def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
h1 = net.addDockerHost(
"h1",
dimage="dev_test",
ip="10.0.0.1",
docker_args={
"cpuset_cpus": "0",
"nano_cpus": int(1e8)
},
)
h2 = net.addDockerHost(
"h2",
dimage="dev_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "0",
"nano_cpus": int(1e8)
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, h1, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, h2, bw=10, delay="10ms")
info("*** Starting network\n")
net.start()
info("*** Create TUN interfaces in h1\n")
h1.cmd("ip tuntap add mode tun tun-test")
h1.cmd("ip link set tun-test up")
print("* Interfaces in the main namespace of h1:")
ret = h1.cmd("ip link")
print(ret)
info(
"*** Load a XDP(eBPF) program to drop all frames sent to and from h2\n"
)
fn = b.load_func("drop_all", BPF.XDP)
b.attach_xdp("s1-h2", fn, 0)
net.ping([h1, h2])
info("*** Remove the XDP(eBPF) program\n")
b.remove_xdp("s1-h2", 0)
net.ping([h1, h2])
info("*** Stopping network")
net.stop()
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(build=False,
link=TCLink,
xterms=False,
autoSetMacs=True,
autoStaticArp=True)
info("*** Adding Controller\n")
controller = net.addController("c0",
controller=RemoteController,
ip="127.0.0.1",
port=6633)
controller.start()
info("*** Add switches\n")
for i in range(4):
sw = net.addSwitch("s%d" % (i + 1), dpid="%016x" % (i + 1))
sw.start([controller])
sw.cmdPrint("ovs-ofctl show s%d" % (i + 1))
sw.cmdPrint("ovs-vsctl show")
info("Add hosts\n")
for i in range(4):
net.addDockerHost("h%d" % (i + 1),
dimage="dev_test",
ip="10.0.0.%d" % (i + 1))
info("*** Add links\n")
http_link_config = {"bw": 1}
video_link_config = {"bw": 10}
net.addLinkNamedIfce("s1", "s2", **http_link_config)
net.addLinkNamedIfce("s2", "s4", **http_link_config)
net.addLinkNamedIfce("s1", "s3", **video_link_config)
net.addLinkNamedIfce("s3", "s4", **video_link_config)
net.addLinkNamedIfce("s1", "h1", bw=100, use_htb=True)
net.addLinkNamedIfce("s1", "h2", bw=100, use_htb=True)
net.addLinkNamedIfce("s4", "h3", bw=100, use_htb=True)
net.addLinkNamedIfce("s4", "h4", bw=100, use_htb=True)
net.build()
info("*** Starting network\n")
net.start()
info("*** Enter CLI\n")
info("Use help command to get CLI usages\n")
CLI(net)
info("*** Stopping network")
net.stop()
def testTopo():
# xterms=True, spawn xterms for all nodes after net.start()
net = Containernet(controller=Controller, link=TCLink, xterms=True)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
h1 = net.addDockerHost(
"h1",
dimage="dev_test",
ip="10.0.0.1/24",
docker_args={
"cpuset_cpus": "0",
"nano_cpus": int(1e8),
"hostname": "h1"
},
)
h2 = net.addDockerHost(
"h2",
dimage="dev_test",
ip="10.0.0.2/24",
docker_args={
"cpuset_cpus": "0",
"nano_cpus": int(1e8),
"hostname": "h2"
},
)
h3 = net.addHost("h3", ip="10.0.0.3/24")
h4 = net.addHost("h4", ip="10.0.0.4/24")
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, h1, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, h2, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, h3, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, h4, bw=10, delay="100ms")
info("*** Starting network\n")
net.start()
info("*** Enter CLI\n")
info("Use help command to get CLI usages\n")
CLI(net)
info("*** Stopping network")
net.stop()
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
h1 = net.addDockerHost("h1",
dimage="sec_test",
ip="10.0.0.1",
docker_args={"cpuset_cpus": "0"})
h2 = net.addDockerHost("h2",
dimage="sec_test",
ip="10.0.0.2",
docker_args={"cpuset_cpus": "0"})
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, h1, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, h2, bw=10, delay="10ms")
info("*** Starting network\n")
net.start()
test_connection(h2)
info("*** Add drop all nftables rule\n")
h1.cmd("nft add table inet filter")
h1.cmd(
"nft add chain inet filter input { type filter hook input priority 0 \; policy accept \; }"
)
h1.cmd("nft add rule inet filter input ip saddr 10.0.0.2 counter drop")
test_connection(h2)
print(h1.cmd("nft list table inet filter"))
info("*** Stopping network")
net.stop()
dimage="dev_test",
ip="10.0.0.7",
docker_args={"hostname": "h7"},
)
h8 = net.addDockerHost(
"h8",
dimage="dev_test",
ip="10.0.0.8",
docker_args={"hostname": "h8"},
)
info("*** Adding switch and links\n")
for i in range(7):
sconfig = {"dpid": "%016x" % (i + 1)}
net.addSwitch("s%d" % (i + 1), protocols="OpenFlow10", **sconfig)
# s1 = net.addSwitch("s1")
# s2 = net.addSwitch("s2")
# s3 = net.addSwitch("s3")
# s4 = net.addSwitch("s4")
# s5 = net.addSwitch("s5")
# s6 = net.addSwitch("s6")
# s7 = net.addSwitch("s7")
# Add switch links
net.addLink("s1", "s3", **http_link_config)
net.addLink("s1", "s4", **http_link_config)
net.addLink("s2", "s4", **http_link_config)
net.addLink("s2", "s5", **http_link_config)
net.addLink("s3", "s6", **http_link_config)
def create_dumbbell():
"""Create a single dumbbell topology with the given number of hosts on one side"""
num_hosts = 2
net = Containernet(
controller=Controller,
link=TCLink,
xterms=False,
)
topo_params = {
"sfc_port": SFC_PORT,
"no_sfc_port": NO_SFC_PORT,
"control_port": CONTROL_PORT,
}
nodes = {}
info("*** Adding controller, listening on port 6653, use OpenFlow 1.3\n")
c1 = net.addController(
"c1", controller=RemoteController, port=6653, protocols="OpenFlow13"
)
topo_params.update({"controllers": [{"name": "c1", "port": 6653}]})
info(f"*** Adding {num_hosts} clients and {num_hosts} servers\n")
# Boilerplate code...
clients = []
servers = []
topo_params["clients"] = {}
topo_params["servers"] = {}
# TODO: Play with cpuset_cpus if measurement results are not good enough
for i in range(1, num_hosts + 1):
client_ip = f"10.0.1.{10+i}/16"
server_ip = f"10.0.2.{10+i}/16"
client = net.addDockerHost(
f"client{i}",
dimage=f"{DIMAGE}",
ip=client_ip,
docker_args={
"cpuset_cpus": "0",
"nano_cpus": int(1e9),
"hostname": f"client{i}",
"working_dir": "/coin_dl",
"volumes": {
CURRENT_DIR: {"bind": "/coin_dl/share", "mode": "rw"},
},
},
)
server = net.addDockerHost(
f"server{i}",
dimage=f"{DIMAGE}",
ip=server_ip,
docker_args={
"cpuset_cpus": "1",
"nano_cpus": int(1e9),
"hostname": f"server{i}",
"working_dir": "/coin_dl",
"volumes": {
CURRENT_DIR: {"bind": "/coin_dl/share", "mode": "rw"},
},
},
)
clients.append(client)
topo_params["clients"][client.name] = {
"ip": client_ip,
}
servers.append(server)
topo_params["servers"][server.name] = {
"ip": server_ip,
}
info("*** Adding two switches and two VNF nodes\n")
s1 = net.addSwitch("s1", protocols="OpenFlow13")
s2 = net.addSwitch("s2", protocols="OpenFlow13")
switches = [s1, s2]
DPDK_VOLUME = {
"/sys/kernel/mm/hugepages": {
"bind": "/sys/kernel/mm/hugepages",
"mode": "rw",
},
"/dev": {"bind": "/dev", "mode": "rw"},
CURRENT_DIR: {"bind": "/coin_dl/share", "mode": "rw"},
}
vnfs = []
for i in range(1, len(switches) + 1):
vnf = net.addDockerHost(
f"vnf{i}",
dimage=f"{DIMAGE}",
ip=f"10.0.3.{10+i}/16",
docker_args={
"cpuset_cpus": "3",
"nano_cpus": int(9e8 / 2),
"hostname": f"vnf{i}",
"volumes": DPDK_VOLUME,
"working_dir": "/coin_dl",
},
)
vnfs.append(vnf)
