Okinawa open laboratory First hand on seminar OpenDaylight edition
172
www.opendaylight.org Okinawa open laboratory First hand on seminar OpenDaylight edition July 29, 2014 Satoshi Hieda Takahiro Oshima
description
Okinawa open laboratory First hand on seminar OpenDaylight edition. Satoshi Hieda Takahiro Oshima. July 29 , 2014. Agenda. Part 1: OpenDaylight Introduction to OpenDaylight project Introduction to OpenDaylight Hydrogen OpenDaylight hands on Break - PowerPoint PPT Presentation
Transcript of Okinawa open laboratory First hand on seminar OpenDaylight edition
www.opendaylight.org
Okinawa open laboratoryFirst hand on seminarOpenDaylight editionJuly 29, 2014
Satoshi HiedaTakahiro Oshima
www.opendaylight.org2
Part 1: OpenDaylight Introduction to OpenDaylight project Introduction to OpenDaylight Hydrogen OpenDaylight hands on
Break
Part 2: VTN (Virtual Tenant Network) Introduction to VTN VTN hands on Practice problems
Agenda
3
Part 1: OpenDaylight
4
Introduction to OpenDaylight project
www.opendaylight.org5
Separate network control and data forwarding Make network control programmable
SDN
control
forwarding
control
forwarding
control
forwarding
control
forwarding
forwarding
control
application
API
Control/Data planeInterface
SDNCurrent network
(Software Defined Networking)
www.opendaylight.org6
Part of Linux Foundation Collaborative Project Main activities
SDN controller development Develop SDN controller for commercial use from the
development resources committed by participating vendors.
Make it Open source Offer SDN controller as OSS to a wide range of users and
vendors Promote SDN market
Accelerate the rise of SDN market and promote its commercial use with the above activities.
OpenDaylight project
www.opendaylight.org7
Participation of both network vendors and IT vendors.
39 vendors at present. The participants are increasing.
Multi-vendor
(from http://www.opendaylight.org/project/members, as of 7/19)
www.opendaylight.org8
Project proposal by many participants/vendors There are 25 projects at present.
Multi-project
• AAA Service• Affinity Metadata Service• BGP-LS/PCEP• Controller• dlux - openDayLight User eXperience• Documentation Project• Defense4All• Dynamic Resource Reservation• Group Policy Plugin Project• Integration Group• LISP Flow Mapping• Open DOVE• OpenFlow Plugin• OpenFlow Protocol Library
• OpFlex Implementation Project• OVSDB Open vSwitch
Database Integration Project• OSCP Project• PacketCable PCMM Project• Secure Network Bootstrapping Infrastructur
e (SNBI) project• Service Function Chaining• SNMP4SDN• Table Type Patterns (TTPs)/Negotiable
Datapath Models (NDMs)• Toolkit Project• Virtual Tenant Network (VTN)• YANG Tools
(from https://wiki.opendaylight.org/view/Main_Page, as of 7/19)
www.opendaylight.org9
Vendor neutral Only vendor neutral projects can be proposed Check by TSC in creation review of project
Governance Board: Collegiate system with focus on Platinum
member. TSC: Committer elected by Core project
representative(focus is on Platinum member for now because it is just after the inauguration) Contents of discussion have been published on Internet
Open community
• TSC: Technical Steering Committee. Organization controlling the overall design/development of OpenDaylight
10
Introduction to OpenDaylight Hydrogen
www.opendaylight.org11
SDN controller released in February, 2014 First OpenDaylight release
License: Eclipse Public License Three release edition
Base Edition Basic features only For SDN, OpenFlow investigation
Virtualization Edition Base Edition + virtualization For data centers
Service Provider Edition Base Edition + multiple protocol support For providers, carriers
OpenDaylight Hydrogen
Eclipse Public License(EPL)The receiver of EPL-licensed programs can use, modify, copy and distribute the work and modified versions. However, certain obligations are attributed to the distribution of the modified version, like revealing the method to acquire the source code.(from http://ja.wikipedia.org/wiki/Eclipse_Public_License)
www.opendaylight.org12
Rapid increase in short period of time after OpenDaylight inauguration(May, 2013)
Many contribution of existing code as well
Code volume
OpenDayli
ght
発足
Hydro
gen r
eleas
e
(total
: 1.5ML,
code
: 1.0ML)
(from http://www.ohloh.net/p/opendaylight)
www.opendaylight.org13
Announcement of products with OpenDaylight base Cisco: XNC (Extensible Network Controller)
One PK, OpenFlow 1.0 support
IBM: SDN VE (Software Defined Network for Virtual Environment)
Adopt same technology as OpenDOVE PoC of OpenDaylight starts in Deutsche Telekom,
Italtel etc. Ericsson launches laboratory for validation
Adoption
www.opendaylight.org14
Many vendor-led projects Depending on the project, committers are limited to
one company
Non vendor-led projects are also increasing University of Kentucky, ITRI, ...
Community is diversifying Projects with multiple vendor participation Integration between projects
Community
www.opendaylight.org15
Contributors: 154 (as of February,2014)(Reference: OpenStack 1974, Floodlight 52)
Community
Commit count Line count
(from http://events.linuxfoundation.org/sites/events/files/slides/OpenDaylight-Year1%20v4-ext.pdf )
www.opendaylight.org16
Projects in the Hydrogen ReleaseProject name Activities Proposed
vendors
OpenDaylight Controller SDN controller framework and basic features Cisco
OpenFlow Plugin Plugin to control OpenFlow compliant network devices Ericsson, IBM, Cisco
OpenFlow Protocol Library Library supporting OpenFlow 1.3 and above versions Pantheon
YANG Tools Tools and library to set network devices using NETCONF and YANG
Cisco
VTN Virtualization technology for realizing multi tenants across multiple SDN controllers
NEC
OVSDB Integration Configuration/management feature of OVSDB mediated OVS(Open vSwitch)
Kentucky Univ.
Open DOVE Virtualization technology for realizing multi tenant with overlay technology
IBM
Affinity Metadata Service API for expressing relationship and service level of workload Plexxi
Defense4All Feature controlling the detection/defense of DDoS attack Radware
BGP-LS/PCEP Feature controlling BGP-LS and PCEP compliant network devices Cisco
LISP Flow Mapping Feature controlling LISP compliant network devices ConteXtream
SNMP4SDN SNMP support ITRI
(From https://wiki.opendaylight.org/images/2/24/ODL_2013.11-IETF-final.pptx)
www.opendaylight.org17
(From OpenDaylight_Briefing_Deck_06.30.14.ppt http://bit.ly/ZPgDut)
18
OpenDaylight Hydrogen Base Edition
www.opendaylight.org19
(From http://www.opendaylight.org/software/base-edition )
www.opendaylight.org20
Framework of SDN controller Constitutes of OSGi Framework + bundle
Major features Base Network Service Function
Bundle the basic controller features and offer it as REST API Topology Manager, Stats Manager, Switch Manager, ...
SAL (Service Abstraction Layer) HA, Clustering Northbound API GUI
OpenDaylight Controller
www.opendaylight.org21
Abstraction layer between Controller Platform and Protocol Plugin
Control data sharing, request calls etc.
