wiki:OpenFlow/SDNInstaGENI

Version 4 (modified by asydney@bbn.com, 5 years ago) (diff)

--


Overview

At InstaGENI racks, FOAM was the aggregate manager used with FlowVisor (FV) to allow experimenters to reserve SDN resources at a rack. A single OpenFlow VLAN instance was manually provisioned at the racks and FV allowed "slicing" of this instance via IP subnets. Hence, each researcher was allocated an IP subnet (a priori) to conduct SDN experiments. FOAM and FV were also used at the GENI Mesoscale network to facilitate network programmability at the GENI core. However, FV is not actively maintained. Furthermore, with the transition from the Mesoscale to the AL2S core network as the new GENI core network and also with the advent of the "OpenFlow over Stitching" service, FV and FOAM are no longer necessary.

Updated SDN Operation at InstaGENI Racks

As shown in the figure below, the FOAM and FV VMs have been replaced with a new light-weight "sdn" VM.

How Are SDN Resources Provisioned?

  • GENI experimenters will add the following to the regular stitching rspec:
    <emulab:openflow_controller url="tcp:<IP Address for controller>:<Port for controller>" />
    

This simply defines the information for the experimenter's controller which can reside within a campus, on a GENI rack, or on the public Internet. See the attached file "stitch-ig-uky-ig-nyse-of.rspec" for a complete example of an rspec.

  • When the "boss" VM receives this "OpenFlow over Stitching" request, the InstaGENI software stack creates an OpenFlow VLAN "slice" (or instance) at the data plane switch of the rack. The VLAN used corresponds to one of the "stitching" VLANs defined for this rack, and the associated IP address is that which was specified in the experimenter's rspec.
  • The new instance leverages the management configuration of the data plane switch to initiate a connection via the "sdn" VM to the experimenter's controller.
  • When the connection has been established, the "sdn" VM forwards SDN traffic between the experimenter's instance at the data plane switch and the controller.

What administrative tasks are required of the site admin

Compared to the previous requirements, none are required in this new paradigm. The new "VLAN" model:

  • removes any possibility for subnet overlapping which exists with the current FOAM/FV model
  • removes the need for site contacts to administer FOAM and FlowVisor

How can we track the users of GENI SDN resources?

Mechanisms inherent in the GENI account creation and approval process and the GENI monitoring interface provide the ability to determine the identity of experimenters who own GENI resources. These can be used to determine the source of security issues when GENI resources are misused unintentionally or intentionally.

Attachments (2)

Download all attachments as: .zip