Context Navigation

Execute

Timestamp:: 02/27/15 14:24:37 (9 years ago)
Author:: rrhain@bbn.com
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

GENIExperimenter/Tutorials/OpenFlowOVS/Execute

-                      v110
+                      v111
 = [wiki:GENIExperimenter/Tutorials/OpenFlowOVS Intro to OpenFlow using OVS] =
+= [wiki:GENIExperimenter/Tutorials/OpenFlowIntro Intro to OpenFlow Tutorial] =
 {{{
 #!html
 …
 }}}
 [[PageOutline]]
+== Step 2.  Configure and Initialize ==
+Although OVS is installed and initialized on the host that is meant to act as a software switch, it has not been configured yet.
+There are two main things that need to be configured: ''(1) configure your software switch with the interfaces as ports'' and '' (2) point the switch to an !OpenFlow controller''.
 In order to configure our switch, we first need to login to the host that will be used as an !OpenFlow switch.
+== Step 3. Execute Experiment ==
+Now that the switch is up and running we are ready to start working on the controller. For this tutorial we are going to use the [http://www.noxrepo.org/pox/about-pox/ POX controller]. The software is already installed in the controller host for running POX and can also be found [http://www.gpolab.bbn.com/experiment-support/OpenFlowOVS/of-ovs.tar.gz here].
+=== 3a. Login to your hosts ===
+To start our experiment we need to ssh all of our hosts.
 To get ready for the tutorial you will need to have the following windows open:
 …
   * one window with ssh into host3
+Depending on which tool and OS you are using there is a slightly different process for logging in. If you don't know how to SSH to your reserved hosts take a look in [wiki:HowTo/LoginToNodes this page.]
+=== 2a. Configure  the Software Switch (OVS Window) ===
+Now that you are logged in, we need first to configure OVS. To save time in this tutorial, we have already started OVS and we have added an Ethernet bridge that will act as our software switch. Try the following to show the configure bridge:
+{{{
+sudo ovs-vsctl list-br
+}}}
+You should see only on bridge `br0`. Now we need to add the interfaces to this bridge that will act as ports of our software switch.
+{{{
+#!html
+<table border="0">
+      <tr >
+       <td width = "500">
+         <ol>
+           <li>List all the interfaces of the node
+            <ul> <li> <code>ifconfig</code> </ul><br/>
+            Write down the interface names that correspond to the connections to your hosts. The correspondence is:
+            <ul>
+                <li> Interface with IP 10.10.1.11 to host1  - ethX</li>
+                <li> Interface with IP 10.10.1.12 to host2 - ethY</li>
+                <li> Interface with IP 10.10.1.13 to host3 - ethZ</li>
+           </ul></li>
+           </li> <br/>
+           <li> Be careful <b> not to bring down eth0</b>. This is your control interface, if you bring that interface down you <b> won't be able to login</b> to your host!. For all interfaces other than <code>eth0</code> and <code> l0</code>, remove the IP from the interfaces (your interface names may vary): <br/>
+                              <ul><li> <code> sudo ifconfig ethX 0 </code> </li></ul>
+                              <ul><li> <code> sudo ifconfig ethY 0 </code> </li></ul>
+                              <ul><li> <code> sudo ifconfig ethZ 0 </code> </li></ul>
+             <li> Add all the data interfaces to your switch (bridge):Be careful <b> not to add interface eth0</b>. This is your control interface. You should see three interfaces that start with VLAN, these are your data interfaces. (Use the same interfaces as you used in the previous step.)
+                <ul><li> <code> sudo  ovs-vsctl add-port br0 ethX </code> </li></ul>
+                <ul><li> <code> sudo  ovs-vsctl add-port br0 ethY </code> </li></ul>
+                <ul><li> <code> sudo  ovs-vsctl add-port br0 ethZ </code> </li></ul>
+             </li>
+          </ol>
+       </td>
+        <td>
+        <img border="0" src="http://groups.geni.net/geni/attachment/wiki/GENIExperimenter/Tutorials/OpenflowOVS/Graphics/ovs-interfaces.jpg?format=raw" alt="Login information for a VM"  height="250" title="Login information for a VM" /> </a>
+       </td>
+    </tr>
+ </table>
+}}}
+Depending on which tool and OS you are using there is a slightly different process for logging in. If you don't know how to SSH to your reserved hosts learn [wiki:HowTo/LoginToNodes how to login.] Once you have logged in follow the rest of the instructions.