Two types of SAL are defined AD-SAL (API-Driven SAL) MD-SAL (Model-Driven SAL)
Supported SAL differs based on Plugin
SAL
www.opendaylight.org22
SAL defines the service APIs offered to upper layers Higher applications use SB Plugin via service API
Degree of support provided for service APIs differ based on SB Plugin, and it is necessary to be aware of the return code
AD-SAL
(From https://wiki.opendaylight.org/view/OpenDaylight_Controller:AD-SAL )
AD-SAL
www.opendaylight.org23
Java bindings(API/Plugin) are created via YANG Tools, based on the data model defined in YANG
MD-SAL
(From https://wiki.opendaylight.org/images/7/78/ONF_NBI_Leadership_Roundtable_Presentation_-_ODL.pptx )
www.opendaylight.org24
Application and SB plugin operate model data, and execute request (RPC) and notification via the generated Java bindings
MD-SAL
(From https://wiki.opendaylight.org/images/e/e3/Os2014-md-sal-tutorial.pdf )
www.opendaylight.org25
OpenFlow Plugin Protocol plugin that controls OpenFlow switch Supports OF 1.0, 1.3.x
OpenFlow Protocol Library Library for transmitting and receiving OpenFlow protocol data
OpenFlow Plugin & Protocol Library
(From https://wiki.opendaylight.org/view/File:Openflow_Protocol_Library.pdf )
www.opendaylight.org26
Tools and libraries to configure network devices by using NETCONF and YANG
Generates Java binding from model described in YANG
Service module of MD-SAL can be easily created from YANG model
YANG Tools
27
OpenDaylight Hydrogen Virtualization Edition
www.opendaylight.org28
(From http://www.opendaylight.org/software/virtualization-edition )
www.opendaylight.org29
Virtualization technology that realizes a multi tenant that spans across multiple SDN controllers Offers VTN API for higher applications to control the
virtual network
Refer details in Part 2 VTN!
VTN
www.opendaylight.org30
OVS(Open vSwitch) configuration and management features via OVSDB Offers features for OVS like creation of bridge, port
etc., modification of settings, deletion, information retrieval and tunnel control
Possible to integrate
with OpenStack
OVSDB
(From http://www.1-4-5.net/~dmm/talks/OpenDaylight_SDN_Workshop_AZ.pdf )
www.opendaylight.org31
Virtualization technology with overlay technology (VxLAN) Tenants can connect with each other on L2 and L3 (ACL control) Has a gateway feature with the existing physical network Integrates with OpenStack
OpenDOVE
(From https://wiki.opendaylight.org/view/Open_DOVE:Proposal )
www.opendaylight.org32
Metadata to realize network model This service does not look into how metadata is
expressed as config and flow entry
Affinity Metadata Service
(From https://wiki.opendaylight.org/view/Project_Proposals:Affinity_Metadata_Service )
www.opendaylight.org33
Feature to control detection and defense for DDoS attacks When a DDoS attack is detected, it mitigates the attack
by directing target flows to mitigation systems
Defence4All
(From https://wiki.opendaylight.org/view/Project_Proposals:Defense4All )
www.opendaylight.org34
Offers one northbound for the controller Plugin individual
implementations of each project under it
OpenStack Service
Supported projects VTN,OVSDB,OpenDOVE
Resources Resources used differs for
different projects
VTNProvider
DOVEProvider
OVSDBProvider
Resource VTN OVSDB OpenDOVE
Network Yes Yes Yes
Subnet - - Yes
Port Yes Yes Yes
Router - - Yes
FloatingIP - - Yes
(From http://www.1-4-5.net/~dmm/talks/OpenDaylight_SDN_Workshop_AZ.pdf )
hop by hop overlay overlay
VTNProvider
DOVEProvider
35
OpenDaylight Hydrogen Service Provider Edition
www.opendaylight.org36
(From http://www.opendaylight.org/software/service-provider-edition )
www.opendaylight.org37
LISP Mapping Service Controls network devices that support LISP Offers mapping feature between EID/Locator of
LISP BGP-LS/PCEP
Controls network devices that support BGP-LS and PCEP
Allows topology detection via BGP-LS and path programming via PCEP
SNMP4SDN Controls network devices via SNMP
LISP, BGP, PCEP, SNMP
38
Conclusion
www.opendaylight.org39
OpenDaylight Helium (incoming SDN controller) Under development, release planned for September 29 Projects that plan to participate (25 projects)
AAA Service BGPCEP Controller dLux Defense4All Docs Group Based Policy Integration Group L2 Switch Lisp Flow Mapping Service ODL-SDNi App OpenFlow Plugin Openflow Protocol Library
Future of OpenDaylight
OpFlex protocol Agent OVSDB PacketCablePCMM Secure Network Bootstrapping Infrastructure Service Function Chaining Southbound plugin to the OpenContrail
platform Reservation SNMP4SDN Table Type Patterns Toolkit VTN Project YANG Tools
www.opendaylight.org40
We now have an overview of OpenDaylight project and OpenDaylight Hydrogen
For those who are interested in the projects, please refer this page! https://wiki.opendaylight.org/view/Main_Page
Conclusion
www.opendaylight.org41
OpenFlow overview
www.opendaylight.org42
Status of OpenFlowOpenDaylight Controller Architecture
One of the protocols supported by OpenDaylight(Southbound Interface)
www.opendaylight.org43
Basic overview of OpenFlow (version 1.0)
Priority Header Fields Action Count
10000 DMAC = AA:AA:… Port 1 250
5000 SIP=10.0.0.1 Port 2 300
4000 L4-port=23 Drop 892
1 ANY Controller 11
▌ Controller enters the rules for packet processing into the switch tables. Switch will process the packets based on this table information.= Separating control and forwarding features
▌ OpenFlow specification defines - message format between controller and switch - necessary switch capabilities
OF1.0
www.opendaylight.org44
OpenFlow utilization (Overlay or Hop-by-hop)
OF
OF
OF
OF
OF
OF
OF
OF
OF
OFLegacy
▌ Overlay technology
▌ Hop-by-hop technology
OpenFlow in edge only Maintains existing network devices Central management of core NW is
not possible → Cannot visualize physical path → Traffic path control is difficult
OpenFlow in its entirety Replaces existing network devices Central management of core NW is
possible → Visualize physical path → Traffic path control is easy
Server
Flow 1Flow 2
App 1
App 2
App 1App 2
①
①OpenFlow controller
OpenFlow switch
Traffic path control specifically, such things are possible
■ Sophistication of traffic path control with Open flow① Effective use of network bandwidth by path control of each flow (multi-path)
② Improvement in network device maintainability by moving flows to one side
③ Place network appliances like Firewall, Load balancer etc. between the path and allow passage of specific flows (WayPoint feature)
Page 45
Server
②Move flows to one side
②Maintenance possible
Traffic path control specifically, such things are possible
OpenFlow controller
OpenFlow switch
Page 46
■ Sophistication of traffic path control with Open flow① Effective use of network bandwidth by path control of each flow (multi-path)
② Improvement in network device maintainability by moving flows to one side
③ Place network appliances like Firewall, Load balancer etc. between the path and allow passage of specific flows (WayPoint feature)
Flow 1Flow 2
App 1App 2
App 1App 2
FW LB FirewallLoad balancer
③
Traffic path control specifically, such things are possible
OpenFlow controller
OpenFlow switch
Page 47
■ Sophistication of traffic path control with Open flow① Effective use of network bandwidth by path control of each flow (multi-path)
② Improvement in network device maintainability by moving flows to one side
③ Place network appliances like Firewall, Load balancer etc. between the path and allow passage of specific flows (WayPoint feature)
Flow 1Flow 2
App 1App 2
Server
App 1App 2
Distinguish communication traffic with any combination of address/ identifier in each of the L1(physical port etc. ) , L2(MAC), L3(IP) and L4(port number) layers and define actions accordingly for more flexible control.