# TODO: Pick up the suitable parameters here.
# TODO: Use better DS and names for parameters here.
BW_MAX_NODE = 1000 # 1Gb/sec
DELAY_MIN_NODE_MS = 1
DELAY_MIN_NODE_MS_STR = f"{DELAY_MIN_NODE_MS}ms"
BW_MIN_NODE = 100
DELAY_MAX_NODE_MS = 10
DELAY_MAX_NODE_MS_STR = f"{DELAY_MAX_NODE_MS}ms"
BW_BOTTLENECK = 100 # Mbits/s
DELAY_BOTTLENECK_MS = 100
DELAY_BOTTLENECK_MS_STR = str(DELAY_BOTTLENECK_MS) + "ms"
BDP = ((BW_BOTTLENECK * 10 ** 6) * (DELAY_BOTTLENECK_MS * 10 ** -3)) / 8.0
info(f"\n*** The BDP of the bottleneck link is {BDP:.2f} B\n")
topo_params.update(
{
"bottleneck": {
"bandwidth_mbps": BW_BOTTLENECK,
"delay_ms": DELAY_BOTTLENECK_MS,
"BDP_B": BDP,
}
}
)
info("*** Creating links\n")
for client, server in zip(clients, servers):
# TODO (Zuo): Check if max_queue_size need to be added here
net.addLinkNamedIfce(client, s1, bw=BW_MAX_NODE, delay=DELAY_MIN_NODE_MS_STR)
# Here... the server should also be a "bottleneck"
net.addLinkNamedIfce(s2, server, bw=BW_MIN_NODE, delay=DELAY_MAX_NODE_MS_STR)
# Add bottleneck link
net.addLinkNamedIfce(s1, s2, bw=BW_BOTTLENECK, delay=DELAY_BOTTLENECK_MS_STR)
for switch, vnf in zip(switches, vnfs):
# TODO (Zuo): Check if max_queue_size need to be added here, to remove additional queuing latency of VNF data interfaces
net.addLinkNamedIfce(switch, vnf, bw=BW_MAX_NODE, delay="0ms")
with open("./dumbbell.json", "w+", encoding="ascii") as f:
json.dump(topo_params, f, sort_keys=True, indent=2)
nodes["clients"] = clients
nodes["servers"] = servers
nodes["switches"] = switches
nodes["vnfs"] = vnfs
nodes["controllers"] = [c1]
return (net, nodes, topo_params)
info("Add link\n")
net.addLink(switch, a1, bw=10, delay="10ms")
if __name__ == "__main__":
setLogLevel("info")
timeout = input("Insert time to live in min:")
net = Containernet(controller=Controller, link=TCLink)
info("Add controller c0\n")
net.addController("c0")
info("Add switch s1\n")
switch = net.addSwitch("s1")
broker()
valvole()
umidificatori()
split()
luci()
tapparelle()
sonde()
def run_net():
# To be tested parameters at runtime
loss_rates = [30]
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
h1 = net.addHost(
"h1",
cls=DockerHost,
dimage="dev_test",
ip="10.0.0.1/24",
docker_args={"cpuset_cpus": "0", "nano_cpus": int(1e8)},
)
h2 = net.addHost(
"h2",
cls=DockerHost,
dimage="dev_test",
ip="10.0.0.2/24",
docker_args={"cpuset_cpus": "0", "nano_cpus": int(1e8)},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLink(h1, s1, bw=10, delay="100ms", intfName1="h1-s1", intfName2="s1-h1")
net.addLink(h2, s1, bw=10, delay="100ms", intfName1="h2-s1", intfName2="s1-h2")
info("*** Starting network\n")
net.start()
info("**** Testing bandwidth between h1 and h2\n")
net.iperf((h1, h2), l4Type="UDP", udpBw="10M")
info("*** Configure the link loss rate of h1 at runtime\n")
for loss in loss_rates:
print("* The loss rate of h1 is {:.2f}%, unidirectional".format(loss))
print("* Ping test count: %d" % PING_COUNT)
host = net.get("h1")
# INFO: The parent number is defined in mininet/link.py
ret = host.cmd(
"tc qdisc change dev {} {} handle 10: netem loss {}%".format(
"h1-s1", " parent 5:1", loss
)
)
if ret != "":
print("Failed to change loss. Error:%s\n", ret)
ret = h1.cmd("ping -c %d 10.0.0.2" % PING_COUNT)
sent, received = tool.parsePing(ret)
measured = ((sent - received) / float(sent)) * 100.0
print(
"Expected loss rate: {:.2f}%, measured loss rate: {:.2f}%".format(
loss, measured
)
)
info("*** Stopping network")
net.stop()
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
h1 = net.addDockerHost(
"h1",
dimage="sec_test",
ip="10.0.0.1",
docker_args={
"cpuset_cpus": "0",
"nano_cpus": int(1e8)
},
)
h2 = net.addDockerHost(
"h2",
dimage="sec_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "0",
"nano_cpus": int(1e8)
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, h1, bw=10, delay="1ms", use_htb=True)
net.addLinkNamedIfce(s1, h2, bw=10, delay="1ms", use_htb=True)
info("*** Starting network\n")
net.start()
info("*** Create wg key pairs\n")
h1.cmd("umask 077; wg genkey > privatekey")
h1.cmd("wg pubkey < privatekey > publickey")
h1_pubkey = h1.cmd("cat ./publickey").replace("\n", " ").replace("\r", "")
h2.cmd("umask 077; wg genkey > privatekey")
h2.cmd("wg pubkey < privatekey > publickey")
h2_pubkey = h2.cmd("cat ./publickey").replace("\n", " ").replace("\r", "")
info("*** Create wg interfaces\n")
h1.cmd("ip link add dev wg0 type wireguard")
h1.cmd("ip address add dev wg0 192.168.0.1/24")
h2.cmd("ip link add dev wg0 type wireguard")
h2.cmd("ip address add dev wg0 192.168.0.2/24")
info("*** Setup peer configuration\n")
h1.cmd(
"wg set wg0 listen-port 1337 private-key ./privatekey peer {} allowed-ips 192.168.0.0/24 endpoint 10.0.0.2:1337"
.format(h2_pubkey))
h1.cmd("ip link set up dev wg0")
h2.cmd(
"wg set wg0 listen-port 1337 private-key ./privatekey peer {} allowed-ips 192.168.0.0/24 endpoint 10.0.0.1:1337"
.format(h1_pubkey))
h2.cmd("ip link set up dev wg0")
info("*** Test the connection\n")
print("* Ping test count: %d" % PING_COUNT)
ret = h1.cmd("ping -c %d 192.168.0.2" % PING_COUNT)
sent, received = tool.parsePing(ret)
measured = ((sent - received) / float(sent)) * 100.0
print("* Measured loss rate: {:.2f}%".format(measured))
info("*** Stopping network")
net.stop()
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
client = net.addDockerHost(
"client",
dimage="sec_test",
ip="10.0.0.1/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
server = net.addDockerHost(
"server",
dimage="nginx",
ip="10.0.0.2/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
attacker = net.addDockerHost(
"attacker",
dimage="sec_test",
ip="10.0.0.3/24",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, client, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, server, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, attacker, bw=10, delay="10ms")
info("*** Starting network\n")
net.start()
info("** client -> server\n")
test_connection(client, "10.0.0.2")
info("** attacker -> server\n")
test_connection(attacker, "10.0.0.2")
info("\n")
# Create blacklist
info("*** Create blacklist\n")
server.cmd("nft add table inet filter")
server.cmd(
"nft add chain inet filter input { type filter hook input priority 0 \; policy accept \; }"
)
server.cmd("nft add rule inet filter input ip saddr 10.0.0.3 drop")
