Open Flow Hello World
Table of Contents
In this tutorial we'll preform a simple test of OF concepts. We will be leveraging some existing software tools, specifically:
In this experiment Mininet will serve as the source of open flow traffic, floodlight will be the controller. Rather than build these tools from scratch, we will instead use two pre-made images with these tools already installed.
Setup
Preform the usual startup procedure:
Create resource reservation"
Creating a Reservation
Before you can access the testbed, you need to make a reservation for a particular domain and get it approved by the reservation service.
First time users are highly encouraged to reserve time on a sandbox instead of the main grid, and start with the provided "Hello World" experiment.
The user needs a set of nodes/resources from a domain to run the experiment on.For the rest of this tutorial we will assume that the the reserveation was made for sb1 domain.
-
Login into reserved domain: "ssh username@sb1.orbit-lab.org"
Login into reserved domain
During your approved time slot, you will be able to ssh into the console of the respective domain. A console is a dedicated machine that allows access to all resources in that domain.
For example, to access the sandbox1:
yourhost>ssh username@console.sb1.orbit-lab.org Using username "username". Authenticating with public key "xxxxxxxxx" Welcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-36-generic x86_64) * Documentation: https://help.ubuntu.com/ System information as of Mon Jan 28 20:25:50 EST 2013 System load: 0.0 Processes: 93 Usage of /: 2.7% of 69.43GB Users logged in: 0 Memory usage: 6% IP address for eth0: 10.50.18.10 Swap usage: 0% IP address for eth1: 10.18.0.10 Graph this data and manage this system at https://landscape.canonical.com/ 9 packages can be updated. 0 updates are security updates. |-----------------------------------------------------------------| | *** For authorized use only *** | | This system is for the use of authorized users only. All users | | are expected to comply with the "Acceptable Use Policy" availa- | | ble at http://www.orbit-lab.org/AUP.html | | Individuals using this computer system, are subject to having | | all of their activities on this system monitored and recorded | | by system personnel. | | | | Anyone using this system expressly consents to such monitoring | | and is advised that if such monitoring reveals possible | | evidence of criminal activity, system personnel may provide the | | evidence of such monitoring to law enforcement officials. | | | | Email question, comments or problems to help@orbit-lab.org | |-----------------------------------------------------------------| username@console.sb1:~$
After you receive the confirmation email, you can access the reserved domain by ssh to the corresponding domain console.
- Load the controller on node1-1. The image name is OF-Tutorial-Floodlight-12-7-2014.ndz
omf load -t node1-1 -i OF-Tutorial-Floodlight-12-7-2014.ndz
NOTE: All subsequent instructions assume the controller is running on node1-1 - Load the Mininet instance on node1-2. The image name is OF-Tutorial-Mininet-12-7-2014.ndz
omf load -t node1-2 -i OF-Tutorial-Mininet-12-7-2014.ndz
5.Once loaded turn on both nodes:omf tell -a on -t all
Running the Experiment
As a two-node example, we image the nodes on Sandbox8, as explained in Section 1.1. One is used for the controller, and the other, the Mininet network.
- Bring up and assign addresses to eth0 of the nodes. Both should be in the same IP block. If done from console, the commands look like this:
$ ssh root@node1-1 "ifconfig eth0 inet 192.168.1.1 up" $ ssh root@node1-2 "ifconfig eth0 inet 192.168.1.2 up"
The nodes should now be able to ping eachother via eth0:$ ssh root@node1-1 "ping -c 1 192.168.1.2" PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data. 64 bytes from 192.168.1.2: icmp_req=1 ttl=64 time=0.614 ms --- 192.168.1.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.614/0.614/0.614/0.000 ms
- Start the controller on node1-1. From a shell on node1-1, launch Floodlight:
# cd floodlight # java -jar target/floodlight.jar
After you give it a few seconds, Floodlight should be listening to port 6633 on all interfaces available on the node (eth0, 1, and lo). If you want, you can start uptcpdump
