cs42200:spring19:labs:lab08_part2

Lab08 Multi-tenant Data Center Network Part II

Deadline April 21st, 11:59pm

Learning Objectives

  1. Simulate a data center network that uses the leaf and spine topology we developed in part 1
  2. Use the ONOS SDN controller and the Umbrella framework to configure the network to provide traffic isolation and performance guarantees

Introduction

In the Part I of this lab, you learned how to simulate / emulate a network using mininet. In this part, you will learn how to configure a multi-tenant data center network that provides some guarantees to the tenants. We will use mininet to simulate a data center network and then use ONOS SDN controller and Umbrella framework (http://umbrella-project.org/) to configure the network according to specified requirements.

SDN controller

In the Introduction section of Part I we discussed how Software Defined Networking (SDN) de-couples the data plane and control plane enabling us to “program” the network. The control plane, also knows as SDN controller, abstracts the data plane and provides an interface to configure the data plane elements (switches, middleboxes, etc.) programmatically. Various networking applications use the abstraction that the SDN controller provides to achieve their objective. For example, a routing application will monitor the network for topology changes and will add forwarding rules to the switches in the network; a traffic engineering application will monitor usage of resources in the network and will load balance the traffic to get most efficiency out of the network.

An SDN controller can be a single server, or a cluster of servers working together to form a “logical” SDN controller. The key idea is that all the intelligence — algorithms to configure and control the network — is centralized in the control plane and the data plane becomes “dumb” because it simply follows the instructions provided by the control place.

Concept of flows

In the section above, we discussed how an SDN controller provides an abstraction of the data plane. One example of abstraction is the concept of “flows”. The idea of flows in not entirely new. Consider a learning Layer-2 switch - it learns MAC addresses of hosts connected to its ports so that it does not have to flood packets to all the ports (like a hub). Once the L2 switch learns MAC address, what it essentially does is, maintains a table of MAC addresses and associated port numbers. This is example of a flow, i.e. if the destination MAC address is D send the packet to port P. Similarly, a Layer-3 switch (or router) will have a table with IP addresses (prefixes to be precise) and associated port numbers.

A key underlying idea is that a rule in a flow table “classifies” a packet. In a L2 switch, a packet is classified on the basis of destination MAC address; in an L3 switch, classification uses the destination IP address. But, there is no reason we must only stick to one field in the packet or only one layer (L2, L3) at a time for classification. In the most general case, it is possible to classify a packet using a combination of *any* fields in the packet. An example of such a classification might be “ethernet dest = X, IP source = IP1, IP destination = IP2, IP protocol = UDP, dest UDP port = P”. In addition to just the fields in the packet, classification can also use meta information like port on which a packet arrives (incoming port).

Just as we extended the idea of classification to any combination of fields, we can extend the idea of actions on a packet. In a simple L2 or L3 switch, the action performed is “Send the packet out port P” or “flood” the packet to all ports if destination is broadcast/multicast or unknown. But, we can extend the set of actions by adding actions like “decrement ttl”, “add vlan tag”, “add MPLS label”, etc. Also, it is possible to perform multiple actions on a single packet.

By putting the ideas of classification and actions together we get the idea of a “flow”. A flow is a classification scheme with an associated set of actions to be performed. Currently, the most widely used protocol for flow specification is OpenFlow. OpenFlow not only specifies details about flows (classification, actions) but also defines the details of the communication between an SDN controller and a device (i.e., the way a control adds / removes flows in an OpenFlow-enabled switch). The controller encodes the flow requests as per the OpenFlow protocol specification and sends messages to switches. The OpenFlow protocol also provides a way for a controller to monitor state of the switches, get port statistics, etc.

Multi-tenant Data center network and its challenges

Data centers have been gaining tremendous popularity in the recent years. A data center is used to run applications that need large number of hosts connected to each other. Data centers are very expensive to build and maintain. A small company typically cannot afford to build its own data center. So, cloud providers “lease” parts of their data centers to their customers/tenants. Examples of such providers are Amazon (EC2), Microsoft Azure, Google Cloud Platform, etc.

One important guarantee that cloud providers have to provide is isolation. A host belonging to one tenant must not be able to communicate with a host belonging to a different tenant, unless specifically configured to do so. This means that the provider must ensure that packets originating from a host of one tenant do not reach hosts of another tenant.

Along with isolation, a cloud provider must also provide some guarantee on performance. A lot of activity by one tenant should not affect the performance of other tenants in the same data center. This means that the provider must do some kind of load balancing or allocation of resources such that all tenants get their allocated share.

In this lab, you have to configure a data center network such that it provides isolation and performance guarantees to the tenants. You will use the concepts of SDN controller and flows discussed in the previous section to do so.

Umbrella Framework

Umbrella is a unified software defined development framework that provides a new set of APIs for implementing of SDN applications, keeping the abstractions independent of the Northbound APIs used by specific SDN controllers. In this lab, we use Umbrella APIs to write an SDN application to provide network traffic isolation for the leaf-spine network topology that you implemented in the previous lab.