# Check if client can connect and attacker can not.
info("** client -> server\n")
test_connection(client, "10.0.0.2")
info("** attacker -> server\n")
test_connection(attacker, "10.0.0.2")
# attacker changes her ip address
info("*** attacker changes ip address to a different one!\n")
attacker.cmd("ip a f dev attacker-s1")
attacker.cmd("ip a a 10.0.0." + str(random.randint(3, 250)) +
"/24 dev attacker-s1")
# attacker can connect again
info("** attacker -> server\n")
test_connection(attacker, "10.0.0.2")
info("\n")
# Change to whitelist
info("*** Create whitelist\n")
server.cmd("nft flush rule inet filter input")
server.cmd(
"nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }"
)
server.cmd("nft add rule inet filter input ip saddr 10.0.0.1 accept")
# The server can talk back to server
info("** client -> server\n")
test_connection(client, "10.0.0.2")
info("** attacker -> server\n")
test_connection(attacker, "10.0.0.2")
info("*** Stopping network")
net.stop()
def start() -> None:
net = Containernet(build=False, link=TCLink, xterms=False)
mgr = VNFManager(net)
rx_socket = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
rx_socket.bind(("127.0.0.1", 8016))
cnt: int = 0
active_container: bool = False
full_tree: bool = False
info("\n*** Adding Controller\n")
controller1: RemoteController = net.addController(
"controller1", controller=RemoteController, ip="127.0.0.1", port=6633)
controller1.start()
info("\n*** Adding Hosts\n")
client1: DockerHost = net.addDockerHost(
"client1",
dimage="mec_test",
ip="10.0.0.10",
mac="00:00:00:00:00:01",
docker_args={"volumes": {
"/tmp": {
"bind": "/tmp",
"mode": "rw"
}
}},
)
probe1: DockerHost = net.addDockerHost(
"probe1",
dimage="mec_test",
docker_args={},
ip="10.0.0.40",
mac="00:00:00:00:01:ff",
)
server1: DockerHost = net.addDockerHost(
"server1",
dimage="mec_test",
ip="10.0.0.21",
mac="00:00:00:00:01:01",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server2: DockerHost = net.addDockerHost(
"server2",
dimage="mec_test",
ip="10.0.0.22",
mac="00:00:00:00:01:02",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server3: DockerHost = net.addDockerHost(
"server3",
dimage="mec_test",
ip="10.0.0.23",
mac="00:00:00:00:01:03",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server4: DockerHost = net.addDockerHost(
"server4",
dimage="mec_test",
ip="10.0.0.24",
mac="00:00:00:00:01:04",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
if full_tree:
server5: DockerHost = net.addDockerHost(
"server5",
dimage="mec_test",
ip="10.0.0.25",
mac="00:00:00:00:01:05",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server6: DockerHost = net.addDockerHost(
"server6",
dimage="mec_test",
ip="10.0.0.26",
mac="00:00:00:00:01:06",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server7: DockerHost = net.addDockerHost(
"server7",
dimage="mec_test",
ip="10.0.0.27",
mac="00:00:00:00:01:07",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server8: DockerHost = net.addDockerHost(
"server8",
dimage="mec_test",
ip="10.0.0.28",
mac="00:00:00:00:01:08",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("\n*** Adding Switches\n")
switch1: OVSSwitch = net.addSwitch("switch1")
switch11: OVSSwitch = net.addSwitch("switch11")
switch12: OVSSwitch = net.addSwitch("switch12")
switch111: OVSSwitch = net.addSwitch("switch111")
switch112: OVSSwitch = net.addSwitch("switch112")
switch121: OVSSwitch = net.addSwitch("switch121")
switch122: OVSSwitch = net.addSwitch("switch122")
switch1.start([controller1])
switch1.cmdPrint("ovs-vsctl show")
switch11.start([controller1])
switch11.cmdPrint("ovs-vsctl show")
switch12.start([controller1])
switch12.cmdPrint("ovs-vsctl show")
switch111.start([controller1])
switch111.cmdPrint("ovs-vsctl show")
switch112.start([controller1])
switch112.cmdPrint("ovs-vsctl show")
switch121.start([controller1])
switch121.cmdPrint("ovs-vsctl show")
switch122.start([controller1])
switch122.cmdPrint("ovs-vsctl show")
info("\n*** Adding Links\n")
net.addLink(node1=switch1, node2=client1, delay="200ms", use_htb=True)
net.addLink(node1=switch1, node2=probe1, delay="50ms", use_htb=True)
net.addLink(node1=switch1, node2=switch11, delay="10ms", use_htb=True)
if full_tree:
net.addLink(node1=switch1, node2=switch12, delay="10ms", use_htb=True)
net.addLink(node1=switch11, node2=switch111, delay="10ms", use_htb=True)
net.addLink(node1=switch11, node2=switch112, delay="10ms", use_htb=True)
if full_tree:
net.addLink(node1=switch12,
node2=switch121,
delay="10ms",
use_htb=True)
net.addLink(node1=switch12,
node2=switch122,
delay="10ms",
use_htb=True)
net.addLink(node1=switch111, node2=server1, delay="100ms", use_htb=True)
net.addLink(node1=switch111, node2=server2, delay="150ms", use_htb=True)
net.addLink(node1=switch112, node2=server3, delay="200ms", use_htb=True)
net.addLink(node1=switch112, node2=server4, delay="250ms", use_htb=True)
if full_tree:
net.addLink(node1=switch121,
node2=server5,
delay="300ms",
use_htb=True)
net.addLink(node1=switch121,
node2=server6,
delay="350ms",
use_htb=True)
net.addLink(node1=switch122,
node2=server7,
delay="400ms",
use_htb=True)
net.addLink(node1=switch122,
node2=server8,
delay="450ms",
use_htb=True)
info("\n*** Starting Network\n")
net.build()
net.start()
net.pingAll() # optional
info("\n*** Adding Docker Containers\n")
client1_container: APPContainer = mgr.addContainer(
name="client1_container",
dhost="client1",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/client.py",
)
probe1_container: APPContainer = mgr.addContainer(
name="probe1_container",
dhost="probe1",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_agent.py",
)
probing_server1_container: APPContainer = mgr.addContainer(
name="probing_server1_container",
dhost="server1",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server2_container: APPContainer = mgr.addContainer(
name="probing_server2_container",
dhost="server2",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server3_container: APPContainer = mgr.addContainer(
name="probing_server3_container",
dhost="server3",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server4_container: APPContainer = mgr.addContainer(
name="probing_server4_container",
dhost="server4",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
if full_tree:
probing_server5_container: APPContainer = mgr.addContainer(
name="probing_server5_container",
dhost="server5",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server6_container: APPContainer = mgr.addContainer(
name="probing_server6_container",
dhost="server6",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server7_container: APPContainer = mgr.addContainer(
name="probing_server7_container",
dhost="server7",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
probing_server8_container: APPContainer = mgr.addContainer(
name="probing_server8_container",
dhost="server8",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/probe_server.py",
)
time.sleep(5)
print(
f"client 1 : \n{client1_container.dins.logs().decode('utf-8')}\n"
f"probe 1 : \n{probe1_container.dins.logs().decode('utf-8')}\n"
f"probing server 1 : \n{probing_server1_container.dins.logs().decode('utf-8')}\n"
f"probing server 2 : \n{probing_server2_container.dins.logs().decode('utf-8')}\n"
f"probing server 3 : \n{probing_server3_container.dins.logs().decode('utf-8')}\n"
f"probing server 4 : \n{probing_server4_container.dins.logs().decode('utf-8')}\n"
)
if full_tree:
print(
f"probing server 5 : \n{probing_server5_container.dins.logs().decode('utf-8')}\n"
f"probing server 6 : \n{probing_server6_container.dins.logs().decode('utf-8')}\n"
f"probing server 7 : \n{probing_server7_container.dins.logs().decode('utf-8')}\n"
f"probing server 8 : \n{probing_server8_container.dins.logs().decode('utf-8')}\n"
)
# time.sleep(2)
# CLI(net)
time.sleep(30)
server_container: APPContainer = None
info("\n*** Await REST instruction from Controller\n"
) # REST -> REpresentational State Transfer
while True:
data, addr = rx_socket.recvfrom(1024)
_: str = data.decode()
print(f"{_} {_[_.__len__()-1]}")
if active_container: # if container set, remove it
mgr.removeContainer(server_container.name)
time.sleep(2) # prevent hang on waitContainerStart()
print("removing container")
server_container: APPContainer = mgr.addContainer(
name="server_container",
# update dhost appropriate to target host
dhost=f"server{_[_.__len__()-1]}",
dimage="mec_test",
docker_args={},
dcmd="python3.6 /tmp/server.py",
)
print(
f"New container : \n{server_container.dins.logs().decode('utf-8')} on server{_[_.__len__()-1]}"
)
cnt += 1
active_container = True
time.sleep(10) # dont allow container change too frequent
if cnt > 10:
break
info("\n*** Removing Docker Containers\n")
mgr.removeContainer(client1_container.name)
mgr.removeContainer(probe1_container.name)
mgr.removeContainer(probing_server1_container.name)
mgr.removeContainer(probing_server2_container.name)
mgr.removeContainer(probing_server3_container.name)
mgr.removeContainer(probing_server4_container.name)
if full_tree:
mgr.removeContainer(probing_server5_container.name)
mgr.removeContainer(probing_server6_container.name)
mgr.removeContainer(probing_server7_container.name)
mgr.removeContainer(probing_server8_container.name)
info("\n*** Stopping Network\n")
net.stop()
mgr.stop()
def testTopo():
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
client = net.addDockerHost(
"client",
dimage="sec_test",
ip="10.0.0.1/24",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server = net.addDockerHost(
"server",
dimage="nginx",
ip="10.0.0.2/24",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, client, bw=100, delay="10ms")
net.addLinkNamedIfce(s1, server, bw=100, delay="10ms")
info("*** Starting network\n")
try:
net.start()
info("** client -> server\n")
info("** " + str(test_connection(client, "10.0.0.2")) + "\n")
info("\n")
# Create whitelist
info("*** Create whitelist\n")
server.cmd("nft add table inet filter")
server.cmd(
"nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }"
)
server.cmd("nft add rule inet filter input ip saddr 10.0.0.1 accept")
# The server can talk back to client
info("** server -> client\n")
info("** " + str(test_connection(server, "10.0.0.1")) + "\n")
# But he cannot talk to some other server on the internet, this is a problem
info("** server -> internet\n")
info("** " + str(test_connection(server, "8.8.8.8")) + "\n")
info("\n")
info(
"*** The server can only communicate with the client because of the implemented whitelist filtering.\n"
)
info(
"*** When the server wants to talk to the internet the internet cannot talk back because the incoming "
"traffic is dropped.\n")
info(
"*** Use the connection tracking state to allow established connections to answer the server.\n"
)
info("*** Do this without removing the whitelist.\n")
while not test_connection(server, "8.8.8.8") or not test_connection(
client, "10.0.0.2"):
sleep(5)
info("** server -> internet\n")
info("** " + str(test_connection(server, "8.8.8.8")) + "\n")
info(
"*** Now we want to make sure that the client cannot overload the server with traffic.\n"
)
info("*** Drop all traffic of the client that exceeds 10 Mbit/s.\n")
