Version 9 (modified by 12 years ago) (diff) | ,
---|
- Detailed test plan for EG-MON-2: GENI Software Configuration …
Detailed test plan for EG-MON-2: GENI Software Configuration Inspection Test
This page is GPO's working page for performing EG-MON-2. It is public for informational purposes, but it is not an official status report. See GENIRacksHome/ExogeniRacks/AcceptanceTestStatus for the current status of ExoGENI acceptance tests.
Page format
- The status chart summarizes the state of this test
- The high-level description from test plan contains text copied exactly from the public test plan and acceptance criteria pages.
- The steps contain things i will actually do/verify:
- Steps may be composed of related substeps where i find this useful for clarity
- Each step is either a preparatory step (identified by "(prep)") or a verification step (the default):
- Preparatory steps are just things we have to do. They're not tests of the rack, but are prerequisites for subsequent verification steps
- Verification steps are steps in which we will actually look at rack output and make sure it is as expected. They contain a Using: block, which lists the steps to run the verification, and an Expect: block which lists what outcome is expected for the test to pass.
Status of test
Meaning of states:
- Color(lightgreen,Pass)?: Step is completed and passed (for a verification step), or is completed (for a prep step)
- Color(red,Fail)?: Step is completed and failed, and is not being revisited
- in progress: We are currently testing or iterating on this step
- Color(orange,Blocked)?: Step is blocked by some other step or activity
Step | State | Date completed | Open Tickets | Closed Tickets/Comments |
1 | Color(lightgreen,Pass)? | 2012-08-14 | ||
2 | Color(lightgreen,Pass)? | 2012-08-14 | ||
3 | Color(lightgreen,Pass)? | 2012-08-14 | ||
4 | Color(lightgreen,Pass)? | 2012-08-14 | ||
5 | Color(lightgreen,Pass)? | 2012-08-14 |
High-level description from test plan
This test inspects the state of the GENI AM software in use on the rack.
Procedure
- A site administrator uses available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine the configuration of ExoGENI resources:
- How many VMs are assigned to each of the BBN rack SM and the global ExoSM
- How many bare metal nodes are configured on the rack and whether they are allocated to the BBN rack SM or by ExoSM.
- How many unbound VLANs are in the rack's available pool and whether they are allocated to the BBN rack SM or by ExoSM.
- Whether the BBN ExoGENI AM, the RENCI ExoGENI AM, and ExoSM trust the pgeni.gpolab.bbn.com slice authority, which will be used for testing.
- A site administrator uses available system data sources to determine the configuration of OpenFlow resources according to FOAM, ExoGENI, and FlowVisor.
Criteria to verify as part of this test
- VI.12. A public document describes all the GENI experimental resources within the rack, and explains what policy options exist for each, including: how to configure rack nodes as bare metal vs. VM server, what options exist for configuring automated approval of compute and network resource requests and how to set them, how to configure rack aggregates to trust additional GENI slice authorities, whether it is possible to trust local users within the rack. (F.7)
- VI.13. A public document describes the expected state of all the GENI experimental resources in the rack, including how to determine the state of an experimental resource and what state is expected for an unallocated bare metal node. (F.5)
- VII.11. A site administrator can locate current configuration of flowvisor, FOAM, and any other OpenFlow services, and find logs of recent activity and changes. (D.6.a)
Step 1: determine VM resource allocations
Overview of Step 1
Using:
- On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine how many VMs are assigned to each of the BBN rack SM and to the global ExoSM.
Verify:
- The site administrator can determine how many VMs are allocated to each SM
Results of Step 1 from 2012-08-14
On bbn-hn, in /opt/orca-12080/config/config.xml, I see
<topology> <edges> <edge> <from name="bbn-broker" guid="2d6308a4-e38b-4210-9f4b-3319acd28e4e" type="broker"> <location protocol="soapaxis2" url="http://bbn-hn.bbn.exogeni.net:13080/orca/services/bbn-broker"/> <certificate> MIICbTCCAdagAwIBAgIET0+04zANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzELMAkGA1UE CBMCTkMxDzANBgNVBAcTBkR1cmhhbTENMAsGA1UEChMEb3JjYTEQMA4GA1UECxMHc2hpcmFrbzEt MCsGA1UEAxMkMmQ2MzA4YTQtZTM4Yi00MjEwLTlmNGItMzMxOWFjZDI4ZTRlMB4XDTEyMDMwMTE3 NDE1NVoXDTIyMDIyNzE3NDE1NVowezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQH EwZEdXJoYW0xDTALBgNVBAoTBG9yY2ExEDAOBgNVBAsTB3NoaXJha28xLTArBgNVBAMTJDJkNjMw OGE0LWUzOGItNDIxMC05ZjRiLTMzMTlhY2QyOGU0ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEA0LqNHOAo51mJbWHQaozNPZ3+rbwommOcP0aSe0dEOlF4YtdOy6CewxiipDpMrcbia/Ur3wfn s83Tm/+5tgGNyn9jmhGfmCGKr6PVieF0/F3jGsGN3wDX6C2bOG/B99pDbtyWM6EJR5wxVLVYsuji kkzA2I5P6Ri/G/edh1yaex0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQAGmuajmFFnd577IX/rvit4 vL+HlM2Yybf22bkEqlzG0uFtaXFJRUto9xOcSPm+Y3xijkf2B/X4Q+N73CFTxBEJkSh6s89SPUab nLHlwi3NXDPNd5t3WR4L0KzWgFndObXbxP0ZQFS7bI5O/F8k6iBNVa5PfEvkTVekpJvYA9WJTg== </certificate> </from> <to name="bbn-vm-am" guid="8e9f5bd9-6bd4-495b-9293-92a982e8ecf0" type="site" /> <rset> <type>bbnvmsite.vm</type> <units>48</units> <start>2010-01-30T00:00:00</start> <end>2031-01-30T00:00:00</end> </rset> <!