Changes between Version 2 and Version 3 of MyPlc/NetworkCoreRecommendations


Ignore:
Timestamp:
04/22/11 09:36:19 (13 years ago)
Author:
chaos@bbn.com
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • MyPlc/NetworkCoreRecommendations

    v2 v3  
    1111It should be possible to use the GENI AM API to create slices which contain resources controlled by GENI-connected MyPLCs.  In order to add this support to your MyPLC, you need to:
    1212
    13  * '''Install and configure the SFA software:''' Support for the GENI AM API in MyPLC is provided by the SFA utility, developed by Princeton.  GPO is successfully deploying the `sfa-geni-gec9` tag of SFA.  See [wiki:GpoLab/MyplcReferenceImplementation#AddingSFAtoMyPLC] for details about how we add this version of SFA to a MyPLC.
    14  * '''Configure SFA to trust participating GENI slice authorities:''' Configuring MyPLC to trust a remote Slice Authority (SA), allows GENI slices created on that SA to create slivers (allocate resources) on the planetlab nodes connected to the MyPLC.  Initial Plastic Slices experiments will trust the `pgeni.gpolab.bbn.com` slice authority.  See [wiki:GpoLab/MyplcReferenceImplementation#TrustaRemoteSliceAuthority] for details about how we add this SA to a MyPLC.
    15  * '''Ensure that the site containing your nodes is public:''' The default site which comes packaged with a new MyPLC defaults to being private (it is designed for use in managing the PLC itself, and not really intended to contain nodes).  Locally-created experiments can use a private site, but SFA requires a public site.  If you put your nodes in the default site, you will need to configure that site to be public.  See [wiki:GpoLab/MyplcReferenceImplementation#APart2:Settingthesiteaspublic] for how we configure the default site to be public.
     13=== Install and configure the SFA software ===
     14
     15Support for the GENI AM API in MyPLC is provided by the SFA utility, developed by Princeton.  GPO is successfully deploying the `sfa-geni-gec9` tag of SFA.  See [wiki:GpoLab/MyplcReferenceImplementation#AddingSFAtoMyPLC] for details about how we add this version of SFA to a MyPLC.
     16
     17=== Configure SFA to trust participating GENI slice authorities ===
     18
     19Configuring MyPLC to trust a remote Slice Authority (SA), allows GENI slices created on that SA to create slivers (allocate resources) on the planetlab nodes connected to the MyPLC.  Initial Plastic Slices experiments will trust the `pgeni.gpolab.bbn.com` slice authority.  See [wiki:GpoLab/MyplcReferenceImplementation#TrustaRemoteSliceAuthority] for details about how we add this SA to a MyPLC.
     20
     21
     22=== Ensure that the site containing your nodes is public ===
     23
     24The default site which comes packaged with a new MyPLC defaults to being private (it is designed for use in managing the PLC itself, and not really intended to contain nodes).  Locally-created experiments can use a private site, but SFA requires a public site.  If you put your nodes in the default site, you will need to configure that site to be public.  See [wiki:GpoLab/MyplcReferenceImplementation#APart2:Settingthesiteaspublic] for how we configure the default site to be public.
    1625
    1726== Dataplane interfaces connected to !OpenFlow networks and national backbones ==
     