How to write an SDN Application using Umbrella APIs

Before starting to work on this lab, you need to familiarize yourself with Umbrella APIs. We provide you two sample applications;A simple forwarding application, and a Firewall; which give you an idea about how can you initialize a controller in Umbrella framework, retrieve topology information, generate flow rules, and install flow rules on network switches. Please read them carefully and try to understand them before start coding. We also recommend you to execute the given applications on ONOS controller and make sure the rules installed successfully and the end-hosts can communicate according to the network configuration requirements .

You can find those sample applications here in this link: https://umbrella.readthedocs.io/en/latest/apps.html.

You can also use JAVA docs to learn about methods and fields of each API. The JAVA docs is accessible via the following link :

https://umbrella-project.github.io/umbrella/.

How to test Sample Applications on ONOS controller

  1. Please follow the instructions in the previous lab to access to your VM on mc18 machine.
  1. Then you need to run ONOS controller using the following commands: 
        $ cd
    $ source .bashrc
    $ cd onos
    $ ok clean
  2. After executing the above commands, it takes a few minutes to boot up the SDN controller.
  3. Open a new terminal, ssh to your VM, and execute the following command to simulate a tree network topology:
           sudo mn --topo tree,depth=2,fanout=2 --controller=remote,ip=127.0.0.1,port=6653
  4. Once in the CLI, you can run the command net to dump the network topology. Using this you can verify if the topology that you created is correct i.e. it creates the right number of switches and hosts and they are linked together as expected
  5. Run pingall from mininet CLI and see can you ping all of the hosts from each other? By default, ONOS runs a reactive forwarding application that installs flow rules when one host starts sending packets to another host.
  6. Open a new terminal, ssh to your VM and connect to ONOS cli using the following command: 
         $ onos 127.0.0.1
  7. Try commands like: devices, hosts, and links from ONOS CLI and confirm that number of links, hosts, devices are consistent with your network topology.
  8. Deactivate reactive forwarding application by executing the following command from ONOS CLI :
    1. app deactivate org.onosproject.fwd. After deactivating reactive forwarding app, you should not be able to ping hosts from each other.
    2. You can also list ONOS active apps and services using the following command: apps -s to make sure reactive forwarding application is deactivated successfully.
  9. Package umbrella source codes using the following commands:
             $ cd umbrella
         $ mvn package
  10. Finally, execute the Forwarding application or Firewall application using the following command to install rules on network switches.
    1. Run the following command to execute Forwarding application: 
              $java -cp target/umbrella-1.0-SNAPSHOT-jar-with-dependencies.jar apps.Forwarding
    2. Run the following command to execute Firewall application: 
             $java -cp target/umbrella-1.0-SNAPSHOT-jar-with-dependencies.jar apps.Firewall
  11. If you run Forwarding application then all of the hosts (h1-h4) should be able to ping each other (i.e. To test, run pingall from Mininet CLI).
  12. If you run Firewall application, h2 and h4 should be able to ping each-other (i.e. To test, run h2 ping h4 and vice versa from Mininet CLI) and h1 and h3 should be able to communicate over web traffic but they should not be able to ping each other. We use iperf to send WEB traffic between h1 and h3 as follows: 
      # To run iperf, you can start an xterm for hosts from the mininet CLI:

mininet> xterm h1
mininet> xterm h3


# In xterm windows of h1, start the iperf server:
$ iperf -s -p 80

# In xterm window of h3, start the iperf client, connect to h1
$ iperf -c 10.0.0.1 -p 80 -t 10 -i 1


# Looking at the throughput of the iperf runs you will be able to tell
# if your configuration is correct

Note 1: xterm needs X-Forwarding. Please follow the instructions in the previous lab to learn about SSH X-forwarding.

  1. After running one of the above applications, you can check the flow rules that have been installed using ONOS CLI or GUI.
    1. To check flow rules from CLI, run flows command from ONOS CLI
    2. Follow the instructions in the previous lab to access the ONOS GUI to check flow rules.

Sample Flow Rules from ONOS CLI

  • Before running the forwarding app: By default, ONOS adds some default rules on each switch to handle ARP and LLDP packets that can be used for detecting hosts and network switches. 
    onos> flows
deviceId=of:0000000000000001, flowRuleCount=3
    id=100007a585b6f, state=ADDED, bytes=44718, packets=514, duration=795, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=100009465555a, state=ADDED, bytes=44718, packets=514, duration=795, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000ea6f4b8e, state=ADDED, bytes=0, packets=0, duration=795, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
deviceId=of:0000000000000002, flowRuleCount=3
    id=1000002bbd8d4, state=ADDED, bytes=22272, packets=256, duration=795, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000c70edd85, state=ADDED, bytes=336, packets=8, duration=795, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000dc56d70b, state=ADDED, bytes=22272, packets=256, duration=795, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
deviceId=of:0000000000000003, flowRuleCount=3
    id=10000464e5575, state=ADDED, bytes=22446, packets=258, duration=795, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000646f55aa, state=ADDED, bytes=22446, packets=258, duration=795, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000a6288ee9, state=ADDED, bytes=462, packets=11, duration=795, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
  • After running forwarding app: Forwarding application install flow rules for each pair of hosts which allows the end hosts to communicate with each other. Keep in mind that there is an idle timeout for each of the Forwarding rules. That means if two end hosts don't send traffic to each other for a period of time (e.g. timeout=50 seconds), the flow rules will be removed automatically from the network switches. 
     
