Exercise 4: VLAN management - grupogita/ONOSP4-tutorial GitHub Wiki

A VLAN (Virtual Local Area Network) is a logical segmentation of a network that allows end devices to be grouped together based on their function or application, without regard to their physical location. VLANs operate like physical LANs, with the ability to transmit unicast, broadcast, and multicast packets, but they offer the added flexibility of grouping end stations together even if they are not physically located on the same LAN segment [1].

The switch creates a VLAN by assigning some interfaces to one VLAN and others to different VLANs. This allows the switch to segment the connected devices into multiple broadcast domains, rather than treating all interfaces as being in the same broadcast domain as it would without VLANs [2]. Any switch port can belong to a VLAN, and packets are forwarded and flooded only to end stations within that VLAN. Each VLAN is considered a separate logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router [1].

The following figure illustrates how VLANs can be used to segment a network into logical subnetworks:

In summary, VLANs allow for the logical segmentation of a network into smaller, more manageable subnetworks, or to separate different types of network traffic. The use of VLANs allows for better network management and security, as it allows administrators to control which devices can communicate with each other and to segment different types of network traffic.

The objective of this exercise is to implement two VLANS for the purpose of logically splitting two network segments each composed of two end devices (hosts). You will apply the concepts of the VLANS traffic handling process into the programming logic in order to modify the P4 file and enable successful communication between end devices that are part of the same logical network segment.

You will have to modify the following files in this exercise:

  • topo.py located on the path ONOSP4-tutorial/Exercise-4/mininet/topo.py
  • main.p4 located on the path ONOSP4-tutorial/Exercise-4/p4src/main.p4
  • flows file located on the path ONOSP4-tutorial/Exercise-4/p4src/flows

Topology and Mininet

The exercise requires the creation of links between host H1 and Switch S1, host H2 and Switch S1, host H3 and Switch S2, host H4 and Switch S2 and between Switches S1 and S2. The following diagram shows the resulting topology:

The first task to be performed is to edit the "topo.py" file applying the knowledge acquired so far to build the topology illustrated above by addressing the tasks indicated with the ”TO-DO” comments within the code.

After performing the previous step, you can check the topology was created correctly using the following commands:

  • make app-build
  • make start
  • make mn-log

At the end of the last command, the CLI output is expected to look like the following code block:

1  docker logs -f mininet
2  *** Error setting resource limits. Mininet's performance may be affected
3  *** Creating network
4  *** Adding hosts:
5  h1 h2 h3 h4
6  *** Adding switches:
7  s1 s2
8  *** Adding links:
9  (s1, h1) (s1, h2) (s1, s2) (s2, h3) (s2, h4)
10 *** Configuring hosts
11 h1 h2 h3 h4
12 *** Starting controller
13
14 *** Starting 1 switches
15 s1 stratum_bmv2 @ 50001
16 s2 stratum_bmv2 @ 50002
17 *** Starting CLI

Another way to check that the topology was successfully created is to use the command make mn-cli to access the mininet CLI. Then, you can use the net command to visualize the topology currently deployed on Mininet. You should see a CLI output similar to the following code block:

1 *** Attaching to Mininet CLI...
2 *** To detach press Ctrl-D (Mininet will keep running)
3 mininet> net
4 h1 h1-eth0: s1-eth1
5 h2 h2-eth0: s1-eth2
5 h3 h3-eth0: s2-eth1
5 h4 h4-eth0: s2-eth2
6 s1 lo: s1-eth1:h1-eth0 s1-eth2:h2-eth0 s1-eth3:s2-eth3
7 s2 lo: s2-eth1:h3-eth0 s2-eth2:h4-eth0 s2-eth3:s1-eth3

P4 program

The tagging process in VLAN is the method of identifying and separating network traffic based on VLAN membership. In this process, a 4-byte tag field is inserted in the original Ethernet frame between the Source Address and Type-Length fields in compliance with the 802.1Q VLAN standard [3]. A VLAN-enabled port is categorized as either tagged (trunk) or untagged (access). A tagged port is used to pass traffic for multiple VLANs, while an untagged port is used to accept traffic for only one VLAN, trunk ports generally link switches, while access ports link to end devices [4].

In the VLAN tagging operation, a switch tags incoming untagged Ethernet frames with the default VLAN ID tag number (PVID) and either tags or untags outgoing frames based on the port's VLAN configuration [5]. When a frame enters a switch port, it is tagged with the PVID of the port and sent through the network using L2 Ethernet and VLAN-based routing. Upon reaching the destination host, the frame is untagged and can be easily processed by the communication library [5].

This exercise focuses on the application of the tagging and untagging concept explained above and to complete it you have to modify the file "main.p4". The instructions can be found in the file with the comment code ”TO-DO”.

Flows and successful PING

When the make start command was executed after performing the changes indicated in the ”TO-DO” comments of the topo.py file, the modification of the P4 program had not been performed. After performing the corresponding modifications to the main.p4 file, run the following commands:

  • make stop
  • make app-build
  • make start
  • make app-reload
  • make netcfg

In order to verify the connection between devices belonging to the same VLAN, it is necessary to modify the "flows" file located in the p4src folder, and then follow the process described in Exercise 1: first approach to the P4 development process to interact with the ONOS driver through the REST API and inject the flows in each of the switches.

REMEMBER: The "flows" file contains the structure of the REST commands that will create the entries for the action table. This file contains some "TO-DO" indicating information that must be provided when modifying the code of these commands.

After modifying the "flows" file and correctly injecting the flows in each of the switches, a successful ping can be performed from the Mininet CLI using the following commands from the home CLI:

  • make mn-cli
  • h1 ping h3
  • h2 ping h4

References

[1] Cisco Support. Configuring VLANs. VLANs Overview.

[2] CHOKSHI, Rajul; YU, Chansu. Study on VLAN in Wireless Networks. Technical Report, 2007.

[3] Hewlett Packard Enterprise. Aruba 5400 zl switch series - ieee 802.1q tagging and virtual lans explained.

[4] Cisco Meraki. Fundamentals of 802.1q vlan tagging.

[5] T. Otsuka, M. Koibuchi, T. Kudoh and H. Amano, "Switch-tagged VLAN Routing Methodology for PC Clusters with Ethernet," 2006 International Conference on Parallel Processing (ICPP'06), Columbus, OH, USA, 2006, pp. 479-486, doi: 10.1109/ICPP.2006.67.