Version 4 (modified by 15 years ago) ( diff ) | ,
---|
Tutorial on seprating traffic on SB9
Open flow is a very versatile standard. You can read more about it here. As an example of the capabalities of open flow, and a tutorial on the orbit sandbox that was created specfically for the purposes of evaluating and testing openflow, we will run through a simple experiment.
In the Openflow model, traffic can be separated along may diffrent boundaries. In this particular example we're going to sperate bittorrent traffic in highnumbered ports. We will run two sperate controllers. The first will handle the production traffic, and run a commodity controller, SNAC. The second controller will manage the "experimental" bit-torrent traffic, and run a configured Nox controller. The data interfaces (eth0) of 4 nodes are connected to the open flow switch. The openflow switch is pre-configured to speak to a controller at console.sb9.orbit-lab.org:6633 The logical setup should look like:
Controllers
Splitter: Flowvisor - IP port 6633
The flowvisor tool serves as an intermediary between controllers. It splits traffic based on predefined rules. For this example we're running flowvisor on the SB9 console. While it is completely possible to complie your own flowvisor from scratch and install it in your home directory, a precompiled installation is located in /opt. In order to properly steer the flowvisor tool, you must populate a flovisor-config.d directory with files that configure the flowvisor behavoir. This directory must be a subdirectory of the current working directory, as flow visor will create statistics files and logs in the current working directory. For the purposes of this demo we'll be using these files:
bittorent.guest default.switch routing.guest
The defualt file primes the flowvisor and contains only the following lines:
# For switches that do not have a their own, specific config file Default: 1 # Start numbering "default" switches at 10000 Id: 10000
The routing.guest file directs production traffic to SNAC running on port 6634, it denies high numbered IP traffic from getting to port 6634:
Name: routing ID: 1 Host: tcp:localhost:6634 # By default, with now "FlowSpace" param, this slice has # permissions to affect all traffic FlowSpace: deny: tp_src: 10001 FlowSpace: deny: tp_dst: 10001 FlowSpace: deny: tp_src: 10002 FlowSpace: deny: tp_dst: 10002 FlowSpace: deny: tp_src: 10003 FlowSpace: deny: tp_dst: 10003 FlowSpace: deny: tp_src: 10004 FlowSpace: deny: tp_dst: 10004 FlowSpace: deny: tp_src: 10005 FlowSpace: deny: tp_dst: 10005 # limit 10000 == at most 10000 packet_in's per second == infinity FlowSpace: allow: limit: 10000
Finally the bittorent.guest directs high numbered ip port traffic to a controller on 6635:
Id: 1001 Host: tcp:localhost:6635 FlowSpace: allow: tp_src: 10001 limit: 10000 FlowSpace: allow: tp_dst: 10001 limit: 10000 FlowSpace: allow: tp_src: 10002 limit: 10000 FlowSpace: allow: tp_dst: 10002 limit: 10000 FlowSpace: allow: tp_src: 10003 limit: 10000 FlowSpace: allow: tp_dst: 10003 limit: 10000 FlowSpace: allow: tp_src: 10004 limit: 10000 FlowSpace: allow: tp_dst: 10004 limit: 10000 FlowSpace: allow: tp_src: 10005 limit: 10000 FlowSpace: allow: tp_dst: 10005 limit: 10000
This setup of flowvisor will split along IP port boundaries. If we want to direct more traffic to the experiment, we simply manipulate the flow rules.
Production: SNAC - IP port 6634
On console.sb9 SNAC is preconfigured to listen to port 6634. For the purposes of this example, SNAC will handle the production traffic and as such is not configured to do anything beyond the scope of a simple learning switch. The web interface for SNAC is accessible externally at http://sb9.orbit-lab.org (default credentials).
Experimental: NOX - IP port 6635
For demonstration purposes we will have this controller simply pass traffic. We could manipulate this traffic by configuring NOX to behave differently, or by running a completely different controller that listens on port 6635. Since our model is that "production" traffic is handled by a controller at port 6634 and experimental traffic is handled by a controller at port 6635, it is expected that the states of the port 6635 controller be transient.
TESTS for connectivity
The SNAC controller Web interface
Assuming your flowvisor is passing along high priority traffic to snac, the this:
Inter-node traffic
FIXME probably this will be a script detail
Once the data interfaces are brought up on each of the 4 nodes, they should be discovered by SNAC. Assuming we place them all in the same IP subnet, it should be possible to ping each node from every other node. A simple test can be done as follows:
for node1-i: ssh root@node1-i ifconfig eth0 up ifconfig eth0 192.168.1.i ping 192.168.1.(i-1) where i runs from 1 to 4.
This should be done with independent sessions, as each session will start display traffic information. Once completed SNAC should report an increase in production traffic, and 4 discovered hosts with the specified ips.