+=== 3b. Use a Learning Switch Controller ===
+In this example we are going to run a very simple learning switch controller to forward traffic between `host1` and `host2`.
+Congratulations! You have configured your software switch. To verify the three ports configured run:
+{{{
+sudo ovs-vsctl list-ports br0
+}}}
+=== 2c. Point your switch to a controller ===
+In the controller window, find the control interface IP of your controller, use ifconfig and note down the IP of `eth0`.
+An !OpenFlow switch will not forward any packet, unless instructed by a controller. Basically the forwarding table is empty, until an external controller inserts forwarding rules. The !OpenFlow controller communicates with the switch over the control network and it can be anywhere in the Internet as long as it is reachable by the OVS host. For the purpose of this tutorial and in order to minimize the resources we have reserved we are going to run !OpenFlow controller at the same host as the OVS switch. This is '''merely''' for convenience reasons, the controller could have been anywhere on the Internet.
+In order to point our software !OpenFlow switch to the controller, in the ovs window, run:
+{{{
+sudo ovs-vsctl set-controller br0 tcp:<controller_ip>:6633
+}}}
+==== `standalone` vs `secure` mode ====
+The !OpenFlow controller is responsible for setting up all flows on the switch, which means that when the controller is not running there should be no packet switching at all. Depending on the setup of your network, such a behavior might not be desired. It might be best that when the controller is down, the switch should default back in being a learning layer 2 switch. In other circumstances however this might be undesirable. In OVS this is a tunable parameter, called `fail-safe-mode` which can be set to the following parameters:
+  * `standalone` [default]: in which case OVS will take responsibility for forwarding the packets if the controller fails
+  * `secure`: in which case only the controller is responsible for forwarding packets, and if the controller is down all packets are going to be dropped.
+In OVS when the parameter is not set it falls back to the `standalone` mode. For the purpose of this tutorial we will set the `fail-safe-mode` to `secure`, since we want to be the ones controlling the forwarding. Run:
+{{{
+sudo ovs-vsctl set-fail-mode br0 secure
+}}}
+You can verify your OVS settings by issuing the following:
+{{{
+sudo ovs-vsctl show
+}}}
+== Step 3. Execute Experiment ==
+Now that our switch is up and running we are ready to start working on our controller. For this tutorial we are going to use the [http://www.noxrepo.org/pox/about-pox/ POX controller]. The software is already installed in the controller host for running POX and can also be found [http://www.gpolab.bbn.com/experiment-support/OpenFlowOVS/of-ovs.tar.gz here].
+=== 3a. Login to your hosts ===
+To start our experiment we need to ssh all of our hosts. Depending on which tool and OS you are using there is a slightly different process for logging in. If you don't know how to SSH to your reserved hosts take a look in [wiki:HowTo/LoginToNodes this page.] Once you have logged in follow the rest of the instructions.
+=== 3b. Use a Learning Switch Controller ===
+In this example we going to run a very simple learning switch controller to forward traffic between host1 and host2.
+. First we are going to start a ping from  `host1` to `host2`, which should timeout, since there is no controller running.
+  {{{
+  ping host2 -c 10
+  }}}
+. We have installed the POX controller under `/tmp/pox` on the controller host. POX comes with a set of example modules that you can use out of the box. One of the modules is a learning switch.  Let's start the learning switch controller which is already available:
+  {{{
+  cd /tmp/pox
+  ./pox.py --verbose forwarding.l2_learning
+. First start a ping from  `host1` to `host2`, which should timeout, since there is no controller running.
+{{{
+ping host2 -c 10
+}}}
+. We have installed the POX controller under `/tmp/pox` on the controller host. POX comes with a set of example modules that you can use out of the box. One of the modules is a learning switch.  Start the learning switch controller which is already available by running the following two commands:
+{{{
+cd /tmp/pox
+./pox.py --verbose forwarding.l2_learning
+}}}
+The output should look like this:
+{{{
   POX 0.1.0 (betta) / Copyright 2011-2013 James McCauley, et al.
   DEBUG:core:POX 0.1.0 (betta) going up...