[What happens in OpenFlow?]
Packet header fields used in Match conditionsUses total of twelve header fields as Match conditions from
L1 to L4
L1 L2 L3 L4
DataSrcMAC
VLANPriority
SrcIP
TCP/UDPSrc Port
TCP/UDPDst Port
DstMAC
DstIP
IngressPort
EtherType
VLANid
IPToS
IPProto
[Conventional network devices]
L2 (MAC) switching L3 (IP) routing
Controls forwarding to individual network devices according to destination address of L2/L3 layers
(Firewall etc.)
OF1.0
Action for each flow (Action) As Action, it is possible to update packet header (Modify-
Field), output to specified port (OUTPUT) or add to specified queue (ENQUEUE). Drop action is performed if action is not specified
Type of action Description
ForwardPORT specification
Specify physical port number of switch
IN_PORT Forward packets to input port of packets
TABLEPerform flow table match operations (during Packet Out messages)
NORMAL Forward packets using legacy switch features
FLOODOutput to all ports except the port that received the packet and the port where NO_FLOOD is set in OpenFlow
ALLTransmit packets from all ports except the input port of packets
CONTROLLER Transmit packets to controller
LOCAL Termination process in protocol stack inside switch
Enqueue Add to specified queue
Modify-field Update packet header
OF1.0
www.opendaylight.org50
OpenDaylight hands on
www.opendaylight.org51
In this session, we will operate and experience the following sample applications preset in Hydrogen.
Simple Forwarding Static Flow Installation
Manual setting from GUI (filtering) Manual setting from REST API (L2 communication)
Load Balancer Service Load distribution with L4 load balancing
Agenda
www.opendaylight.org52
Check VM start
User name : mininet
Password : mininet
Modify keyboard layout to Japanese sudo dpkg-reconfigure keyboard-configuration Select “Japanese” on the second screen
( leave the rest as default )
BackSpace enable stty erase ^H Record above in ~/.bash_profile as well
Environment preparation
www.opendaylight.org53
Start controller with Base Edition. cd ~/controller-base/opendaylight/ ./run.sh
※ Startup takes some time ( few seconds )
Check start Open browser and access the following.
http://127.0.0.1:8080/ User name : admin Password :
admin
Start OpenDaylight controller
www.opendaylight.org54
Confirm the start of OpenDaylight controller.
OpenDaylight GUI screen
www.opendaylight.org55
Next, prepare OpenFlow switch. Use the emulator Mininet this time.
Open new terminal, run the following
sudo mn --controller=remote,ip=127.0.0.1
Please reload the GUI page after start.Was a switch displayed?
# Please drag it if hidden in screen corner.
Start Mininet
www.opendaylight.org56
Since one switch is not enough, we will use custom topology.
Stop mininet.
mininet> exit
Store the downloaded USB.zip to home directory (/home/mininet)
Start Mininet with custom topology.
sudo mn --controller=remote,ip=127.0.0.1 --custom ~/handson/topo-tree-depth2.py --topo mytopo
Start Mininet
www.opendaylight.org57
With this, the ODL controller and OF switch are connected. The link between switches is detected automatically and
displayed on GUI. ODL controller is able to detect link by…
Explanation : Topology detection
P2 P1
S1 S3
S1 S3OpenDayLightController
P2 P1
OF|P1@
| OF | O
FS2
OF|
P1@ |
OF
| OFS
2
OF|P2@ | OF | OFS1
OF|P1@ | OF | OFS2
OF|P2@
| OF | O
FS1
OF|
P2@ |
OF
| OFS
1
S2
LLDP packet
www.opendaylight.org58
Check for correct topology recognition in GUI.
Check in GUI
www.opendaylight.org59
Simple Forwarding
www.opendaylight.org60
Now, let us ping the traffic in data plane.
mininet> h11 ping h12
→ Communication was possible.
It is obvious that the OpenFlow switch is just a box until the controller sets flows. There will be no communication if controller does not set flows.
Simple Forwarding
www.opendaylight.org61
What happens after Ping start is ・・・
Simple Forwarding
S3
h11 h12
10.0.0.1 10.0.0.2
S1
h13
10.0.0.3
S2
OpenDayLightController
① ARP Req
② Forward ARP Req ③ Forward ARP Req
www.opendaylight.org62
ARP Reply
Explanation : Simple Forwarding
S3
h11 h12
10.0.0.1 10.0.0.2
S1
h13
10.0.0.3
S2
OpenDayLightController
③ ARP Reply
④ Forward ARP Reply
www.opendaylight.org63
Flow Entry setting
Explanation : Simple Forwarding
S3
h11 h12
10.0.0.1 10.0.0.2
S1
h13
10.0.0.3
S2
OpenDayLightController
④ Set Flow Entry in each switchMatch
condition :dstIP=10.0.0.1
www.opendaylight.org64
The application Simple Forwarding runs by default and communication was possible because it configured the Flow entry.
The mechanism is simple but we have just seen an example of how the controller establishes communication
after detecting each host by central management of the
switches.
Simple Forwarding
www.opendaylight.org65
Static Flow Installation
- set from GUI
www.opendaylight.org66
In the example above, Simple Forwarding automatically configured the flows.
In OpenDaylight controller, you can also set each flow manually.
Next, we will use this feature to manually set the rules(flow) on switch to block specific traffic.
Static Flow Installation – set from GUI
www.opendaylight.org67
Static Flow Installation – set from GUI
Flow to set manually
S3
h11 h12
10.0.0.1 10.0.0.2
S1
h13
10.0.0.3
S2
Set the rule to drop packets bound for 10.0.0.2 at a higher priority than the flow set by Simple Forwarding .
www.opendaylight.org68
Setting example
Static Flow Installation – set from GUI
Name : Drop_dst_h12(optional)Node : 00:00: ~ :00:01InputPort : s1-eth1Priority : 500Dst-IP : 10.0.0.2Action : Drop
www.opendaylight.org69
Operation check No communication between h11 – h12 due to drop
flow
mininet> h11 ping h12 Communication possible between H11 – h13 with
Simple Forwarding
mininet> h11 ping h13
Cleanup Stop the controller.
Static Flow Installation – set from GUI
www.opendaylight.org70
We were able to see how traffic filtering is possible by setting flows manually from GUI.
Were you able to understand OpenFlow better and feel the flexibility after setting the flows manually?
Static Flow Installation – set from GUI
www.opendaylight.org71
Static Flow Installation
- set from REST API
www.opendaylight.org72
This time we will set flows manually with Rest API.
The aim is to set flows without relying on Simple Forwarding and establish communication.(not easy though)
REST API reference can be found below. https://wiki.opendaylight.org/view/OpenDaylight_Controller:REST_Reference_and_Authentication
Static Flow Installation – set from REST API
www.opendaylight.org73
In the topology below, all hosts are to communicate with each other.
Use Mac address as Match condition of flow.
