Changes between Version 2 and Version 3 of JoeSandbox/OpenFlowOVS/Execute


Ignore:
Timestamp:
08/13/14 17:51:08 (10 years ago)
Author:
zwang@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • JoeSandbox/OpenFlowOVS/Execute

    v2 v3  
    3333Depending on which tool and OS you are using there is a slightly different process for logging in. If you don't know how to SSH to your reserved hosts take a look in [wiki:HowTo/LoginToNodes this page.]
    3434
    35 === 2a. Configure  the Software Switch ===
     35=== 2a. '''(No need any more)'''Configure  the Software Switch ===
    3636
    3737Now that you are logged in, we need first to configure OVS. To save time in this tutorial, we have already started OVS and we have added an Ethernet bridge that will act as our software switch. Try the following to show the configure bridge:
     
    7979}}}
    8080
    81 === 2c. Point your switch to a controller ===
     81=== '''(Where is 2b?)'''2c. Point your switch to a controller ===
    8282
    8383Find the control interface IP of your controller, use ifconfig and note down the IP of `eth0`.
    8484
    85 An !OpenFlow switch will not forward any packet, unless instructed by a controller. Basically the forwarding table is empty, until an external controller inserts forwarding rules. The !OpenFlow controller communicates with the switch over the control network and it can be anywhere in the Internet as long as it is reachable by the OVS host. For the purpose of this tutorial and in order to minimize the resources we have reserved we are going to run !OpenFlow controller at the same host as the OVS switch. This is '''merely''' for convenience reasons, the controller could have been anywhere on the Internet.
     85An !OpenFlow switch will not forward any packet, unless instructed by a controller. Basically the forwarding table is empty, until an external controller inserts forwarding rules. The !OpenFlow controller communicates with the switch over the control network and it can be anywhere in the Internet as long as it is reachable by the OVS host. '''(The following sentence is not true anymore)'''For the purpose of this tutorial and in order to minimize the resources we have reserved we are going to run !OpenFlow controller at the same host as the OVS switch. This is '''merely''' for convenience reasons, the controller could have been anywhere on the Internet.
    8686
    8787In order to point our software !OpenFlow switch to the controller run:
    8888{{{
    89 sudo ovs-vsctl set-controller br0 tcp:<controller_ip>:6633
    90 }}}
    91 
    92 ==== `standalone` vs `secure` mode ====
     89sudo ovs-vsctl set-controller br-switch tcp:<controller_ip>:6633
     90}}}
     91
     92==== '''(No need anymore. But maybe we should keep the instroduction)'''`standalone` vs `secure` mode ====
    9393
    9494The !OpenFlow controller is responsible for setting up all flows on the switch, which means that when the controller is not running there should be no packet switching at all. Depending on the setup of your network, such a behavior might not be desired. It might be best that when the controller is down, the switch should default back in being a learning layer 2 switch. In other circumstances however this might be undesirable. In OVS this is a tunable parameter, called `fail-safe-mode` which can be set to the following parameters:
     
    9898In OVS when the parameter is not set it falls back to the `standalone` mode. For the purpose of this tutorial we will set the `fail-safe-mode` to `secure`, since we want to be the ones controlling the forwarding. Run:
    9999{{{
    100 sudo ovs-vsctl set-fail-mode br0 secure
     100sudo ovs-vsctl set-fail-mode br-switch secure
    101101}}}
    102102You can verify your OVS settings by issuing the following:
     
    120120  1. First we are going to start a ping from  `host1` to `host2`, which should timeout, since there is no controller running.
    121121  {{{
    122   ping host2 -c 10
    123   }}}
    124 
    125   2. We have installed the POX controller under `/tmp/pox` on the controller host. POX comes with a set of example modules that you can use out of the box. One of the modules is a learning switch.  Let's start the learning switch controller which is already available:
    126   {{{
    127   cd /tmp/pox
    128   ./pox.py --verbose forwarding.l2_learning
    129   }}}
    130 
    131    '' Note: "l2" above uses the letter `l` as in level and is not the number one.''
     122  ping host2
     123  }}}
     124
     125  2. We have installed the Ryu controller under `/tmp/ryu` on the controller host. We put a set of example modules that you can use out of the box. One of the modules is a learning switch.  Let's start the learning switch controller which is already available:
     126  {{{
     127  cd /tmp/ryu
     128  PYTHONPATH=. ./bin/ryu-manager ryu/ext/simple_switch.py
     129  }}}
    132130
    133131 3. Now go to terminal of `host1` and ping `host2`:
     
    151149  5. To see the flow table entries on your OVS switch:
    152150  {{{
    153   sudo ovs-ofctl dump-flows br0
    154   }}}
    155   You should see at least two table entries: One for ICMP Echo (icmp_code=8) messages from host1 to host2 and one for ICMP Echo Reply (icmp_code=0) messages from host2 to host1.  You may also see flow entries for arp packets.
    156 
    157   6. To see messages go between your switch and your controller (listening on port 6633 of your localhost), run tcpdump on the `eth0` interface of your controller node:
     151  sudo ovs-ofctl dump-flows br-switch
     152  }}}
     153  You should see at least two table entries: One for messages from host1 to host2 and one for messages from host2 to host1.  You may also see flow entries for arp packets.
     154
     155  6. To see messages go between your switch and your controller (listening on port 6633 of your localhost), run tcpdump on the `eth0` interface of your controller node: '''(This one I saw too many other packet)'''
    158156  {{{
    159157  sudo tcpdump -i eth0
     
