59 | | '''Using:''' |
60 | | * On boss and ops, use available data sources to determine how many VLANs on the experimental switch are available for experimenters to use |
61 | | * For each available experimental VLAN, determine whether it is available for exclusive OpenFlow control |
62 | | * Determine what bound VLANs are available for use |
63 | | |
64 | | '''Verify:''' |
65 | | * The site administrator can determine how many unbound VLANs are available for use |
66 | | * The site administrator can determine which VLANs InstaGENI is able to configure for OpenFlow use |
67 | | * The site administrator can determine what bound VLANs are available for use |
68 | | |
69 | | === Results of testing step 2: 2012-05-28 === |
70 | | |
71 | | * On boss, use the database to find out the set of VLANs which can be used for dedicated experiments: |
72 | | {{{ |
73 | | boss,[~],12:19(0)$ mysql tbdb |
74 | | mysql> select stack_id,min_vlan,max_vlan,leader from switch_stack_types; |
75 | | +------------+----------+----------+-----------+ |
76 | | | stack_id | min_vlan | max_vlan | leader | |
77 | | +------------+----------+----------+-----------+ |
78 | | | Control | 128 | 256 | procurve1 | |
79 | | | Experiment | 257 | 999 | procurve2 | |
80 | | +------------+----------+----------+-----------+ |
81 | | 2 rows in set (0.00 sec) |
82 | | }}} |
83 | | * I am confused by this, because, looking at procurve1: |
84 | | {{{ |
85 | | ProCurve Switch 2610-24# show vlans |
86 | | ... |
| 59 | Determine all VLANs available to experimenters. For each available VLAN, determine whether it is available for exclusive OpenFlow control. This step verifies that the site administrator can determine how many VLANs are available for use and which are for OpenFlow only. |
| 60 | {{{ |
| 61 | $ omni.py listresources -a ig-gpo -o |
| 62 | }}} |
| 63 | |
| 64 | The output file show the following !OpenFlow VLANs: |
| 65 | {{{ |
| 66 | <rspec_shared_vlan xmlns="http://www.geni.net/resources/rspec/ext/shared-vlan/1"> |
| 67 | <available name="mesoscale-openflow"/> |
| 68 | <available name="exclusive-openflow-1755"/> |
| 69 | <available name="exclusive-openflow-1756"/> |
| 70 | <available name="exclusive-openflow-1757"/> |
| 71 | <available name="exclusive-openflow-1758"/> |
| 72 | <available name="exclusive-openflow-1759"/> |
| 73 | <available name="L2-ping-tutorial"/> |
| 74 | </rspec_shared_vlan> |
| 75 | }}} |
| 76 | |
| 77 | The following VLAN are available on the switch "procurve2" (dataplane switch) for stitching use: |
| 78 | {{{ |
| 79 | <node id="urn:publicid:IDN+instageni.gpolab.bbn.com+node+procurve2"> |
| 80 | <vlanRangeAvailability> 3747-3749 </vlanRangeAvailability> |
| 81 | <vlanTranslation> false </vlanTranslation> |
| 82 | <node id="urn:publicid:IDN+instageni.gpolab.bbn.com+node+procurve2"> |
| 83 | <vlanRangeAvailability> 2644-2649 </vlanRangeAvailability> |
| 84 | <vlanTranslation> false </vlanTranslation> |
| 85 | }}} |
| 86 | |
| 87 | Additional information can be determined by logging into the dataplane switch and showing VLAN information: |
| 88 | {{{ |
| 89 | $ ssh boss.instageni.gpolab.com |
| 90 | [lnevers@boss ~]$ sudo more /usr/testbed/etc/switch.pswd |
| 91 | XXXXX |
| 92 | [lnevers@boss ~]$ ssh manager@procurve2 |
| 93 | |
| 94 | manager@procurve2's password: |
| 95 | |
| 96 | HP-E5406zl# show vlans |
| 97 | |
| 98 | Status and Counters - VLAN Information |
| 99 | |
| 100 | Maximum VLANs to support : 256 |
| 101 | Primary VLAN : DEFAULT_VLAN |
| 102 | Management VLAN : control-hardware |