# client is overdoing it a little and our server cannot handle all of its requests...
server.cmd("iperf -s &")
while try_to_flood_the_server(client):
sleep(5)
info("\n")
except KeyboardInterrupt:
info("** KeyboardInterrupt detected, exit the program.\n")
finally:
info("*** Stopping network")
net.stop()
def myTopology():
net = Containernet(
switch=OVSKernelSwitch,
build=False,
autoSetMacs=True,
autoStaticArp=True,
link=TCLink,
)
mgr = VNFManager(net)
setLogLevel("info")
info("*** Add Switches\n")
sconfig1 = {"dpid": "%016x" % 1}
sconfig2 = {"dpid": "%016x" % 2}
sconfig3 = {"dpid": "%016x" % 3}
sconfig4 = {"dpid": "%016x" % 4}
sconfig5 = {"dpid": "%016x" % 5}
net.addSwitch("s1", **sconfig1)
net.addSwitch("s2", **sconfig2)
net.addSwitch("s3", **sconfig3)
net.addSwitch("s4", **sconfig4)
net.addSwitch("s5", **sconfig5)
info("*** Add Hosts\n")
host_config = dict(inNamespace=True)
#net.addHost("h1", **host_config, ip="192.0.0.1")
h1 = net.addDockerHost(
"h1",
dimage="dev_test",
ip="192.0.0.1",
docker_args={"hostname": "h1"},
)
h2 = net.addDockerHost(
"h2",
dimage="dev_test",
ip="192.0.0.2",
docker_args={"hostname": "h2"},
)
h3 = net.addDockerHost(
"h3",
dimage="dev_test",
ip="192.0.0.3",
docker_args={"hostname": "h3"},
)
h4 = net.addDockerHost(
"h4",
dimage="dev_test",
ip="192.0.0.4",
docker_args={"hostname": "h4"},
)
h5 = net.addDockerHost(
"h5",
dimage="dev_test",
ip="192.0.0.5",
docker_args={"hostname": "h5"},
)
h6 = net.addDockerHost(
"h6",
dimage="dev_test",
ip="192.0.0.6",
docker_args={"hostname": "h6"},
)
h7 = net.addDockerHost(
"h7",
dimage="dev_test",
ip="192.0.0.7",
docker_args={"hostname": "h7"},
)
h8 = net.addDockerHost(
"h8",
dimage="dev_test",
ip="192.0.0.8",
docker_args={"hostname": "h8"},
)
info("*** Add Links\n")
net.addLink("h1", "s1", bw=B1)
net.addLink("h2", "s1", bw=B1)
net.addLink("h3", "s1", bw=B1)
net.addLink("h4", "s5", bw=B2)
net.addLink("h5", "s5", bw=B2)
net.addLink("s1", "s2", bw=B1)
net.addLink("s2", "s3", bw=B1, delay=DELAY)
net.addLink("s3", "s4", bw=B1, delay=DELAY)
net.addLink("s2", "s4", bw=B2)
net.addLink("s1", "s4", bw=B1)
net.addLink("s1", "s5", bw=B1)
net.addLink("s4", "h6", bw=B1)
net.addLink("s4", "h7", bw=B1)
net.addLink("s4", "h8", bw=B1)
info("*** Add controller\n")
controller = RemoteController("c0", ip="127.0.0.1", port=6633)
net.addController(controller)
net.build()
#controller.start()
#s1.start( [controller] )
#s2.start( [controller] )
#s1.cmd("ovs-vsctl set port s1-eth4 qos=@newqos -- --id=@newqos create QoS type=linux-htb other-config:max-rate=1000000 queues:123=@1q queues:234=@2q -- --id=@1q create queue other-config:min-rate=100000 other-config:max-rate=700000 -- --id=@2q create queue other-config:min-rate=100000 other-config:max-rate=700000")
#s1.cmd("ovs-ofctl add-flow s1 nw_src=192.0.0.2,nw_dst=192.0.0.7,actions=enqueue:4:123")
net.start()
srv1 = mgr.addContainer(
"srv1",
"h1",
"servernew",
"python /home/servernew.py",
docker_args={},
) #autonomus
srv2 = mgr.addContainer(
"srv2",
"h2",
"dev_test",
"bash",
docker_args={},
) #udp
srv3 = mgr.addContainer(
"srv3",
"h3",
"eclipse-mosquitto",
"bash",
docker_args={},
) #brocker
srv4 = mgr.addContainer(
"srv4",
"h4",
"aksakalli/mqtt-client",
"bash /home/clientnew.sh",
docker_args={},
)
srv5 = mgr.addContainer(
"srv5",
"h5",
"aksakalli/mqtt-client",
"bash",
docker_args={},
)
srv6 = mgr.addContainer(
"srv6",
"h6",
"dev_test",
"bash",
docker_args={},
)
srv7 = mgr.addContainer(
"srv7",
"h7",
"dev_test",
"bash",
docker_args={},
)
srv8 = mgr.addContainer(
"srv8",
"h8",
"dev_test",
"bash",
docker_args={},
)
spawnXtermDocker("srv2")
spawnXtermDocker("srv7")
CLI(net)
mgr.removeContainer("srv1")
mgr.removeContainer("srv2")
mgr.removeContainer("srv3")
mgr.removeContainer("srv4")
mgr.removeContainer("srv5")
mgr.removeContainer("srv6")
mgr.removeContainer("srv7")
mgr.removeContainer("srv8")
net.stop()
mgr.stop()
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
center = net.addDockerHost(
"center",
dimage="sec_test",
ip="10.0.0.1",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
client1 = net.addDockerHost(
"h2",
dimage="sec_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
client2 = net.addDockerHost(
"h3",
dimage="sec_test",
ip="10.0.0.3",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
client3 = net.addDockerHost(
"h4",
dimage="sec_test",
ip="10.0.0.4",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, center, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, client1, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, client2, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, client3, bw=10, delay="10ms")
try:
info("*** Starting network\n")
net.start()
info("*** Create wg key pairs\n")
center_private_key, center_public_key = generate_key_pair_for_host(
center)
h2_private_key, h2_public_key = generate_key_pair_for_host(client1)
h3_private_key, h3_public_key = generate_key_pair_for_host(client2)
h4_private_key, h4_public_key = generate_key_pair_for_host(client3)
info("*** Create wg interfaces\n")
info(
"*** Create a star topology with center as the center. Instead of using wg tool write a configuration for the\n"
)
info(
"*** interface and place it in /etc/wireguard/wg0.conf, then use the wg-quick command to setup the interface.\n"
)
info(
"*** The wg and wg-quick manpages contain a reference for the syntax of the configuration file.\n"
)
info(
"*** Use the network 192.168.0.0/24 for the inner tunnel and asign 192.168.0.1 to the center.\n"
)
while (not test_connection(client1, "192.168.0.1")
or not test_connection(client2, "192.168.0.1")
or not test_connection(client3, "192.168.0.1")):
sleep(10)
except KeyboardInterrupt:
info("** KeyboardInterrupt detected, exit the program.\n")
finally:
info("*** Stopping network")
net.stop()
def testTopo():
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
client = net.addDockerHost(
"client",
dimage="sec_test",
ip="10.0.0.1",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
server = net.addDockerHost(
"server",
dimage="sec_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
attacker = net.addDockerHost(
"attacker",
dimage="sec_test",
ip="10.0.0.3",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, client, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, server, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, attacker, bw=10, delay="10ms")
try:
info("*** Starting network\n")
net.start()
info("*** Attacker, Client and Server setup\n")
client.cmd("ping -c 10 10.0.0.2")
attacker.cmd(
"printf -- '#!/bin/bash\narpspoof -i attacker-s1 -t 10.0.0.1 10.0.0.2 >> /dev/null &\narpspoof -i attacker-s1 -t 10.0.0.2 10.0.0.1 >> /dev/null &' > spoof.sh; chmod +x spoof.sh; ./spoof.sh"
)
sleep(10)
attacker.cmd(
"tcpdump -vvv -i attacker-s1 -B 100000 ip >> messages.log &")
sleep(10)
server.cmd("mkdir -p /var/run/vsftpd/empty")
server.cmd("vsftpd &")
info(
"*** Setup a tunnel to protect the ftp request from the MitM attacker!\n"
)
info(
"*** First create key pairs for the client and server and then establish a WireGuard tunnel between them\n"
)
info("*** Use the inner tunnel ip 192.168.0.2 for the server!\n")
x = 0
while not check_secure_network_tunnel(attacker, client, x):
sleep(10)
x = x + 1
except KeyboardInterrupt:
info("** KeyboardInterrupt detected, exit the program.\n")
finally:
info("*** Stopping network")
net.stop()
def run_benchmark(proto):
net = Containernet(controller=Controller,
link=TCLink,
switch=OVSSwitch,
autoStaticArp=False)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
# MARK: The relay should run on a different CPU core as the client and
# server. To avoid cache misses of the VNF running on the relay.
info("*** Adding client and server.\n")
client = net.addDockerHost(
"client",
dimage="lat_bm:latest",
ip="10.0.0.100/24",
docker_args={
"cpuset_cpus": "0",
"volumes": {
"%s" % FFPP_DIR: {
"bind": "/ffpp",
"mode": "ro"
}
},
},
)
net.addLinkNamedIfce(s1, client, delay="100ms")
server = net.addDockerHost(
"server",
dimage="lat_bm:latest",
ip="10.0.0.200/24",
docker_args={"cpuset_cpus": "0"},
)
net.addLinkNamedIfce(s1, server, delay="100ms")
if ADD_RELAY:
cpus_relay = "1"
if TEST_NF == "l2fwd-power":
print(
"*** [INFO] l2fwd-power application require at least one master and one slave core.\n"
"The master handles timers and slave core handles forwarding task."
