一、FAQ
mn 指令的默认controller是ovs-controller,最多只支持16个switch,如果要支持更多,必须换controller
OpenFlow reference implementation using mininet/util/install.sh -f. Consult the comments in the example's .py file for details.
发现了documentation 要学的东西更多了orz
二、openflow
是远程控制网络交换机、路由器和接入点的接口
学完tutorial之后,不够的话
1、The tutorial instructions require no prior knowledge of OpenFlow. The OpenFlow Learn More page is a concise introduction, and more information is available from the Open Networking Foundation.
(*^▽^*)
2、To learn more about OpenFlow in general, consult the Open Networking Foundation OpenFlow site and the historical OpenFlow page. There are videos, blog entries, and more. Check the wiki for link to OpenFlow-based projects and demos.
2.1 Additional Tools: FlowVisor
https://www.sdnlab.com/3081.html(里面提及的实验暂时未做)
FlowVisor也有个tutorial,真是学不完的
作为一个网络虚拟化平台,FlowVisor部署在标准OpenFlow控制器和OpenFlow交换机之间,成为二者的透明代理。FlowVisor能够与多个控制器连接使得每个控制器控制一个虚网,保证各虚网相互隔离。
FlowVisor是一个特殊的OpenFlow控制器,所有OpenFlow消息都将透过FlowVisor进行传送。FlowVisor会根据配置策略对OpenFlow消息进行拦截、修改、转发等操作。这样,OpenFlow控制器就只控制其被允许控制的流,并不知道其所管理的网络被FlowVisor进行过分片操作。相似地,从交换机发出的消息经过FlowVisor也只会被发送到相应的控制器。
核心思想是:对上行消息的映射和对下行信令的过滤。
Unable to locate tools.jar. Expected to find it in /usr/lib/jvm/java-8-openjdk-amd64/lib/tools.jar
因为没有安装jdk
我把user和group都设置为root
它的配置文件位于/etc/flowvisor/config.json。配置文件中包括简单的Slice、FlowSpaceRule样例,以及FlowVisor的监听端口、日志等级、版本等信息。
{
"flowvisor": [
{
"checkpointing": false,
"default_flood_perm": "fvadmin",
"config_name": "default",
"listen_port": 6633, 交换机的监听端口
"log_ident": "flowvisor",
"stats_desc_hack": false,
"api_webserver_port": 8080, xml请求的监听端口
"run_topology_server": false,
"api_jetty_webserver_port": 8081, json请求的监听端口
"version": "flowvisor-1.4.0",
"track_flows": false,
"db_version": 2,
"log_facility": "LOG_LOCAL7",
"host": "localhost",
"logging": "NOTE"
}
],
"Slice": [
{
"config_name": "default",
"lldp_spam": true,
"creator": "fvadmin",
"controller_port": 0,
"contact_email": "fvadmin@localhost",
"drop_policy": "exact",
"passwd_crypt": "a4ed53c09b3a7bc3bdd8e36dd6038911",
"passwd_salt": "399487368",
"name": "fvadmin",
"admin_status": true,
"max_flow_rules": -1,
"flowmap_type": "federated",
"controller_hostname": "none"
}
],
"switches": [],
"FlowSpaceRule": []
}sudo fvconfig load /etc/flowvisor/config.json 以这条指令开始工作
2.2 Learn Development Tools
terminal types
- SSH terminal: connects to OpenFlowTutorial. Created by using putty on Windows or SSH on OS X / Linux, as described in the previous section. Copy and paste should work on this terminal.
- xterm terminal: connects to a host in the virtual network. Created in the next section when you start up the virtual network. Will be labeled at the top with the name of the host.
networking utilities pre-installed
OpenFlow Controller: OpenFlow接口之上 (可以自己在NOX或者Beacon上写控制器程序)
OpenFlow Switch:OpenFlow接口之下,有user-space software switch和Open vSwitch,Broadcom提供了一些硬件交换机
ovs-ofctl: 控制行工具,可用于查看交换机端口和流状态,以及手动插入流条目
Wireshark:将OpenFlow message发送到OpenFlow默认的6633端口
iperf:测试一个TCP连接的速度
mininet:网络模拟平台,建立虚拟的OpenFlow网络
cbench: 测试OpenFLow controllers的流设置速率
Start Network
nl 是NetLink的简写
sudo mn --topo single,3 --mac --switch ovsk --controller remoteHere's what Mininet just did:
- Created 3 virtual hosts, each with a separate IP address.
- Created a single OpenFlow software switch in the kernel with 3 ports.
- Connected each virtual host to the switch with a virtual ethernet cable.
- Set the MAC address of each host equal to its IP.
- Configure the OpenFlow switch to connect to a remote controller.