-- <rset> <type>bbnvmsite.baremetalce</type> <units>1</units> <start>2010-01-30T00:00:00</start> <end>2031-01-30T00:00:00</end> </rset> --> <rset> <type>bbnvmsite.vlan</type> <units>500</units> <start>2010-01-30T00:00:00</start> <end>2031-01-30T00:00:00</end> </rset> </edge> <edge> <from name="ndl-broker" guid="25bc9111-9b41-46ab-a96b-3c87f574cfde" type="broker"> <location protocol="soapaxis2" url="http://geni-net.renci.org:11080/orca/services/ndl-broker"/> <certificate> MIICbTCCAdagAwIBAgIETDtgYzANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzELMAkGA1UE CBMCTkMxDzANBgNVBAcTBkR1cmhhbTENMAsGA1UEChMEb3JjYTEQMA4GA1UECxMHc2hpcmFrbzEt MCsGA1UEAxMkMjViYzkxMTEtOWI0MS00NmFiLWE5NmItM2M4N2Y1NzRjZmRlMB4XDTEwMDcxMjE4 MzUxNVoXDTIwMDcwOTE4MzUxNVowezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQH EwZEdXJoYW0xDTALBgNVBAoTBG9yY2ExEDAOBgNVBAsTB3NoaXJha28xLTArBgNVBAMTJDI1YmM5 MTExLTliNDEtNDZhYi1hOTZiLTNjODdmNTc0Y2ZkZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAqcyS60d5t9c3eEud529hYmD/0BrIHGkEevwAtqBb7FFD1X98SB1G8y7gzxplt0xr2Hm72Et+ 01qB7YgT6XQHWfJQQW7RUZEnrDbGsS0v6bffY291eeDVd0ZCH1ogzPDlyMqdhSGKsstqZd0CYc2E zRFNngOIytBu1m59Jr6/FqsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCpFKta+1JitcfPbti3x3Tj WqqINj2f/MzwTVZbxV1eW6gLrwc3FRTX8RgAfqn2sl9Igxfzb+GbQbhY2j5iyBsEV90eKjQQitgv KUA1IpJqVMYiGSohX2jL+uXEK7bujv9eRyNG82Rp+ouWCrDKo7kOVLh/iSD1s8Mrk03/wd3qfw== </certificate> </from> <to name="bbn-vm-am" guid="8e9f5bd9-6bd4-495b-9293-92a982e8ecf0" type="site" /> <rset> <type>bbnvmsite.vm</type> <units>48</units> <start>2010-01-30T00:00:00</start> <end>2031-01-30T00:00:00</end> </rset> <rset> <type>bbnvmsite.baremetalce</type> <units>2</units> <start>2010-01-30T00:00:00</start> <end>2031-01-30T00:00:00</end> </rset> <rset> <type>bbnvmsite.vlan</type> <units>500</units> <start>2010-01-30T00:00:00</start> <end>2031-01-30T00:00:00</end> </rset> </edge> <edge> <from name="ndl-broker" guid="25bc9111-9b41-46ab-a96b-3c87f574cfde" type="broker"> <location protocol="soapaxis2" url="http://geni-net.renci.org:11080/orca/services/ndl-broker"/> <certificate> MIICbTCCAdagAwIBAgIETDtgYzANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzELMAkGA1UE CBMCTkMxDzANBgNVBAcTBkR1cmhhbTENMAsGA1UEChMEb3JjYTEQMA4GA1UECxMHc2hpcmFrbzEt MCsGA1UEAxMkMjViYzkxMTEtOWI0MS00NmFiLWE5NmItM2M4N2Y1NzRjZmRlMB4XDTEwMDcxMjE4 MzUxNVoXDTIwMDcwOTE4MzUxNVowezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5DMQ8wDQYDVQQH EwZEdXJoYW0xDTALBgNVBAoTBG9yY2ExEDAOBgNVBAsTB3NoaXJha28xLTArBgNVBAMTJDI1YmM5 MTExLTliNDEtNDZhYi1hOTZiLTNjODdmNTc0Y2ZkZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAqcyS60d5t9c3eEud529hYmD/0BrIHGkEevwAtqBb7FFD1X98SB1G8y7gzxplt0xr2Hm72Et+ 01qB7YgT6XQHWfJQQW7RUZEnrDbGsS0v6bffY291eeDVd0ZCH1ogzPDlyMqdhSGKsstqZd0CYc2E zRFNngOIytBu1m59Jr6/FqsCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCpFKta+1JitcfPbti3x3Tj WqqINj2f/MzwTVZbxV1eW6gLrwc3FRTX8RgAfqn2sl9Igxfzb+GbQbhY2j5iyBsEV90eKjQQitgv KUA1IpJqVMYiGSohX2jL+uXEK7bujv9eRyNG82Rp+ouWCrDKo7kOVLh/iSD1s8Mrk03/wd3qfw== </certificate> </from> <to name="bbn-net-am" guid="ca369912-0b78-4cc0-a52a-89b9eff03cf2" type="site" /> <rset> <type>bbnNet.vlan</type> <units>10</units> <start>2010-01-30T00:00:00</start> <end>2031-01-30T00:00:00</end> </rset> </edge> </edges> </topology>
That indicates that 48 VMs are allocated to bbn-broker, and 48 VMs are allocated to ndl-broker.
Step 2: determine bare metal node configurations
Overview of Step 2
Using:
- On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine how many nodes in the rack are configured as bare metal nodes, and whether they are allocated to the BBN rack SM or by ExoSM.
Verify:
- The site administrator can determine how many bare metal nodes are allocated to the local SM
- The site administrator can determine what each bare metal node is allocated to if it is not allocated to the local SM
Results of Step 2 from 2012-08-14
See Step 1 for the full topology element from /opt/orca-12080/config/config.xml. In that topology, I see
<!-- <rset> <type>bbnvmsite.baremetalce</type> <units>1</units> <start>2010-01-30T00:00:00</start> <end>2031-01-30T00:00:00</end> </rset> -->
in the bbn-broker section, and
<rset> <type>bbnvmsite.baremetalce</type> <units>2</units> <start>2010-01-30T00:00:00</start> <end>2031-01-30T00:00:00</end> </rset>
in the ndl-broker section.
That indicates that one bare metal node would normally be allocated to bbn-broker, but it's commented out; and two bare metal nodes are currently allocated to ndl-broker.
Step 3: determine available VLAN pool
Overview of Step 3
Using:
- On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine how many unbound VLANs are available for rack use, and whether they are allocated by the local rack SM or by ExoSM.
- On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine whether any bound VLANs are available for rack use, and whether they are allocated by the local rack SM or by ExoSM.
Verify:
- The site administrator can determine how many unbound VLANs are available for use and where they are allocated.
- The site administrator can determine what bound VLANs are available for use and where they are allocated.
Results of Step 3 from 2012-08-14
For the first, see Step 1 for the full topology element from /opt/orca-12080/config/config.xml. In that topology, I see
<rset> <type>bbnvmsite.vlan</type> <units>500</units> <start>2010-01-30T00:00:00</start> <end>2031-01-30T00:00:00</end> </rset>
in the bbn-broker section, and
<rset> <type>bbnvmsite.vlan</type> <units>500</units> <start>2010-01-30T00:00:00</start> <end>2031-01-30T00:00:00</end> </rset>
in the ndl-broker section.
That indicates that 500 VLANs are allocated to bbn-broker, and 500 VLANs are allocated to ndl-broker.
For the second, in /opt/orca-12080/ndl/bbnvmsite.rdf, I see
<layer:LabelSet rdf:about="#Bbn/ExoGeni/staticVLANSet"> <collections:size rdf:datatype="&xsd;int">1</collections:size> <domain:isAllocatable rdf:datatype="&xsd;boolean">false</domain:isAllocatable> <collections:element rdf:resource="#Bbn/ExoGeni/VLANLabel/1750"/> <domain:hasResourceType rdf:resource="&domain;VLAN"/> </layer:LabelSet>
which indicates that VLAN 1750 is the only bound VLAN.
