wiki:GENIRacksHome/ExogeniRacks/AcceptanceTestStatus/EG-MON-2

Version 9 (modified by Josh Smift, 12 years ago) (diff)

--

Detailed test plan for EG-MON-2: GENI Software Configuration Inspection Test

This page is GPO's working page for performing EG-MON-2. It is public for informational purposes, but it is not an official status report. See GENIRacksHome/ExogeniRacks/AcceptanceTestStatus for the current status of ExoGENI acceptance tests.

Page format

  • The status chart summarizes the state of this test
  • The high-level description from test plan contains text copied exactly from the public test plan and acceptance criteria pages.
  • The steps contain things i will actually do/verify:
    • Steps may be composed of related substeps where i find this useful for clarity
    • Each step is either a preparatory step (identified by "(prep)") or a verification step (the default):
      • Preparatory steps are just things we have to do. They're not tests of the rack, but are prerequisites for subsequent verification steps
      • Verification steps are steps in which we will actually look at rack output and make sure it is as expected. They contain a Using: block, which lists the steps to run the verification, and an Expect: block which lists what outcome is expected for the test to pass.

Status of test

Meaning of states:

  • Color(lightgreen,Pass)?: Step is completed and passed (for a verification step), or is completed (for a prep step)
  • Color(red,Fail)?: Step is completed and failed, and is not being revisited
  • in progress: We are currently testing or iterating on this step
  • Color(orange,Blocked)?: Step is blocked by some other step or activity
Step State Date completed Open Tickets Closed Tickets/Comments
1 Color(lightgreen,Pass)? 2012-08-14
2 Color(lightgreen,Pass)? 2012-08-14
3 Color(lightgreen,Pass)? 2012-08-14
4 Color(lightgreen,Pass)? 2012-08-14
5 Color(lightgreen,Pass)? 2012-08-14

High-level description from test plan

This test inspects the state of the GENI AM software in use on the rack.

Procedure

  • A site administrator uses available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine the configuration of ExoGENI resources:
    • How many VMs are assigned to each of the BBN rack SM and the global ExoSM
    • How many bare metal nodes are configured on the rack and whether they are allocated to the BBN rack SM or by ExoSM.
    • How many unbound VLANs are in the rack's available pool and whether they are allocated to the BBN rack SM or by ExoSM.
    • Whether the BBN ExoGENI AM, the RENCI ExoGENI AM, and ExoSM trust the pgeni.gpolab.bbn.com slice authority, which will be used for testing.
  • A site administrator uses available system data sources to determine the configuration of OpenFlow resources according to FOAM, ExoGENI, and FlowVisor.

Criteria to verify as part of this test

  • VI.12. A public document describes all the GENI experimental resources within the rack, and explains what policy options exist for each, including: how to configure rack nodes as bare metal vs. VM server, what options exist for configuring automated approval of compute and network resource requests and how to set them, how to configure rack aggregates to trust additional GENI slice authorities, whether it is possible to trust local users within the rack. (F.7)
  • VI.13. A public document describes the expected state of all the GENI experimental resources in the rack, including how to determine the state of an experimental resource and what state is expected for an unallocated bare metal node. (F.5)
  • VII.11. A site administrator can locate current configuration of flowvisor, FOAM, and any other OpenFlow services, and find logs of recent activity and changes. (D.6.a)

Step 1: determine VM resource allocations

Overview of Step 1

Using:

  • On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine how many VMs are assigned to each of the BBN rack SM and to the global ExoSM.

Verify:

