In [77]:
import requests
import re
import sys
import time
import pandas as pd
from langchain_chroma import Chroma
from langchain_core.example_selectors import MaxMarginalRelevanceExampleSelector
from langchain_ollama import OllamaEmbeddings
from ollama import Client
import json
import subprocess
import time
import ipaddress

In [None]:
# ONOS Controller Details
ONOS_BASE_URL = "http://localhost:8181/onos/v1/flows"
USERNAME = "onos"
PASSWORD = "rocks"  # Replace with your ONOS credentials

# Define sudo password
sudo_password = "localhost_password"

In [79]:
def get_flows_for_device_ONOS(device_id):
    """
    Retrieve all flows for a specific ONOS device (switch).
    
    Parameters:
        device_id (str): The ONOS switch ID (e.g., "of:0000000000000002").
    
    Returns:
        list: A list of flow JSON objects for the given switch.
    """
    url = f"{ONOS_BASE_URL}/{device_id}"
    headers = {"Accept": "application/json"}

    try:
        response = requests.get(url, auth=(USERNAME, PASSWORD), headers=headers)
        response.raise_for_status()
        
        data = response.json()
        return data.get("flows", [])

    except requests.exceptions.RequestException as e:
        print(f"Error fetching flows for device {device_id}:", e)
        return []

def extract_switch_id_ONOS(intent: str):
    """
    Extract the switch ID from a natural language intent for ONOS JSON format.
    
    Parameters:
        intent (str): The natural language intent.
    
    Returns:
        str: Extracted switch ID (e.g., 'of:0000000000000001') or None if not found.
    """
    # Mapping of ordinal words to numeric values
    ordinals = {
        "first": 1,
        "second": 2,
        "third": 3,
        "fourth": 4,
        "fifth": 5,
        "sixth": 6,
        "seventh": 7,
        "eighth": 8,
        "ninth": 9,
        "tenth": 10
    }

    # Match patterns like 'switch 1', 'router 2', 'node 3'
    match = re.search(r'\b(?:switch|router|node|device)(?:\s*number)?\s*(\d+)', intent, re.IGNORECASE)
    if match:
        switch_number = int(match.group(1))
        return f"of:{switch_number:016x}"  # Convert to ONOS 16-digit hex format

    # Match ordinal words (e.g., 'fourth switch', 'second router')
    match = re.search(r'\b(?:switch|router|node|device)\s*(\w+)', intent, re.IGNORECASE)
    if match:
        ordinal_word = match.group(1).lower()
        if ordinal_word in ordinals:
            switch_number = ordinals[ordinal_word]
            return f"of:{switch_number:016x}"  # Convert to ONOS 16-digit hex format

    # Match standalone ordinal words (e.g., 'fourth' without 'switch')
    for word, number in ordinals.items():
        if word in intent.lower():
            return f"of:{number:016x}"  # Convert to ONOS 16-digit hex format

    return None

def push_flow_rule(device_id, flow_json):
    """
    Push a flow rule to ONOS and retrieve the flow ID.
    """
    url = f"{ONOS_BASE_URL}"
    HEADERS = { 
        "Content-Type": "application/json",
        "Accept": "application/json"
        }
    
    try:
        response = requests.post(url, headers=HEADERS, auth=(USERNAME, PASSWORD), data=json.dumps(flow_json))
        if response.status_code in [200, 201]:
            response_data = response.json()
            if "flows" in response_data and len(response_data["flows"]) > 0:
                flow_id = response_data["flows"][0].get("flowId")
                print(f"Successfully pushed flow rule to ONOS (Device ID: {device_id}, Flow ID: {flow_id})")
                return flow_id  # Return the flow ID for later verification
            else:
                print("Flow rule pushed but no Flow ID returned by ONOS.")
                return None
        else:
            print(f"Failed to push flow rule to ONOS. Status Code: {response.status_code}, Response: {response.text}")
            return None
    except Exception as e:
        print(f"Exception occurred while pushing flow rule: {e}")
        return None
    
def verify_flow_rule(device_id, flow_id):
    """
    Verify if the flow rule exists in ONOS using the retrieved Flow ID.
    """
    if not flow_id:
        print("\nInvalid Flow ID provided for verification. Check ONOS response after rule posting.\n")
        return False

    url = f"{ONOS_BASE_URL}/{device_id}"
    HEADERS = {"Accept": "application/json"}
    
    try:
        response = requests.get(url, headers=HEADERS, auth=(USERNAME, PASSWORD))
        if response.status_code == 200:
            flows = response.json().get("flows", [])
            for flow in flows:
                if flow.get("id") == flow_id:
                    print(f"Flow rule exists in ONOS (Flow ID: {flow_id})")
                    return True
            print(f"Flow rule NOT found in ONOS (Flow ID: {flow_id})")
            return False
        else:
            print(f"Failed to query ONOS. Status Code: {response.status_code}, Response: {response.text}")
            return False
    except Exception as e:
        print(f"Exception occurred while verifying flow rule: {e}")
        return False

In [80]:
TRANSLATION_PROMPT_ONOS = """Your task is to transform natural language network intents into JSON-formatted network policies compatible with the ONOS SDN controller.

You only reply in JSON, no natural language. The network intents can represent different traffic control behaviors, such as:

1. **Traffic Forwarding, Queue Assignment, and VLAN Rules:** Define rules for forwarding traffic based on IPv4/IPv6 destination, TCP/UDP ports, and optionally assign traffic to specific queues or vlans.
2. **Blocking or Dropping Rule:** Define rules to drop traffic based on specific match criteria (e.g., source IP, destination IP). In ONOS, this is done by omitting the `"treatment"` field.