Step 4: determine which GENI SAs are trusted
Overview of Step 4
Using:
- On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine which GENI slice authorities the BBN ExoGENI AM trusts.
- On bbn-hn, use available system data sources (process listings, monitoring output, system logs, etc) and/or AM administrative interfaces to determine which GENI slice authorities FOAM trusts.
- Use the GENI AM API to verify that the BBN ExoGENI AM and the ExoSM trust the pgeni.gpolab.bbn.com SA.
- Use the GENI AM API to verify that the rack FOAM instance trusts the pgeni.gpolab.bbn.com SA.
Verify:
- The site administrator can determine the full set of trusted GENI slice authorities on the local rack.
- An experimenter can verify that the four AMs to be used in the test trust the pgeni.gpolab.bbn.com SA.
Results of Step 4 from 2012-08-14
For the first, on bbn-hn:
[17:37:14] jbs@bbn-hn:/home/jbs +$ keytool -v -list -keystore /opt/orca-11080/config/geni-trusted.jks Enter keystore password: ***************** WARNING WARNING WARNING ***************** * The integrity of the information stored in your keystore * * has NOT been verified! In order to verify its integrity, * * you must provide your keystore password. * ***************** WARNING WARNING WARNING ***************** Keystore type: JKS Keystore provider: SUN Your keystore contains 3 entries Alias name: ben-ca Creation date: Nov 29, 2011 Entry type: trustedCertEntry Owner: EMAILADDRESS=ben-ops@renci.org, O=BEN@RENCI, L=Chapel Hill, ST=NC, C=US Issuer: EMAILADDRESS=ben-ops@renci.org, O=BEN@RENCI, L=Chapel Hill, ST=NC, C=US Serial number: 88753bc67f92f627 Valid from: Fri Aug 29 14:27:45 EDT 2008 until: Mon Aug 27 14:27:45 EDT 2018 Certificate fingerprints: MD5: 6A:5B:EA:64:D7:40:BF:C1:AC:F0:D0:34:A6:54:00:C5 SHA1: 94:63:C3:04:4F:48:00:B7:35:34:35:32:C3:03:E5:B7:2E:3A:44:B1 Signature algorithm name: SHA1withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: D8 9C 85 3A 11 47 9B CF 41 2E 59 B3 8B 54 37 F0 ...:.G..A.Y..T7. 0010: B9 D7 1E 42 ...B ] ] #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: D8 9C 85 3A 11 47 9B CF 41 2E 59 B3 8B 54 37 F0 ...:.G..A.Y..T7. 0010: B9 D7 1E 42 ...B ] [EMAILADDRESS=ben-ops@renci.org, O=BEN@RENCI, L=Chapel Hill, ST=NC, C=US] SerialNumber: [ 88753bc6 7f92f627] ] ******************************************* ******************************************* Alias name: gpo-ca Creation date: Nov 28, 2011 Entry type: trustedCertEntry Owner: EMAILADDRESS=testbed-ops@ops.pgeni.gpolab.bbn.com, CN=boss.pgeni.gpolab.bbn.com, OU=Certificate Authority, O=GENI Project Office, L=Cambridge, ST=Massachusetts, C=US Issuer: EMAILADDRESS=testbed-ops@ops.pgeni.gpolab.bbn.com, CN=boss.pgeni.gpolab.bbn.com, OU=Certificate Authority, O=GENI Project Office, L=Cambridge, ST=Massachusetts, C=US Serial number: fcedda89e11abaaf Valid from: Fri May 28 12:07:58 EDT 2010 until: Wed Nov 18 11:07:58 EST 2015 Certificate fingerprints: MD5: 0D:A1:E0:43:F9:C9:5A:06:39:A4:27:33:02:A6:CD:D1 SHA1: 2D:78:00:D0:1F:A0:7F:14:96:FA:57:DA:11:C6:E5:CC:F1:42:C2:BD Signature algorithm name: MD5withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 98 57 01 01 AE BF D9 9C 8D D2 F0 04 06 D9 2A E8 .W............*. 0010: 06 CB B0 F9 .... ] ] #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 98 57 01 01 AE BF D9 9C 8D D2 F0 04 06 D9 2A E8 .W............*. 0010: 06 CB B0 F9 .... ] [EMAILADDRESS=testbed-ops@ops.pgeni.gpolab.bbn.com, CN=boss.pgeni.gpolab.bbn.com, OU=Certificate Authority, O=GENI Project Office, L=Cambridge, ST=Massachusetts, C=US] SerialNumber: [ fcedda89 e11abaaf] ] #4: ObjectId: 2.5.29.18 Criticality=false IssuerAlternativeName [ URIName: urn:publicid:IDN+pgeni.gpolab.bbn.com+authority+root ] #5: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ URIName: urn:publicid:IDN+pgeni.gpolab.bbn.com+authority+root ] ******************************************* ******************************************* Alias name: utah-emulab Creation date: Nov 29, 2011 Entry type: trustedCertEntry Owner: EMAILADDRESS=testbed-ops@flux.utah.edu, CN=boss.emulab.net, OU=Certificate Authority, O=Utah Network Testbed, L=Salt Lake City, ST=Utah, C=US Issuer: EMAILADDRESS=testbed-ops@flux.utah.edu, CN=boss.emulab.net, OU=Certificate Authority, O=Utah Network Testbed, L=Salt Lake City, ST=Utah, C=US Serial number: 0 Valid from: Wed Dec 02 13:47:47 EST 2009 until: Mon May 25 14:47:47 EDT 2015 Certificate fingerprints: MD5: AC:CD:F6:5E:90:E6:7F:4D:BA:A2:75:CE:21:C6:09:99 SHA1: 23:44:33:D5:30:5F:4B:6C:53:75:8D:B0:A5:4D:46:72:FB:F6:8A:70 Signature algorithm name: MD5withRSA Version: 3 Extensions: #1: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: E1 FD 98 33 CE 37 B3 7D F0 D3 75 31 DF A7 D8 31 ...3.7....u1...1 0010: A0 F6 98 20 ... ] ] #2: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: E1 FD 98 33 CE 37 B3 7D F0 D3 75 31 DF A7 D8 31 ...3.7....u1...1 0010: A0 F6 98 20 ... ] [EMAILADDRESS=testbed-ops@flux.utah.edu, CN=boss.emulab.net, OU=Certificate Authority, O=Utah Network Testbed, L=Salt Lake City, ST=Utah, C=US] SerialNumber: [ 00] ] #4: ObjectId: 2.5.29.18 Criticality=false IssuerAlternativeName [ URIName: urn:publicid:IDN+emulab.net+authority+root ] #5: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ URIName: urn:publicid:IDN+emulab.net+authority+root ] ******************************************* *******************************************
That indicates that ben-ca, gpo-ca, and utah-emulab are trusted by the ORCA AM.
