wiki:OpenFlow/Expedient

Version 17 (modified by nriga@bbn.com, 12 years ago) (diff)

--

OpenFlow aggregates in GENI typically use Expedient as their aggregate manager, along with the Opt-In Manager. The OIM is currently packaged separately, but Expedient and the OIM each depend on the other.

Info for experimenters

The following sections are mostly of interest to GENI experimenters.

Opting in your traffic

If you allocate a shared resource that connects to an OpenFlow aggregate (e.g. a MyPLC plnode or ProtoGENI host), you'll typically also need to reserve some OpenFlow resources. When you do this, your reservation request goes to the Opt-In Manager, and a local Expedient OIM admin needs to approve your request before your sliver actually becomes live. The OIM admin isn't notified of your request, so you'll usually want to contact them to ask them to opt in your sliver.

NOTE: Most of the sites have switched to using the FOAM (a new OpenFlow Aggregate Manager) which will automatically send an email to the administrator when a sliver is created, so there is no need to contact them separately. You should also receive an email when your sliver is created and when the administrator makes a decision about your sliver.

This is a list of Expedient aggregate, and contact info for the OIM admins:

OpenFlow Aggregate info page Expedient Opt-In Manager admin
Indiana? gmoc@grnoc.iu.edu
Internet2 gmoc@grnoc.iu.edu
NLR? gmoc@grnoc.iu.edu

This is a list of contact info for FOAM admins, you should only contact FOAM administrators if your sliver hasn't been approved for more than a couple of days or if you are experiencing other problems with your sliver.:

Clemson openflow_help-L@clemson.edu
Georgia Tech Russ.Clark@gatech.edu
GPO Lab foam-admin@gpolab.bbn.com
Rutgers? Ivan Seskar
Stanford deployment-help@openflowswitch.org
Washington? balkan@cs.washington.edu
Wisconsin agember@cs.wisc.edu

Info for admins

The following sections are mostly of interest to Expedient admins.

Slice Authority trust configuration

You may want to configure your Expedient AM to trust user certificates signed by additional Slice Authorities. To do that, install the CA cert for the Slice Authority in /etc/expedient/gcf-x509-trusted.crt/<authority>.crt (note that the name has to end in ".crt"), and then do

cd /etc/expedient/apache/ca-certs
sudo make

to create a symlink in /etc/expedient/apache/ca-certs pointing to it.

In particular, campus mesoscale deployments may want to trust the pgeni.gpolab.bbn.com SA; you can get the cert from http://www.pgeni.gpolab.bbn.com/ca-cert/pgeni.gpolab.bbn.com.pem.

Aggregate changes

If you change what ports are in a DPID, or add a new DPID that points to an Expedient-managed FlowVisor, you need to poke Expedient to have it notice the change.

To do so, browse to the Expedient web UI and log in. On the dashboard page, find the relevant aggregate, and click "edit" under "Actions". You don't need to make any changes, just click "Update", and that should cause it to get the new information.

Slivers for expired slices

If an experimenter forgets to extend the expiration date on their GENI slice, then their Expedient slivers will outlive their slice, and they won't be able to delete the Expedient slivers, because they don't have a valid slice any more. (Expedient 4.x in theory adds expiration dates, although this seems to be set by hand in the rspec, so the sliver can still outlive the slice.)

An Expedient admin can delete them by hand; there's probably more than one way to do this, but an easy way is:

  • Browse to the Expedient AM web UI.
  • Look for the user's sliver (Expedient calls it "slice") in the Projects section of the main ("Dashboard") page, and click on it.
  • On the ensuing slice detail page, in the "Management Actions" box, click on "Delete" to delete the slice.

You can also delete the user's entire project from the main ("Dashboard") page, but if they still have some non-expired slivers that they're using, this will delete those as well.