)
cpus_relay = "0,1"
info("*** Adding relay.\n")
# Need additional mounts to run DPDK application
# MARK: Just used for development, never use this in production container
# setup.
relay = net.addDockerHost(
"relay",
dimage="ffpp:latest",
ip="10.0.0.101/24",
docker_args={
"cpuset_cpus": cpus_relay,
"nano_cpus": int(1.0 * 1e9),
"volumes": {
"/sys/bus/pci/drivers": {
"bind": "/sys/bus/pci/drivers",
"mode": "rw",
},
"/sys/kernel/mm/hugepages": {
"bind": "/sys/kernel/mm/hugepages",
"mode": "rw",
},
"/sys/devices/system/node": {
"bind": "/sys/devices/system/node",
"mode": "rw",
},
"/dev": {
"bind": "/dev",
"mode": "rw"
},
"%s" % FFPP_DIR: {
"bind": "/ffpp",
"mode": "rw"
},
},
},
)
net.addLinkNamedIfce(s1, relay, delay="100ms")
info("*** Starting network\n")
net.start()
net.pingAll()
nodes = [n.name for n in net.hosts]
sw_ifaces = [f"s1-{n}" for n in nodes]
info("*** Disable kernel IP checksum offloading.\n")
for iface in sw_ifaces:
check_output(split(f"ethtool --offload {iface} rx off tx off"))
node_portnum_map = {n: getOFPort(s1, f"s1-{n}") for n in nodes}
if ADD_RELAY:
info("*** Add OpenFlow rules for traffic redirection.\n")
peer_map = {"client": "relay", "relay": "server", "server": "client"}
for p in ["udp", "tcp"]:
for peer in peer_map.keys():
check_output(
split(
'ovs-ofctl add-flow s1 "{},in_port={},actions=output={}"'
.format(p, node_portnum_map[peer],
node_portnum_map[peer_map[peer]])))
if DEBUG:
flow_table = s1.dpctl("dump-flows")
print(f"*** Current flow table of s1: \n {flow_table}")
info("*** Run DPDK helloworld\n")
relay.cmd("cd $RTE_SDK/examples/helloworld && make")
ret = relay.cmd(
"cd $RTE_SDK/examples/helloworld/build && ./helloworld")
print(f"Output of helloworld app:\n{ret}")
DISPATCHER[TEST_NF](relay)
server.cmd("pkill sockperf")
setup_server(server, proto)
for mps in LAT_TEST_PARAS["client_mps_list"]:
run_latency_test(server, client, proto, mps)
time.sleep(3)
if ENTER_CLI:
info("*** Enter CLI\n")
info("Use help command to get CLI usages\n")
CLI(net)
info("*** Stopping network")
net.stop()
dimage="dev_test",
ip="10.0.0.7",
docker_args={"hostname": "h7"},
)
h8 = net.addDockerHost(
"h8",
dimage="dev_test",
ip="10.0.0.8",
docker_args={"hostname": "h8"},
)
info("*** Adding switch and links\n")
for i in range(7):
sconfig = {'dpid': "%016x" % (i + 1)}
net.addSwitch('s%d' % (i + 1), protocols='OpenFlow10', **sconfig)
#s1 = net.addSwitch("s1")
#s2 = net.addSwitch("s2")
#s3 = net.addSwitch("s3")
#s4 = net.addSwitch("s4")
#s5 = net.addSwitch("s5")
#s6 = net.addSwitch("s6")
#s7 = net.addSwitch("s7")
# Add switch links
net.addLink('s1', 's3', **http_link_config)
net.addLink('s1', 's4', **http_link_config)
net.addLink('s2', 's4', **http_link_config)
net.addLink('s2', 's5', **http_link_config)
net.addLink('s3', 's6', **http_link_config)
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
client = net.addDockerHost(
"client",
dimage="sec_test",
ip="10.0.0.1/24",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
server = net.addDockerHost(
"server",
dimage="nginx",
ip="10.0.0.2/24",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, client, bw=100, delay="10ms")
net.addLinkNamedIfce(s1, server, bw=100, delay="10ms")
info("*** Starting network\n")
net.start()
info("** client -> server\n")
test_connection(client, "10.0.0.2")
info("\n")
# Create whitelist
info("*** Create whitelist\n")
server.cmd("nft add table inet filter")
server.cmd(
"nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }"
)
server.cmd("nft add rule inet filter input ip saddr 10.0.0.1 accept")
# The server can talk back to client
info("** server -> client\n")
test_connection(server, "10.0.0.2")
# But he cannot talk to some other server on the internet, this is a problem
info("** server -> internet\n")
test_connection(server, "8.8.8.8")
info("\n")
info("*** Enable connection tracking\n")
server.cmd(
"nft add rule inet filter input ct state established,related accept")
info("** server -> internet\n")
test_connection(server, "8.8.8.8")
# client is overdoing it a little and our server cannot handle all of its requests...
info("*** client is flodding server with too many requests!\n")
server.cmd("iperf -s &")
print(client.cmd("iperf -c 10.0.0.2"))
server.cmd(
"nft insert rule inet filter input position 2 limit rate over 1 mbytes/second drop"
)
print(client.cmd("iperf -c 10.0.0.2"))
info("\n")
info("*** Stopping network")
net.stop()
def testTopo():
# xterms=True, spawn xterms for all nodes after net.start()
net = Containernet(controller=Controller, link=TCLink, xterms=True)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
compressor = net.addDockerHost(
"compressor",
dimage="o2sc",
ip="10.0.0.1/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000,
"hostname": "compressor"
},
)
decompressor = net.addDockerHost(
"decompressor",
dimage="o2sc",
ip="10.0.0.2/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000,
"hostname": "decompressor",
},
)
source_1 = net.addDockerHost(
"source_1",
dimage="o2sc",
ip="10.0.0.11/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000,
"hostname": "source_1"
},
)
source_2 = net.addDockerHost(
"source_2",
dimage="o2sc",
ip="10.0.0.12/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000,
"hostname": "source_2"
},
)
source_3 = net.addDockerHost(
"source_3",
dimage="o2sc",
ip="10.0.0.13/24",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000,
"hostname": "source_3"
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, compressor, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, decompressor, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, source_1, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, source_2, bw=10, delay="100ms")
net.addLinkNamedIfce(s1, source_3, bw=10, delay="100ms")
info("*** Starting network\n")
net.start()
net.pingAll()
info("*** Enter CLI\n")
info("Use help command to get CLI usages\n")
CLI(net)
info("*** Stopping network")
net.stop()
def testMuNF(nano_cpus):
net = Containernet(controller=Controller, link=TCLink)
mgr = VNFManager(net)
start_ts = time.time()
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding Docker hosts\n")
pktgen = net.addDockerHost(
"pktgen",
dimage=f"trex:{TREX_VER}",
ip="10.0.0.1/24",
docker_args={
"cpuset_cpus": "0",
"hostname": "pktgen",
"volumes": {
os.path.join(TREX_CONF_DIR, "trex_cfg.yaml"): {
"bind": "/etc/trex_cfg.yaml",
"mode": "rw",
},
TREX_CONF_DIR: {"bind": f"/trex/{TREX_VER}/local", "mode": "rw"},
},
},
)
dut = net.addDockerHost(
"dut",
dimage=f"ffpp:{FFPP_VER}",
ip="10.0.0.2/24",
docker_args={
"cpuset_cpus": "1,2",
"nano_cpus": int(nano_cpus),
"hostname": "dut",
"volumes": {
"/sys/bus/pci/drivers": {"bind": "/sys/bus/pci/drivers", "mode": "rw"},
"/sys/kernel/mm/hugepages": {
"bind": "/sys/kernel/mm/hugepages",
"mode": "rw",
},
"/sys/devices/system/node": {
"bind": "/sys/devices/system/node",
"mode": "rw",
},
"/dev": {"bind": "/dev", "mode": "rw"},
FFPP_DIR: {"bind": "/ffpp", "mode": "rw"},
},
},
)
s1 = net.addSwitch("s1")
# Control plane links.
net.addLinkNamedIfce(s1, pktgen)
net.addLinkNamedIfce(s1, dut)
