Context Navigation

IG-MON-2

Timestamp:: 03/05/13 16:17:00 (11 years ago)
Author:: lnevers@bbn.com
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

GENIRacksHome/InstageniRacks/AcceptanceTestStatus/IG-MON-2

-                      v9
+                      v10
 || '''Step''' || '''State'''           ||  '''Tickets''' || '''Notes'''                        ||
 || 1          || [[Color(green,Pass)]] ||                ||                                                                 ||
 || 2          ||                       ||                || ready to test now that !OpenFlow and shared VLANs are available ||
 || 3          ||                       ||                || ready to test now that FOAM is available                        ||
 || 4          ||                       ||                || ready to test now that FOAM is available                        ||
+|| 1          || [[Color(green,Pass)]] ||                ||                                    ||
+|| 2          || [[Color(green,Pass)]] ||                ||                                    ||
+|| 3          ||                       ||                ||                                    ||
+|| 4          ||                       ||                ||                                    ||
 [[BR]]
 …
 == Step 2: determine rack VLAN configuration ==
+'''Using:'''
+ * On boss and ops, use available data sources to determine how many VLANs on the experimental switch are available for experimenters to use
+ * For each available experimental VLAN, determine whether it is available for exclusive OpenFlow control
+ * Determine what bound VLANs are available for use
+'''Verify:'''
+ * The site administrator can determine how many unbound VLANs are available for use
+ * The site administrator can determine which VLANs InstaGENI is able to configure for OpenFlow use
+ * The site administrator can determine what bound VLANs are available for use
+=== Results of testing step 2: 2012-05-28 ===
+ * On boss, use the database to find out the set of VLANs which can be used for dedicated experiments:
+{{{
+boss,[~],12:19(0)$ mysql tbdb
+mysql> select stack_id,min_vlan,max_vlan,leader from switch_stack_types;
++------------+----------+----------+-----------+
+| stack_id   | min_vlan | max_vlan | leader    |
++------------+----------+----------+-----------+
+| Control    |      128 |      256 | procurve1 |
+| Experiment |      257 |      999 | procurve2 |
++------------+----------+----------+-----------+
+rows in set (0.00 sec)
+}}}
+ * I am confused by this, because, looking at procurve1:
+{{{
+ProCurve Switch 2610-24# show vlans
+...
+Determine all VLANs available to experimenters. For each available VLAN, determine whether it is available for exclusive OpenFlow control. This step verifies that the site administrator can determine how many VLANs are available for use and which are for OpenFlow only.
+{{{
+$ omni.py listresources -a ig-gpo -o
+}}}
+The output file show the following !OpenFlow VLANs:
+{{{
+  <rspec_shared_vlan xmlns="http://www.geni.net/resources/rspec/ext/shared-vlan/1">
+      <available name="mesoscale-openflow"/>
+      <available name="exclusive-openflow-1755"/>
+      <available name="exclusive-openflow-1756"/>
+      <available name="exclusive-openflow-1757"/>
+      <available name="exclusive-openflow-1758"/>
+      <available name="exclusive-openflow-1759"/>
+      <available name="L2-ping-tutorial"/>
+  </rspec_shared_vlan>
+}}}
+The following VLAN are available on the switch "procurve2" (dataplane switch) for stitching use:
+{{{
+      <node id="urn:publicid:IDN+instageni.gpolab.bbn.com+node+procurve2">
+                            <vlanRangeAvailability>                    3747-3749                  </vlanRangeAvailability>
+                            <vlanTranslation>                    false                  </vlanTranslation>
+      <node id="urn:publicid:IDN+instageni.gpolab.bbn.com+node+procurve2">
+                            <vlanRangeAvailability>                    2644-2649                  </vlanRangeAvailability>
+                            <vlanTranslation>                    false                  </vlanTranslation>
+}}}
+Additional information can be determined by logging into the dataplane switch and showing VLAN information:
+{{{
+$ ssh boss.instageni.gpolab.com
+[lnevers@boss ~]$ sudo more /usr/testbed/etc/switch.pswd
+XXXXX
+[lnevers@boss ~]$ ssh manager@procurve2
+manager@procurve2's password:
+HP-E5406zl# show vlans
+ Status and Counters - VLAN Information
+  Maximum VLANs to support : 256
+  Primary VLAN : DEFAULT_VLAN
+  Management VLAN : control-hardware
   VLAN ID Name                             | Status     Voice Jumbo
   ------- -------------------------------- + ---------- ----- -----
        DEFAULT_VLAN                     | Port-based No    No
+     _42                              | Port-based No    No
+     _44                              | Port-based No    No
+}}}
+ Why are VLANs in the experimental range on the control switch?  Incidentally, the mac-address table doesn't show any VLANs in that range, but i am confused by this.