### **JSON STRUCTUREs FOR ONOS**

1. **Traffic Forwarding, Queue Assignment, and VLAN Rules:**  

```json
{
    "flows": [
        {
            "priority": <integer>,
            "timeout": <integer>, // Default: 0
            "isPermanent": "true",
            "deviceId": "<switch_id>",
            "treatment": {
                "instructions": [
                    {
                        "type": "QUEUE",
                        "queueId": <integer>
                    },
                    {
                        "type": "L2MODIFICATION",
                        "subtype": "VLAN_ID",
                        "vlanId": <integer> // Example: 100 for VLAN tagging
                    },
                    {
                        "type": "OUTPUT",
                        "port": "<integer>"
                    }
                ]
            },
            "selector": {
                "criteria": [
                    {
                        "type": "ETH_TYPE",
                        "ethType": "<string>" // Example: "0x800" for IPv4
                    },
                    {
                        "type": "IPV4_SRC",
                        "ip": "<ip_address/mask>"
                    },
                    {
                        "type": "IPV4_DST",
                        "ip": "<ip_address/mask>"
                    },
                    {
                        "type": "IP_PROTO",
                        "protocol": <integer> // Example: 6 for TCP, 17 for UDP
                    },
                    {
                        "type": "TCP_DST",
                        "tcpPort": <integer>
                    },
                    {
                        "type": "UDP_DST",
                        "udpPort": <integer>
                    },
                    {
                        "type": "IN_PORT",
                        "port": "<integer>"
                    }
                ]
            }
        }
    ]
}


2. **Blocking or Dropping Rule:**

{
    "flows": [
        {
            "priority": <integer>,
            "timeout": 0,
            "isPermanent": "true",
            "deviceId": "<switch_id>",
            "selector": {
                "criteria": [
                    {
                        "type": "ETH_TYPE",
                        "ethType": "<string>" // Example: "0x800" for IPv4
                    },
                    {
                        "type": "IPV4_SRC",
                        "ip": "<ip_address/mask>"
                    },
                    {
                        "type": "IPV4_DST",
                        "ip": "<ip_address/mask>"
                    }
                ]
            }
        }
    ]
}

Field Descriptions
priority (Mandatory): Priority level (higher numbers indicate higher priority). For blocking or firewall rules, assign a priority greater than 300.
timeout (Mandatory): Timeout in seconds after which the flow is removed (Default: 0).
isPermanent (Mandatory): "true" (always in quotes, per user preference).
deviceId (Mandatory): Switch ID where the rule is installed.
ethType (Mandatory): Ethernet protocol type. Use "0x800" for IPv4, "0x86DD" for IPv6, "0x806" for ARP.
IPV4_DST (Optional): IPv4 address in CIDR notation (e.g., "10.0.0.1/32"). Include only if explicitly mentioned.
IPV4_SRC (Optional): Source IP address (include only if explicitly mentioned).
IP_PROTO (Optional): Transport layer protocol (6 for TCP, 17 for UDP, 1 for ICMP).
TCP_DST (Optional): TCP destination port (e.g., 80 for HTTP).
UDP_DST (Optional): UDP destination port (e.g., 161 for SNMP).
IN_PORT (Optional): Incoming interface port number (use in port-based forwarding).
QUEUE (Optional): Use "QUEUE" with "queueId" to specify a QoS queue (queue ID is an integer, 0 is default).
OUTPUT (Optional): "OUTPUT" with "port" specifies the output port.
VLAN_ID (Optional): Use "L2MODIFICATION" with "subtype": "VLAN_ID" and "vlanId" to set a VLAN tag.

Rules for Translation
Each "priority" must be unique.
Set priority high (e.g., 1000) for queue-related rules.
Do not include VLAN-related fields unless explicitly mentioned in the intent.
Do not include optional fields unless explicitly mentioned in the intent.
Ensure valid ONOS-compliant JSON syntax.
Verify JSON structure before responding.
Always respond in valid JSON format only, without comments, explanations, or additional text.
If the intent cannot be mapped, return an empty JSON object {}."""

In [81]:
CONFLICT_PROMPT_ONOS = """You are tasked with determining if two ONOS flow configuration JSONs directly conflict with each other. **You MUST base your decision SOLELY on the JSON content provided.** Do **NOT** infer intent, use semantic reasoning, or make assumptions beyond the given JSON structure.

---

### **Rules for Conflict Detection (STRICT and LITERAL COMPARISON):**

A **direct conflict** exists **ONLY IF** all the following conditions are met:

#### **1. Matching Traffic Characteristics (Exact or Overlapping Match Criteria)**
Both flows must match **overlapping traffic characteristics** for all the specified fields, meaning they could apply to the **exact same packets**. The following fields are checked:

**EtherType (`ETH_TYPE`)**  
   - Must be present in **both** flows and have **identical** values (e.g., `"0x800"` for IPv4, `"0x86DD"` for IPv6).
   - If missing in either flow, there is **no match**.

**Source and Destination IP (`IPV4_SRC` and `IPV4_DST`)**  
   - If both flows **specify** a source or destination, they must overlap (e.g., `"10.0.0.1/32"` and `"10.0.0.0/24"` overlap).
   - If **either** flow **omits** source or destination, it applies to **all** sources or destinations respectively.

**Protocol (`IP_PROTO`)**  
   - Must be present in **both** flows and have **identical** values (e.g., `6` for TCP, `17` for UDP).
   - If missing in either flow, there is **no match**.

**Transport Layer Ports (`TCP_SRC`, `TCP_DST`, `UDP_SRC`, `UDP_DST`)**  
   - Must be **identical** in both flows if present.
   - If one flow includes a port filter and the other does not, there is **no match**.

**Incoming Port (`IN_PORT`)**  
   - If both flows specify `IN_PORT`, they must be identical.
   - If missing in either flow, there is **no match**.

**Wildcard Matching (Implicit Behavior for Missing Fields)**  
   - If a flow **specifies a field** (e.g., `IPV4_SRC`), it applies **only** to that source.
   - If a flow **does not specify a field** (e.g., `IPV4_SRC`), it applies to **all sources**.
   - General vs. specific distinctions are not classified, but missing fields imply generality (i.e., match all). Conflicts are determined based on whether the two match sets could overlap.
---

#### **2. Contradictory Actions**
Flows that **match the same traffic** only conflict if their actions contradict in one of the following ways:

**Different Output Ports (`OUTPUT` instruction)**  
   - If one flow **forwards** traffic to port `X` and another to port `Y`, it is a **conflict**.

**One Flow Drops, One Flow Forwards**  
   - If one flow **omits `"treatment"`** (implying a drop) and another **forwards traffic**, it is a **conflict**.

**Different Queue Assignments (`QUEUE` instruction)**  
   - If the flows **assign different `queueId` values**, it is a **conflict**.

**Note on Additional Match Fields:**  
   - If one flow includes additional match fields, a conflict may still exist if the effective match space overlaps. Extra fields do not automatically prevent a conflict.

---

#### **3. Priority is Irrelevant for Conflict Detection**
- `priority` **does not** determine a conflict.
- Even if one rule **overrides** another, they **do not conflict** unless their actions contradict.

---

### **Input Format**
You will be provided with **two ONOS JSON flow rules** in the following format:

**Flow 1:**
```json
<JSON for Flow 1>

