SDN: User Guide
Installation
Prerequisites
In order to execute correctly the software modules needed for SDN component these are prerequisites.
- Python 2.7
- Pip
Moreover, there are dependencies for building the Python packages that also is recommended to have installed.
- gcc
- python-dev
- libffi-dev
- libssl-dev
- libxml2-dev
- libxslt1-dev
- zlib1g-dev
Finally, the protocols used to communicate the data plane with the control plane are the following.
- OpenFlow 1.3
- OVSDB
Download and setup
To create a holistic solution of SDN in a virtual environment we recommend the utilization of software to emulate a virtual switch. In our case, the software we used is OpenVSwitch. This virtual switch can be exchanged by another just in case the incoming switch has OpenFlow 1.3 and OVSDB support.
The most recent release from the current series of OpenVSwitch is:
http://openvswitch.org/releases/openvswitch-2.9.2.tar.gz
And the most recent release from the LTS series of OpenVSwitch is:
http://openvswitch.org/releases/openvswitch-2.5.5.tar.gz
Information for the installation and configuration of OpenVSwitch can be found in the following link:
http://docs.openvswitch.org/en/latest/intro/install/
Once the virtual switch is installed, the next step is to download, configure and run our SDN controller. This controller is RYU-based with an INTER-IoT application running at the top of it.
The source code is available on git:
Configuration
After clone the code, proceed with the installation as follow
$ cd ryu
$ pip install
With this simple command you can install the base of Ryu controller from the sources. Once you got it installed what you can do is run the indicated application. In this case, the application is the INTER-IoT simple switch with QoS developed for IoT deployments. To run this application you must type
$ ryu-manager /ryu/app/InterIoT_simpe_switch_13.py
This will run an application that performs the operations of a switch that understand OpenFlow version 1.3 and, together with the switching mechanism, provides some QoS features as the possibility to set queues, meters and rules. Moreover, it starts the GUI application to visualize and interact with the networks that can be accessed by INTER-FW.
GUI
To improve the visualization of the network and its configuration, a GUI that can be accessed through INTER-FW has been created. More information about this GUI can be found in the section related to INTER-FW.
Security and Monitoring
There are several mechanism to improve security at the network layer. For one side, to increment the security in the connections, concretely the connection between OpenFlow switches and the controller, you can establish a secure using a TSL connection. For that purpose you must configure a Public Key Infrastructure (you can use the ovs-pki script included in Open vSwitch). Later, you must create the controller and the switch private keys and certificates so that they can identify each other and create the secure connection where the messages will be transmitted. For the other side, a monitoring mechanism can be integrated within the SDN architecture to analyze the packets and performance of your controller. This mechanism is implemented by Snort application and can be integrated easily on the same machine or in a different machine (recommended). Snort is an open source network intrusion prevention and detection system developed by Sourcefire. If you are not familiar with installing/setting up Snort, please refer to snort setup guides.
http://www.snort.org/documents
Once Snort is installed and configured you must refer to the module ´simple_switch_snort.py´ of Ryu to connect the monitoring tool with the controller.
Finally, the security implemented within the INTER-IoT infrastructure, including INTER-FW and INTER-API securization, is based in WSO2 server.