  • The site administrator can determine how many VMs are allocated to each SM

Results of Step 1 from 2012-08-14

On bbn-hn, in /opt/orca-12080/config/config.xml, I see

        <topology>
                <edges>
                        <edge>
                                <from name="bbn-broker" guid="2d6308a4-e38b-4210-9f4b-3319acd28e4e" type="broker">
                                        <location protocol="soapaxis2" url="http://bbn-hn.bbn.exogeni.net:13080/orca/services/bbn-broker"/>
<certificate>
MIICbTCCAdagAwIBAgIET0+04zANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCTkMxDzANBgNVBAcTBkR1cmhhbTENMAsGA1UEChMEb3JjYTEQMA4GA1UECxMHc2hpcmFrbzEt
MCsGA1UEAxMkMmQ2MzA4YTQtZTM4Yi00MjEwLTlmNGItMzMxOWFjZDI4ZTRlMB4XDTEyMDMwMTE3
NDE1NVoXDTIyMDIyNzE3NDE1NVowezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQH
EwZEdXJoYW0xDTALBgNVBAoTBG9yY2ExEDAOBgNVBAsTB3NoaXJha28xLTArBgNVBAMTJDJkNjMw
OGE0LWUzOGItNDIxMC05ZjRiLTMzMTlhY2QyOGU0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEA0LqNHOAo51mJbWHQaozNPZ3+rbwommOcP0aSe0dEOlF4YtdOy6CewxiipDpMrcbia/Ur3wfn
s83Tm/+5tgGNyn9jmhGfmCGKr6PVieF0/F3jGsGN3wDX6C2bOG/B99pDbtyWM6EJR5wxVLVYsuji
kkzA2I5P6Ri/G/edh1yaex0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAGmuajmFFnd577IX/rvit4
vL+HlM2Yybf22bkEqlzG0uFtaXFJRUto9xOcSPm+Y3xijkf2B/X4Q+N73CFTxBEJkSh6s89SPUab
nLHlwi3NXDPNd5t3WR4L0KzWgFndObXbxP0ZQFS7bI5O/F8k6iBNVa5PfEvkTVekpJvYA9WJTg==
</certificate>
                                </from>
                                <to name="bbn-vm-am" guid="8e9f5bd9-6bd4-495b-9293-92a982e8ecf0" type="site" />
                                <rset>
                                        <type>bbnvmsite.vm</type>
                                        <units>48</units>
                                        <start>2010-01-30T00:00:00</start>
                                        <end>2031-01-30T00:00:00</end>
                                </rset>
                                <!--
                                <rset>
                                        <type>bbnvmsite.baremetalce</type>
                                        <units>1</units>
                                        <start>2010-01-30T00:00:00</start>
                                        <end>2031-01-30T00:00:00</end>
                                </rset>
                                -->
                                <rset>
                                        <type>bbnvmsite.vlan</type>
                                        <units>500</units>
                                        <start>2010-01-30T00:00:00</start>
                                        <end>2031-01-30T00:00:00</end>
                                </rset>
                        </edge>
                        <edge>
                                <from name="ndl-broker" guid="25bc9111-9b41-46ab-a96b-3c87f574cfde" type="broker">
                                        <location protocol="soapaxis2" url="http://geni-net.renci.org:11080/orca/services/ndl-broker"/>
<certificate>
MIICbTCCAdagAwIBAgIETDtgYzANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCTkMxDzANBgNVBAcTBkR1cmhhbTENMAsGA1UEChMEb3JjYTEQMA4GA1UECxMHc2hpcmFrbzEt
MCsGA1UEAxMkMjViYzkxMTEtOWI0MS00NmFiLWE5NmItM2M4N2Y1NzRjZmRlMB4XDTEwMDcxMjE4
MzUxNVoXDTIwMDcwOTE4MzUxNVowezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQH
EwZEdXJoYW0xDTALBgNVBAoTBG9yY2ExEDAOBgNVBAsTB3NoaXJha28xLTArBgNVBAMTJDI1YmM5
MTExLTliNDEtNDZhYi1hOTZiLTNjODdmNTc0Y2ZkZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqcyS60d5t9c3eEud529hYmD/0BrIHGkEevwAtqBb7FFD1X98SB1G8y7gzxplt0xr2Hm72Et+
01qB7YgT6XQHWfJQQW7RUZEnrDbGsS0v6bffY291eeDVd0ZCH1ogzPDlyMqdhSGKsstqZd0CYc2E
zRFNngOIytBu1m59Jr6/FqsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCpFKta+1JitcfPbti3x3Tj
WqqINj2f/MzwTVZbxV1eW6gLrwc3FRTX8RgAfqn2sl9Igxfzb+GbQbhY2j5iyBsEV90eKjQQitgv
KUA1IpJqVMYiGSohX2jL+uXEK7bujv9eRyNG82Rp+ouWCrDKo7kOVLh/iSD1s8Mrk03/wd3qfw==
</certificate>
                                </from>
                                <to name="bbn-vm-am" guid="8e9f5bd9-6bd4-495b-9293-92a982e8ecf0" type="site" />
                                <rset>
                                        <type>bbnvmsite.vm</type>
                                        <units>48</units>
                                        <start>2010-01-30T00:00:00</start>
                                        <end>2031-01-30T00:00:00</end>
                                </rset>
                                <rset>
                                        <type>bbnvmsite.baremetalce</type>
                                        <units>2</units>
                                        <start>2010-01-30T00:00:00</start>
                                        <end>2031-01-30T00:00:00</end>
                                </rset>
                                <rset>
                                        <type>bbnvmsite.vlan</type>
                                        <units>500</units>
                                        <start>2010-01-30T00:00:00</start>
                                        <end>2031-01-30T00:00:00</end>
                                </rset>
                        </edge>
                        <edge>
                                <from name="ndl-broker" guid="25bc9111-9b41-46ab-a96b-3c87f574cfde" type="broker">
                                        <location protocol="soapaxis2" url="http://geni-net.renci.org:11080/orca/services/ndl-broker"/>
<certificate>
MIICbTCCAdagAwIBAgIETDtgYzANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCTkMxDzANBgNVBAcTBkR1cmhhbTENMAsGA1UEChMEb3JjYTEQMA4GA1UECxMHc2hpcmFrbzEt
MCsGA1UEAxMkMjViYzkxMTEtOWI0MS00NmFiLWE5NmItM2M4N2Y1NzRjZmRlMB4XDTEwMDcxMjE4
MzUxNVoXDTIwMDcwOTE4MzUxNVowezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQH
EwZEdXJoYW0xDTALBgNVBAoTBG9yY2ExEDAOBgNVBAsTB3NoaXJha28xLTArBgNVBAMTJDI1YmM5
MTExLTliNDEtNDZhYi1hOTZiLTNjODdmNTc0Y2ZkZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqcyS60d5t9c3eEud529hYmD/0BrIHGkEevwAtqBb7FFD1X98SB1G8y7gzxplt0xr2Hm72Et+
01qB7YgT6XQHWfJQQW7RUZEnrDbGsS0v6bffY291eeDVd0ZCH1ogzPDlyMqdhSGKsstqZd0CYc2E
zRFNngOIytBu1m59Jr6/FqsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCpFKta+1JitcfPbti3x3Tj
WqqINj2f/MzwTVZbxV1eW6gLrwc3FRTX8RgAfqn2sl9Igxfzb+GbQbhY2j5iyBsEV90eKjQQitgv
KUA1IpJqVMYiGSohX2jL+uXEK7bujv9eRyNG82Rp+ouWCrDKo7kOVLh/iSD1s8Mrk03/wd3qfw==
</certificate>
                                </from>
                                <to name="bbn-net-am" guid="ca369912-0b78-4cc0-a52a-89b9eff03cf2" type="site" />
                                <rset>
                                        <type>bbnNet.vlan</type>
                                        <units>10</units>
                                        <start>2010-01-30T00:00:00</start>
                                        <end>2031-01-30T00:00:00</end>
                                </rset>
                        </edge>
                </edges>
        </topology>

That indicates that 48 VMs are allocated to bbn-broker, and 48 VMs are allocated to ndl-broker.

Step 2: determine bare metal node configurations

Overview of Step 2

Using:

  • On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine how many nodes in the rack are configured as bare metal nodes, and whether they are allocated to the BBN rack SM or by ExoSM.

Verify:

  • The site administrator can determine how many bare metal nodes are allocated to the local SM
  • The site administrator can determine what each bare metal node is allocated to if it is not allocated to the local SM

Results of Step 2 from 2012-08-14

See Step 1 for the full topology element from /opt/orca-12080/config/config.xml. In that topology, I see

                                <!--
                                <rset>
                                        <type>bbnvmsite.baremetalce</type>
                                        <units>1</units>
                                        <start>2010-01-30T00:00:00</start>
                                        <end>2031-01-30T00:00:00</end>
                                </rset>
                                -->

in the bbn-broker section, and

                                <rset>
                                        <type>bbnvmsite.baremetalce</type>
                                        <units>2</units>
                                        <start>2010-01-30T00:00:00</start>
                                        <end>2031-01-30T00:00:00</end>
                                </rset>

in the ndl-broker section.

That indicates that one bare metal node would normally be allocated to bbn-broker, but it's commented out; and two bare metal nodes are currently allocated to ndl-broker.

Step 3: determine available VLAN pool

Overview of Step 3

Using:

  • On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine how many unbound VLANs are available for rack use, and whether they are allocated by the local rack SM or by ExoSM.
  • On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine whether any bound VLANs are available for rack use, and whether they are allocated by the local rack SM or by ExoSM.

Verify:

  • The site administrator can determine how many unbound VLANs are available for use and where they are allocated.
  • The site administrator can determine what bound VLANs are available for use and where they are allocated.

Results of Step 3 from 2012-08-14

For the first, see Step 1 for the full topology element from /opt/orca-12080/config/config.xml. In that topology, I see

                                <rset>
                                        <type>bbnvmsite.vlan</type>
                                        <units>500</units>
                                        <start>2010-01-30T00:00:00</start>
                                        <end>2031-01-30T00:00:00</end>
                                </rset>

in the bbn-broker section, and

                                <rset>
                                        <type>bbnvmsite.vlan</type>
                                        <units>500</units>
                                        <start>2010-01-30T00:00:00</start>
                                        <end>2031-01-30T00:00:00</end>
                                </rset>

in the ndl-broker section.

That indicates that 500 VLANs are allocated to bbn-broker, and 500 VLANs are allocated to ndl-broker.