# Data plane links.
net.addLink(
dut, pktgen, bw=1000, delay="1ms", intfName1="vnf-in", intfName2="pktgen-out"
)
net.addLink(
dut, pktgen, bw=1000, delay="1ms", intfName1="vnf-out", intfName2="pktgen-in"
)
pktgen.cmd("ip addr add 192.168.17.1/24 dev pktgen-out")
pktgen.cmd("ip addr add 192.168.18.1/24 dev pktgen-in")
dut.cmd("ip addr add 192.168.17.2/24 dev vnf-in")
dut.cmd("ip addr add 192.168.18.2/24 dev vnf-out")
# TODO: Deploy a chain of CNFs.
cnfs = list()
for n in range(1):
cnf = mgr.addContainer(
f"cnf{n}",
"dut",
f"ffpp:{FFPP_VER}",
"/bin/bash",
docker_args={
"volumes": {
"/sys/bus/pci/drivers": {
"bind": "/sys/bus/pci/drivers",
"mode": "rw",
},
"/sys/kernel/mm/hugepages": {
"bind": "/sys/kernel/mm/hugepages",
"mode": "rw",
},
"/sys/devices/system/node": {
"bind": "/sys/devices/system/node",
"mode": "rw",
},
"/dev": {"bind": "/dev", "mode": "rw"},
FFPP_DIR: {"bind": "/ffpp", "mode": "rw"},
}
},
)
cnfs.append(cnf)
net.start()
# Avoid looping
pktgen.cmd("ip addr flush dev pktgen-s1")
pktgen.cmd("ip link set pktgen-s1 down")
dut.cmd("ip addr flush dev dut-s1")
dut.cmd("ip link set dut-s1 down")
pktgen.cmd("ping -c 5 192.168.17.2")
pktgen.cmd("ping -c 5 192.168.18.2")
duration = time.time() - start_ts
print(f"Setup duration: {duration:.2f} seconds.")
CLI(net)
info("*** Stopping network\n")
net.stop()
mgr.stop()
def testTopo():
"""testTopo"""
net = Containernet(
controller=Controller,
link=TCLink,
autoSetMacs=True,
autoStaticArp=True,
xterms=True,
)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
client = net.addDockerHost(
"client",
dimage="yolov2",
ip="10.0.0.11/24",
docker_args={
"cpuset_cpus": "0",
"hostname": "client"
},
)
vnf = net.addDockerHost(
"vnf",
dimage="yolov2",
ip="10.0.0.12/24",
docker_args={
"cpuset_cpus": "0",
"hostname": "vnf"
},
)
# Run server on another vCPU since it is more compute-intensive than client
# and vnf.
server = net.addDockerHost(
"server",
dimage="yolov2",
ip="10.0.0.21/24",
docker_args={
"cpuset_cpus": "1",
"hostname": "server"
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, client, bw=10, delay="150ms", use_htb=True)
net.addLinkNamedIfce(s1, vnf, bw=10, delay="150ms", use_htb=True)
net.addLinkNamedIfce(s1, server, bw=10, delay="150ms", use_htb=True)
info("*** Starting network\n")
net.start()
net.pingAll()
add_ovs_flows()
ifces = ["s1-vnf"]
disable_cksum_offload(ifces)
info("*** Enter CLI\n")
CLI(net)
info("*** Stopping network")
net.stop()
def myTopology():
net = Containernet(
switch=OVSKernelSwitch,
build=False,
autoSetMacs=True,
autoStaticArp=True,
link=TCLink,
)
mgr = VNFManager(net)
setLogLevel("info")
info("*** Add Switches\n")
sconfig1 = {"dpid": "%016x" % 1}
sconfig2 = {"dpid": "%016x" % 2}
sconfig3 = {"dpid": "%016x" % 3}
sconfig4 = {"dpid": "%016x" % 4}
net.addSwitch("s1", **sconfig1)
net.addSwitch("s2", **sconfig2)
net.addSwitch("s3", **sconfig3)
net.addSwitch("s4", **sconfig4)
info("*** Add Hosts\n")
host_config = dict(inNamespace=True)
#net.addHost("h1", **host_config, ip="192.0.0.1")
h1 = net.addDockerHost(
"h1",
dimage="dev_test",
ip="192.0.0.1",
docker_args={"hostname": "h1"},
)
h2 = net.addDockerHost(
"h2",
dimage="dev_test",
ip="192.0.0.2",
docker_args={"hostname": "h2"},
)
h3 = net.addDockerHost(
"h3",
dimage="dev_test",
ip="192.0.0.3",
docker_args={"hostname": "h3"},
)
h4 = net.addDockerHost(
"h4",
dimage="dev_test",
ip="192.0.0.4",
docker_args={"hostname": "h4"},
)
h5 = net.addDockerHost(
"h5",
dimage="dev_test",
ip="192.0.0.5",
docker_args={"hostname": "h5"},
)
h6 = net.addDockerHost(
"h6",
dimage="dev_test",
ip="192.0.0.6",
docker_args={"hostname": "h6"},
)
h7 = net.addDockerHost(
"h7",
dimage="dev_test",
ip="192.0.0.7",
docker_args={"hostname": "h7"},
)
info("*** Add Links\n")
net.addLink("h1", "s1", bw=B1)
net.addLink("h2", "s1", bw=B1)
net.addLink("h3", "s1", bw=B1)
net.addLink("h4", "s1", bw=B1)
net.addLink("s1", "s2", bw=B1)
net.addLink("s2", "s3", bw=B1, delay=DELAY)
net.addLink("s3", "s4", bw=B1, delay=DELAY)
net.addLink("s2", "s4", bw=B2)
net.addLink("s1", "s4", bw=B1)
net.addLink("s4", "h5", bw=B1)
net.addLink("s4", "h6", bw=B1)
net.addLink("s4", "h7", bw=B1)
info("*** Add controller\n")
controller = RemoteController("c1", ip="127.0.0.1", port=6633)
net.addController(controller)
net.build()
net.start()
srv1 = mgr.addContainer(
"srv1",
"h1",
"echo_server",
"python /home/server_ad.py",
docker_args={},
)
srv2 = mgr.addContainer(
"srv2",
"h2",
"echo_server",
"python /home/server.py",
docker_args={},
)
srv3 = mgr.addContainer(
"srv3",
"h3",
"echo_server",
"python /home/server.py",
docker_args={},
)
srv4 = mgr.addContainer(
"srv4",
"h4",
"dev_test",
"bash",
docker_args={},
)
srv5 = mgr.addContainer(
"srv5",
"h5",
"dev_test",
"bash",
docker_args={},
)
srv6 = mgr.addContainer(
"srv6",
"h6",
"dev_test",
"bash",
docker_args={},
)
srv7 = mgr.addContainer(
"srv7",
"h7",
"dev_test",
"bash",
docker_args={},
)
spawnXtermDocker("srv5")
spawnXtermDocker("srv1")
CLI(net)
mgr.removeContainer("srv1")
mgr.removeContainer("srv2")
mgr.removeContainer("srv3")
mgr.removeContainer("srv4")
mgr.removeContainer("srv5")
mgr.removeContainer("srv6")
mgr.removeContainer("srv7")
net.stop()
mgr.stop()
def testDockerInDocker(n):
net = Containernet(controller=Controller, link=TCLink)
mgr = VNFManager(net)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding Docker hosts and switches in a chain topology\n")
last_sw = None
hosts = list()
# Connect hosts
for i in range(n):
# Unlimited access to CPU(s) cycles in CPU_SETS
host = net.addDockerHost(
"h%s" % (i + 1),
dimage="dev_test",
ip="10.0.0.%s" % (i + 1),
docker_args={"cpuset_cpus": "0"},
)
hosts.append(host)
switch = net.addSwitch("s%s" % (i + 1))
net.addLink(switch, host, bw=10, delay="10ms")
if last_sw:
# Connect switches
net.addLink(switch, last_sw, bw=10, delay="10ms")
last_sw = switch
info("*** Starting network\n")
net.start()
info(
"*** Run a simple ping test between two internal containers deployed on h1 and h%s\n"
% n)
head = mgr.addContainer("head",
"h1",
"dev_test",
"/bin/bash",
docker_args={})
tail = mgr.addContainer("tail",
"h%s" % n,
"dev_test",
"ping -c 3 10.0.0.1",
docker_args={})
info("*** Tail start ping head, wait for 5s...")
time.sleep(5)
info("\nThe ping result of tail to head: \n")
print(tail.dins.logs().decode("utf-8"))
mgr.removeContainer(head.name)
mgr.removeContainer(tail.name)
time.sleep(3)
info("*** Run CPU resource limitation test.")