onos> flows
deviceId=of:0000000000000001, flowRuleCount=11
    id=100007a585b6f, state=ADDED, bytes=1914, packets=22, duration=35, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=100009465555a, state=ADDED, bytes=1914, packets=22, duration=35, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000ea6f4b8e, state=ADDED, bytes=0, packets=0, duration=35, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=b40000150ccdb4, state=ADDED, bytes=196, packets=2, duration=4, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A2:E6:63:0A:84:71, ETH_SRC:A6:43:A1:B9:BC:A6, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.2/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400005c32b69c, state=ADDED, bytes=196, packets=2, duration=4, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A2:E6:63:0A:84:71, ETH_SRC:2E:E9:00:CA:91:03, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400008b3d2640, state=ADDED, bytes=196, packets=2, duration=4, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:E2:68:17:C9:45:4A, ETH_SRC:A6:43:A1:B9:BC:A6, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000b1dc14e6, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:2E:E9:00:CA:91:03, ETH_SRC:E2:68:17:C9:45:4A, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.4/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000d0469117, state=ADDED, bytes=196, packets=2, duration=4, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:E2:68:17:C9:45:4A, ETH_SRC:2E:E9:00:CA:91:03, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.1/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000f817688b, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A6:43:A1:B9:BC:A6, ETH_SRC:A2:E6:63:0A:84:71, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.3/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000f877c0c3, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:2E:E9:00:CA:91:03, ETH_SRC:A2:E6:63:0A:84:71, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000faec5094, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A6:43:A1:B9:BC:A6, ETH_SRC:E2:68:17:C9:45:4A, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
deviceId=of:0000000000000002, flowRuleCount=13
    id=1000002bbd8d4, state=ADDED, bytes=957, packets=11, duration=35, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000c70edd85, state=ADDED, bytes=294, packets=7, duration=35, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000dc56d70b, state=ADDED, bytes=957, packets=11, duration=35, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=b4000011b33956, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A6:43:A1:B9:BC:A6, ETH_SRC:A2:E6:63:0A:84:71, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.3/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400002c18acf8, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:E2:68:17:C9:45:4A, ETH_SRC:A6:43:A1:B9:BC:A6, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000048a54399, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:2E:E9:00:CA:91:03, ETH_SRC:A2:E6:63:0A:84:71, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400005ad2c1d8, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A6:43:A1:B9:BC:A6, ETH_SRC:E2:68:17:C9:45:4A, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000064258972, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:E2:68:17:C9:45:4A, ETH_SRC:A2:E6:63:0A:84:71, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.1/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400007aaaa6d4, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:E2:68:17:C9:45:4A, ETH_SRC:2E:E9:00:CA:91:03, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.1/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400009070648e, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A2:E6:63:0A:84:71, ETH_SRC:2E:E9:00:CA:91:03, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400009e84b240, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:2E:E9:00:CA:91:03, ETH_SRC:E2:68:17:C9:45:4A, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.4/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000bf0b1b94, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A2:E6:63:0A:84:71, ETH_SRC:E2:68:17:C9:45:4A, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.2/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000e905a457, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A2:E6:63:0A:84:71, ETH_SRC:A6:43:A1:B9:BC:A6, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.2/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
deviceId=of:0000000000000003, flowRuleCount=13
    id=10000464e5575, state=ADDED, bytes=957, packets=11, duration=35, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000646f55aa, state=ADDED, bytes=957, packets=11, duration=35, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000a6288ee9, state=ADDED, bytes=336, packets=8, duration=35, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=b40000040d12f3, state=ADDED, bytes=196, packets=2, duration=4, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A2:E6:63:0A:84:71, ETH_SRC:2E:E9:00:CA:91:03, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000004491e0e, state=ADDED, bytes=196, packets=2, duration=4, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A2:E6:63:0A:84:71, ETH_SRC:A6:43:A1:B9:BC:A6, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.2/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400000d822ea6, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:2E:E9:00:CA:91:03, ETH_SRC:A2:E6:63:0A:84:71, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400002aac5b97, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A6:43:A1:B9:BC:A6, ETH_SRC:E2:68:17:C9:45:4A, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000360af334, state=ADDED, bytes=196, packets=2, duration=4, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:E2:68:17:C9:45:4A, ETH_SRC:2E:E9:00:CA:91:03, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.1/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400005a0e1bbc, state=ADDED, bytes=196, packets=2, duration=4, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A6:43:A1:B9:BC:A6, ETH_SRC:2E:E9:00:CA:91:03, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.3/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000072f93061, state=ADDED, bytes=196, packets=2, duration=4, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:2E:E9:00:CA:91:03, ETH_SRC:A6:43:A1:B9:BC:A6, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.4/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000099553a8a, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:2E:E9:00:CA:91:03, ETH_SRC:E2:68:17:C9:45:4A, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.4/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000c3e53f26, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:E2:68:17:C9:45:4A, ETH_SRC:A6:43:A1:B9:BC:A6, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000eb268843, state=ADDED, bytes=196, packets=2, duration=5, liveType=UNKNOWN, priority=1000, tableId=0, appId=TestForwarding, payLoad=null, selector=[ETH_DST:A6:43:A1:B9:BC:A6, ETH_SRC:A2:E6:63:0A:84:71, ETH_TYPE:ipv4, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.3/32], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