**Flow 2:**
<JSON for Flow 2>

### **Expected Output Format**
Respond strictly in valid JSON format, using the schema below:

{
    "conflict_status": <integer>,
    "conflict_explanation": "<conflict explanation, if any>"
}

Field Descriptions:
   - conflict_status should be 1 if a direct conflict exists, 0 otherwise.
   - conflict_explanation → A brief explanation if a conflict exists, otherwise an empty string "".

NO EXTRA TEXT, COMMENTS, OR EXPLANATIONS OUTSIDE JSON.
DO NOT return 1 unless you are certain of a direct conflict.
Follow strict field-by-field comparison rules—NO inference beyond given data."""

In [82]:
SLICING_PROMPT = """You are tasked with analyzing a natural language intent to determine if it contains a command to create or use a queue/slice in a openflow switch. You should respond in JSON format. 

### Rules for Interpretation:
1. **Queue/Slice Detection:**  
   - The intent is considered related to queue/slice if it contains commands such as:
     - "create queue", "create slices", "slice the network", "implement slicing", "slice the flow", "make flowspace slicing", "do slicing", "slice", "implement queue", "do queuing", "assign queue", "assign slice", or any similar phrasing.
   - If the intent does not mention creating or using a queue/slice, set the field `"use_queue"` to `0`. 

2. **Switch and Port Identification:**  
   - If the intent specifies a **switch ID** (e.g., "switch 4" or "openflow:4" or "node 4" or "openflow 4"), populate the `"switch_id"` field with its value.  
   - If the intent specifies a **Queue ID or slice ID** (e.g., "queue 4" or "4th queue" or "fourth queue" or "slice 1" or "first slice"), populate the `"queue_id"` field with its value.  
   - If the intent specifies a **port ID** (e.g., "port 2" or "interface 2" or "ethernet 2" or "output node connector 2" or "second port" or "second interface"), populate the `"port_id"` field with its value. If there are multiple instances of "port_id" present, take the one which indicates output port or outgoing interface.
   - If the intent does not specify a switch ID or queue ID or port ID, set the respective field to an empty string (`""`).

