Changes between Version 5 and Version 6 of OpenFlow/FOAM/AdminIntro


Ignore:
Timestamp:
12/10/13 14:02:30 (10 years ago)
Author:
Josh Smift
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • OpenFlow/FOAM/AdminIntro

    v5 v6  
    33= FOAM admin intro =
    44
    5 FOAM is an OpenFlow aggregate manager, which sites in GENI use to allow experimenters to allocate OpenFlow resources.
     5FOAM is an OpenFlow aggregate manager, which sites in GENI use to allow experimenters to allocate OpenFlow resources. It's intended to be useful to any new FOAM administrator, but is specifically aimed at GENI rack site admins who may not necessarily know what FOAM is or what to expect it to do.
    66
    77Our [wiki:OpenFlow/FOAM main FOAM page] and [wiki:FlowVisor main FlowVisor page] have much more information, and many of the sections below link to things on those pages.
     
    1111There are also usually GPO and other GENI FOAM/FV/!OpenFlow-savvy folks on the #geni-openflow channel on the Freenode IRC network; see [wiki:HowTo/ConnectToGENIChatRoom our general IRC page] to get connected there.
    1212
     13Welcome! We're here to help, and you can always write to gpo-infra@geni.net to reach the GPO's Infrastructure group.
     14
    1315= Basic architecture =
    1416
     
    1719A physical !OpenFlow switch has one or more "datapaths", each of which connects to one !OpenFlow controller. To allow multiple GENI experimenters to use a datapath, we use !FlowVisor to slice traffic based on match criteria ("flowspace rules" in FV terms). For example, the flowspace rules for a FV slice might match any traffic on VLAN 1755 (`dl_vlan=1755`), or IP subnet 10.42.15.0/24 (`dl_type=0x800,nw_dst=10.42.109.0/24,nw_src=10.42.109.0/24`), etc.
    1820
    19 (Note that a "!FlowVisor slice" isn't a slice in the GENI sense; they're very different, they just happen to use the same term. There's typically a one-to-one relationship between a FOAM sliver and a FV slice, so it may be helpful to think of a FV slice as the resources belonging to a FOAM sliver.)
     21(Note that a "!FlowVisor slice" isn't a slice in the GENI sense; they're very different, they just happen to use the same term. There's typically a one-to-one relationship between a FOAM sliver and a FV slice, so it may be helpful to think of a FV slice as the resources that have been allocated to a FOAM sliver.)
    2022
    2123Some physical switches have more than one datapath, and some datapaths are "VLAN-hybrid" datapaths, which typically means that (a) on the switch itself, datapaths are set up using the switch's native mechanisms for setting up VLANs, and each datapath corresponds to a VLAN; (b) traffic within the datapath is not tagged by VLAN, because the switch is already using VLAN to differentiate datapaths. The InstaGENI racks use VLAN-hybrid switches; the ExoGENI racks use port-hybrid switches (in which each physical port on the switch is either part of the !OpenFlow datapath, or managed by the switches normal native logic; the !OpenFlow ports are a essentially a pure-!OpenFlow datapath, from a FOAM point of view at least).
     
