OpenFlow Tutorial
March, 2015
Version: 1
www.pica8.com
Pica8, Inc.
1032 Elwell Court, Suite 105
sales@pica8.com
support@pica8.com
Palo Alto, CA. 94303
+1 (650) 614-5838
© Copyright 2015 Pica8 Inc. Pica8 is a registered trademark of Pica8 Incorporated, PicOS is a trademark
of Pica8 Incorporated. All rights reserved. All other trademarks are property of their respective owners.
Contents
Basic Bridge Configuration
4
Basic Flows Configurations
5
Connection to a Ryu Controller
6
Connection to Opendaylight controller
7
Connection to a Floodlight Controller
8
Basic Bridge Configuration
9
Basic Bridge Introduction
9
Power on Configuration
10
Configure Switch
13
Configure Bridge
14
Configure port
16
Default Bridge Behavior
16
OVS commands reference
18
Basic Flows Configurations
19
Flows Introduction
19
Modify default flow
20
Uni-directional Flow
21
1-to-Many Multicasting
24
Many-to-One Aggregation
25
OVS commands Used in this Tutorial
27
Packet address file
28
Connection to a Ryu Controller
29
Ryu Introduction
29
Introduce RYU Open Flow Controller
30
Configure OVS for RYU Open Flow Controller
31
Controller-OVS Interaction
33
RYU Simple Switch Application
35
Open flow message type
37
Ryu Guide OVS commands reference
38
Connection to Opendaylight controller
40
OpenDaylight introduction
40
Introduce OpenDaylight Open Flow Controller
41
Configure OVS for OpenDaylight Open Flow Controller
42
Opendaylight Controller-OVS Interaction
44
OpenDaylight Simple Switch Application
46
message type of open flow
47
OVS commands reference04
48
Connection to a Floodlight Controller
49
Floodlight controller Introduction
49
Floodlight Open Flow Controller
Why Make Changes
49
50
Changes to Floodlight
50
Build Floodlight
50
Test Topology
51
Configure OVS
52
Launch Floodlight
55
Floodlight REST Interface
curl
57
58
Add Flows
58
Delete Flows
58
OpenFlow Tutorial
Basic Bridge Configuration
Basic Bridge Introduction
Power on Configuration
Configure Switch
Configure Bridge
Configure port
Default Bridge Behavior
OVS commands reference
4
OpenFlow Tutorial
Basic Flows Configurations
Flows Introduction
Modify default flow
Uni-directional Flow
1-to-Many Multicasting
Many-to-One Aggregation
OVS commands Used in this Tutorial
Packet address file
5
OpenFlow Tutorial
Connection to a Ryu Controller
Ryu Introduction
Introduce RYU Open Flow Controller
Configure OVS for RYU Open Flow Controller
Controller-OVS Interaction
RYU Simple Switch Application
Open flow message type
Ryu Guide OVS commands reference
6
OpenFlow Tutorial
Connection to Opendaylight controller
OpenDaylight introduction
Introduce OpenDaylight Open Flow Controller
Configure OVS for OpenDaylight Open Flow Controller
Opendaylight Controller-OVS Interaction
OpenDaylight Simple Switch Application
message type of open flow
OVS commands reference04
7
OpenFlow Tutorial
Connection to a Floodlight Controller
Floodlight controller Introduction
Floodlight Open Flow Controller
Test Topology
Configure OVS
Launch Floodlight
Floodlight REST Interface
8
OpenFlow Tutorial
Basic Bridge Configuration
Basic Bridge Introduction
Power on Configuration
Configure Switch
Configure Bridge
Configure port
Default Bridge Behavior
OVS commands reference
Basic Bridge Introduction
This document provides instructions on how to configure Pica8's open switches to work in various
application scenarios. This document assumes the reader with minimal to no knowledge of the
Open Virtual Switch (OVS) implementation defined by http://openvswitch.org/ or the OpenFlow
protocol, defined by https://www.opennetworking.org/ .
