SIT325: Advanced Network Security

T2_2023, Deakin University, VIC

Activity: Task 5.1P, Pass Task

Released on 7th August, due date of submission is 21st August 23:59hrs.

Note: Queries should be forwarded to your respective tutor via email only. Give at least 2
business days for us to reply or give feedback.

In this task we will Install and connect Open Network Operating System (ONOS) Controller with
mininet.

Background
In Software-defined networking (SDN), an SDN controller is the application that acts as a
strategic control point in a software-defined network. Essentially, it is the “brains” of the
network.
SDN is the separation of a network’s control functions from its forwarding functions. SDN
architecture relies on controllers to allow network administrators to manage the network. An
SDN controller manages flow control to the switches/routers “below” (via southbound APIs)
and the applications and business logic “above” (via northbound APIs) to deploy intelligent
networks. They consolidate and mediate between different controller domains using
common application interfaces.
Two of the most well-known protocols used by SDN controllers to communicate with the
switches/routers are OpenFlow and open virtual switch database (OVSDB). Other controller
protocols are being currently developed, many of them open-standard and collaborative. For
example, the Internet Engineering Task Force (IETF) working group — the Interface to the
Routing System (i2rs) — developed an SDN standard that enables a controller to leverage
proven, traditional protocols, such as OSPF, MPLS, BGP, and IS-IS, across a variety of SDN
platforms.
The type of protocols supported can influence the overall architecture of the network — for
example, while OpenFlow attempts to completely centralize packet-forwarding decisions, i2rs
splits the decision making by leveraging traditional routing protocols to execute distributed
routing and allowing applications to modify routing decisions.
SDN Controller Platforms
An SDN controller platform typically contains a collection of “pluggable” modules that can
perform different network tasks. Some of the basic tasks including inventorying what devices
are within the network and the capabilities of each, gathering network statistics, and other
monitoring functions, etc. Extensions can be inserted that enhance the functionality and
support more advanced capabilities, such as running algorithms to perform analytics and
orchestrating new rules throughout the network.
A controller platform can be from a different company than the application is from, allowing
for interoperability and flexibility. Cisco, for example, offers a controller platform built by
OpenDaylight. This open-source controller is interoperable with several different proprietary
applications.

Source: https://ipcisco.com/lesson/sdn-architecture-components/
A Little History
The first SDN controller was NOX, which was initially developed by Nicira Networks, alongside
OpenFlow. In 2008, Nicira Networks (acquired by VMware) donated NOX to the SDN
community, making it open source. It has since become the basis for many SDN controller
solutions. Nicira then went on to co-develop ONIX with NTT and Google; ONIX is the base for
the Nicira/VMware controller. While ONIX was originally supposed to be opened up, the parties
later decided not to make it open source.
There are, however, a variety of open-source controllers currently available. The earliest ones
include POX and Beacon. Started in early 2010, Beacon is a Java-based OpenFlow controller
licensed under a combination of the GPL v2 license and the Stanford University FOSS License
Exception v1.0. Other controllers of note include Trema (Ruby-based from NEC), as well as Ryu
(supported by NTT).
Subsequently, vendors such as Cisco, HP, IBM, VMWare, Lumina Networks, and Juniper have
jumped into the controller market with their own offerings. OpenDaylight is another major
player in the SDN controller game, as it’s the largest open-source SDN controller and SDN
controller platform currently offered on the market [1, 2,3].
ONOS Controller
The ONOS (Open Network Operating System) project is an open-source community hosted
by the Linux Foundation. The goal of the project is to create a software-defined
networking (SDN) operating system for communications service providers that is designed for
scalability, high performance, and high availability [1].
ONOS vs. OpenDaylight
OpenDaylight (ODL) is a similar open-source project created by the Linux Foundation. Both
ONOS and ODL have modular designs and similar goals to advance SDN. The two projects take
separate approaches, however, and have different backers and partners. While ONOS is
primarily for service provider networks, ODL focuses on data centre networks. Also, the goal
of ONOS is to provide better overall network performance, while ODL is designed to merge
legacy networks with SDN [2,3].

To do list: -
Part A
Install ONOS controller and show its connectivity with Mininet.
Before you start installing ONOS remember to verify that you have all the software and
hardware requirements. Please check the requirements.
https://wiki.onosproject.org/display/ONOS/Requirements
https://wiki.onosproject.org/display/ONOS/Developer+Quick+Start
Please read the above links as they provide detailed information (step-by-step) how to install
ONOS controller. We have provided some instructions (hints) in the Appendix A. Note that the
instructions in this Appendix are just some guidelines or hints, you may need to do some
troubleshooting to fix some syntax or some other issues (they are not the issues but some points
to think on). These issues are due to variations in Ubuntu version, Virtual Box version and
specific laptop configurations/variations.
NOTE: We understand that for virtual machine in MAC M1, there may be an issue with
launching ONOS GUI. Because it only works with Ubuntu server build. So, we need to install a
web browser with GUI for them. However, we may still have some issues with it. Therefore, we
can accept submissions from you if you can show the start of ONOS by command and
integration of ONOS and mininet via command. Alternatively, you can try AWS or Google cloud.
Part B
1. What do you mean by the secure channel in SDN, illustrate and explain.
2. What is in-band or out-of-band communication in SDN?
3. In SDN, one of the fundamental actions of the OpenFlow switch is to forward packets
to the controller for exception handling. PACKET_IN is generally sent via the secure
channel to the controller for handing off this exception processing. Many times, buffer
ID is communicated with the PACKET_IN message. Please explain via an example to
discuss why BUFFER ID field in the PACKET_IN message is required to send to controller.
4. We have discussed potential drawbacks and limitations of SDN (week 4 lecture). Were
the arguments convincing, or do you feel that these SDN limitations are debilitating for
the adoption of SDN? What other drawbacks might there be that we have not
mentioned?

