OpenFlow/OpenvSwitch_x86

OpenFlow/Open vSwitch_x86
Booting OpenFlow Switch
Check the operation of OpenFlow Switch
- OpenFlow Tutorial 1
- OpenFlow Tutorial 2
  - Topic: The difference against OpenFlow Reference implementation
Revision History

OpenFlow/Open vSwitch_x86 †

To use 2 PCs (x86 machines), a network is created. One PC is set up for OpenFlow Controller (Controller or the controller), and the other is configured
as OpenFlow Switch (Switch or the switch). Then, to apply OpenFlow Tutorial 1 and 2, the operations of the switch and controller is checked on the network.

To use OpenFlow Controller and Open Switch, a set of mininet environment required, mininet is needed to be installed on both PCs. The OS used for
both PCs is Ubuntu 12.04. (32bit version)

The instruction of how to instal mininet on a PC is available at OpenFlow/mininet.

PCs, which are treated as host machines, use Linux OS. This project uses bc10 and x86 machines, which are installed Ubuntu 12.04 (32bit version).

After the installation of mininet is completed, set up a network. The overview of the network is showed in the diagram below. IP address of each machine
is fixed. This network is used for checking the operation of vSwitch.

↑

Booting OpenFlow Switch †

To operate Open vSwitch on a PC (Switch), OpenFlow Switch is configured and booted.

After booting the PC, check whether ovsdb-server and ovs-vswitchd are operated or not. If they are not operated, execute /etc/init.d/openvswitch- switch start.
$ sudo /etc/init.d/openvswitch-switch start

After executing openvswitch-seitch start, this is the results of applying ps axu | grep ovs are shown below.

$ ps axu | grep ovs
root      1360  0.0  0.0   4780   416 ?        S<   16:12   0:03 ovsdb-server: monitoring pid 1361 (healthy)                                                                                                                         
root      1361  0.0  0.1   4904  1652 ?        S<s  16:12   0:01 ovsdb-server /etc/openvswitch/conf.db -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO --remote=punix:/var/run/openvswitch/db.sock --remote=db:Open_vSwitch,manager_options --private-key=db:SSL,private_key --certificate=db:SSL,certificate --bootstrap-ca-cert=db:SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach --monitor
root      1388  0.0  0.0   5464   692 ?        S<   16:12   0:03 ovs-vswitchd: monitoring pid 1389 (healthy)                                                                                                                        
root      1389  0.0  0.1   5468  1692 ?        S<s  16:12   0:01 ovs-vswitchd unix:/var/run/openvswitch/db.sock -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach --monitor
beat      3713  0.0  0.0   5364   840 pts/3    S+   17:14   0:00 grep --color=auto ovs

Check that there are no unnecessary bridge devices.

Caution: If the device is turned down without removing created bridge devices of Open vSwitch, these created bridge devices remain for the next booting.
#ovs-vsctl show

If unnecessary bridge devices exist, these bridge devices will be removed. In this example, a bridge device is named br0.
# ovs-vsctl del-br br0

As a new bridge device, br0, is created, it is listed with eth2 and eth3.
# ovs-vsctl add-br br0
# ovs-vsctl add-port br0 eth2
# ovs-vsctl add-port br0 eth3

Boot each device.

# ifconfig eth2 up
# ifconfig eth3 up
# ifconfig br0 up

Add the configuration of OpenFlow Controller to a bridge device. In this example, the controller is connected via tcp, its address and port are 192.168.1.10 and 6633, respectively. The switch is configured as tcp 6634 port.
# ovs-vsctl set-controller br0 tcp:192.168.1.10:6633 ptcp:6634

As fail-mode is configured as secure, disconnect a communication with the host when there are no specific configurations.
# ovs-vsctl set-fail-mode br0 secure

Please check that all settings, which have been explained here, are implemented correctly.

# ovs-vsctl show
b8c00762-8c74-455b-9c96-3a9e9c8cf275
    Bridge "br0"
        Controller "ptcp:6634"
        Controller "tcp:192.168.1.10:6633"
        fail_mode: secure
        Port "eth2"
            Interface "eth2"
        Port "eth3"
            Interface "eth3"
        Port "br0"
            Interface "br0"
                type: internal
    ovs_version: "1.4.0+build0"

This is the end of the configuration of the switch.