After studying this guide, you will have the tools you need to configure Pica8's open switches as an
OpenFlow switch. You will also gain insights on how to optimize the configuration to work in your
application environment while also learning about OVS and the OpenFlow protocol.
This starter kit provides screen shots, and a list of off the shelf applications needed to complete the
configuration, as well as highlighting the problems you may encounter during the setup. More
documents or cookbooks on other subjects will be published periodically. This document provides
a tutorial on how to:
Configure Pica 8 as an OVS OpenFlow switch
Create bridges, add ports, show bridge and port statistics, status, as well as the OVS
database
Configure flow tables for uni-directional, bi-directional, traffic switching, one-to-many
multi-casting, mirroring, filtering, many-to-one aggregation, etc.,
Configure Pica 8 OVS OpenFlow switches to interface with the RYU OpenFlow Controller
9
OpenFlow Tutorial
Figure 1 – Test bed configuration
In this document, the system configuration depicted in Figure 1 includes:
A Pica8 P-3295 open switch with 48 x 1GbE and 4 x 10GbE uplinks
5 Linux PCs running Ubuntu 12.4.1 LTS, one is connected to the management LAN port
(RJ45) and console port (RJ45F); this PC is referred to the controller PC. The OpenFlow
controller will be running on this PC. Four PCs are connected to 1GbE port 1 to 4 and serve
as a data terminal for generating and monitoring traffic
Tools from installed on all the PCs are listed below. They can be installed through Linux
installation utility apt-get
Terminal emulator minicom
Traffic monitoring tool Wireshark
Packet generator Packeth
ftp and ftpd
telnet and telnetd
Power on Configuration
To start, configure your terminal emulator to the following configuration:
115200 8N1
No hardware flow control
No software flow control
10
OpenFlow Tutorial
To start the switch, a console cable is required to connect the switch console port to the serial port
on the controller PC. Run the terminal emulator on the console port from the controller PC, then
power on the switch.
Figure 2 shows the console output; do not hit any keys until you have seen the booting choice
menu. Enter 2 to boot into Open vSwitch mode. Next, the switch asks if the switch configuration
should be done manually, enter no to enter the automatic mode. In this mode, the OVS processes
will start automatically with default configuration such as log file etc.
Next, the switch static IP address is entered, in this configuration, subnet 200.16.1.x is used. You
can choose your own subnet address at this point. After the static IP address, a gateway IP
address is entered.
Next, an Open vSwitch configuration database name is required to store all the configuration
information. In this example, ovs-vswitchd.conf.db database name is used. If the database name
does not exist from previous configuration, it will be created in the default /ovs directory based on a
database schema defined in /ovs/share/openvswitch/vswitch.ovsschema. Multiple databases can
be created to provide different configurations; but only one database can be entered during this
start up sequence. The OVS processes can be stopped and restarted manually once the system is
running. They can also be configured as cron processes. The database is persistent; the
configuration stored in the database will be restored once the OVS processes starts.
Figure 2 – Power on console output
11
OpenFlow Tutorial
In this example, the ovs-vswitchd.conf.db was used in a previous configuration, therefore the
system found the database and created the initial configuration which will be shown later. In Figure
1, the management LAN port on the switch is eth0, eth0 is connected to the eth0 in the controller
PC to allow the controller PC to telnet into the switch without the limitation of the console. In this
configuration, all PCs are configured with static IP addresses to form an isolated environment for
testing.
Next, the switch continues the boot sequence, pay attention to the console messages regarding
the ovsdb-server and ovs-vswitchd. They are the ovsdb server and ovs switch daemons. The IP
address is the switch IP address and the 6633 is the default port number used to communicate
with the ovs switch database server process. A different port number can be set through the
manual configuration steps. You can reference the picos-2.0.4-ovs-configuration-guide.pd at {_}{+}
http://www.pica8.com/portal/trial.php+_ for manual configuration steps.