    1928MyPLC Planetlab nodes connected to the GENI !OpenFlow-enabled network core should be able to send experimental traffic to each other using that network.  This requires interface configuration on the hosts themselves, and configuration of the upstream network.  The following pieces are needed:
    2029
    21  * '''Connect node secondary interface to !OpenFlow-controlled VLANs usable by experimenters:''' The [wiki:OpenFlow/CampusTopology] page describes a configuration which can give experimenters flexible access to !OpenFlow-controlled VLANs on campus and in the nationwide core.  To bring each MyPLC-controlled planetlab node into this topology, connect its secondary interface to a VLAN trunk port allowing at least the VLANs 1700, 1750, 3715, and 3716 (as well as any additional VLANs for point-to-point topologies used at your campus).  Configure that switch according to [wiki:OpenFlow/CampusTopology].
    22  * '''Configure subinterfaces on secondary interfaces:''' The secondary interface on each planetlab host should contain VLAN-tagged subinterfaces for each relevant VLAN.  Many IP addresses must be configured on each interface, so that different IPs can be used by different experiments.  GPO will provide a list of IPs to configure on each of your nodes.  GPO recommends the plifconfig utility and associated MyPLC patch, which allows interfaces to be controlled by planetlab.  FIXME: create external documentation for plifconfig, and link to it.
    23  * '''Configure static arp tables for Plastic Slices IPs:''' Many !OpenFlow-based configurations require static ARP entries so that traffic from a given planetlab host can reach other IPs in the experimental range.  GPO will provide a current list of static ARPs to apply to your planetlab hosts.  GPO recommends the `install_arp_entries` script to apply static ARP entries.  FIXME: create external documentation for `install_arp_entries`, and link to it.
    24  * '''Ensure all IP addresses on a node are visible to slivers:''' In order for experimenters to be able to use the planetlab nodes attached to your MyPLC for networking experiments, the nodes need to successfully configure vserver so that configured interfaces (those which have IP addresses) are visible within slivers.  That is, running `/sbin/ifconfig -a` within a sliver should show all the configured interfaces, rather than nothing or only the control interface.  We have seen a lot of different behavior regarding this problem, resulting from different versions of the MyPLC software and various installed packages.  We believe that installing a F8 MyPLC from scratch, following [wiki:GpoLab/MyplcReferenceImplementation] exactly, will lead to the desired behavior ''if'' you make sure to follow the instructions in [wiki:GpoLab/MyplcReferenceImplementation#ImportantNotesonPlanetLabNodeInterfaces].  If you have a different configuration and/or see any problems with this, please ask, and we will try to help.
     30=== Connect node secondary interface to !OpenFlow-controlled VLANs usable by experimenters ===
     31
     32The [wiki:OpenFlow/CampusTopology] page describes a configuration which can give experimenters flexible access to !OpenFlow-controlled VLANs on campus and in the nationwide core.  To bring each MyPLC-controlled planetlab node into this topology, connect its secondary interface to a VLAN trunk port allowing at least the VLANs 1700, 1750, 3715, and 3716 (as well as any additional VLANs for point-to-point topologies used at your campus).  Configure that switch according to [wiki:OpenFlow/CampusTopology].
     33
     34=== Configure subinterfaces on secondary interfaces ===
     35
     36The secondary interface on each planetlab host should contain VLAN-tagged subinterfaces for each relevant VLAN.  Many IP addresses must be configured on each interface, so that different IPs can be used by different experiments.  GPO will provide a list of IPs to configure on each of your nodes.  GPO recommends the plifconfig utility and associated MyPLC patch, which allows interfaces to be controlled by planetlab.  FIXME: create external documentation for plifconfig, and link to it.
     37
     38=== Configure static arp tables for Plastic Slices IPs ===
     39
     40Many !OpenFlow-based configurations require static ARP entries so that traffic from a given planetlab host can reach other IPs in the experimental range.  GPO will provide a current list of static ARPs to apply to your planetlab hosts.  GPO recommends the `install_arp_entries` script to apply static ARP entries.  FIXME: create external documentation for `install_arp_entries`, and link to it.
     41
     42=== Ensure all IP addresses on a node are visible to slivers ===
     43
     44In order for experimenters to be able to use the planetlab nodes attached to your MyPLC for networking experiments, the nodes need to successfully configure vserver so that configured interfaces (those which have IP addresses) are visible within slivers.  That is, running `/sbin/ifconfig -a` within a sliver should show all the configured interfaces, rather than nothing or only the control interface.  We have seen a lot of different behavior regarding this problem, resulting from different versions of the MyPLC software and various installed packages.  We believe that installing a F8 MyPLC from scratch, following [wiki:GpoLab/MyplcReferenceImplementation] exactly, will lead to the desired behavior ''if'' you make sure to follow the instructions in [wiki:GpoLab/MyplcReferenceImplementation#ImportantNotesonPlanetLabNodeInterfaces].  If you have a different configuration and/or see any problems with this, please ask, and we will try to help.
    2545 
    2646== Miscellaneous features ==
     
    2848This section contains other features which are necessary or desirable for Plastic Slices use.
    2949
    30  * '''Ensure MyPLC and its nodes are reachable through firewalls:''' In order for an experimenter to use your MyPLC and its nodes, the following firewall exceptions are needed.  If these exceptions are not appropriate for your environment, please contact GPO to discuss alternatives:
    31    * To create slivers on your MyPLC, the experimenter needs to reach TCP ports 80 (HTTP), 443 (HTTPS), and 12346 (SFA) on the MyPLC node.
    32    * To access slivers and setup/run an experiment, the experimenter needs to reach TCP port 22 (SSH) on the planetlab nodes.
    33    * To support network experimenters, dataplane interfaces should probably be unfirewalled between your planetlab nodes and the research backbone.
    34  * '''Fast nodemanager response to MyPLC changes:''' Under the default configuration, planetlab nodes check for new slivers, new interface configurations, and other changes managed by MyPLC, approximately once every 15 minutes.  Some of the Plastic Slices project requirements need faster sliver creation, and utilization on these nodes is currently low enough that it is reasonable for nodemanager to be more active.  GPO recommends that nodemanager on MyPLC planetlab nodes check for changes every 30-45 seconds, and that httpd logs on MyPLC nodes be rotated and compressed more frequently to compensate for the increased log traffic this causes.  See [wiki:GpoLab/MyplcReferenceImplementation#SetupFastSliverCreation] for details about how we configure this.
     50=== Ensure MyPLC and its nodes are reachable through firewalls ===
     51
     52In order for an experimenter to use your MyPLC and its nodes, the following firewall exceptions are needed.  If these exceptions are not appropriate for your environment, please contact GPO to discuss alternatives:
     53 * To create slivers on your MyPLC, the experimenter needs to reach TCP ports 80 (HTTP), 443 (HTTPS), and 12346 (SFA) on the MyPLC node.
     54 * To access slivers and setup/run an experiment, the experimenter needs to reach TCP port 22 (SSH) on the planetlab nodes.
     55 * To support network experimenters, dataplane interfaces should probably be unfirewalled between your planetlab nodes and the research backbone.
     56
     57=== Configure fast nodemanager response to MyPLC changes ===
     58
     59Under the default configuration, planetlab nodes check for new slivers, new interface configurations, and other changes managed by MyPLC, approximately once every 15 minutes.  Some of the Plastic Slices project requirements need faster sliver creation, and utilization on these nodes is currently low enough that it is reasonable for nodemanager to be more active.  GPO recommends that nodemanager on MyPLC planetlab nodes check for changes every 30-45 seconds, and that httpd logs on MyPLC nodes be rotated and compressed more frequently to compensate for the increased log traffic this causes.  See [wiki:GpoLab/MyplcReferenceImplementation#SetupFastSliverCreation] for details about how we configure this.