[[labs.beatcraft.com]]~
[[OpenFlow]]~
#contents

* OpenFlow/Open vSwitch_x86 [#bff1d8db]
>
To use 2 PCs (x86 machines), a network is created. One PC is set up for OpenFlow Controller (Controller or the controller), and the other is configured~
as OpenFlow Switch (Switch or the switch). Then, to apply OpenFlow Tutorial 1 and 2, the operations of the switch and controller is checked on the network.~

>
To use OpenFlow Controller and Open Switch, a set of mininet environment required, mininet is needed to be installed on both PCs. The OS used for~
both PCs is Ubuntu 12.04. (32bit version)~
~
The instruction of how to instal mininet on a PC is available at [[OpenFlow/mininet]].~
~
PCs, which are treated as host machines, use Linux OS. This project uses bc10 and x86 machines, which are installed Ubuntu 12.04 (32bit version).~
~
After the installation of mininet is completed, set up a network. The overview of the network is showed in the diagram below. IP address of each machine~
is fixed. This network is used for checking the operation of vSwitch.~
#ref(SwithEnv.png,,80%);~

* Booting OpenFlow Switch [#d4074d02]
>
To operate Open vSwitch on a PC (Switch), OpenFlow Switch is configured and booted.~
~
After booting the PC, check whether ovsdb-server and ovs-vswitchd are operated or not. If they are not operated, execute /etc/init.d/openvswitch- switch start.~
 $ sudo /etc/init.d/openvswitch-switch start

>
After executing openvswitch-seitch start, this is the results of applying ps axu | grep ovs are shown below.~
 $ ps axu | grep ovs
 root      1360  0.0  0.0   4780   416 ?        S<   16:12   0:03 ovsdb-server: monitoring pid 1361 (healthy)                                                                                                                         
 root      1361  0.0  0.1   4904  1652 ?        S<s  16:12   0:01 ovsdb-server /etc/openvswitch/conf.db -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO --remote=punix:/var/run/openvswitch/db.sock --remote=db:Open_vSwitch,manager_options --private-key=db:SSL,private_key --certificate=db:SSL,certificate --bootstrap-ca-cert=db:SSL,ca_cert --no-chdir --log-file=/var/log/openvswitch/ovsdb-server.log --pidfile=/var/run/openvswitch/ovsdb-server.pid --detach --monitor
 root      1388  0.0  0.0   5464   692 ?        S<   16:12   0:03 ovs-vswitchd: monitoring pid 1389 (healthy)                                                                                                                        
 root      1389  0.0  0.1   5468  1692 ?        S<s  16:12   0:01 ovs-vswitchd unix:/var/run/openvswitch/db.sock -vANY:CONSOLE:EMER -vANY:SYSLOG:ERR -vANY:FILE:INFO --mlockall --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach --monitor
 beat      3713  0.0  0.0   5364   840 pts/3    S+   17:14   0:00 grep --color=auto ovs

> 
Check that there are no unnecessary bridge devices.~
~
Caution: If the device is turned down without removing created bridge devices of Open vSwitch, these created bridge devices remain for the next booting.~
 #ovs-vsctl show

>
If unnecessary bridge devices exist, these bridge devices will be removed. In this example, a bridge device is named br0.~
 # ovs-vsctl del-br br0

>
As a new bridge device, br0, is created, it is listed with eth2 and eth3.~
 # ovs-vsctl add-br br0
 # ovs-vsctl add-port br0 eth2
 # ovs-vsctl add-port br0 eth3

>
Boot each device.~
 # ifconfig eth2 up
 # ifconfig eth3 up
 # ifconfig br0 up

>
Add the configuration of OpenFlow Controller to a bridge device. In this example, the controller is connected via tcp, its address and port are 192.168.1.10 and 6633, respectively. The switch is configured as tcp 6634 port.~
 # ovs-vsctl set-controller br0 tcp:192.168.1.10:6633 ptcp:6634

>
As fail-mode is configured as secure, disconnect a communication with the host when there are no specific configurations.~
 # ovs-vsctl set-fail-mode br0 secure

>
Please check that all settings, which have been explained here, are implemented correctly.~
 # ovs-vsctl show
 b8c00762-8c74-455b-9c96-3a9e9c8cf275
     Bridge "br0"
         Controller "ptcp:6634"
         Controller "tcp:192.168.1.10:6633"
         fail_mode: secure
         Port "eth2"
             Interface "eth2"
         Port "eth3"
             Interface "eth3"
         Port "br0"
             Interface "br0"
                 type: internal
     ovs_version: "1.4.0+build0"
~
This is the end of the configuration of the switch.~

* Check the operation of OpenFlow Switch [#fdcf1d96]
>
Check the operation of OpenFlow Switch.~