Figure 3 – Switch processes and bridge information
12
OpenFlow Tutorial
The IP address and the port number is often used in the ovs-vsctl and ovs-ofctl commands
discussed in later sections. The ovs-vswitchd.conf.db was used in a previous configuration, which
contains a bridge br0 with 4 1GbE ports. After the ovs-vswitchd process started, a message on
device br0 is shown to indicate the bridge has been created. At this point, the switch is up and
running. The root level root@PicOS-OVS# shell prompt is shown and ready for user input. Multiple
telnet windows can be started from the controller PC to login to the switch, the user id is root and
the default password is pica8.
Configure Switch
Next, use linux command ps -A to show the running processes. The ovsdb-server and
ovs-vswitchd are there to indicate the ovs switch is ready for operation. Next, print the content of
the switch database by using the ovs-vsctl show command to dump the switch configuration, it
shows the database id and a bridge named br0 with four 1GbE ports, plus an internal port.
In most start up cases, a new database name at administrator's choice will be entered. As a result,
an empty database is created. The show command will just show the database id. If a new
database is created, the next step should be skipped and move on to the add-br command. In this
example, we will delete the old bridge by issuing ovs-vsctl del-br br0 command. Check the
database content by using the show command which should just show the database id.The
following is to create bridge and add ports for bridge.
13
OpenFlow Tutorial
root@PicOS-OVS$
root@PicOS-OVS$ovs-vsctl add-br br0 -- set bridge br0 datapath_type=pica8
device br0 entered promiscuous mode
root@PicOS-OVS$ovs-vsctl add-port br0
interface te-1/1/1 type=pica8
root@PicOS-OVS$ovs-vsctl add-port br0
interface te-1/1/2 type=pica8
root@PicOS-OVS$ovs-vsctl add-port br0
interface te-1/1/3 type=pica8
root@PicOS-OVS$ovs-vsctl add-port br0
interface te-1/1/4 type=pica8
root@PicOS-OVS$
root@PicOS-OVS$ovs-vsctl show
d4d12890-c07a-4303-80cc-c6f79cf3afd7
Bridge "br0"
Port "te-1/1/3"
tag: 1
Interface "te-1/1/3"
type: "pica8"
Port "te-1/1/4"
tag: 1
Interface "te-1/1/4"
type: "pica8"
Port "br0"
Interface "br0"
type: internal
Port "te-1/1/2"
tag: 1
Interface "te-1/1/2"
type: "pica8"
Port "te-1/1/1"
tag: 1
Interface "te-1/1/1"
type: "pica8"
root@PicOS-OVS$
te-1/1/1 vlan_mode=trunk tag=1 -- set
te-1/1/2 vlan_mode=trunk tag=1 -- set
te-1/1/3 vlan_mode=trunk tag=1 -- set
te-1/1/4 vlan_mode=trunk tag=1 -- set
Configure Bridge
To create a new bridge, issue ovs-vsctl add-br br0 – set bridge br0 datapath_type=pica8
command. In our configuration, the bridge needs four 1GbE ports for our exercise. To add each
1GbE port to the bridge, we will issue ovs-vsctl add-port br0 ge-1/1/1 – set interface ge-1/1/1
type=pica8 command 4 times to add ge-1/1/1 to ge1/1/4 to the bridge. To verify the configuration
use ovs-vsctl show to show the database content. As shown in the screen shot, the bridge should
have four 1GbE ports and an internal port.
Next, let us monitor the port status and examine the port configuration with ovs-ofctl show br0
command.The following commands are to show the configration of bridge.
