| | 18 | [[PageOutline]] |
| | 19 | |
| | 20 | {{{ |
| | 21 | #!html |
| | 22 | <table border="0"> |
| | 23 | <tr > |
| | 24 | <td ><b> Overview <br></b> |
| | 25 | <i>In this tutorial we are going to use <a href="http://openvswitch.org/"> Open vSwitch (OVS) </a> as an OpenFlow switch connected to three hosts. |
| | 26 | OVS is a software switch running on a compute resource. The other three hosts can only communicate through the OVS switch. The experiment will need (the rspecs for this exercise are provided later in this section): |
| | 27 | <ul> |
| | 28 | <li>1 Xen VM with a public IP to run an OpenFlow controller</li> |
| | 29 | <li> 1 Xen VM to be the OpenFlow switch </li> |
| | 30 | <li> 3 Xen VMs as hosts</li> |
| | 31 | </ul> |
| | 32 | </i> |
| | 33 | </it> |
| | 34 | </td> |
| | 35 | <td> |
| | 36 | <img border="0" src="http://groups.geni.net/geni/attachment/wiki/GENIExperimenter/Graphics/SimpleSoftwareOVS.jpg?format=raw" alt="Experiment Topology" height="250" title="Experiment Toplogy" /> |
| | 37 | </td> |
| | 38 | </tr> |
| | 39 | </table> |
| | 40 | }}} |
| | 41 | |
| 20 | | This tutorial can use compute resources from any InstaGENI rack. Users that want to use the iMinds wall testbed please read [#iMindsTestbed here]. This tutorial cannot be run on most InstaGENI racks because it uses OpenVZ resources available. There are five InstaGENI sites that still support OpenVZ and can run this experiment: GPO IG, NYSERNet IG, Stanford IG, UCLA IG, and Utah IG. The experiment will setup the following: |
| 21 | | * 1 Xen VM with a public IP to be an !OpenFlow Ryu controller |
| 22 | | * 1 Xen VM to be the !OpenFlow switch |
| 23 | | * 3 OpenVZ containers VMs as hosts |
| | 44 | For the following two reservations you can use different aggregates and one slice (recommended) or same aggregate but two slices. We do this so that you can change your experiment topology (e.g. from software switches to hardware switches, but keep the same controller. |
| | 45 | {{{ |
| | 46 | #!html |
| | 47 | <table id="Table_01" border="0" cellpadding="5" cellspacing="0"> |
| | 48 | <tr> |
| | 49 | <td> <img src="http://trac.gpolab.bbn.com/gcf/raw-attachment/wiki/Graphics/4NotesIcon_512x512.png" width="40" alt="Note"> </td> |
| | 50 | <td> You can use compute resources from any <b>InstaGENI rack</b> and any reservation tool (Portal, jFed, Omni, etc) For a list of available InstaGENI racks see the <a href="http://groups.geni.net/geni/wiki/GENIProduction"> GENI Production Resources </a> page. |
| | 51 | </td> |
| | 52 | </tr> |
| | 53 | </table> |
| 25 | | [[Image(GENIExperimenter/Graphics:OVSOpenFlowTutorialTopology.jpg,40%)]] |
| | 55 | }}} |
| | 56 | |
| | 57 | a. '''Reserve a VM that runs your !OpenFlow controller'''. [[BR]] |
| | 58 | ''RSpec:'' URL: [http://csr.bu.edu/rina/geni/OF-Ryu/ControllerRyu.rspec] |
| | 59 | a. '''Reserve your network''', that includes a VM with OVS installed. [[BR]] |
| | 60 | ''RSpec'': In the Portal ''!OpenFlow OVS all XEN'', url: [http://www.gpolab.bbn.com/experiment-support/OpenFlowOVS/openflowovs-all-xen.rspec.xml] |
| | 61 | |
| | 62 | {{{ |
| | 63 | #!comment |
| | 64 | sudo /local/install-script-wireshark.sh |
| | 65 | |
| | 66 | http://www.gpolab.bbn.com/experiment-support/OpenFlowOVS/wireshark.tar.gz |
| | 67 | |
| | 68 | }}} |
| | 69 | |
| | 70 | {{{ |
| | 71 | #!html |
| | 72 | <table id="Table_01" border="0" cellpadding="5" cellspacing="0"> |
| | 73 | <tr> |
| | 74 | <td> <img src="http://trac.gpolab.bbn.com/gcf/raw-attachment/wiki/Graphics/4NotesIcon_512x512.png" width="40" alt="Note"> </td> |
| | 75 | <td> You will need SSH access to your nodes. If you don't know how to SSH to your reserved hosts learn <a href="http://groups.geni.net/geni/wiki/HowTo/LoginToNodes"> how to login </a></td> |
| | 76 | </tr> |
| | 77 | </table> |
| | 78 | |
| | 79 | }}} |
| | 80 | == Step 2. Configure and Initialize == |
| | 81 | '''Overview: ''' |
| | 82 | ''Although OVS is installed and initialized on the host that is meant to act as a software switch, it has not been configured yet. |
| | 83 | There are two main things that need to be configured: [[BR]] |
| | 84 | ''(1) configure your software switch with the interfaces as ports'' and [[BR]] '' (2) point the switch to an !OpenFlow controller''. '' |
| 33 | | To reserve resources use your favorite resource reservation tool (Omni, Portal, jFed): |
