wiki:FlowVisor

Version 9 (modified by Josh Smift, 7 years ago) (diff)

--

FlowVisor

The FlowVisor is a special purpose OpenFlow controller that acts as a transparent proxy between OpenFlow switches and multiple OpenFlow controllers.

(https://github.com/OPENNETWORKINGLAB/flowvisor/wiki has more information about FlowVisor (from the official site at ONL), including installation instructions, a FAQ with common error messages (for both experimenters and admins), etc.

Info for experimenters

The following sections are mostly of interest to GENI experimenters.

FlowVisor and ARP

FlowVisor can slice ARP traffic, but there are some caveats to be aware of. The FlowVisor FAQ has more details.

Info for admins

The following sections are mostly of interest to FlowVisor admins.

Version

The GPO currently recommends version 0.8.13 (the latest stable release) for GENI sites. There are significant changes from 0.8.1.2 to 0.8.13, and we recommend working with the GPO to help the upgrade process go smoothly. Contact us at gpo-infra@geni.net and we'll be happy to help!

NOTE that much of this page is specific to FV 0.8.13 and later.

Initial configuration

The default configuration of FlowVisor is general suitable for GENI sites.

We typically put the FlowVisor fvadmin password into /etc/flowvisor/fvpasswd, so you don't have to type it every time you run an fvctl command. Make sure that it's only readable by people who should have full admin access to FlowVisor on your system! (World-readable might be fine if only FV admins have accounts on your FV server; or you might want to make it only group-readable by a group that includes the FV admins.) The examples on the rest of this page assume that you've done that.

One easy way to generate a fairly secure password:

sudo apt-get install pwgen
test -f /etc/flowvisor/fvpasswd || sudo -u flowvisor sh -c 'pwgen -sB 24 > /etc/flowvisor/fvpasswd'
sudo apt-get remove pwgen

Upgrading

Since most of our FlowVisor instances are managed by FOAM, when we upgrade FlowVisor, we typically just test FOAM to make sure that everything still works as expected.

Useful commands

Here are some useful fvctl and fvconfig commands; run these on the system that runs the FlowVisor you want to configure, with the fvadmin password in /etc/flowvisor/fvpasswd.

NOTE that fvctl can only be run when FlowVisor is running, and fvconfig can only be run when FlowVisor is not running.

Dump the database to a JSON file

fvctl --passwd-file=/etc/flowvisor/fvpasswd dumpConfig /tmp/config.json

This creates a JSON version of the FlowVisor DB, including state (like slice and flowspace rule information) and configuration settings.

The last argument is the output file to use, and can be something other than /tmp/config.json, as long as it's writable by the 'flowvisor' user.

Load a JSON file into the DB

NOTE that fvconfig can only be run when FlowVisor is not running.

NOTE that this completely and irrevocably overwrites your existing FlowVisor database! Use with caution.

sudo -u flowvisor fvconfig load ~flowvisor/config.json

The last argument is the input file to use, and can be something other than /tmp/config.json, as long as it's readable by the 'flowvisor' user.

Change a configuration parameter

Most configuration parameters can only be changed by dumping the DB, editing the resulting JSON file, and loading the changed file into the DB, which requires you to stop and restart FlowVisor, causing an outage. https://github.com/OPENNETWORKINGLAB/flowvisor/issues/89 is tracking the task of making it possible to modify all configuration parameters via fvctl.

Meanwhile, to (for example) turn on checkpointing, you can do this sequence:

fvctl --passwd-file=/etc/flowvisor/fvpasswd dumpConfig ~flowvisor/config.json
sudo service flowvisor stop
sudo -u flowvisor sed -i -e 's/"checkpointing": false/"checkpointing": true/' ~flowvisor/config.json
sudo -u flowvisor fvconfig load ~flowvisor/config.json
sudo service flowvisor start

(We don't actually recommend that you turn on checkpointing, but if you wanted to, this is how you'd do it.)

Show the flowspace

fvctl --passwd-file=/etc/flowvisor/fvpasswd listFlowSpace

Show the slices

fvctl --passwd-file=/etc/flowvisor/fvpasswd listSlices

Get info about a slice

fvctl --passwd-file=/etc/flowvisor/fvpasswd getSliceInfo default

Replace 'default' with the slice you want info about.

Show the controller for every slice

for slice in $(fvctl --passwd-file=/etc/flowvisor/fvpasswd listSlices 2>&1 | grep Slice | grep -v fvadmin | awk '{ print $3; }') ; do echo $slice ; fvctl --passwd-file=/etc/flowvisor/fvpasswd getSliceInfo $slice | grep controller ; done

Remove all existing flowspace entries

for id in $(fvctl --passwd-file=/etc/flowvisor/fvpasswd listFlowSpace 2>&1 | sed -e 's/rule.*id=\[\([0-9]*\)\].*/\1/' | egrep ^[0-9]*$) ; do fvctl --passwd-file=/etc/flowvisor/fvpasswd removeFlowSpace $id ; done

Remove flowspace entries matching a pattern

The first of the two 'for' lines just echoes what it's going to do, the second actually does it.

fvpattern=00:0c:29:82:59:5b
for id in $(fvctl --passwd-file=/etc/flowvisor/fvpasswd listFlowSpace | egrep -i $fvpattern 2>&1 | sed -e 's/rule.*id=\[\([0-9]*\)\].*/\1/' | egrep ^[0-9]*$) ; do echo fvctl --passwd-file=/etc/flowvisor/fvpasswd removeFlowSpace $id ; done
for id in $(fvctl --passwd-file=/etc/flowvisor/fvpasswd listFlowSpace | egrep -i $fvpattern 2>&1 | sed -e 's/rule.*id=\[\([0-9]*\)\].*/\1/' | egrep ^[0-9]*$) ; do fvctl --passwd-file=/etc/flowvisor/fvpasswd removeFlowSpace $id ; done

Replace the pattern after "fvpattern=" with a regexp that you want to match.

Remove all existing slices

for slice in $(fvctl --passwd-file=/etc/flowvisor/fvpasswd listSlices 2>&1 | grep Slice | grep -v fvadmin | awk '{ print $3; }') ; do fvctl --passwd-file=/etc/flowvisor/fvpasswd deleteSlice $slice ; done

Create one slice and one flowspace rule

fvctl --passwd-file=/etc/flowvisor/fvpasswd createSlice default tcp:troy.gpolab.bbn.com:50812 jbs@bbn.com
fvctl --passwd-file=/etc/flowvisor/fvpasswd addFlowSpace all 1000 any "Slice:default=4"

You'll need to enter a password for the slice; make it something secure, but nothing ever uses it, so don't worry about recording it.