Mininet Brief Intro
NB: The prompt mininet> is for Mininet console, $ is for SSH terminal (normal user) and # is for SSH terminal (root user) (See Command Prompt Notes). Hereafter we follow with this rule.
ovs-ofctl Example Usage
运行一个网络 --switch ovsk后,换另一个terminal执行ovs-ofctl
sudo mn --topo single,3 --mac --switch ovsk --controller remote
可以观察和控制一个交换机流表,适用于debug
Most OpenFlow switches can start up with a passive listening port, from which you can poll (轮询)the switch, without having to add debugging code to the controller
大多数OpenFlow交换机可以从被动侦听端口启动,您可以从该端口侦听交换机,而无需向控制器添加调试代码。
show命令连接switch并输出端口状态和容量
用ovs-ofctl dump-flows s1命令输出流表(先启动controller,否则流表为空)
Accessing remote OVS instances or the Stanford reference switch
上面的例子ovs-ofctl是通过Unix域套接字domain socket来连接本地Open vSwitch实例。如果是用别的类型的交换机,要指定tcp端口
ovs-ofctl dump-flows tcp:{ip address}:{port}
其中IP地址是交换机的管理接口,端口是passive OpenFlow 监听/管理端口
如果mininet配置成--switch user,交换机的端口从6633开始按顺序配置,这就是为什么出现错误的时候,再建mininet要求kill掉tcp:6633, 使用命令ovs-ofctl dump-flows tcp:127.0.0.1:6634
注意:dpctl和ovs-dpctl是检验OVS的kernel flow cache,是整个OpenFlow流表的子集,一般不用他们流在OVS's flow cache在5s内失效,这使得OVS可以支持很大的流表
为什么ping失败:ovs-ofctl Example Usage中搭建的网络没有controller,因此交换机不知道该做什么,需要我们手动天界流
# ovs-ofctl add-flow s1 in_port=1,actions=output:2 # ovs-ofctl add-flow s1 in_port=2,actions=output:1
使得port1来的包转发到port2,port2来的包转发到port1
这个时候看流表,它就不是空的了
再次在mininet执行ping命令
再查看流表,就有比较清晰的数据了
Start Wireshark
https://github.com/mininet/openflow-tutorial/wiki/Set-up-Virtual-Machine#Access_VM_via_SSH 但是不work!
我佛了
Benchmark Controller w/iperf
iperf可以查看两台电脑之间的速度
三、Create a Learning Switch
emm拿了推荐的POX试水
kill 6653之后
(╯‵□′)╯︵┻━┻ 直接重启啥事没有
这条指令使日志信息详细地打印,并且开启of_tutorial组件(相当于hub)
Verify Hub Behavior with tcpdump
教程和实际 不符
tcpdump -XX -n -i h2-eth0 可以打印出所有经过h2-eth0的包
注意 xterm里的语法与terminal里的语法一样,和mininet的语法不一样
ping -c 3 des -c指定了发包的数量
如果运行iperf所有的包都会到controller
Open Hub Code and Begin
pox/pox/misc/of_tutorial.py
每次修改的时候重启pox,保证它如下3点:像集线器一样,controller-based Ethernet learning switch, and (3) flow-accelerated learning switch,后两个具体体现在第一次ARP之后,不是目的主机的hosts的tcpdump traffic中不会有记录
Learning Python
Sending OpenFlow messages with POX
connection.send( ... ) # send an OpenFlow message to a switch
ofp_action_output class
四、Testing Your Controller
暂停一下下
1、确认只有广播包和目的地未知的包进入non-input 端口(每个host在xterm里用tcpdump)
2、用ovs-ofctl测试flow counters,如果紧接着的ping比原先快很多就完成,就可以确定他们每一经过controller(用iperf,没有OpenFlow packet-in 包进入,带宽应该很大,应该和用reference learning switch controller 时差不多大)(这一条不太确定怎么验证)
Other uses could even extend into layer 7; cookie-based load balancing, for example.我的短期最终目标~
五、FAQ
https://github.com/mininet/openflow-tutorial/wiki/Frequently-Asked-Questions-%28FAQ%29
学着使用gnome-terminal叭,它会比xterm更加强大
Why can't I ssh into my VirtualBox VM?
You may not be able to connect to a VirtualBox VM that only has NAT networking enabled. Make sure that you have followed the instructions above and configured host-only networking on at least one interface in the VM settings, and make sure that the host-only interface is configured and that you are connecting to its correct IP address.
If this does not work, or for more advanced setup, see below.
I can't start WireShark or xterm - help!
You are probably getting an error like "cannot open display."
This probably means that you have not successfully connected to the VM with ssh and X11 forwarding enabled.
明天继续尝试连接!!!