Changes between Version 41 and Version 42 of GENIExperimenter/Tutorials/OpenFlowOVS/DesignSetup

Timestamp:

02/27/15 14:23:19 (9 years ago)

Author:

rrhain@bbn.com

Comment:

--

GENIExperimenter/Tutorials/OpenFlowOVS/DesignSetup

@@ -1 @@
-= [http://groups.geni.net/geni/wiki/GENIExperimenter/Tutorials/OpenFlowOVS Intro to OpenFlow using OVS] =
+= [wiki:GENIExperimenter/Tutorials/OpenFlowIntro Intro to OpenFlow Tutorial (OVS)] =
 {{{
 #!html
@@ -16 +16 @@
 }}}
 
+[[PageOutline]]
+
 == Step 1.  Obtain resources ==
 
-This tutorial can use compute resources from any InstaGENI rack. Users that want to use the iMinds wall testbed please read [#iMindsTestbed here]. This tutorial cannot be run on the Utah DDC rack because it does not have OpenVZ resources available.   For a list of available InstaGENI racks see the [wiki:GENIProduction GENI Production Resources] page.  The experiment will need:
-  * 1 Xen VM with a public IP to be an OpenFlow controller
+This tutorial can use compute resources from any InstaGENI rack. For a list of available InstaGENI racks see the [wiki:GENIProduction GENI Production Resources] page. If doing this outside a tutorial, use ''Utah DDC InstaGENI''.  The experiment will need:
+  * 1 Xen VM with a public IP to run an OpenFlow controller
   * 1 Xen VM to be the !OpenFlow switch
   * 3 Xen VMs as hosts
 
-[[Image(GENIExperimenter/Graphics:OVSOpenFlowTutorialTopology.jpg,40%)]]
+[[Image(GENIExperimenter/Graphics:SimpleSoftwareOVS.jpg,40%)]]
 
+In this tutorial we are going to use [http://openvswitch.org/ Open vSwitch (OVS)] as an !OpenFlow switch connected to three hosts. 
+OVS is a software switch running on a compute resource. The other three hosts can only communicate through the OVS switch. 
 
 If you are attending a Tutorial, the resources might have been reserved for you, check with your instructor and skip this step.
 You can use any reservation tool you want to reserve this topology. We will need two slices for this tutorial:
      * A slice with a single VM that runs your !OpenFlow controller
-     * An slice the reserves your compute resources including a VM with OVS installed.
+     * A slice with your compute resources including a VM with OVS installed.
 
 To reserve resources use your favorite resource reservation tool (Omni, Portal, jFed):
-  1. In your slice that will run the !OpenFlow controller: Reserve a VM running the controller using the request RSpec [http://www.gpolab.bbn.com/exp/OpenFlowOVS/pox-controller.rspec].  This RSpec is available at the Portal and is called  "XEN VM POX Ctrl"
-  2. In the slice that will run your hosts: Reserve the topology using the request rspec [http://www.gpolab.bbn.com/experiment-support/OpenFlowOVS/openflowovs-all-xen.rspec.xml].  This RSpec is available at the Portal and is called "OpenFlow OVS all XEN"
+  1. In your slice that will run the !OpenFlow controller: Reserve a VM running the controller using the request RSpec [http://www.gpolab.bbn.com/exp/OpenFlowOVS/pox-controller.rspec].  This RSpec is available in the Portal and is called  '''XEN VM POX Ctrl'''''''
+  2. In the slice that will run your hosts: Reserve the topology using the request rspec [http://www.gpolab.bbn.com/experiment-support/OpenFlowOVS/openflowovs-all-xen.rspec.xml].  This RSpec is available in the Portal and is called '''!OpenFlow OVS all XEN'''''''
 
-=== iMinds Testbed ===
-The topology for the iMinds testbed is very similar but it uses
-  * 1 raw PC as an OVS switch
-  * 3 raw PCs as hosts
+== Step 2.  Configure and Initialize ==
 
-You can use any reservation tool you want to reserve this on iwall2 using this rspec:
-http://www.gpolab.bbn.com/exp/OpenFlowOVS/openflowovs-pcs-iwall2.rspec
+Although OVS is installed and initialized on the host that is meant to act as a software switch, it has not been configured yet. 
+There are two main things that need to be configured: ''(1) configure your software switch with the interfaces as ports'' and '' (2) point the switch to an !OpenFlow controller''. 
 