14
OpenFlow Tutorial
root@PicOS-OVS$ovs-ofctl show br0
OFPT_FEATURES_REPLY (OF1.4) (xid=0x2): dpid:5e3ec80aa9ae0a66
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS
OFPST_PORT_DESC reply (OF1.4) (xid=0x4):
1(te-1/1/1): addr:c8:0a:a9:ae:0a:66
config: 0
state: LINK_DOWN
current: FIBER
advertised: 1GB-FD FIBER
supported: 1GB-FD 10GB-FD FIBER AUTO_NEG
speed: 0 Mbps now, 10000 Mbps max
2(te-1/1/2): addr:c8:0a:a9:ae:0a:66
config: 0
state: LINK_DOWN
current: FIBER
advertised: 1GB-FD FIBER
supported: 1GB-FD 10GB-FD FIBER AUTO_NEG
speed: 0 Mbps now, 10000 Mbps max
3(te-1/1/3): addr:c8:0a:a9:ae:0a:66
config: 0
state: LINK_DOWN
current: FIBER
advertised: 1GB-FD FIBER
supported: 1GB-FD 10GB-FD FIBER AUTO_NEG
speed: 0 Mbps now, 10000 Mbps max
4(te-1/1/4): addr:c8:0a:a9:ae:0a:66
config: 0
state: LINK_DOWN
current: FIBER
advertised: 1GB-FD FIBER
supported: 1GB-FD 10GB-FD FIBER AUTO_NEG
speed: 0 Mbps now, 10000 Mbps max
LOCAL(br0): addr:c8:0a:a9:ae:0a:66
config: 0
state: LINK_UP
current: 10MB-FD COPPER
supported: 10MB-FD COPPER
speed: 10 Mbps now, 10 Mbps max
OFPT_GET_CONFIG_REPLY (OF1.4) (xid=0x6): frags=normal miss_send_len=0
root@PicOS-OVS$
root@PicOS-OVS$
root@PicOS-OVS$ovs-ofctl dump-ports br0
OFPST_PORT reply (OF1.4) (xid=0x2): 5 ports
port 1: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
tx pkts=0, bytes=0, drop=0, errs=0, coll=0
duration=228.085s
port 2: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
tx pkts=0, bytes=0, drop=0, errs=0, coll=0
duration=216.224s
port 3: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
tx pkts=0, bytes=0, drop=0, errs=0, coll=0
duration=208.941s
port 4: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
tx pkts=0, bytes=0, drop=0, errs=0, coll=0
duration=199.026s
port LOCAL: rx pkts=7, bytes=746, drop=0, errs=0, frame=0, over=0, crc=0
tx pkts=0, bytes=0, drop=0, errs=0, coll=0
duration=246.761s
root@PicOS-OVS$
15
OpenFlow Tutorial
In the example provided, port state is LINKDOWN because in the example set up, the cable has
not been connected yet. The Pica8 1GbE port supports RJ45 copper connector and auto
negotiation from 10 MB to 1 GB speed range. Next, let us examine the port statistics using the _
ovs-ofctl dump-ports br0 command. It shows the RX and TX statistics, since the link is down, no
packets are sent or received, and all counters should be zeros.
Configure port
A port can be added, deleted, turned up, or turned down dynamically. We have tested the add-port
command, to delete a port, use ovs-vsctl del-port br0 ge-1/1/1. Port state can also be modified
with the modport command ovs-ofctl mod-port br0 ge-1/1/1 action. The keyword action can be
one of the following parameters:
Up or down
Enable or disable the interface. This is equivalent to ifconfig up or ifconfig down on a Linux system.
Stp or nostp
Enable or disable 802.1D spanning tree protocol (STP) on the interface. OpenFlow
implementations that don't support STP will refuse to enable it.
Receive or noreceive/receivestp or noreceivestp
Enable or disable OpenFlow processing of packets received on this interface. When packet
processing is disabled, packets will be dropped instead of being processed through the OpenFlow
table. The receive or noreceive setting applies to all packets except 802.1D spanning tree packets,
which are separately controlled by receivestp or noreceivestp.
Forward or noforward
Allow or disallow forwarding of traffic to this interface. By default, forwarding is enabled.
Flood or noflood
Controls whether an OpenFlow flood action will send traffic out this interface. By default, flooding is
enabled. Disabling flooding is primarily useful to prevent loops when a spanning tree protocol is not
in use.
packetin or nopacketin
Controls whether packets received on this interface that do not match a flow table entry generate a
''packet in'' message to the OpenFlow controller. By default, ''packet in'' messages are enabled.
Again, the show command displays (among other information) the configuration that modport
changes.
