Changes between Version 7 and Version 8 of OpenFlow/SDNInstaGENI


Ignore:
Timestamp:
06/23/16 16:02:09 (8 years ago)
Author:
hdempsey@bbn.com
Comment:

minor edits and additions

Legend:

Unmodified
Added
Removed
Modified

  • OpenFlow/SDNInstaGENI

    v7 v8  
    11----
    2 = Overview =
    3 At InstaGENI racks, FOAM was the aggregate manager used with FlowVisor (FV) to allow experimenters to reserve SDN resources at a rack. A single OpenFlow VLAN instance was manually provisioned at the racks and FV allowed "slicing" of this instance via IP subnets. Hence, each researcher was allocated an IP subnet (a priori) to conduct SDN experiments. FOAM and FV were also used at the GENI Mesoscale network to facilitate network programmability at the GENI core. However, FV is not actively maintained. Furthermore, with the transition from the Mesoscale to the AL2S core network as the new GENI core network and also with the advent of the "OpenFlow over Stitching" service, FV and FOAM are no longer necessary.
     2= Background =
     3
     4In the original GENI deployments, InstaGENI racks supported FOAM and FlowVisor software to help manage hardware OpenFlow resources, along with the InstaGENI control software.  The FOAM aggregate manager was used with FlowVisor (FV) to allow experimenters to reserve SDN resources at a rack. A single OpenFlow VLAN instance was manually provisioned at the racks and FV allowed "slicing" of this instance via IP subnets. Hence, each researcher was allocated an IP subnet (a priori) to conduct SDN experiments. FOAM and FV were also used in the GENI Mesoscale network to facilitate network programmability in the GENI core. With the advent of GENI's "OpenFlow over Stitching" service, we are phasing out FOAM and FV, which are no longer actively supported.
     5
     6(See the [wiki:GENIExperimenter Experimenter Support] wiki pages for information about software-only SDNs, which do not use hardware OpenFlow switch resources.)
    47
    58= Updated SDN Operation at InstaGENI Racks =
    6 As shown in the figure below, the FOAM and FV VMs have been replaced with a new light-weight "sdn" VM.
     9As shown in the figure below, the FOAM and FV VMs have been replaced with a new lightweight "SDN" VM.
    710
    811[[Image(geniSDNUpdate-v1.jpg)]]
    912
    10 == How are SDN resources provisioned? ==
     13== How are hardware SDN resources provisioned? ==
    1114
    12  * GENI experimenters will add the following to the regular stitching rspec:
     15 * GENI experimenters add the following line to the regular stitching rspec that they submit to GENI aggregates:
    1316{{{
    1417<emulab:openflow_controller url="tcp:<IP Address for controller>:<Port for controller>" />
    1518}}}
    1619
    17 This simply defines the information for the experimenter's controller which can reside within a campus, on a GENI rack, or on the public Internet. See the attached file "stitch-ig-uky-ig-nyse-of.rspec" for a complete example of an rspec.
    18  * When the "boss" VM receives this "OpenFlow over Stitching" request, the InstaGENI software stack creates an OpenFlow VLAN "slice" (or instance) at the data plane switch of the rack. The VLAN used corresponds to one of the "stitching" VLANs defined for this rack, and the associated IP address is that which was specified in the experimenter's rspec.
    19  * The new instance leverages the management configuration of the data plane switch to initiate a connection via the "sdn" VM to the experimenter's controller.
    20  * When the connection has been established, the "sdn" VM continues to forward SDN traffic between the experimenter's instance at the data plane switch and the controller.
     20This defines necessary information about the experimenter's controller, which can be located at a GENI location or on the public Internet. See the attached file "stitch-ig-uky-ig-nyse-of.rspec" for a complete example of an OpenFlow rspec.
     21 * When the "boss" VM in the InstaGENI rack receives this "OpenFlow over Stitching" request, the InstaGENI software stack creates an OpenFlow VLAN "slice" (or instance) at the data plane switch in the rack. The VLAN used corresponds to one of the "stitching" VLANs defined for this rack, and the associated control plane IP address of the OpenFlow instance is that which was specified in the experimenter's rspec.
     22 * The new OpenFlow instance leverages the management interface configuration of the data plane switch to initiate a connection via the "SDN" VM to the experimenter's controller.
     23 * When the connection has been established, the "SDN" VM continues to forward SDN control traffic between the experimenter's instance at the data plane switch and the experimenter's controller.
     24 *  The experimenter must not change the VLAN ID in their traffic during their experiment.
     25 *  By default, stiched OpenFlow connections connect only two locations.  Please contact help@geni.net for other desired configurations.
    2126
    2227== What administrative tasks are required of the site admin ==
    23 Compared to the [http://groups.geni.net/geni/wiki/OpenFlow/FOAM previous requirements], '''none''' are required in this new paradigm.  The new "VLAN" model:
     28Compared to the [http://groups.geni.net/geni/wiki/OpenFlow/FOAM previous requirements], '''none''' are required.  The new "VLAN" model:
    2429
    25  * removes any possibility for subnet overlapping which exists with the current FOAM/FV model
    26  * removes the need for site contacts to administer FOAM and FlowVisor
     30 * removes any possibility of subnets overlapping, which existed with FOAM/FV
     31 * removes the need for site contacts to administer FOAM and FlowVisor manually (site contacts preferred automated approvals)
    2732
    28 == How can we track the users of GENI SDN resources? ==
    29 Mechanisms inherent in the [https://portal.geni.net/ GENI account creation and approval process] and the [http://genimon.uky.edu/ GENI monitoring interface] provide the ability to determine the identity of experimenters who own GENI resources. These can be used to determine the source of security issues when GENI resources are misused unintentionally or intentionally.
     33== How do we track the users of GENI SDN resources? ==
     34Mechanisms inherent in the [https://portal.geni.net/ GENI account creation and approval process] and the [http://genimon.uky.edu/ GENI monitoring interface] provide the ability to determine the identity of experimenters who own GENI resources in SDN experiments. These can be used to track traffic by owner, if necessary, as requested by an experimenter, site contact or operations staff.  Please contact the [http://globalnoc.iu.edu/gmoc/index/support.html GMOC] to report any suspected issues with GENI traffic or resources.
    3035
    31