 …
   }}}
+   '' Note: "l2" above uses the letter `l` as in level and is not the number one. And you should wait for the '''INFO ... connected''' line to ensure that the switch and the controller are communicating.''[[BR]]
+   '' Note:  In the event that you need to move the port of your controller, this is the command - sudo ./pox.py --verbose openflow.of_01 --port=443 forwarding.l2_learning -  Do not forget to tell the ovs switch that the controller will be listening on this new port, i.e change 6633 to 443 in Step 2c.''
+. Now go to terminal of `host1` and ping `host2`:
+{{{
+#!html
+<table id="Table_01" border="0" cellpadding="5" cellspacing="0">
+    <tr>
+        <td>
+            <img src="http://trac.gpolab.bbn.com/gcf/raw-attachment/wiki/Graphics/4NotesIcon_512x512.png" width="50" height="50" alt="Note">
+               </td>
+<td>"l2" above uses the letter `l` as in level and is not the number one. And you should wait for the '''INFO ... connected''' line to ensure that the switch and the controller are communicating.
+</td>
+        </tr>
+</table>
+}}}
+{{{
+#!html
+<table id="Table_01" border="0" cellpadding="5" cellspacing="0">
+    <tr>
+        <td>
+            <img src="http://trac.gpolab.bbn.com/gcf/raw-attachment/wiki/Graphics/4NotesIcon_512x512.png" width="50" height="50" alt="Note">
+               </td>
+<td>In the event that you need to move the port of your controller, this is the command -
+<pre>
+sudo ./pox.py --verbose openflow.of_01 --port=443 forwarding.l2_learning
+</pre>
+  Do not forget to tell the ovs switch that the controller will be listening on this new port, i.e change 6633 to 443 in Step 2c.
+</td>
+        </tr>
+</table>
+}}}
+. In the terminal of `host1`, ping `host2`:
   {{{
   [experimenter@host1 ~]$ ping host2
 …
   Now the ping should work.
+. Go back to your OVS host and take a look at the print outs. You should see that your controller installed flows based on the mac addresses of your packets.
+. To see the flow table entries on your OVS switch:
+  {{{
+  sudo ovs-ofctl dump-flows br0
+. If you are using OVS, go back to your OVS host and take a look at the print outs. You should see that your controller installed flows based on the mac addresses of your packets.
+{{{
+#!html
+<table id="Table_01" border="0" cellpadding="5" cellspacing="0">
+    <tr>
+        <td>
+            <img src="http://trac.gpolab.bbn.com/gcf/raw-attachment/wiki/Graphics/4NotesIcon_512x512.png" width="50" height="50" alt="Note">
+               </td>
+<td>There is no way to get this information from the OpenFlow-capable hardware switch.
+</td>
+        </tr>
+</table>
+}}}
+. If you are using OVS, to see the flow table entries on your OVS switch:
+  {{{
+sudo ovs-ofctl dump-flows br0
   }}}
   You should see at least two table entries: One for ICMP Echo (icmp_code=8) messages from host1 to host2 and one for ICMP Echo Reply (icmp_code=0) messages from host2 to host1.  You may also see flow entries for arp packets.
 . To see messages go between your switch and your controller, open a new ssh window to your controller node and run tcpdump on the `eth0` interface and on the tcp port that your controller is listening on usually 6633:
   {{{
   sudo tcpdump -i eth0 tcp port 6633
+. To see messages go between your switch and your controller, open a new ssh window to your controller node and run tcpdump on the `eth0` interface and on the tcp port that your controller is listening on usually 6633.  (You can also run `tcpdump` on the `OVS` control interface if you desire.  However, when using the hardware switch, you can only do the `tcpdump` on your controller host.)
+  {{{
+sudo tcpdump -i eth0 tcp port 6633
   }}}
   You will see (1) periodic keepalive messages being exchanged by the switch and the controller, (2) messages from the switch to the controller (e.g. when there is a table miss) and an ICMP Echo message in, and (3) messages from the controller to the switch (e.g. to install new flow entries).
 …
 . Notice what happens to your ping on host1.
 . Check the flow table entries on your switch:
+. If you are using OVS, check the flow table entries on your switch:
    {{{
   sudo ovs-ofctl dump-flows br0
+sudo ovs-ofctl dump-flows br0
   }}}
   Since you set your switch to "secure" mode, i.e. don't forward packets if the controller fails, you will not see flow table entries.  If you see flow table entries, try again after 10 seconds to give the entries time to expire.