+ * I went ahead and created a sliver containing two virtual nodes and a virtual LAN:
+{{{
+omni -a http://www.utah.geniracks.net/protogeni/xmlrpc/am createsliver ecgtest2 ~/omni/rspecs/request/rack-testing/acceptance-tests/IG-MON-nodes-C.rspec
+}}}
+ * That did not generate any additional VLANs on the control switch.  I can't experiment with a physical node because there aren't any free right now.
+Anyway, i also can't look into !OpenFlow options because that's not implemented yet.
+I have an open question on the list about bound VLANs, and i'm blocked on that to look into bound VLANs.
+      control-hardware                 | Port-based No    No
+     _8                               | Port-based No    No
+    _11                              | Port-based No    No
+    _347                             | Port-based No    No
+    _348                             | Port-based No    No
+    _349                             | Port-based No    No
+    _350                             | Port-based No    No
+    _351                             | Port-based No    No
+    _222                             | Port-based No    No
+    _481                             | Port-based No    No
+HP-E5406zl# show vlans 1750
+ Status and Counters - VLAN Information - VLAN 1750
+  VLAN ID : 1750
+  Name : _11
+  Status : Port-based
+  Voice : No
+  Jumbo : No
+  Port Information Mode     Unknown VLAN Status
+  ---------------- -------- ------------ ----------
+  E1               Tagged   Learn        Up
+  E4               Tagged   Learn        Up
+  E5               Tagged   Learn        Up
+  E23              Tagged   Learn        Up
+  E24              Tagged   Learn        Up
+}}}
+The overall configuration can also be shown on the switch to determine configured VLAN information as well as details for the !OpenFlow VLANs:
+{{{
+HP-E5406zl# show running-config
+<...>
+vlan 1
+   name "DEFAULT_VLAN"
+   forbid E3,E6
+   untagged A1-A24,E7-E19,E21-E22
+   no untagged E1-E6,E20,E23-E24
+   no ip address
+   exit
+vlan 10
+   name "control-hardware"
+   untagged E20
+   ip address 10.2.1.253 255.255.255.0
+   ip address 10.3.1.253 255.255.255.0
+   exit
+vlan 1750
+   name "_11"
+   tagged E1,E4-E5,E23-E24
+   no ip address
+   exit
+vlan 3705
+   name "_222"
+   tagged E23-E24
+   no ip address
+vlan 1755
+   name "_347"
+   tagged E23-E24
+   no ip address
+   exit
+vlan 1756
+   name "_348"
+   tagged E23-E24
+   no ip address
+   exit
+vlan 1757
+   name "_349"
+   tagged E23-E24
+   no ip address
+   exit
+vlan 1758
+   name "_350"
+   tagged E23-E24
+   no ip address
+   exit
+vlan 1759
+   name "_351"
+   tagged E23-E24
+   no ip address
+   exit
+vlan 257
+   name "_8"
+   untagged E3,E6
+   tagged E1-E2,E4-E5
+   no ip address
+   exit
+vlan 3742
+   name "_481"
+   tagged E1,E4,E24
+   no ip address
+   exit
+<...>
+openflow
+   vlan 1750
+      enable
+      controller "tcp:10.3.1.7:6633" fail-secure on
+      exit
+   vlan 1755
+      enable
+      controller "tcp:10.3.1.7:6633"
+      exit
+   vlan 1756
+      enable
+      controller "tcp:10.3.1.7:6633"
+      exit
+   vlan 1757
+      enable
+      controller "tcp:10.3.1.7:6633"
+      exit
+   vlan 1758
+      enable
+      controller "tcp:10.3.1.7:6633"
+      exit
+   vlan 1759
+      enable
