ryu
(1) 编写Python程序,调用Ryu的北向接口,实现上述OpenDaylight实验拓扑上相同的硬超时流表下发。
import requests
if __name__ == "__main__":
url = 'http://127.0.0.1:8080/stats/flowentry/add'
data = {
"dpid": 1,
"cookie": 1,
"cookie_mask": 1,
"table_id": 0,
"hard_timeout": 20,
"priority": 65535,
"flags": 1,
"match":{
"in_port":1
},
"actions":[
]
}
res = requests.post(url, json=data)
print (res.content)
(2) 利用Mininet平台搭建下图所示网络拓扑,要求支持OpenFlow 1.3协议,主机名、交换机名以及端口对应正确。拓扑生成后需连接Ryu,且Ryu应能够提供REST API服务
# mytopo.py
from mininet.topo import Topo
class MyTopo(Topo):
def __init__(self):
# initilaize topology
Topo.__init__(self)
self.addSwitch("s1")
self.addSwitch("s2")
self.addHost("h1")
self.addHost("h2")
self.addHost("h3")
self.addHost("h4")
self.addLink("s1", "h1")
self.addLink("s1", "h2")
self.addLink("s2", "h3")
self.addLink("s2", "h4")
self.addLink("s1", "s2")
topos = {'mytopo': (lambda: MyTopo())}
sudo sudo mn --custom mytopo.py --topo mytopo --mac --controller=remote,ip=127.0.0.1,port=6633 --switch ovsk,protocols=OpenFlow13
(3) 整理一个Shell脚本,参考Ryu REST API的文档,利用curl命令,实现和实验2相同的VLAN。
| VLAN_ID | Hosts |
|---|---|
| 0 | h1 h3 |
| 1 | h2 h4 |
# scripts.sh
curl -X POST -d '{
"dpid": 1,
"priority": 1,
"match":{
"in_port": 1
},
"actions":[
{
"type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "SET_FIELD",
"field": "vlan_vid", # Set VLAN ID
"value": 4096 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096)
},
{
"type": "OUTPUT",
"port": 3
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"priority": 1,
"match":{
"in_port": 2
},
"actions":[
{
"type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "SET_FIELD",
"field": "vlan_vid", # Set VLAN ID
"value": 4097 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096)
},
{
"type": "OUTPUT",
"port": 3
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"priority": 1,
"match":{
"vlan_vid": 0
},
"actions":[
{
"type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "OUTPUT",
"port": 1
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 1,
"priority": 1,
"match":{
"vlan_vid": 1
},
"actions":[
{
"type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "OUTPUT",
"port": 2
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 2,
"priority": 1,
"match":{
"in_port": 1
},
"actions":[
{
"type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "SET_FIELD",
"field": "vlan_vid", # Set VLAN ID
"value": 4096 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096)
},
{
"type": "OUTPUT",
"port": 3
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 2,
"priority": 1,
"match":{
"in_port": 2
},
"actions":[
{
"type": "PUSH_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "SET_FIELD",
"field": "vlan_vid", # Set VLAN ID
"value": 4097 # Describe sum of vlan_id(e.g. 6) | OFPVID_PRESENT(0x1000=4096)
},
{
"type": "OUTPUT",
"port": 3
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 2,
"priority": 1,
"match":{
"vlan_vid": 0
},
"actions":[
{
"type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "OUTPUT",
"port": 1
}
]
}' http://localhost:8080/stats/flowentry/add
curl -X POST -d '{
"dpid": 2,
"priority": 1,
"match":{
"vlan_vid": 1
},
"actions":[
{
"type": "POP_VLAN", # Push a new VLAN tag if a input frame is non-VLAN-tagged
"ethertype": 33024 # Ethertype 0x8100(=33024): IEEE 802.1Q VLAN-tagged frame
},
{
"type": "OUTPUT",
"port": 2
}
]
}' http://localhost:8080/stats/flowentry/add
(二)进阶要求
编程实现基本要求第2部分Ryu(3)中的VLAN划分。
import json
import requests
if __name__ == "__main__":
url = 'http://127.0.0.1:8080/stats/flowentry/add'
flow1 = {
"dpid": 1,
"priority": 1,
"match":{
"in_port": 1
},
"actions":[
{
"type": "PUSH_VLAN",
"ethertype": 33024
},
{
"type": "SET_FIELD",
"field": "vlan_vid",
"value": 4096
},
{
"type": "OUTPUT",
"port": 3
}
]
}
flow2 = {
"dpid": 1,
"priority": 1,
"match":{
"in_port": 2
},
"actions":[
{
"type": "PUSH_VLAN",
"ethertype": 33024
},
{
"type": "SET_FIELD",
"field": "vlan_vid",
"value": 4097
},
{
"type": "OUTPUT",
"port": 3
}
]
}
flow3 = {
"dpid": 1,
"priority": 1,
"match":{
"vlan_vid": 0
},
"actions":[
{
"type": "POP_VLAN",
"ethertype": 33024
},
{
"type": "OUTPUT",
"port": 1
}
]
}
flow4 = {
"dpid": 1,
"priority": 1,
"match": {
"vlan_vid": 1
},
"actions": [
{
"type": "POP_VLAN",
"ethertype": 33024
},
{
"type": "OUTPUT",
"port": 2
}
]
}
flow5 = {
"dpid": 2,
"priority": 1,
"match": {
"in_port": 1
},
"actions": [
{
"type": "PUSH_VLAN",
"ethertype": 33024
},
{
"type": "SET_FIELD",
"field": "vlan_vid",
"value": 4096
},
{
"type": "OUTPUT",
"port": 3
}
]
}
flow6 = {
"dpid": 2,
"priority": 1,
"match": {
"in_port": 2
},
"actions": [
{
"type": "PUSH_VLAN",
"ethertype": 33024
},
{
"type": "SET_FIELD",
"field": "vlan_vid",
"value": 4097
},
{
"type": "OUTPUT",
"port": 3
}
]
}
flow7 = {
"dpid": 2,
"priority": 1,
"match": {
"vlan_vid": 0
},
"actions": [
{
"type": "POP_VLAN",
"ethertype": 33024
},
{
"type": "OUTPUT",
"port": 1
}
]
}
flow8 = {
"dpid": 2,
"priority": 1,
"match": {
"vlan_vid": 1
},
"actions": [
{
"type": "POP_VLAN",
"ethertype": 33024
},
{
"type": "OUTPUT",
"port": 2
}
]
}
res1 = requests.post(url, json=flow1)
res2 = requests.post(url, json=flow2)
res3 = requests.post(url, json=flow3)
res4 = requests.post(url, json=flow4)
res5 = requests.post(url, json=flow5)
res6 = requests.post(url, json=flow6)
res7 = requests.post(url, json=flow7)
res8 = requests.post(url, json=flow8)
实验总结
- 实验中遇到的问题
运行ryu却无法ping通
解决办法:curl -X GET http://localhost:8080/stats/flow/1查看流表,将OpenFlow协议由1.0改为1.3以后可以ping通 - 实验心得
本次实验难度真的可以说是很大。主要涉及了python的requests库,OpenDaylight及Ryu的RestfulAPI,对于这些方面,我之前不是很熟悉,利用本次机会进行了一番学习。本次实验对源码分析和对openflow协议的理解的要求进一步提高,在OpenFlow协议方面遇到了一些问题,但还是通过查资料以及询问同学很好的解决了。在学习完本次实验后,我已经能够编写程序调用OpenDaylight REST API实现特定网络功能,能够编写程序调用Ryu REST API实现特定网络功能。通过本次实验进一步加深了我对代码的理解,对我的学习有很大的帮助。