Static Flow Installation – set from REST API
h11
h13
Mac_h11 Mac_h12
h14
Mac_h13
S1 S2
S4S3
h12
Mac_h14
www.opendaylight.org74
Start OpenDaylight controller cd ~/controller-base/opendaylight/ ./run.sh
Start Mininet sudo mn --controller=remote,ip=127.0.0.1 --custom ~/handson/topo-fullyMesh.py --topo mytopo
Stop Simple Forwarding. (in osgi console)
Give command “ss simple” , get Bundle id Stop simple forwarding with “stop 112”
( in GUI ) Modify the “Operation Mode” of each switch to [Proactive
Forwarding Only]
Static Flow Installation – set from REST API
www.opendaylight.org75
Check for no pingmininet> h11 ping h12
→ Check for failure here
Static Flow Installation – set from REST API
www.opendaylight.org76
Set the flows like this.
Static Flow Installation – Fully Mesh topology
h11
h13
Mac_h11Mac_h12
h14
Mac_h13
S1 S2
S4S3
h12
Mac_h14
Match : Inport=1 dlDst=MAC_h12 dlSrc=MAC_h11Action : Output=2
12
www.opendaylight.org77
Similarly ・・・
Static Flow Installation – Fully Mesh topology
www.opendaylight.org78
You need to set a total of 6 flows to forward packets from single host to each host
Since there are 4 hosts, a total of 24 flows are required for intercommunication.
Static Flow Installation – Fully Mesh topology
h11
h13
Mac_h11Mac_h12
h14
Mac_h13
S1 S2
S4S3
h12
Mac_h14
12
www.opendaylight.org79
Set as per the sequence below.
Assign the Mac address of each host in variable( at the mininet prompt) Display Mac address of h11 with mininet> h11 ifconfig Copy it to clipboard
( in Linux shell ) Mac_h11=86:15:23:67:d8:6d
※ paste address from clipboard.
Similarly, perform the above operation for h12 ~ h14 as well.
Static Flow Installation – Fully Mesh topology
www.opendaylight.org80
Static Flow Installation – Fully Mesh topology
curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs1h11h12\",\"node\":{\"id\":\"00:00:00:00:00:00:00:01\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h12\",\"dlSrc\":\"$Mac_h11\",\"actions\":[\"OUTPUT=2\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:01/staticFlow/ofs1h11h12curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs1h11h13\",\"node\":{\"id\":\"00:00:00:00:00:00:00:01\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h13\",\"dlSrc\":\"$Mac_h11\",\"actions\":[\"OUTPUT=3\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:01/staticFlow/ofs1h11h13curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs1h11h14\",\"node\":{\"id\":\"00:00:00:00:00:00:00:01\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h14\",\"dlSrc\":\"$Mac_h11\",\"actions\":[\"OUTPUT=4\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:01/staticFlow/ofs1h11h14curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs1h12h11\",\"node\":{\"id\":\"00:00:00:00:00:00:00:01\",\"type\":\"OF\"},\"ingressPort\":\"2\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h11\",\"dlSrc\":\"$Mac_h12\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:01/staticFlow/ofs1h12h11curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs1h13h11\",\"node\":{\"id\":\"00:00:00:00:00:00:00:01\",\"type\":\"OF\"},\"ingressPort\":\"3\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h11\",\"dlSrc\":\"$Mac_h13\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:01/staticFlow/ofs1h13h11curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs1h14h11\",\"node\":{\"id\":\"00:00:00:00:00:00:00:01\",\"type\":\"OF\"},\"ingressPort\":\"4\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h11\",\"dlSrc\":\"$Mac_h14\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:01/staticFlow/ofs1h14h11curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h12h11\",\"node\":{\"id\":\"00:00:00:00:00:00:00:02\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h11\",\"dlSrc\":\"$Mac_h12\",\"actions\":[\"OUTPUT=2\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:02/staticFlow/ofs2h12h11curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h12h13\",\"node\":{\"id\":\"00:00:00:00:00:00:00:02\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h13\",\"dlSrc\":\"$Mac_h12\",\"actions\":[\"OUTPUT=3\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:02/staticFlow/ofs2h12h13curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h12h14\",\"node\":{\"id\":\"00:00:00:00:00:00:00:02\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h14\",\"dlSrc\":\"$Mac_h12\",\"actions\":[\"OUTPUT=4\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:02/staticFlow/ofs2h12h14curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h11h12\",\"node\":{\"id\":\"00:00:00:00:00:00:00:02\",\"type\":\"OF\"},\"ingressPort\":\"2\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h12\",\"dlSrc\":\"$Mac_h11\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:02/staticFlow/ofs2h11h12curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h13h12\",\"node\":{\"id\":\"00:00:00:00:00:00:00:02\",\"type\":\"OF\"},\"ingressPort\":\"3\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h12\",\"dlSrc\":\"$Mac_h13\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:02/staticFlow/ofs2h13h12curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h14h12\",\"node\":{\"id\":\"00:00:00:00:00:00:00:02\",\"type\":\"OF\"},\"ingressPort\":\"4\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h12\",\"dlSrc\":\"$Mac_h14\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:02/staticFlow/ofs2h14h12curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h13h11\",\"node\":{\"id\":\"00:00:00:00:00:00:00:03\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h11\",\"dlSrc\":\"$Mac_h13\",\"actions\":[\"OUTPUT=2\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:03/staticFlow/ofs2h13h11curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h13h12\",\"node\":{\"id\":\"00:00:00:00:00:00:00:03\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h12\",\"dlSrc\":\"$Mac_h13\",\"actions\":[\"OUTPUT=3\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:03/staticFlow/ofs2h13h12curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h13h14\",\"node\":{\"id\":\"00:00:00:00:00:00:00:03\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h14\",\"dlSrc\":\"$Mac_h13\",\"actions\":[\"OUTPUT=4\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:03/staticFlow/ofs2h13h14curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h11h13\",\"node\":{\"id\":\"00:00:00:00:00:00:00:03\",\"type\":\"OF\"},\"ingressPort\":\"2\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h13\",\"dlSrc\":\"$Mac_h11\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:03/staticFlow/ofs2h11h13curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h12h13\",\"node\":{\"id\":\"00:00:00:00:00:00:00:03\",\"type\":\"OF\"},\"ingressPort\":\"3\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h13\",\"dlSrc\":\"$Mac_h12\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:03/staticFlow/ofs2h12h13curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h14h13\",\"node\":{\"id\":\"00:00:00:00:00:00:00:03\",\"type\":\"OF\"},\"ingressPort\":\"4\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h13\",\"dlSrc\":\"$Mac_h14\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:03/staticFlow/ofs2h14h13curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h14h11\",\"node\":{\"id\":\"00:00:00:00:00:00:00:04\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h11\",\"dlSrc\":\"$Mac_h14\",\"actions\":[\"OUTPUT=2\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:04/staticFlow/ofs2h14h11curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h14h12\",\"node\":{\"id\":\"00:00:00:00:00:00:00:04\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h12\",\"dlSrc\":\"$Mac_h14\",\"actions\":[\"OUTPUT=3\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:04/staticFlow/ofs2h14h12curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h14h13\",\"node\":{\"id\":\"00:00:00:00:00:00:00:04\",\"type\":\"OF\"},\"ingressPort\":\"1\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h13\",\"dlSrc\":\"$Mac_h14\",\"actions\":[\"OUTPUT=4\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:04/staticFlow/ofs2h14h13curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h11h14\",\"node\":{\"id\":\"00:00:00:00:00:00:00:04\",\"type\":\"OF\"},\"ingressPort\":\"2\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h14\",\"dlSrc\":\"$Mac_h11\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:04/staticFlow/ofs2h11h14curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h12h14\",\"node\":{\"id\":\"00:00:00:00:00:00:00:04\",\"type\":\"OF\"},\"ingressPort\":\"3\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h14\",\"dlSrc\":\"$Mac_h12\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:04/staticFlow/ofs2h12h14curl --user "admin":"admin" -X PUT -H 'content-type: application/json' -H 'ipaddr:127.0.0.1' -d "{\"installInHw\":\"true\",\"name\":\"ofs2h13h14\",\"node\":{\"id\":\"00:00:00:00:00:00:00:04\",\"type\":\"OF\"},\"ingressPort\":\"4\",\"priority\":\"500\",\"etherType\":\"0x800\",\"dlDst\":\"$Mac_h14\",\"dlSrc\":\"$Mac_h13\",\"actions\":[\"OUTPUT=1\"]}" http://127.0.0.1:8080/controller/nb/v2/flowprogrammer/default/node/OF/00:00:00:00:00:00:00:04/staticFlow/ofs2h13h14
www.opendaylight.org81
Static Flow Installation – Fully Mesh topology
• Operation check mininet> h11 ping h12 mininet> h11 ping h13
• Cleanup Stop controller. Stop mininet
www.opendaylight.org82
That is all for the static injection of Flow Entry.
