wiki:MyPlc/NetworkCoreRecommendations

Version 1 (modified by chaos@bbn.com, 13 years ago) (diff)

--

Configuration for MyPLC installations which connect to the GENI OpenFlow-enabled Network Core

This page lists the features which MyPLCs should have in order to work well when connected to the GENI OpenFlow-enabled network core. In particular, the Plastic Slices Meso-scale operations project will use MyPLCs configured according to these recommendations.

If any of these features don't make sense for your campus, please ask.

GENI AM API

It should be possible to use the GENI AM API to create slices which contain resources controlled by GENI-connected MyPLCs. In order to add this support to your MyPLC, you need to:

  • Install and configure the SFA software: Support for the GENI AM API in MyPLC is provided by the SFA utility, developed by Princeton. GPO is successfully deploying the sfa-geni-gec9 tag of SFA. See GpoLab/MyplcReferenceImplementation#AddingSFAtoMyPLC for details about how we add this version of SFA to a MyPLC.
  • Configure SFA to trust participating GENI slice authorities: Configuring MyPLC to trust a remote Slice Authority (SA), allows GENI slices created on that SA to create slivers (allocate resources) on the planetlab nodes connected to the MyPLC. Initial Plastic Slices experiments will trust the pgeni.gpolab.bbn.com slice authority. See GpoLab/MyplcReferenceImplementation#TrustaRemoteSliceAuthority for details about how we add this SA to a MyPLC.
  • Ensure that the site containing your nodes is public: The default site which comes packaged with a new MyPLC defaults to being private (it is designed for use in managing the PLC itself, and not really intended to contain nodes). Locally-created experiments can use a private site, but SFA requires a public site. If you put your nodes in the default site, you will need to configure that site to be public. See GpoLab/MyplcReferenceImplementation#APart2:Settingthesiteaspublic for how we configure the default site to be public.

Dataplane interfaces connected to OpenFlow networks and national backbones

MyPLC Planetlab nodes connected to the GENI OpenFlow-enabled network core should be able to send experimental traffic to each other using that network. This requires interface configuration on the hosts themselves, and configuration of the upstream network. The following pieces are needed:

  • Connect node secondary interface to OpenFlow-controlled VLANs usable by experimenters: The OpenFlow/CampusTopology page describes a configuration which can give experimenters flexible access to OpenFlow-controlled VLANs on campus and in the nationwide core. To bring each MyPLC-controlled planetlab node into this topology, connect its secondary interface to a VLAN trunk port allowing at least the VLANs 1700, 1750, 3715, and 3716 (as well as any additional VLANs for point-to-point topologies used at your campus). Configure that switch according to OpenFlow/CampusTopology.
  • Configure subinterfaces on secondary interfaces: The secondary interface on each planetlab host should contain VLAN-tagged subinterfaces for each relevant VLAN. Many IP addresses must be configured on each interface, so that different IPs can be used by different experiments. GPO will provide a list of IPs to configure on each of your nodes. GPO recommends the plifconfig utility and associated MyPLC patch, which allows interfaces to be controlled by planetlab. FIXME: create external documentation for plifconfig, and link to it.
  • Configure static arp tables for Plastic Slices IPs: Many OpenFlow-based configurations require static ARP entries so that traffic from a given planetlab host can reach other IPs in the experimental range. GPO will provide a current list of static ARPs to apply to your planetlab hosts. GPO recommends the install_arp_entries script to apply static ARP entries. FIXME: create external documentation for install_arp_entries, and link to it.
  • Ensure all IP addresses on a node are visible to slivers: In order for experimenters to be able to use the planetlab nodes attached to your MyPLC for networking experiments, the nodes need to successfully configure vserver so that configured interfaces (those which have IP addresses) are visible within slivers. That is, running /sbin/ifconfig -a within a sliver should show all the configured interfaces, rather than nothing or only the control interface. We have seen a lot of different behavior regarding this problem, resulting from different versions of the MyPLC software and various installed packages. We believe that installing a F8 MyPLC from scratch, following GpoLab/MyplcReferenceImplementation exactly, will lead to the desired behavior if you make sure to follow the instructions in GpoLab/MyplcReferenceImplementation#ImportantNotesonPlanetLabNodeInterfaces. If you have a different configuration and/or see any problems with this, please ask, and we will try to help.

Miscellaneous features

This section contains other features which are necessary or desirable for Plastic Slices use.

  • Ensure MyPLC and its nodes are reachable through firewalls: In order for an experimenter to use your MyPLC and its nodes, the following firewall exceptions are needed. If these exceptions are not appropriate for your environment, please contact GPO to discuss alternatives:
    • To create slivers on your MyPLC, the experimenter needs to reach TCP ports 80 (HTTP), 443 (HTTPS), and 12346 (SFA) on the MyPLC node.
    • To access slivers and setup/run an experiment, the experimenter needs to reach TCP port 22 (SSH) on the planetlab nodes.
    • To support network experimenters, dataplane interfaces should probably be unfirewalled between your planetlab nodes and the research backbone.
  • Fast nodemanager response to MyPLC changes: Under the default configuration, planetlab nodes check for new slivers, new interface configurations, and other changes managed by MyPLC, approximately once every 15 minutes. Some of the Plastic Slices project requirements need faster sliver creation, and utilization on these nodes is currently low enough that it is reasonable for nodemanager to be more active. GPO recommends that nodemanager on MyPLC planetlab nodes check for changes every 30-45 seconds, and that httpd logs on MyPLC nodes be rotated and compressed more frequently to compensate for the increased log traffic this causes. See GpoLab/MyplcReferenceImplementation#SetupFastSliverCreation for details about how we configure this.