  • After running Firewall app: Firewall application install flow rules according the firewall polices that we explained in the tutorials. Please check flow rules carefully to understand how we can use extra match fields to distinguish web traffic from ping traffic. 
   onos> flows
deviceId=of:0000000000000001, flowRuleCount=11
    id=100007a585b6f, state=ADDED, bytes=19662, packets=226, duration=350, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=100009465555a, state=ADDED, bytes=19662, packets=226, duration=350, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000ea6f4b8e, state=ADDED, bytes=0, packets=0, duration=350, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=b500005fba9633, state=ADDED, bytes=0, packets=0, duration=50, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:52:D8:A0:31:26:B3, ETH_SRC:DE:ED:F7:93:1C:11, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b500006cea7c9f, state=ADDED, bytes=0, packets=0, duration=50, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:52:D8:A0:31:26:B3, ETH_SRC:DE:ED:F7:93:1C:11, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000a4ea8043, state=ADDED, bytes=0, packets=0, duration=50, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:DE:ED:F7:93:1C:11, ETH_SRC:52:D8:A0:31:26:B3, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000b0167a0f, state=ADDED, bytes=196, packets=2, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:7E:F3:71:F9:72:C5, ETH_SRC:62:23:59:94:8C:5A, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000baab1ff6, state=ADDED, bytes=196, packets=2, duration=50, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:62:23:59:94:8C:5A, ETH_SRC:7E:F3:71:F9:72:C5, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000da660faf, state=ADDED, bytes=0, packets=0, duration=50, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:DE:ED:F7:93:1C:11, ETH_SRC:52:D8:A0:31:26:B3, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000dc3dd109, state=ADDED, bytes=196, packets=2, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:62:23:59:94:8C:5A, ETH_SRC:7E:F3:71:F9:72:C5, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000f1c2c123, state=ADDED, bytes=196, packets=2, duration=50, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:7E:F3:71:F9:72:C5, ETH_SRC:62:23:59:94:8C:5A, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
deviceId=of:0000000000000002, flowRuleCount=11
    id=1000002bbd8d4, state=ADDED, bytes=9831, packets=113, duration=350, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000c70edd85, state=ADDED, bytes=672, packets=16, duration=350, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000dc56d70b, state=ADDED, bytes=9831, packets=113, duration=350, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=b5000004bc32ad, state=ADDED, bytes=196, packets=2, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:62:23:59:94:8C:5A, ETH_SRC:7E:F3:71:F9:72:C5, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b5000015171657, state=ADDED, bytes=196, packets=2, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:62:23:59:94:8C:5A, ETH_SRC:7E:F3:71:F9:72:C5, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b500003142adea, state=ADDED, bytes=0, packets=0, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:52:D8:A0:31:26:B3, ETH_SRC:DE:ED:F7:93:1C:11, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b500003ffcd9e8, state=ADDED, bytes=0, packets=0, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:DE:ED:F7:93:1C:11, ETH_SRC:52:D8:A0:31:26:B3, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b5000045eb7fc2, state=ADDED, bytes=196, packets=2, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:7E:F3:71:F9:72:C5, ETH_SRC:62:23:59:94:8C:5A, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b500005f4d90a7, state=ADDED, bytes=196, packets=2, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:7E:F3:71:F9:72:C5, ETH_SRC:62:23:59:94:8C:5A, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000b01c3b2e, state=ADDED, bytes=0, packets=0, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:DE:ED:F7:93:1C:11, ETH_SRC:52:D8:A0:31:26:B3, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000f582991e, state=ADDED, bytes=0, packets=0, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:52:D8:A0:31:26:B3, ETH_SRC:DE:ED:F7:93:1C:11, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
deviceId=of:0000000000000003, flowRuleCount=11
    id=10000464e5575, state=ADDED, bytes=9831, packets=113, duration=350, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000646f55aa, state=ADDED, bytes=9831, packets=113, duration=350, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000a6288ee9, state=ADDED, bytes=672, packets=16, duration=350, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=b5000000df4f7e, state=ADDED, bytes=0, packets=0, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:DE:ED:F7:93:1C:11, ETH_SRC:52:D8:A0:31:26:B3, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b500000213776c, state=ADDED, bytes=196, packets=2, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:62:23:59:94:8C:5A, ETH_SRC:7E:F3:71:F9:72:C5, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000302fcf87, state=ADDED, bytes=196, packets=2, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:62:23:59:94:8C:5A, ETH_SRC:7E:F3:71:F9:72:C5, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b500003ff56365, state=ADDED, bytes=196, packets=2, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:7E:F3:71:F9:72:C5, ETH_SRC:62:23:59:94:8C:5A, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b500005774fbce, state=ADDED, bytes=0, packets=0, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:DE:ED:F7:93:1C:11, ETH_SRC:52:D8:A0:31:26:B3, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000722ed1dc, state=ADDED, bytes=196, packets=2, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:7E:F3:71:F9:72:C5, ETH_SRC:62:23:59:94:8C:5A, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000aee2fb23, state=ADDED, bytes=0, packets=0, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:52:D8:A0:31:26:B3, ETH_SRC:DE:ED:F7:93:1C:11, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b50000fd0a8e59, state=ADDED, bytes=0, packets=0, duration=49, liveType=UNKNOWN, priority=100, tableId=0, appId=Firewall, payLoad=null, selector=[ETH_DST:52:D8:A0:31:26:B3, ETH_SRC:DE:ED:F7:93:1C:11, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}