    161159  You will see (1) periodic keepalive messages being exchanged by the switch and the controller, (2) messages from the switch to the controller (e.g. when there is a table miss) and an ICMP Echo message in, and (3) messages from the controller to the switch (e.g. to install new flow entries).
    162160
    163   7. Kill your POX controller by pressing `Ctrl-C`:
    164   {{{
    165   DEBUG:forwarding.l2_learning:installing flow for 02:c7:e8:a7:40:65.1 -> 02:f1:ae:bb:e3:a8.2
    166   ^C
    167   INFO:core:Going down...
    168   INFO:openflow.of_01:[3a-51-a1-ab-c3-43 1] disconnected
    169   INFO:core:Down.
    170   }}}
     161  7. Kill your Ryu controller by pressing `Ctrl-C`.
    171162
    172163  8. Notice what happens to your ping on host1.
     
    174165  9. Check the flow table entries on your switch:
    175166   {{{
    176   sudo ovs-ofctl dump-flows br0
     167  sudo ovs-ofctl dump-flows br-switch
    177168  }}}
    178169  Since you set your switch to "secure" mode, i.e. don't forward packets if the controller fails, you will not see flow table entries.  If you see flow table entries, try again after 10 seconds to give the entries time to expire.
     
    190181=== Useful Tips for writing your controller ===
    191182
    192 In order to make this first experience of writing controller easier, we wrote some helpful functions that will abstract some of the particularities of POX away.
    193 These functions are located in `/tmp/pox/ext/utils.py`, so while you write your controller consult this file for details.
     183In order to make this first experience of writing controller easier, we wrote some helpful functions that will abstract some of the particularities of Ryu away.
     184These functions are located in `/tmp/ryu/ryu/ext/utils.py`, so while you write your controller consult this file for details.
    194185
    195186Functions that are implemented include:
     
    205196  * packetDstTCPPort : Test the destination TCP port of a packet
    206197  * packetSrcTCPPort : Test the source TCP port of a packet
    207   * createOFAction : Create one OpenFlow action
    208   * getFullMatch : get the full match out of a packet
    209   * createFlowMod : create a flow mod
    210198  * createArpRequest : Create an Arp Request for  a different destination IP
    211199  * createArpReply : Create an Arp Reply for  a different source IP
     
    220208If you are using an OVS switch, you can dump information from your switch.  For example, to dump the flows:
    221209{{{
    222 sudo ovs-ofctl dump-flows br0
     210sudo ovs-ofctl dump-flows br-switch
    223211}}}
    224212Two other useful commands show you the status of your switch:
    225213{{{
    226214sudo ovs-vsctl show
    227 sudo ovs-ofctl show br0
     215sudo ovs-ofctl show br-switch
    228216}}}
    229217
     
    262250  }}}
    263251
    264   2. In the contorller host directory `/tmp/pox/ext` you would see two files:
    265 
    266        i. myDuplicateTraffic.py : this is the file that has instructions about how to complete the missing information, go ahead and try to implement your first controller.
     252  2. In the contorller host directory `/tmp/ryu/ryu/ext` you would see three files:
     253
     254       i. '''(I don't have it yet)'''myDuplicateTraffic.py : this is the file that has instructions about how to complete the missing information, go ahead and try to implement your first controller.
    267255       ii. !DuplicateTraffic.py : this has the actual solution you can just run this if you don't want to bother with writing a controller.
    268 
    269   3. Run your newly written controller on the <data_interface_name> that corresponds to ''OVS:if2'' (which is connected to `host3`):
    270   {{{
    271   cd /tmp/pox
    272   ./pox.py --verbose myDuplicateTraffic --duplicate_port=<data_interface_name>
     256       iii. duplicate.config : in this file, you specify which port you want to duplicate traffic to. To figure out which port maps to which interface, use "sudo ovs-ofctl show br-switch".
     257
     258  3. Run your newly written controller :
     259  {{{
     260  cd /tmp/ryu
     261  PYTHONPATH=. ./bin/ryu-manager ryu/ext/DuplicateTraffic.py
    273262  }}}
    274263   
     
    279268  If your controller is working, your packets will register in both terminals running tcpdump.
    280269
    281   5. Stop the POX controller:
    282   {{{
    283   DEBUG:myDuplicateTraffic:Got a packet : [02:f1:ae:bb:e3:a8>02:c7:e8:a7:40:65 IP]
    284   DEBUG:SimpleL2Learning:installing flow for 02:f1:ae:bb:e3:a8.2 -> 02:c7:e8:a7:40:65.[1, 2]
    285   ^C
    286   INFO:core:Going down...
    287   INFO:openflow.of_01:[3a-51-a1-ab-c3-43 1] disconnected
    288   INFO:core:Down.
    289   controller:/tmp/pox%
    290   }}}
     270  5. Stop the Ryu controller using `Ctrl-C`.
    291271
    292272=== 3d. Run a port forward Controller ===