OpenFlow, OpenWRT and bro-ids on rb450g

OpenFlow, OpenWRT and bro-ids on rb450g
OpenWRT, OpenFlow and bro-ids on Routerboard 450g

This small form factor board has a capacity to be used as enterprise CPE, no other hardware in this class has this much of RAM, CPU or flash storage (which are used for SOHO devices), where advance security features, routing features could be used.

OpenWrt is described as a Linux distribution for embedded devices. Instead
of trying to create a single, static firmware, OpenWrt provides a fully
writable filesystem with package management. This frees you from the
application selection and configuration provided by the vendor and
allows you to customize the device through the use of packages to suit
any application. For developer, OpenWrt is the framework to build an
application without having to build a complete firmware around it; for
users this means the ability for full customization, to use the device
in ways never envisioned.

My intention to port openwrt to routerboard 450G was to play and learn openflow protocol and learn new things about it about it.

The development platform I used is ubuntu vm on virtualbox.
lets start the build process:

Building the image

apt-get install build-essential binutils flex bison autoconf gettext texinfo sharutils subversion libncurses5-dev ncurses-term zlib1g-dev gawk 

mkdir ~/ofwrt
cd ~/ofwrt

svn co svn://
cd trunk/
sudo ./scripts/feeds update -a
sudo ./scripts/feeds install -a
cd ~/ofwrt/
git clone git://
cd ~/ofwrt/trunk/packages/ 
ln -s ~/ofwrt/openflow-openwrt/openflow-1.0/
cd ~/ofwrt/trunk/ 
ln -s ~/ofwrt/openflow-openwrt/openflow-1.0/files
cd ~/ofwrt/
Apply Patch to kernel for making a larger parition on the NAND to fit the bigger kernel in
vi target/linux/ar71xx/files/drivers/mtd/nand/rb4xx_nand.c

locate the lines:
{ .name = "kernel", .offset = (256 * 1024), .size = (4 * 1024 * 1024) - (256 * 1024), }, To:
        .name   = "kernel",
        .offset = (256 * 1024),
        .size   = (8 * 1024 * 1024) - (256 * 1024),
 or you can also download the patch here and apply,
make menuconfig

  • Select your platform for Target System (Atheros AR71xx)

  • Select OpenFlow package under network
  • Select tc package under network
  • Select kmod-tun under Kernel Modules->Network Support
  • in Target Images -> select  [ ] ramdisk  —>
  • Save and Exit

Add support for queueing :

  • make kernel_menuconfig 

  • Under Networking Support->Networking options->QoS and/or fair queueing select Hierarchical Token Bucket (HTB)
  • Save and Exit

Build the image

makeV=99 # to speed up compilation on multicore systems,

ionice -c 3 nice -n 20 make -j 2 #for quad-core CPU put -j 3

make sure internet is accessible from this machine this process will download neccessary source code if missing otherwise the process will not complete.


Flashing the Router

You need a tftp and dhcp server. I used tftpd32 it has built-in dhcp and tftp server, copy ‘openwrt-ar71xx-nand-vmlinux-initramfs.elf’ file from trunk/bin/ to tftp root directory,
and set the tftpd32 like this,

attached rb450g to your computer’s serial port, on the boot menu select boot options-> Ethernet then nand flash, boot protocol -> dhcp

press ‘x’ on the main menu.

the router board will successfully boot from the ethernet, as the router is booted, make neccessary network configuration, e.g. connect ethernet (switch port to your computer, assign your computer the ip address after succesful connectivity.

Here you need to run the build process again and create an image that could be installed on the router, for this 
access the machine where you were building from the source, locate to trunk directory

    • cd ~/ofwrt/trunk/
    • make menuconfig
    • under Target Images —>
    • uncheck ramdisk —>
    • make V=99
      come back to your machine install babyftp or any other ftp or http server.

      copy files ‘openwrt-ar71xx-nand-vmlinux-lzma.elf’ and ‘openwrt-ar71xx-nand-rootfs.tar.gz’ from trunk/bin/ar71xx/ to your ftp|http root.

      come to openwrt shell on rb450g, type the following command,

      wget2nand will automatically download the required files and burn them onto flash. If every thing goes successful it will prompt a success msg and ask you to reboot. simply reboot the device and it will give you access to openwrt shell runnning on rb450g.

      next is to install openflow package you compiled to openwrt, download the package openflow_1.0.0-1_ar71xx.ipk and install via

      opkg install openflow_1.0.0-1_ar71xx.ipk

      start the openflow service…
      /etc/init.d/openflow start

      root@OpenWrt:~# /etc/init.d/openflow start
      Configuring OpenFlow switch for out-of-band control
      No need for further configuration for out-of-band control
      Jan 25 12:52:24|00001|vlog|INFO|opened log file /var/log/ofprotocol.log
      Jan 25 12:52:24|00002|secchan|INFO|OpenFlow reference implementation version 1.0.0
      Jan 25 12:52:24|00003|secchan|INFO|OpenFlow protocol version 0x01
      Jan 25 12:52:24|00004|secchan|WARN|new management connection will receive asynchronous messages
      Jan 25 12:52:24|00005|rconn|INFO|unix:/var/run/dp0.sock: connecting…
      Jan 25 12:52:24|00006|rconn|INFO|tcp: connecting…
      Jan 25 12:52:24|00007|rconn|INFO|unix:/var/run/dp0.sock: connected

      root@OpenWrt:~# ps | grep of
      3 root 0 SW [ksoftirqd/0]
      1355 root 1268 S ofdatapath punix:/var/run/dp0.sock -i eth1.1 –no-lo
      1371 root 1068 S ofprotocol unix:/var/run/dp0.sock tcp:
      1373 root 1500 S grep of

      if you have successfully installed the package, both daemons ofdatapath and pfprotcol must be running.

      lets install bro-ids

      setup up your routerboard to internet access and execute the following command,


      it will download and install dependencies.

      thats all! i will upload a working lab in which