Lab Implementation Details

  • In this lab, you will implement a traffic isolation application using Umbrella APIs. We explain the details of the app in the following section.
  • We already defined a JAVA package under umbrella/src/main/java/apps/ named trafficIsolation. You should implement your app in the JAVA file under trafficIsolation package (i.e. TrafficIsolation.java).
  • You are allowed to add new JAVA files under trafficIsolation package to implement the app as far as you know how to use it in TrafficIsolation.java
  • To run trafficIsolation app, you can use the following command:
       $ cd umbrella
       $ mvn package
       $ java -cp target/umbrella-1.0-SNAPSHOT-jar-with-dependencies.jar apps.trafficIsolation.TrafficIsolation

Assignment of hosts and traffic profiles to tenants

In a multi-tenant data center, a number of end hosts (or VMs) are assigned to individual tenants, according to their requirements. In this lab, the assignment of hosts to tenants will be stored in the file host_tenant_assignments.txt which is located under: /umbrella/src/main/resources/host_tenant_assignments.txt . This file will have the following format: 

<host_name> <tenant_id>
<host_name> <tenant_id>
...

Suppose there are N tenants in the data center. The tenants are given unique IDs in the range [1 … N]. An example host_tenant_assignments.txt file would look like this: 

# Assume there are 2 tenants numbered 1 to 2
# Assume we have 6 hosts in our network named h1 .. h6
# The host_tenant_assignment.txt file will have one line for each host...

$ cat host_tenant_assignments.txt
00:00:00:00:00:01/None 1
00:00:00:00:00:02/None 2
00:00:00:00:00:03/None 1
00:00:00:00:00:04/None 2
00:00:00:00:00:05/None 1
00:00:00:00:00:06/None 2

How to fill out host_tenant_assignments file?

To fill out host_tenant_assignments file with appropriate host ids, you will need to get list of host ids using ONOS CLI. To do that you need to run hosts command from ONOS CLI as follows:

Note: Please follow the instructions in the previous lab to run ONOS controller, setup the network topology, and run pingall to detect all of the hosts. After all of those steps, you should be able to get list of hosts from ONOS CLI. 

onos> hosts
id=00:00:00:00:00:01/None, mac=00:00:00:00:00:01, locations=[of:0000000000000001/3], vlan=None, ip(s)=[10.0.0.1], innerVlan=None, outerTPID=unknown, provider=of:org.onosproject.provider.host, configured=false
id=00:00:00:00:00:02/None, mac=00:00:00:00:00:02, locations=[of:0000000000000001/4], vlan=None, ip(s)=[10.0.0.2], innerVlan=None, outerTPID=unknown, provider=of:org.onosproject.provider.host, configured=false
id=00:00:00:00:00:03/None, mac=00:00:00:00:00:03, locations=[of:0000000000000002/3], vlan=None, ip(s)=[10.0.0.3], innerVlan=None, outerTPID=unknown, provider=of:org.onosproject.provider.host, configured=false
id=00:00:00:00:00:04/None, mac=00:00:00:00:00:04, locations=[of:0000000000000002/4], vlan=None, ip(s)=[10.0.0.4], innerVlan=None, outerTPID=unknown, provider=of:org.onosproject.provider.host, configured=false
id=00:00:00:00:00:05/None, mac=00:00:00:00:00:05, locations=[of:0000000000000003/3], vlan=None, ip(s)=[10.0.0.5], innerVlan=None, outerTPID=unknown, provider=of:org.onosproject.provider.host, configured=false
id=00:00:00:00:00:06/None, mac=00:00:00:00:00:06, locations=[of:0000000000000003/4], vlan=None, ip(s)=[10.0.0.6], innerVlan=None, outerTPID=unknown, provider=of:org.onosproject.provider.host, configured=false

