Context Navigation

← Previous Change
Wiki History
Next Change →

Execute

Timestamp:: 03/12/13 09:25:06 (11 years ago)
Author:: nriga@bbn.com
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

GENIExperimenter/Tutorials/NSDI13/OpenFlowTutorial/Execute

                       v1
+= Configure and Initialize Services: Configure your OpenFlow switch =
+Although OVS is installed and initialized on the host that is meant to act as a software switch, it has not been configured yet.
+There are two main things that need to be configured : ''create your software switch with the interfaces as ports'' and ''point the switch to an OpenFlow controller''.
+In order to configure our switch, we first need to login to the host that will be used as an OpenFlow switch.
+== Login to OVS host ==
+{{{
+#!html
+<table border="0">
+      <tr>
+        <td >
+        <img border="0" src="http://groups.geni.net/geni/attachment/wiki/GENIExperimenter/Tutorials/OpenflowOVS/Graphics/login-to-ovs.png?format=raw" alt="Login information for a VM"  height="120" title="Login information for a VM" /> </a>
+       </td>
+       <td >
+         <ol>
+           <li><FONT COLOR="black">Return to the Slice page. Press the <b>Details</b> button in the row of the slice table for <i>Utah ProtoGENI</i>.</font></li>
+           <li>Click on the ssh link. If you have installed <a target="https://addons.mozilla.org/en-us/firefox/addon/firessh/"> FireSSH </a> a new tab will open up.</li>
+           <li> In the window that will pop up :
+                <ul>
+                  <li> in the password field type in your passphrase</li>
+                  <li> in the private key, browse to the file that has your private key
+                   <li>  Press OK </li>
+                </ul>
+             </li>
+             <li> If you don't have FireSSH installed, open a new terminal window. Copy the command to the right of Login into that terminal window. </li>
+             <li> You are now logged in to the OVS host. </li>
+          </ol>
+       </td>
+    </tr>
+ </table>
+}}}
+== 1. Create the Software Switch ==
+Now that you are logged in, we need first to initialize OVS:
+   * Start the OVS database:
+      {{{
+sudo ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \
+                     --remote=db:Open_vSwitch,manager_options \
+                     --private-key=db:SSL,private_key \
+                     --certificate=db:SSL,certificate \
+                     --bootstrap-ca-cert=db:SSL,ca_cert \
+                     --pidfile --detach
+}}}
+   * Initialize OVS:
+     {{{
+sudo ovs-vsctl --no-wait init
+}}}
+     {{{
+sudo ovs-vswitchd --pidfile --detach
+}}}
+Ignore the warnings you are going to see. Now that OVS is running it is time to create our software switch. The software switch will be a bridge, in which we are going to add all the interfaces we want to be part of the switch.
+{{{
+#!html
+<table border="0">
+      <tr >
+       <td width = "500">
+         <ol>
+           <li> Create the ethernet bridge
+              <ul>
+                 <li><code> sudo ovs-vsctl add-br br0 </code></li>
+                <li> <code> sudo ovs-vsctl set bridge br0 datapath_type=netdev </code></li>
+              </ul>
+             </li><br/>
+           <li>List all the interfaces of the node
+            <ul> <li> <code>ifconfig</code> </ul></li>
+           </li> <br/>
+           <li> Be careful <b> not to bring down eth0</b>. This is your control interface, if you bring that interface down you <b> won't be able to login</b> to your host!. For all interfaces other than <code>eth0</code> and <code> l0</code>, remove the IP from the interfaces: <br/>
+              <ul><li> <code> sudo ifconfig ethX 0 </code> </li></ul>
+             </li> <br/>
+             <li> Add all the interfaces you just brought down to your switch (bridge):
+                <ul><li> <code> sudo  ovs-vsctl add-port br0 ethX </code> </li></ul>
+             </li>
+          </ol>
+       </td>
+        <td>
+        <img border="0" src="http://groups.geni.net/geni/attachment/wiki/GENIExperimenter/Tutorials/OpenflowOVS/Graphics/ovs-interfaces.png?format=raw" alt="Login information for a VM"  height="350" title="Login information for a VM" /> </a>
+       </td>
+    </tr>
+ </table>
+}}}
+Congratulations! You have configured your software switch, which three ports, let's see them. Run:
+{{{
+sudo ovs-vsctl list-ports br0
+}}}
+== 2. Point your switch to a controller ==
+An OpenFlow switch will not forward any packet, unless instructed by a controller. Basically the forwarding table is empty, until an external controller inserts forwarding rules. The OpenFlow controller communicates with the switch over the control network and it can be anywhere in the Internet as long as it is reachable by the OVS host. For the purpose of this tutorial and in order to minimize the resources we have reserved we are going to run OpenFlow controller at the same host as the OVS switch. This is '''merely''' for convenience reasons, the controller could have been anywhere on the Internet.
