28 | | - one window with ssh into the controller |
29 | | - one window with ssh into OVS |
30 | | - one window with ssh into s1 |
31 | | - one window with ssh into VNF1 |
32 | | - one window with ssh into VNF2 |
33 | | - one window with ssh into destination |
34 | | '''Note:''' when you need to open more windows on the same host, it may be convenient to open a new tab in the same window/terminal, e.g., by using Command + "T" on a Mac, and ssh there. |
| 31 | === 2. Configure and initialize services === |
41 | | This is a very simple example where we are going to run a learning switch control to forward traffic from s1 to VNF1.[[BR]] |
42 | | 1. First start a ping from s1 to VNF1, which should timeout, since there is no controller running.[[BR]] |
43 | | {{{ |
44 | | #!html |
45 | | <span style="background:#c0c0c0; font-size: 9pt" ><b> ping vnf1 -c 10 </b> |
46 | | </span> |
47 | | }}} |
| 37 | 1. Start a ping from s1 to VNF1 in the window of s1, which should timeout, since there is no controller running.[[BR]] |
| 38 | '''ping vnf1 -c 10''' |
| 39 | 2. Run the following command in the controller window to start the simple learning controller: |
| 40 | '''/tmp/ryu/bin/ryu-manager --verbose /tmp/ryu/ryu/app/simple_switch.py''' |
| 41 | 3. Now ping again from s1 to VNF1, the ping should work. |
55 | | }}} |
56 | | |
57 | | {{{ |
58 | | #!html |
59 | | <table id="Table_02" width = "1150" border="0" cellpadding="0" cellspacing="10" align="center" > |
60 | | <tr> |
61 | | <td> <img src = "http://csr.bu.edu/rina/grw-bu2016/tutorial_files/image022.gif"> </td> |
62 | | <td> 'l2' above uses the letter 'l' as in level and is not the number one. In addition, you should wait for the "INFO ... connected" line to ensure that the switch and the controller are communicating. </td> </tr></table> |
63 | | }}} |
64 | | The output should look like this: |
65 | | {{{ |
66 | | #!html |
67 | | <img src="http://csr.bu.edu/rina/grw-bu2016/tutorial_files/image034.gif" hspace=100> |
68 | | }}} |
69 | | 3. In the terminal of ''s1'', ping ''VNF1'': |
70 | | Now the ping should work and the output should look like this: |
71 | | {{{ |
72 | | #!html |
73 | | <img src="http://csr.bu.edu/rina/grw-bu2016/tutorial_files/image036.gif" hspace=100> |
74 | | }}} |
75 | | 4. Go to your controller host and take a look at the printouts. You should see that your controller installed flows based on the mac addresses of your packets. |
| 45 | 5. Run the following command in the OVS window to flush all the forwarding rules installed on the OVS node. |
| 46 | '''sudo ovs-ofctl del-flows br0''' |
| 47 | |
| 48 | ==== 2.2 NFV OVS controller ==== |
77 | | {{{ |
78 | | #!html |
79 | | <table id="Table_02" width = "1100" border="0" cellpadding="0" cellspacing="10" align="center"> |
80 | | <tr> |
81 | | <td> <img src = "http://csr.bu.edu/rina/grw-bu2016/tutorial_files/image026.gif"> </td> |
82 | | <td> In case the controller and OVS are not communicating, you may try changing the port of your controller, this is the command:<br> |
83 | | <b> sudo ./pox.py --verbose openflow.of_01 --port=443 forwarding.l2_learning</b> <br> |
84 | | |
85 | | Then tell the ovs switch that the controller will be listening on this new port, i.e. change 6633 to 443: <br> |
86 | | |
87 | | <span style="background:#c0c0c0; font-size: 9pt" ><b>sudo ovs-vsctl set-controller br0 tcp:<controller_ip>:443</b> </span> |
88 | | |
89 | | </td> </tr></table> |
90 | | }}} |
91 | | |
92 | | |
93 | | '''2.2 NFV OVS controller''' |
94 | | |
95 | | Now we are going to run a different controller that will install !OpenFlow rules to support NFV load balancing. In this controller, the traffic shall go from a source to destination, and duplicate packets are sent to one of the IDS nodes (VNF1 or VNF2) for Intrusion detection. The picture below shows a red line representing traffic going from source1 to destination, and the green line represents the duplicate traffic that is sent to VNF1 for intrusion detection. |
| 50 | Next we are going to run a different Ryu controller that will install !OpenFlow rules to support NFV load balancing as well as handling intrusion. With this controller, the traffic shall go from a source to destination, and duplicate packets are sent to one of the IDS nodes (VNF1 or VNF2) for intrusion detection. The picture below shows a red line representing traffic going from source1 to destination, and the green line represents the duplicate traffic that is sent to VNF1 for intrusion detection. |
108 | | {{{ |
109 | | #!html |
110 | | <span style="background:#c0c0c0; font-size: 9pt"><b>cd /tmp/pox/ext <br></b> </span> |
111 | | <span style="background:#c0c0c0; font-size: 9pt"><b>sudo chmod 777 ../ext/ <br></b> </span> |
112 | | <span style="background:#c0c0c0; font-size: 9pt"><b>sudo rm * <br></b> </span> |
113 | | <span style="background:#c0c0c0; font-size: 9pt"><b>wget http://csr.bu.edu/rina/grw-bu2016/nfv/OVS_files.tar.gz <br></b> </span> |
114 | | <span style="background:#c0c0c0; font-size: 9pt"><b>tar -xvf OVS_files.tar.gz <br></b> </span> |
115 | | }}} |
116 | | |
117 | | - Now you should have different files for the controller. Open port.config file to configure the system parameters. You can use any editor to edit the file. We will use nano here as an example. |
118 | | {{{ |
119 | | #!html |
120 | | <span style="background:#c0c0c0; font-size: 9pt" ><b> nano port.config </b> </span> |
121 | | }}} |
| 67 | 3.3. You will see the details of this configuration file as follows. Change the values of ''vnf1_interface'' and ''vnf2_interface'' to the values that you noted down in ''Section 3.3.1'' in the '''[wiki:GENIExperimenter/Tutorials/NFV/DesignSetup Design/Setup]''' section of this tutorial. These values will tell the controller which interfaces are connected to VNF1 and VNF2. |