For the second, in /opt/orca-12080/ndl/bbnvmsite.rdf, I see

    <layer:LabelSet rdf:about="#Bbn/ExoGeni/staticVLANSet">
        <collections:size rdf:datatype="&xsd;int">1</collections:size>
        <domain:isAllocatable rdf:datatype="&xsd;boolean">false</domain:isAllocatable>
        <collections:element rdf:resource="#Bbn/ExoGeni/VLANLabel/1750"/>
        <domain:hasResourceType rdf:resource="&domain;VLAN"/>
    </layer:LabelSet>

which indicates that VLAN 1750 is the only bound VLAN.

Step 4: determine which GENI SAs are trusted

Overview of Step 4

Using:

  • On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine which GENI slice authorities the BBN ExoGENI AM trusts.
  • On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine which GENI slice authorities FOAM trusts.
  • Use the GENI AM API to verify that the BBN ExoGENI AM and the ExoSM trust the pgeni.gpolab.bbn.com SA.
  • Use the GENI AM API to verify that the rack FOAM instance trusts the pgeni.gpolab.bbn.com SA.

Verify:

  • The site administrator can determine the full set of trusted GENI slice authorities on the local rack.
  • An experimenter can verify that the four AMs to be used in the test trust the pgeni.gpolab.bbn.com SA.

Results of Step 4 from 2012-08-14

For the first, on bbn-hn:

[17:37:14] jbs@bbn-hn:/home/jbs
+$ keytool -v -list -keystore /opt/orca-11080/config/geni-trusted.jks  
Enter keystore password:  

*****************  WARNING WARNING WARNING  *****************
* The integrity of the information stored in your keystore  *
* has NOT been verified!  In order to verify its integrity, *
* you must provide your keystore password.                  *
*****************  WARNING WARNING WARNING  *****************

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 3 entries

Alias name: ben-ca
Creation date: Nov 29, 2011
Entry type: trustedCertEntry

Owner: EMAILADDRESS=ben-ops@renci.org, O=BEN@RENCI, L=Chapel Hill, ST=NC, C=US
Issuer: EMAILADDRESS=ben-ops@renci.org, O=BEN@RENCI, L=Chapel Hill, ST=NC, C=US
Serial number: 88753bc67f92f627
Valid from: Fri Aug 29 14:27:45 EDT 2008 until: Mon Aug 27 14:27:45 EDT 2018
Certificate fingerprints:
         MD5:  6A:5B:EA:64:D7:40:BF:C1:AC:F0:D0:34:A6:54:00:C5
         SHA1: 94:63:C3:04:4F:48:00:B7:35:34:35:32:C3:03:E5:B7:2E:3A:44:B1
         Signature algorithm name: SHA1withRSA
         Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D8 9C 85 3A 11 47 9B CF   41 2E 59 B3 8B 54 37 F0  ...:.G..A.Y..T7.
0010: B9 D7 1E 42                                        ...B
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: D8 9C 85 3A 11 47 9B CF   41 2E 59 B3 8B 54 37 F0  ...:.G..A.Y..T7.
0010: B9 D7 1E 42                                        ...B
]

[EMAILADDRESS=ben-ops@renci.org, O=BEN@RENCI, L=Chapel Hill, ST=NC, C=US]
SerialNumber: [    88753bc6 7f92f627]
]



*******************************************
*******************************************


Alias name: gpo-ca
Creation date: Nov 28, 2011
Entry type: trustedCertEntry

Owner: EMAILADDRESS=testbed-ops@ops.pgeni.gpolab.bbn.com, CN=boss.pgeni.gpolab.bbn.com, OU=Certificate Authority, O=GENI Project Office, L=Cambridge, ST=Massachusetts, C=US
Issuer: EMAILADDRESS=testbed-ops@ops.pgeni.gpolab.bbn.com, CN=boss.pgeni.gpolab.bbn.com, OU=Certificate Authority, O=GENI Project Office, L=Cambridge, ST=Massachusetts, C=US
Serial number: fcedda89e11abaaf
Valid from: Fri May 28 12:07:58 EDT 2010 until: Wed Nov 18 11:07:58 EST 2015
Certificate fingerprints:
         MD5:  0D:A1:E0:43:F9:C9:5A:06:39:A4:27:33:02:A6:CD:D1
         SHA1: 2D:78:00:D0:1F:A0:7F:14:96:FA:57:DA:11:C6:E5:CC:F1:42:C2:BD
         Signature algorithm name: MD5withRSA
         Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 98 57 01 01 AE BF D9 9C   8D D2 F0 04 06 D9 2A E8  .W............*.
0010: 06 CB B0 F9                                        ....
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 98 57 01 01 AE BF D9 9C   8D D2 F0 04 06 D9 2A E8  .W............*.
0010: 06 CB B0 F9                                        ....
]

[EMAILADDRESS=testbed-ops@ops.pgeni.gpolab.bbn.com, CN=boss.pgeni.gpolab.bbn.com, OU=Certificate Authority, O=GENI Project Office, L=Cambridge, ST=Massachusetts, C=US]
SerialNumber: [    fcedda89 e11abaaf]
]

#4: ObjectId: 2.5.29.18 Criticality=false
IssuerAlternativeName [
  URIName: urn:publicid:IDN+pgeni.gpolab.bbn.com+authority+root
]

#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  URIName: urn:publicid:IDN+pgeni.gpolab.bbn.com+authority+root
]



*******************************************
*******************************************


Alias name: utah-emulab
Creation date: Nov 29, 2011
Entry type: trustedCertEntry

Owner: EMAILADDRESS=testbed-ops@flux.utah.edu, CN=boss.emulab.net, OU=Certificate Authority, O=Utah Network Testbed, L=Salt Lake City, ST=Utah, C=US
Issuer: EMAILADDRESS=testbed-ops@flux.utah.edu, CN=boss.emulab.net, OU=Certificate Authority, O=Utah Network Testbed, L=Salt Lake City, ST=Utah, C=US
Serial number: 0
Valid from: Wed Dec 02 13:47:47 EST 2009 until: Mon May 25 14:47:47 EDT 2015
Certificate fingerprints:
         MD5:  AC:CD:F6:5E:90:E6:7F:4D:BA:A2:75:CE:21:C6:09:99
         SHA1: 23:44:33:D5:30:5F:4B:6C:53:75:8D:B0:A5:4D:46:72:FB:F6:8A:70
         Signature algorithm name: MD5withRSA
         Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: E1 FD 98 33 CE 37 B3 7D   F0 D3 75 31 DF A7 D8 31  ...3.7....u1...1
0010: A0 F6 98 20                                        ... 
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: E1 FD 98 33 CE 37 B3 7D   F0 D3 75 31 DF A7 D8 31  ...3.7....u1...1
0010: A0 F6 98 20                                        ... 
]

[EMAILADDRESS=testbed-ops@flux.utah.edu, CN=boss.emulab.net, OU=Certificate Authority, O=Utah Network Testbed, L=Salt Lake City, ST=Utah, C=US]
SerialNumber: [    00]
]

#4: ObjectId: 2.5.29.18 Criticality=false
IssuerAlternativeName [
  URIName: urn:publicid:IDN+emulab.net+authority+root
]

#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  URIName: urn:publicid:IDN+emulab.net+authority+root
]



*******************************************
*******************************************

That indicates that ben-ca, gpo-ca, and utah-emulab are trusted by the ORCA AM.

