Design POX controller step by step

Design POX controller step by step

In this article, I’ll describe how to understand the POX controller’s behavior, and illustrate how to design the behavior step by step.

1. Hub behavior
I will use the network below in this exercise. In this case, C0 is POX controller located in one PC, and S1, h1, h2, h3 is simulated by mininet.

In POX, the hub behavior is defined in pox\forwarding\hub.py. Let’s read the code at first.

def _handle_ConnectionUp (event):  msg = of.ofp_flow_mod()  msg.actions.append(of.ofp_action_output(port = of.OFPP_FLOOD))  event.connection.send(msg)  log.info("Hubifying %s", dpidToStr(event.dpid))def launch ():  core.openflow.addListenerByName("ConnectionUp", _handle_ConnectionUp)  log.info("Hub running.")

The hub module contains a launch function, which is called to initialize this module. Basically, each module should have launch function. In launch function, addListenerByName is called. The addListererByName is used to register a call back function for specific events issued by either the OpenFlow module or other module. When a connection to a switch ups, a “ConnectionUp” event is issued, then _handle_ConnectionUp function will be called to handle the event.

_handle_ConnectionUp function has two important tasks. The 1st one is form the open flow rule, and the 2nd is to send the rule to open switch. Function ofp_flow_mod and ofp_action_output will initialized/modified the open flow rule. Once the rules is decided, connection.send function sends an OpenFlow message to a switch, i.e, deploy the rule to open switch.

Testing case:
a. Capture packet in PC. Open Flow packets will be captured.
b. Ping from h1 to h3, capture packets via tcpdump in h1, h2, h3. All packets will be flooded in all three hosts.

2. Switch behavior
In POX, basic switch behavior is defined in pox\forwarding\l2_learning. The topology is same as above.
As usual, let’s read code firstly.

The l2_learning module uses core.registerNew function to register with class name l2_learning. After registration, l2_learning is a module of POX, and it also need add event listener via function addListeners in its init function.

While working as l2 switch mode, the open flow rule is not deployed during controller startup process. It’s down to open switch when first packet in.

Testing case:
a. Ping from h1 to h3, capture packets via tcpdump in h1, h2, h3. BC packet should be found in all hosts, and ping is only found in h1 and h3.

3. Self-defined firewall behavior
Based on the knowledge above, let’s start to design a firewall to filter ping reply. The easy way is to use the l2 learning component, and then add more code in PacketIn event handler. Here’s a sample for blocking ping reply:

"""Block ICMP reply"""from pox.core import coreTYPE_ECHO_REPLY   = 0def block_handler (event):  # Handles packet events and kills the ones once the packet is PING reply  icmpp = event.parsed.find('icmp')  if not icmpp: return # Not ICMP  #if it is ping reply, block it:  if (icmpp.type == TYPE_ECHO_REPLY):    # Halt the event, stopping l2_learning    core.getLogger("blocker").debug("Blocked TCP %s <-> %s",                                    tcpp.srcport, tcpp.dstport)    event.halt = Truedef launch ():  # Listen to packet events  core.openflow.addListenerByName("PacketIn", block_handler)