↑

Check the operation of OpenFlow Switch †

Check the operation of OpenFlow Switch.

↑

OpenFlow Tutorial 1 †

Check the operation of OpenFlow Switch in the same checking process as OpenFlow/OpenFlow Tutorial 1.

Check the condition of the switch via dpctl commands from the PC (Controller). The output below indicates that the port1 and port2 are allocated
to specific eth-s.

$ dpctl show tcp:192.168.1.1:6634
features_reply (xid=0x23ede000): ver:0x1, dpid:d0b6a5b34
n_tables:255, n_buffers:256
features: capabilities:0xc7, actions:0xfff
1(eth3): addr:00:0d:0b:6a:5b:34, config: 0, state:0x1
     current:    10MB-HD AUTO_NEG
     advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG AUTO_PAUSE
     supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG
2(eth2): addr:00:1d:73:2e:91:94, config: 0, state:0x1
     current:    10MB-HD AUTO_NEG
     advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD COPPER AUTO_NEG AUTO_PAUSE
     supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD COPPER AUTO_NEG
LOCAL(br0): addr:00:0d:0b:6a:5b:34, config: 0, state:0
get_config_reply (xid=0x272fb894): miss_send_len=0

Make sure that flow table does not exist in the switch.
$ dpctl dump-flows tcp:192.168.1.1:6634
stats_reply (xid=0x3c4353aa): flags=none type=1(flow)

Sending pings between Host1 and Host2, make sure that these pings do not reach their targeted hosts.

$ ping -c3 192.168.11.1
PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
From 192.168.11.2 icmp_seq=1 Destination Host Unreachable
From 192.168.11.2 icmp_seq=2 Destination Host Unreachable
From 192.168.11.2 icmp_seq=3 Destination Host Unreachable

Add the flow table, which instructs to flow packets form PC (Controller) to the port1 and port2, individually.
$ dpctl add-flow tcp:192.168.1.1:6634 in_port=1,actions=output:2
$ dpctl add-flow tcp:192.168.1.1:6634 in_port=2,actions=output:1

Make sure that the table has been added.

$ dpctl dump-flows tcp:192.168.1.1:6634stats_reply (xid=0x52955575): flags=none type=1(flow)
 cookie=0, duration_sec=9s, duration_nsec=443000000s, table_id=0, priority=32768, n_packets=0, n_bytes=0,  idle_timeout=60,hard_timeout=0,in_port=1,actions=output:2
 cookie=0, duration_sec=2s, duration_nsec=309000000s, table_id=0, priority=32768, n_packets=0, n_bytes=0,  idle_timeout=60,hard_timeout=0,in_port=2,actions=output:1

Sending pings between Host1 and Host2 again, check whether pings can reach their targeted hosts.

$ ping -c3 192.168.11.1
PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
64 bytes from 192.168.11.1: icmp_req=1 ttl=64 time=6.89 ms
64 bytes from 192.168.11.1: icmp_req=2 ttl=64 time=2.07 ms
64 bytes from 192.168.11.1: icmp_req=3 ttl=64 time=1.74 ms

--- 192.168.11.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 1.740/3.570/6.897/2.357 ms

Make sure that the flow table is removed after a specified period of tine has passed.
$ dpctl dump-flows tcp:192.168.1.1:6634
stats_reply (xid=0x68565278): flags=none type=1(flow)

↑

OpenFlow Tutorial 2 †

Test the operation of OpenFlow Switch, applying the checking process, which is explained at OpenFlow/OpenFlow Tutorial 2.~
Boot Wireshark in the different terminal on the PC (Switch), and Set up Filter as of.
$ sudo wireshark

Execute a controller command in the different terminal on the PC (Controller).
$ controller ptcp:

At this time, please make sure that OpenFlow packets are captured by Wireshark, which is on the PC (Switch).

Sending pings between Host1 and Host2, make sure that these pings reach their targeted hosts.

$ ping -c3 192.168.11.1
PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
64 bytes from 192.168.11.1: icmp_req=1 ttl=64 time=11.3 ms
64 bytes from 192.168.11.1: icmp_req=2 ttl=64 time=2.86 ms
64 bytes from 192.168.11.1: icmp_req=3 ttl=64 time=2.41 ms

--- 192.168.11.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 2.410/5.534/11.323/4.097 ms

Then, from the PC (Controller), check the increase of flow tables on the PC (Switch).