It is not an easy task. If the switch and host count increase, the required flow
entries also increase and it is difficult to set one by one.
We hope you have understood the fact that the controller should conceal the physical layer and must offer an abstract interface for the operator.
→ Next, we will see an example of this.
The actual VTN is in Hands on part two ・・・
Static Flow Installation – Fully Mesh topology
www.opendaylight.org83
Load Balancer Service
www.opendaylight.org84
Next, we will try a sample application - Load Balancer Service.
Overview
Load Balancer Service
h1
h2
h4
h3仮想 IP
メンバ IP 1
メンバ IP 2
メンバ IP 3
Load Balancer
www.opendaylight.org85
Settings
Load Balancer Service
h1
h2
h4
h3
PoolRR
仮想 IP
MemberIP 1
Member IP 2
Member IP 3
www.opendaylight.org86
Setting sequence Creation of Pool
curl --user "admin":"admin" -H "Accept: application/json" -H "Content-type: application/json" -X POST http://127.0.0.1:8080/one/nb/v2/lb/default/create/pool -d '{"name":"PoolRR","lbmethod":"roundrobin"}‘
Registration of virtual IPcurl --user "admin":"admin" -H "Accept: application/json" -H "Content-type: application/json" -X POST http://127.0.0.1:8080/one/nb/v2/lb/default/create/vip -d '{"name":"VIP-RR","ip":"10.0.0.20","protocol":"TCP","port":"5550","poolname":"PoolRR"}'
curl --user "admin":"admin" -H "Accept: application/json" -H "Content-type: application/json" -X PUT http://127.0.0.1:8080/one/nb/v2/lb/default/update/vip -d '{"name":"VIP-RR","poolname":"PoolRR"}'
Load Balancer Service
www.opendaylight.org87
Setting sequence(continued) Registration of member IP
curl --user "admin":"admin" -H "Accept: application/json" -H "Content-type: application/json" -X POST http://127.0.0.1:8080/one/nb/v2/lb/default/create/poolmember -d '{"name":"PM2","ip":"10.0.0.2","poolname":"PoolRR"}'
curl --user "admin":"admin" -H "Accept: application/json" -H "Content-type: application/json" -X POST http://127.0.0.1:8080/one/nb/v2/lb/default/create/poolmember -d '{"name":"PM3","ip":"10.0.0.3","poolname":"PoolRR"}'
curl --user "admin":"admin" -H "Accept: application/json" -H "Content-type: application/json" -X POST http://127.0.0.1:8080/one/nb/v2/lb/default/create/poolmember -d '{"name":"PM4","ip":"10.0.0.4","poolname":"PoolRR"}'
Load Balancer Service
www.opendaylight.org88
Check operation Start mininet
sudo mn --topo=tree,2,4 --controller=remote,ip=127.0.0.1,port=6633
Display virtual host(h1 ~ h4) console( on mininet prompt, ) xterm h1 h2 h3 h4
Start server・ Run the following on each console in h2 ~ h4
iperf -s -p 5550 Accessing server from client
・ Run the following on h1 console arp -s 10.0.0.20 00:00:10:00:00:20
iperf -c 10.0.0.20 -p 5550
・ Connect to 10.0.0.20:5550 again
iperf -c 10.0.0.20 -p 5550
Load Balancer Service
www.opendaylight.org89
Specify in Pool
Load Balancer Service
S3
h1 h2
10.0.0.1 10.0.0.2
S1
h3
10.0.0.3
S2
OpenDayLightController
① Traffic to 10.0.0.2( Destination TCP port=5550 Source TCP port=36001 )
② Forward to controller
srcL4=36001 → 10.0.0.2srcL4=36002 → 10.0.0.3srcL4=36003 → 10.0.0.4
www.opendaylight.org90
That is all for hands-on part one(OpenDaylight edition). Were you able to understand the possibilities with Base
edition of Hydrogen?
You now have a deeper understanding of OpenFlow as well.
You might think that Base Edition is not enough to perform advanced operations. In part 2, we will see more advanced features with VTN of existing project as an example.
Summary
www.opendaylight.org91
End of part one !
92
Break
93
Part 2: VTN
94
Introduction to VTN
www.opendaylight.org95
Application for providing multi-tenant type virtual network on SDN controller
VTN
“Virtual network” isA network where you can modify network configuration logically without modifying the configuration and settings of physical network device.
“Multi-tenant” is・ Create multiple virtual planes isolated from each other on physical network and expose each virtual plane as tenants to the user.・ You can reduce CAPEX,OPEX compared to having physically independent network configuration in each tenant.
www.opendaylight.org96
Realize virtual network by combining the components below
VTN model
Component Description
Virtual node (vNode)
vBridge Virtual L2 switchvRouter Virtual L3 router
vTep TEP(Tunnel End Point)vTunnel Overlay tunnelvBypass Connectivity between control network
VirtualInterface
interface End point of virtual node
Virtual link vLink Link between virtual interface
www.opendaylight.org97
Virtual network provisioning Add, remove, modify VTN Add, remove, modify VTN model
Flow control on virtual network flow filter(pass, abandon, redirect, remarking)
QoS control on virtual network policing (pass, abandon, penalty)
Virtual network monitoring Stats info of traffic Failure event
VTN features
www.opendaylight.org98
VTN workflowBasic workflow
Virtual network provisioning
Set flow filter on virtual network
flow filter
Set QoS on virtual network
policing
Y
Y
N
N
Virtual network provisioning
VTN creation
Create VTN
Add vNode
Add vNode
Addition of interface and
vLink
Physical resource mapping
Y
Y
N
N
www.opendaylight.org99
VTN workflow
flow filter
Create flow list(set match condition)
Set flow filter to interface
(set action)
QoS
Create flow list(set match condition)
Create policing profile(set rate, action)
Set policing profile to
interface
www.opendaylight.org100
You can create VTN spanning multiple data centers
You can create VTN spanning different type of SDN controllers
Multi-controller orchestration
DC 1 DC 2 DC 3
Inter-DCnetwork
Controller 1 Controller 3
VTN
vRouter
vBridge vBridgevBridge vBridgevBypass
Controller 2
www.opendaylight.org101
Control packet flowing on virtual network by mapping the physical network resource
Physical resource mapping
MappingMapping key
DescriptionPhysical Logical
Port mapping
Switch ID, Port ID(VLAN ID option)
vBridge interfaceSupport for Untagged frame as well
VLAN mapping
VLAN ID(Switch ID option) vBridge
MAC mapping MAC address vBridge
To be supported in Helium release
www.opendaylight.org102
Filtering features for packets flowing on virtual network
You can specify match condition and action as filter
You can set filter on any vNode interface
Flow filter
www.opendaylight.org103
You can set the following fields as match condition MAC address (source/destination) Ether type VLAN priority IP address (source/destination) DSCP IP Protocol TCP/UDP port number (source/destination) ICMP type ICMP code
Flow filter match condition
www.opendaylight.org104
You can set the following actions in Flow filter
Flow Filter action
Action Description
ACLPass Pass the packets matching the conditions specified
Drop Drop the packets matching the conditions specified
Redirection - WayPoint
routing
Redirect packet to specific virtual interface You can modify MAC address (source/destination) (assuming L3 firewall)
Remarking Remark VLAN priority, DSCP
www.opendaylight.org105
VTN offers WebAPI (REST) GET/PUT/POST/DELETE to virtual network resource Supports XML, JSON format
Resources accessible via API VTN vBridge vRouter vTep vTunnel vBypass vLink interface
APIs for VTN
Port mapping VLAN mapping Flow Filter Controller Physical Switch / Port / Link
(Read only) Alarm (Read only)
www.opendaylight.org106
VTN API use case
OpenStack
NeutronPlug-in
VTN Coordinator
VTNManager
Application for appliance GUI
System Center
3rd party Orchestration
www.opendaylight.org107
Consists of VTN Coordinator and VTN Manager
VTN software configuration
VTN Coordinator
・ Offers VTN API・ Build VTN model using OpenDaylight API・ Control VTN spanning multiple SDN controllers
・ Offers virtual node feature・ Does packet forwarding control as per VTN model
VTNManager
VTN Coordinator:
VTN Manager:
108
VTN Manager
www.opendaylight.org109
VTN Manager is implemented as OSGi bundle and loaded on OpenDaylight Controller.
Software configuration (1)
www.opendaylight.org110
VTN Manager is implemented as AD-SAL Application. MD-SAL is not supported.
Only OpenFlow switches are managed At present, only OpenFlow 1.0 is supported.
Software configuration (2)
www.opendaylight.org111
Control OpenFlow switch via AD-SAL and internal information management component.
Software configuration (3)
www.opendaylight.org112
VTN (Virtual Tenant Network) Virtual network environment Network inside a different VTN are managed as independent
networks. vBridge (Virtual Bridge)
Virtual L2 switch inside VTN Build virtual broadcast domain by mapping physical network to
vBridge.
How to realize multi tenant :Virtual network environment
www.opendaylight.org113
Map the VLAN on physical port of specific switch to vBridge. You cannot map physical ports to which other OpenFlow switches are
connected.
How to realize multi tenant :Port mapping
www.opendaylight.org114
Map any VLAN to vBridge. When physical switch is specified, only the VLAN on specified physical switch
is mapped. When a physical switch is not specified, the VLAN on all managed switches
are mapped. Physical port connected to OpenFlow switch is not in scope for VLAN
mapping. Port mapping settings are given priority.
VLAN on port mapped physical port is not in scope for VLAN mapping.
How to realize multi tenant :VLAN mapping
www.opendaylight.org115
A unique vBridge to map packets is determined by VLAN and the physical port of switch where input packets are detected. You cannot map same VLAN on same physical port to multiple vBridge.
How to realize multi tenant :mapping of input packets
www.opendaylight.org116
The source host information of packet mapped to vBridge is recorded in a MAC address table inside vBridge. Source MAC address Physical port of switch that detects packet VLAN ID
When performing unicast communication inside vBridge, search destination MAC address from MAC address table and determine the destination physical network. Since you determine destination VLAN with only the MAC address, it is not
possible to map the same MAC address belonging to different VLAN to a single vBridge.
How to realize multi tenant :determining the output destination
www.opendaylight.org117
The broadcast and multicast packets are forwarded to all physical networks that are mapped to vBridge with PACKET_OUT. No forwarding to physical networks with PACKET_IN. Flow entry is not set.
Broadcast communication
www.opendaylight.org118
Set flow entry if the destination MAC address of unicast packet is recorded inside vBridge. If the address is not recorded, broadcast is done to all physical networks
mapped to the vBridge. The flow entry passing a path with minimum hop count is set.
Unicast communication
www.opendaylight.org119
All flow entries passing links that are down get deleted. If the link state changes, the shortest path graph is updated.
During failure : Link down( 1 )
www.opendaylight.org120
PACKET_IN happens when there is communication after removal of flow entry and a flow entry passing a substitute path gets set.
During failure : Link down( 2 )
www.opendaylight.org121
All flow entries passing through switch that is down are deleted. The shortest route graph is updated if switch information is
deleted.
During failure : Switch down( 1 )
www.opendaylight.org122
PACKET_IN happens when there is communication after removal of flow entry and a flow entry passing an alternate path gets set.
During failure : Switch down( 2 )
www.opendaylight.org123
Automatically map OpenStack Neutron network with vBridge. Shared networks are not supported.
Only VLAN mapping is supported in Hydrogen release. Specify VLAN to map in Neutron network attribute.
OpenStack ( Neutron ) integration
124
VTN hands on (1)“Multi-tenancy”
www.opendaylight.org125
Build two virtual networks on a single physical network.