For the second, on bbn-hn:
[13:13:44] jbs@bbn-hn:/home/jbs +$ cat /opt/foam/etc/gcf-ca-certs/pgeni.gpolab.bbn.com.pem Certificate: Data: Version: 3 (0x2) Serial Number: fc:ed:da:89:e1:1a:ba:af Signature Algorithm: md5WithRSAEncryption Issuer: C=US, ST=Massachusetts, L=Cambridge, O=GENI Project Office, OU=Certificate Authority, CN=boss.pgeni.gpolab.bbn.com/emailAddress=testbed-ops@ops.pgeni.gpolab.bbn.com Validity Not Before: May 28 16:07:58 2010 GMT Not After : Nov 18 16:07:58 2015 GMT Subject: C=US, ST=Massachusetts, L=Cambridge, O=GENI Project Office, OU=Certificate Authority, CN=boss.pgeni.gpolab.bbn.com/emailAddress=testbed-ops@ops.pgeni.gpolab.bbn.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:bb:7e:9b:79:87:8b:54:88:95:ad:39:54:2c:58: 7e:5f:cc:99:15:15:ee:25:f1:06:11:50:9e:bd:47: d1:4f:5d:44:f1:d1:74:af:9f:ff:af:56:8b:17:b1: f9:7b:b3:a3:df:1b:d5:13:ae:e5:71:4d:68:31:64: ab:b7:b5:2b:40:51:20:3e:8b:b9:ba:0b:4e:f0:10: 3c:05:9b:1a:8f:75:4f:79:f3:a0:24:9a:8b:b5:4f: a2:fe:50:9b:21:5a:6f:92:4e:43:d4:f0:56:06:23: 38:f5:e2:1d:c4:32:0c:38:0e:96:50:f0:a3:87:60: 4a:93:13:d9:d8:79:b0:3a:11 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 98:57:01:01:AE:BF:D9:9C:8D:D2:F0:04:06:D9:2A:E8:06:CB:B0:F9 X509v3 Authority Key Identifier: keyid:98:57:01:01:AE:BF:D9:9C:8D:D2:F0:04:06:D9:2A:E8:06:CB:B0:F9 DirName:/C=US/ST=Massachusetts/L=Cambridge/O=GENI Project Office/OU=Certificate Authority/CN=boss.pgeni.gpolab.bbn.com/emailAddress=testbed-ops@ops.pgeni.gpolab.bbn.com serial:FC:ED:DA:89:E1:1A:BA:AF X509v3 Basic Constraints: CA:TRUE X509v3 Subject Alternative Name: URI:urn:publicid:IDN+pgeni.gpolab.bbn.com+authority+root X509v3 Issuer Alternative Name: URI:urn:publicid:IDN+pgeni.gpolab.bbn.com+authority+root Signature Algorithm: md5WithRSAEncryption 67:2c:95:c6:a1:d8:8a:1d:a4:1d:62:f8:36:e5:df:bd:08:ef: 5f:57:1b:b4:6c:20:bd:79:d5:c8:96:de:ce:31:3b:cf:d9:4a: 26:84:88:e4:eb:83:91:16:42:18:65:ea:9f:9a:ae:a0:57:52: f6:d2:17:fc:8a:a4:b7:8e:2a:a1:54:64:bb:e1:2a:68:fc:33: 52:e5:18:f4:7f:78:8d:c0:31:db:52:ee:51:2c:bb:f2:44:f5: 07:aa:19:0c:17:f2:5c:a7:d0:ba:e2:9b:c3:00:65:79:97:78: e5:ff:26:c7:b3:c6:2e:a6:2e:d7:08:bb:1d:c0:e5:e0:d6:af: ae:12 -----BEGIN CERTIFICATE----- MIIE3jCCBEegAwIBAgIJAPzt2onhGrqvMA0GCSqGSIb3DQEBBAUAMIHQMQswCQYD VQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJQ2FtYnJp ZGdlMRwwGgYDVQQKExNHRU5JIFByb2plY3QgT2ZmaWNlMR4wHAYDVQQLExVDZXJ0 aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgNVBAMTGWJvc3MucGdlbmkuZ3BvbGFiLmJi bi5jb20xMzAxBgkqhkiG9w0BCQEWJHRlc3RiZWQtb3BzQG9wcy5wZ2VuaS5ncG9s YWIuYmJuLmNvbTAeFw0xMDA1MjgxNjA3NThaFw0xNTExMTgxNjA3NThaMIHQMQsw CQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2FjaHVzZXR0czESMBAGA1UEBxMJQ2Ft YnJpZGdlMRwwGgYDVQQKExNHRU5JIFByb2plY3QgT2ZmaWNlMR4wHAYDVQQLExVD ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxIjAgBgNVBAMTGWJvc3MucGdlbmkuZ3BvbGFi LmJibi5jb20xMzAxBgkqhkiG9w0BCQEWJHRlc3RiZWQtb3BzQG9wcy5wZ2VuaS5n cG9sYWIuYmJuLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu36beYeL VIiVrTlULFh+X8yZFRXuJfEGEVCevUfRT11E8dF0r5//r1aLF7H5e7Oj3xvVE67l cU1oMWSrt7UrQFEgPou5ugtO8BA8BZsaj3VPefOgJJqLtU+i/lCbIVpvkk5D1PBW BiM49eIdxDIMOA6WUPCjh2BKkxPZ2HmwOhECAwEAAaOCAbwwggG4MB0GA1UdDgQW BBSYVwEBrr/ZnI3S8AQG2SroBsuw+TCCAQUGA1UdIwSB/TCB+oAUmFcBAa6/2ZyN 0vAEBtkq6AbLsPmhgdakgdMwgdAxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNz YWNodXNldHRzMRIwEAYDVQQHEwlDYW1icmlkZ2UxHDAaBgNVBAoTE0dFTkkgUHJv amVjdCBPZmZpY2UxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhvcml0eTEiMCAG A1UEAxMZYm9zcy5wZ2VuaS5ncG9sYWIuYmJuLmNvbTEzMDEGCSqGSIb3DQEJARYk dGVzdGJlZC1vcHNAb3BzLnBnZW5pLmdwb2xhYi5iYm4uY29tggkA/O3aieEauq8w DAYDVR0TBAUwAwEB/zA/BgNVHREEODA2hjR1cm46cHVibGljaWQ6SUROK3BnZW5p Lmdwb2xhYi5iYm4uY29tK2F1dGhvcml0eStyb290MD8GA1UdEgQ4MDaGNHVybjpw dWJsaWNpZDpJRE4rcGdlbmkuZ3BvbGFiLmJibi5jb20rYXV0aG9yaXR5K3Jvb3Qw DQYJKoZIhvcNAQEEBQADgYEAZyyVxqHYih2kHWL4NuXfvQjvX1cbtGwgvXnVyJbe zjE7z9lKJoSI5OuDkRZCGGXqn5quoFdS9tIX/Iqkt44qoVRku+EqaPwzUuUY9H94 jcAx21LuUSy78kT1B6oZDBfyXKfQuuKbwwBleZd45f8mx7PGLqYu1wi7HcDl4Nav rhI= -----END CERTIFICATE-----
That indicates that boss.pgeni.gpolab.bbn.com is trusted by FOAM.
For the third:
[17:48:37] jbs@jericho:/home/jbs +$ grep -A 8 -B 2 '\[gpolab\]' ~/.gcf/omni_config ## GPO Lab ProtoGENI [gpolab] type = pg verbose = false ch = https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/ch sa = https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/sa cert = ~/.ssl/jbs@pgeni.gpolab.bbn.com.pem key = ~/.ssl/jbs@pgeni.gpolab.bbn.com.pem [17:50:36] jbs@jericho:/home/jbs +$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc listresources -f gpolab INFO:omni:Loading config file /home/jbs/.gcf/omni_config INFO:omni:Using control framework gpolab INFO:omni:Listed resources on 1 out of 1 possible aggregates. INFO:omni:<?xml version="1.0" ?> INFO:omni:<!-- Resources at AM: URN: unspecified_AM_URN URL: https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc --> INFO:omni:<rspec type="advertisement" xmlns="http://www.geni.net/resources/rspec/3" xmlns:ns2="http://hpn.east.isi.edu/rspec/ext/stitch/0.1/" xmlns:ns3="http://www.protogeni.net/resources/rspec/ext/emulab/1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.geni.net/resources/rspec/3 http://www.geni.net/resources/rspec/3/ad.xsd http://hpn.east.isi.edu/rspec/ext/stitch/0.1/ http://hpn.east.isi.edu/rspec/ext/stitch/0.1/stitch-schema.xsd http://www.protogeni.net/resources/rspec/ext/emulab/1 http://www.protogeni.net/resources/rspec/ext/emulab/1/ptop_extension.xsd"> <node component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+node+orca-vm-cloud" component_manager_id="urn:publicid:IDN+exogeni.net:bbnvmsite+authority+am" component_name="orca-vm-cloud" exclusive="false"> <hardware_type name="orca-vm-cloud"> <ns3:node_type type_slots="47"/> </hardware_type> <available now="true"/> <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+bbn:ExoGeni:TengigabitEthernet:2" role="experimental"/> <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+Bbn:ExoGeni:TenGigabitEthernet:1" role="experimental"/> </node> <link component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+link+Bbn:ExoGeni:TenGigabitEthernet:1:BbnNet:IBM:G8052:TenGigabitEthernet:1:1"> <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+Bbn:ExoGeni:TenGigabitEthernet:1"/> <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnNet+interface+BbnNet:IBM:G8052:TenGigabitEthernet:1:1"/> <link_type name="ethernet"/> </link> <link component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+link+bbn:ExoGeni:TengigabitEthernet:2:BbnNet:BM:G8052:TenGigabitEthernet:1:2"> <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+bbn:ExoGeni:TengigabitEthernet:2"/> <interface_ref component_id="urn:publicid:IDN+exogeni.net:bbnNet+interface+BbnNet:BM:G8052:TenGigabitEthernet:1:2"/> <link_type name="ethernet"/> </link> <node component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+node+orca-transit-net-vlan" component_manager_id="urn:publicid:IDN+exogeni.net:bbnvmsite+authority+am" component_name="orca-transit-net-vlan" exclusive="false"> <hardware_type name="orca-static-net-vlan"> <ns3:node_type type_slots="1"/> </hardware_type> <hardware_type name="orca-transit-net-vlan"> <ns3:node_type type_slots="500"/> </hardware_type> <available now="true"/> <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+bbn:ExoGeni:TengigabitEthernet:2" role="experimental"/> <interface component_id="urn:publicid:IDN+exogeni.net:bbnvmsite+interface+Bbn:ExoGeni:TenGigabitEthernet:1" role="experimental"/> </node> </rspec> INFO:omni: ------------------------------------------------------------ INFO:omni: Completed listresources: Options as run: aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc framework: gpolab native: True Args: listresources Result Summary: Retrieved resources from 1 aggregates. Wrote rspecs from 1 aggregates. INFO:omni: ============================================================
That indicates that BBN ExoGENI trusts the pgeni.gpolab.bbn.com SA.
I also verified that it did not trust another SA, the BBN pgeni1 staging SA in this case:
[17:51:17] jbs@jericho:/home/jbs +$ grep -A 8 -B 2 '\[pgeni1\]' ~/.gcf/omni_config ## GPO Lab staging ProtoGENI [pgeni1] type = pg verbose = false ch = https://www.pgeni1.gpolab.bbn.com/protogeni/xmlrpc/ch sa = https://www.pgeni1.gpolab.bbn.com/protogeni/xmlrpc/sa cert = ~/.ssl/jbs@pgeni1.gpolab.bbn.com.pem key = ~/.ssl/jbs@pgeni1.gpolab.bbn.com.pem [17:52:09] jbs@jericho:/home/jbs +$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc listresources -f pgeni1 INFO:omni:Loading config file /home/jbs/.gcf/omni_config INFO:omni:Using control framework pgeni1 INFO:omni:Listed resources on 0 out of 1 possible aggregates. INFO:omni:Got no resources. No resources from AM https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc: Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges. INFO:omni: ------------------------------------------------------------ INFO:omni: Completed listresources: Options as run: aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc framework: pgeni1 native: True Args: listresources Result Summary: Got no resources. No resources from AM https://bbn-hn.exogeni.gpolab.bbn.com:11443/orca/xmlrpc: Credendial Exception: javax.security.auth.login.CredentialException: No credential was found with appropriate privileges. INFO:omni: ============================================================
That indicates that it does not trust the BBN pgeni1 SA.
For the fourth:
[13:15:53] jbs@jericho:/home/jbs +$ grep -A 8 -B 2 '\[gpolab\]' ~/.gcf/omni_config ## GPO Lab ProtoGENI [gpolab] type = pg verbose = false ch = https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/ch sa = https://www.pgeni.gpolab.bbn.com/protogeni/xmlrpc/sa cert = ~/.ssl/jbs@pgeni.gpolab.bbn.com.pem key = ~/.ssl/jbs@pgeni.gpolab.bbn.com.pem [13:16:54] jbs@jericho:/home/jbs +$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 getversion -f gpolab INFO:omni:Loading config file /home/jbs/.gcf/omni_config INFO:omni:Using control framework gpolab INFO:omni:AM URN: unspecified_AM_URN (url: https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1) has version: INFO:omni:{ 'ad_rspec_versions': [ { 'extensions': [ 'http://www.geni.net/resources/rspec/ext/openflow/3'], 'namespace': 'http://www.geni.net/resources/rspec/3', 'schema': 'http://www.geni.net/resources/rspec/3/ad.xsd', 'type': 'GENI', 'version': '3'}], 'foam_version': '0.8.2', 'geni_api': 1, 'request_rspec_versions': [ { 'extensions': [ 'http://www.geni.net/resources/rspec/ext/openflow/3', 'http://www.geni.net/resources/rspec/ext/openflow/4', 'http://www.geni.net/resources/rspec/ext/flowvisor/1'], 'namespace': 'http://www.geni.net/resources/rspec/3', 'schema': 'http://www.geni.net/resources/rspec/3/request.xsd', 'type': 'GENI', 'version': '3'}], 'site_info': { }} INFO:omni: ------------------------------------------------------------ INFO:omni: Completed getversion: Options as run: aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 framework: gpolab native: True Args: getversion Result Summary: Got version for 1 out of 1 aggregates INFO:omni: ============================================================
That indicates that FOAM trusts the pgeni.gpolab.bbn.com SA.
I also verified that it did not trust another SA, Utah ProtoGENI in this case:
[13:17:00] jbs@jericho:/home/jbs +$ grep -A 8 -B 2 '\[utah\]' ~/.gcf/omni_config ## Utah ProtoGENI [utah] type = pg verbose = false ch = https://www.emulab.net/protogeni/xmlrpc/ch sa = https://www.emulab.net/protogeni/xmlrpc/sa cert = ~/.ssl/jbs@www.emulab.net.pem key = ~/.ssl/jbs@www.emulab.net.pem [13:17:37] jbs@jericho:/home/jbs +$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 getversion -f utah INFO:omni:Loading config file /home/jbs/.gcf/omni_config INFO:omni:Using control framework utah ERROR:omni.protogeni:Call for GetVersion at https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 failed.: ProtocolError: <ProtocolError for bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1: 400 Bad Request> ERROR:omni.protogeni: ..... Run with --debug for more information WARNING:omni:URN: unspecified_AM_URN (url:https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1) call failed: ProtocolError: <ProtocolError for bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1: 400 Bad Request> INFO:omni: ------------------------------------------------------------ INFO:omni: Completed getversion: Options as run: aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 framework: utah native: True Args: getversion Result Summary: Cannot GetVersion at https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1: ProtocolError: <ProtocolError for bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1: 400 Bad Request> Got version for 0 out of 1 aggregates INFO:omni: ============================================================
That indicates that it does not trust the ProtoGENI Utah SA.
Step 5: determine rack OpenFlow state
Overview of Step 5
Using:
- From a login to the 8264 (dataplane) switch, view the OpenFlow configuration.
- On bbn-hn, use fvctl to view the set of devices reporting to the FlowVisor.
- On bbn-hn, use foamctl to view the list of slivers.
- Use the GENI AM API to view the set of datapaths advertised by FOAM.
Verify:
- All datapaths on the rack switch report to FlowVisor.
- All datapaths reporting to FlowVisor come from the rack switch.
- A site administrator can look at flowvisor's state using fvctl.
- A site administrator can look at FOAM's state using foamctl.
- FOAM advertises all datapaths on the rack switch.
Results of Step 5 from 2012-08-14
For the first of those, the switch shows some OpenFlow information:
bbn-8264.bbn.xo>show openflow Protocol Version: 1 Openflow State: Enabled Max Flows: 10000 FDB Table Priority: 1000 Open Flow Instance ID: 1 Openflow Edge ports : None Openflow Management ports : 63 Openflow Buffering : Enabled Openflow Buffer Size: 1024 Emergency Mode : Disabled
Aha, and apparently that "Open Flow Instance ID: 1" tells me that 'show openflow 1' has a bunch more info:
