| | 1 | = [wiki:GENIExperimenter/Tutorials/OpenFlowOVS Intro to OpenFlow Tutorial (OVS)] = |
| | 2 | {{{ |
| | 3 | #!html |
| | 4 | |
| | 5 | <div style="text-align:center; width:495px; margin-left:auto; margin-right:auto;"> |
| | 6 | <img id="Image-Maps_5201305222028436" src="http://groups.geni.net/geni/attachment/wiki/GENIExperimenter/Tutorials/Graphics/Setup.jpg?format=raw" usemap="#Image-Maps_5201305222028436" border="0" width="495" height="138" alt="" /> |
| | 7 | <map id="_Image-Maps_5201305222028436" name="Image-Maps_5201305222028436"> |
| | 8 | <area shape="rect" coords="18,18,135,110" href="http://groups.geni.net/geni/wiki/GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight/DesignSetup" alt="" title="" /> |
| | 9 | <area shape="rect" coords="180,18,297,111" href="http://groups.geni.net/geni/wiki/GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight/Execute" alt="" title="" /> |
| | 10 | <area shape="rect" coords="344,17,460,110" href="http://groups.geni.net/geni/wiki/GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight/Finish" alt="" title="" /> |
| | 11 | <area shape="rect" coords="493,136,495,138" href="http://www.image-maps.com/index.php?aff=mapped_users_5201305222028436" alt="Image Map" title="Image Map" /> |
| | 12 | </map> |
| | 13 | <!-- Image map text links - End - --> |
| | 14 | |
| | 15 | </div> |
| | 16 | }}} |
| | 17 | |
| | 18 | [[PageOutline]] |
| | 19 | |
| | 20 | {{{ |
| | 21 | #!html |
| | 22 | <table border="0"> |
| | 23 | <tr > |
| | 24 | <td ><b> Overview <br></b> |
| | 25 | <i>In this tutorial we are going to use <a href="http://www.openvswitch.org/"> Open vSwitch (OVS) </a> as an OpenFlow switch connected to three hosts. |
| | 26 | OVS is a software switch running on a compute resource. The other three hosts can only communicate through the OVS switch. The experiment will need (the rspecs for this exercise are provided later in this section): |
| | 27 | <ul> |
| | 28 | <li>1 Xen VM with a public IP to run an OpenFlow controller</li> |
| | 29 | <li> 1 Xen VM to be the OpenFlow switch </li> |
| | 30 | <li> 3 Xen VMs as hosts</li> |
| | 31 | </ul> |
| | 32 | </i> |
| | 33 | </it> |
| | 34 | </td> |
| | 35 | <td> |
| | 36 | <img border="0" src="http://groups.geni.net/geni/attachment/wiki/GENIExperimenter/Graphics/SimpleSoftwareOVS.jpg?format=raw" alt="Experiment Topology" height="250" title="Experiment Toplogy" /> |
| | 37 | </td> |
| | 38 | </tr> |
| | 39 | </table> |
| | 40 | }}} |
| | 41 | |
| | 42 | == Step 1. Obtain resources == |
| | 43 | |
| | 44 | For the following reservation you can use any aggregate. |
| | 45 | {{{ |
| | 46 | #!html |
| | 47 | <table id="Table_01" border="0" cellpadding="5" cellspacing="0"> |
| | 48 | <tr> |
| | 49 | <td> <img src="http://trac.gpolab.bbn.com/gcf/raw-attachment/wiki/Graphics/4NotesIcon_512x512.png" width="40" alt="Note"> </td> |
| | 50 | <td> You can use compute resources from any <b>InstaGENI rack</b> and any reservation tool (Portal, jFed, Omni, etc) For a list of available InstaGENI racks see the <a href="http://groups.geni.net/geni/wiki/GENIProduction"> GENI Production Resources </a> page. |
| | 51 | </td> |
| | 52 | </tr> |
| | 53 | </table> |
| | 54 | |
| | 55 | }}} |
| | 56 | |
| | 57 | a. '''Reserve your network''', that includes a VM with OVS installed. [[BR]] |