Check that the virtual networks are mutually isolated Communication is possible between the hosts
contained in same virtual network Communication is not possible between the hosts
contained in different virtual networks
Hands-on contents
www.opendaylight.org126
Use “mininet”(emulator software of OpenFlow network) to build a physical network as shown below
Physical Network
S5
S1 S2
S6
S3 S4
S7
h11 h12 h13 h14
10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4
www.opendaylight.org127
Build a virtual network like the one shown below on the physical network
Virtual network to build
vBridge vBridgevtn1 vtn2
vtn1: Connect h11 and h14 with L2 switch
vtn2: Connect h12 and h13 with L2 switch
128
Advance preparations
www.opendaylight.org129
Keep three terminals open
Use the three terminals for VTN, for controller and for mininet
Follow the terminal specified when running command. If terminal is not specified, run on terminal for VTN
Open terminal
www.opendaylight.org130
Set alias for a compact command display
Set alias
alias curl="curl -H 'content-type: application/json' -H 'username: admin' -H 'password: adminpass' -H 'ipaddr:127.0.0.1'"
www.opendaylight.org131
1. Start OpenDaylight Hydrogen
2. Setup DB
3. Start VTN Coordinator
Start controller, VTN
cd ~/controller-virt/opendaylight/./run.sh -virt vtn
sudo /usr/local/vtn/sbin/db_setup
sudo /usr/local/vtn/bin/vtn_startsudo /usr/share/java/apache-tomcat-7.0.39/bin/catalina.sh start
Controller:
From Helium release onwards, you will be able to start Tomcat as well with vtn_start command
www.opendaylight.org132
Get version information to confirm VTN startup
The result should be as below
Check VTN startup
curl -X GET http://127.0.0.1:8081/vtn-webapi/api_version.json
{"api_version":{"version":"V1.0"}}
The port number used by VTN (Coordinator) of hands on version is 8081 butVTN of Hydrogen release uses 8080, and VTN from Hydrogen onwards uses 8083
In Helium release,“V1.2” will be displayed for version
www.opendaylight.org133
Start mininet. The scenario used is topo-tree-depth3.py
Start-up physical network
sudo mn --custom ~/handson/topo-tree-depth3.py --topo mytopo --controller=remote,ip=127.0.0.1
mininet:
134
Virtual NetworkProvisioning
www.opendaylight.org135
Run VTN API and build virtual network
The concrete operation is as follows Registration of controller
Register OpenDaylight Hydrogen(ODC) in VTN Provisioning of virtual network(2 tenants)
Creation of VTN Creation of vBridge Creation of interface port-mapping
Virtual network provisioning
www.opendaylight.org136
Register the controller started in “Start controller, VTN”
Registration of controller
curl -X POST -d '{"controller": {"controller_id": "odc1", "ipaddr": "127.0.0.1", "type": "odc", "version": "1.0", "auditstatus": "enable"}}' http://127.0.0.1:8081/vtn-webapi/controllers.json
www.opendaylight.org137
Check the controller registered
The result should be as follows
Confirm controller registration
curl -X GET http://127.0.0.1:8081/vtn-webapi/controllers/detail.json
{"controllers":[{"controller_id":"odc1","ipaddr":"127.0.0.1","auditstatus":"enable","operstatus":"up","actual_version":"1.0.0.0","version":"1.0"}]}
www.opendaylight.org138
Create VTN
This is the image of virtual network at this point of time. We have created a box for us to work on
Creation of VTN
curl -X POST -d '{"vtn": {"vtn_name": "vtn1"}}' http://127.0.0.1:8081/vtn-webapi/vtns.json
vtn1
www.opendaylight.org139
Next, create vBridge inside VTN
With this, we have placed a switch inside the box
Creation of vBridge
curl -X POST -d '{"vbridge": {"vbr_name": "vbr1", "controller_id": "odc1", "domain_id": "(DEFAULT)"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn1/vbridges.json
vtn1
vBridge
www.opendaylight.org140
Create two interface
With this, we have created two interfaces in L2 switch
Creation of interface
curl -X POST -d '{"interface": {"if_name": "if1"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn1/vbridges/vbr1/interfaces.jsoncurl -X POST -d '{"interface": {"if_name": "if2"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn1/vbridges/vbr1/interfaces.json
vtn1
vBridge
www.opendaylight.org141
To do port-mapping, it is necessary to know the port information of s1, s4 connected to h11, h14
Before port mapping
vBridgevtn1
Which port of s1 to map to?
Which port of s4 to map to?
www.opendaylight.org142
Get logical-port. logical-port refers to the port information etc. recognized by the controller
From the output result, get the logical-port of target switch, port based on the DPID, port name etc. In this example, get the following logical-port
Get logical-port
curl -v -X GET http://127.0.0.1:8081/vtn-webapi/controllers/odc1/domains/\(DEFAULT\)/logical_ports.json
"PP-OF:00:00:00:00:00:00:00:01-s1-eth1""PP-OF:00:00:00:00:00:00:00:04-s4-eth1"
www.opendaylight.org143
Now, port map the logical-port to the interface created before
port-mapping settings
curl -v -X PUT -d '{"portmap":{"logical_port_id": "PP-OF:00:00:00:00:00:00:00:01-s1-eth1"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn1/vbridges/vbr1/interfaces/if1/portmap.jsoncurl -v -X PUT -d '{"portmap":{"logical_port_id": "PP-OF:00:00:00:00:00:00:00:04-s4-eth1"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn1/vbridges/vbr1/interfaces/if2/portmap.json
www.opendaylight.org144
With this we have finished the settings for one tenant
port-mapping settings
vBridgevtn1
PP-OF:00:00:00:00:00:00:00:01-s1-eth1 PP-OF:00:00:00:00:00:00:00:04-s4-eth1
www.opendaylight.org145
Now, create another tenant the same way.
Creation of second VTN
curl -v -X POST -d '{"vtn": {"vtn_name": "vtn2"}}' http://127.0.0.1:8081/vtn-webapi/vtns.jsoncurl -v -X POST -d '{"vbridge": {"vbr_name": "vbr1", "controller_id": "odc1", "domain_id": "(DEFAULT)"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn2/vbridges.jsoncurl -v -X POST -d '{"interface": {"if_name": "if1"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn2/vbridges/vbr1/interfaces.jsoncurl -v -X POST -d '{"interface": {"if_name": "if2"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn2/vbridges/vbr1/interfaces.jsoncurl -v -X PUT -d '{"portmap":{"logical_port_id": "PP-OF:00:00:00:00:00:00:00:02-s2-eth1"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn2/vbridges/vbr1/interfaces/if1/portmap.jsoncurl -v -X PUT -d '{"portmap":{"logical_port_id": "PP-OF:00:00:00:00:00:00:00:03-s3-eth1"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn2/vbridges/vbr1/interfaces/if2/portmap.json
www.opendaylight.org146
Now, let us check for communication between hosts Execute ping on mininet console Ping will succeed between hosts contained in the same
virtual network
Ping will fail between hosts contained in different virtual networks
Check communication
mininet > h11 ping h14mininet > h12 ping h13
mininet > h11 ping h12mininet > h13 ping h14
mininet:
mininet:
www.opendaylight.org147
We built two virtual networks on a single physical network
We confirmed that the virtual network is logically separated Communication is possible between hosts
contained in same virtual network Communication is not possible between hosts
contained in different virtual networks
Summary
www.opendaylight.org148
Now, stop VTN
Stop the controller as well Stop mininet too
Cleanup
sudo /usr/share/java/apache-tomcat-7.0.39/bin/catalina.sh stopsudo /usr/local/vtn/bin/vtn_stop
mininet > exitmininet:
From Helium release onwards, you can also terminate Tomcat with vtn_stop command
149
VTN hands on (2)Building virtual networks for VLAN
www.opendaylight.org150
Build virtual network containing same VLAN communication
Experience amazing ease in configuring virtual networks for VLAN
Hands on contents
www.opendaylight.org151
This time, use mininet to build a physical network as shown below This topology was also used in OpenDaylight
hands-on
Physical Network
h11
h13
10.0.0.1 10.0.0.3
h14
10.0.0.2
S1 S2
S4S3
h12
10.0.0.4
www.opendaylight.org152
Build a virtual network as shown below on the physical network
Virtual network to build
vBridgevtn3
VLAN mapping(no VLAN tag)
www.opendaylight.org153
Now, let us start the controller and VTN once again. The command is same as before.