$ dpctl dump-flows tcp:192.168.1.1:6634
stats_reply (xid=0xac113424): flags=none type=1(flow)
 cookie=0, duration_sec=11s, duration_nsec=597000000s, table_id=0, priority=65535, n_packets=3, n_bytes=294,idle_timeout=60,hard_timeout=0,icmp,in_port=1,dl_vlan=0xffff,dl_vlan_pcp=0x00,dl_src=4c:e6:76:55:44:d0,dl_dst=00:0f:b0:f7:28:07,nw_src=192.168.11.2,nw_dst=192.168.11.1,nw_tos=0x00,icmp_type=8,icmp_code=0,actions=output:2
  cookie=0, duration_sec=11s, duration_nsec=594000000s, table_id=0, priority=65535, n_packets=3, n_bytes=294,idle_timeout=60,hard_timeout=0,icmp,in_port=2,dl_vlan=0xffff,dl_vlan_pcp=0x00,dl_src=00:0f:b0:f7:28:07,dl_dst=4c:e6:76:55:44:d0,nw_src=192.168.11.1,nw_dst=192.168.11.2,nw_tos=0x00,icmp_type=0,icmp_code=0,actions=output:1
  cookie=0, duration_sec=6s, duration_nsec=592000000s, table_id=0, priority=65535, n_packets=1, n_bytes=60,idle_timeout=60,hard_timeout=0,arp,in_port=2,dl_vlan=0xffff,dl_vlan_pcp=0x00,dl_src=00:0f:b0:f7:28:07,dl_dst=4c:e6:76:55:44:d0,nw_src=192.168.11.1,nw_dst=192.168.11.2,nw_proto=1,actions=output:1
  cookie=0, duration_sec=6s, duration_nsec=588000000s, table_id=0, priority=65535, n_packets=1, n_bytes=60,idle_timeout=60,hard_timeout=0,arp,in_port=1,dl_vlan=0xffff,dl_vlan_pcp=0x00,dl_src=4c:e6:76:55:44:d0,dl_dst=00:0f:b0:f7:28:07,nw_src=192.168.11.2,nw_dst=192.168.11.1,nw_proto=2,actions=output:2
  cookie=0, duration_sec=11s, duration_nsec=599000000s, table_id=0, priority=65535, n_packets=1, n_bytes=60,idle_timeout=60,hard_timeout=0,arp,in_port=2,dl_vlan=0xffff,dl_vlan_pcp=0x00,dl_src=00:0f:b0:f7:28:07,dl_dst=4c:e6:76:55:44:d0,nw_src=192.168.11.1,nw_dst=192.168.11.2,nw_proto=2,actions=output:1

This is the end of replicating the checking process of OpenFlow Tutorial 1 and 2.
(This article does not report the difference in performance by the different settings.)

↑

Topic: The difference against OpenFlow Reference implementation †

In this article, the version of OpenFlow, which is used for checking its operation, is 1.0. This employs OpenFlow Reference as Controller, which has no
longer maintained.

OpenFlow Switch, which is created from OpenFlow reference implementation, is different from Open vSwitch.

Action of OpenFlow Switch, which is based upon Open vSwitch, is 0x00000fff, but Action of OpenFlow Switch, which uses OpenFlow reference
implementation, is 0x00000eff. In OpenFlow Switch, which employs OpenFlow reference implementation, Set IP TOS bit is configured as No.

Since Open vSwitch has been fixed and improved, Set IP TOS bit is set as Yes.

To apply to the command below, check the details of OpenFlow Switch, which is based upon OpenFlow reference implementation. (Controller side has
already been checked with the commands shown above.)
# ofdatapath punix:/var/run/dp0.sock -i eth2,eth3 --local-port=tap:tap0 -D
# ofprotocol unix:/var/run/dp0.sock tcp:192.168.1.10:6633 --out-of-band --fail=closed --listen=ptcp:6634

Figure 1. Action of OpenFlow Switch based upon Open vSwitch.

Figure 2. Action of OpenFlow Switch originated from OpenFlow reference implementation.

↑

Revision History †

2013/08/28 This article is initially published.

recent(20)