[[PageOutline]] = !FlowVisor = The !FlowVisor is a special purpose OpenFlow controller that acts as a transparent proxy between OpenFlow switches and multiple OpenFlow controllers. (https://github.com/OPENNETWORKINGLAB/flowvisor/wiki has more information about !FlowVisor (from the official site at ONL), including [https://github.com/OPENNETWORKINGLAB/flowvisor/wiki/Installation-from-Binary installation instructions], [https://github.com/OPENNETWORKINGLAB/flowvisor/wiki/FAQ a FAQ] with common error messages (for both experimenters and admins), etc. = Info for experimenters = The following sections are mostly of interest to GENI experimenters. == !FlowVisor and ARP == !FlowVisor can slice ARP traffic, but there are some caveats to be aware of. The [https://github.com/OPENNETWORKINGLAB/flowvisor/wiki/FAQ FlowVisor FAQ] has more details. = Info for admins = The following sections are mostly of interest to !FlowVisor admins. == Version == The GPO currently recommends version 0.8.17 (the latest stable release) for GENI sites. There are significant changes from 0.8.1.2 to 0.8.17, and we recommend working with the GPO to help the upgrade process go smoothly. Contact us at gpo-infra@geni.net and we'll be happy to help! NOTE that much of this page is specific to FV 0.8.13 and later. == Initial configuration == The default configuration of !FlowVisor is general suitable for GENI sites. We typically put the !FlowVisor fvadmin password into /etc/flowvisor.passwd, so you don't have to type it every time you run an fvctl command. Make sure that it's only readable by people who should have full admin access to !FlowVisor on your system! (World-readable might be fine if only FV admins have accounts on your FV server; or you might want to make it only group-readable by a group that includes the FV admins.) The examples on the rest of this page assume that you've done that. One easy way to generate a fairly secure password: {{{ sudo apt-get install pwgen test -f /etc/flowvisor.passwd || sudo -u flowvisor sh -c 'pwgen -sB 24 > /etc/flowvisor.passwd' sudo apt-get remove pwgen }}} == Upgrading == Since most of our !FlowVisor instances are managed by FOAM, when we upgrade !FlowVisor, we typically just test FOAM to make sure that everything still works as expected. == Useful commands == Here are some useful fvctl and fvconfig commands; run these on the system that runs the !FlowVisor you want to configure, with the fvadmin password in /etc/flowvisor.passwd. NOTE that fvctl can only be run when !FlowVisor is '''running''', and fvconfig can only be run when !FlowVisor is '''not running'''. === Dump the database to a JSON file === {{{ fvctl --passwd-file=/etc/flowvisor.passwd dumpConfig /tmp/config.json }}} This creates a JSON version of the !FlowVisor DB, including state (like slice and flowspace rule information) and configuration settings. The last argument is the output file to use, and can be something other than /tmp/config.json, as long as it's writable by the 'flowvisor' user. === Load a JSON file into the DB === NOTE that fvconfig can only be run when !FlowVisor is '''not running'''. NOTE that this completely and irrevocably overwrites your existing !FlowVisor database! Use with caution. {{{ sudo -u flowvisor fvconfig load ~flowvisor/config.json }}} The last argument is the input file to use, and can be something other than /tmp/config.json, as long as it's readable by the 'flowvisor' user. === Change a configuration parameter === Most configuration parameters can only be changed by dumping the DB, editing the resulting JSON file, and loading the changed file into the DB, which requires you to stop and restart !FlowVisor, causing an outage. https://github.com/OPENNETWORKINGLAB/flowvisor/issues/89 is tracking the task of making it possible to modify all configuration parameters via fvctl. Meanwhile, to (for example) turn on checkpointing, you can do this sequence: {{{ fvctl --passwd-file=/etc/flowvisor.passwd dumpConfig ~flowvisor/config.json sudo service flowvisor stop sudo -u flowvisor sed -i -e 's/"checkpointing": false/"checkpointing": true/' ~flowvisor/config.json sudo -u flowvisor fvconfig load ~flowvisor/config.json sudo service flowvisor start }}} (We don't actually recommend that you turn on checkpointing, but if you wanted to, this is how you'd do it.) === Show the flowspace === {{{ fvctl --passwd-file=/etc/flowvisor.passwd listFlowSpace }}} === Show the slices === {{{ fvctl --passwd-file=/etc/flowvisor.passwd listSlices }}} === Get info about a slice === {{{ fvctl --passwd-file=/etc/flowvisor.passwd getSliceInfo default }}} Replace 'default' with the slice you want info about. === Show the controller for every slice === {{{ for slice in $(fvctl --passwd-file=/etc/flowvisor.passwd listSlices 2>&1 | grep Slice | grep -v fvadmin | awk '{ print $3; }') ; do echo $slice ; fvctl --passwd-file=/etc/flowvisor.passwd getSliceInfo $slice | grep controller ; done }}} === Remove all existing flowspace entries === {{{ for id in $(fvctl --passwd-file=/etc/flowvisor.passwd listFlowSpace 2>&1 | sed -e 's/rule.*id=\[\([0-9]*\)\].*/\1/' | egrep ^[0-9]*$) ; do fvctl --passwd-file=/etc/flowvisor.passwd removeFlowSpace $id ; done }}} === Remove flowspace entries matching a pattern === The first of the two 'for' lines just echoes what it's going to do, the second actually does it. {{{ fvpattern=00:0c:29:82:59:5b for id in $(fvctl --passwd-file=/etc/flowvisor.passwd listFlowSpace | egrep -i $fvpattern 2>&1 | sed -e 's/rule.*id=\[\([0-9]*\)\].*/\1/' | egrep ^[0-9]*$) ; do echo fvctl --passwd-file=/etc/flowvisor.passwd removeFlowSpace $id ; done for id in $(fvctl --passwd-file=/etc/flowvisor.passwd listFlowSpace | egrep -i $fvpattern 2>&1 | sed -e 's/rule.*id=\[\([0-9]*\)\].*/\1/' | egrep ^[0-9]*$) ; do fvctl --passwd-file=/etc/flowvisor.passwd removeFlowSpace $id ; done }}} Replace the pattern after "fvpattern=" with a regexp that you want to match. === Remove all existing slices === {{{ for slice in $(fvctl --passwd-file=/etc/flowvisor.passwd listSlices 2>&1 | grep Slice | grep -v fvadmin | awk '{ print $3; }') ; do fvctl --passwd-file=/etc/flowvisor.passwd deleteSlice $slice ; done }}} === Create one slice and one flowspace rule === {{{ fvctl --passwd-file=/etc/flowvisor.passwd createSlice default tcp:troy.gpolab.bbn.com:50812 jbs@bbn.com fvctl --passwd-file=/etc/flowvisor.passwd addFlowSpace all 1000 any "Slice:default=4" }}} You'll need to enter a password for the slice; make it something secure, but nothing ever uses it, so don't worry about recording it.