| 34 | | 1. In your slice that will run the !OpenFlow controller: Reserve a VM running the controller using the request RSpec [http://www.gpolab.bbn.com/exp/ryu-of/ryu-controller.rspec]. |
| 35 | | 2. In the slice that will run your hosts: Reserve the topology using the request rspec [http://www.gpolab.bbn.com/exp/ryu-of/openflowovs-xen-vz-kernel.rspec]. |
| | 89 | i. Login to the OVS host |
| | 90 | ii. Create an Ethernet bridge that will act as our software switch: |
| | 91 | {{{ |
| | 92 | sudo ovs-vsctl add-br br0 |
| | 93 | }}} |
| | 94 | iii. Prepare the interfaces to be added as ports to the OVS switch |
| | 95 | * Your OVS bridge will be a Layer 2 switch and your ports do not need IP addresses. Before we remove them let's keep some information |
| | 96 | * Run {{{ ifconfig }}} |
| | 97 | * Write down the interface names that correspond to the connections to your hosts. The correspondence is |
| | 98 | * Interface with IP ''10.10.1.11'' to host1 - ethX |
| | 99 | * Interface with IP ''10.10.1.12'' to host2 - ethY |
| | 100 | * Interface with IP ''10.10.1.13'' to host3 - ethZ |
| | 101 | * Remove the IP from your data interfaces. [[BR]] |
| | 102 | [[Image(GENIExperimenter/Tutorials/Graphics:warning-icon-hi.png, 2%)]] Be careful '''not to bring down eth0'''. This is the control interface, if you bring that interface down you ''' won't be able to login''' to your host. For all interfaces other than `eth0` and ` l0` (your interface names may vary) run : |
| | 103 | {{{ |
| | 104 | sudo ifconfig ethX 0 |
| | 105 | sudo ifconfig ethY 0 |
| | 106 | sudo ifconfig ethZ 0 |
| | 107 | }}} |
| | 108 | iv. Add all the data interfaces to your switch (bridge). [[BR]] |
| | 109 | [[Image(GENIExperimenter/Tutorials/Graphics:warning-icon-hi.png, 2%)]] Be careful ''' not to add interface eth0'''. This is the control interface. The other three interfaces are your data interfaces. (Use the same interfaces as you used in the previous step.) |
| | 110 | {{{ |
| | 111 | sudo ovs-vsctl add-port br0 ethX |
| | 112 | sudo ovs-vsctl add-port br0 ethY |
| | 113 | sudo ovs-vsctl add-port br0 ethZ |
| | 114 | }}} |
| | 115 | v. Trust but verify. Congratulations! You have configured your software switch. To verify the three ports configured run: |
| | 116 | {{{ |
| | 117 | sudo ovs-vsctl list-ports br0 |
| | 118 | }}} |
| | 131 | }}} |
| | 132 | |
| | 133 | i. Login to your controller |
| | 134 | ii. Find the control interface IP of your controller, use ''ifconfig'' and note down the IP address of `eth0`. |
| | 135 | iii. In order to point our software !OpenFlow switch to the controller, in the ''ovs'' terminal window, run: |
| | 136 | {{{ |
| | 137 | sudo ovs-vsctl set-controller br0 tcp:<controller_ip>:6633 |
| | 138 | }}} |
| | 139 | i. Set your switch to `fail-safe-mode`. For more info read the [#standalonevssecuremode standalone vs secure mode section]. Run: |
| | 140 | {{{ |
| | 141 | sudo ovs-vsctl set-fail-mode br0 secure |
| | 142 | }}} |
| | 143 | vi. Trust but verify. You can verify your OVS settings by issuing the following: |
| | 144 | {{{ |
| | 145 | sudo ovs-vsctl show |
| | 146 | }}} |
| | 147 | |
| | 148 | ==== 2c. `standalone` vs `secure` mode ==== |
| | 149 | |
| | 150 | ''The !OpenFlow controller is responsible for setting up all flows on the switch, which means that when the controller is not running there should be no packet switching at all. Depending on the setup of your network, such a behavior might not be desired. It might be best that when the controller is down, the switch should default back to being a learning layer 2 switch. In other circumstances however this might be undesirable. In OVS this is a tunable parameter, called `fail-safe-mode` which can be set to the following parameters:'' |
| | 151 | * `standalone` ''[default]: in this case OVS will take responsibility for forwarding the packets if the controller fails'' |
| | 152 | * `secure`: ''in this case only the controller is responsible for forwarding packets, and if the controller is down all packets are dropped. '' |
| | 153 | |
| | 154 | ''In OVS when the parameter is not set it falls back to the `standalone` mode. For the purpose of this tutorial we will set the `fail-safe-mode` to `secure`, since we want to be the ones controlling the forwarding.'' |
| | 155 | |
