SDN firewall
============
(Firewall application implemented in a software defined network, using mininet and python)
A small network is set up on the virtual machine, with mininet installed. This network contains 6 switches, each with a host, using topology.py.This is a python code that instantiates a virtual network(mininet) independenly on any system and in no time. Mininet is a network emulator that creates a realistic virtual network, running real kernel, switch and application code, on a single machine. sudo mn is the command that brings up the switches, the hosts and the controller. The code topology.py sets up the six switches with a host connected to each. Although, a mininet can itself create a controller to control the switches in its network, yet I have made use of a remote controller (POX) at the tcp port 6633 on the loopback ip address, so as to have some additional functionalities of a learning switch and a firewall.
The POX controller is started on a separate SSH connection along with the learning algorithm, the spanning tree and the discovery modules of the openflow and my personalised firewall module, using the following commands
cd /pox
./pox.py forwarding.l2_learning openflow.discovery openflow.spanning_tree --no-flood --hold-down pox.misc.firewall
With the POX contoller running up, the mininet network is executed on the first window, using the following code:
cd /home/mininet/mininet/custom working directory
mn --custom topology.py --topo mytopo --mac --controller=remote,ip=127.0.0.1,port=6633
The above command brings up all the six switches with their hosts and a remote controller. Now, when the connectivity is checked among all hosts, using the command pingall, the host having ip_0 will not be able to reach host with ip_1 and vice versa. This is in accordance with the firewallpolicies.csv. Hence, the firewall module is working appropriately on the controller.
The firewallpolicies.csv specifies which ip addresses have to be blocked. This file is being called and used by firewall.py code, which is another python code that recognises the ip addresses to be blocked from certain other ip addresses and also directs the controller to add specific flow-entries in the flow tables of the switches, so that packets from these blocked ip addresses are independently handled by the switches in future.
The learning algorithm runs along with the POX controller that forces the switches to behave as normal switches that have learning capabilities. When a new packet reaches a switch, the switch acts according to the openflow protocol, in which it sends the packet to the controller, as the switch is unaware of the action, it needs to perform. The controller informs the switch the required action and hence the switch 'learns' the source address and its corresponding action. The specific flow entries are added in the flow tables of the switches.
Spanning_tree module of the openflow protocol is also required to run on the POX controller, especially in this network, so that the huge number of switches are able to manage the packet flows efficiently without any loops and errors.If we are not using spanning tree algorithm along with the discovery and the spanning tree modules of openflow, the POX controller goes unmanaged and starts throwing errors like:
WARNING:openflow.of_01:<class 'pox.openflow.PacketIn'> raised on dummy OpenFlow nexus.
This issue doesn’t arise in a network of 2 or 3 switches(connected linearly). But this network is more like a mesh network where most of the hosts have direct and multiple indirect connections to other hosts. The spanning_tree component of openflow uses the discovery component of openflow to build a view of the network topology, constructs a spanning tree and then disables flooding on switch ports that aren't on the tree. Spanning_tree component uses the following options to modify the behavior of the switches:
--no-flood option disables flooding on all ports as soon as a switch connects.
--hold-down option prevents altering of flood control until a complete discovery cycle has completed and thus, all links have had an opportunity to be discovered.
The openflow.discovery component sends LLDP messages out of openflow switches so that it can discover the network topology.
As the primary functionality of this project is to add a firewall on the POX controller, the firewall.py algorithm is started along with the POX controller, which works in accordance with the firewallpolicies.csv table.So when a packet is received by the switch from ip_0 address, it is sent to the POX, which will comply with the firewall module and push down a 'drop' flow entry to the switch for the packets to be blocked. Hence the switch will block any further packets from that source. The rest of the packets are simply forwarded and corresponding flow-entries are added by the POX controller in the flow-tables of the switches, so that any further packet is managed solely by the switches, without the need to send the packets to the controllers, thus complying with the principles of software defined network.
