OpenFlow Starter Tutorial Lab #1
OpenDaylight OpenStack Integration with DevStack on Fedora 20
- Lab 1: Add static destination MAC addresses to each node. Match: DstMac: , Action:DstPortX
- Lab 2: Add static flow with src mac address match with the associated action to an output port e.g. Match:SrcMac Action:DstPortY.
- Lab 3: Add a bad static flow for one of the hosts and watch ICMP replies from the gateway on the board port come back through tcpdump. Match:DstMac, Action:PortZ
Figure 1. The topology for the lab simulates in software the same capabilities you can get in hardware thanks to OpenvSwitch.[/crayon]
This setup allows you to add and remove as many matches into the API calls and tinker with them to get a feel once you nail down the basics. Then you can write the next “killer app” get rich and make it rain, but first lets figure out what is going on here.
RESTful/JSON API
The API is documented very well (that is huge and differentiating IMO) @
|
1 2 3 |
<a href="http://www.openflowhub.org/display/floodlightcontroller/Proposed+New+API">http://www.openflowhub.org/display/floodlightcontroller/Proposed+New+API</a> |
RESTful APIs are very important in my opinion if there is to be a transition of any kind to make it human readable for at the least troubleshooting or easy field parsing programmaticlaly for those of us who are only willing to muck our way through interpreted languages. Huge fan of what they have done here with their API and I expect the industry to follow this.
Forwarding Table in OpenvSwitch
Based on ‘ovs-appctl fdb/show br-int’ build your cheat sheet so see what port your host VMs are on inside of OpenvSwitch. If you do not see your entry it has like timed out ~300 seconds or so, refresh the entry by simply pinging the host VM from the vSwitch. These tables are the same as your CAM tables doing key/value exact matches for L2 mac address lookups and LPM (Longest Prefix Match) in todays network systems only in software.
|
1 2 3 4 5 6 7 8 9 |
$ovs-appctl fdb/show br-int port VLAN MAC Age 1 0 00:23:69:62:26:09 58 6 0 00:11:22:cc:cc:10 7 5 0 00:00:00:00:cc:10 4 0 0 5c:26:0a:5a:c8:b2 3 7 0 22:22:22:00:cc:10 3 |
MAC tables for this lab are as follows. Yours will likely be different based on the assignment by the vSwitch. The mac addresses are specifed by the KVM boot but anything can be used as long they are unique.
The DPID datapath ID is required to send the API calls. You need to find the one on your vSwitch. Lots of ways to find it either through the Floodlight console or APIs or from the ovs-ofctl show <bridge name> listed below. It is basically a few bytes prepended on your Nics MAC address).
|
1 2 3 4 |
$ ovs-ofctl show br-int OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:00005c260a5ac8b2 (that is your DPID) |
Replace the curl commands with your DPID curl -d ‘{“switch”: “00:00:5c:26:0a:5a:c8:b2”, (that longer than usual mac looking ID)
“ovs-dpctl dump-flows br-int” will display the datapaths being instantiated into the OpenvSwitch and handy for debugging and tshooting.
Figure2. MAC to Port mapping or forwarding table for the labs. Build this from “ovs-appctl fdb/show br-int” output.
Throughout the lab I have my VM hosts pinging the gateway so I can watch what happens as I instantiate static flows into the OpenvSwitch (OVS) flow table.
OpenFlow WebUI GUI
Through the lab for starters it might be easier for some to watch the web page. This is a nice Django front end put together by Wes Felter and some of his guys at IBM. There are some bugs which I’m sure the Floodlight guys would like anyone to clean up. If you leave the page open it continues to refresh until it consumes the planet as it polls the controller. Just close and reopen every now and then.
The WebUI loads be default with the jar binary:
|
1 2 3 |
java -jar floodlight.jar |
|
1 2 3 |
http://<yourIP>:8080/ui/index.html |
Figure 3. WebUI starts automatically and binds to port 8080
It might be more comfortable for some to use the WebUI / GUI. It is a nice clean web front at that!
All three labs are in this screencast.
Lab 1 Static MAC entries for our 3 hosts
Figure 3. Three hosts with static mac entries for each port.
Static Flow Push into the OpenFlow Pipeline
Before we run we crawl, before we dynamically forward we statically forward! It seems natural that most of the time we start with static entries when teaching the mechanics of routing with network IGPs. Here we are defining static data paths. We match (or don’t) a rule and have an associated action to it that will eventually kick off a fairly complex sets of flow tables in a pipeline in v1.1 and up.
The fairly close command for a data path in a tradiational instruction set on today’s switches would be this ‘”mac-address-table static 0000.0000.cc10 vlan 100 interface GigabitEthernet0/1″. We are not setting a vlan id but would be as easy as adding “dataLayerVirtualLan”:x to the flow push. That is obviously not scalable but I think it is important to understand how datapaths get pushed to the OF enabled switch. Normally even in the SDN world those mac address are learned through flooding to all ports FFFF.FFFF.FFFF on the broadcast domain. The controller than learns of it starts a mac address timer to begin to age it out if no more traffic is received so as not to exhaust the it’s tables but cache it if it continues talking by restarting the timer each time a frame is received from the MAC source.