Default Bridge Behavior
16
OpenFlow Tutorial
If the newly created bridge does not connect to the OpenFlow controller, it will behave as a simple
L2 switch which floods l packets received from a port to all other ports. This behavior is
implemented with a default low priority flow added at bridge creation time. The flow can be shown
by using the ovs-ofctl dump-flows br0 command. The flow will be shown as priority 0 and
actions=NORMAL. Action NORMAL means the packet is subject to the device's normal L2/L3
processing. This action is not implemented by all OpenFlow switches.Now, let us connect 2 PCs to
switch port 1 and port 2 with an Ethernet cable. Once the PCs are connected, the port state should
be changed to LINK_UP soon after the cable is connected. Once both links are up, use ping to test
the connectivity.
Figure 4 – Ping test
17
OpenFlow Tutorial
In this example, another Linux tool wireshark is also used to capture the packets sent and received
on eth0. On the wireshark screen, a total of 4 pairs ping requests/replies are captured along with
some arp packets. We can connect other PCs to the switch now and ping should work for all PCs.
In our set up, telnetd and ftpd are installed in our linux PC; reader can try the telnet and ftp
sessions to test the connectivity and bridge functionalities.
Figure 5 – ICMP request/reply
At this point, the switch is powered on and the initial switch configuration without an open flow
controller is completed. Proceed to Open SDN: Started Kit – Configure flows for flow manipulation.
OVS commands reference
ovs-vsctl
ovs-ofctl
ovs-ofctl
ovs-vsctl
ovs-vsctl
ovs-ofctl
ovs-vsctl
ovs-vsctl
ovs-vsctl
ovs-vsctl
ovs-vsctl
ovs-vsctl
ovs-vsctl
ovs-vsctl
ovs-vsctl
ovs-vsctl
ovs-ofctl
show
show br0
dump-ports br0
list-ports br0
list-ifaces br0
dump-flows br0
list-br
add-br br0 - set bridge br0 datapath_type=pica8
del-br br0
set Bridge br0 stp_enable=true
add-port br0 ge-1/1/1 - set interface ge-1/1/1 type=pica8
add-port br0 ge-1/1/2 - set interface ge-1/1/2 type=pica8
add-port br0 ge-1/1/3 - set interface ge-1/1/3 type=pica8
add-port br0 ge-1/1/4 - set interface ge-1/1/4 type=pica8
add-port br0 ge-1/1/1 type=pronto options:link_speed=1G
del-port br0 ge-1/1/1
del-flows br0
18
OpenFlow Tutorial
Basic Flows Configurations
Flows Introduction
Modify default flow
Uni-directional Flow
1-to-Many Multicasting
Many-to-One Aggregation
OVS commands Used in this Tutorial
Packet address file
Flows Introduction
This document provides instructions on how to configure Pica8's open switches to work in various
application scenarios. This document assumes the reader with minimal to no knowledge of the
Open Virtual Switch (OVS) implementation defined by http://openvswitch.org/ or the OpenFlow
protocol, defined by https://www.opennetworking.org/. After studying this guide, you will have the
tools you need to configure Pica8's open switches as an OpenFlow switch. You will also gain
insights on how to optimize the configuration to work in your application environment while also
learning about OVS and the OpenFlow protocol.
This starter kit provides screen shots, and a list of off the shelf applications needed to complete the
configuration, as well as highlighting the problems you may encounter during the setup. More
documents or cookbooks on other subjects will be published periodically. This document provides
a tutorial on how to:
Configure Pica 8 as an OVS OpenFlow switch
Create bridges, add ports, show bridge and port statistics, status, as well as the OVS
database
Configure flow tables for uni-directional, bi-directional, traffic switching, one-to-many
multi-casting, mirroring, filtering, many-to-one aggregation, etc.,
Configure Pica 8 OVS OpenFlow switches to interface with the RYU OpenFlow Controller
19
OpenFlow Tutorial
Figure 1 – Test bed configuration
In this document, the system configuration depicted in Figure 1 includes:
A Pica8 P-3295 open switch with 48 x 1 GbE and 4 x 10 GbE uplinks
5 Linux PCs running Ubuntu 12.4.1 LTS, one is connected to the management LAN port
(RJ45) and console port (RJ45F); this PC is referred to the controller PC. The OpenFlow
controller will be running on this PC. Four PCs are connected to 1GbE port 1 to 4 and serve
as a data terminal for generating and monitoring traffic
Tools from installed on all the PCs are listed below. They can be installed through Linux
installation utility apt-get
Terminal emulator minicom
Traffic monitoring tool Wireshark
Packet generator Packeth
ftp and ftpd
telnet and telnetd
Modify default flow
Next, we will disable the flooding behavior and start to configure the flow table and manipulate
packet flows. Use the ovs-ofctl del-flows br0 command to delete the default flow. Dump the flow
table and no flow entry is shown.
