Changes between Version 2 and Version 3 of JoeSandbox/OpenFlowOVS/Execute
- Timestamp:
- 08/13/14 17:51:08 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
JoeSandbox/OpenFlowOVS/Execute
v2 v3 33 33 Depending on which tool and OS you are using there is a slightly different process for logging in. If you don't know how to SSH to your reserved hosts take a look in [wiki:HowTo/LoginToNodes this page.] 34 34 35 === 2a. Configure the Software Switch ===35 === 2a. '''(No need any more)'''Configure the Software Switch === 36 36 37 37 Now that you are logged in, we need first to configure OVS. To save time in this tutorial, we have already started OVS and we have added an Ethernet bridge that will act as our software switch. Try the following to show the configure bridge: … … 79 79 }}} 80 80 81 === 2c. Point your switch to a controller ===81 === '''(Where is 2b?)'''2c. Point your switch to a controller === 82 82 83 83 Find the control interface IP of your controller, use ifconfig and note down the IP of `eth0`. 84 84 85 An !OpenFlow switch will not forward any packet, unless instructed by a controller. Basically the forwarding table is empty, until an external controller inserts forwarding rules. The !OpenFlow controller communicates with the switch over the control network and it can be anywhere in the Internet as long as it is reachable by the OVS host. For the purpose of this tutorial and in order to minimize the resources we have reserved we are going to run !OpenFlow controller at the same host as the OVS switch. This is '''merely''' for convenience reasons, the controller could have been anywhere on the Internet.85 An !OpenFlow switch will not forward any packet, unless instructed by a controller. Basically the forwarding table is empty, until an external controller inserts forwarding rules. The !OpenFlow controller communicates with the switch over the control network and it can be anywhere in the Internet as long as it is reachable by the OVS host. '''(The following sentence is not true anymore)'''For the purpose of this tutorial and in order to minimize the resources we have reserved we are going to run !OpenFlow controller at the same host as the OVS switch. This is '''merely''' for convenience reasons, the controller could have been anywhere on the Internet. 86 86 87 87 In order to point our software !OpenFlow switch to the controller run: 88 88 {{{ 89 sudo ovs-vsctl set-controller br 0tcp:<controller_ip>:663390 }}} 91 92 ==== `standalone` vs `secure` mode ====89 sudo ovs-vsctl set-controller br-switch tcp:<controller_ip>:6633 90 }}} 91 92 ==== '''(No need anymore. But maybe we should keep the instroduction)'''`standalone` vs `secure` mode ==== 93 93 94 94 The !OpenFlow controller is responsible for setting up all flows on the switch, which means that when the controller is not running there should be no packet switching at all. Depending on the setup of your network, such a behavior might not be desired. It might be best that when the controller is down, the switch should default back in being a learning layer 2 switch. In other circumstances however this might be undesirable. In OVS this is a tunable parameter, called `fail-safe-mode` which can be set to the following parameters: … … 98 98 In OVS when the parameter is not set it falls back to the `standalone` mode. For the purpose of this tutorial we will set the `fail-safe-mode` to `secure`, since we want to be the ones controlling the forwarding. Run: 99 99 {{{ 100 sudo ovs-vsctl set-fail-mode br 0secure100 sudo ovs-vsctl set-fail-mode br-switch secure 101 101 }}} 102 102 You can verify your OVS settings by issuing the following: … … 120 120 1. First we are going to start a ping from `host1` to `host2`, which should timeout, since there is no controller running. 121 121 {{{ 122 ping host2 -c 10 123 }}} 124 125 2. We have installed the POX controller under `/tmp/pox` on the controller host. POX comes with a set of example modules that you can use out of the box. One of the modules is a learning switch. Let's start the learning switch controller which is already available: 126 {{{ 127 cd /tmp/pox 128 ./pox.py --verbose forwarding.l2_learning 129 }}} 130 131 '' Note: "l2" above uses the letter `l` as in level and is not the number one.'' 122 ping host2 123 }}} 124 125 2. We have installed the Ryu controller under `/tmp/ryu` on the controller host. We put a set of example modules that you can use out of the box. One of the modules is a learning switch. Let's start the learning switch controller which is already available: 126 {{{ 127 cd /tmp/ryu 128 PYTHONPATH=. ./bin/ryu-manager ryu/ext/simple_switch.py 129 }}} 132 130 133 131 3. Now go to terminal of `host1` and ping `host2`: … … 151 149 5. To see the flow table entries on your OVS switch: 152 150 {{{ 153 sudo ovs-ofctl dump-flows br 0154 }}} 155 You should see at least two table entries: One for ICMP Echo (icmp_code=8) messages from host1 to host2 and one for ICMP Echo Reply (icmp_code=0)messages from host2 to host1. You may also see flow entries for arp packets.156 157 6. To see messages go between your switch and your controller (listening on port 6633 of your localhost), run tcpdump on the `eth0` interface of your controller node: 151 sudo ovs-ofctl dump-flows br-switch 152 }}} 153 You should see at least two table entries: One for messages from host1 to host2 and one for messages from host2 to host1. You may also see flow entries for arp packets. 