developing sdn apps in ryu

For SDNDS-TW Sharing

Developing SDN apps in Ryu 林哲緯, John-Linhttp://linton.tw/

http://linton.tw/

whoami

❖ 林哲緯 ( John-Lin )

❖ 清華⼤大學通訊⼯工程所 HSNL LAB

❖ 背景是通訊⼯工程

• 原是寫 Python 當興趣，玩網路程式時接觸 SDN/OpenFlow

❖ ⽬目前研究使⽤用 Ryu 未來應該也會繼續⽤用 Ryu Controller

❖ Network Security in SDN

• Contribute Snort-Integrate patch in Ryu

• See more: http://linton.tw/2014/09/03/Ryu-with-Snort-Integration/

http://linton.tw/2014/09/03/Ryu-with-Snort-Integration/

Outline

❖ OpenFlow Overview

❖ Introduction to Ryu application development

❖ The OpenFlow API in Ryu

❖ Demo

What is OpenFlow?

OpenFlow Controller

OpenFlow Switch

Flow Table

Data Plane

Controller Plane

Packet PacketForwarding

OpenFlow Protocol (SSL/TCP)

Drop

Forward to Controller

About Flow Entry

Rule Action Statistics

in_port VLAN ID

VLAN pcp

MAC src

MAC dst

Eth type IP src IP dst IP ToS sport dport

More match field: http://ryu.readthedocs.org/en/latest/ofproto_v1_3_ref.html?highlight=match#ryu.ofproto.ofproto_v1_3_parser.OFPMatch

1. Forward packet to ports2. Forward to controller3. Drop packet4. Modify Field (set-field)

1. Packet counter2. Byte counter

http://ryu.readthedocs.org/en/latest/ofproto_v1_3_ref.html?highlight=match#ryu.ofproto.ofproto_v1_3_parser.OFPMatch

Flow Table







Table id 0

Multiple Flow TablesTable id 0







Table id 1







Table id 2







SDN Controller

OpenFlow-enabled Network DeviceOpenFlow Protocol

OpenFlow Controller and switch workflow

HANDSHAKE_DISPATCHER

CONFIG_DISPATCHER

MAIN_DISPATCHER

DEAD_DISPATCHER如果發⽣生連線中斷

Ryu Controller 的4種狀態

The messages between Controller and switch❖ Controller-to-Switch Messages (Controller->Switch)

❖ Features

❖ Modify-State

❖ Packet-out

❖ Configuration, Read-State, Barrier, Role-Request, Asynchronous-Configuration

❖ Asynchronous Messages (Switch->Controller)❖ Packet-In

❖ Flow Removed

❖ Port Status

❖ Error

❖ Symmetric Messages (Switch<->Controller)❖ Hello

❖ Echo Request / Reply

❖ Experimenter

OpenFlow Controller

OpenFlow Switch

Flow Table

OpenFlow Protocol

Outline




❖ Demo

What is Ryu

❖ Ryu is a component-based software defined networking framework.

❖ Fully written in Python

❖ Ryu supports various protocols for managing network devices• OpenFlow 1.0, 1.2, 1.3, 1.4, Netconf, OF-config

❖ License: Apache 2.0

Ryu Resources❖ Official site:

• http://osrg.github.io/ryu/

❖ Mailing list: • https://lists.sourceforge.net/lists/listinfo/ryu-devel

❖ API Documentation: • http://ryu.readthedocs.org/en/latest/

❖ RyuBook Tutorial (Chinese): • http://osrg.github.io/ryu-book/zh_tw/html/

http://osrg.github.io/ryu/

https://lists.sourceforge.net/lists/listinfo/ryu-devel

http://ryu.readthedocs.org/en/latest/

http://osrg.github.io/ryu-book/zh_tw/html/

Installation

Installation

❖ Notice: Before you Install, check the dependencies first.

❖ On Official site…

Automatic Installation Script

❖ On Ubuntu 12.04+, two-line command can install Ryu 3.14

❖ This helper script which should get all dependencies and download, build, and install Ryu.

Fork me on: https://github.com/John-Lin/ryuInstallHelper

https://github.com/John-Lin/ryuInstallHelper

To install dependencies in Ubuntu

How to use

❖ Run your application

❖ Run your application with debug output

Application programming model

1. ⼀一個 OpenFlow message 可以視為⼀一個 event

2. 利⽤用 decorators 來接 event

3. 定義事件處理器(Event Handler)

Come from OpenFlow switches:• Asynchronous messages• Switch reply messages

Custom library

事件

Outline




❖ Demo

OpenFlow protocol APIType Message Name Ryu OpenFlow API

Controller to Switch

Messages

Features OFPFeaturesRequest / OFPSwitchFeaturesConfiguration OFPSetConfigModify-State OFPFlowMod

Read-State OFPFlowStatsRequest / OFPFlowStatsReply OFPPortStatsRequest / OFPPortStatsReply

Packet-out OFPPacketOutBarrier OFPBarrierRequest / OFPBarrierReply

Role-Request OFPRoleRequest / OFPRoleReplyAsynchronous-Configuration OFPSetAsync / OFPGetAsyncReply

Asynchronous Messages

Packet-In OFPPacketInFlow Removed OFPFlowRemoved

Port Status OFPPortStatusError OFPErrorMsg

Symmetric Messages

Hello OFPHelloEcho Request / Reply OFPEchoRequest / OFPEchoReply

Experimenter OFPExperimenter

OpenFlow Controller and switch workflow

Code Template in Ryu❖ Usually in the

Class

❖ Inheritance

❖ Decorators: @

❖ 接取 OpenFlow message event

❖ Event Handler

❖ 接到event 後要做的事定義在method裡

Asynchronous Messages

Controller toSwitch Messages

SnortLibrary Plugin

UtilityMethods

Initial method

Outline




❖ Demo

DEMO

❖ Hub application

❖ 利⽤用 Flow Table match ICMP 封包將其 Flood，其他協定封包導到Controller 做處理

❖ https://github.com/John-Lin/SDNDS-TW

1 2 3 4 priority=10, match=icmp, action=ALLpriority=0, actions=CONTROLLER:65535

Flow table

Host A Host B

SDN Controller

https://github.com/John-Lin/SDNDS-TW

developing sdn apps in ryu

Technology