Figure 2 – Delete flows and dump flows
20
OpenFlow Tutorial
At this point, the ping should stop working, because the flooding has been disabled. If interested,
you can delete the bridge and re-create the bridge with four ports, then the ping should work again.
Figure 3 – Pings
Uni-directional Flow
Before running uni-directional flow, we need a packet generator to work with wireshark for packet
generation and capturing. In this starter kit, a linux tool packeth is used for packet generation. The
packeth can be installed via the linux command sudo apt-get install packeth. To use the packeth,
an address file needs to be created as the address database for packet creation. The format is <IP
address>:<MAC address>:<Names>, a sample address file is provided in the appendix(
http://intranet.pica8.com/display/picos25sp/Packet+address+file).
Next, let us create some packets to be used in the later test scenarios. Start the packeth, click the
builder button to enter the tab for creating a packet. The next screen shows the test packet we built
for this test. Fill in each field using the select button or entering the value. Each packet includes
information in link layer, IP layer, and TCP payload. Once the packet is built, click the interface
button then select eth0 as the interface.
Next, let us create an uni-directional flow from port 1 to port 2 using ovs-ofctl add-flow br0
in_port=1,actions=output:2 command; then use the dump flow command to show the flow. The
command added a flow into br0 to forward all packets come in from in_port=1 to out_port=2. Next,
start the wireshark to capture all packets on eth0 for both PC1 and PC2.
Next, return to the packeth screen and click the send button. At the bottom of the packeth screen, it
should show a time stamp and number of bytes sent to eth0. You can verify the packet content on
wireshark on both sending and receiving PCs. This verifies the flow entry entered via the add-flow
command works as expected. To test this flow further, follow the next packeth screen to create
another packet with different information and send it through the eth0.
21
OpenFlow Tutorial
Figure 3 – Packeth
Next, uses ovs-ofctl del-flows br0 command to delete the flow, then use ovs-ofctl add-flow br0
in_port=1,dl_type=0x0800,nw_src=100.10.0.2,actions=output:2 to add a new flow that filter on all
packets received from port 1 and only forward the packet with the matching IP address to port2.
Figure 4 – Add flow with source IP matching field
22
OpenFlow Tutorial
On the packeth menu, click the gen-s button to mix packets into one output stream. Select different
packets built with different IP addresses to form one packet stream. Specify the delay and number
of iteration then select the manual operation to send the stream. Use wireshark to examine the
result.
Figure 5 – Use packeth generate mixed packet stream
As shown in the screen shot, the packet stream sent using packeth with 3 different types of the
packet and 3 different source IP addresses is filtered by the flow and only the packet with source
IP address 100.10.0.2 is forwarded to output port 2. With the packeth and wireshark, many of the
fields can be tested in the uni-directional flow configuration.
23
OpenFlow Tutorial
Figure 6 – Packet filtering for uni-directional traffic
1-to-Many Multicasting
After the unidirectional flow from one port to another, we will modify the flow entry to configure a
1-to-3 ports multicasting scenario where packets match the flow entry are duplicated and
forwarded to 3 output ports. This time, we will use the mod-flows command ovs-ofctl mod-flows
br0 in_port=1,dl_type=0x0800,nw_src=100.10.0.2,actions=output:2,3,4, then use the dump
flow command to verify the flow is set up correctly.