| 103 | |
90 | | 257 _42 | Port-based No No |
91 | | 260 _44 | Port-based No No |
92 | | }}} |
93 | | Why are VLANs in the experimental range on the control switch? Incidentally, the mac-address table doesn't show any VLANs in that range, but i am confused by this. |
94 | | * I went ahead and created a sliver containing two virtual nodes and a virtual LAN: |
95 | | {{{ |
96 | | omni -a http://www.utah.geniracks.net/protogeni/xmlrpc/am createsliver ecgtest2 ~/omni/rspecs/request/rack-testing/acceptance-tests/IG-MON-nodes-C.rspec |
97 | | }}} |
98 | | * That did not generate any additional VLANs on the control switch. I can't experiment with a physical node because there aren't any free right now. |
99 | | |
100 | | Anyway, i also can't look into !OpenFlow options because that's not implemented yet. |
101 | | |
102 | | I have an open question on the list about bound VLANs, and i'm blocked on that to look into bound VLANs. |
| 107 | 10 control-hardware | Port-based No No |
| 108 | 257 _8 | Port-based No No |
| 109 | 1750 _11 | Port-based No No |
| 110 | 1755 _347 | Port-based No No |
| 111 | 1756 _348 | Port-based No No |
| 112 | 1757 _349 | Port-based No No |
| 113 | 1758 _350 | Port-based No No |
| 114 | 1759 _351 | Port-based No No |
| 115 | 3705 _222 | Port-based No No |
| 116 | 3742 _481 | Port-based No No |
| 117 | |
| 118 | HP-E5406zl# show vlans 1750 |
| 119 | |
| 120 | Status and Counters - VLAN Information - VLAN 1750 |
| 121 | |
| 122 | VLAN ID : 1750 |
| 123 | Name : _11 |
| 124 | Status : Port-based |
| 125 | Voice : No |
| 126 | Jumbo : No |
| 127 | |
| 128 | Port Information Mode Unknown VLAN Status |
| 129 | ---------------- -------- ------------ ---------- |
| 130 | E1 Tagged Learn Up |
| 131 | E4 Tagged Learn Up |
| 132 | E5 Tagged Learn Up |
| 133 | E23 Tagged Learn Up |
| 134 | E24 Tagged Learn Up |
| 135 | }}} |
| 136 | |
| 137 | The overall configuration can also be shown on the switch to determine configured VLAN information as well as details for the !OpenFlow VLANs: |
| 138 | {{{ |
| 139 | HP-E5406zl# show running-config |
| 140 | <...> |
| 141 | vlan 1 |
| 142 | name "DEFAULT_VLAN" |
| 143 | forbid E3,E6 |
| 144 | untagged A1-A24,E7-E19,E21-E22 |
| 145 | no untagged E1-E6,E20,E23-E24 |
| 146 | no ip address |
| 147 | exit |
| 148 | vlan 10 |
| 149 | name "control-hardware" |
| 150 | untagged E20 |
| 151 | ip address 10.2.1.253 255.255.255.0 |
| 152 | ip address 10.3.1.253 255.255.255.0 |
| 153 | exit |
| 154 | vlan 1750 |
| 155 | name "_11" |
| 156 | tagged E1,E4-E5,E23-E24 |
| 157 | no ip address |
| 158 | exit |
| 159 | vlan 3705 |
| 160 | name "_222" |
| 161 | tagged E23-E24 |
| 162 | no ip address |
| 163 | vlan 1755 |
| 164 | name "_347" |
| 165 | tagged E23-E24 |
| 166 | no ip address |
| 167 | exit |
| 168 | vlan 1756 |
| 169 | name "_348" |
| 170 | tagged E23-E24 |
| 171 | no ip address |
| 172 | exit |
| 173 | vlan 1757 |
| 174 | name "_349" |
| 175 | tagged E23-E24 |
| 176 | no ip address |
| 177 | exit |
| 178 | vlan 1758 |
| 179 | name "_350" |
| 180 | tagged E23-E24 |
| 181 | no ip address |
| 182 | exit |
| 183 | vlan 1759 |
| 184 | name "_351" |
| 185 | tagged E23-E24 |
| 186 | no ip address |
| 187 | exit |
| 188 | vlan 257 |
| 189 | name "_8" |
| 190 | untagged E3,E6 |
| 191 | tagged E1-E2,E4-E5 |
| 192 | no ip address |
| 193 | exit |
| 194 | vlan 3742 |
| 195 | name "_481" |
| 196 | tagged E1,E4,E24 |
| 197 | no ip address |
| 198 | exit |
| 199 | <...> |
| 200 | openflow |
| 201 | vlan 1750 |
| 202 | enable |
| 203 | controller "tcp:10.3.1.7:6633" fail-secure on |
