Created
June 22, 2017 01:29
-
-
Save knodir/646af08c5c63394d64dce52575765681 to your computer and use it in GitHub Desktop.
Slow iperf3 throughput on firewall chain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import time | |
import subprocess | |
import logging | |
from emuvim.dcemulator.net import DCNetwork | |
from emuvim.api.rest.rest_api_endpoint import RestApiEndpoint | |
from mininet.log import setLogLevel, info | |
from mininet.node import RemoteController | |
from mininet.clean import cleanup | |
from mininet.net import Containernet | |
from mininet.node import Controller, Docker, OVSSwitch | |
from mininet.cli import CLI | |
from mininet.link import TCLink, Link | |
def runFirewallOnly(): | |
""" Put Firewall between client and server to test its basic functionality. | |
All VNFs reside on a single DC. """ | |
net = DCNetwork(controller=RemoteController, monitor=True, enable_learning=True) | |
# add one data center | |
dc = net.addDatacenter('dc1', metadata={'node-upgrade'}) | |
# create REST API endpoint | |
api = RestApiEndpoint("0.0.0.0", 5001) | |
# connect API endpoint to containernet | |
api.connectDCNetwork(net) | |
# connect data centers to the endpoint | |
api.connectDatacenter(dc) | |
# start API and containernet | |
api.start() | |
net.start() | |
# create client with one interface | |
client = dc.startCompute("client", image='sonatanfv/sonata-iperf3-vnf', | |
network=[{'id': 'intf1', 'ip': '10.0.0.2/24'}]) | |
# create Firewall VNF with two interfaces. 'input' interface for 'client' | |
# and 'output' interface for the 'server' VNF. | |
fw = dc.startCompute("fw", image='knodir/sonata-fw-vnf', | |
network=[{'id': 'input', 'ip': '10.0.0.3/24'}, | |
{'id': 'output', 'ip': '10.0.0.4/24'}]) | |
# create server VNF with one interface | |
server = dc.startCompute("server", image='sonatanfv/sonata-iperf3-vnf', | |
network=[{'id': 'intf2', 'ip': '10.0.0.5/24'}]) | |
# execute /start.sh script inside firewall Docker image. It start Ryu | |
# controller and OVS with proper configuration. | |
print(subprocess.call('sudo docker exec -i mn.fw /bin/bash /root/start.sh &', | |
shell=True)) | |
print('fw start done') | |
print('> sleeping 10s to wait ryu controller initialize') | |
time.sleep(10) | |
print('< wait complete') | |
# chain 'client -> fw -> server' | |
net.setChain('client', 'fw', 'intf1', 'input', bidirectional=True, | |
cmd='add-flow') | |
net.setChain('fw', 'server', 'output', 'intf2', bidirectional=True, | |
cmd='add-flow') | |
print('ping client -> server after explicit chaining. Packet drop %s%%' % | |
net.ping([client, server])) | |
net.CLI() | |
net.stop() | |
if __name__ == '__main__': | |
logging.basicConfig(level=logging.DEBUG) | |
runFirewallOnly() | |
cleanup() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment