labs.beatcraft.com
OpenFlow
OpenFlow/Open vSwitch_bc10 †
This article introduces how to apply Open vSwitch on bc10. This article discusses form the installation of Open vSwitch on bc10 to testing it. The testing method is identical to the one that is conducted at OpenFlow/OpenvSwitch_x86.
Similar to OpenFlow/Open vSwitch_x86, mininet is also used for OpenFlow controller on x86 Linux.
Overview of Open vSwitch_bc10 †
The build environment and the base of SD image for bc10 use VMware image, (Ubuntu 10.05 64bit version) which has been created at bc10-router/arago-projrect. For the details of how to create the build environment, please look at bc10-router/arago-project.
Since the build or rebuild process of arago-project consumes few hours, recommend to use Cross Compile for adding and updating packages.
The hardware configuration of bc10 is shown below.
- bc10 (SD and AC adapter) x1
- USB 4-port AC powered hub x1
- USB wired LAN (LUA3-U2-ATX) x3
Downloading Open vSwitch †
Download Open vSwitch (1.9.0) on Ubuntu.
$ cd ~
$ wget http://openvswitch.org/releases/openvswitch-1.9.0.tar.gz
$ tar xvfz openvswitch-1.9.0.tar.gz
kernel update †
The kernel version is updated to version 3.7.2. To update the kernel, please follow the direction that listed at kernel.org of bc10-router/kernel update.
The kernel options, which are specified by README and INSTALL.txt of OpenSwitch, are added to the kernel. The attached file, 
bc10-openflow.config, is based upon .config.
Assume that bc10-openflow.config is placed at the HOME directory.
$ cd ~
$ wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.7.2.tar.bz2
$ tar xvfj linux-3.7.2.tar.bz2
Add the PATH if there is no PATH to go to ti-sdk-beagleboard-0.5.05.01.00.
$ export PATH={HOME}/ti-sdk-beagleboard-05.05.01.00/linux-devkit/bin:$PATH
Copy bc10-openflow.config to linux-3.7.2/.config. Then, execute oldconfig.
$ cp bc10-openflow.config linux-3.7.2/.config
$ cd linux-3.7.2/
$ make ARCH=arm CROSS_COMPILE=arm-arago-linux-gnueabi- oldconfig
To execute menuconfig, make sure that specific items, which are specified at openvswitch-1.9.0/INSTALL.txt, are checked.
$ make ARCH=arm CROSS_COMPILE=arm-arago-linux-gnueabi- menuconfig
-*- Networking support --->
Networking options --->
<M> 802.1d Ethernet Bridging
...
[*] QoS and/or fair queueing --->
<*> Hierarchical Token Bucket (HTB)
<*> Hierarchical Fair Service Curve (HFSC)
...
<M> Open vSwitch
...
Device Drivers --->
[*] Network device support --->
<*> Universal TUN/TAP device driver support
If there are check marks in front of the desired items correctly, then execute the build process.
$ make ARCH=arm CROSS_COMPILE=arm-arago-linux-gnueabi-
$ make ARCH=arm CROSS_COMPILE=arm-arago-linux-gnueabi- uImage
Caution: As uImage is being created, an error massage shown below may appear. If the error message shows up, please reinstall uboot-mkimage, and execute it again.
"mkimage" command not found - U-Boot images will not be built
$ sudo apt-get install uboot-mkimage
After the build process is completed, install kernel temporally for placing on the boot image.
$ mkdir tmp_install
$ make ARCH=arm CROSS_COMPILE=arm-arago-linux-gnueabi- modules_install INSTALL_MOD_PATH=./tmp_install
Building OpenvSwitch †
Run the configure command of the extracted OpenvSwitch.
Caution: Actually the configure command is a one-line command. Please ignore line breaks in the example shown below. The line breaks are inserted since the command line is too long.
$ cd ~/openvswitch-1.9.0
$ ./configure --target=arm-arago-linux-gnueabi --host=arm-arago-linux-gnueabi --build=i686-linux \
--with-linux=/home/beat/linux-3.7.2 --with-linux-source=/home/beat/linux-3.7.2 \
SSL_CFLAGS="-I/home/beat/oe/arago-tmp/sysroots/armv7a-arago-linux-gnueabi/usr/include" \
SSL_LIBS="-L/home/beat/oe/arago-tmp/sysroots/armv7a-arago-linux-gnueabi/usr/lib -lssl -lcrypto -ldl"
To execute build, there is redundancy of definitions, and the redundancy causes errors. To prevent these errors, edit the directory of datapath/linux/compat/include/linux/types.h in the way shown below. Then execute build again.
$ vi datapath/linux/compat/include/linux/types.h
#include_next <linux/types.h>
+ /*
#ifndef HAVE_CSUM_TYPES
typedef __u16 __bitwise __sum16;
typedef __u32 __bitwise __wsum;
#endif
+ */
#ifndef HAVE_BOOL_TYPE
Caution: make command is actually a one-line command. Execute it as a single line command. Please ignore the line breaks in the example below. Because of the length of the command, these line breaks are inserted.
$ make -C /home/beat/openvswitch-1.9.0 \
SSL_CFLAGS="-I/home/beat/oe/arago-tmp/sysroots/armv7a-arago-linux-gnueabi/usr/include" \
SSL_LIBS="-L/home/beat/oe/arago-tmp/sysroots/armv7a-arago-linux-gnueabi/usr/lib -lssl -lcrypto -ldl"
CROSS_COMPILE="arm-arago-linux-gnueabi-" ARCH="arm" KCC="arm-arago-linux-gnueabi-" GCC="arm-arago-linux-gnueabi-gcc"
Create a temporal directory for preparing the installation, and install it the temporal directory.
Caution: make install command is a one line command. Please execute it as a single line command. The line breaks in the example below are inserted for legibility.~
$ mkdir tmp_install
$ make -C /home/beat/openvswitch-1.9.0
SSL_CFLAGS="-I/home/beat/oe/arago-tmp/sysroots/armv7a-arago-linux-gnueabi/usr/include" \
SSL_LIBS="-L/home/beat/oe/arago-tmp/sysroots/armv7a-arago-linux-gnueabi/usr/lib -lssl -lcrypto -ldl" \
CROSS_COMPILE="arm-arago-linux-gnueabi-" ARCH="arm" KCC="arm-arago-linux-gnueabi-" GCC="arm-arago-linux-gnueabi-gcc" \
DESTDIR=/home/beat/openvswitch-1.9.0/tmp_install install
Placing files in SD †
The kernel is generated at directories below linux-3.7.2/arch/arm/boot/uImage and linux-3.7.2/tmp_install/lib/. The generated openvswitch is located at director bekw openvswitch-1.9.0/temp_install/usr. These files are copied to partitions of a boot image of bc10. Two partitions are created at a SD card. fat and ex3 partitions are mounted at /media/FAT and /media/EXT3, respectively.
$ sudo -s
# cd ~/linux-3.7.2
# cp arch/arm/boot/uImage /media/FAT/uImage
# cd tmp_install
# cp -a lib/ /media/EXT3/
# cd ~/openvswitch-1.9.0/tmp_install
# cp -a usr /media/EXT3/
To use OpenvSwitch on bc10, configure and boot OpenFlow Switch.
Caution: If a bridge device of vSwitch is created at booting an OpenFlow session and the OpenFlow session ends without removing the bridge device, this bridge device will not be removed for the next session.
Check that the updated kernel 3.7.2 is working.
# uname -a
Linux beagleboard 3.7.2 #2 Tue Apr 30 12:34:35 JST 2013 armv7l unknown
Execute insmod on openvswitch.ko
# insmod /lib/modules/3.7.2/kernel/net/openvswitch/openvswitch.ko
For the frst time boot, please create conf.db.
# ovsdb-tool create /usr/local/etc/openvswitch/conf.db /usr/local/share/openvswitch/vswitch.ovsschema
Start up the server and boot OpenFlow Switch.
Caution: In the example shown below, line brakes are included in ovsdb-server command line. However, this command is a one-line command. Please do not type in line breaks.
# ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock \
--remote=db:Open_vSwitch,manager_options --private-key=db:SSL,private_key \
--certificate=db:SSL,certificate --bootstrap-ca-cert=db:SSL,ca_cert --pidfile --detach
# ovs-vsctl --no-wait init
# ovs-vswitchd --pidfile --detach
Create A bridge device br0, and add eth1 and eth2 to br0.
# ovs-vsctl add-br br0
# ovs-vsctl add-port br0 eth1
# ovs-vsctl add-port br0 eth2
# ifconfig eth1 up
# ifconfig eth2 up
# ifconfig br0 up
The configuration of OpenFlow Controller is added to the bridge device.
The controller is tcp connection, and its address and port are 192.168.1.10 and 6633, respectively. The switch is tcp connection, and its port is 6634.
# ovs-vsctl set-controller br0 tcp:192.168.1.10:6633 ptcp:6634
To select fail-mode as secure, the communication to the host is disconnected as it is neither selected nor configured adequately.
# ovs-vsctl set-fail-mode br0 secure
Make sure all configurations, which have been discussed so far, are implemented correctly.
# ovs-vsctl show
d64d185f-43f9-48db-9e27-fecd0e10d54b
Bridge "br0"
Controller "ptcp:6634"
Controller "tcp:192.168.1.10:6633"
fail_mode: secure
Port "br0"
Interface "br0"
type: internal
Port "eth1"
Interface "eth1"
Port "eth2"
Interface "eth2"
Checking the operation of OpenFlow Switch †
In the same way as OpenFlow/Open vSwitch_x86, check the operation of OpenFlow Switch.
Applying the same process of OpenFlow/OpenFlow Tutorial 1, check the operation of OpenFlow Switch.
From a PC (Controller), check the status of the switch via dpcti commands. In the example shown below, eth1 and eth2 are assigned to the port1 and port2, respectively.
$ dpctl show tcp:192.168.1.1:6634
features_reply (xid=0x7b67dfa0): ver:0x1, dpid:d0b6a5b34
n_tables:255, n_buffers:256
features: capabilities:0xc7, actions:0xfff
1(eth1): addr:00:0d:0b:6a:5b:34, config: 0, state:0
current: 1GB-FD AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG AUTO_PAUSE
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG
2(eth2): addr:4c:e6:76:55:44:cd, config: 0, state:0
current: 100MB-FD AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD COPPER AUTO_NEG
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD COPPER AUTO_NEG
LOCAL(br0): addr:00:0d:0b:6a:5b:34, config: 0, state:0
get_config_reply (xid=0xdb4bcad5): miss_send_len=0
Realize a flow table has not been created on the switch yet.
$ dpctl dump-flows tcp:192.168.1.1:6634
stats_reply (xid=0xa654d2d0): flags=none type=1(flow)
Executing ping between Host1 and Host2 several times, please make sure that pings never reach their targeted hosts.
$ ping -c3 192.168.11.1
PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
From 192.168.11.10 icmp_seq=1 Destination Host Unreachable
From 192.168.11.10 icmp_seq=2 Destination Host Unreachable
From 192.168.11.10 icmp_seq=3 Destination Host Unreachable
--- 192.168.11.1 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2016ms
Add a table flow via a PC (the controller). This table flow enables packets go through between the port1 and port2.
$ dpctl add-flow tcp:192.168.1.1:6634 in_port=1,actions=output:2
$ dpctl add-flow tcp:192.168.1.1:6634 in_port=2,actions=output:1
Make sure that the table flow is added.
$ dpctl dump-flows tcp:192.168.1.1:6634
stats_reply (xid=0x8504cde8): flags=none type=1(flow)
cookie=0, duration_sec=10s, duration_nsec=941000000s, table_id=0, priority=32768, n_packets=0, n_bytes=0, idle_timeout=60,hard_timeout=0,in_port=1,actions=output:2
cookie=0, duration_sec=1s, duration_nsec=943000000s, table_id=0, priority=32768, n_packets=0, n_bytes=0, idle_timeout=60,hard_timeout=0,in_port=2,actions=output:1
After the table flow is added, make sure pings reach their targeted hosts as ping executes several times.
$ ping -c3 192.168.11.1
PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
64 bytes from 192.168.11.1: icmp_req=1 ttl=64 time=4.17 ms
64 bytes from 192.168.11.1: icmp_req=2 ttl=64 time=1.25 ms
64 bytes from 192.168.11.1: icmp_req=3 ttl=64 time=1.33 ms
--- 192.168.11.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.256/2.256/4.177/1.358 ms
Applying the same process of OpenFlow/OpenFlow Tutorial 2, check the operation of OpenFlow Switch.
Execute a controller command on a different terminal of the PC (Controller).
$ controller ptcp:
Make sure there are no flow tables.
$ dpctl dump-flows tcp:192.168.1.1:6634
stats_reply (xid=0xf2eadd2c): flags=none type=1(flow)
At Host1 and Hos2, execute ping, and make sure that pings can reach their corresponding hosts.
$ ping -c3 192.168.11.1
PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
64 bytes from 192.168.11.1: icmp_req=1 ttl=64 time=4.64 ms
64 bytes from 192.168.11.1: icmp_req=2 ttl=64 time=3.10 ms
64 bytes from 192.168.11.1: icmp_req=3 ttl=64 time=1.33 ms
--- 192.168.11.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.331/3.026/4.642/1.353 ms
Check that the flow table of bc10 (the switch) is added from the PC (the controller).
$ dpctl dump-flows tcp:192.168.1.1:6634
stats_reply (xid=0xb5e0898d): flags=none type=1(flow)
cookie=0, duration_sec=11s, duration_nsec=308000000s, table_id=0, priority=65535, n_packets=2, n_bytes=196, idle_timeout=60,hard_timeout=0,icmp,in_port=2,dl_vlan=0xffff,dl_src=00:23:8b:56:f9:ed,dl_dst=00:0f:b0:f7:28:07,nw_src=192.168.11.10,nw_dst=192.168.11.1,nw_tos=0x00,icmp_type=8,icmp_code=0,actions=output:1
cookie=0, duration_sec=12s, duration_nsec=308000000s, table_id=0, priority=65535, n_packets=3, n_bytes=294, idle_timeout=60,hard_timeout=0,icmp,in_port=1,dl_vlan=0xffff,dl_src=00:0f:b0:f7:28:07,dl_dst=00:23:8b:56:f9:ed,nw_src=192.168.11.1,nw_dst=192.168.11.10,nw_tos=0x00,icmp_type=0,icmp_code=0,actions=output:2
cookie=0, duration_sec=7s, duration_nsec=301000000s, table_id=0, priority=65535, n_packets=1, n_bytes=60, idle_timeout=60,hard_timeout=0,arp,in_port=1,dl_vlan=0xffff,dl_src=00:0f:b0:f7:28:07,dl_dst=00:23:8b:56:f9:ed,nw_src=192.168.11.1,nw_dst=192.168.11.10,nw_proto=1,actions=output:2
cookie=0, duration_sec=7s, duration_nsec=297000000s, table_id=0, priority=65535, n_packets=1, n_bytes=60, idle_timeout=60,hard_timeout=0,arp,in_port=2,dl_vlan=0xffff,dl_src=00:23:8b:56:f9:ed,dl_dst=00:0f:b0:f7:28:07,nw_src=192.168.11.10,nw_dst=192.168.11.1,nw_proto=2,actions=output:1
This is the end of checking the operation of OpenFlow Switch, applying the same process as OpenFlow Tutorial 1 and 2.
![[PukiWiki]](image/bc_logo.png "[PukiWiki]"){kind=logo}
SwithEnv_bc10.png 1671 download
[Information]