| 204 | exit |
| 205 | vlan 1755 |
| 206 | enable |
| 207 | controller "tcp:10.3.1.7:6633" |
| 208 | exit |
| 209 | vlan 1756 |
| 210 | enable |
| 211 | controller "tcp:10.3.1.7:6633" |
| 212 | exit |
| 213 | vlan 1757 |
| 214 | enable |
| 215 | controller "tcp:10.3.1.7:6633" |
| 216 | exit |
| 217 | vlan 1758 |
| 218 | enable |
| 219 | controller "tcp:10.3.1.7:6633" |
| 220 | exit |
| 221 | vlan 1759 |
| 222 | enable |
| 223 | controller "tcp:10.3.1.7:6633" |
| 224 | exit |
| 225 | exit |
| 226 | }}} |
| 227 | |
| 228 | |
| 229 | * On boss, use the database to find out the set of VLANs which can be used for dedicated experiments: |
| 230 | {{{ |
106 | | '''Using:''' |
| 234 | This step verified that an experimenter can use the trusted SAs and that the site administrator can determine the full set of trusted GENI Slice Authorities: |
| 235 | |
| 236 | Use Omni tools with pgeni.gpolab.bbn.com credentials to query the GPO rack. The omni_config is defined as follows: |
| 237 | {{{ |
| 238 | [omni] |
| 239 | default_cf = pg |
| 240 | users = lnevers |
| 241 | # ---------- Users ---------- |
| 242 | [lnevers] |
| 243 | urn = urn:publicid:IDN+pgeni.gpolab.bbn.com+user+lnevers |
| 244 | keys = /home/lnevers/.ssh/id_rsa.pub |
| 245 | # ---------- Frameworks ---------- |
| 246 | [pg] |
| 247 | type = pg |
| 248 | ch = https://www.emulab.net:12369/protogeni/xmlrpc/ch |
| 249 | sa = https://www.pgeni.gpolab.bbn.com:443/protogeni/xmlrpc/sa |
| 250 | cert = /home/lnevers/.ssl/pgeni/encrypted-cleartext.pem |
| 251 | key = /home/lnevers/.ssl/pgeni/encrypted-cleartext.pem |
| 252 | }}} |
| 253 | |
| 254 | Create a slice and a sliver at the GPO InstaGENI: |
| 255 | {{{ |
| 256 | $ omni.py createslice ln-pgeni-cred |
| 257 | $ omni.py createsliver ln-pgeni-cred -a ig-gpo ./insta-gpo-1vm.rspec |
| 258 | <...> |
| 259 | INFO:omni:Slice urn:publicid:IDN+pgeni.gpolab.bbn.com+slice+ln-pgeni-cred expires on 2013-03-06 21:58:49 UTC |
| 260 | <..> |
| 261 | }}} |
| 262 | The Slice urn shows the pgeni.gpolab.bbn.com SA was used to reserve resources within the rack. Before proceeding delete the sliver: |
| 263 | {{{ |
| 264 | $ omni.py deletesliver ln-pgeni-cred -a ig-gpo |
| 265 | }}} |
| 266 | To verify support for PG Utah SA, modify the omni_config to use emulab as a default framwork and selcte the urn for the emulab account: |
| 267 | {{{ |
| 268 | [omni] |
| 269 | default_cf = emulab |
| 270 | users = lnevers |
| 271 | # ---------- Users ---------- |
| 272 | [lnevers] |
| 273 | urn = urn:publicid:IDN+emulab.net+user+lnevers |
| 274 | keys = /home/lnevers/.ssh/id_rsa.pub |
| 275 | # ---------- Frameworks ---------- |
| 276 | [emulab] |
| 277 | type = pg |
| 278 | ch = https://www.emulab.net:12369/protogeni/xmlrpc/ch |
| 279 | sa = https://www.emulab.net:12369/protogeni/xmlrpc/sa |
| 280 | cert = ~/.ssl/protogeni/encrypted-cleartext.pem |
| 281 | key = ~/.ssl/protogeni/encrypted-cleartext.pem |
| 282 | verbose=false |
| 283 | }}} |
| 284 | |
| 285 | Create a new slice with the PG Utah SA credentials and sliver: |
| 286 | {{{ |
| 287 | $ omni.py createslice ln-pgutah-cred |
| 288 | $ omni.py createsliver ln-pgutah-cred -a ig-gpo ./insta-gpo-1vm.rspec |
| 289 | <...> |
| 290 | INFO:omni:Slice urn:publicid:IDN+emulab.net+slice+ln-pgutah-cred expires within 1 day on 2013-03-06 03:06:59 UTC |
| 291 | <...> |
| 292 | }}} |
| 293 | |
| 294 | The Slice urn shows the emulab.net SA was used to reserve resources within the rack. |
| 295 | |
| 296 | TO BE DONE: |
| 297 | |
| 298 | Show |