In addition, we assign a data traffic type (e.g. WEB, ICMP, VIDEO_STREAMING) to each tenant. For example, if we assign WEB traffic to tenant 1, the hosts belong to tenant 1 (h1 and h7 in the above example) can communicate only over WEB traffic and they will not be able to ping each other or send VIDEO_STREAMING traffic. In this lab, we assume that we only support three types of data traffic including WEB, ICMP, and VIDEO_STREAMING. We specify each data traffic with a set of match fields that you need to use them when you generate flow rules for each data traffic. We define them as follows:

  • WEB traffic
    • Source IP address
    • Destination IP address
    • Ethernet type (2048)
    • Source MAC address
    • Destination MAC address
    • TCP port (80)
  • VIDEO_STREAMING
    • Source IP address
    • Destination IP address
    • Ethernet type (2048)
    • Source MAC address
    • Destination MAC address
    • TCP port (8080)
  • ICMP
    • Source IP address
    • Destination IP address
    • Ethernet type (2048)
    • Source MAC address
    • Destination MAC address
    • ICMP code (0x0)
    • ICMP type (0x8 for ICMP request, 0x0 for ICMP response)

In this lab, the assignment of data traffic types to tenants will be stored in the file tenant_traffic_assignments.txt which is located under: /umbrella/src/main/resources/tenant_traffic_assignments.txt. This file will have the following format: 

<tenant_id> <traffic_type>
<tenant_id> <traffic_type>
.
.
.

For example, 

1 WEB
2 ICMP
3 VIDEO_STREAMING
4 ICMP

Note: tenant_traffic_assignment file must be customized according to number of tenants that we specified host_tenant_assignments file.

How to provide Isolation between tenants

Each host in the network is automatically assigned a MAC address and an IP address. The idea of isolation is:

  • If host Hi and host Hj belong to the same tenant, they should be able to communicate with each other
  • If host Hi and host Hj do not belong to the same tenant, they should not be able to communicate with each other

You can test isolation by making sure that hosts belonging to the same tenant should be able to communication with each other and hosts from different tenants should not be able to communicate with each other.

Now, the question is how do we achieve isolation? The answer is by the careful definition of flows. Each switch initially starts with zero flows installed (except default flow rules that a controller adds to the network switches). Your task is to add flows to the switches so as to provide communication for all the hosts of a tenant and isolation between hosts that belong to two separate tenants. Therefore, you should add a rule in the switches for each pair of hosts that should be able to communicate with each other (and avoid rules that flood packets). The next two subsections provide more details.

Hosts belonging to the same tenant and connected to same leaf switch (An Example to understand the concept)

Suppose host Hi and host Hj are connected to the same leaf switch S1 and belong to the same tenant. They should be able to communicate with each other. In this case, there is only one switch along the way between Hi and Hj. So, you must add flows in the switch S1 such that Hi and Hj should be able to communicate with each other. There must be one rule for each direction. 

If the connection looks like this:

       \  |  /
        Leaf
       /    \
      /      \
     Hi      Hj

For example, a flow rule can be like this:

   IF the packet:
      - Arrives on port connected to Hi AND
      - Has source ethernet as Hi's MAC AND
      - Has destination ethernet as Hj's MAC AND
      - Has source IP as Hi's IP address AND
      - Has destination IP as Hj's IP address.
      - Has Ethernet type 2048 (i.e. 0x800 which refers to IP packets)
   THEN: send the packet out to the port connected to Hj

A similar flow will be needed for communication in the opposite direction. For each flow rule we need to defined a set of match fields and a set of actions. In the above example, the match fields are source and destination IP addresses, source and destination MAC addresses, and Ethernet type. The action is OUTPUT that means the incoming packet from a specific port should be sent out to a specific output pot.

Hosts belonging to the same tenant but connected to different leaf switches

This is a more interesting case. In the earlier case, there was only one switch between the hosts. In this case, a path between the hosts has 3 switches - 2 leaf switches and 1 spine switch. Moreover, there are multiple paths between the hosts (equal to the number of spine switches in the network). Let us, for now, keep aside the question that which among the multiple paths we choose for this pair of hosts to communicate. Let us assume we know which path (i.e. through which spine switch) we use to send packets between the hosts. 

             Spine3
            /     \
           /       \
          /         \
        Leaf1       Leaf2
          |           |
          |           |
          Hi          Hj

In this case, you will have to add 2 flows in each of the three switches (Leaf1, Spine3, Leaf2),
one flow for each direction of communication. The flow rules will be on the similar lines of the
previous section. You will need the port numbers associated with the connection between the
different network elements.

Implementation Hints

  • This lab is a combination of Firewall and Forwarding apps. The best starting point is to understand the logic behind each of those applications.