** OpenFlow Tutorial 1 [#b1558ede]
>
Check the operation of OpenFlow Switch in the same checking process as [[OpenFlow/OpenFlow Tutorial 1]].~
~
Check the condition of the switch via dpctl commands from the PC (Controller). The output below indicates that the port1 and port2 are allocated~
to specific eth-s.~
 $ dpctl show tcp:192.168.1.1:6634
 features_reply (xid=0x23ede000): ver:0x1, dpid:d0b6a5b34
 n_tables:255, n_buffers:256
 features: capabilities:0xc7, actions:0xfff
 1(eth3): addr:00:0d:0b:6a:5b:34, config: 0, state:0x1
      current:    10MB-HD AUTO_NEG
      advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG AUTO_PAUSE
      supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG
 2(eth2): addr:00:1d:73:2e:91:94, config: 0, state:0x1
      current:    10MB-HD AUTO_NEG
      advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD COPPER AUTO_NEG AUTO_PAUSE
      supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD COPPER AUTO_NEG
 LOCAL(br0): addr:00:0d:0b:6a:5b:34, config: 0, state:0
 get_config_reply (xid=0x272fb894): miss_send_len=0

>
Make sure that flow table does not exist in the switch.~
 $ dpctl dump-flows tcp:192.168.1.1:6634
 stats_reply (xid=0x3c4353aa): flags=none type=1(flow)

>
Sending pings between Host1 and Host2, make sure that these pings do not reach their targeted hosts.~
 $ ping -c3 192.168.11.1
 PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
 From 192.168.11.2 icmp_seq=1 Destination Host Unreachable
 From 192.168.11.2 icmp_seq=2 Destination Host Unreachable
 From 192.168.11.2 icmp_seq=3 Destination Host Unreachable

>
Add the flow table, which instructs to flow packets form PC (Controller) to the port1 and port2, individually.~
 $ dpctl add-flow tcp:192.168.1.1:6634 in_port=1,actions=output:2
 $ dpctl add-flow tcp:192.168.1.1:6634 in_port=2,actions=output:1

>
Make sure that the table has been added.~
 $ dpctl dump-flows tcp:192.168.1.1:6634stats_reply (xid=0x52955575): flags=none type=1(flow)
  cookie=0, duration_sec=9s, duration_nsec=443000000s, table_id=0, priority=32768, n_packets=0, n_bytes=0,  idle_timeout=60,hard_timeout=0,in_port=1,actions=output:2
  cookie=0, duration_sec=2s, duration_nsec=309000000s, table_id=0, priority=32768, n_packets=0, n_bytes=0,  idle_timeout=60,hard_timeout=0,in_port=2,actions=output:1

>
Sending pings between Host1 and Host2 again, check whether pings can reach their targeted hosts.~
 $ ping -c3 192.168.11.1
 PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
 64 bytes from 192.168.11.1: icmp_req=1 ttl=64 time=6.89 ms
 64 bytes from 192.168.11.1: icmp_req=2 ttl=64 time=2.07 ms
 64 bytes from 192.168.11.1: icmp_req=3 ttl=64 time=1.74 ms
 
 --- 192.168.11.1 ping statistics ---
 3 packets transmitted, 3 received, 0% packet loss, time 2001ms
 rtt min/avg/max/mdev = 1.740/3.570/6.897/2.357 ms

>
Make sure that the flow table is removed after a specified period of tine has passed.~
 $ dpctl dump-flows tcp:192.168.1.1:6634
 stats_reply (xid=0x68565278): flags=none type=1(flow)

** OpenFlow Tutorial 2 [#jb697b5b]
>
Test the operation of OpenFlow Switch, applying the checking process, which is explained at  [[OpenFlow/OpenFlow Tutorial 2]].~ 
~
Boot Wireshark in the different terminal on the PC (Switch), and Set up Filter as of.~
 $ sudo wireshark

>
Execute a controller command in the different terminal on the PC (Controller).~
 $ controller ptcp:

>
At this time, please make sure that OpenFlow packets are captured by Wireshark, which is on the PC (Switch).~
#ref(OVS.png,,80%);~

>
Sending pings between Host1 and Host2, make sure that these pings reach their targeted hosts.~
 $ ping -c3 192.168.11.1
 PING 192.168.11.1 (192.168.11.1) 56(84) bytes of data.
 64 bytes from 192.168.11.1: icmp_req=1 ttl=64 time=11.3 ms
 64 bytes from 192.168.11.1: icmp_req=2 ttl=64 time=2.86 ms
 64 bytes from 192.168.11.1: icmp_req=3 ttl=64 time=2.41 ms
 
 --- 192.168.11.1 ping statistics ---
 3 packets transmitted, 3 received, 0% packet loss, time 2002ms
 rtt min/avg/max/mdev = 2.410/5.534/11.323/4.097 ms