To Submit
You are required to show that ONOS is successfully integrated with mininet and running.
Show the screenshots of all fundamental steps of ONOS installation, ONOS dashboard and
Topology up and running with Mininet, show the topology as well (in graphical form from
ONOS) i.e., show that all hosts are connected to your ONOS controller.
For part B, address each question in 250 words (maximum).
Submit all requirements in one pdf file.
[Highly] Recommended Study material for this task: -
1. https://en.wikipedia.org/wiki/ONOS
2. https://www.techtarget.com/searchnetworking/definition/ONOS-Open-
Network-Operating-System
3. https://www.sdxcentral.com/networking/sdn/definitions/what-the-definition-
of-software-defined-networking-sdn/what-is-sdn-controller/
4. https://wiki.onosproject.org/display/ONOS/ONOS
5. https://anukulverma.wordpress.com/2019/07/06/onos-installation/
6. https://wiki.onosproject.org/display/ONOS/Developer+Quick+Start
7. https://github.com/opennetworkinglab/onos
8. L. Mamushiane and T. Shozi, "A QoS-based Evaluation of SDN Controllers: ONOS
and OpenDayLight," 2021 IST-Africa Conference (IST-Africa), 2021, pp. 1-10.
9. O. Salman, I. H. Elhajj, A. Kayssi and A. Chehab, "SDN controllers: A comparative
study," 2016 18th Mediterranean Electrotechnical Conference (MELECON),
2016, pp. 1-6, doi: 10.1109/MELCON.2016.7495430.
10. Read week 4 lecture slides or watch the lecture (for part B).
 Appendix A
# ONOS Installation Guide for Ubuntu 22.04.2 with Bazel 6.0.0-pre.20220421.3
In this method, Bazel is used as the build tool to compile and run ONOS. Bazel is an open-
source build and test tool developed by Google that allows for efficient and reproducible
builds.
## Step 1: Update and upgrade the system
sudo get update
sudo get upgrade

## Step 2: Install required dependent packages

sudo apt-get install ssh git curl zip unzip python python3 bzip2
sudo apt-get install pkg-config g++ zlib1g-dev

## Step 3: Install Bazel

1. Go to the Bazel releases page: (https://github.com/bazelbuild/bazel/releases).
2. Download the Bazel installer for Linux: bazel-6.0.0-pre.20220421.3-installer-linux-
x86_64.sh
3. "Open in terminal" from the location of the bash file
4. Make the installer executable and run it:
chmod +x bazel-6.0.0-pre.20220421.3-installer-linux-x86_64.sh
./bazel-6.0.0-pre.20220421.3-installer-linux-x86_64.sh --user
## Step 4: Update the `$HOME/.bashrc` file
export PATH="$PATH:$HOME/bin"
source $HOME/.bazel/bin/bazel-complete.bash

## Step 5: Clone and build ONOS

cd $HOME
git clone https://gerrit.onosproject.org/onos
cd onos
bazel build onos
## Step 6: Run ONOS
cd $HOME/onos
bazel run onos-local -- clean debug
# 'clean' to delete all previous running status
# 'debug' to enable remote debugging
## Test the GUI
http://localhost:8181/onos/ui/login.html
Username: onos
Password: rocks
# Access CLI
onos localhost

Running ONOS as a Service

Once done, go to your browser and type in the link below to access the ONOS GUI:
Refer the followings.
https://wiki.onosproject.org/display/ONOS/Accessing+the+CLI+and+GUI#
http://localhost:8181/onos/ui/index.html (localhost can be replaced by ONOS server IP
address).
Running ONOS as a Service, refer
https://wiki.onosproject.org/display/ONOS/Running+ONOS+as+a+service

ONOS Integration
Firstly, ONOS must be enabled with certain applications for the Mininet integration to occur
correctly. Logon to the ONOS web interface at http://localhost:8181/onos/ui (User/pass set as
above OR as per your setup), (default user/pass: onos/rocks). Select ‘Applications’ from the top
left corner menu.
Enable the following applications:
• Reactive Forwarding
• OpenFlow Base Provider
• OpenFlow Provider Suite
• Polatis OpenFlow Drivers

Then integration with ONOS can be achieved during the first run of the Mininet controller. The
following command will connect to the ONOS controller and create a topology of 6 hosts (as
example). Note: The IP must be changed to your ONOS IP.

$ sudo mn --controller=remote,ip=10.0.2.15 --topo single,6

If you cannot see the topology in ONOS GUI, please execute the command

"sudo mn --controller=remote,ip=10.0.2.15,port=6653 --
switch=ovs,protocols=OpenFlow13 --link=ovs --topo single,6" instead of "sudo
mn --controller=remote,ip=10.0.2.15 --topo single,6"

Get help from here: https://groups.google.com/a/onosproject.org/g/onos-

dev/c/wD3zO1qzcU0
Now type the command pingall go back to the GUI topology and press h on the keyboard,
pingall will trigger all the hosts to ping each other, when the ping traffic flows between hosts
through the switch, they will appear in ONOS. [Note that the IP and port will be your
ONOS/topology IP and port number].

[Or try to switch the Ubuntu network from NAT (if you have that set-up) to Host-only Adapter,
and then use your new IP.].
Now, the network should be visible in ONOS.

If you get an error “no DISPLAY environment variable specified" this is probably because you
are using specifically the mininet VM, it has no display environment by default, so it is CLI only
and you cannot run GUI programs in a machine if there is no desktop/display environment (x11
and wayland mainly). The easiest way to do this and other tasks is to run mininet in an ubuntu
terminal instead of running virtualbox inside ubuntu (install it through apt) and connect it to
ONOS running through ubuntu's firefox.