For the second, on bbn-hn:

[13:13:44] jbs@bbn-hn:/home/jbs
+$ cat /opt/foam/etc/gcf-ca-certs/pgeni.gpolab.bbn.com.pem 
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            fc:ed:da:89:e1:1a:ba:af
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=Massachusetts, L=Cambridge, O=GENI Project Office, OU=Certificate Authority, CN=boss.pgeni.gpolab.bbn.com/emailAddress=testbed-ops@ops.pgeni.gpolab.bbn.com
        Validity
            Not Before: May 28 16:07:58 2010 GMT
            Not After : Nov 18 16:07:58 2015 GMT
        Subject: C=US, ST=Massachusetts, L=Cambridge, O=GENI Project Office, OU=Certificate Authority, CN=boss.pgeni.gpolab.bbn.com/emailAddress=testbed-ops@ops.pgeni.gpolab.bbn.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:bb:7e:9b:79:87:8b:54:88:95:ad:39:54:2c:58:
                    7e:5f:cc:99:15:15:ee:25:f1:06:11:50:9e:bd:47:
                    d1:4f:5d:44:f1:d1:74:af:9f:ff:af:56:8b:17:b1:
                    f9:7b:b3:a3:df:1b:d5:13:ae:e5:71:4d:68:31:64:
                    ab:b7:b5:2b:40:51:20:3e:8b:b9:ba:0b:4e:f0:10:
                    3c:05:9b:1a:8f:75:4f:79:f3:a0:24:9a:8b:b5:4f:
                    a2:fe:50:9b:21:5a:6f:92:4e:43:d4:f0:56:06:23:
                    38:f5:e2:1d:c4:32:0c:38:0e:96:50:f0:a3:87:60:
                    4a:93:13:d9:d8:79:b0:3a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                98:57:01:01:AE:BF:D9:9C:8D:D2:F0:04:06:D9:2A:E8:06:CB:B0:F9
            X509v3 Authority Key Identifier: 
                keyid:98:57:01:01:AE:BF:D9:9C:8D:D2:F0:04:06:D9:2A:E8:06:CB:B0:F9
                DirName:/C=US/ST=Massachusetts/L=Cambridge/O=GENI Project Office/OU=Certificate Authority/CN=boss.pgeni.gpolab.bbn.com/emailAddress=testbed-ops@ops.pgeni.gpolab.bbn.com
                serial:FC:ED:DA:89:E1:1A:BA:AF

            X509v3 Basic Constraints: 
                CA:TRUE
            X509v3 Subject Alternative Name: 
                URI:urn:publicid:IDN+pgeni.gpolab.bbn.com+authority+root
            X509v3 Issuer Alternative Name: 
                URI:urn:publicid:IDN+pgeni.gpolab.bbn.com+authority+root
    Signature Algorithm: md5WithRSAEncryption
        67:2c:95:c6:a1:d8:8a:1d:a4:1d:62:f8:36:e5:df:bd:08:ef:
        5f:57:1b:b4:6c:20:bd:79:d5:c8:96:de:ce:31:3b:cf:d9:4a:
        26:84:88:e4:eb:83:91:16:42:18:65:ea:9f:9a:ae:a0:57:52:
        f6:d2:17:fc:8a:a4:b7:8e:2a:a1:54:64:bb:e1:2a:68:fc:33:
        52:e5:18:f4:7f:78:8d:c0:31:db:52:ee:51:2c:bb:f2:44:f5:
        07:aa:19:0c:17:f2:5c:a7:d0:ba:e2:9b:c3:00:65:79:97:78:
        e5:ff:26:c7:b3:c6:2e:a6:2e:d7:08:bb:1d:c0:e5:e0:d6:af:
        ae:12
-----BEGIN CERTIFICATE-----
MIIE3jCCBEegAwIBAgIJAPzt2onhGrqvMA0GCSqGSIb3DQEBBAUAMIHQMQswCQYD
VQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJQ2FtYnJp
ZGdlMRwwGgYDVQQKExNHRU5JIFByb2plY3QgT2ZmaWNlMR4wHAYDVQQLExVDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgNVBAMTGWJvc3MucGdlbmkuZ3BvbGFiLmJi
bi5jb20xMzAxBgkqhkiG9w0BCQEWJHRlc3RiZWQtb3BzQG9wcy5wZ2VuaS5ncG9s
YWIuYmJuLmNvbTAeFw0xMDA1MjgxNjA3NThaFw0xNTExMTgxNjA3NThaMIHQMQsw
CQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJQ2Ft
YnJpZGdlMRwwGgYDVQQKExNHRU5JIFByb2plY3QgT2ZmaWNlMR4wHAYDVQQLExVD
ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgNVBAMTGWJvc3MucGdlbmkuZ3BvbGFi
LmJibi5jb20xMzAxBgkqhkiG9w0BCQEWJHRlc3RiZWQtb3BzQG9wcy5wZ2VuaS5n
cG9sYWIuYmJuLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu36beYeL
VIiVrTlULFh+X8yZFRXuJfEGEVCevUfRT11E8dF0r5//r1aLF7H5e7Oj3xvVE67l
cU1oMWSrt7UrQFEgPou5ugtO8BA8BZsaj3VPefOgJJqLtU+i/lCbIVpvkk5D1PBW
BiM49eIdxDIMOA6WUPCjh2BKkxPZ2HmwOhECAwEAAaOCAbwwggG4MB0GA1UdDgQW
BBSYVwEBrr/ZnI3S8AQG2SroBsuw+TCCAQUGA1UdIwSB/TCB+oAUmFcBAa6/2ZyN
0vAEBtkq6AbLsPmhgdakgdMwgdAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNz
YWNodXNldHRzMRIwEAYDVQQHEwlDYW1icmlkZ2UxHDAaBgNVBAoTE0dFTkkgUHJv
amVjdCBPZmZpY2UxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAG
A1UEAxMZYm9zcy5wZ2VuaS5ncG9sYWIuYmJuLmNvbTEzMDEGCSqGSIb3DQEJARYk
dGVzdGJlZC1vcHNAb3BzLnBnZW5pLmdwb2xhYi5iYm4uY29tggkA/O3aieEauq8w
DAYDVR0TBAUwAwEB/zA/BgNVHREEODA2hjR1cm46cHVibGljaWQ6SUROK3BnZW5p
Lmdwb2xhYi5iYm4uY29tK2F1dGhvcml0eStyb290MD8GA1UdEgQ4MDaGNHVybjpw
dWJsaWNpZDpJRE4rcGdlbmkuZ3BvbGFiLmJibi5jb20rYXV0aG9yaXR5K3Jvb3Qw
DQYJKoZIhvcNAQEEBQADgYEAZyyVxqHYih2kHWL4NuXfvQjvX1cbtGwgvXnVyJbe
zjE7z9lKJoSI5OuDkRZCGGXqn5quoFdS9tIX/Iqkt44qoVRku+EqaPwzUuUY9H94
jcAx21LuUSy78kT1B6oZDBfyXKfQuuKbwwBleZd45f8mx7PGLqYu1wi7HcDl4Nav
rhI=
-----END CERTIFICATE-----

That indicates that boss.pgeni.gpolab.bbn.com is trusted by FOAM.