154 155 6. To see messages go between your switch and your controller (listening on port 6633 of your localhost), run tcpdump on the `eth0` interface of your controller node: '''(This one I saw too many other packet)''' 158 156 {{{ 159 157 sudo tcpdump -i eth0 … … 161 159 You will see (1) periodic keepalive messages being exchanged by the switch and the controller, (2) messages from the switch to the controller (e.g. when there is a table miss) and an ICMP Echo message in, and (3) messages from the controller to the switch (e.g. to install new flow entries). 162 160 163 7. Kill your POX controller by pressing `Ctrl-C`: 164 {{{ 165 DEBUG:forwarding.l2_learning:installing flow for 02:c7:e8:a7:40:65.1 -> 02:f1:ae:bb:e3:a8.2 166 ^C 167 INFO:core:Going down... 168 INFO:openflow.of_01:[3a-51-a1-ab-c3-43 1] disconnected 169 INFO:core:Down. 170 }}} 161 7. Kill your Ryu controller by pressing `Ctrl-C`. 171 162 172 163 8. Notice what happens to your ping on host1. … … 174 165 9. Check the flow table entries on your switch: 175 166 {{{ 176 sudo ovs-ofctl dump-flows br 0167 sudo ovs-ofctl dump-flows br-switch 177 168 }}} 178 169 Since you set your switch to "secure" mode, i.e. don't forward packets if the controller fails, you will not see flow table entries. If you see flow table entries, try again after 10 seconds to give the entries time to expire. … … 190 181 === Useful Tips for writing your controller === 191 182 192 In order to make this first experience of writing controller easier, we wrote some helpful functions that will abstract some of the particularities of POXaway.193 These functions are located in `/tmp/ pox/ext/utils.py`, so while you write your controller consult this file for details.183 In order to make this first experience of writing controller easier, we wrote some helpful functions that will abstract some of the particularities of Ryu away. 184 These functions are located in `/tmp/ryu/ryu/ext/utils.py`, so while you write your controller consult this file for details. 194 185 195 186 Functions that are implemented include: … … 205 196 * packetDstTCPPort : Test the destination TCP port of a packet 206 197 * packetSrcTCPPort : Test the source TCP port of a packet 207 * createOFAction : Create one OpenFlow action208 * getFullMatch : get the full match out of a packet209 * createFlowMod : create a flow mod210 198 * createArpRequest : Create an Arp Request for a different destination IP 211 199 * createArpReply : Create an Arp Reply for a different source IP … … 220 208 If you are using an OVS switch, you can dump information from your switch. For example, to dump the flows: 221 209 {{{ 222 sudo ovs-ofctl dump-flows br 0210 sudo ovs-ofctl dump-flows br-switch 223 211 }}} 224 212 Two other useful commands show you the status of your switch: 225 213 {{{ 226 214 sudo ovs-vsctl show 227 sudo ovs-ofctl show br 0215 sudo ovs-ofctl show br-switch 228 216 }}} 229 217 … … 262 250 }}} 263 251 264 2. In the contorller host directory `/tmp/ pox/ext` you would see twofiles:265 266 i. myDuplicateTraffic.py : this is the file that has instructions about how to complete the missing information, go ahead and try to implement your first controller.252 2. In the contorller host directory `/tmp/ryu/ryu/ext` you would see three files: 253 254 i. '''(I don't have it yet)'''myDuplicateTraffic.py : this is the file that has instructions about how to complete the missing information, go ahead and try to implement your first controller. 267 255 ii. !DuplicateTraffic.py : this has the actual solution you can just run this if you don't want to bother with writing a controller. 268 269 3. Run your newly written controller on the <data_interface_name> that corresponds to ''OVS:if2'' (which is connected to `host3`): 270 {{{ 271 cd /tmp/pox 272 ./pox.py --verbose myDuplicateTraffic --duplicate_port=<data_interface_name> 256 iii. duplicate.config : in this file, you specify which port you want to duplicate traffic to. To figure out which port maps to which interface, use "sudo ovs-ofctl show br-switch". 257 258 3. Run your newly written controller : 259 {{{ 260 cd /tmp/ryu 261 PYTHONPATH=. ./bin/ryu-manager ryu/ext/DuplicateTraffic.py 273 262 }}} 274 263 … … 279 268 If your controller is working, your packets will register in both terminals running tcpdump. 280 269 281 5. Stop the POX controller: 282 {{{ 283 DEBUG:myDuplicateTraffic:Got a packet : [02:f1:ae:bb:e3:a8>02:c7:e8:a7:40:65 IP] 284 DEBUG:SimpleL2Learning:installing flow for 02:f1:ae:bb:e3:a8.2 -> 02:c7:e8:a7:40:65.[1, 2] 285 ^C 286 INFO:core:Going down... 287 INFO:openflow.of_01:[3a-51-a1-ab-c3-43 1] disconnected 288 INFO:core:Down. 289 controller:/tmp/pox% 290 }}} 270 5. Stop the Ryu controller using `Ctrl-C`. 291 271 292 272 === 3d. Run a port forward Controller ===