| | 58 | ''RSpec'': You can use the following url, url: [https://floodlight.atlassian.net/wiki/download/attachments/45645828/TransparentRedirectFINAL.xml?version=1&modificationDate=1463690438218&api=v2] |
| | 59 | |
| | 60 | {{{ |
| | 61 | #!comment |
| | 62 | sudo /local/install-script-wireshark.sh |
| | 63 | |
| | 64 | http://www.gpolab.bbn.com/experiment-support/OpenFlowOVS/wireshark.tar.gz |
| | 65 | |
| | 66 | }}} |
| | 67 | |
| | 68 | {{{ |
| | 69 | #!html |
| | 70 | <table id="Table_01" border="0" cellpadding="5" cellspacing="0"> |
| | 71 | <tr> |
| | 72 | <td> <img src="http://trac.gpolab.bbn.com/gcf/raw-attachment/wiki/Graphics/4NotesIcon_512x512.png" width="40" alt="Note"> </td> |
| | 73 | <td> You will need SSH access to your nodes. If you don't know how to SSH to your reserved hosts learn <a href="http://groups.geni.net/geni/wiki/HowTo/LoginToNodes"> how to login </a></td> |
| | 74 | </tr> |
| | 75 | </table> |
| | 76 | |
| | 77 | }}} |
| | 78 | |
| | 79 | == Step 2. Configure the Floodlight Controller == |
| | 80 | Once a site has been chosen and all of the resources are up, go ahead and ssh into the controller. '''All of the commands in this section are going to be run from within the controller resource.''' |
| | 81 | There are a few things that we need to install, the first being Floodlight! It’s located on GitHub, so we’ll just grab that using the following command: |
| | 82 | |
| | 83 | |
| | 84 | == Step 3. Configure the Open vSwitch == |
| | 85 | '''Overview: ''' |
| | 86 | ''Although OVS is installed and initialized on the host that is meant to act as a software switch, it has not been configured yet. |
| | 87 | There are two main things that need to be configured: [[BR]] |
| | 88 | ''(1) configure your software switch with the interfaces as ports'' and [[BR]] '' (2) point the switch to an !OpenFlow controller''. '' |
| | 89 | |
| | 90 | |
| | 91 | === 3a. Configure the Software Switch (OVS Window) === |
| | 92 | |
| | 93 | i. Login to the OVS host |
| | 94 | ii. Create an Ethernet bridge that will act as our software switch: |
| | 95 | {{{ |
| | 96 | sudo ovs-vsctl add-br br0 |
| | 97 | }}} |
| | 98 | iii. Prepare the interfaces to be added as ports to the OVS switch |
| | 99 | * Your OVS bridge will be a Layer 2 switch and your ports do not need IP addresses. Before we remove them let's keep some information |
| | 100 | * Run {{{ ifconfig }}} |
| | 101 | * Write down the interface names that correspond to the connections to your hosts. The correspondence is |
| | 102 | * Interface with IP ''10.10.1.11'' to host1 - ethX |
| | 103 | * Interface with IP ''10.10.1.12'' to host2 - ethY |
| | 104 | * Interface with IP ''10.10.1.13'' to host3 - ethZ |
| | 105 | * Remove the IP from your data interfaces. [[BR]] |
| | 106 | [[Image(GENIExperimenter/Tutorials/Graphics:warning-icon-hi.png, 2%)]] Be careful '''not to bring down eth0'''. This is the control interface, if you bring that interface down you ''' won't be able to login''' to your host. For all interfaces other than `eth0` and ` l0` (your interface names may vary) run : |
| | 107 | {{{ |
| | 108 | sudo ifconfig ethX 0 |
| | 109 | sudo ifconfig ethY 0 |
| | 110 | sudo ifconfig ethZ 0 |
| | 111 | }}} |
| | 112 | iv. Add all the data interfaces to your switch (bridge). [[BR]] |
| | 113 | [[Image(GENIExperimenter/Tutorials/Graphics:warning-icon-hi.png, 2%)]] Be careful ''' not to add interface eth0'''. This is the control interface. The other three interfaces are your data interfaces. (Use the same interfaces as you used in the previous step.) |
