| | 1 | = Building Network Topologies (with !OpenFlow) = |
| | 2 | This is a rough overview of the steps one needs to take in order to simulate point-to-point links between nodes sharing a single switch (e.g. within the same broadcast domain), using !OpenFlow-controlled nodes as a means to move traffic from one VLAN to another. The steps described here are incomplete; Things will be updated as methods are refined/improved. |
| | 3 | |
| | 4 | == Prerequisites == |
| | 5 | VLANs are good for breaking up broadcast domains. If each node is placed on separate VLANs and given a choice of a few "gateways" out of its VLAN, it has no choice but to communicate through the gateway(s). How the gateway nodes moves packets/frames from one VLAN to another depends on which network layer(s) are involved. |
| | 6 | |
| | 7 | This page assumes that you have a setup similar to [http://www.orbit-lab.org/wiki/Documentation/OpenFlow SB9], as well as a node with a working install of NetFPGA drivers or !OpenvSwitch, depending on how links are being set up. For the !OpenFlow methods, you also need a !OpenFlow controller that allows you to push flows to your software defined switch. You should have access to the switch that the nodes are sharing as well, since you need to slice it into VLANs. The following links describe setup and use of theses components (internal links): |
| | 8 | |
| | 9 | * [http://www.orbit-lab.org/wiki/Documentation/OpenFlow/vSwitchImage OpenVswitch] - A software-defined virtual switch with !OpenFlow support, no special hardware required. |
| | 10 | * [http://www.orbit-lab.org/wiki/Internal/OpenFlow/HostSetup NetFPGA] - FPGA-based network device with !OpenFlow support |
| | 11 | * [http://www.orbit-lab.org/wiki/Internal/OpenFlow/QuantaSetup Quanta LB9A] - The shared medium switch. In this page this switch will be used in !XorPlus (normal) mode. |
| | 12 | * As for the !OpenFlow controller, there is a [http://www.orbit-lab.org/wiki/Internal/OpenFlow/Controllers collection] to choose from. |
| | 13 | |
| | 14 | The system used here is Ubuntu10.10 (kernel: 2.6.35-30-generic). Command syntax will change depending on your distro. |
| | 15 | |
| | 16 | == Contents == |
| | 17 | We first describe some base "sanity-test" setups that do not involve any !OpenFlow elements. These are: |
| | 18 | I [#basic Basic Methods] |
| | 19 | 1.1 [#KernIP Kernel IP routing] (Layer 3) [[BR]] |
| | 20 | 1.2 [#brctl Linux Bridge] (Layer 2) |
| | 21 | Then we describe the (ongoing) process of topology setup using !OpenFlow-related elements, such as: |
| | 22 | II [#of OpenFlow Methods] |
| | 23 | 2.1 [#OVS OpenvSwitch] [[BR]] |
| | 24 | 2.2 [#nfpga NetFPGA OpenFlow switch] |
| | 25 | !OpenFlow is rather layer-agnostic, defining traffic rules based on a combination of any of the 12 packet header fields that may be used for matching under the !OpenFlow standard. These fields correspond to layers 1~4. |
| | 26 | |
| | 27 | All save the very last method requires that the network node is VLAN aware. Before moving on to Section I we will quickly describe how to add VLAN awareness to the system. |
| | 28 | |
| | 29 | 1. Install and load VLAN module: |
| | 30 | {{{ |
| | 31 | apt-get install vlan |
| | 32 | modprobe 8021q |
| | 33 | }}} |
| | 34 | 2. Add VLAN interfaces using `vconfig`: |
| | 35 | {{{ |
| | 36 | vconfig add eth0 111 |
| | 37 | vconfig add eth0 222 |
| | 38 | }}} |
| | 39 | This creates two virtual LAN interfaces, eth0.111 and eth0.222. The module can be made to load at boot time by appending '8021q' to the list, /etc/modules. |
| | 40 | |
| | 41 | == I Basic Methods == #basic |
| | 42 | These two methods should work on any *nix machine, so they can serve as "sanity checks" for the system you are using as the network node. |
| | 43 | == 1.1 Kernel IP routing == #KernIP |
| | 44 | Kernel IP routing is the simplest, in that no extra packages are required if you have multiple Ethernet ports on your node. |
| | 45 | === 1.1.1 Network node setup === |
| | 46 | 1. This setup assumes a 1-to-1 mapping of VLANs to subnets. Choose IP blocks, one fore each VLAN. For example, if you have two clients connected across your node, you need two IP blocks, one for each VLAN: |
| | 47 | * VLAN 111: 192.168.1.0/24, gateway 192.168.1.13 |
| | 48 | * VLAN 222: 192.168.2.0/24, gateway 192.168.2.23 |
| | 49 | The gateway IPs chosen above will be the IP addresses assigned to the VLAN interfaces you have set up earlier on your network node. |
| | 50 | |
| | 51 | 2. Bring up VLAN interfaces with the IP addresses/blocks you have chosen: |
| | 52 | {{{ |
| | 53 | ifconfig eth0 0.0.0.0 up |
| | 54 | ifconfig eth0.111 inet 192.168.1.23 broadcast 192.168.1.255 netmask 0xffffff00 up |
| | 55 | ifconfig eth0.222 inet 192.168.2.23 broadcast 192.168.2.255 netmask 0xffffff00 up |
| | 56 | }}} |