Start controller,VTN
cd ~/controller-virt/opendaylight/./run.sh -virt vtn
sudo /usr/local/vtn/sbin/db_setupsudo /usr/local/vtn/bin/vtn_startsudo /usr/share/java/apache-tomcat-7.0.39/bin/catalina.sh start
Controller:
www.opendaylight.org154
Now, start mininet. The script to use is topo-fullyMesh.py
Physical network start-up
sudo mn --custom ~/handson/topo-fullyMesh.py --topo mytopo --controller=remote,ip=127.0.0.1
mininet:
www.opendaylight.org155
Run VTN API and perform provisioning
Registration of controller Register OpenDaylight Hydrogen(ODC) in VTN
VTN provisioning Creation of VTN Creation of vBridge VLAN mapping
Provisioning in VTN
www.opendaylight.org156
The sequence is same as before till creation of vBridge
With this, we were able to complete till here
Creation of controller ~ creation of vBridge
curl -v -X POST -d '{"controller": {"controller_id": "odc1", "ipaddr": "127.0.0.1", "type": "odc", "version": "1.0", "auditstatus": "enable"}}' http://127.0.0.1:8081/vtn-webapi/controllers.jsoncurl -v -X POST -d '{"vtn": {"vtn_name": "vtn3"}}' http://127.0.0.1:8081/vtn-webapi/vtns.jsoncurl -v -X POST -d '{"vbridge": {"vbr_name": "vbr1", "controller_id": "odc1", "domain_id": "(DEFAULT)"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn3/vbridges.json
vBridgevtn3
www.opendaylight.org157
In VLAN mapping, you can specify the VLANID(or Untagged packet) handled by all switches and map it to vBridge Consequently, interface creation is not required
Now, let us try and do VLAN mapping We will map an Untagged packet here
VLAN mapping
curl -v -X POST -d '{"vlanmap": {"no_vlan_id": "true"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn3/vbridges/vbr1/vlanmaps.json
www.opendaylight.org158
Such ease in packing virtual networks for VLAN!
VLAN mapping
vBridgevtn3
VLAN mapping(Untagged packet)
www.opendaylight.org159
Now, check the communication between hosts Do ping on mininet console Ping is successful between every host
Ping packet is an Untagged packet
Check for communication
mininet > h11 ping h12mininet > h11 ping h13...mininet > h13 ping h14
mininet:
www.opendaylight.org160
We built a virtual network with same VLAN
You must have realized how easy it is to configure virtual networks for VLAN
Summary
www.opendaylight.org161
Now, stop VTN
Stop OpenDaylight Hydrogen as well Stop mininet.
Cleanup
sudo /usr/share/java/apache-tomcat-7.0.39/bin/catalina.sh stopsudo /usr/local/vtn/bin/vtn_stop
mininet > exitmininet:
162
Practice Problems
www.opendaylight.org163
Assume a network inside a building Companies A,B and C are on the first and second floor. VLAN
ID is different for each company.
Physical Network
S5
S1 S2
S6
S3 S4
S7
h11
10.0.0.1
h12
10.0.0.2
h13
10.0.0.3
h14
10.0.0.4
h15
10.0.0.5
h16
10.0.0.6
h17
10.0.0.7
h18
10.0.0.8
Network on 1F Network on 2F
CompanyA
(VID:100)CompanyB
(VID:200) Company A
(VID:100)
Company C
(VID:300)
www.opendaylight.org164
Problem: Build VTN for company A, B and C
Virtual network to build
vBridge vBridgevtn4 vtn5
vBridgevtn6
VLAN mappingVLAN ID:200
VLAN mappingVLAN ID:300
VLAN mappingVLAN ID:100
www.opendaylight.org165
Now, start controller and VTN once again. The command is same as before.
Start controller, VTN
cd ~/controller-virt/opendaylight/./run.sh -virt vtn
sudo /usr/local/vtn/sbin/db_setupsudo /usr/local/vtn/bin/vtn_startsudo /usr/share/java/apache-tomcat-7.0.39/bin/catalina.sh start
Controller:
www.opendaylight.org166
First, start mininet. The script to use is topo-tree-depth3-host8.py
Physical network startup
sudo mn --custom ~/handson/topo-tree-depth3-host8.py --topo mytopo --controller=remote,ip=127.0.0.1
mininet:
www.opendaylight.org167
Startup xterm on host h11~h18 and set VLAN ID
Run the following commands on each xterm Read host name whenever required VLAN ID is allocated to each host by executing set_vlan.sh
VLAN ID allocation to host
mininet > xterm h11 h12 h13 h14 h15 h16 h17 h18
root@mininet-vm:~\> ~/handson/set_vlan.sh h11root@mininet-vm:~\> exit
mininet:
mininet(xterm):
168
Think !
www.opendaylight.org169
Were you able to?
Check the answers
curl -v -X POST -d '{"controller": {"controller_id": "odc1", "ipaddr": "127.0.0.1", "type": "odc", "version": "1.0", "auditstatus":"enable"}}' http://127.0.0.1:8081/vtn-webapi/controllers.json
curl -v -X POST -d '{"vtn": {"vtn_name": "vtn4"}}' http://127.0.0.1:8081/vtn-webapi/vtns.jsoncurl -v -X POST -d '{"vtn": {"vtn_name": "vtn5"}}' http://127.0.0.1:8081/vtn-webapi/vtns.jsoncurl -v -X POST -d '{"vtn": {"vtn_name": "vtn6"}}' http://127.0.0.1:8081/vtn-webapi/vtns.jsoncurl -v -X POST -d '{"vbridge": {"vbr_name": "vbr1", "controller_id": "odc1", "domain_id": "(DEFAULT)"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn4/vbridges.jsoncurl -v -X POST -d '{"vbridge": {"vbr_name": "vbr1", "controller_id": "odc1", "domain_id": "(DEFAULT)"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn5/vbridges.jsoncurl -v -X POST -d '{"vbridge": {"vbr_name": "vbr1", "controller_id": "odc1", "domain_id": "(DEFAULT)"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn6/vbridges.json
curl -v -X POST -d '{"vlanmap": {"vlan_id": "100"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn4/vbridges/vbr1/vlanmaps.jsoncurl -v -X POST -d '{"vlanmap": {"vlan_id": "200"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn5/vbridges/vbr1/vlanmaps.jsoncurl -v -X POST -d '{"vlanmap": {"vlan_id": "300"}}' http://127.0.0.1:8081/vtn-webapi/vtns/vtn6/vbridges/vbr1/vlanmaps.json
www.opendaylight.org170
You can check for successful build with mininet. Start-up xterm in h11
Ping should be successful from host h11 to h12, h15, h16
Also check that there is no ping from host h11 to h13, h14, h17, h18
Check connectivity
mininet > xterm h11
root@mininet-vm:~\> ping 10.0.0.2root@mininet-vm:~\> ping 10.0.0.5root@mininet-vm:~\> ping 10.0.0.6
mininet:
mininet(xterm):
www.opendaylight.org171
Increased understanding about VTN through introduction to VTN and hands-on
VTN is a vendor neutral virtual network technology adopted in Hydrogen release. It is an easy to use technology and anyone can participate in the development.
Detailed information regarding VTN can be found on the following page. For those who are interested, please refer this page!https://wiki.opendaylight.org/view/OpenDaylight_Virtual_Tenant_Network_(VTN):Main
Summary
172
Thank you for your time!