bbn-8264.bbn.xo>show openflow 1 Open Flow Instance ID: 1 DataPath ID: 0x640817f4b52a00 Vlan ID: 100 Max Retries per controller: 4 Echo Request Interval: 30 Echo Reply Timeout: 15 Emergency Timeout: 30 Operational Mode: Normal Miss Send Len: 128 Swicth Support Capabiilities: Flow Statistics : enabled Table Statistics : enabled Port Statistics : enabled Spanning Tree : disabled Reserved : disabled Reassemble IP Fragments : disabled Queue Statistics : disabled Match IP Addr in ARP Packets: disabled Swicth Support action: Output to Switch Port : enabled Set Vlan ID : enabled Set Priority : enabled Strip dot1q Header : enabled Ethernet Source Addr : enabled Ethernet Destination Addr: enabled IP Source Address : disabled IP Destination Address : disabled IP ToS : enabled TCP/UDP Source Port : disabled TCP/UDP Destination Port : disabled Output to Queue : disabled Vendor : disabled PortList Status State Config Current Advertised Supported Peer 1 d 0x201 0x2 0x200 0x0 0x0 0x0 2 d 0x201 0x2 0x240 0x0 0x0 0x0 3 d 0x201 0x2 0x240 0x0 0x0 0x0 4 d 0x201 0x2 0x240 0x0 0x0 0x0 5 d 0x201 0x2 0x200 0x0 0x0 0x0 6 d 0x201 0x2 0x240 0x0 0x0 0x0 7 d 0x201 0x2 0x240 0x0 0x0 0x0 8 d 0x201 0x2 0x240 0x0 0x0 0x0 9 d 0x201 0x2 0x200 0x0 0x0 0x0 10 d 0x201 0x2 0x240 0x0 0x0 0x0 11 d 0x201 0x2 0x240 0x0 0x0 0x0 12 d 0x201 0x2 0x240 0x0 0x0 0x0 13 d 0x201 0x2 0x200 0x0 0x0 0x0 14 d 0x201 0x2 0x240 0x0 0x0 0x0 15 d 0x201 0x2 0x240 0x0 0x0 0x0 16 d 0x201 0x2 0x240 0x0 0x0 0x0 17 e 0x200 0x2 0xc0 0x0 0x0 0x0 18 e 0x200 0x2 0xc0 0x0 0x0 0x0 19 e 0x200 0x2 0xc0 0x0 0x0 0x0 20 e 0x200 0x2 0xc0 0x0 0x0 0x0 21 e 0x200 0x2 0xc0 0x0 0x0 0x0 22 e 0x200 0x2 0xc0 0x0 0x0 0x0 23 e 0x200 0x2 0xc0 0x0 0x0 0x0 24 d 0x201 0x2 0xc0 0x0 0x0 0x0 25 d 0x201 0x2 0xc0 0x0 0x0 0x0 26 d 0x201 0x2 0xc0 0x0 0x0 0x0 27 d 0x201 0x2 0x200 0x0 0x0 0x0 28 d 0x201 0x2 0x200 0x0 0x0 0x0 29 d 0x201 0x2 0x200 0x0 0x0 0x0 30 d 0x201 0x2 0x200 0x0 0x0 0x0 31 d 0x201 0x2 0x200 0x0 0x0 0x0 32 d 0x201 0x2 0x200 0x0 0x0 0x0 33 d 0x201 0x2 0x200 0x0 0x0 0x0 34 d 0x201 0x2 0x200 0x0 0x0 0x0 35 d 0x201 0x2 0x200 0x0 0x0 0x0 36 d 0x201 0x2 0x200 0x0 0x0 0x0 37 d 0x201 0x2 0x200 0x0 0x0 0x0 38 d 0x201 0x2 0x200 0x0 0x0 0x0 39 d 0x201 0x2 0x200 0x0 0x0 0x0 40 d 0x201 0x2 0x200 0x0 0x0 0x0 41 e 0x200 0x2 0xc0 0x0 0x0 0x0 42 e 0x200 0x2 0xc0 0x0 0x0 0x0 43 e 0x200 0x2 0xc0 0x0 0x0 0x0 44 e 0x200 0x2 0xc0 0x0 0x0 0x0 45 e 0x200 0x2 0xc0 0x0 0x0 0x0 46 e 0x200 0x2 0xc0 0x0 0x0 0x0 47 e 0x200 0x2 0xc0 0x0 0x0 0x0 48 d 0x201 0x2 0xc0 0x0 0x0 0x0 49 d 0x201 0x2 0xc0 0x0 0x0 0x0 50 d 0x201 0x2 0xc0 0x0 0x0 0x0 51 d 0x201 0x2 0x200 0x0 0x0 0x0 52 d 0x201 0x2 0x200 0x0 0x0 0x0 53 d 0x201 0x2 0x200 0x0 0x0 0x0 54 d 0x201 0x2 0x200 0x0 0x0 0x0 55 d 0x201 0x2 0x200 0x0 0x0 0x0 56 d 0x201 0x2 0x200 0x0 0x0 0x0 57 d 0x201 0x2 0x200 0x0 0x0 0x0 58 d 0x201 0x2 0x200 0x0 0x0 0x0 59 d 0x201 0x2 0x200 0x0 0x0 0x0 60 e 0x200 0x2 0x2a0 0x0 0x0 0x0 61 d 0x201 0x2 0x200 0x0 0x0 0x0 62 d 0x201 0x2 0x200 0x0 0x0 0x0 64 e 0x200 0x2 0x2a0 0x0 0x0 0x0 Number of Ports: 63 Configured Controllers: IP Address: 192.168.103.10 State: Active Port: 6633 Retry Count: 0 Configured Controller Count 1
So, there is only one datapath, and it points to 192.168.103.10:6633. That IP address is an interface on bbn-hn:
[13:31:20] jbs@bbn-hn:/home/jbs +$ ifconfig -a | grep -A 7 -B 1 192.168.103.10 bond2.1006 Link encap:Ethernet HWaddr 5C:F3:FC:6B:10:A8 inet addr:192.168.103.10 Bcast:192.168.103.255 Mask:255.255.255.0 inet6 addr: fe80::5ef3:fcff:fe6b:10a8/64 Scope:Link UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:106891 errors:0 dropped:0 overruns:0 frame:0 TX packets:117109 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:11828203 (11.2 MiB) TX bytes:17760462 (16.9 MiB)
FlowVisor is running on port 6633:
[13:32:26] jbs@bbn-hn:/home/jbs +$ sudo netstat -anp | grep 6633 [sudo] password for jbs: tcp 0 0 :::6633 :::* LISTEN 3517/java tcp 0 125 ::ffff:192.168.103.10:6633 ::ffff:192.168.103.4:41595 ESTABLISHED 3517/java [13:32:43] jbs@bbn-hn:/home/jbs +$ ps -efwww | grep 3517 491 3517 1 2 12:12 ? 00:02:19 java -server -Xms256M -Xmx1500M -XX:OnError=flowvisor-crash-logger -XX:+UseConcMarkSweepGC -Dorg.flowvisor.config_dir=/opt/flowvisor/etc/flowvisor -Dorg.flowvisor.install_dir=/opt/flowvisor/libexec/flowvisor -Djavax.net.ssl.keyStore=/opt/flowvisor/etc/flowvisor/mySSLKeyStore -Djavax.net.ssl.keyStorePassword=CHANGEME_PASSWD -cp /opt/flowvisor/libexec/flowvisor/openflow.jar:/opt/flowvisor/libexec/flowvisor/xmlrpc-client-3.1.3.jar:/opt/flowvisor/libexec/flowvisor/xmlrpc-common-3.1.3.jar:/opt/flowvisor/libexec/flowvisor/xmlrpc-server-3.1.3.jar:/opt/flowvisor/libexec/flowvisor/commons-logging-1.1.jar:/opt/flowvisor/libexec/flowvisor/ws-commons-util-1.0.2.jar:/opt/flowvisor/libexec/flowvisor/jsse.jar:/opt/flowvisor/libexec/flowvisor/asm-3.0.jar:/opt/flowvisor/libexec/flowvisor/cglib-2.2.jar:/opt/flowvisor/libexec/flowvisor/commons-codec-1.4.jar:/opt/flowvisor/libexec/flowvisor/gson-1.7.1.jar:/opt/flowvisor/libexec/flowvisor/jetty-continuation-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/jetty-http-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/jetty-io-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/jetty-security-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/jetty-server-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/jetty-util-7.0.2.v20100331.jar:/opt/flowvisor/libexec/flowvisor/servlet-api-2.5.jar:/opt/flowvisor/libexec/flowvisor/flowvisor.jar org.flowvisor.FlowVisor /opt/flowvisor/etc/flowvisor/config.xml jbs 4327 1532 0 13:33 pts/4 00:00:00 grep 3517
This verifies that all (one) datapaths on the rack switch report to FlowVisor.
For the second, fvctl shows only one device:
[13:33:43] jbs@bbn-hn:/home/jbs +$ fvctl --passwd-file=/etc/flowvisor/fvpasswd listDevices Device 0: 00:64:08:17:f4:b5:2a:00
This verifies that all datapaths reporting to FlowVisor come from the rack switch, and a site admin can look at FV's state using fvctl.
