CS557 (Spring 2018) Project #1

Home Page | Syllabus | Class Schedule

Table of Contents

1 Project outline

OpenFlow is a leading SDN technology; it enables an administrator to define the forwarding and security behavior of a network by specifying policies in a domain controller. Refer to the original OpenFlow paper (http://ccr.sigcomm.org/online/files/p69-v38n2n-mckeown.pdf), or one of the many online resources on this topic, for details.

In this project, you will use the Mininet virtual network manager (http://mininet.org/) to instantiate a simple virtual network, and you will implement a set of simple forwarding and bandwidth allocation policies within the same network using the Floodlight domain controller (http://www.projectfloodlight.org/floodlight/). Note that Mininet is not a traditional network simulator; rather, it is a tool to instantiate lightweight virtual hosts and connect them using a set of virtual switches. As a result, behavior, management and configuration of machines on the network reflect that of actual physical devices.

2 Mininet and Floodlight installation and configuration

Conveniently, the Floodlight project provides a pre-configured virtual machine (VM) which includes both the Floodlight software itself and the Mininet virtual network emulator. This enables users to instantiate a virtual software defined network using Mininet, and to control that network using an instance of Floodlight.

In order to run the Floodlight/Mininet VM the first thing you will need to do is to install the VirtualBox virtualization software (free, and available for all mainstream operating systems). Please refer to the instructions at https://www.virtualbox.org/ to do so. While the VM may run on other virtualization technologies, for grading purposes we will run the VM using VirtualBox. Therefore, assignments that do not work with VirtualBox will be rejected.

The next step is to download the Floodlight VM. Instructions are provided at https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller/pages/8650780/Floodlight+VM Follow the instructions to download the VM and to build Floodlight. Note: do not run "git update" on the Floodlight git repository in the VM (as suggested in the page above) because it will break compilation. Just run "ant" to build Floodlight and "ant eclipse" to generate Eclipse project files (the second command is only necessary if you choose to use Eclipse for development.

Mininet comes pre-installed in the Floodlight VM. It is recommended that you read the Mininet walkthrough (http://mininet.org/walkthrough/) to familiarize yourself with this complex tool. The Floodlight VM also includes the Eclipse IDE, that you may use to modify the source code of Floodlight (which you will need to do in order to complete the project).

3 Network topology

The assignment requires you to create a simple network topology consisting of three servers, three clients, three switches and one domain controller. The switches are connected in a simple ring topology depicted in the following figure:


3.1 Static network policy

As the arrows suggest, to avoid routing ambiguities, communication along the ring can only happen in clockwise fashion. Note that this introduce path asymmetry: the return path of a flow is different from the sending path. Additionally, the only allowed flows are as follow:

  • Server #1 to Server #2
  • Server #2 to Server #3
  • Server #3 to Server #1
  • Client #1, Client #2, Client #3 can communicate with each other
  • Switch #1, Switch #2 and Switch #3 can communicate with the domain controller (note that, unlike all other components, the domain controller runs directly in the Floodlight VM and not on a separate virtual host).

Furthermore, the bandwidth on all links must be capped to 30KB/s (links between domain controller and switches can be ignored in this regard).

No other communication shall be allowed; for example, clients cannot communicate to servers and vice versa.

The first part of the project consists in instantiating this network topology within Mininet. Communication constraints described above must be enforced by appropriately programming the Floodlight domain controller software.

3.2 Dynamic policy

The overall goal of the second part of the project is to roughly emulate a situation in which each server performs periodic backups of its content on another server. If this happens at specific backup-dedicated hours, a portion of the bandwidth must be reserved for the backup flow. This is achieved by the following setup:

  • Clients can communicate with each other by generating TCP flows towards port 1234.
  • A given server i can communicate with server (i%3)+1 by generating TCP flows towards port 1234.
  • If a server-to-server flow is generated within a configurable range of times of the day (e.g. 9PM to 10PM), then the domain controller must statically reserve 20KB/s of bandwidth for that flow.
  • If a server-to-server flow is generated outside the time range, the flow should still be allowed, but no bandwidth should be allocated. This policy must be implemented by appropriately programming Floodlight.

4 Project requirement

  • The student must submit a Mininet VM image (compressed as .tar.gz) implementing the above network topology.
  • The default VM login folder must contain a script named project1 which accepts the following command line option:

    • -r <start_time:stop_time> where start_time and stop_time are hours of the day in 24H format (e.g., -r 22:23 signifies that the backup hours are between 10PM and 11PM).

    Executing the script shall bring up the network topology and execute Floodlight while configuring the latter with the backup interval specified in the command line.

  • It must be possible to execute, on all clients, a TCP server listening on port 1234 (this TCP server is only used to receive connections, and shall discard any data received). The server must be implemented in a script called listen. E.g., to execute the server on client1 one would run the command client1 listen.
  • It must be possible to execute, on all clients, a script named talk which accepts the following parameters:

    • <destination> name of the destination host
    • <seconds> duration of the communication

    For example, in mininet one would instruct client1 to communicate with client2 for 30 seconds by issuing client1 talk client2 30. Upon execution, the script must generate TCP traffic towards port 1234 of <destination> for <seconds> seconds.

  • As Floodlight executes, it must print on the terminal one line of debug output for every static or dynamic rule configured on or removed from the switches. The particular format of the output is left to the student, but it should at a minimum describe to which flows the rule refer, and the type of operation performed on the flow (e.g., allow, drop, allocate bandwidth).
  • All hosts in the virtual topology must have hostnames which clearly identify their role and ID: client1, client2, client3, and server1, server2, server3.

4.1 Implementation

Students are expected to acquire familiarity with Mininet and Floodlight on their own by using the Mininet and Floodlight tutorials and online resources. A simple TCP server receiving and discarding data can be trivially implemented using Python, Node.js, or a number of other language frameworks. Simple dummy TCP traffic generators can be similarly implemented. Students are encouraged to proactively find the solutions to the project challenges on their own, and contact the instructor in case they find requirements unclear or under-specified. A Canvas forum will be instantiated to enable discussion between students and between the instructor and students.

While students are allowed to discuss project challenges and solutions together, each student must submit her/his own work individually. Multiple students submitting the same assignment will incur in the standard negative consequences for plagiarism.

5 Submission and grading

Floodlight VMs containing the assignment must be compressed as .tar.gz, together with a README file containing any additional information the instructor must be aware of in order to run the assignment. In case the submission hits Canvas' submission file limit, the student must send an email to the instructor by the project deadline containing a download link using a service such as Google Drive, Dropbox, Azure or similar.

5.1 Deadline

The project is due by 11:59PM on March 27th 2018. No extensions.

6 Grading

  • 20 points: topology correctly implemented (i.e., the virtual topology contains the correct number of clients, servers, switches)
  • 15 points: Floodlight debug output (AKA rule information) correctly generated
  • 25 points: static policy (who can talk to whom, along which paths) correctly implemented
  • 15 points: traffic generation works as expected
  • 25 points: dynamic policy (dynamic bandwidth reservation) correctly implemented

This project description may change at the discretion of the instructor.

Author: Lorenzo De Carli

Created: 2018-03-14 Wed 17:55