    2729The !OpenFlow control path thus runs from the switch through !FlowVisor to the experimenter's controller. FOAM is not in the !OpenFlow control path; it talks to !FlowVisor via FV's XMLRPC API, and to experimenters via the GENI AM API.
    2830
     31= FOAM =
     32
     33Here are some additional introductory details about FOAM.
     34
     35== Auto-approval ==
     36
     37In most GENI aggregates, when an experimenter requests resources, the request is automatically approved if the requested resources are available, and rejected otherwise. For example, if an experimenter requests three ExoGENI VMs, the ExoGENI AM can satsify that request if it has the the resources available to create three VMs, or not if it doesn't, but in any case without affecting anyone else. The situation is more complicated in FOAM, since !OpenFlow resources can be shared, and requests from experimenters can overlap. For example, if an experimenter requests an IP subnet (e.g. 10.42.0.0/16), FOAM needs to check whether any other experimenters have already requested IP space that overlaps with that subnet (such as 10.0.0.0/8 or 10.42.15.0/24).
     38
     39Originally, admins were responsible for detecting these overlaps, and thus most admins configured FOAM to require manual approval of new slivers. As of FOAM 0.12.0, FOAM has an analysis engine that can identify whether a new request overlaps with existing requests, and approve it automatically if it doesn't conflict with anything else. Our [wiki:OpenFlow/FOAM#Auto-approval FOAM auto-approval docs] describe this in a fair bit of detail, including how the analysis engine works, and how we decide [wiki:OpenFlow/FOAM#Sliverapprovalworkflow what to do if a sliver isn't auto-approved].
     40
     41Most FOAM slivers will be auto-approved, but our main FOAM page has a section with [wiki:OpenFlow/FOAM#ManagingFOAMslivers commands for managing FOAM slivers], should you need to do that. You can also use GENI credentials of your own to create a sliver to play with, just to see first-hand how this works.
     42
     43When in doubt about an approval request, feel free to ask the Infrastructure team at the GPO (gpo-infra@geni.net) -- we're always happy to help.
     44
     45== E-mail ==
     46
     47FOAM will send mail to the FOAM admins and to experimenters when it does various things, such as when a sliver is created, approved, and deleted. There's also a nightly FOAM cron job that reports on "pending" slivers, i.e. anything that wasn't automatically approved; those generally reflect an experimenter who's waiting for resources, so please try to act on those expeditiously. You can generally skim the other messages to make sure they don't contain anything unusual, and otherwise, archive them in case you ever need them later.
     48
     49FOAM has two places where e-mail is configured: The site.admin.email setting, which shows up in getversion output, and the configuration for administrative e-mail. Racks generally come with the latter pre-configured, and you can set the former if you like, or not if you don't (see http://groups.geni.net/geni/wiki/OpenFlow/FOAM#Othersettings for instructions).
     50
     51== Configuration ==
     52
     53We have some [wiki:OpenFlow/FOAM#Initialconfiguration guidelines for FOAM configuration], which we encourage GENI sites to follow. If you're a rack admin, these should already be done as part of the rack setup process, but you can check for yourself if you're curious.
     54
     55== Upgrades ==
     56
     57As of 2013-12, the rack teams are responsible for deciding whether and when to schedule FOAM upgrades, so if you're a rack admin, you generally shouldn't upgrade FOAM except when advised by the rack teams. For other FOAM admins, the GPO will typically post to response-team@geni.net to recommend/request that sites upgrade.
     58
    2959= !FlowVisor =
    3060
    3161Our main FV page has a section with [wiki:FlowVisor#Usefulcommands useful fvctl and fvconfig commands]. You generally won't need to use any of these except when debugging a problem.
    3262
    33 If you do encounter !FlowVisor issues, see our [wiki:FlowVisor#Issuereporting FV issue reporting guidelines] for some useful tips.
     63If you do encounter !FlowVisor issues, see our [wiki:FlowVisor#Issuereporting FV issue reporting guidelines] for some useful tips. And, as always, gpo-infra@geni.net is a good place to ask questions.
    3464
    35 As of 2013-07, the rack teams are responsible for deciding whether and when to schedule !FlowVisor upgrades, so if you're a rack admin, you generally shouldn't upgrade FV except when advised by the rack teams. For other FOAM admins, the GPO will typically post to response-team@geni.net to recommend/request that sites upgrade.
    36 
    37 = FOAM =
    38 
    39 In most GENI aggregates, when an experimenter requests resources, the request is automatically approved if the requested resources are available, and rejected otherwise. For example, if an experimenter requests three ExoGENI VMs, the ExoGENI AM can satsify that request if it has the the resources available to create three VMs, or not if it doesn't, but in any case without affecting anyone else. The situation is more complicated in FOAM, since !OpenFlow resources can be shared, and requests from experimenters can overlap. For example, if an experimenter requests an IP subnet (e.g. 10.42.0.0/16), FOAM needs to check whether any other experimenters have already requested IP space that overlaps with that subnet (such as 10.0.0.0/8 or 10.42.15.0/24).
    40 
    41 Originally, admins responsible for detecting these overlaps, and thus most configured FOAM to require manual admin approval of new slivers. As of FOAM 0.12.0, FOAM has an analysis engine that can identify whether a new request overlaps with existing requests, and approve it automatically if it doesn't conflict with anything else. Our [wiki:OpenFlow/FOAM#Auto-approval FOAM auto-approval docs] describe this in a fair bit of detail, including how the analysis engine works, and how we decide [wiki:OpenFlow/FOAM#Sliverapprovalworkflow what to do if a sliver isn't auto-approved].
    42 
    43 Most FOAM slivers will be auto-approved, but our main FOAM page has a section with [wiki:OpenFlow/FOAM#ManagingFOAMslivers commands for managing FOAM slivers], should you need to do that. You can also use GENI credentials of your own to create a sliver to play with, just to see first-hand how this works.
    44 
    45 When in doubt, feel free to ask the Infrastructure team at the GPO (gpo-infra@geni.net) -- we're always happy to help.
    46 
    47 FOAM will send mail to the FOAM admins and to experimenters when it does various things, such as when a sliver is created, approved, and deleted. You can generally skim these messages to make sure they don't contain anything unusual, and otherwise, archive them in case you ever need them later. There's also a nightly FOAM cron job that reports on "pending" slivers, i.e. anything that wasn't automatically approved; those generally reflect an experimenter who's waiting for resources, so please try to act on them expeditiously.
    48 
    49 FOAM has two places where e-mail is configured: The site.admin.email setting, which shows up in getversion output, and the configuration for administrative e-mail. http://groups.geni.net/geni/wiki/OpenFlow/FOAM#Othersettings includes instructions for changing the former, and `foamctl config:setup-email` is a simple way to change the latter if you need to.
    50 
    51 We have some [wiki:OpenFlow/FOAM#Initialconfiguration guidelines for FOAM configuration], which we encourage GENI sites to follow. If you're a rack admin, these should already be done as part of the rack setup process, but you can check for yourself if you're curious.
    52 
    53 As of 2013-07, the rack teams are responsible for deciding whether and when to schedule FOAM upgrades, so if you're a rack admin, you generally shouldn't upgrade FOAM except when advised by the rack teams. For other FOAM admins, the GPO will typically post to response-team@geni.net to recommend/request that sites upgrade.
     65As of 2013-12, the rack teams are responsible for deciding whether and when to schedule !FlowVisor upgrades, so if you're a rack admin, you generally shouldn't upgrade FV except when advised by the rack teams. For other FOAM admins, the GPO will typically post to response-team@geni.net to recommend/request that sites upgrade.