For the third:

[17:48:37] jbs@jericho:/home/jbs
+$ grep -A 8 -B 2 '\[gpolab\]' ~/.gcf/omni_config
## GPO Lab ProtoGENI

[gpolab]

type = pg
verbose = false
ch = https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/ch
sa = https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/sa
cert = ~/.ssl/jbs@pgeni.gpolab.bbn.com.pem
key = ~/.ssl/jbs@pgeni.gpolab.bbn.com.pem

[17:50:36] jbs@jericho:/home/jbs
+$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc listresources -f gpolab
INFO:omni:Loading config file /home/jbs/.gcf/omni_config
INFO:omni:Using control framework gpolab
INFO:omni:Listed resources on 1 out of 1 possible aggregates.
INFO:omni:<?xml version="1.0" ?>
INFO:omni:<!-- Resources at AM:
        URN: unspecified_AM_URN
        URL: https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc
 -->
INFO:omni:<rspec type="advertisement" xmlns="http://www.geni.net/resources/rspec/3" xmlns:ns2="http://hpn.east.isi.edu/rspec/ext/stitch/0.1/" xmlns:ns3="http://www.protogeni.net/resources/rspec/ext/emulab/1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.geni.net/resources/rspec/3 http://www.geni.net/resources/rspec/3/ad.xsd http://hpn.east.isi.edu/rspec/ext/stitch/0.1/ http://hpn.east.isi.edu/rspec/ext/stitch/0.1/stitch-schema.xsd http://www.protogeni.net/resources/rspec/ext/emulab/1 http://www.protogeni.net/resources/rspec/ext/emulab/1/ptop_extension.xsd">  
      <node component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+node+orca-vm-cloud" component_manager_id="urn:publicid:IDN+exogeni.net:bbnvmsite+authority+am" component_name="orca-vm-cloud" exclusive="false">    
            <hardware_type name="orca-vm-cloud">      
                  <ns3:node_type type_slots="47"/>      
            </hardware_type>    
            <available now="true"/>    
            <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+bbn:ExoGeni:TengigabitEthernet:2" role="experimental"/>    
            <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+Bbn:ExoGeni:TenGigabitEthernet:1" role="experimental"/>    
      </node>  
      <link component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+link+Bbn:ExoGeni:TenGigabitEthernet:1:BbnNet:IBM:G8052:TenGigabitEthernet:1:1">    
            <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+Bbn:ExoGeni:TenGigabitEthernet:1"/>    
            <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnNet+interface+BbnNet:IBM:G8052:TenGigabitEthernet:1:1"/>    
            <link_type name="ethernet"/>    
      </link>  
      <link component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+link+bbn:ExoGeni:TengigabitEthernet:2:BbnNet:BM:G8052:TenGigabitEthernet:1:2">    
            <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+bbn:ExoGeni:TengigabitEthernet:2"/>    
            <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnNet+interface+BbnNet:BM:G8052:TenGigabitEthernet:1:2"/>    
            <link_type name="ethernet"/>    
      </link>  
      <node component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+node+orca-transit-net-vlan" component_manager_id="urn:publicid:IDN+exogeni.net:bbnvmsite+authority+am" component_name="orca-transit-net-vlan" exclusive="false">    
            <hardware_type name="orca-static-net-vlan">      
                  <ns3:node_type type_slots="1"/>      
            </hardware_type>    
            <hardware_type name="orca-transit-net-vlan">      
                  <ns3:node_type type_slots="500"/>      
            </hardware_type>    
            <available now="true"/>    
            <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+bbn:ExoGeni:TengigabitEthernet:2" role="experimental"/>    
            <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+Bbn:ExoGeni:TenGigabitEthernet:1" role="experimental"/>    
      </node>  
</rspec>
INFO:omni: ------------------------------------------------------------
INFO:omni: Completed listresources:

  Options as run:
                aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc
                framework: gpolab
                native: True

  Args: listresources

  Result Summary: Retrieved resources from 1 aggregates.
Wrote rspecs from 1 aggregates. 
INFO:omni: ============================================================

That indicates that BBN ExoGENI trusts the pgeni.gpolab.bbn.com SA.

I also verified that it did not trust another SA, the BBN pgeni1 staging SA in this case:

[17:51:17] jbs@jericho:/home/jbs
+$ grep -A 8 -B 2 '\[pgeni1\]' ~/.gcf/omni_config 
## GPO Lab staging ProtoGENI

[pgeni1]

type = pg
verbose = false
ch = https://www.pgeni1.gpolab.bbn.com/protogeni/xmlrpc/ch
sa = https://www.pgeni1.gpolab.bbn.com/protogeni/xmlrpc/sa
cert = ~/.ssl/jbs@pgeni1.gpolab.bbn.com.pem
key = ~/.ssl/jbs@pgeni1.gpolab.bbn.com.pem

[17:52:09] jbs@jericho:/home/jbs
+$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc listresources -f pgeni1
INFO:omni:Loading config file /home/jbs/.gcf/omni_config
INFO:omni:Using control framework pgeni1
INFO:omni:Listed resources on 0 out of 1 possible aggregates.
INFO:omni:Got no resources. No resources from AM https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc: Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges.
INFO:omni: ------------------------------------------------------------
INFO:omni: Completed listresources:

  Options as run:
                aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc
                framework: pgeni1
                native: True

  Args: listresources

  Result Summary: Got no resources. No resources from AM https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc: Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges. 
INFO:omni: ============================================================

That indicates that it does not trust the BBN pgeni1 SA.

For the fourth:

[13:15:53] jbs@jericho:/home/jbs
+$ grep -A 8 -B 2 '\[gpolab\]' ~/.gcf/omni_config 
## GPO Lab ProtoGENI

[gpolab]

type = pg
verbose = false
ch = https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/ch
sa = https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/sa
cert = ~/.ssl/jbs@pgeni.gpolab.bbn.com.pem
key = ~/.ssl/jbs@pgeni.gpolab.bbn.com.pem

[13:16:54] jbs@jericho:/home/jbs
+$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 getversion -f gpolab
INFO:omni:Loading config file /home/jbs/.gcf/omni_config
INFO:omni:Using control framework gpolab
INFO:omni:AM URN: unspecified_AM_URN (url: https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1) has version:
INFO:omni:{   'ad_rspec_versions': [   {   'extensions': [   'http://www.geni.net/resources/rspec/ext/openflow/3'],
                                 'namespace': 'http://www.geni.net/resources/rspec/3',
                                 'schema': 'http://www.geni.net/resources/rspec/3/ad.xsd',
                                 'type': 'GENI',
                                 'version': '3'}],
    'foam_version': '0.8.2',
    'geni_api': 1,
    'request_rspec_versions': [   {   'extensions': [   'http://www.geni.net/resources/rspec/ext/openflow/3',
                                                        'http://www.geni.net/resources/rspec/ext/openflow/4',
                                                        'http://www.geni.net/resources/rspec/ext/flowvisor/1'],
                                      'namespace': 'http://www.geni.net/resources/rspec/3',
                                      'schema': 'http://www.geni.net/resources/rspec/3/request.xsd',
                                      'type': 'GENI',
                                      'version': '3'}],
    'site_info': {   }}
INFO:omni: ------------------------------------------------------------
INFO:omni: Completed getversion:

  Options as run:
                aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1
                framework: gpolab
                native: True

  Args: getversion

  Result Summary: 
Got version for 1 out of 1 aggregates
 
INFO:omni: ============================================================

That indicates that FOAM trusts the pgeni.gpolab.bbn.com SA.

