= !OpenFlow How-To = Sandbox 9 uses the !OpenFlow capable switch as part of its setup as a means to provide a testbed for experimentation with the !OpenFlow protocol. This tutorial covers the following: * The network topology of the testbed * Installation of the !OpenFlow Reference System and NOX * Operating the controller * Performance analysis tools === !OpenFlow Protocol === !OpenFlow is a protocol that allows for the creation of overlay networks over pre-existing network infrastructure. This allows a researcher to run experiments on production networks without the fear of affecting any of the legacy installations or setups, while having control over how data is handled across the network. [[BR]] [[BR]] "!OpenFlow Protocol" specifically refers to the protocol that is used by a network device and its controller to pass information about flows, or instructions on how to handle data packets based on the packet header, to each other. Detailed information can be found here: http://www.openflowswitch.org/ === The Testbed === Sandbox 9 consists of eight nodes (currently three are available) connected to the SB9 Console through a !OpenFlow enabled gigabit switch. The network topology is shown below: [[BR]] [[BR]] [[Image(wiki:Documentation/OpenFlow/OFHowTo:OFSetup.jpg, 450)]] The dotted box (labeled sw_sb09) represents the !OpenFlow enabled NEC IP8800/S3640-48T2XW switch, currently running firmware supporting !OpenFlow v0.8.9. The switch is pre-configured so that ports 25-36 (the data VLAN, in red) is an !OpenFlow virtual switch that listens for a controller running on the SB9 Console. There exists a virtual connection between the controller and virtual switch, represented by the dotted red line. Two trunked connections exist on the sw_sb09 - one connects the setup with the ORBIT network (through sw_sb_top), and the other not only allows the console to communicate with the nodes, but also provides the secure controller-switch VLAN needed for the !OpenFlow setup. The experimenter would be able to monitor and manipulate the setup from the Console. ---- == The Controller == We can run the controller on the Console or on one of the nodes as they each can have equal access the the !OpenFlow Control VLAN. Two distinct controllers, one from the !OpenFlow reference System (v0.8.9r2) and another from NOX-core (v0.5.0), have been successfully installed and tested on the Console. These may be installed in your userspace if you wish to run one of these controllers from the Console. === Installing the controller on a node === The software can be downloaded from the following places: * !OpenFlow reference system: http://www.openflowswitch.org/wp/downloads/ * NOX-core: http://noxrepo.org/wp/ The former is a simple implementation that comes with a few tests; latter is a full-blown network operating system/ development tool that comes with a Network API that can be used to write and develop your own controller in C++ or Python. Both can also be installed using Git. Git can be installed with the following command: {{{ apt-get install git-core }}} ==== Installing the !OpenFlow Reference System ==== While presented, it is not recommended to install from tarball. The detailed instructions may be found here: http://www.openflowswitch.org/wp/getstarted/ 1. Download software and required packages. If using git: {{{ sudo apt-get install git-core automake m4 pkg-config libtool git clone http://openflowswitch.org/openflow cd openflow ./boot.sh }}} if installing from tarball: {{{ mkdir openflow cd openflow wget http://openflowswitch.org/downloads/openflow-0.9.0.tar.gz tar xzf openflow-0.9.0.tar.gz cd openflow-0.9.0 sudo apt-get install gcc linux-headers-`uname -r` }}} 2. Make and install. {{{ ./configure --with-l26=/lib/modules/`uname -r`/build make make install }}} ==== Installing NOX ==== It is not only recommended but also much simpler to use git to install NOX. Therefore the following instructions assume you are using git. The full instructions are found at noxrepo.org: http://noxrepo.org/manual/installation.html [[BR]] ''' Dependencies ''' [[BR]] NOX requires the following packages to be installed on the Console: * GNU Libtool (libtool) * Boost C++ libraries (libboost1.35-dev) * Apache HTTP Server (apache2) * Xerces C++ parser (libxerces-c28) * Xerces development files (libxerces-c2-dev) * SSL development libraries (libssl-dev) * SQLite 3 development files (libsqlite3-dev) * Simple JSON for Python (python-simplejson) Note, this is with respect to the Console, not the node - you may need to install additional packages before NOX can be installed properly. If all dependencies are taken care of, NOX will install with the following steps. {{{ git clone git://noxrepo.org/noxcore cd noxcore/ ./boot.sh mkdir build/ cd build/ ../configure --with-python=yes make make check }}} == Controllers on the Console == A sub-set of these