wiki:OpenFlow/Expedient

Version 8 (modified by Josh Smift, 9 years ago) (diff)

Added I2 and NLR contact addresses.

OpenFlow aggregates in GENI typically use Expedient as their aggregate manager, along with the Opt-In Manager. The OIM is currently packaged separately, but Expedient and the OIM each depend on the other.

Info for experimenters

The following sections are mostly of interest to GENI experimenters.

Opting in your traffic

If you allocate a shared resource that connects to an OpenFlow aggregate (e.g. a MyPLC plnode or ProtoGENI host), you'll typically also need to reserve some OpenFlow resources. When you do this, your reservation request goes to the Opt-In Manager, and a local Expedient OIM admin needs to approve your request before your sliver actually becomes live. The OIM admin isn't notified of your request, so you'll usually want to contact them to ask them to opt in your sliver. Here's a list of Expedient aggregates, and contact info for the OIM admins:

OpenFlow Aggregate info page Opt-In Manager admin
Clemson openflow_help-L@clemson.edu
Georgia Tech joonk@gatech.edu
GPO Lab gpo-infra@geni.net
Indiana? meylor@grnoc.iu.edu
Rutgers? seskar@winlab.rutgers.edu
Stanford deployment-help@openflowswitch.org
Washington? balkan@cs.washington.edu
Wisconsin agember@cs.wisc.edu
Internet2? geni-openflow@internet2.edu
NLR? openflow@nlr.net

Info for admins

The following sections are mostly of interest to Expedient admins.

Slice Authority trust configuration

You may want to configure your Expedient AM to trust user certificates signed by additional Slice Authorities. To do that, install the CA cert for the Slice Authority in /etc/expedient/gcf-x509-trusted.crt/<authority>.crt (note that the name has to end in ".crt"), and then do

cd /etc/expedient/apache/ca-certs
sudo make

to create a symlink in /etc/expedient/apache/ca-certs pointing to it.

In particular, campus mesoscale deployments may want to trust the pgeni.gpolab.bbn.com SA; you can get the cert from http://www.pgeni.gpolab.bbn.com/ca-cert/pgeni.gpolab.bbn.com.pem.

Aggregate changes

On some switches -- definitely HPs, maybe others -- if you change what ports are in a DPID, or add a new DPID that points to an Expedient-managed FlowVisor, you need to poke Expedient to have it notice the change.

To do so, browse to the Expedient web UI and log in. On the dashboard page, find the relevant aggregate, and click "edit" under "Actions". You don't need to make any changes, just click "Update", and that should cause it to get the new information.

Slivers for expired slices

If you forget to extend the expiration date on your slice, then your Expedient slivers will outlive your slice, and then you can't delete the Expedient slivers because you don't have a slice any more. (Expedient 4.x in theory adds expiration dates; we haven't checked yet whether the expiration date automatically gets set to your slice expiration date if you don't specify.)

An Expedient admin can delete them by hand; there's probably more than one way to do this, but an easy way is to browse to the Expedient AM web UI and delete the user's project from the Projects section of the main ("Dashboard") page.