info("Update CPU limitation of all Docker hosts (h1-h%s) to %.2f %% \n" %
(n, 50.0 / n))
info("Update Memory limitation of all Docker hosts (h1-h%s) to 10MB\n" % n)
info(
"Deploy the stress app (100 % CPU and 300M memory) inside all Docker hosts to test the CPU/Memory limitation\n"
)
containers = list()
# Mark: CPU percent = cpu_quota / cpu_period. The default CPU period is
# 100ms = 100000 us
for i, h in enumerate(hosts):
h.dins.update(cpu_quota=int(50000 / n))
h.dins.update(mem_limit=10 * (1024**2)) # in bytes
c = mgr.addContainer(
"stress_app_%s" % (i + 1),
h.name,
"dev_test",
"stress-ng -c 1 -m 1 --vm-bytes 300M",
docker_args={},
)
containers.append(c)
info("Start monitoring resource usage of internal containers"
"with default sample count: 3 and sample period: 1 sec\n")
for c in containers:
usages = mgr.monResourceStats(c.name)
if usages:
print(
" The average CPU and Memory usage of container:{} is {:.2f}%, {:.2f}MB"
.format(
c.name,
(sum(u[0] for u in usages) / len(usages)),
(sum(u[1] for u in usages) / len(usages)),
))
else:
print("[ERROR] Failed to get resource usages from manager")
for c in containers:
mgr.removeContainer(c.name)
info("*** Stopping network\n")
net.stop()
mgr.stop()
def test_ovx():
try:
ip = "127.0.0.1"
port = 6633
info("*** Add remote controller\n")
c = RemoteController("c", ip=ip, port=port)
net = Containernet(
autoStaticArp=True, autoSetMacs=True, controller=None, link=TCLink
)
net.addController(c)
info("*** Add switches, hosts and links \n")
# Add core switches
cores = {}
for switch in CORES:
cores[switch] = net.addSwitch(switch, dpid=(CORES[switch]["dpid"] % "0"))
# Add hosts and connect them to their core switch
for switch in CORES:
for count in range(1, FANOUT + 1):
# Add hosts
host = "h_%s_%s" % (switch, count)
ip = "10.0.0.%s" % count
mac = CORES[switch]["dpid"][4:] % count
h = net.addDockerHost(host, dimage="dev_test", ip=ip, mac=mac)
# Connect hosts to core switches
net.addLink(cores[switch], h)
# Connect core switches
net.addLink(cores["SFO"], cores["SEA"])
net.addLink(cores["SEA"], cores["SLC"])
net.addLink(cores["SFO"], cores["LAX"])
net.addLink(cores["LAX"], cores["SLC"])
net.addLink(cores["LAX"], cores["IAH"])
net.addLink(cores["SLC"], cores["MCI"])
net.addLink(cores["MCI"], cores["IAH"])
net.addLink(cores["MCI"], cores["ORD"])
net.addLink(cores["IAH"], cores["ATL"])
net.addLink(cores["ORD"], cores["ATL"])
net.addLink(cores["ORD"], cores["CLE"])
net.addLink(cores["ATL"], cores["IAD"])
net.addLink(cores["CLE"], cores["IAD"])
net.addLink(cores["CLE"], cores["EWR"])
net.addLink(cores["EWR"], cores["IAD"])
info("*** Start network... \n")
net.start()
print(
"Hosts configured with IPs, switches pointing to OpenVirteX at %s:%s"
% (ip, port)
)
info("[OVX] Create a virtual network between SEA and LAX\n")
wd = os.getcwd()
os.chdir(OVXCTL_DIR)
commands = [
# Create virtual networks
"python2 ovxctl.py createNetwork tcp:{}:{} 10.0.0.0 16".format(
SDN_CONTROLLER_IP, SDN_CONTROLLER_PORT
),
# Create virtual switches
"python2 ovxctl.py -n createSwitch 1 00:00:00:00:00:00:01:00",
"python2 ovxctl.py -n createSwitch 1 00:00:00:00:00:00:02:00",
"python2 ovxctl.py -n createSwitch 1 00:00:00:00:00:00:03:00",
# Create virtual ports
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:01:00 1",
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:01:00 5",
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:02:00 5",
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:02:00 6",
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:03:00 5",
"python2 ovxctl.py -n createPort 1 00:00:00:00:00:00:03:00 2",
# Create virtual links
"python2 ovxctl.py -n connectLink 1 00:a4:23:05:00:00:00:01 2 00:a4:23:05:00:00:00:02 1 spf 1",
"python2 ovxctl.py -n connectLink 1 00:a4:23:05:00:00:00:02 2 00:a4:23:05:00:00:00:03 1 spf 1",
# Connect hosts
"python2 ovxctl.py -n connectHost 1 00:a4:23:05:00:00:00:01 1 00:00:00:00:01:01",
"python2 ovxctl.py -n connectHost 1 00:a4:23:05:00:00:00:03 2 00:00:00:00:03:02",
# Start virtual network
"python2 ovxctl.py -n startNetwork 1",
]
for cmd in commands:
ret = check_output(sh_split(cmd), encoding="utf-8")
print(ret)
os.chdir(wd)
CLI(net)
except Exception as e:
error(e)
finally:
net.stop()
ip="10.0.0.7",
mac="00:00:00:00:00:07",
docker_args={"hostname": "broker"})
h8 = net.addDockerHost("WS",
dimage="dev_test",
ip="10.0.0.8",
mac="00:00:00:00:00:08",
docker_args={"hostname": "server"})
h9 = net.addDockerHost("WC",
dimage="dev_test",
ip="10.0.0.9",
mac="00:00:00:00:00:09",
docker_args={"hostname": "client"})
print("*** Creating switches")
switch1 = net.addSwitch("s1")
switch2 = net.addSwitch("s2")
switch3 = net.addSwitch("s3")
switch4 = net.addSwitch("s4")
print("*** Creating links")
# From broker to central switch
net.addLink(switch4, h7, bw=10, delay="10ms")
# From the central switch to the switches
net.addLink(switch1, switch4, bw=10, delay="10ms")
net.addLink(switch2, switch4, bw=10, delay="10ms")
net.addLink(switch3, switch4, bw=10, delay="10ms")
# From switch 1 to hosts
net.addLink(switch1, h8, bw=10, delay="10ms")
def testTopo():
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
client = net.addDockerHost(
"client",
dimage="sec_test",
ip="10.0.0.1/24",
docker_args={"cpuset_cpus": "1", "cpu_quota": 25000},
)
server = net.addDockerHost(
"server",
dimage="nginx",
ip="10.0.0.2/24",
docker_args={"cpuset_cpus": "1", "cpu_quota": 25000},
)
attacker = net.addDockerHost(
"attacker",
dimage="sec_test",
ip="10.0.0.3/24",
docker_args={"cpuset_cpus": "0", "cpu_quota": 25000},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, client, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, server, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, attacker, bw=10, delay="10ms")
try:
info("*** Starting network\n")
net.start()
info("** client -> server\n")
info("** " + str(test_connection(client, "10.0.0.2")) + "\n")
info("** attacker -> server\n")
info("** " + str(test_connection(attacker, "10.0.0.2")) + "\n")
info(
"*** The client and the attacker can both communicate with the server \n\n"
)
# Create blacklist
info(
"*** Create a blacklist that stops the attacker from accessing the server.\n"
)
info(
"*** First create a nftables table for IPv4 and IPv6 and then add a base chain connected to the input hook.\n"
)
info(
"*** Finally add a rule to the base chain that drops packets coming from the attacker (10.0.0.3).\n"
)
info("*** When the attacker is blocked the exercise continues.\n")
# Check if client can connect and attacker can not.
while not test_connection(client, "10.0.0.2") or test_connection(
attacker, "10.0.0.2"
):
sleep(5)
info("** client -> server\n")
info("** " + str(test_connection(client, "10.0.0.2")) + "\n")
test_connection(client, "10.0.0.2")
info("** attacker -> server\n")
info("** " + str(test_connection(attacker, "10.0.0.2")) + "\n")
info("\n")
info(
"*** The attacker is blocked and the client can still access the server.\n"
)
info("*** The attacker changed her IP address to a different one!\n")
info(
"*** Implement a whitelist that only allows the client to connect to the server.\n"
)
attacker_ip = "10.0.0." + str(random.randint(3, 250))
attacker.cmd("ip a f dev attacker-s1")
attacker.cmd("ip a a " + attacker_ip + "/24 dev attacker-s1")
info("** attacker -> server\n")
info("** " + str(test_connection(attacker, "10.0.0.2")) + "\n")