3. **Output Format:**  
   - Respond strictly in valid JSON format adhering to the following schema:

```json
{
  "use_queue": <integer>,
  "switch_id": "<string>",
  "queue_id": "<string>",
  "port_id": "<string>"
}

Field Description:
-use_queue: 1 if the intent commands to create or use a queue/slice, 0 otherwise.
-switch_id: Switch ID if specified in the intent, otherwise "".
-queue_id: Queue ID if specified in the intent, otherwise "".
-port_id: Port ID if specified in the intent, otherwise "". If there are mutiple instances of "port_id" present, take the one which indicates the output port or outgoing interface.

4. No Additional Text:
Do not include any comments, explanations, or outputs outside the JSON format.

Example Inputs and Outputs:
    1. Input Intent:
    "Create a queue in switch 4 on port 3 for slicing the flow."
    Output:
    {
    "use_queue": 1,
    "switch_id": "switch 4",
    "queue_id": "",
    "port_id": "port 3"
    }

    2. Input Intent:
    "Send all video traffic through queue 0 of openflow:2."
    Output:
    {
    "use_queue": 1,
    "switch_id": "openflow 2",
    "queue_id": 0,
    "port_id": ""
    }

    3. Input Intent:
    "Configure switch 5 for traffic management."
    Output:
    {
    "use_queue": 0,
    "switch_id": "switch 5",
    "queue_id": "",
    "port_id": ""
    }

    4. Input Intent:
    "Monitor traffic flow on port 1."
    Output:
    {
    "use_queue": 0,
    "switch_id": "",
    "queue_id": "",
    "port_id": "port 1"
    }

   5. Input Intent:
    "In switch 3, if the incoming traffic in port 1 is TCP traffic destined for port 80, then pass it via interface 2, assigning it to queue 0 for prioritized handling."
    Output:
    {
    "use_queue": 1,
    "switch_id": switch 3,
    "queue_id": 0,
    "port_id": "interface 2"
    }

Respond with the appropriate JSON strictly following these rules and format."""

In [83]:
my_models_translate_real = [
"codestral",
"command-r",
"huihui_ai/qwq-abliterated"
]

my_models_conflict_real = [
"qwq",
"huihui_ai/qwq-fusion"
]

context_examples = [3, 6]

default_model = "llama2"

ollama_embedding_url = "http://10.23.7.63:11434"
ollama_server_url = "http://10.23.7.63:11435"  

ollama_emb = OllamaEmbeddings(
    model=default_model,
    base_url=ollama_embedding_url,
)

client = Client(host=ollama_server_url , timeout=120)

In [84]:
# Load custom dataset from CSV
custom_dataset = pd.read_csv('ONOS_intent_translation_dataset_for_LLM_Evaluation.csv')

# Ensure proper column names and format
if not {'instruction', 'output'}.issubset(custom_dataset.columns):
    raise ValueError("The dataset must have 'instruction' and 'output' columns.")

# Split into train and test (50/50 split for example)
#trainset, testset = train_test_split(custom_dataset, test_size=0.5, random_state=42, shuffle=True)
trainset = custom_dataset

In [85]:
def run_LLM_conflict(existing_intent_flow_json, new_intent_flow_json):
    system_prompt = CONFLICT_PROMPT_ONOS

    for model in my_models_conflict_real:
        count = 0
        while True:
            count+=1
            try:
                time.sleep(0.1)

                response = client.generate(model=model,
                    options={'temperature': 0.3, 'num_ctx': 8192, 'top_p': 0.5, 'num_predict': 1024, 'num_gpu': 99},
                    stream=False,
                    system=system_prompt,
                    prompt=f"Flow 1:\n{json.dumps(existing_intent_flow_json, indent=2)}\n\nFlow 2:\n{json.dumps(new_intent_flow_json, indent=2)}",
                    format='json'
                )

                output = response['response'].strip()

                response_json = json.loads(output)

                if 'conflict_status' not in response_json:
                    #print("\nWarning: 'conflict_status' key is missing in the response.\n")
                    break
                else:
                    valid_conflict_response = True
                    conflict_status = response_json.get('conflict_status', 0)
                    # Ensure conflict_status is an integer
                    if isinstance(conflict_status, str):
                        conflict_status = int(conflict_status)

                    return valid_conflict_response, conflict_status, response_json['conflict_explanation']             

            except Exception as e:
                print("Exception found: ", e)
                sys.stdout.flush()
                if(count<15):
                    continue
                else:
                    print("\n",model, " failed to produce valid JSON for conflict info after 15 tries. Going to next model\n")
                    break               
    
    return False, None, None

In [86]:
def conflict(device_id, new_intent_flow_json):
    
    existing_flows = get_flows_for_device_ONOS(device_id)
    #existing_flows = manual_flows_by_device.get(device_id, {}).get("flows", [])

    for existing_flow in existing_flows:
        valid_conflict_response, conflict_status, conflict_details = run_LLM_conflict(existing_flow, new_intent_flow_json)

        if (valid_conflict_response == False):
            return 2, None, None   #2 means here that LLM could not generate valid JSON for conflict reporting
        elif (conflict_status == 1):
            return conflict_status, conflict_details, existing_flow
        
    return 0, None, None

In [87]:
def run_LLM_IBN(intent, device_id):

    for num_examples in context_examples:
        for model in my_models_translate_real:
            
            example_selector = MaxMarginalRelevanceExampleSelector.from_examples(
                [{"instruction": trainset.iloc[0]["instruction"], "output": trainset.iloc[0]["output"]}],
                ollama_emb,
                Chroma,
                input_keys=["instruction"],
                k=num_examples,
                vectorstore_kwargs={"fetch_k": min(num_examples, len(trainset))}
                )
            # Clear and add all remaining examples from the trainset
            example_selector.vectorstore.reset_collection()
            
            for _, row in trainset.iterrows():
                example_selector.add_example({
                    "instruction": row["instruction"],
                    "output": row["output"]
                })
            
            system_prompt = TRANSLATION_PROMPT_ONOS
            count = 0

            while True:
                count+=1
                try:
                    time.sleep(0.1)
                    if num_examples > 0:
                        examples = example_selector.select_examples({"instruction": intent})