I also verified that it did not trust another SA, Utah ProtoGENI in this case:

[13:17:00] jbs@jericho:/home/jbs
+$ grep -A 8 -B 2 '\[utah\]' ~/.gcf/omni_config 
## Utah ProtoGENI

[utah]

type = pg
verbose = false
ch = https://www.emulab.net/protogeni/xmlrpc/ch
sa = https://www.emulab.net/protogeni/xmlrpc/sa
cert = ~/.ssl/jbs@www.emulab.net.pem
key = ~/.ssl/jbs@www.emulab.net.pem

[13:17:37] jbs@jericho:/home/jbs
+$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 getversion -f utah
INFO:omni:Loading config file /home/jbs/.gcf/omni_config
INFO:omni:Using control framework utah
ERROR:omni.protogeni:Call for GetVersion at https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 failed.: ProtocolError: <ProtocolError for bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1: 400 Bad Request>
ERROR:omni.protogeni:    ..... Run with --debug for more information
WARNING:omni:URN: unspecified_AM_URN (url:https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1) call failed: ProtocolError: <ProtocolError for bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1: 400 Bad Request>

INFO:omni: ------------------------------------------------------------
INFO:omni: Completed getversion:

  Options as run:
                aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1
                framework: utah
                native: True

  Args: getversion

  Result Summary: Cannot GetVersion at https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1: ProtocolError: <ProtocolError for bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1: 400 Bad Request>

Got version for 0 out of 1 aggregates
 
INFO:omni: ============================================================

That indicates that it does not trust the ProtoGENI Utah SA.

Step 5: determine rack OpenFlow state

Overview of Step 5

Using:

  • From a login to the 8264 (dataplane) switch, view the OpenFlow configuration.
  • On bbn-hn, use fvctl to view the set of devices reporting to the FlowVisor.
  • On bbn-hn, use foamctl to view the list of slivers.
  • Use the GENI AM API to view the set of datapaths advertised by FOAM.

Verify:

  • All datapaths on the rack switch report to FlowVisor.
  • All datapaths reporting to FlowVisor come from the rack switch.
  • A site administrator can look at flowvisor's state using fvctl.
  • A site administrator can look at FOAM's state using foamctl.
  • FOAM advertises all datapaths on the rack switch.

Results of Step 5 from 2012-08-14

For the first of those, the switch shows some OpenFlow information:

bbn-8264.bbn.xo>show openflow
        Protocol Version: 1
        Openflow State: Enabled
        Max Flows: 10000
        FDB Table Priority: 1000
        Open Flow Instance ID: 1
        Openflow Edge ports : None
        Openflow Management ports :  63
        Openflow Buffering : Enabled
        Openflow Buffer Size: 1024
        Emergency Mode : Disabled

Aha, and apparently that "Open Flow Instance ID: 1" tells me that 'show openflow 1' has a bunch more info:

bbn-8264.bbn.xo>show openflow 1
Open Flow Instance ID: 1
        DataPath ID: 0x640817f4b52a00
        Vlan ID: 100
        Max Retries per controller: 4
        Echo Request Interval: 30
        Echo Reply Timeout: 15
        Emergency Timeout: 30
        Operational Mode: Normal
        Miss Send Len: 128
        Swicth Support Capabiilities: 
                Flow Statistics             : enabled 
                Table Statistics            : enabled 
                Port Statistics             : enabled 
                Spanning Tree               : disabled 
                Reserved                    : disabled 
                Reassemble IP Fragments     : disabled 
                Queue Statistics            : disabled 
                Match IP Addr in ARP Packets: disabled 
        Swicth Support action:
                Output to Switch Port    : enabled 
                Set Vlan ID              : enabled 
                Set Priority             : enabled 
                Strip dot1q Header       : enabled 
                Ethernet Source Addr     : enabled 
                Ethernet Destination Addr: enabled 
                IP Source Address        : disabled 
                IP Destination Address   : disabled 
                IP ToS                   : enabled 
                TCP/UDP Source Port      : disabled 
                TCP/UDP Destination Port : disabled 
                Output to Queue          : disabled 
                Vendor                   : disabled 