+      controller "tcp:10.3.1.7:6633"
+      exit
+   exit
+}}}
+ * On boss, use the database to find out the set of VLANs which can be used for dedicated experiments:
+{{{
 == Step 3: determine which GENI SAs are trusted by InstaGENI AM ==
+'''Using:'''
+This step verified that an experimenter can use the trusted SAs and that the site administrator can determine the full set of trusted GENI Slice Authorities:
+Use Omni tools with pgeni.gpolab.bbn.com credentials to query the GPO rack. The omni_config is defined as follows:
+{{{
+[omni]
+default_cf = pg
+users = lnevers
+# ---------- Users ----------
+[lnevers]
+urn = urn:publicid:IDN+pgeni.gpolab.bbn.com+user+lnevers
+keys = /home/lnevers/.ssh/id_rsa.pub
+# ---------- Frameworks ----------
+[pg]
+type = pg
+ch = https://www.emulab.net:12369/protogeni/xmlrpc/ch
+sa = https://www.pgeni.gpolab.bbn.com:443/protogeni/xmlrpc/sa
+cert = /home/lnevers/.ssl/pgeni/encrypted-cleartext.pem
+key = /home/lnevers/.ssl/pgeni/encrypted-cleartext.pem
+}}}
+Create a slice and a sliver at the GPO InstaGENI:
+{{{
+$ omni.py createslice ln-pgeni-cred
+$ omni.py createsliver  ln-pgeni-cred -a ig-gpo  ./insta-gpo-1vm.rspec
+<...>
+INFO:omni:Slice urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+ln-pgeni-cred expires on 2013-03-06 21:58:49 UTC
+<..>
+}}}
+The Slice urn shows the pgeni.gpolab.bbn.com SA was used to reserve resources within the rack. Before proceeding delete the sliver:
+{{{
+$ omni.py deletesliver  ln-pgeni-cred -a ig-gpo
+}}}
+To verify support for PG Utah SA, modify the omni_config to use emulab as a default framwork and selcte the urn for the emulab account:
+{{{
+[omni]
+default_cf = emulab
+users = lnevers
+# ---------- Users ----------
+[lnevers]
+urn = urn:publicid:IDN+emulab.net+user+lnevers
+keys = /home/lnevers/.ssh/id_rsa.pub
+# ---------- Frameworks ----------
+[emulab]
+type = pg
+ch = https://www.emulab.net:12369/protogeni/xmlrpc/ch
+sa = https://www.emulab.net:12369/protogeni/xmlrpc/sa
+cert = ~/.ssl/protogeni/encrypted-cleartext.pem
+key = ~/.ssl/protogeni/encrypted-cleartext.pem
+verbose=false
+}}}
+Create a new slice with the PG Utah SA credentials and sliver:
+{{{
+$ omni.py createslice ln-pgutah-cred
+$ omni.py createsliver ln-pgutah-cred -a ig-gpo ./insta-gpo-1vm.rspec
+<...>
+INFO:omni:Slice urn:publicid:IDN+emulab.net+slice+ln-pgutah-cred expires within 1 day on 2013-03-06 03:06:59 UTC
+<...>
+}}}
+The Slice urn shows the emulab.net SA was used to reserve resources within the rack.
+TO BE DONE:
+Show
  * On boss, use available system data sources and/or AM administrative interfaces to determine which GENI slice authorities the InstaGENI AM trusts.
  * On foam, use available system data sources and/or AM administrative interfaces to determine which GENI slice authorities the FOAM AM trusts.
+ * Use the GENI AM API to verify that the BBN and Utah InstaGENI AMs trust the pgeni.gpolab.bbn.com SA.
+ * Use the GENI AM API to verify that the BBN and Utah FOAM AMs trusts the pgeni.gpolab.bbn.com SA.
+'''Verify:'''
+ * The site administrator can determine the full set of trusted GENI slice authorities on the local rack.
+ * An experimenter can verify that the four AMs to be used in the test trust the pgeni.gpolab.bbn.com SA.
 == Step 4: determine rack !OpenFlow state ==