                        example_str = "\n\n\n".join(map(lambda x: "Input: " + x["instruction"] + "\n\nOutput: " + x["output"], examples))
                        system_prompt += example_str + "\n\n\n"  
                    
                    response = client.generate(model=model,
                        options={'temperature': 0.6, 'num_ctx': 8192, 'top_p': 0.3, 'num_predict': 1024, 'num_gpu': 99},
                        #options={'device': 'cpu'},
                        stream=False,
                        system=system_prompt,
                        prompt=intent,
                        format='json'
                    )
                    actual_output = response['response']
                    #print("\nTranslated by: ", model)
                    break
                
                except Exception as e:
                    print("Exception on Input: ", e)
                    print("\nCheck example_str same or not: \n",example_str)
                    sys.stdout.flush()
                    if(count<15):
                        continue
                    else:
                        print("\n",model, " failed to produce valid JSON for translation info after 15 tries. Going to next model\n")
                        break 
            try:
                
                flow_json = json.loads(actual_output)
                
                for flow in flow_json.get("flows", []):  # Iterate over all flows
                    flow["deviceId"] = device_id  # Replace the device ID

                #print(json.dumps(flow_json))

                return flow_json
            
            except Exception as e:
                print("Exception found: ", e)

In [None]:
def run_LLM_Slice(intent):

    system_prompt = SLICING_PROMPT
    
    for model in my_models_translate_real:     
        try:
            time.sleep(0.1)             
            response = client.generate(model=model,
                options={'temperature': 0.3, 'num_ctx': 8192, 'top_p': 0.5, 'num_predict': 1024, 'num_gpu': 99},
                #options={'device': 'cpu'},
                stream=False,
                system=system_prompt,
                prompt=intent,
                format='json'
            )
            
            output = response['response'].strip()
            response_json = json.loads(output)
            
            #print("\nCheckpoint*******Exiting LLM Slicing detection\n\n******")
            return response_json            
        
        except Exception as e:
            print("Exception found: ", e)
            sys.stdout.flush()
            continue

In [89]:
def classify_onos_flow_rule(flow_rule):
    """
    Classify ONOS flow rule into a type and compute its specificity.
    Works for both wrapped and standalone flow rule formats.
    Returns: (rule_type: str, specificity: float)
    """

    # Support both: wrapped in "flows" list OR flat dict
    if "flows" in flow_rule:
        flows = flow_rule.get("flows", [])
        if not flows:
            return "unknown", 0.0
        rule = flows[0]
    else:
        rule = flow_rule

    treatment = rule.get("treatment")
    selector = rule.get("selector", {})
    criteria = selector.get("criteria", [])

    # --- Rule Type Detection ---
    if treatment is None:
        rule_type = "security"
    else:
        instructions = treatment.get("instructions", [])
        if not instructions:
            rule_type = "security"
        else:
            instr_types = {instr.get("type", "").upper() for instr in instructions}
            if instr_types == {"NOACTION"}:
                rule_type = "security"
            elif "QUEUE" in instr_types:
                rule_type = "qos"
            elif "OUTPUT" in instr_types:
                rule_type = "forwarding"
            else:
                rule_type = "unknown"

    # --- Specificity Computation ---
    specificity = 0.0
    for crit in criteria:
        specificity += 1
        if "ip" in crit:
            ip = crit["ip"]
            try:
                ip_net = ipaddress.ip_network(ip, strict=False)
                specificity += ip_net.prefixlen / 32.0
            except Exception:
                pass

    return rule_type, specificity

def resolve_onos_conflict(rule1, rule2):
    """
    Resolve conflict between two ONOS rules using type > specificity > priority.
    Handles both LLM-generated-style and ONOS-style rule formats.
    Returns: winner_rule, loser_rule
    """
    type_priority = {"security": 3, "qos": 2, "forwarding": 1}

    # Normalize both rules into wrapped format for consistency
    if "flows" not in rule1:
        rule1 = {"flows": [rule1]}
    if "flows" not in rule2:
        rule2 = {"flows": [rule2]}

    type1, spec1 = classify_onos_flow_rule(rule1)
    type2, spec2 = classify_onos_flow_rule(rule2)

    p1 = rule1["flows"][0].get("priority", 0)
    p2 = rule2["flows"][0].get("priority", 0)

    # Type-based resolution
    if type_priority.get(type1, 0) > type_priority.get(type2, 0):
        return rule1, rule2
    elif type_priority.get(type2, 0) > type_priority.get(type1, 0):
        return rule2, rule1

    # Specificity-based resolution
    if spec1 > spec2:
        return rule1, rule2
    elif spec2 > spec1:
        return rule2, rule1

    # Priority-based resolution
    if p1 > p2:
        return rule1, rule2
    elif p2 > p1:
        return rule2, rule1

    # All equal
    return None, None


def adjust_priority_onos(winner_rule: dict, loser_rule: dict, step: int = 10) -> dict:
    """
    Adjusts the priority of the winning ONOS flow rule so it overrides the losing one.
    Supports both wrapped ("flows": [rule]) and flat rule dicts.

    Args:
        winner_rule (dict): The winning ONOS rule (either format).
        loser_rule (dict): The losing ONOS rule (either format).
        step (int): Minimum priority margin. Default is 10.

    Returns:
        dict: Updated winner_rule with modified priority (in-place).
    """

    # Support wrapped and unwrapped formats
    if "flows" in winner_rule:
        winner_flow = winner_rule["flows"][0]
    else:
        winner_flow = winner_rule

    if "flows" in loser_rule:
        loser_flow = loser_rule["flows"][0]
    else:
        loser_flow = loser_rule

    loser_priority = loser_flow.get("priority", 0)
    winner_priority = winner_flow.get("priority", 0)

    new_priority = max(winner_priority, loser_priority + step)
    winner_flow["priority"] = new_priority

    return winner_rule


def extract_inner_flow(rule):
    return rule["flows"][0] if "flows" in rule else rule

In [90]:
def end_to_end_IBN(intent):

    #current_time = time.time()