PortList  Status  State  Config  Current  Advertised Supported  Peer
1           d     0x201   0x2     0x200    0x0       0x0         0x0
2           d     0x201   0x2     0x240    0x0       0x0         0x0
3           d     0x201   0x2     0x240    0x0       0x0         0x0
4           d     0x201   0x2     0x240    0x0       0x0         0x0
5           d     0x201   0x2     0x200    0x0       0x0         0x0
6           d     0x201   0x2     0x240    0x0       0x0         0x0
7           d     0x201   0x2     0x240    0x0       0x0         0x0
8           d     0x201   0x2     0x240    0x0       0x0         0x0
9           d     0x201   0x2     0x200    0x0       0x0         0x0
10          d     0x201   0x2     0x240    0x0       0x0         0x0
11          d     0x201   0x2     0x240    0x0       0x0         0x0
12          d     0x201   0x2     0x240    0x0       0x0         0x0
13          d     0x201   0x2     0x200    0x0       0x0         0x0
14          d     0x201   0x2     0x240    0x0       0x0         0x0
15          d     0x201   0x2     0x240    0x0       0x0         0x0
16          d     0x201   0x2     0x240    0x0       0x0         0x0
17          e     0x200   0x2     0xc0     0x0       0x0         0x0
18          e     0x200   0x2     0xc0     0x0       0x0         0x0
19          e     0x200   0x2     0xc0     0x0       0x0         0x0
20          e     0x200   0x2     0xc0     0x0       0x0         0x0
21          e     0x200   0x2     0xc0     0x0       0x0         0x0
22          e     0x200   0x2     0xc0     0x0       0x0         0x0
23          e     0x200   0x2     0xc0     0x0       0x0         0x0
24          d     0x201   0x2     0xc0     0x0       0x0         0x0
25          d     0x201   0x2     0xc0     0x0       0x0         0x0
26          d     0x201   0x2     0xc0     0x0       0x0         0x0
27          d     0x201   0x2     0x200    0x0       0x0         0x0
28          d     0x201   0x2     0x200    0x0       0x0         0x0
29          d     0x201   0x2     0x200    0x0       0x0         0x0
30          d     0x201   0x2     0x200    0x0       0x0         0x0
31          d     0x201   0x2     0x200    0x0       0x0         0x0
32          d     0x201   0x2     0x200    0x0       0x0         0x0
33          d     0x201   0x2     0x200    0x0       0x0         0x0
34          d     0x201   0x2     0x200    0x0       0x0         0x0
35          d     0x201   0x2     0x200    0x0       0x0         0x0
36          d     0x201   0x2     0x200    0x0       0x0         0x0
37          d     0x201   0x2     0x200    0x0       0x0         0x0
38          d     0x201   0x2     0x200    0x0       0x0         0x0
39          d     0x201   0x2     0x200    0x0       0x0         0x0
40          d     0x201   0x2     0x200    0x0       0x0         0x0
41          e     0x200   0x2     0xc0     0x0       0x0         0x0
42          e     0x200   0x2     0xc0     0x0       0x0         0x0
43          e     0x200   0x2     0xc0     0x0       0x0         0x0
44          e     0x200   0x2     0xc0     0x0       0x0         0x0
45          e     0x200   0x2     0xc0     0x0       0x0         0x0
46          e     0x200   0x2     0xc0     0x0       0x0         0x0
47          e     0x200   0x2     0xc0     0x0       0x0         0x0
48          d     0x201   0x2     0xc0     0x0       0x0         0x0
49          d     0x201   0x2     0xc0     0x0       0x0         0x0
50          d     0x201   0x2     0xc0     0x0       0x0         0x0
51          d     0x201   0x2     0x200    0x0       0x0         0x0
52          d     0x201   0x2     0x200    0x0       0x0         0x0
53          d     0x201   0x2     0x200    0x0       0x0         0x0
54          d     0x201   0x2     0x200    0x0       0x0         0x0
55          d     0x201   0x2     0x200    0x0       0x0         0x0
56          d     0x201   0x2     0x200    0x0       0x0         0x0
57          d     0x201   0x2     0x200    0x0       0x0         0x0
58          d     0x201   0x2     0x200    0x0       0x0         0x0
59          d     0x201   0x2     0x200    0x0       0x0         0x0
60          e     0x200   0x2     0x2a0    0x0       0x0         0x0
61          d     0x201   0x2     0x200    0x0       0x0         0x0
62          d     0x201   0x2     0x200    0x0       0x0         0x0
64          e     0x200   0x2     0x2a0    0x0       0x0         0x0

Number of Ports: 63
Configured Controllers: 
        IP Address: 192.168.103.10
                State: Active
                Port: 6633
                Retry Count: 0
        Configured Controller Count 1

So, there is only one datapath, and it points to 192.168.103.10:6633. That IP address is an interface on bbn-hn:

[13:31:20] jbs@bbn-hn:/home/jbs
+$ ifconfig -a | grep -A 7 -B 1 192.168.103.10
bond2.1006 Link encap:Ethernet  HWaddr 5C:F3:FC:6B:10:A8  
          inet addr:192.168.103.10  Bcast:192.168.103.255  Mask:255.255.255.0
          inet6 addr: fe80::5ef3:fcff:fe6b:10a8/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:106891 errors:0 dropped:0 overruns:0 frame:0
          TX packets:117109 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:11828203 (11.2 MiB)  TX bytes:17760462 (16.9 MiB)

FlowVisor is running on port 6633:

[13:32:26] jbs@bbn-hn:/home/jbs
+$ sudo netstat -anp | grep 6633
[sudo] password for jbs: 
tcp        0      0 :::6633                     :::*                        LISTEN      3517/java           
tcp        0    125 ::ffff:192.168.103.10:6633  ::ffff:192.168.103.4:41595  ESTABLISHED 3517/java           

[13:32:43] jbs@bbn-hn:/home/jbs
+$ ps -efwww | grep 3517
491       3517     1  2 12:12 ?        00:02:19 java -server -Xms256M -Xmx1500M -XX:OnError=flowvisor-crash-logger -XX:+UseConcMarkSweepGC -Dorg.flowvisor.config_dir=/opt/flowvisor/etc/flowvisor -Dorg.flowvisor.install_dir=/opt/flowvisor/libexec/flowvisor -Djavax.net.ssl.keyStore=/opt/flowvisor/etc/flowvisor/mySSLKeyStore -Djavax.net.ssl.keyStorePassword=CHANGEME_PASSWD -cp /opt/flowvisor/libexec/flowvisor/openflow.jar:/opt/flowvisor/libexec/flowvisor/xmlrpc-client-3.1.3.jar:/opt/flowvisor/libexec/flowvisor/xmlrpc-common-3.1.3.jar:/opt/flowvisor/libexec/flowvisor/xmlrpc-server-3.1.3.jar:/opt/flowvisor/libexec/flowvisor/commons-logging-1.1.jar:/opt/flowvisor/libexec/flowvisor/ws-commons-util-1.0.2.jar:/opt/flowvisor/libexec/flowvisor/jsse.jar:/opt/flowvisor/libexec/flowvisor/asm-3.0.jar:/opt/flowvisor/libexec/flowvisor/cglib-2.2.jar:/opt/flowvisor/libexec/flowvisor/commons-codec-1.4.jar:/opt/flowvisor/libexec/flowvisor/gson-1.7.1.jar:/opt/flowvisor/libexec/flowvisor/jetty-continuation-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/jetty-http-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/jetty-io-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/jetty-security-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/jetty-server-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/jetty-util-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/servlet-api-2.5.jar:/opt/flowvisor/libexec/flowvisor/flowvisor.jar org.flowvisor.FlowVisor /opt/flowvisor/etc/flowvisor/config.xml
jbs       4327  1532  0 13:33 pts/4    00:00:00 grep 3517

This verifies that all (one) datapaths on the rack switch report to FlowVisor.

For the second, fvctl shows only one device:

[13:33:43] jbs@bbn-hn:/home/jbs
+$ fvctl --passwd-file=/etc/flowvisor/fvpasswd listDevices
Device 0: 00:64:08:17:f4:b5:2a:00

This verifies that all datapaths reporting to FlowVisor come from the rack switch, and a site admin can look at FV's state using fvctl.