# Check if client can connect and attacker can not.
while not test_connection(client, "10.0.0.2") or test_connection(
attacker, "10.0.0.2"
):
sleep(5)
info("\n")
# The server can talk back to server
info("** client -> server\n")
info("** " + str(test_connection(client, "10.0.0.2")) + "\n")
test_connection(client, "10.0.0.2")
info("** attacker -> server\n")
info("** " + str(test_connection(attacker, "10.0.0.2")) + "\n")
except KeyboardInterrupt:
info("** KeyboardInterrupt detected, exit the program.\n")
finally:
info("*** Stopping network")
net.stop()
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
client = net.addDockerHost(
"client",
dimage="sec_test",
ip="10.0.0.1",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
server = net.addDockerHost(
"server",
dimage="sec_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
attacker = net.addDockerHost(
"attacker",
dimage="sec_test",
ip="10.0.0.3",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, client, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, server, bw=10, delay="10ms")
net.addLinkNamedIfce(s1, attacker, bw=10, delay="10ms")
info("*** Starting network\n")
net.start()
info("*** Attacker, Client and Server setup\n")
client.cmd("ping -c 10 10.0.0.2")
attacker.cmd(
"printf -- '#!/bin/bash\narpspoof -i attacker-s1 -t 10.0.0.1 10.0.0.2 >> /dev/null &\narpspoof -i attacker-s1 -t 10.0.0.2 10.0.0.1 >> /dev/null &' > spoof.sh; chmod +x spoof.sh; ./spoof.sh"
)
sleep(10)
attacker.cmd("tcpdump -vvv -i attacker-s1 -B 100000 ip >> messages.log &")
sleep(10)
server.cmd("mkdir -p /var/run/vsftpd/empty")
server.cmd("vsftpd &")
info("*** Create wg key pairs\n")
client.cmd("umask 077; wg genkey > privatekey")
client.cmd("wg pubkey < privatekey > publickey")
client_pubkey = client.cmd("cat ./publickey").replace("\n", " ").replace(
"\r", "")
server.cmd("umask 077; wg genkey > privatekey")
server.cmd("wg pubkey < privatekey > publickey")
server_pubkey = server.cmd("cat ./publickey").replace("\n", " ").replace(
"\r", "")
info("*** Create wg interfaces\n")
client.cmd("ip link add dev wg0 type wireguard")
client.cmd("ip address add dev wg0 192.168.0.1/24")
server.cmd("ip link add dev wg0 type wireguard")
server.cmd("ip address add dev wg0 192.168.0.2/24")
info("*** Setup peer configuration\n")
client.cmd(
"wg set wg0 listen-port 1337 private-key ./privatekey peer {} allowed-ips 192.168.0.0/24 endpoint 10.0.0.2:1337"
.format(server_pubkey))
client.cmd("ip link set up dev wg0")
server.cmd(
"wg set wg0 listen-port 1337 private-key ./privatekey peer {} allowed-ips 192.168.0.0/24 endpoint 10.0.0.1:1337"
.format(client_pubkey))
server.cmd("ip link set up dev wg0")
test_connection(client, "192.168.0.2")
login_at_ftp_server(client, "192.168.0.2")
info("*** Extract Passwords\n")
sleep(20)
output = attacker.cmd("cat messages.log")
password_found = False
for line in output.split("\n"):
if "PASS" in line:
password_found = True
info("*** Found password: "******"\n")
if not password_found:
info("*** No password found!\n")
info("*** Stopping network\n")
net.stop()
def testTopo():
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
router = net.addDockerHost(
"router",
dimage="sec_test",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
internal1 = net.addDockerHost(
"internal1",
dimage="sec_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
internal2 = net.addDockerHost(
"internal2",
dimage="sec_test",
ip="192.168.0.2",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
internet = net.addDockerHost(
"internet",
dimage="sec_test",
ip="100.64.0.2",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
s2 = net.addSwitch("s2")
s3 = net.addSwitch("s3")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s2, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s3, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s1, internal1, bw=100, delay="10ms")
net.addLinkNamedIfce(s2, internal2, bw=100, delay="10ms")
net.addLinkNamedIfce(s3, internet, bw=100, delay="10ms")
try:
info("*** Starting network\n")
net.start()
# Setup the router
router.cmd("ip a a 10.0.0.1/24 dev router-s1")
router.cmd("ip a a 192.168.0.1/24 dev router-s2")
router.cmd("ip a a 100.64.0.1/24 dev router-s3")
# Configure the router as default gateway
internal1.cmd("ip r c default via 10.0.0.1")
internal2.cmd("ip r c default via 192.168.0.1")
internet.cmd("ip r c default via 100.64.0.1")
# Start some services
internal2.cmd("service ssh start")
internal2.cmd("nc -l -p 1337 &")
router.cmd("service ssh start")
# Create whitelist
info("*** Create firewall whitelist\n")
router.cmd("nft add table inet filter")
router.cmd(
"nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }"
)
router.cmd(
"nft add rule inet filter forward ct state established,related ip daddr 192.168.0.0/24 accept"
)
router.cmd(
"nft add rule inet filter forward ip saddr 10.0.0.0/24 accept")
router.cmd(
"nft add rule inet filter forward ip saddr 192.168.0.0/24 accept")
info(
"*** Rewrite the present filter ruleset and create one chain for each of the 3 networks.\n"
)
info(
"*** You can use the network interfaces to distinguish the traffic from the networks.\n"
)
info(
"*** Additionally filter traffic to the ports 22 and 1337 on the router and the internal networks.\n"
)
while not check_connectivity_between_hosts(router, internal1,
internal2, internet):
sleep(5)
except KeyboardInterrupt:
info("** KeyboardInterrupt detected, exit the program.\n")
finally:
info("*** Stopping network")
net.stop()
dimage="network_measurement",
ip="10.0.0.1",
docker_args={"hostname": "h1"},
)
h2 = net.addDockerHost(
"h2",
dimage="network_measurement",
ip="10.0.0.2",
docker_args={
"hostname": "h2",
"volumes": {f"{cwd}": {"bind": "/flent_data", "mode": "rw"}},
},
)
info("*** Adding switch and links\n")
switch1 = net.addSwitch("s1")
switch2 = net.addSwitch("s2")
net.addLink(switch1, h1, bw=10, delay="10ms")
net.addLink(switch1, switch2, bw=10, delay="10ms")
net.addLink(switch2, h2, bw=10, delay="10ms")
info("\n*** Starting network\n")
net.start()
info("*** Run ping and UDP latency measurement with single flow.\n")
srv1_1 = mgr.addContainer(
"srv1_1", "h1", "network_measurement", "sockperf server", docker_args={}
)
ret = h2.cmd("ping -c 10 -i 0.01 10.0.0.1")
print(f"- Result of ping: \n{ret}")
def testTopo():
"Create an empty network and add nodes to it."
net = Containernet(controller=Controller, link=TCLink)
info("*** Adding controller\n")
net.addController("c0")
info("*** Adding hosts\n")
router = net.addDockerHost(
"router",
dimage="sec_test",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
internal1 = net.addDockerHost(
"internal1",
dimage="sec_test",
ip="10.0.0.2",
docker_args={
"cpuset_cpus": "1",
"cpu_quota": 25000
},
)
internal2 = net.addDockerHost(
"internal2",
dimage="sec_test",
ip="192.168.0.2",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
internet = net.addDockerHost(
"internet",
dimage="sec_test",
ip="100.64.0.2",
docker_args={
"cpuset_cpus": "0",
"cpu_quota": 25000
},
)
info("*** Adding switch\n")
s1 = net.addSwitch("s1")
s2 = net.addSwitch("s2")
s3 = net.addSwitch("s3")
info("*** Creating links\n")
net.addLinkNamedIfce(s1, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s2, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s3, router, bw=100, delay="10ms")
net.addLinkNamedIfce(s1, internal1, bw=100, delay="10ms")
net.addLinkNamedIfce(s2, internal2, bw=100, delay="10ms")
net.addLinkNamedIfce(s3, internet, bw=100, delay="10ms")
info("*** Starting network\n")
net.start()
# Setup the router
router.cmd("ip a a 10.0.0.1/24 dev router-s1")
router.cmd("ip a a 192.168.0.1/24 dev router-s2")
router.cmd("ip a a 100.64.0.1/24 dev router-s3")
# Configure the router as default gateway
internal1.cmd("ip r c default via 10.0.0.1")
internal2.cmd("ip r c default via 192.168.0.1")
internet.cmd("ip r c default via 100.64.0.1")
# Start some services
internal2.cmd("service ssh start")
internal2.cmd("nc -l -p 1337 &")
router.cmd("service ssh start")
check_connectivity_between_hosts(router, internal1, internal2, internet)
"""
info('*** Create firewall whitelist\n')
router.cmd("nft add table inet filter")
router.cmd("nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }")
router.cmd("nft add rule inet filter forward ct state established,related ip daddr 10.0.0.0/24 accept")
router.cmd("nft add rule inet filter forward ip saddr 10.0.0.0/24 accept")
router.cmd("nft add rule inet filter forward ip saddr 192.168.0.0/24 accept")
"""
router.cmd("nft add table inet filter")
router.cmd(
"nft add chain inet filter forward { type filter hook forward priority 0 \; policy drop \; }"
)
router.cmd(
"nft add chain inet filter input { type filter hook input priority 0 \; policy drop \; }"
)
router.cmd("nft add chain inet filter forward-s1")
router.cmd("nft add chain inet filter forward-s2")
router.cmd("nft add chain inet filter forward-s3")
router.cmd(
"nft add rule inet filter forward iif router-s1 counter jump forward-s1"
)
router.cmd(
"nft add rule inet filter forward iif router-s2 counter jump forward-s2"
)
router.cmd(
"nft add rule inet filter forward iif router-s3 counter jump forward-s3"
)
router.cmd(
"nft add rule inet filter forward-s1 tcp dport {ssh, 1337} drop")
router.cmd(
"nft add rule inet filter forward-s1 ip saddr 10.0.0.0/24 accept")
router.cmd(
"nft add rule inet filter forward-s2 ip saddr 192.168.0.0/24 accept")
router.cmd(
"nft add rule inet filter forward-s3 ct state established,related ip daddr 10.0.0.0/24 accept"
)
check_connectivity_between_hosts(router, internal1, internal2, internet)
info("*** Stopping network")
net.stop()