+In order to point our software OpenFlow switch to the controller run:
+{{{
+sudo ovs-vsctl set-controller br0 tcp:127.0.0.1:6633
+}}}
+=== `standalone` vs `secure` mode ===
+The OpenFlow controller is responsible for setting up all flows on the switch, which means that when the controller is not running there should be no packet switching at all. Depending on the setup of your network, such a behavior might not be desired. It might be best that when the controller is down, the switch should default back in being a learning layer 2 switch. In other circumstances however this might be undesirable. In OVS this is a tunable parameter, called `fail-safe-mode` which can be set to the following parameters:
+  * `standalone` [default] : in which case OVS will take responsibility for forwarding the packets if the controller fails
+  * `secure` : in which case only the controller is responsible for forwarding packets, and if the controller is down all packets are going to be dropped.
+In OVS when the parameter is not set it falls back to the `standalone` mode. For the purpose of this tutorial we will set the `fail-safe-mode` to `secure`, since we want to be the ones controlling the forwarding. Run:
+{{{
+sudo ovs-vsctl set-fail-mode br0 secure
+}}}
+= Execute Experiment =
+Now that our switch is up and running we are ready to start working on our controller. For this tutorial we are going to use the [http://www.noxrepo.org/pox/about-pox/ PoX controller].
+== Login to your hosts ==
+{{{
+#!html
+<table border="0">
+      <tr>
+        <td >
+        <img border="0" src="http://groups.geni.net/geni/attachment/wiki/GENIExperimenter/Tutorials/OpenflowOVS/Graphics/login-to-hosts.png?format=raw" alt="Login information for a VM"  width="350" title="Login information for a VM" /> </a>
+       </td>
+       <td >
+         <ol>
+           <li><FONT COLOR="black">Return to the Portal browser tab.</font></li>
+           <li>Click on the ssh link for each of your hosts.  If you have installed <a target="https://addons.mozilla.org/en-us/firefox/addon/firessh/"> FireSSH </a> a new tab will open up.</li>
+           <li> In the window that will pop up :
+                <ul>
+                  <li> in the password field type in your passphrase</li>
+                  <li> in the private key, browse to the file that has your private key
+                   <li>  Press OK </li>
+                </ul>
+             </li>
+             <li> If you don't have FireSSH installed, open a new terminal window. Copy the command to the right of Login for each of your hosts into that terminal window. </li>
+             <li> You are now logged in to the all your hosts. </li>
+          </ol>
+       </td>
+    </tr>
+ </table>
+}}}
+All of the hosts are in the `10.10.1.0/24` subnet. From `host1` try pinging `host2`:
+{{{
+ping 10.10.1.2
+}}}
+This ping should timeout, since there is no controller running.
+== Use a Learning Switch Controller ==
+We have installed the PoX controller under `/tmp/pox`. On the terminal of the OVS host run:
+{{{
+cd /tmp/pox
+}}}
+PoX comes with a set of example modules that you can use out of the box. One of the modules is a learning switch. Let's start the controller:
+{{{
+./pox.py --verbose forwarding.l2_learning
+}}}
+Go back to the terminal of `host1` and try to ping `host2` again:
+{{{
+ping 10.10.1.2
+}}}
+Now the ping should work.
+Go back to your OVS host and take a look at the print outs. You should see that your controller installed flows based on the mac addresses of your packets. Kill your controller by pressing `Ctrl-C`. Notice what will happen to your ping.
+=== Soft vs Hard Timeouts ===
+All rules on the switch have two different timeouts:
+  * '''Soft Timeout''': This determines for how long the flow will remain at the forwarding table of the switch, if there no packets received that match the specific flow. As long as packets from that flow are received the flow remains on the flow table.
+  * '''Hard Timeout''': This determines the total time that a flow will remain at the forwarding table, independent of whether packets that match the flow are received; i.e. the flow will be removed after the hard timeout expires.
+Can you tell now why there were packets flowing even after you killed your controller?
+== Run a port deflection Controller ==
+In the above example we ran a very simple controller. The power of OpenFlow comes from the fact that you can decide to forward the packet anyway you want based on the supported OpenFlow actions.
+== Run a server deflection Controller ==