+In order to configure the OVS switch, we first login to the host that will be used as an !OpenFlow switch. 
+
+Depending on which tool and OS you are using there is a slightly different process for logging in. If you don't know how to SSH to your reserved hosts learn [wiki:HowTo/LoginToNodes how to login.]
+
+=== 2a. Configure  the Software Switch (OVS Window) ===
+
+Now that you are logged in, we need first to configure OVS. To save time in this tutorial, we have already started OVS and we have added an Ethernet bridge that will act as our software switch. Try the following to show the configured bridge:
+{{{
+sudo ovs-vsctl list-br
+}}}
+You should see only one bridge `br0`. Now we need to add the interfaces to this bridge that will act as the ports of the software switch. 
+
+{{{
+#!html
+<table border="0">
+      <tr >
+       <td width = "500">
+         <ol>
+           <li>List all the interfaces of the node 
+            <ul> <li> <code>ifconfig</code> </ul><br/>
+            Write down the interface names that correspond to the connections to your hosts. This information will be needed for one of the exercises. The correspondence is:
+            <ul> 
+                <li> Interface with IP ''10.10.1.11'' to host1  - ethX</li>
+                <li> Interface with IP ''10.10.1.12'' to host2 - ethY</li>
+                <li> Interface with IP ''10.10.1.13'' to host3 - ethZ</li>
+           </ul></li>
+           </li> <br/>
+           <li> Be careful <b> not to bring down eth0</b>. This is the control interface, if you bring that interface down you <b> won't be able to login</b> to your host. For all interfaces other than <code>eth0</code> and <code> l0</code>, remove the IP from the interfaces (your interface names may vary): <br/> 
+                              <ul><li> <code> sudo ifconfig ethX 0 </code> </li></ul> 
+                              <ul><li> <code> sudo ifconfig ethY 0 </code> </li></ul> 
+                              <ul><li> <code> sudo ifconfig ethZ 0 </code> </li></ul> 
+             <li> Add all the data interfaces to your switch (bridge):Be careful <b> not to add interface eth0</b>. This is the control interface. The other three interfaces are your data interfaces. (Use the same interfaces as you used in the previous step.)
+                <ul><li> <code> sudo  ovs-vsctl add-port br0 ethX </code> </li></ul>
+                <ul><li> <code> sudo  ovs-vsctl add-port br0 ethY </code> </li></ul>
+                <ul><li> <code> sudo  ovs-vsctl add-port br0 ethZ </code> </li></ul>
+             </li>
+          </ol>
+       </td>
+        <td> 
+        <img border="0" src="http://groups.geni.net/geni/attachment/wiki/GENIExperimenter/Tutorials/OpenflowOVS/Graphics/ovs-interfaces.jpg?format=raw" alt="Login information for a VM"  height="250" title="Login information for a VM" /> </a>
+       </td>
+    </tr>
+ </table>
+}}}
+ 
+Congratulations! You have configured your software switch. To verify the three ports configured run:
+{{{
+sudo ovs-vsctl list-ports br0
+}}}
+
+=== 2c. Point your switch to a controller ===
+
+In the controller window, find the control interface IP of your controller, use ''ifconfig'' and note down the IP address of `eth0`. 
+
+An !OpenFlow switch will not forward any packet unless instructed by a controller. Basically the forwarding table is empty, until an external controller inserts forwarding rules. The !OpenFlow controller communicates with the switch over the control network and it can be anywhere in the Internet as long as it is reachable by the OVS host. 
+
+In order to point our software !OpenFlow switch to the controller, in the ''ovs'' window, run:
+{{{
+sudo ovs-vsctl set-controller br0 tcp:<controller_ip>:6633
+}}}
+
+==== `standalone` vs `secure` mode ====
+
+The !OpenFlow controller is responsible for setting up all flows on the switch, which means that when the controller is not running there should be no packet switching at all. Depending on the setup of your network, such a behavior might not be desired. It might be best that when the controller is down, the switch should default back to being a learning layer 2 switch. In other circumstances however this might be undesirable. In OVS this is a tunable parameter, called `fail-safe-mode` which can be set to the following parameters:
+  * `standalone` [default]: in this case OVS will take responsibility for forwarding the packets if the controller fails
+  * `secure`: in this case only the controller is responsible for forwarding packets, and if the controller is down all packets are dropped. 
+
+In OVS when the parameter is not set it falls back to the `standalone` mode. For the purpose of this tutorial we will set the `fail-safe-mode` to `secure`, since we want to be the ones controlling the forwarding. Run:
+{{{
+sudo ovs-vsctl set-fail-mode br0 secure
+}}}
+You can verify your OVS settings by issuing the following:
+
+{{{
+sudo ovs-vsctl show
+}}}
 ----
-= [wiki:GENIExperimenter/Tutorials/OpenFlowOVS Introduction] =
-= [wiki:GENIExperimenter/Tutorials/OpenFlowOVS/Execute Next:  Execute] =
+= [wiki:GENIExperimenter/Tutorials/OpenFlowIntro Introduction] =
+= [wiki:GENIExperimenter/Tutorials/OpenFlowShared/Execute Next:  Execute] =