没有合适的资源?快使用搜索试试~ 我知道了~
SDN_ firewall:在软件定义网络中实现的防火墙应用程序,使用mininet和python-源码
![preview](https://csdnimg.cn/release/downloadcmsfe/public/img/white-bg.ca8570fa.png)
共4个文件
py:2个
md:1个
csv:1个
![preview-icon](https://csdnimg.cn/release/downloadcmsfe/public/img/scale.ab9e0183.png)
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
![star](https://csdnimg.cn/release/downloadcmsfe/public/img/star.98a08eaa.png)
温馨提示
SDN防火墙 (在软件定义网络中实现的防火墙应用程序,使用 mininet 和 python) 在虚拟机上设置了一个小型网络,并安装了 mininet。 这个网络包含 6 个交换机,每个交换机都有一个主机,使用拓扑.py。这是一个 python 代码,可以在任何系统上独立地实例化一个虚拟网络(mininet),并且很快。 Mininet 是一个网络模拟器,它创建一个真实的虚拟网络,在一台机器上运行真实的内核、交换机和应用程序代码。 sudo mn 是启动交换机、主机和控制器的命令。 代码topology.py 设置了六个交换机,每个交换机都连接了一个主机。 虽然,mininet 本身可以创建一个控制器来控制其网络中的交换机,但我在环回 IP 地址的 tcp 端口 6633 上使用了远程控制器(POX),以便具有一些额外的学习功能交换机和防火墙。 POX 控制器与学习算法、生成树和 op
资源推荐
资源详情
资源评论
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![docx](https://img-home.csdnimg.cn/images/20210720083331.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![pdf](https://img-home.csdnimg.cn/images/20210720083512.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![7z](https://img-home.csdnimg.cn/images/20210720083312.png)
![rpm](https://img-home.csdnimg.cn/images/20210720083646.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![rar](https://img-home.csdnimg.cn/images/20210720083606.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
![zip](https://img-home.csdnimg.cn/images/20210720083736.png)
收起资源包目录
![package](https://csdnimg.cn/release/downloadcmsfe/public/img/package.f3fc750b.png)
![folder](https://csdnimg.cn/release/downloadcmsfe/public/img/folder.005fa2e5.png)
![file-type](https://csdnimg.cn/release/download/static_files/pc/images/minetype/UNKNOWN.png)
![file-type](https://csdnimg.cn/release/download/static_files/pc/images/minetype/UNKNOWN.png)
![file-type](https://csdnimg.cn/release/download/static_files/pc/images/minetype/UNKNOWN.png)
![file-type](https://csdnimg.cn/release/download/static_files/pc/images/minetype/UNKNOWN.png)
![folder](https://csdnimg.cn/release/downloadcmsfe/public/img/folder.005fa2e5.png)
共 4 条
- 1
![avatar](https://profile-avatar.csdnimg.cn/3b152e7ef79f41c093ee2152a38bf133_weixin_42132177.jpg!1)
处处清欢
- 粉丝: 190
- 资源: 2617
![benefits](https://csdnimg.cn/release/downloadcmsfe/public/img/vip-rights-1.c8e153b4.png)
下载权益
![privilege](https://csdnimg.cn/release/downloadcmsfe/public/img/vip-rights-2.ec46750a.png)
C知道特权
![article](https://csdnimg.cn/release/downloadcmsfe/public/img/vip-rights-3.fc5e5fb6.png)
VIP文章
![course-privilege](https://csdnimg.cn/release/downloadcmsfe/public/img/vip-rights-4.320a6894.png)
课程特权
![rights](https://csdnimg.cn/release/downloadcmsfe/public/img/vip-rights-icon.fe0226a8.png)
开通VIP
上传资源 快速赚钱
我的内容管理 展开
我的资源 快来上传第一个资源
我的收益
登录查看自己的收益我的积分 登录查看自己的积分
我的C币 登录后查看C币余额
我的收藏
我的下载
下载帮助
![voice](https://csdnimg.cn/release/downloadcmsfe/public/img/voice.245cc511.png)
![center-task](https://csdnimg.cn/release/downloadcmsfe/public/img/center-task.c2eda91a.png)
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
![feedback](https://img-home.csdnimg.cn/images/20220527035711.png)
![feedback](https://img-home.csdnimg.cn/images/20220527035711.png)
![feedback-tip](https://img-home.csdnimg.cn/images/20220527035111.png)
安全验证
文档复制为VIP权益,开通VIP直接复制
![dialog-icon](https://csdnimg.cn/release/downloadcmsfe/public/img/green-success.6a4acb44.png)
- 1
- 2
前往页