 …
 All rules on the switch have two different timeouts:
   * '''Soft Timeout''': This determines for how long the flow will remain at the forwarding table of the switch, if there no packets received that match the specific flow. As long as packets from that flow are received the flow remains on the flow table.
+  * '''Soft Timeout''': This determines for how long the flow will remain in the forwarding table of the switch if there are no packets received that match the specific flow. As long as packets from that flow are received the flow remains on the flow table.
   * '''Hard Timeout''': This determines the total time that a flow will remain at the forwarding table, independent of whether packets that match the flow are received; i.e. the flow will be removed after the hard timeout expires.
 …
 === Useful Tips for writing your controller ===
 In order to make this first experience of writing controller easier, we wrote some helpful functions that will abstract some of the particularities of POX away.
+In order to make this first experience of writing a controller easier, we wrote some helpful functions that will abstract some of the particularities of POX away.
 These functions are located in `/tmp/pox/ext/utils.py`, so while you write your controller consult this file for details.
 …
 }}}
 When the wireshark window pops up, you might still have to choose eth0 for a live capture.  And you will want to use a filter to cut down on the chatter in the wireshark window.   One such filter might be just seeing what shows up on port 6633, so to do that type ''tcp.port eq 6633'' in the filter window, assuming that 6633 is the port that the controller is
 listening on.   And once you have lines, you can choose one of the lines and choose "Decode as ...." and choose the OFP protocol.
+When the wireshark window pops up, you might still have to choose eth0 for a live capture.  And you will want to use a filter to cut down on the chatter in the wireshark window.   One such filter might be just seeing what shows up on port 6633. To do that type ''tcp.port eq 6633'' in the filter window, assuming that 6633 is the port that the controller is
+listening on.   And once you have lines, you can choose one of the lines and choose "Decode as ...." and choose the ''OFP protocol''.
 === 3d. Run a traffic duplication controller ===
 …
 . Use the interfaces that are connected to `host2` and  `host3`.
+    * Software Switch (OVS): If you haven't note them down you can use the manifest and the MAC address of the interfaces (ovs:if1 and ovs:if2) to figure this out.  Run tcpdump on these interfaces; one in each of the two ovs terminals you opened. This will allow you to see all traffic going out the interfaces.
+    * Hardware Switch:   Refer to this Section to figure out ports: [http://groups.geni.net/geni/wiki/GENIExperimenter/Tutorials/OpenFlowOVS/Appendix#Usefultips UsefulTips].  If you are using a hardware switch, you may not see the traffic on host3, but if you observe your controller output, you will notice that flows are being installed for forwarding to host2 and host3.[[BR]]
+   To see that duplication is happening, on host3, run:
+  {{{
+  sudo tcpdump -i <data_interface_name>
+    * Software Switch (OVS): If you have not noted them down you can use the manifest and the MAC address of the interfaces (ovs:if1 and ovs:if2) to figure this out. But you should have noted down the interfaces in Section 2 when you were configuring the software switch. Run tcpdump on these interfaces; one in each of the two ovs terminals you opened. This will allow you to see all traffic going out the interfaces.
+    * Hardware Switch:   Refer to this Section to figure out ports: [http://groups.geni.net/geni/wiki/GENIExperimenter/Tutorials/OpenFlowHW/DesignSetup#a2a.ConfiguretheControllerfortheHardwareSwitch:UsefulTips UsefulTips].  If you are using a hardware switch, you may not see the traffic on host3, but if you observe your controller output, you will notice that flows are being installed for forwarding to host2 and host3.[[BR]]
+  To see that duplication is happening, on host3, run:
+  {{{
+sudo tcpdump -i <data_interface_name>
   }}}
   You should see ICMP echo and ICMP reply lines from host1 to host2 showing up in the host3 tcpdump window.
 . In the controller host directory `/tmp/pox/ext` you would see two files:
        i. myDuplicateTraffic.py : this is the file that has instructions about how to complete the missing information, go ahead and try to implement your first controller.
        ii. !DuplicateTraffic.py : this has the actual solution you can just run this if you don't want to bother with writing a controller.
+. In the controller host directory `/tmp/pox/ext` you should see two files:
+       i. myDuplicateTraffic.py : This is the file that has instructions about how to complete the missing information. Go ahead and try to implement your first controller.
+       ii. !DuplicateTraffic.py : This has the actual solution. You can just run this if you don't want to bother with writing a controller.