    device_id = extract_switch_id_ONOS(intent)

    intent_JSON = run_LLM_IBN(intent, device_id)

    conflict_status, conflict_details, which_flow_conflict = conflict(device_id, intent_JSON)

    if(conflict_status == 2):
        print("\nCheck Conflict Detection Module, LLM did not produce a valid JSON for conflict detection.\n")
        return False, None

    elif (conflict_status == 1):

        winner, non_winner = resolve_onos_conflict(intent_JSON, which_flow_conflict)

        winner_rule_inner = extract_inner_flow(winner)
        existing_rule_inner = extract_inner_flow(which_flow_conflict)

        if winner is None:
            print("\nConflict resolution resulted in a tie. The new rule and an existing rule has same type, specificity and priority\n")
            print("\nThe New flow rule:\n", updated_flow_json, "\nThe existing flow rule: \n", which_flow_conflict)
            print("\nExisting Flow Rule Location: In switch: ",device_id, "\nConflict Details : \n",  conflict_details)
            return False, "Tie"
        elif (winner_rule_inner == existing_rule_inner):
            print("\nExisting Flow Rule that Conflicts: \n", winner)
            return False, "existing_rule_win"
        else:
            print("Conflict Resolved. Winner Flow Rule: \n", winner)
            print("\nShadowed Flow Rule: \n", non_winner)
            print("\nShadowed Flow Rule Location: In switch: ",device_id, "\nConflict Details : \n",  conflict_details)
            # After resolving conflict and deciding rule1 is the winner:
            updated_flow_json = adjust_priority_onos(winner, non_winner) #argument order important; winner first.        

    try:
        flow_id = push_flow_rule(device_id, updated_flow_json)
    except Exception as e:
            print("Exception found while installing flow rule: ", e)
            sys.stdout.flush()
            return False, None
    try:
        verification_status = verify_flow_rule(device_id, flow_id)
        if(verification_status == True):
            return True, updated_flow_json
    except Exception as e:
            print("Exception found while verifying flow rule: ", e)
            sys.stdout.flush()
            return False, None

In [91]:
def extract_switch_id(intent: str):
    """
    Extract the switch ID from a natural language intent.
    
    Parameters:
        intent (str): The natural language intent.
    
    Returns:
        str: Extracted switch ID (e.g., 'openflow:1') or None if not found.
    """
    # Mapping of ordinal words to numeric values
    ordinals = {
        "first": 1,
        "second": 2,
        "third": 3,
        "fourth": 4,
        "fifth": 5,
        "sixth": 6,
        "seventh": 7,
        "eighth": 8,
        "ninth": 9,
        "tenth": 10
    }

    # Match patterns like 'openflow:1'
    match = re.search(r'openflow[:\s](\d+)', intent, re.IGNORECASE)
    if match:
        return f"openflow:{match.group(1)}"

    # Match patterns like 'switch 1', 'router 2', 'node 3'
    match = re.search(r'\b(?:switch|router|node|device)(?:\s*number)?\s*(\d+)', intent, re.IGNORECASE)
    if match:
        return f"openflow:{match.group(1)}"

    # Match ordinal words (e.g., 'fourth switch', 'second router')
    match = re.search(r'\b(?:switch|router|node|device)\s*(\w+)', intent, re.IGNORECASE)
    if match:
        ordinal_word = match.group(1).lower()
        if ordinal_word in ordinals:
            return f"openflow:{ordinals[ordinal_word]}"

    # Match standalone ordinal words (e.g., 'fourth' without 'switch')
    for word, number in ordinals.items():
        if word in intent.lower():
            return f"openflow:{number}"

    return None

def execute_command(command):
    """
    Runs a command with sudo password automation.
    """
    full_command = f"echo {sudo_password} | sudo -S {command}"
    try:
        result = subprocess.run(full_command, shell=True, capture_output=True, text=True)
        if result.returncode == 0:
            return result.stdout.strip()
        else:
            raise Exception(f"Error executing command: {result.stderr.strip()}")
    except Exception as e:
        return str(e)

def get_switch_port_mapping():
    try:
        # Commands to list port and QoS configurations
        list_ports_command = "sudo -S ovs-vsctl list port"
        list_qos_command = "sudo -S ovs-vsctl list qos"
        # Fetch port and QoS data
        ports_output = execute_command(list_ports_command)
        qos_output = execute_command(list_qos_command)

        # Parse QoS data into a dictionary
        qos_mapping = {}
        current_qos = None
        for line in qos_output.splitlines():
            if line.startswith("_uuid"):
                current_qos = line.split(":")[1].strip()
            elif line.startswith("queues") and current_qos:
                qos_mapping[current_qos] = line.split(":")[1].strip()

        # Create a dictionary to store switch-to-port mapping
        switch_port_dict = {}

        # Parse ports data and check for QoS
        current_port = None
        for line in ports_output.splitlines():
            if line.startswith("name"):
                current_port = line.split(":")[1].strip()
            elif line.startswith("qos") and "[]" not in line and current_port:
                qos_uuid = line.split(":")[1].strip()

                # Extract the OpenFlow switch ID and port number
                if "-" in current_port:
                    switch, port = current_port.split("-")
                    switch_id = f"openflow:{switch[1:]}"  # e.g., "s1" -> "openflow:1"
                    port_number = port[3:]  # e.g., "eth2" -> "2"

                    # Add to dictionary
                    if switch_id not in switch_port_dict:
                        switch_port_dict[switch_id] = []
                    switch_port_dict[switch_id].append(port_number)

                current_port = None

        return switch_port_dict

    except Exception as e:
        print(f"Error: {e}")
        return {}
    
def extract_port_number(text: str):
    """
    Extract the Ethernet port number from a natural language text.
    
    Parameters:
        text (str): The input text containing the port reference.
    
    Returns:
        int: Extracted port number or None if not found.
    """
    # Mapping of ordinal words to numeric values
    ordinals = {
        "first": 1,
        "second": 2,
        "third": 3,
        "fourth": 4,
        "fifth": 5,
        "sixth": 6,
        "seventh": 7,
        "eighth": 8,
        "ninth": 9,
        "tenth": 10
    }

    # Match explicit numbers after keywords