Test Case Scenario

  1. For this test case, you also need to use X-forwarding for the terminal that you use to run mininet (i.e. python script which emulate a leaf-spine network topology):
    1. ssh -CX username@xinu2.cs.purdue.edu
    2. ssh -CX username@mc18.cs.purdue.edu
    3. ssh -CX osboxes@localhost -p VM_PORT_NUMBER
  1. After logging into your VM, you need to run ONOS controller using the following commands: 
        $ cd onos
    $ ok clean
  2. After executing the above commands, it takes a few minutes to boot up the SDN controller.
  3. To emulate a leaf-spine topology, run the leaf_spine.py file after the SDN controller boots up completely: 
    sudo python leaf_spine.py --spine 2 --leaf 3 --fanout 2

    leaf_spine.py creates an object of class LeafAndSpine and uses that object to create a network.

  4. Running the leaf_spine.py file will create the network using your topology, connect the network switches to the SDN controller, start the network, and drop into the mininet command-line interface (CLI): 
    $ sudo python leaf_spine.py --spine 2 --leaf 3 --fanout 2
mininet>
  5. Once in the CLI, you can run the command net to dump the network topology. Using this you can verify if the topology that you created is correct i.e. it creates the right number of switches and hosts and they are linked together as expected
  6. Run pingall from mininet CLI and see can you ping all of the hosts from each other? By default, ONOS runs a reactive forwarding application that installs flow rules when one host starts sending packets to another host.
  7. Open a new terminal, ssh to your VM and connect to ONOS cli using the following command: 
         $ onos 127.0.0.1
  8. Try commands like: devices, hosts, and links from ONOS CLI and confirm that number of links, hosts, devices are consistent with your network topology.
  9. Fill out host_tenant_assignments file with appropriate host ids, you will need to get list of host ids using ONOS CLI. To do that you need to run hosts command from ONOS CLI. In this example, the host_tenant_assignments file will be look like this. 
  10.         # Assume there are 2 tenants numbered 1 to 2
        # Assume we have 6 hosts in our network named h1 .. h6
        # The host_tenant_assignment.txt file will have one line for each host...