| | 114 | {{{ |
| | 115 | sudo ovs-vsctl add-port br0 ethX |
| | 116 | sudo ovs-vsctl add-port br0 ethY |
| | 117 | sudo ovs-vsctl add-port br0 ethZ |
| | 118 | }}} |
| | 119 | v. Trust but verify. Congratulations! You have configured your software switch. To verify the three ports configured run: |
| | 120 | {{{ |
| | 121 | sudo ovs-vsctl list-ports br0 |
| | 122 | }}} |
| | 123 | |
| | 124 | === 3b. Point your switch to a controller === |
| | 125 | {{{ |
| | 126 | #!html |
| | 127 | <table id="Table_01" border="0" cellpadding="5" cellspacing="0"> |
| | 128 | <tr> |
| | 129 | <td> <img src="http://trac.gpolab.bbn.com/gcf/raw-attachment/wiki/Graphics/4NotesIcon_512x512.png" width="40" alt="Note"> </td> |
| | 130 | <td> <i>An OpenFlow switch will not forward any packet unless instructed by a controller. Basically the forwarding table is empty, until an external controller inserts forwarding rules. The OpenFlow controller communicates with the switch over the control network and it can be anywhere in the Internet as long as it is reachable by the OVS host. </i> |
| | 131 | </td> |
| | 132 | </tr> |
| | 133 | </table> |
| | 134 | |
| | 135 | }}} |
| | 136 | |
| | 137 | i. Login to your controller |
| | 138 | ii. Find the control interface IP of your controller, use ''ifconfig'' and note down the IP address of `eth0`. |
| | 139 | iii. In order to point our software !OpenFlow switch to the controller, in the ''ovs'' terminal window, run: |
| | 140 | {{{ |
| | 141 | sudo ovs-vsctl set-controller br0 tcp:<controller_ip>:6633 |
| | 142 | }}} |
| | 143 | i. Set your switch to `fail-safe-mode`. For more info read the [#standalonevssecuremode standalone vs secure mode section]. Run: |
| | 144 | {{{ |
| | 145 | sudo ovs-vsctl set-fail-mode br0 secure |
| | 146 | }}} |
| | 147 | vi. Trust but verify. You can verify your OVS settings by issuing the following: |
| | 148 | {{{ |
| | 149 | sudo ovs-vsctl show |
| | 150 | }}} |
| | 151 | |
| | 152 | ==== 3c. `standalone` vs `secure` mode ==== |
| | 153 | |
| | 154 | ''The !OpenFlow controller is responsible for setting up all flows on the switch, which means that when the controller is not running there should be no packet switching at all. Depending on the setup of your network, such a behavior might not be desired. It might be best that when the controller is down, the switch should default back to being a learning layer 2 switch. In other circumstances however this might be undesirable. In OVS this is a tunable parameter, called `fail-safe-mode` which can be set to the following parameters:'' |
| | 155 | * `standalone` ''[default]: in this case OVS will take responsibility for forwarding the packets if the controller fails'' |
| | 156 | * `secure`: ''in this case only the controller is responsible for forwarding packets, and if the controller is down all packets are dropped. '' |
| | 157 | |
| | 158 | ''In OVS when the parameter is not set it falls back to the `standalone` mode. For the purpose of this tutorial we will set the `fail-safe-mode` to `secure`, since we want to be the ones controlling the forwarding.'' |
| | 159 | |
| | 160 | ---- |
| | 161 | = [wiki:GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight Prev: Introduction] = |
| | 162 | = [wiki:GENIExperimenter/Tutorials/OpenFlowOVS-Floodlight/Execute Next: Execute] = |
