STL 1 Assignment 5

# STL 1 Assignment 5 ![](https://hackmd.io/_uploads/rk0wF6av3.png) ![](https://hackmd.io/_uploads/SJTW56aPn.png) h3 Wireshark shows the ping from h1 to h2. ![](https://hackmd.io/_uploads/Syt89TTDn.png) ![](https://hackmd.io/_uploads/Sk0Dc6pD3.png) Network Performance # 5 ![](https://hackmd.io/_uploads/HkdSGR6D3.png) ![](https://hackmd.io/_uploads/BJAg70pPn.png) While acting like a switch, the first time the packet is sent out (empty dict) means that h1 (source) does not know the destination. As such the first packet is broadcasted to everyone. Subsequent packets are only sent to the relevant reciepient. ![](https://hackmd.io/_uploads/S1U9ECpwn.png) In the virtual machine, there is not much difference in speed the first time `iperf` is run. Subsequently, there is a decrease in speed. This is because the host sends out the packet and the controller needs to check who the receipient of the packet. This may be different when the program is deployed in a more powerful environment/ cloud. ![](https://hackmd.io/_uploads/BJueIApwn.png) running `ovs-ofctl dump-flows s1` returns nothing. # 6 We modified updated the `act_like_sdn_switch` to include the following functionalities and restarted the python process to change the functionality to mimic an sdn switch ![](https://hackmd.io/_uploads/HJuIKTM_3.png) The following is the wireshark capture: ![](https://hackmd.io/_uploads/SkHaOCaP3.png) The speed is now within the Gbits which is monumentially higher than that of acting as a switch. ![](https://hackmd.io/_uploads/rydV5pf_2.png) Running `ovs-ofctl dumps s1` in `h1` shows the following: ![](https://hackmd.io/_uploads/H1EXjpfdh.png) Simplified after restarting the program: ![](https://hackmd.io/_uploads/HJNNaazdn.png) to explain the simplified the results: ![](https://hackmd.io/_uploads/BkJ5wxQ_n.png) H3 sends 4 packets of TCP message that are 280 bytes large to h1. It sends from IP address 10.0.0.3:5001 to 10.0.0.1:52170. ![](https://hackmd.io/_uploads/rkwb_gXO3.png) H1 sends 8 packets of TCP message that are 198 bytes large to h3. It sends from IP address 10.0.0.1:52170 to 10.0.0.3:5001. Some explanation: ```csvpreview **Cookie**, **Description** duration, time (in sec) that entry is in table table, flow table n_packets,packets number n_bytes,bytes number tcp|vlan_tci,Ethernet VLAN Header. Contains the 16-bit VLAN Tag Control Identifier and the Ethernet type of the encapsulated frame dl_src, The MAC source address as a binary string. E.g. to match all packets from MAC address dl_dst,The MAC destination address as a binary string. E.g. to match all broadcast packets nw_src,The IPv4 destination address as a tuple (address and prefix_length) where address is the address as a binary string and prefix_length is the number of bits to match in the address. prefix_length must be > 0 nw_dst, The IPv4 destination address as a tuple (address and prefix_length) where address is the address as a binary string and prefix_length is the number of bits to match in the address. prefix_length must be > 0 nw_tos,The IP ToS (only the DSCP field’s 6 bits) as an 8-bit unsigned integer. Bits 0 and 1 are reserved and must be set to 0. E.g. to match all IPv4 packets in the Expedited Forwarding class (DSCP field value 0x2e) tp_src, The TCP/UDP source port as a 16-bit unsigned integer tp_dst,The TCP/UDP destination port as a 16-bit unsigned integer. E.g. to match all TCPv4 packets to port 80 (WWW) actions,Specifies a comma-separated list of actions to take on a packet when the flow entry matches. If no action is specified then packets matching the flow are dropped. ``` # 7 To run the web server in h3: `python3 web_server.py` ![](https://hackmd.io/_uploads/BylCyW7d3.png) To connect to the web server from h1: ![](https://hackmd.io/_uploads/HkMNe-mun.png) Since we need to install a firewall to block all http request made from h1 to h3, we would need to add in a new function to handle packets called `http_firewall`. This will be located in the python program that makes the : ```python= def http_firewall(self, packet, packet_in): block_ports = {80} tcp_packets = packet.find('tcp') if tcp_packets: if packet.src.toStr() == '00:00:00:00:00:01' and packet.dst.toStr() == '00:00:00:00:00:03' and tcp_packets.dstport in block_ports: return else: self.mac_to_port[packet.src] = packet_in.in_port if packet.dst in self.mac_to_port: msg = of.ofp_flow_mod() msg.match = of.ofp_match.from_packet(packet) msg.actions.append(of.ofp_action_output(port=self.mac_to_port[packet.dst])) self.connection.send(msg) else: self.resend_packet(packet_in, of.OFPP_FLOOD) else: self.mac_to_port[packet.src] = packet_in.in_port if packet.dst in self.mac_to_port: msg = of.ofp_flow_mod() msg.match = of.ofp_match.from_packet(packet) msg.actions.append(of.ofp_action_output(port=self.mac_to_port[packet.dst])) self.connection.send(msg) else: self.resend_packet(packet_in, of.OFPP_FLOOD) ``` Once the python program is restarted: ![](https://hackmd.io/_uploads/SJG7eUQ_3.png) ![](https://hackmd.io/_uploads/SkvNgUm_h.png) ![](https://hackmd.io/_uploads/HyrskImu2.png) While the python program is running, tcp packets are blocked (tcp being the form that curl sends to do an http request) while ARP and ICMP packets are still allowed to travel between h1 and h3. ![](https://hackmd.io/_uploads/Bk6FfLQuh.png) Seeing the flow table of the switch we can see that there are no TCP packets that are allowed to travel as we can only see arp and icmp packets (which comes from the pings). As such, we can see that when we ping h3 with h1, we can still find the pinging response but only all http requests has been blocked.