         $ cat host_tenant_assignments.txt
             00:00:00:00:00:01/None 1
             00:00:00:00:00:02/None 2
             00:00:00:00:00:03/None 1
             00:00:00:00:00:04/None 2
             00:00:00:00:00:05/None 1
             00:00:00:00:00:06/None 2
  11. Fill out tenant_traffic_assignments file as follows. 
  12.         1 WEB
        2 ICMP
  13. Deactivate reactive forwarding application by executing the following command from ONOS CLI:
    1. app deactivate org.onosproject.fwd. After deactivating reactive forwarding app, you should not be able to ping hosts from each other.
    2. You can also list ONOS active apps and services using the following command: apps -s.
  14. Run traffic isolation applications using the following command: 
  15.      java -cp target/umbrella-1.0-SNAPSHOT-jar-with-dependencies.jar apps.trafficIsolation.TrafficIsolation
  16. The list of flow rules after running traffic isolation application would be like this:
  17.         onos> flows
deviceId=of:0000000000000001, flowRuleCount=19
    id=100007a585b6f, state=ADDED, bytes=11625, packets=125, duration=189, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=100009465555a, state=ADDED, bytes=11625, packets=125, duration=189, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000ea6f4b8e, state=ADDED, bytes=462, packets=11, duration=189, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=b4000019ddaeb8, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400001c80ec1b, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000360df4e7, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400004329a3ed, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400004c1e3775, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.5/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400005f648b38, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400006d7152f5, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000074ccaf11, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000075c6f93d, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000086ecae44, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000a0a62daa, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000a9cd1155, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.1/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000b89a34ab, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000d65f8485, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.1/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000e9a1ce9b, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000f5a13c34, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.5/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
deviceId=of:0000000000000002, flowRuleCount=19
    id=1000002bbd8d4, state=ADDED, bytes=11439, packets=123, duration=190, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000c70edd85, state=ADDED, bytes=504, packets=12, duration=190, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000dc56d70b, state=ADDED, bytes=11439, packets=123, duration=190, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=b400002213a205, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400002c94a639, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000033138c4c, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.5/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000047c117cd, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400004c6f8df7, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000050b6a650, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000056628c71, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000750082ad, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400007f49c46a, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400009664deb7, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.5/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000ad0d8bdf, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000b86cbe16, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000e1d6a4de, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.3/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000f7c9fbe0, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000f80fe56f, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000f836b006, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.3/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
deviceId=of:0000000000000003, flowRuleCount=19
    id=10000464e5575, state=ADDED, bytes=11625, packets=125, duration=190, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000646f55aa, state=ADDED, bytes=11625, packets=125, duration=190, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000a6288ee9, state=ADDED, bytes=504, packets=12, duration=190, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=b400000e2a1a63, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000011811c7e, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.5/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000025f38c9d, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000277ff36b, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.3/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400005148d82c, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400007994176f, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400007e593eaf, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400008a7b82e7, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.1/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400008f35da5c, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000a0dba005, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.5/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000a2e571da, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000c013eda1, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.1/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000d36c2ef7, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.3/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000e1badf69, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:4], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000ee60b4e5, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.5/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000f5562fc9, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.5/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
deviceId=of:0000000000000191, flowRuleCount=27
    id=100001dbd4aab, state=ADDED, bytes=0, packets=0, duration=189, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=100004ff8bb9d, state=ADDED, bytes=16560, packets=184, duration=189, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000ad4b3537, state=ADDED, bytes=16560, packets=184, duration=189, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=b400001f2e5317, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000020cb6069, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.3/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000030cd66a5, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.5/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400003563a221, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000037a63fe9, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.1/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400003a0217ab, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400004c610c7a, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.1/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400005157a749, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.5/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000052496890, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400005707c03e, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000062ca1f9e, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b4000078be225f, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:03, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.3/32, IPV4_DST:10.0.0.5/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400007d3dd293, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b400007f811af1, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000a1970000, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000c552860f, state=ADDED, bytes=0, packets=0, duration=98, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:06, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.6/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000ce2c3dc3, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:01, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.1/32, TCP_DST:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000d286bfbb, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:02, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.2/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000d2e2b10d, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:04, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.4/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000d70dff12, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:02, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.2/32, ICMPV4_TYPE:8, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:1], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000d88c1630, state=ADDED, bytes=0, packets=0, duration=96, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:05, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.5/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:3], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000d9b3c205, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:05, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.5/32, IPV4_DST:10.0.0.3/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000dca0f900, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:03, ETH_SRC:00:00:00:00:00:01, ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:10.0.0.1/32, IPV4_DST:10.0.0.3/32, TCP_SRC:80], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
    id=b40000f20fde4c, state=ADDED, bytes=0, packets=0, duration=97, liveType=UNKNOWN, priority=500, tableId=0, appId=TrafficIsolation, payLoad=null, selector=[ETH_DST:00:00:00:00:00:04, ETH_SRC:00:00:00:00:00:06, ETH_TYPE:ipv4, IP_PROTO:1, IPV4_SRC:10.0.0.6/32, IPV4_DST:10.0.0.4/32, ICMPV4_TYPE:0, ICMPV4_CODE:0], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:2], deferred=[], transition=None, meter=[], cleared=false, StatTrigger=null, metadata=null}
deviceId=of:0000000000000192, flowRuleCount=3
    id=100000fd780a8, state=ADDED, bytes=0, packets=0, duration=189, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:arp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=100003a26c7f2, state=ADDED, bytes=16560, packets=184, duration=189, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:bddp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
    id=10000f687473b, state=ADDED, bytes=16560, packets=184, duration=189, liveType=UNKNOWN, priority=40000, tableId=0, appId=org.onosproject.core, payLoad=null, selector=[ETH_TYPE:lldp], treatment=DefaultTrafficTreatment{immediate=[OUTPUT:CONTROLLER], deferred=[], transition=None, meter=[], cleared=true, StatTrigger=null, metadata=null}
  18. if you run pingall after executing traffic isolation application, you will see h2, h4, and h6 will be able to ping each other because they belong to tenant 2 where hosts can send communicate with each other using ICMP packets. A screenshot of the pingall result is illustrated as follows:
  20. According to tenant host assignments file, the hosts belong to tenant 1 (h1,h3,h5) should be able to communicate with each other using WEB traffic. To test that we can use iperf3 that is is a tool for active measurements of the maximum achievable throughput on IP networks.
  21. Make sure the X-forwarding is enabled for the terminal that mininet is running.
  22. From mininet CLI, run the following commands:
    1. xterm h1
    2. xterm h2
    3. xterm h3
    4. xterm h4
  23. Run a server on port 80 on h1 and h2 as follows:
    1. iperf3 -s -p 80
  24. Run a client on h3 as follow:
    1. iperf3 -c 10.0.0.1 -t 10 -i 1 -p 80
  25. Run a client on h4 as follows:
    1. iperf3 -c 10.0.0.2 -t 10 -i 1 -p 80
  26. After the above steps, you should be able to see that h1 and h3 can communicate over WEB traffic but h2 and h4 won't be able to do that as we illustrate in the following screenshot:

Turnin

Follow these instructions to turnin your work:

  1. Log in to mc18.cs.purdue.edu using your CS username and password
  2. Create the lab directory: 
    cd ~/cs422/lab08_part2
  3. Create a submit directory: 
    mkdir submit
  4. Copy the trafficIsolation package from your VM to the submit directory: 
    scp -P <VM_port_number> -r osboxes@localhost:~/umbrella/src/main/java/apps/trafficIsolation
 ~/cs422/lab08_part2/submit
  5. Turnin the submit directory: 
    cd ~/cs422/lab08_part2/
turnin -c cs422 -p lab08_part2 submit

Grading

This lab will be graded during the first PSO after the deadline.

  • April 25th, Thursday
  • April 26th, Friday

Grading Form

  • cs42200/spring19/labs/lab08_part2.txt
  • Last modified: 2019/04/05 10:29
  • by arastega