>
Then, from the PC (Controller), check the increase of flow tables on the PC (Switch).
 $ dpctl dump-flows tcp:192.168.1.1:6634
 stats_reply (xid=0xac113424): flags=none type=1(flow)
  cookie=0, duration_sec=11s, duration_nsec=597000000s, table_id=0, priority=65535, n_packets=3, n_bytes=294,idle_timeout=60,hard_timeout=0,icmp,in_port=1,dl_vlan=0xffff,dl_vlan_pcp=0x00,dl_src=4c:e6:76:55:44:d0,dl_dst=00:0f:b0:f7:28:07,nw_src=192.168.11.2,nw_dst=192.168.11.1,nw_tos=0x00,icmp_type=8,icmp_code=0,actions=output:2
   cookie=0, duration_sec=11s, duration_nsec=594000000s, table_id=0, priority=65535, n_packets=3, n_bytes=294,idle_timeout=60,hard_timeout=0,icmp,in_port=2,dl_vlan=0xffff,dl_vlan_pcp=0x00,dl_src=00:0f:b0:f7:28:07,dl_dst=4c:e6:76:55:44:d0,nw_src=192.168.11.1,nw_dst=192.168.11.2,nw_tos=0x00,icmp_type=0,icmp_code=0,actions=output:1
   cookie=0, duration_sec=6s, duration_nsec=592000000s, table_id=0, priority=65535, n_packets=1, n_bytes=60,idle_timeout=60,hard_timeout=0,arp,in_port=2,dl_vlan=0xffff,dl_vlan_pcp=0x00,dl_src=00:0f:b0:f7:28:07,dl_dst=4c:e6:76:55:44:d0,nw_src=192.168.11.1,nw_dst=192.168.11.2,nw_proto=1,actions=output:1
   cookie=0, duration_sec=6s, duration_nsec=588000000s, table_id=0, priority=65535, n_packets=1, n_bytes=60,idle_timeout=60,hard_timeout=0,arp,in_port=1,dl_vlan=0xffff,dl_vlan_pcp=0x00,dl_src=4c:e6:76:55:44:d0,dl_dst=00:0f:b0:f7:28:07,nw_src=192.168.11.2,nw_dst=192.168.11.1,nw_proto=2,actions=output:2
   cookie=0, duration_sec=11s, duration_nsec=599000000s, table_id=0, priority=65535, n_packets=1, n_bytes=60,idle_timeout=60,hard_timeout=0,arp,in_port=2,dl_vlan=0xffff,dl_vlan_pcp=0x00,dl_src=00:0f:b0:f7:28:07,dl_dst=4c:e6:76:55:44:d0,nw_src=192.168.11.1,nw_dst=192.168.11.2,nw_proto=2,actions=output:1
This is the end of replicating the checking process of OpenFlow Tutorial 1 and 2.~
(This article does not report the difference in performance by the different settings.)

*** Topic: The difference against OpenFlow Reference implementation [#v18f1da6]
>
In this article, the version of OpenFlow, which is used for checking its operation, is 1.0. This employs OpenFlow Reference as Controller, which has no longer maintained.~
In this article, the version of OpenFlow, which is used for checking its operation, is 1.0. This employs OpenFlow Reference as Controller, which has no~
longer maintained.~
~
OpenFlow Switch, which is created from OpenFlow reference implementation, is different from Open vSwitch.~
~
Action of OpenFlow Switch, which is based upon Open vSwitch, is 0x00000fff, but Action of OpenFlow Switch, which uses OpenFlow reference implementation, is 0x00000eff. In OpenFlow Switch, which employs OpenFlow reference implementation, Set IP TOS bit is configured as No.~
Action of OpenFlow Switch, which is based upon Open vSwitch, is 0x00000fff, but Action of OpenFlow Switch, which uses OpenFlow reference~
implementation, is 0x00000eff. In OpenFlow Switch, which employs OpenFlow reference implementation, Set IP TOS bit is configured as No.~
~
Since Open vSwitch has been fixed and improved, Set IP TOS bit is set as Yes.~
~
To apply to the command below, check the details of OpenFlow Switch, which is based upon OpenFlow reference implementation. (Controller side has already been checked with the commands shown above.)~
To apply to the command below, check the details of OpenFlow Switch, which is based upon OpenFlow reference implementation. (Controller side has~
already been checked with the commands shown above.)~
 # ofdatapath punix:/var/run/dp0.sock -i eth2,eth3 --local-port=tap:tap0 -D
 # ofprotocol unix:/var/run/dp0.sock tcp:192.168.1.10:6633 --out-of-band --fail=closed --listen=ptcp:6634

>
#ref(OpenVswitch.png,,80%) ~
Figure 1. Action of OpenFlow Switch based upon Open vSwitch.~
~
#ref(OpenFlow.png,,80%) ~
Figure 2. Action of OpenFlow Switch originated from OpenFlow reference implementation.~
~
* Revision History [#p5b60a86]
>
- 2013/08/28 This article is initially published.~

Front page   Edit Diff Backup Upload Copy Rename Reload   New List of pages Search Recent changes   RSS of recent changes