    match = re.search(r'\b(?:port|interface|output\s+node\s+connector|ethernet)\s*(\d+)', text, re.IGNORECASE)
    if match:
        return int(match.group(1))

    # Match ordinal words (e.g., 'second port', 'third interface')
    match = re.search(r'\b(?:port|interface|output\s+node\s+connector|ethernet)\s*(\w+)', text, re.IGNORECASE)
    if match:
        ordinal_word = match.group(1).lower()
        if ordinal_word in ordinals:
            return ordinals[ordinal_word]

    # Match standalone ordinal words (e.g., 'second')
    for word, number in ordinals.items():
        if word in text.lower():
            return number

    return None

def ovs_port_exists(switch_name, port_name, sudo_password=sudo_password):
    import subprocess
    cmd = f"sudo -S ovs-vsctl list-ports {switch_name}"
    result = subprocess.run(cmd, shell=True, capture_output=True, text=True, input=sudo_password + "\n")
    ports = result.stdout.split()
    return port_name in ports


def get_switch_name_from_device_id(device_id):
    # device_id is like 'openflow:2'
    idx = int(device_id.split(':')[1])
    return f"s{idx}onos"


def create_two_queue_for_switch(device_id, port, max_rate=10000000, queue_configs=None):
    """
    Creates queues dynamically for a specific switch and port.
    
    Parameters:
        switch (str): The name of the switch in 'openflow:X' format (e.g., 'openflow:4').
        port (int): The port number on the switch (e.g., 2).
        max_rate (int): Maximum rate for the QoS (default is 10000000).
        queue_configs (list): List of tuples specifying min-rate and max-rate for each queue (default is 2 queues).
    """
    if queue_configs is None:
        # Default to 2 queues with these configurations
        queue_configs = [
            (6000000, 6000000),  # Queue 0: min-rate and max-rate
            (4000000, 4000000)   # Queue 1: min-rate and max-rate
        ]

    # Construct the port name from the input
    #port_name = f"{switch.replace('openflow:', 's')}-eth{port}"
    switch_name = get_switch_name_from_device_id(device_id)
    port_name = f"{switch_name}-eth{port}"

    if not ovs_port_exists(switch_name, port_name):
        print(f"Port {port_name} does not exist on bridge {switch_name}!")
        return


    # Construct the QoS command for the specific switch and port
    qos_command = f"sudo -S ovs-vsctl -- set port {port_name} qos=@newqos -- --id=@newqos create qos type=linux-htb other-config:max-rate={max_rate}"
    for i, (min_rate, max_rate) in enumerate(queue_configs):
        qos_command += f" queues:{i}=@q{i}"
    for i, (min_rate, max_rate) in enumerate(queue_configs):
        qos_command += f" -- --id=@q{i} create queue other-config:min-rate={min_rate} other-config:max-rate={max_rate}"

    # Execute the command
    print(f"Running: {qos_command}")
    process = subprocess.Popen(qos_command, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True)
    stdout, stderr = process.communicate(input=f"{sudo_password}\n")
    if process.returncode == 0:
        print(f"Success:\n{stdout}")
    else:
        print(f"Error:\n{stderr}")


def create_two_queue_for_switch_handler(slicing_info):

    if 'use_queue' in slicing_info:         
            slicing_status = slicing_info['use_queue']
            slicing_switch_id = slicing_info['switch_id']
            slicing_queue_id = slicing_info['queue_id']
            slicing_port_id = slicing_info['port_id']

            if(slicing_status == 1):
                openflow_id = extract_switch_id(slicing_switch_id)
                switch_port_mapping = get_switch_port_mapping()
                print("\nCheckpoint*******Entering Slice/Queue Management\n\n******")

                port_number = extract_port_number(slicing_port_id)
                
                if openflow_id not in switch_port_mapping :
                    
                        print("\n\nQueue was not installed in ",openflow_id, "\nInstalling now on interface: ", port_number,"\n")
                        print("\nCheckpoint*******Entering queue creation\n\n******")

                        create_two_queue_for_switch(
                            device_id=openflow_id,  port=port_number,
                            queue_configs=[
                                (6000000, 6000000),  # Queue 0
                                (4000000, 4000000)   # Queue 1
                            ]
                            )   
                else:
                    if str(port_number) not in switch_port_mapping[openflow_id]:

                        print("\n\nQueue was not installed in ",openflow_id, " interface: ", port_number, "\nInstalling now...\n")
                        print("\nCheckpoint*******Entering queue creation\n\n******")

                        create_two_queue_for_switch(
                            device_id=openflow_id,  port=port_number,
                            queue_configs=[
                                (6000000, 6000000),  # Queue 0
                                (4000000, 4000000)   # Queue 1
                            ]
                            )
    

In [92]:
def extract_host_and_ip_onos (flow_data):

    # Extract first flow rule
    flow = flow_data["flows"][0]

    # Extract source and destination IPs
    src_ip = None
    dst_ip = None

    for criterion in flow["selector"]["criteria"]:
        if criterion["type"] == "IPV4_SRC":
            src_ip = criterion["ip"].split("/")[0]  # Remove /32 subnet
        if criterion["type"] == "IPV4_DST":
            dst_ip = criterion["ip"].split("/")[0]

    #print(f"Extracted Source IP: {src_ip}")  # Expected Output: 10.0.0.1 (h1)
    #print(f"Extracted Destination IP: {dst_ip}")  # Expected Output: 10.0.0.4 (h4)

    # Convert IPs to Host Names (Assuming Static Mapping)
    ip_to_host = {
        "10.0.1.1": "h1onos",
        "10.0.1.2": "h2onos",
        "10.0.1.3": "h3onos",
        "10.0.1.4": "h4onos"
    }

    src_host = ip_to_host.get(src_ip, "Unknown")
    dst_host = ip_to_host.get(dst_ip, "Unknown")

    #print(f"Source Host: {src_host}")  # Expected Output: h1
    #print(f"Destination Host: {dst_host}")  # Expected Output: h4
    return src_host, dst_host, src_ip, dst_ip

def execute_command_full(command, timeout):
    """Execute a command and capture full output, waiting for all responses."""
    try:
        process = subprocess.Popen(
            command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True
        )

        output_lines = []
        start_time = time.time()

        while True:
            line = process.stdout.readline()
            if line:
