Skip to content
Normal view History Permalink
p4-switch-setup.sh 4.02 KiB
Newer Older
Georgios Katsikas's avatar
test: P4 fabric-v1model scenario with INT, routing, and ACL rules
Georgios Katsikas committed
1 
#!bin/bash
Georgios Katsikas's avatar
fix: additional missing headers  
Georgios Katsikas committed
2 3 4 5 6 7 8 9 10 11 12 13 14 
# Copyright 2022-2024 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/)
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
Georgios Katsikas's avatar
test: P4 fabric-v1model scenario with INT, routing, and ACL rules
Georgios Katsikas committed
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 

# You must run this script as root
if [ "$EUID" -ne 0 ]; then
    echo "Please run as root"
    exit 1
fi

source "p4-switch-conf-common.sh"

# MAC addresses of the virtual INT interfaces
SW_INT_MAC="00:11:22:33:44:11"
HOST_INT_MAC="00:11:22:33:44:22"

# IP addresses of the virtual INT interfaces
SWITCH_INT_IP="10.0.0.1"
HOST_INT_IP="10.0.0.254"

SWITCH_INT_IP_NET=${SWITCH_INT_IP}"/24"
HOST_INT_IP_NET=${HOST_INT_IP}"/24"

# Subnets managed by the switch
DOMAIN_EDGE_IP="10.158.72.22/24" # Edge domain side IP address
DOMAIN_CORP_IP="172.16.10.4/24"  # Corporate domain side IP address

# INT subnet MTU
MTU_LEN=9000

kill_stratum() {
    pkill stratum
}

create_namespaces() {
    ip netns add ${SWITCH_NS}
}

create_virtual_interfaces() {
    ip link add ${HOST_IFACE_INT} type veth peer name ${SW_IFACE_INT}
}

assign_virtual_interfaces() {
    ip link set ${SW_IFACE_DATA_EDGE} netns ${SWITCH_NS}
    ip link set ${SW_IFACE_DATA_CORP} netns ${SWITCH_NS}
    ip link set ${SW_IFACE_INT} netns ${SWITCH_NS}
}

set_mac_addresses() {
    ip netns exec ${SWITCH_NS} ifconfig ${SW_IFACE_INT} hw ether ${SW_INT_MAC}
    ifconfig ${HOST_IFACE_INT} hw ether ${HOST_INT_MAC}
}

set_mtu() {
    ip netns exec ${SWITCH_NS} ip link set dev ${SW_IFACE_INT} mtu ${MTU_LEN}
    ip link set dev ${HOST_IFACE_INT} mtu ${MTU_LEN}
}

set_ip_addresses() {
    ip -n ${SWITCH_NS} addr add ${DOMAIN_EDGE_IP} dev ${SW_IFACE_DATA_EDGE}
    ip -n ${SWITCH_NS} addr add ${DOMAIN_CORP_IP} dev ${SW_IFACE_DATA_CORP}
    ip -n ${SWITCH_NS} addr add ${SWITCH_INT_IP_NET} dev ${SW_IFACE_INT}
    ifconfig ${HOST_IFACE_INT} ${HOST_INT_IP_NET}
}

bring_interfaces_up() {
    ip -n ${SWITCH_NS} link set ${SW_IFACE_DATA_EDGE} up
    ip -n ${SWITCH_NS} link set ${SW_IFACE_DATA_CORP} up
    ip -n ${SWITCH_NS} link set ${SW_IFACE_INT} up
    ifconfig ${HOST_IFACE_INT} up
}

disable_csum_offloading() {
    ip netns exec ${SWITCH_NS} ethtool -K ${SW_IFACE_DATA_EDGE} rx off tx off
    ip netns exec ${SWITCH_NS} ethtool -K ${SW_IFACE_DATA_CORP} rx off tx off
}

switch_default_gw() {
    ip netns exec ${SWITCH_NS} ip route add default via ${HOST_INT_IP}
}

enable_ip_fwd() {
    sysctl net.ipv4.ip_forward=1
    sysctl net.ipv4.conf.${HOST_IFACE_EXT}.forwarding=1
    sysctl net.ipv4.conf.${HOST_IFACE_INT}.forwarding=1
}

switch_access_to_internet() {
    iptables -P FORWARD DROP
    iptables -t nat -A POSTROUTING -s ${TOPO_INT_NET_IP}/${TOPO_INT_NET_MASK} -o ${HOST_IFACE_EXT} -j MASQUERADE
    iptables -A FORWARD -i ${HOST_IFACE_EXT} -o ${HOST_IFACE_INT} -j ACCEPT
    iptables -A FORWARD -o ${HOST_IFACE_EXT} -i ${HOST_IFACE_INT} -j ACCEPT
}

grpc_port_forwarding() {
    iptables -t nat -A PREROUTING -p tcp -i ${HOST_IFACE_EXT} --dport ${SW_P4RT_GRPC_PORT} -j DNAT --to-destination ${SWITCH_INT_IP}:${SW_P4RT_GRPC_PORT}
    iptables -A FORWARD -p tcp -d ${SWITCH_INT_IP} --dport ${SW_P4RT_GRPC_PORT} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
}

int_packet_mirroring() {
    sudo tc qdisc add dev ${HOST_IFACE_INT} ingress
    sudo tc filter add dev ${HOST_IFACE_INT} parent ffff: \
        protocol all prio 2 u32 \
        match u32 0 0 flowid 1:1 \
        action mirred egress mirror dev ${HOST_IFACE_EXT}
}

kill_stratum
create_namespaces
create_virtual_interfaces
assign_virtual_interfaces
set_mac_addresses
set_mtu
set_ip_addresses
bring_interfaces_up
disable_csum_offloading
switch_default_gw
enable_ip_fwd
switch_access_to_internet
grpc_port_forwarding
int_packet_mirroring

exit 0