1 / 29

Tutorial: An Introduction to OpenFlow using POX

Tutorial: An Introduction to OpenFlow using POX. Vic Thomas, Niky Riga– GPO Summercamp July 2014. Tutorial Tips …. For this tutorial you will need Omni ability to login through ssh a text editor Optional Basic understanding of python

metta
Download Presentation

Tutorial: An Introduction to OpenFlow using POX

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tutorial: An Introduction to OpenFlow using POX Vic Thomas, Niky Riga– GPO Summercamp July 2014

  2. Tutorial Tips … • For this tutorial you will need • Omni • ability to login through ssh • a text editor • Optional • Basic understanding of python • xterm support (MAC, linux, cygwin are ok) http://tinyurl.com/geniof

  3. Switch Architecture

  4. Moving Control out of the Switch

  5. OpenFlow is an API • Control how packets are forwarded • Implementable on COTS hardware • Make deployed networks programmable • not just configurable • Makes innovation easier Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  6. OpenFlow • The controller is responsible for populating forwarding table of the switch • In a table miss the switch asks the controller Any Host OpenFlow Controller OpenFlow Protocol (SSL/TCP) Switch Control Path OpenFlow Data Path (Hardware) Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  7. OpenFlow in action • Host1 sends a packet • If there are no rules about handling this packet • Forward packet to the controller • Controller installs a flow • Subsequent packets do not go through the controller Any Host OpenFlow Controller OpenFlow Protocol (SSL/TCP) Switch Control Path OpenFlow Data Path (Hardware) host2 host1 Modified slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  8. OpenFlow BasicsFlow Table Entries Rule Action Stats Packet + byte counters • Forward packet to port(s) • Encapsulate and forward to controller • Drop packet • Send to normal processing pipeline • Modify Fields Eth type VLAN PCP Switch Port IP Prot IP Src IP Dst TCP sport TCP dport IP ToS VLAN ID MAC src MAC dst + mask what fields to match slide from : http://www.deutsche-telekom-laboratories.de/~robert/GENI-Experimenters-Workshop.ppt

  9. Use Flow Mods • Going through the controller on every packet is inefficient • Installing Flows either proactively or reactively is the right thing to do: • A Flow Mod consists of : • A match on any of the 12 supported fields • A rule about what to do matched packets • Timeouts about the rules: • Hard timeouts • Idle timeouts • The packet id in reactive controllers

  10. OpenFlow common Pitfalls • Controller is responsible for all traffic, not just your application! • ARPs • DHCP • LLDP • Reactive controllers • UDP • Performance in hardware switches • Not all actions are supported in hardware • No STP • Broadcast storms

  11. GENI Rack Campuses • Each rack has an OpenFlow-enabled switch

  12. Core Networks Internet2 adding 10GbE paths to Advanced Layer 2 Services (AL2S) at 4 of 5 OpenFlow meso-scale/ProtoGENI Pops GENI Aggregate Manager in Internet2 AL2S and dynamic stitching coming soon Internet2 SDN networks

  13. OpenFlowdatapaths • OpenFlow switches are usually referred to as datapaths with a unique dpid Different OpenFlow modes • switches in pure OF mode areacting as onedatapath • Hybrid VLAN switchesareonedatapath per VLAN • Hybrid portswitchesaretwodatapaths (one OF and onenon-OF) Any Host OpenFlow Controller • It is not necessary that 1 physical switch corresponds to 1 dpid OpenFlowProtocol Switch Control Path OpenFlow Data Path (Hardware) • Each Datapath can point to only one controller!

  14. FlowVisor Any Host Any Host Any Host • FlowVisor is a proxy controller that can support multiple controllers FlowSpacedescribes packet flows : • Layer 1: Incoming port on switch • Layer 2: Ethernet src/dstaddr, type, vlanid, vlanpcp • Layer 3: IP src/dstaddr, protocol, ToS • Layer 4: TCP/UDP src/dst port FlowVisor OpenFlow Controller OpenFlow Controller OpenFlow Protocol (SSL/TCP) Switch OpenFlow Protocol (SSL/TCP) Control Path OpenFlow Data Path (Hardware)

  15. FOAM • An OpenFlow Aggregate Manager • It’s a GENI compliant reservation service • Helps experimenters reserve flowspace in the FlowVisor • Speaks AM API v1 and AM API v2 • RSpecs GENI v3, OpenFlow v3 extension

  16. Sharing of OpenFlow resources Today In GENI: • Slice by VLAN for exclusive VLANs • Slice by IP subnet and/or eth_type for shared VLANs In FIRE: • On iMinds testbed • Slice by inport • On OFELIA testbed • Slice by VLAN