 . Run your newly written controller on the <data_interface_name> that corresponds to ''OVS:if2'' (which is connected to `host3`):
   {{{
   cd /tmp/pox
   ./pox.py --verbose myDuplicateTraffic --duplicate_port=<data_interface_name>
+cd /tmp/pox
+./pox.py --verbose myDuplicateTraffic --duplicate_port=<data_interface_name>
   }}}
 . To test it go to the terminal of host1 and try to ping host2:
   {{{
   ping 10.10.1.2
+ping 10.10.1.2
   }}}
   If your controller is working, your packets will register in both terminals running tcpdump.
 …
 . To test your controller we are going to use netcat. Go to the two terminals of host2. In one terminal run:
   {{{
   nc -l 5000
+nc -l 5000
   }}}
   and in the other terminal run
   {{{
   nc -l 6000
+nc -l 6000
   }}}
 . Now, start the simple layer 2 forwarding controller. We are doing this to see what happens with a simple controller.
   {{{
   cd /tmp/pox
   ./pox.py --verbose forwarding.l2_learning
+cd /tmp/pox
+./pox.py --verbose forwarding.l2_learning
   }}}
 . Go to the terminal of host1 and connect to host2 at port 5000:
   {{{
   nc 10.10.1.2 5000
+nc 10.10.1.2 5000
   }}}
 …
 . And start your port forwarding controller:
   {{{
   ./pox.py --verbose myPortForwarding
+./pox.py --verbose myPortForwarding
   }}}
 …
 === 3e. Run a Server Proxy Controller ===
 As our last exercise, instead of diverging the traffic to a different server running on the same host, we will diverge the traffic to a server running on a different host and on a different port.
+As our last exercise, instead of diverting the traffic to a different server running on the same host, we will divert the traffic to a server running on a different host and on a different port.
 . Under the `/tmp/pox/ext/` directory there are two files Proxy.py and myProxy.py that are similar like the previous exercise. Both of these controllers are configured by the configuration file `proxy.config`. Use myProxy.py to write your own proxy controller.
 …
 . On the terminal of `host3` run a netcat server:
   {{{
   nc -l 7000
   }}}
 . On your controller host, open the /tmp/pox/ext/myProxy.py file, and edit it to implement a controller that will diverge traffic destined for `host2` to `host3`. Before you start implementing think about what are the side effects of diverging traffic to a different host.
+nc -l 7000
+  }}}
+. On your controller host, open the /tmp/pox/ext/myProxy.py file, and edit it to implement a controller that will divert traffic destined for `host2` to `host3`. Before you start implementing think about what are the side effects of diverting traffic to a different host.
      * Is it enough to just change the IP address?
      * Is it enough to just modify the TCP packets?
 …
 . To test your proxy controller run:
   {{{
   cd /tmp/pox
   ./pox.py --verbose myProxy
+cd /tmp/pox
+./pox.py --verbose myProxy
   }}}
 …
 . Go back to the terminal of `host1` and try to connect netcat to `host2` port 5000
   {{{
   nc 10.10.1.2 5000
+nc 10.10.1.2 5000
   }}}
 …
 To try your controller with a GENI Hardware !OpenFlow switch:
        * Delete resources in your slice with the compute resources.  '''Do not''' delete resources in your slice with the controller.
        * Follow the instructions at [wiki:GENIExperimenter/Tutorials/OpenFlowOVS/Appendix]
 If you do not want to do the Hardware !OpenFlow portion of the tutorial, proceed to [wiki:GENIExperimenter/Tutorials/OpenFlowOVS/Finish]
+       * Follow the instructions at [wiki:GENIExperimenter/Tutorials/OpenFlowHW/DesignSetup]
+If you do not want to do the Hardware !OpenFlow portion of the tutorial, proceed to [wiki:GENIExperimenter/Tutorials/OpenFlowShared/Finish]
 ----
+= [wiki:GENIExperimenter/Tutorials/OpenFlowOVS Introduction] =
+= [wiki:GENIExperimenter/Tutorials/OpenFlowOVS/Finish Next:  Finish] =
+= [wiki:GENIExperimenter/Tutorials/OpenFlowSW/DesignSetup Design and Setup for OVS] =
+= [wiki:GENIExperimenter/Tutorials/OpenFlowHW/DesignSetup Design and Setup for Hardware Switch] =
+= [wiki:GENIExperimenter/Tutorials/OpenFlowShared/Finish Next:  Finish] =