For the third, foamctl can show a list of slivers:

[13:37:07] jbs@bbn-hn:/home/jbs
+$ foamctl geni:list-slivers --passwd-file=/opt/foam/etc/foampasswd
{
 "slivers": [
  {
   "status": "Approved", 
   "sliver_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+tuptymon:3d95c17c-412b-4451-a2c2-c79d8b0542ee", 
   "creation": "2012-08-10 04:51:08.680747+00:00", 
   "pend_reason": null, 
   "expiration": "2012-09-15 00:00:00+00:00", 
   "deleted": "False", 
   "user": null, 
   "slice_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+tuptymon", 
   "enabled": true, 
   "email": "tupty@bbn.com", 
   "flowvisor_slice": "3d95c17c-412b-4451-a2c2-c79d8b0542ee", 
   "desc": "tuptymon OpenFlow resources at BBN.", 
   "ref": null, 
   "id": 12, 
   "uuid": "3d95c17c-412b-4451-a2c2-c79d8b0542ee"
  }, 
  {
   "status": "Approved", 
   "sliver_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs16:d45b6df8-84ce-4764-811c-6bf2234efaa1", 
   "creation": "2012-08-10 04:51:10.287736+00:00", 
   "pend_reason": null, 
   "expiration": "2012-10-15 19:00:00+00:00", 
   "deleted": "False", 
   "user": null, 
   "slice_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs16", 
   "enabled": true, 
   "email": "jbs@bbn.com", 
   "flowvisor_slice": "d45b6df8-84ce-4764-811c-6bf2234efaa1", 
   "desc": "JBS 16 OpenFlow resources at BBN ExoGENI.", 
   "ref": null, 
   "id": 19, 
   "uuid": "d45b6df8-84ce-4764-811c-6bf2234efaa1"
  }, 
  {
   "status": "Approved", 
   "sliver_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs15:8ae4e90c-c6e3-4570-8e23-2357303c6a27", 
   "creation": "2012-08-10 04:51:10.488696+00:00", 
   "pend_reason": null, 
   "expiration": "2012-10-15 19:00:00+00:00", 
   "deleted": "False", 
   "user": null, 
   "slice_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs15", 
   "enabled": true, 
   "email": "jbs@bbn.com", 
   "flowvisor_slice": "8ae4e90c-c6e3-4570-8e23-2357303c6a27", 
   "desc": "JBS 15 OpenFlow resources at BBN ExoGENI.", 
   "ref": null, 
   "id": 20, 
   "uuid": "8ae4e90c-c6e3-4570-8e23-2357303c6a27"
  }, 
  {
   "status": "Approved", 
   "sliver_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+trans:9d1e8717-424a-4495-a968-c7be314396dd", 
   "creation": "2012-08-10 04:51:13.414379+00:00", 
   "pend_reason": null, 
   "expiration": "2012-08-14 00:00:00+00:00", 
   "deleted": "False", 
   "user": null, 
   "slice_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+trans", 
   "enabled": true, 
   "email": "lnevers@bbn.com", 
   "flowvisor_slice": "9d1e8717-424a-4495-a968-c7be314396dd", 
   "desc": "Vlan translation for EG-EXP-5 resources at BBN ExoGENI.", 
   "ref": null, 
   "id": 33, 
   "uuid": "9d1e8717-424a-4495-a968-c7be314396dd"
  }
 ]
}

This verifies that a site administrator can look at FOAM's state using foamctl.

For the fourth, Omni can show advertised datapaths via the GENI AM API:

[13:39:38] jbs@jericho:/home/jbs
+$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 listresources
INFO:omni:Loading config file /home/jbs/.gcf/omni_config
INFO:omni:Using control framework gpolab
INFO:omni:Listed resources on 1 out of 1 possible aggregates.
INFO:omni:<?xml version="1.0" ?>
INFO:omni:<!-- Resources at AM:
        URN: unspecified_AM_URN
        URL: https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1
 -->
INFO:omni:
<rspec type="advertisement" xmlns="http://www.geni.net/resources/rspec/3" xmlns:openflow="http://www.geni.net/resources/rspec/ext/openflow/3" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance" xs:schemaLocation="http://www.geni.net/resources/rspec/3 http://www.geni.net/resources/rspec/3/ad.xsd http://www.geni.net/resources/rspec/ext/openflow/3 http://www.geni.net/resources/rspec/ext/openflow/3/of-ad.xsd">
  <openflow:datapath component_id="urn:publicid:IDN+openflow:foam:bbn-hn.exogeni.gpolab.bbn.com+datapath+00:64:08:17:f4:b5:2a:00" component_manager_id="urn:publicid:IDN+openflow:foam:bbn-hn.exogeni.gpolab.bbn.com+authority+am" dpid="00:64:08:17:f4:b5:2a:00">
    <openflow:port name="1" num="1"/>
    <openflow:port name="2" num="2"/>
    <openflow:port name="3" num="3"/>
    <openflow:port name="4" num="4"/>
    <openflow:port name="5" num="5"/>
    <openflow:port name="6" num="6"/>
    <openflow:port name="7" num="7"/>
    <openflow:port name="8" num="8"/>
    <openflow:port name="9" num="9"/>
    <openflow:port name="10" num="10"/>
    <openflow:port name="11" num="11"/>
    <openflow:port name="12" num="12"/>
    <openflow:port name="13" num="13"/>
    <openflow:port name="14" num="14"/>
    <openflow:port name="15" num="15"/>
    <openflow:port name="16" num="16"/>
    <openflow:port name="17" num="17"/>
    <openflow:port name="18" num="18"/>
    <openflow:port name="19" num="19"/>
    <openflow:port name="20" num="20"/>
    <openflow:port name="21" num="21"/>
    <openflow:port name="22" num="22"/>
    <openflow:port name="23" num="23"/>
    <openflow:port name="24" num="24"/>
    <openflow:port name="27" num="27"/>
    <openflow:port name="28" num="28"/>
    <openflow:port name="29" num="29"/>
    <openflow:port name="30" num="30"/>
    <openflow:port name="31" num="31"/>
    <openflow:port name="32" num="32"/>
    <openflow:port name="33" num="33"/>
    <openflow:port name="34" num="34"/>
    <openflow:port name="35" num="35"/>
    <openflow:port name="36" num="36"/>
    <openflow:port name="37" num="37"/>
    <openflow:port name="38" num="38"/>
    <openflow:port name="39" num="39"/>
    <openflow:port name="40" num="40"/>
    <openflow:port name="41" num="41"/>
    <openflow:port name="42" num="42"/>
    <openflow:port name="43" num="43"/>
    <openflow:port name="44" num="44"/>
    <openflow:port name="45" num="45"/>
    <openflow:port name="46" num="46"/>
    <openflow:port name="47" num="47"/>
    <openflow:port name="48" num="48"/>
    <openflow:port name="51" num="51"/>
    <openflow:port name="52" num="52"/>
    <openflow:port name="53" num="53"/>
    <openflow:port name="54" num="54"/>
    <openflow:port name="55" num="55"/>
    <openflow:port name="56" num="56"/>
    <openflow:port name="57" num="57"/>
    <openflow:port name="58" num="58"/>
    <openflow:port name="59" num="59"/>
    <openflow:port name="60" num="60"/>
    <openflow:port name="61" num="61"/>
    <openflow:port name="62" num="62"/>
    <openflow:port name="64" num="64"/>
    <openflow:port name="50" num="50"/>
    <openflow:port name="26" num="26"/>
    <openflow:port name="49" num="49"/>
    <openflow:port name="25" num="25"/>
  </openflow:datapath>
</rspec>

INFO:omni: ------------------------------------------------------------
INFO:omni: Completed listresources:

  Options as run:
                aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1
                framework: gpolab
                native: True

  Args: listresources

  Result Summary: Retrieved resources from 1 aggregates.
Wrote rspecs from 1 aggregates. 
INFO:omni: ============================================================

The one datapath from the switch (via FV) is advertised; this verifies that FOAM advertises all datapaths on the rack switch.