  17. FOAM RSpecs <rspec … type="request"> <openflow:sliver > <openflow:controllerurl="tcp:192.168.1.1:6633" type="primary"/> <openflow:group name="missouri-instageni-openflow-1750"> <openflow:datapathcomponent_id="urn:publicid:IDN+openflow:foam:foam.instageni.rnet.missouri.edu+datapath+06:d6:2c:59:e5:6a:02:00" component_manager_id="urn:publicid:IDN+openflow:foam:foam.instageni.rnet.missouri.edu+authority+am"/> </openflow:group> <openflow:match> <openflow:use-group name="missouri-instageni-openflow-1750"/> <openflow:packet> <openflow:dl_type value="0x800,0x806"/> <openflow:nw_dst value=”10.10.10.0/24"/> <openflow:nw_src value=”10.10.10.0/24"/> </openflow:packet> </openflow:match> </openflow:sliver> </rspec>

  18. OpenFlow Experiments Debugging OpenFlow experiments is hard: • Network configuration debugging requires coordination • Many networking elements in play • No console access to the switch Before deploying your OpenFlow experiment test your controller. http://mininet.github.com/ http://openvswitch.org/

  19. Run an OpenFlow experiment 1 Xen VM running the OF controller 1 XenVM as OVS switch 3 OpenVZ VMs connected to OVS Host2 Host1 • Setup OVS • Write simple controllers • e.g. divert traffic to a different server • Use Python controller PoX OVS Host3 Controller

  20. Part I: Design/Setup • Obtain Resources • Part II: Execute • Configure and Initialize Services • Execute Experiment • Part III: Finish • Teardown Experiment

  21. Obtain Resources Two slices • Running your controller • “XEN VM Pox Ctrl” • Your OpenFlow topology • “OF OVS Tutorial with Xen & OpenVZ” Host2 Host1 Use the aggregate on your worksheet! slice 1 OVS Controller Host3 slice 2

  22. Configure OVS OVS is a virtual switch running on a XenVM • The dataplaneintfof VM are the ports of the switch • Configure an Ethernet bridge (done) • Add all dataplane ports to the switch • Make it an OpenFlow switch • Point OVS switch to the controller address and port • Use your controller eth0 IP • Turn off default forwarding • Kernel space OVS

  23. Configure and Initialize OVS • Log in to OVS host and configure software switch: $ ifconfig $ sudoifconfig eth1 0 $ sudoifconfig eth2 0 $ sudoifconfig eth3 0 $ sudoovs-vsctl add-port br0 eth1 $ sudoovs-vsctl add-port br0 eth2 $ sudoovs-vsctl add-port br0 eth3 $ sudoovs-vsctl list-ports br0 $ sudoovs-vsctl set-controller br0 tcp:<ctrl_ip>:6633 $ sudoovs-vsctl set-fail-mode br0 secure $ sudoovs-vsctl show Host2 Host1 Turn off IP eth2 eth1 OVS Add data ports to switch eth3 Host3 Point switch to controller

  24. Part I: Design/Setup • Obtain Resources • What is OpenFlow, what can I do with Openflow? • Demo: Using OpenFlow in GENI • Part II: Execute • Configure and Initialize Services • Execute Experiment • Part III: Finish • Teardown Experiment

  25. Debugging your Controller • Use debugging messages in your controller • Use tcpdump to verify that packets flow in the right intf • Between hosts • Between switch and controller • Use ovs-ofctl, ovs-dpctl, ovs-vsctl • to check connectivity to controller • to see installed flows • Use tcpdump, wireshark • Dissector for OpenFlow • Allows to see OpenFlow messages being exchanged on the wire

  26. Experiments • Use a Learning Switch Controller to see that traffic does not flow without it • Write a controller that duplicates traffic out a port • Write a controller that implements port forwarding on one host • Write a controller that implements a proxy forwarding • Hint: Controller solutions are given, just remove my (e.g. use • Proxy instead of myProxy)

  27. Using Hardware Switches • Part I: Design/Setup • Obtain Resources • Part II: Execute • Configure and Initialize Services • Execute Experiment • Part III: Finish • Teardown Experiment

  28. Obtain Resources Delete Slice 2 (not 1), recreate it with a hardware switch • Your OpenFlow topology • Download and modify rspec Host2 Host1 keep! Use the aggregate on your worksheet! slice 1 Controller Host3 slice 2

  29. Part III: Finish Experiment When your experiment is done, you should always release your resources. • Normally this is when you would archive your data • Delete your slivers at each aggregate sliver credentials sliver project RSpec resource user AM API aggregate certificate slice

More Related