| | 57 | This configuration can be made permanent by modifying /etc/network/interfaces: |
| | 58 | {{{ |
| | 59 | auto eth0.111 |
| | 60 | iface eth0.111 inet static |
| | 61 | address 192.168.1.13 |
| | 62 | netmask 255.255.255.0 |
| | 63 | vlan-raw-device eth0 |
| | 64 | |
| | 65 | auto eth0.222 |
| | 66 | iface eth0.222 inet static |
| | 67 | address 192.168.2.23 |
| | 68 | netmask 255.255.255.0 |
| | 69 | vlan-raw-device eth0 |
| | 70 | }}} |
| | 71 | |
| | 72 | 3. Enable routing on network node |
| | 73 | {{{ |
| | 74 | route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.13 |
| | 75 | route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.23 |
| | 76 | echo 1 > /proc/sys/net/ipv4/ip_forward |
| | 77 | }}} |
| | 78 | The last line in the above block is equivalent to running the command: |
| | 79 | {{{ |
| | 80 | sysctl -w net.ipv4.ip_forward=1 |
| | 81 | }}} |
| | 82 | The `ip_forward` flag resets itself after reboot. To make it permanent, add |
| | 83 | {{{ |
| | 84 | sysctl net.ipv4.ip_forward=1 |
| | 85 | }}} |
| | 86 | to /etc/sysctl.conf. |
| | 87 | === 1.1.2 End node setup === |
| | 88 | Unless you have set up DHCP, you must manually assign an IP address and default gateway to each node. The former should be consistent with the subnet associated with the VLAN to which the end host belongs. For example, the following host is connected to a switch port associated with VLAN 222, so it is assigned an address from the 192.168.2.0/24 block: |
| | 89 | {{{ |
| | 90 | ifconfig eth0 inet 192.168.2.4 |
| | 91 | }}} |
| | 92 | Then you must add reachability information to the node's routing table e.g. the IP addresses that it must send data to in order to have it reach remote subnets. Since there is only one other subnet in this example, a single entry specifying the destination subnet (192.168.1.0/24 - VLAN 111) and the gateway IP in/out of the current node's subnet is added: |
| | 93 | {{{ |
| | 94 | route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.2.23 |
| | 95 | }}} |
| | 96 | Do this for each remote subnet that the node should be able to communicate with. Once all of the nodes are configured, you should be able to ping end-to-end. |
| | 97 | |
| | 98 | == 1.2 Linux Bridge == #brctl |
| | 99 | A bridge will ignore VLAN tags, so if you have two VLAN interfaces e.g. eth0.111 and 222 sitting on a trunk, the packets will come in tagged. An intermediate abstraction will strip the tag from the packet (at br0), and the packet will get tagged as appropriate on the outbound. Unlike kernel IP forwrding, bridging works purely at Layer 2, hence you do not need to worry about IP addressing. |
| | 100 | |
| | 101 | The first three steps refer to the network node. |
| | 102 | |
| | 103 | 1. Configure and bring VLANS up as before, sans IP addresses |
| | 104 | |
| | 105 | 2. Install bridge-utils: |
| | 106 | {{{ |
| | 107 | apt-get install bridge-utils |
| | 108 | }}} |
| | 109 | 3. Create bridge interface, add ports: |
| | 110 | {{{ |
| | 111 | brctl addbr br0 |
| | 112 | brctl addif br0 eth0.111 |
| | 113 | brctl addif br0 eth0.222 |
| | 114 | }}} |
| | 115 | 4. Set all hosts on the bridged VLANs to the same IP block. |
| | 116 | |
| | 117 | == II !OpenFlow Methods == #of |
| | 118 | == 2.1 !OpenvSwitch == #OVS |
| | 119 | == 2.2 NetFPGA !OpenFlow switch == #nfpga |
| | 120 | The following are the flow configurations applied to the first (trunked) setup. |
| | 121 | {{{ |
| | 122 | switch 00:00:00:00:00:10:10:10 |
| | 123 | |
| | 124 | #strip tag from any incoming traffic on port 1 |
| | 125 | flow-entry port1 |
| | 126 | active True |
| | 127 | ingress-port 1 |
| | 128 | vlan-id 111 |
| | 129 | actions strip-vlan,output=4 |
| | 130 | |
| | 131 | #re-apply VLAN 222 tag to ARP packets bound for port 4, from 1 |
| | 132 | flow-entry port1-2 |
| | 133 | active False |
| | 134 | ingress-port 1 |
| | 135 | ether-type 2054 |
| | 136 | actions set-vlan-id=222,output=4 |
| | 137 | |
| | 138 | #re-apply tag to IP packets bound for 192.168.1.4 |
| | 139 | flow-entry port1-3 |
| | 140 | active False |
| | 141 | ether-type 2048 |
| | 142 | src-ip 192.168.1.1 |
| | 143 | actions set-vlan-id=222,output=4 |
| | 144 | |
| | 145 | #re-apply VLAN 111 tag to ARP packets bound for port 1, from 4 |
| | 146 | flow-entry port2-2 |
| | 147 | active False |
| | 148 | ingress-port 4 |
| | 149 | ether-type 2054 |
| | 150 | actions set-vlan-id=111,output=1 |
| | 151 | |
| | 152 | #re-apply tag to IP packets bound for 192.168.1.1 |
| | 153 | flow-entry port2-3 |
| | 154 | active False |
| | 155 | ether-type 2048 |
| | 156 | src-ip 192.168.1.4 |
| | 157 | actions set-vlan-id=111,output=1 |
| | 158 | |
| | 159 | #strip tag from any incoming traffic on port 4 |
| | 160 | flow-entry port4 |
| | 161 | active True |
| | 162 | ingress-port 4 |
| | 163 | vlan-id 222 |
| | 164 | actions strip-vlan,output=1 |
| | 165 | ! |
| | 166 | }}} |