For the third, foamctl can show a list of slivers:
[13:37:07] jbs@bbn-hn:/home/jbs +$ foamctl geni:list-slivers --passwd-file=/opt/foam/etc/foampasswd { "slivers": [ { "status": "Approved", "sliver_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+tuptymon:3d95c17c-412b-4451-a2c2-c79d8b0542ee", "creation": "2012-08-10 04:51:08.680747+00:00", "pend_reason": null, "expiration": "2012-09-15 00:00:00+00:00", "deleted": "False", "user": null, "slice_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+tuptymon", "enabled": true, "email": "tupty@bbn.com", "flowvisor_slice": "3d95c17c-412b-4451-a2c2-c79d8b0542ee", "desc": "tuptymon OpenFlow resources at BBN.", "ref": null, "id": 12, "uuid": "3d95c17c-412b-4451-a2c2-c79d8b0542ee" }, { "status": "Approved", "sliver_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs16:d45b6df8-84ce-4764-811c-6bf2234efaa1", "creation": "2012-08-10 04:51:10.287736+00:00", "pend_reason": null, "expiration": "2012-10-15 19:00:00+00:00", "deleted": "False", "user": null, "slice_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs16", "enabled": true, "email": "jbs@bbn.com", "flowvisor_slice": "d45b6df8-84ce-4764-811c-6bf2234efaa1", "desc": "JBS 16 OpenFlow resources at BBN ExoGENI.", "ref": null, "id": 19, "uuid": "d45b6df8-84ce-4764-811c-6bf2234efaa1" }, { "status": "Approved", "sliver_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs15:8ae4e90c-c6e3-4570-8e23-2357303c6a27", "creation": "2012-08-10 04:51:10.488696+00:00", "pend_reason": null, "expiration": "2012-10-15 19:00:00+00:00", "deleted": "False", "user": null, "slice_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+jbs15", "enabled": true, "email": "jbs@bbn.com", "flowvisor_slice": "8ae4e90c-c6e3-4570-8e23-2357303c6a27", "desc": "JBS 15 OpenFlow resources at BBN ExoGENI.", "ref": null, "id": 20, "uuid": "8ae4e90c-c6e3-4570-8e23-2357303c6a27" }, { "status": "Approved", "sliver_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+trans:9d1e8717-424a-4495-a968-c7be314396dd", "creation": "2012-08-10 04:51:13.414379+00:00", "pend_reason": null, "expiration": "2012-08-14 00:00:00+00:00", "deleted": "False", "user": null, "slice_urn": "urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+trans", "enabled": true, "email": "lnevers@bbn.com", "flowvisor_slice": "9d1e8717-424a-4495-a968-c7be314396dd", "desc": "Vlan translation for EG-EXP-5 resources at BBN ExoGENI.", "ref": null, "id": 33, "uuid": "9d1e8717-424a-4495-a968-c7be314396dd" } ] }
This verifies that a site administrator can look at FOAM's state using foamctl.
For the fourth, Omni can show advertised datapaths via the GENI AM API:
[13:39:38] jbs@jericho:/home/jbs +$ omni -a https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 listresources INFO:omni:Loading config file /home/jbs/.gcf/omni_config INFO:omni:Using control framework gpolab INFO:omni:Listed resources on 1 out of 1 possible aggregates. INFO:omni:<?xml version="1.0" ?> INFO:omni:<!-- Resources at AM: URN: unspecified_AM_URN URL: https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 --> INFO:omni: <rspec type="advertisement" xmlns="http://www.geni.net/resources/rspec/3" xmlns:openflow="http://www.geni.net/resources/rspec/ext/openflow/3" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance" xs:schemaLocation="http://www.geni.net/resources/rspec/3 http://www.geni.net/resources/rspec/3/ad.xsd http://www.geni.net/resources/rspec/ext/openflow/3 http://www.geni.net/resources/rspec/ext/openflow/3/of-ad.xsd"> <openflow:datapath component_id="urn:publicid:IDN+openflow:foam:bbn-hn.exogeni.gpolab.bbn.com+datapath+00:64:08:17:f4:b5:2a:00" component_manager_id="urn:publicid:IDN+openflow:foam:bbn-hn.exogeni.gpolab.bbn.com+authority+am" dpid="00:64:08:17:f4:b5:2a:00"> <openflow:port name="1" num="1"/> <openflow:port name="2" num="2"/> <openflow:port name="3" num="3"/> <openflow:port name="4" num="4"/> <openflow:port name="5" num="5"/> <openflow:port name="6" num="6"/> <openflow:port name="7" num="7"/> <openflow:port name="8" num="8"/> <openflow:port name="9" num="9"/> <openflow:port name="10" num="10"/> <openflow:port name="11" num="11"/> <openflow:port name="12" num="12"/> <openflow:port name="13" num="13"/> <openflow:port name="14" num="14"/> <openflow:port name="15" num="15"/> <openflow:port name="16" num="16"/> <openflow:port name="17" num="17"/> <openflow:port name="18" num="18"/> <openflow:port name="19" num="19"/> <openflow:port name="20" num="20"/> <openflow:port name="21" num="21"/> <openflow:port name="22" num="22"/> <openflow:port name="23" num="23"/> <openflow:port name="24" num="24"/> <openflow:port name="27" num="27"/> <openflow:port name="28" num="28"/> <openflow:port name="29" num="29"/> <openflow:port name="30" num="30"/> <openflow:port name="31" num="31"/> <openflow:port name="32" num="32"/> <openflow:port name="33" num="33"/> <openflow:port name="34" num="34"/> <openflow:port name="35" num="35"/> <openflow:port name="36" num="36"/> <openflow:port name="37" num="37"/> <openflow:port name="38" num="38"/> <openflow:port name="39" num="39"/> <openflow:port name="40" num="40"/> <openflow:port name="41" num="41"/> <openflow:port name="42" num="42"/> <openflow:port name="43" num="43"/> <openflow:port name="44" num="44"/> <openflow:port name="45" num="45"/> <openflow:port name="46" num="46"/> <openflow:port name="47" num="47"/> <openflow:port name="48" num="48"/> <openflow:port name="51" num="51"/> <openflow:port name="52" num="52"/> <openflow:port name="53" num="53"/> <openflow:port name="54" num="54"/> <openflow:port name="55" num="55"/> <openflow:port name="56" num="56"/> <openflow:port name="57" num="57"/> <openflow:port name="58" num="58"/> <openflow:port name="59" num="59"/> <openflow:port name="60" num="60"/> <openflow:port name="61" num="61"/> <openflow:port name="62" num="62"/> <openflow:port name="64" num="64"/> <openflow:port name="50" num="50"/> <openflow:port name="26" num="26"/> <openflow:port name="49" num="49"/> <openflow:port name="25" num="25"/> </openflow:datapath> </rspec> INFO:omni: ------------------------------------------------------------ INFO:omni: Completed listresources: Options as run: aggregate: https://bbn-hn.exogeni.gpolab.bbn.com:3626/foam/gapi/1 framework: gpolab native: True Args: listresources Result Summary: Retrieved resources from 1 aggregates. Wrote rspecs from 1 aggregates. INFO:omni: ============================================================
The one datapath from the switch (via FV) is advertised; this verifies that FOAM advertises all datapaths on the rack switch.