                output_lines.append(line.strip())  # Store the output line
                #print(line.strip())  # Print live output (optional)

            # Check if process has completed
            if process.poll() is not None:
                break

            # Timeout check
            if time.time() - start_time > timeout:
                process.terminate()  # Stop process if timeout occurs
                raise TimeoutError(f"Command timed out after {timeout} seconds")

        # Capture remaining output
        remaining_output, _ = process.communicate()
        if remaining_output:
            output_lines.append(remaining_output.strip())

        return "\n".join(output_lines)

    except Exception as e:
        return str(e)
    
def get_mininet_host_pid(src_host):
    """
    Robustly get the PID of a Mininet host process (e.g., 'h1' or 'h1onos') regardless of user.
    Looks for a process with command containing 'mininet:<src_host>'.
    """
    try:
        ps_output = subprocess.check_output(["ps", "-eo", "pid,args"], text=True).strip().splitlines()
    except subprocess.CalledProcessError as e:
        raise RuntimeError("Failed to run 'ps -eo pid,args'") from e

    for line in ps_output:
        if f"mininet:{src_host}" in line and "grep" not in line:
            parts = line.strip().split(None, 1)
            if len(parts) == 2:
                pid_str, cmd = parts
                try:
                    pid = int(pid_str)
                    #print(f"[DEBUG] Matched host '{src_host}' → PID {pid}")
                    return pid
                except ValueError:
                    continue

    raise RuntimeError(f"No Mininet host process found for '{src_host}'.")
    
def ONOS_assurance_for_security_intent(src_host, dst_host, src_ip, dst_ip, ping_count=2):
    host_pid = get_mininet_host_pid(src_host)
    print("\nProcess ID of source host", src_host, ":", host_pid)

    dst_host_ip = dst_ip  # Using flow rule destination IP
    #print("IP of destination host", dst_host, ":", dst_host_ip)

    timeout = 15
    ping_command = f"echo {sudo_password} | sudo -S mnexec -a {host_pid} ping -c {ping_count} {dst_host_ip}"
    output = execute_command_full(ping_command, timeout)

    if "100% packet loss" in output:
        print(f"\nIntent Effective. Traffic from {src_host} to {dst_host} is Blocked.")
    elif "0% packet loss" in output:
        print(f"\nIntent Not Effective. Traffic from {src_host} to {dst_host} is Not BLOCKED.")
    else:
        print("\nIntent Not Effective. Invalid Assurance Report Received.\n")
        print(output)


def ONOS_assurance_for_qos_intent(src_host, dst_host, src_ip, dst_ip, ping_count=2):

    print("")

def ONOS_assurance_for_forwarding_intent(src_host, dst_host, src_ip, dst_ip, ping_count=2):

    print("")

In [93]:
# forwarding={"flows":[{"priority":102,"timeout":0,"isPermanent":"true","deviceId":"of:0000000000000001","treatment":{"instructions":[{"type":"OUTPUT","port":"3"}]},"selector":{"criteria":[{"type":"ETH_TYPE","ethType":"0x0800"},{"type":"IP_PROTO","protocol":1},{"type":"IPV4_DST","ip":"10.0.0.1/32"}]}}]}

# security={"flows":[{"priority":200,"timeout":0,"isPermanent":"true","deviceId":"of:0000000000000004","selector":{"criteria":[{"type":"ETH_TYPE","ethType":"0x800"},{"type":"IPV4_SRC","ip":"10.0.0.1/32"},{"type":"IPV4_DST","ip":"10.0.0.4/32"}]}}]}

# QoS={"flows":[{"priority":200,"timeout":0,"isPermanent":"true","deviceId":"of:0000000000000001","treatment":{"instructions":[{"type":"QUEUE","queueId":0},{"type":"OUTPUT","port":"2"}]},"selector":{"criteria":[{"type":"ETH_TYPE","ethType":"0x800"},{"type":"IP_PROTO","protocol":6},{"type":"IPV4_DST","ip":"10.0.0.3/32"},{"type":"TCP_DST","tcpPort":80}]}}]}

# security_op = {'flows': [{'id': '51791398311435296', 'tableId': '0', 'appId': 'org.onosproject.rest', 'groupId': 0, 'priority': 200, 'timeout': 0, 'isPermanent': True, 'deviceId': 'of:0000000000000004', 'state': 'ADDED', 'life': 261401, 'packets': 2, 'bytes': 196, 'liveType': 'UNKNOWN', 'lastSeen': 1753540222461, 'treatment': {'instructions': [{'type': 'NOACTION'}], 'deferred': []}, 'selector': {'criteria': [{'type': 'ETH_TYPE', 'ethType': '0x800'}, {'type': 'IPV4_SRC', 'ip': '10.0.1.1/32'}, {'type': 'IPV4_DST', 'ip': '10.0.1.4/32'}]}}]}

In [None]:
#intent = "Forward UDP traffic on port 80 destined for 10.0.1.3 via interface 2, assigning it to queue 1 for prioritized handling in switch 2."
intent = "In switch 4, block all IPv4 traffic from 10.0.1.1 to 10.0.1.4 with a high priority, ensuring the switch operates as a firewall."
intent = "In switch 4, traffic destined for 10.0.1.4 should use port 4."

current_time = time.time()

slicing_info = run_LLM_Slice(intent)

create_two_queue_for_switch_handler(slicing_info)

deployment_status, translated_flow_rule = end_to_end_IBN(intent)

if (deployment_status == True):
        proc_time_s = (time.time() - current_time)
        print("\n\nSuccessfully translated and installed the rule in ODL SDN Controller. Time taken: ", proc_time_s)

        #translated_flow_rule = {"flow-node-inventory:flow": [{"id": "1", "priority": 200, "table_id": 0, "hard-timeout": 0, "match": {"ethernet-match": {"ethernet-type": {"type": 2048}}, "ipv4-destination": "10.0.0.4/32", "ipv4-source": "10.0.0.1/32"}, "flow-name": "firewall_block_h1_to_h4", "instructions": { "instruction": [{"order": 0, "apply-actions": {"action": [{"order": 0, "drop-action": {}}]}}]}, "idle-timeout": 0}]}

        src_host, dst_host, src_ip, dst_ip = extract_host_and_ip_onos(translated_flow_rule)
        
        flow_rule_type, flow_rule_specificity = classify_onos_flow_rule(translated_flow_rule) 
        
        if (flow_rule_type== "security"):
            ONOS_assurance_for_security_intent(src_host, dst_host, src_ip, dst_ip)
            
        elif (flow_rule_type== "qos"):
             ONOS_assurance_for_qos_intent(src_host, dst_host, src_ip, dst_ip)
             
        elif (flow_rule_type== "forwarding"):
             ONOS_assurance_for_forwarding_intent(src_host, dst_host, src_ip, dst_ip)

        elapsed_time = (time.time() - current_time)
        print("\nTime taken for end-to-end IBN: ",  round(elapsed_time,2))

elif (translated_flow_rule == "Tie"):
    print("\n\nReport to the operator about this conflict resolution issue. Need adjustment to conflict resolution policy.\n")

elif (translated_flow_rule == "existing_rule_win"):
    print("\n\nWinner flow rule is the existing one. New intent was not installed. See the existing flow rule that conflicts.\n")
else:
    print("\n\nLLM failed to produce meaningful response. Either update context example or model.\n")