or something similar on a separate terminal on node1-1 to begin capturing control messages:# tcpdump -i lo port 6633
Alternatively, you can starttcpdump
to write to a .pcap file for later analysis withwireshark
with the OpenFlow plugin.# tcpdump -w outfile.pcap -i lo port 6633
- Launch Mininet. From another shell on node1-2:
# mn --topo=single,2 --controller=remote,ip=192.168.1.1
This will give you a virtual network of two hosts and one switch pointed to the running Floodlight instance on node1-1. Once at the prompt, try pinging one host from the other:mininet> h1 ping h2 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_req=1 ttl=64 time=8.19 ms 64 bytes from 10.0.0.2: icmp_req=2 ttl=64 time=0.164 ms 64 bytes from 10.0.0.2: icmp_req=3 ttl=64 time=0.025 ms 64 bytes from 10.0.0.2: icmp_req=4 ttl=64 time=0.024 ms ^C --- 10.0.0.2 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.024/2.101/8.193/3.517 ms
Notice how the first ping takes much longer. This is due to the flow installation process triggered by the first ping (Specifically, the ARPs sent by the hosts) as the switch suffers a flow table miss. At the same time, you should see (lots of) packets being captured by tcpdump in node1-1's terminal:root@node1-1:~/floodlight# tcpdump -i eth0 port 6633 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 20:18:30.188181 IP 192.168.1.2.41631 > 192.168.1.1.6633: Flags [S], seq 3242563912, win 14600, options [mss 1460,sackOK,TS val 699854 ecr 0,nop,wscale 4], length 0 20:18:30.188321 IP 192.168.1.1.6633 > 192.168.1.2.41631: Flags [S.], seq 2665849071, ack 3242563913, win 14480, options [mss 1460,sackOK,TS val 700809 ecr 699854,nop,wscale 4], length 0 20:18:30.188466 IP 192.168.1.2.41631 > 192.168.1.1.6633: Flags [.], ack 1, win 913, options [nop,nop,TS val 699854 ecr 700809], length 0 20:18:30.188618 IP 192.168.1.2.41631 > 192.168.1.1.6633: Flags [F.], seq 1, ack 1, win 913, options [nop,nop,TS val 699854 ecr 700809], length 0 20:18:30.190310 IP 192.168.1.1.6633 > 192.168.1.2.41631: Flags [.], ack 2, win 905, options [nop,nop,TS val 700810 ecr 699854], length 0 20:18:30.224204 IP 192.168.1.1.6633 > 192.168.1.2.41631: Flags [P.], seq 1:9, ack 2, win 905, options [nop,nop,TS val 700818 ecr 699854], length 8 20:18:30.224426 IP 192.168.1.2.41631 > 192.168.1.1.6633: Flags [R], seq 3242563914, win 0, length 0 20:18:30.402564 IP 192.168.1.2.41632 > 192.168.1.1.6633: Flags [S], seq 1611313095, win 14600, options [mss 1460,sackOK,TS val 699908 ecr 0,nop,wscale 4], length 0 20:18:30.402585 IP 192.168.1.1.6633 > 192.168.1.2.41632: Flags [S.], seq 367168075, ack 1611313096, win 14480, options [mss 1460,sackOK,TS val 700863 ecr 699908,nop,wscale 4], length 0 ...
- Mininet shell interaction is not necissary. We can run a single hello world test with a single command.:
root@node1-2:~# mn --topo=single,2 --controller=remote,ip=192.168.1.1 --test pingall
The output should look like this.*** Creating network *** Adding controller *** Adding hosts: h1 h2 *** Adding switches: s1 *** Adding links: (h1, s1) (h2, s1) *** Configuring hosts h1 h2 *** Starting controller c0 *** Starting 1 switches s1 *** Waiting for switches to connect s1 *** Ping: testing ping reachability h1 -> h2 h2 -> h1 *** Results: 0% dropped (2/2 received) *** Stopping 1 controllers c0 *** Stopping 1 switches s1 .. *** Stopping 2 links *** Stopping 2 hosts h1 h2 *** Done completed in 5.111 seconds
Extra Credit - Using a different Controller
We can use a different controller to manage our test switch / network. One possibility would be to you the Open Day Light controller. A Reference implementation is installed on the image:
OF-Tutorial-ODL-5-27-2015.ndz
We can load this image instead of the floodlight image via the alternative load command:
omf load -t node1-1 -i OF-Tutorial-ODL-5-27-2015.ndz
Once this image is loaded we'll have to preform a few additional steps to bring it up:
- Configure the eth0 interface as before
$ ssh root@node1-1 "ifconfig eth0 inet 192.168.1.1 up"
- from a shell on node1-1 set the JAVA_HOME environment variable:
export JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-amd64
- Start the ODL service
~/distribution-karaf-0.2.3-Helium-SR3/bin/karaf
- On node1-2 preform the same mini-net test
mn --topo=single,2 --controller=remote,ip=192.168.1.1 --test pingall
Next Steps
- Use a real bare metal switch and real nodes - see NEXT TUTORIAL