Push static flows for each destination mac address in the switch to an assigned port. We have a match and action explicitly defined. All we are doing is adding static mac address entries instead of them being defined dynamically through flooding. Not each name is unique. If copying and pasting make sure to strip formatting.
As you add the flows keep in mind each curl you do will overwrite the previous one their with the same name in the table. Notice each flow pushed has a unique name. It’s almost ACLs but not quite.
- Install curl
|
1 2 3 |
$apt-get install curl |
With OVS and the OF controller run each of these from your command line.
Remember to replace the DPID “switch”: “00:00:5c:26:0a:5a:c8:b2” & the IP addr 192.168.1.208 with your lab addresses. Each curl command is one line.
Instantiate The OpenFlow Forwarding Rules
- Host 1
|
1 2 3 |
$ curl -d '{"switch": "00:00:5c:26:0a:5a:c8:b2", "name":"static-flow1", "cookie":"0", "priority":"32768", "dst-mac":"00:00:00:00:cc:10","active":"true", "actions":"output=5"}' http://192.168.1.208:8080/wm/staticflowentrypusher/json |
- Host 2
|
1 2 3 |
$ curl -d '{"switch": "00:00:5c:26:0a:5a:c8:b2", "name":"static-flow2", "cookie":"0", "priority":"32768", "dst-mac":"00:11:22:cc:cc:10","active":"true", "actions":"output=6"}' http://192.168.1.208:8080/wm/staticflowentrypusher/json |
- Host 3
|
1 2 3 |
$ curl -d '{"switch": "00:00:5c:26:0a:5a:c8:b2", "name":"static-flow3", "cookie":"0", "priority":"32768", "dst-mac":"22:22:22:00:cc:10","active":"true", "actions":"output=7"}' http://192.168.1.208:8080/wm/staticflowentrypusher/json |
List the Flows
Now through the API we can pull all static flows that have been pushed with this API call. Notice all of the Tuples (header fields e.g. SrcMac, Dest,IP etc) being listed. Look for the “match” and “action” you pushed.
|
1 2 3 |
$ curl http://192.168.1.208:8080/wm/staticflowentrypusher /list/00:00:5c:26:0a:5a:c8:b2/json |
Clear or Delete the Static Flows
To clear all of the static flows the API call looks like this. Clear all flows the API also has a delete function documented:
|
1 2 3 |
$ curl http://192.168.1.208:8080/wm/staticflowentrypusher /clear/00:00:5c:26:0a:5a:c8:b2/json |
- Getting Started OpenFlow OpenvSwitch Tutorial Lab – Setup
- OpenFlow Starter Tutorial Lab #1
- OpenFlow Starter Tutorial Lab #2
- OpenFlow Starter Tutorial Lab #3
Thanks for stopping by.
Thanks for putting these labs up. I’ve been meaning to get into OpenFlow & OpenvSwitch.
My Pleasure Kari! Hope it helps. It is a different world for sure.
Hi,
do you know why the video is not opening (“This video is private”).
Can two openflow switches run diffirent openflow specification in a network topology? and if yes, can they be controlled using single controller??
Thanks for making these labs! They help me a lot in my first approach to OpenFlow. Without your instructions and youtube videos I would have been a much longer road.
Keep it up 😉
Hi Stuart, Thanks a bunch for the feedback!
Respect,
-Brent
Hi Brent,
thank you for this great tutorial!
To make a static flow wasn’ t a problem. But when I try to list or delete them, I received following message:
“{“globalError”:false,”redirection”:false,”recoverableError”:false,”name”:”Not Found”,”error”:true,”throwable”:null,”description”:”The server has not found anything matching the request URI”,”success”:false,”reasonPhrase”:”Not Found”,”informational”:false,”code”:404,”uri”:”http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5″,”serverError”:false,”connectorError”:false,”clientError”:true}curl: (3) malformed
”
Do you know what I did wrong? I’m using mininet to emulate an openflow network with 3 clients and one switch. I changed the IP and DPIP to make it compatible- as you say.
I hope you can help me!
Best regards
Till
There is an extra space here “…staticflowentrypusher /list/…”. It should actually be “…staticflowentrypusher/list/…”
Thanks Darth. I am going to try and put out a new one soon using Daylight. The GUI is easier for folks new to OF. Sorry, for any errors guys and stay posted.
Cheers,
-Brent
Hi
tnx for the tutorial.
I installed floodlight controller on ubuntu12.04 and attached it to OVS. it connected successfully but the WebUI did not load.
another problem that I have is that I cant import the floodlight parent folder to eclipse. I wanted to import it as follow : import>General> Existing project to workspace after I select the root directory no check boxes show up and the next button is disabled.
please help me
thank you