BEBA Software Switch in Mininet

[suratakiddin]

I’m interested in implementing a stateful firewall on BEBA Software Switch in Mininet. I have two questions:

1) Does BEBA Software Switch support OpenFlow version 1.5.0? I need the flow table to support the TCP flag matching rule. 2) Can I use BEBA Software Switch in Mininet Miniedit? Best regards, Sura

[DavideSanvito]

Hello Sura, BEBA switch has been built on top of CPqD ofsoftswitch13 and so unluckily it just supports OpenFlow 1.3. Regarding MiniEdit, I've personally never used it, but I think you should be able to run it without problems. BEBA switch is 100% backward compatible with ofsoftswitch13 with the added support for programmable stateful packet processing. If MiniEdit works only at the topology level and since ofsoftswitch13 is supported by Mininet, also BEBA switch should work with it. Best regards, Davide

[suratakiddin]

Thank you Davide

Can you please provide some instructions on how to add new rules to the CPqD ofsoftswitch13 or BEBA switch?

[DavideSanvito]

Hi Sura, BEBA switch can be configured by using our modified version of Ryu controller (https://github.com/beba-eu/beba-ctrl) which have been extended as well to support the configuration of stateful packet processing. You can find some BEBA application examples at https://github.com/beba-eu/beba-ctrl/tree/master/ryu/app/beba. However, if you have never used Ryu before. I suggest taking a look at https://ryu.readthedocs.io/en/latest/writing_ryu_app.html to understand how to configure legacy OpenFlow applications before moving to BEBA. Best, Davide

[suratakiddin]

Dear Davide,

All the implementation part (adding few rules to the switch) will be in the switch itself. The controller is not that important in this case.

1) Do I still have to use the modified version of Ryu controller?

I have to access the switch to add some rules (I want to try both CPqD and BEBA)

2) Which command shall I write in Mininet to be able to access and add some rules to CPqD ofsoftswitch13? 3) Which command shall I write in Mininet to be able to access and add some rules to the BEBA switch?

Best, Sura

[DavideSanvito]

Dear Sura, you definitely need the controller to configure the switch. In legacy OpenFlow, a switch-controller interaction is needed to modify the forwarding, according to the application running on the controller. The contribute brought by BEBA, compared to CPqD, is to allow to delegate back to the switches part of the control: the switch is then able to autonomously (i.e. without relying on the controller) modify the forwarding rules according to packet-level events. I highly suggest you taking a look at the OpenState paper (http://openstate-sdn.org/pub/openstate-ccr.pdf) paper which explains how stateful packet processing can be defined and programmed via Finite State Machine. If you need to install standard OpenFlow rules on the CPqD/BEBA switch you can take a look at the manual of dpctl command, but to configure stateful processing you need our modified version of the Ryu controller. Best, Daivde

[suratakiddin]

Dear Davide, Since I have to insert rules inside a stateful switch, I’m going to use the BEBA switch and BEBA-ctrl. Using Mininet, I tried different commands to build a simple topology that has a Beba controller, a BEBA switch and 2 hosts. However, none of them worked. It will be great if you can write the Mininet command to build such a topology as well as to run tcp_flag_test.py available in https://github.com/beba-eu/beba-ctrl/tree/master/ryu/app/beba

Best regards, Sura

[DavideSanvito]

Dear Sura, once you installed BEBA switch and BEBA ctrl, you can launch the controller and a simple topology with these two commands from a shell.

$ ryu-manager your_controller_app.py
$ sudo mn --topo single,4 --switch user --mac --controller remote

The latest commands starts a topology with 4 hosts connected by a single switch running in user space (BEBA switch) and controlled by a remote controller (BEBA ctrl). As an example application to verify if your setup is correct you can provide to ryu-manager the following app beba-ctrl/ryu/app/beba/forwarding_consistency_1_to_many.py which implements a stateful load balancing (i.e. it selects one server replica for each TCP connection and guarantees each connection is always kept assigned to the same replica). You can find some comments at the top of the file iself.

Regarding matching on TCP flags, some partners from the BEBA research project might have played with it and/or added its support (but I'm not sure about it!). You can take a look at this paper and contact the authors for additional info. Julien Boite et al - "StateSec: Stateful Monitoring for DDoS Protection in Software Defined Networks" in IEEE NetSoft 2017, Bologna, Italy Best, Davide

[suratakiddin]

Hi Davide, I downloaded both CPqD ofsoftswitch13 and BEBA switches in Mininet

when I run the ( --switch user ) which switch will be running ?

Best, Sura

[DavideSanvito]

Dear Sura, since BEBA switch extends CPqD ofsoftswitch13 without creating an additional executable, the latest switch you installed (with the final sudo make install command) will be the one run by mininet. Best, Davide

[suratakiddin]

Hi Which code of the CPqD switch did you use to read the packet header? I need the ip and port # for source and destination Best, Sura

[DavideSanvito]

Hi, in order to read the packet header, you need to install OpenFlow rules matching on IP and ports and specifying a corresponding forward/drop action. You can refer to the manual of dpctl command or the Ryu tutorial I mentioned above (https://ryu.readthedocs.io/en/latest/writing_ryu_app.html). If you are instead interested in modifying the parser logic of the switch to make some non-OpenFlow forwarding it's better if you directly ask the CPqD author on the original repository. Best, Davide

[gopswamy]

Hello, How do run Mininet with the beba switch? And also how to I test InSwitch packet generation API? I am trying to start the InSP.py script but it does not start.