instructions can be used to install a "custom" controller in userspace on the console. Most of the requisite libraries should already be installed. Use the following commands to install the Reference system in your userspace: '''for the !OpenFlow Reference System :'''[[BR]] {{{ cd git clone http://openflowswitch.org/openflow cd openflow ./boot.sh ./configure --with-l26=/lib/modules/`uname -r`/build make make install }}} '''for NOX :'''[[BR]] {{{ cd git clone git://noxrepo.org/noxcore cd noxcore/ ./boot.sh mkdir build/ cd build/ ../configure --with-python=yes make make check }}} === Starting the controller === Both commands start the controller and establish a connection with the !OpenFlow switch. The -v is for verbose. -h for both will give you the help files for the controllers. In the reference system, the controller is found under .../openflow/controller/ {{{ ./controller -v ptcp:6633 }}} and in NOX, it is found under .../noxcore/build/src/ {{{ ./nox-core -v -i ptcp:6633 }}} `ptcp:6633` refers to a passive connection to TCP 6633, the default !OpenFlow port. An active connection method using standard TCP exists, however this does not work on this setup. In the !OpenFlow reference system, a log of the verbose output can be saved by appending `--log-file [filename]`. [[BR]] [[BR]] ---- == Available Tools == Some of these tools require root privileges and will thus require a custom installation on a node. Others can be run from the console directly in an unprivileged mode. === the Wireshark plugin === The !OpenFlow Reference system comes with an !OpenFlow wireshark dissector. '''Permissions:''' [[BR]] You must be root in order to use Wireshark; Therefore you must install it on a node. [[BR]] '''Prerequisites:''' [[BR]] glib (and of course, wireshark) is required for the plugin to work: {{{ apt-get install wireshark libgtk2.0-dev }}} '''Installation:'''[[BR]] The patch is located under the utilities directory: {{{ cd utilities/wireshark_dissectors/openflow make sudo make install }}} '''Usage:'''[[BR]] To use wireshark, you need to do some X11 tunneling. To do this, add the -X option when using SSH to access the Console and the nodes. tcpdump pcap files can also be opened using wireshark - once the plugin has been installed, !OpenFlow packets can be interpreted from these files as well. === Iperf === For performance testing, you may want to run some bandwidth tests. iperf is a tool that measures maximum network performance using TCP for throughput and UDP for jitter and datagram loss. The standard image used for the Sandbox nodes when booted with command `omf tell on` comes with iperf. To take measurements, you need at least two nodes. One node becomes the server, the other(s), clients. '''Permissions:''' [[BR]] Iperf does not require root access. '''Usage:'''[[BR]] Initially, eth0 (the !OpenFlow interface for the nodes) will be disabled. Additionally, there is no DHCP service on that VLAN - you need to enable the interface and statically set the IP address (i.e. using ifconfig). 192.168.x.y is the block associated with the !OpenFlow VLAN. To start the server: {{{ iperf -s }}} and on the client: {{{ iperf -c 192.168.x.y }}} Where 192.168.x.y is the IP address of the iperf server. A caveat is that iperf cannot take real-time bandwidth measurements. Real-time bandwidth use can be monitored using BWM-ng. '''On the Console'''[[BR]] Iperf is also installed on the Console. The interfaces available on the Console are the following: * eth1 - 192.168.100.28 * eth1.27 / Control - 10.19.0.10 * eth1.28 / OF virtual switch - 192.168.1.28 * eth1.100 / OFP interface - 172.16.100.1 === BWM-ng === BWM-ng is a tool capable of taking real-time throughput measurements of different interfaces of a host. '''Permissions:''' [[BR]] BWM-ng does not require root access, and is installed on the Console. '''Usage:'''[[BR]] By default, the tool will monitor all interfaces on the Console. To monitor just the !OpenFlow interface, you must specify `eth1.100`. To output this to a csv, use the following command: {{{ bwm-ng -I eth1.100 -o csv -t 1000 -F }}} * -I : interface * -o : output, either in csv or html * -t : specifies sampling rate in msec. Here, it is 1000 msec, or 1 sample/sec * -F : Filename of output '''Installation on a node'''[[BR]] The following command will install BWM-ng: {{{ apt-get install bwm-ng }}} ---- === Development === The files defining !OpenFlow Protocol can be found in the following locations: * !OpenFlow reference system: openflow/include/openflow/openflow.h * NOX: noxcore/src/include/openflow.hh In addition, NOX provides a [http://noxrepo.org/manual/app.html Web API] that allows you to do development in C++ or Python. === Demo Video === ''TODO'' move this onto the orbit webserver. A video Demonsration of the usage of the refrence controller can be found at: http://www.winlab.rutgers.edu/~ssugrim/Projects.html