Figure 7 – 1 to 3 port packet duplication and multicasting
Configure the packeth and wireshark on all PCs, then send the packets into port 1 then examine
the packets received on port 2, 3, and 4 to see if the action matches the flow specification.
Figure 8 – 1 to 3 port packet filtering, duplication and multicasting
24
OpenFlow Tutorial
Next, use the packeth to build packet with VLAN, priority, ARP, TCP, UDP, and ICMP packets to
exercise various flow packet matching fields and use the wireshark to verify the output.
In addition to using filter in multicasting, port level duplication and multicasting is also supported.
To configure this scenario, first clean up the flows in br0 using ovs-ofctl del-flows br0. Then use
ovs-ofctl add-flow br0 in_port=1,actions=output:2,3,4 to add a new multicasting flow.
Figure 9 – 1 to 3 port level multicasting
The same traffic with source IP 100.10.0.2 is sent to port 1, the received traffic on port 4 is
captured using wireshark. With the tools described in this document, various traffic patterns
combined with different filters can be configured to test application scenarios.
Figure 10 – 1 to 3 port level multicasting
Many-to-One Aggregation
In this section, flow aggregation from multiple ports is examined. 2 scenarios will be configured.
The first scenario is to aggregate traffic from port 1, 2, and 3 without any filtering to port 4. The
second scenario is to apply packet matching filter on each port to select specific traffic based on
source IP address from each port for aggregation. For the first scenario, let us delete the existing
flows using the ovs-ofctl del-flows br0 command. Then use the following commands to add 3
flows to the flow table:
ovs-ofctl add-flow br0 in_port=1,actions=output:4
25
OpenFlow Tutorial
ovs-ofctl add-flow br0 in_port=2,actions=output:4
ovs-ofctl add-flow br0 in_port=3,actions=output:4
Figure 11 – Many to 1 port level aggregation
Configure packeth on each PC to send packets from port 1 to 3, with source IP 100.10.0.1 from
port1, source IP 100.10.0.2 from port 2, and 100.10.0.3 from port 3. All the packets should be
forwarded to port 4.
Figure 12 – Many to 1 port level aggregation
In this many-to-one aggregation configuration, if the aggregated traffic is more than 1 Gbps, the
over-subscribed packets will be dropped. The over-subscription scenario could not be
demonstrated in this set up because the PC only has 100Mbps Ethernet port. But if reader can
create the scenario, the dropped packets can be shown via the ovs-ofctl dump-ports br0
command as part of the port counters.
To engineer the traffic aggregation, the filters described in Open SDN: Starter kit – Power on and
configure switch can be applied to identify and select traffic for aggregation. In below scenario, 3
flows are created with a filter on separate IP address on each port. The previous flows need to be
deleted first then use the following commands to set up the new flows:
ovs-ofctl add-flow br0 in_port=1,dl_type=0x0800,nw_src=100.10.0.1,actions=output:4
ovs-ofctl add-flow br0 in_port=2,dl_type=0x0800,nw_src=100.10.0.2,actions=output:4
ovs-ofctl add-flow br0 in_port=3,dl_type=0x0800,nw_src=100.10.0.3,actions=output:4
26
OpenFlow Tutorial
Figure 13 – Many to 1 port level aggregation
The packeth is configured to generate traffic with mixed source IP addresses, try with manual
option first to send small amount of traffic through each port then monitor the traffic on wireshark to
see if the packets are filtered and forwarded correctly.
The dump-flows command is handy to verify the number of packets matched the filtering rule. The
ovs-ofctl dump-ports br0 command is also very useful to show all the port statistics. Flows can
be modified dynamically based on traffic conditions to throttle traffic during over-subscription,
provide load balance and re-distribute traffic. In deployment scenario, flows are managed via Open
Flow controller with Open Flow protocols. In next Starter kit, the RYU Open Flow controller will be
discussed to show the controller-switch interaction.
Figure 14 – Many to 1 port level aggregation with filter
OVS commands Used in this Tutorial
27
OpenFlow Tutorial
ovs-vsctl show
ovs-ofctl show br0
ovs-ofctl dump-ports br0
ovs-vsctl list-br
ovs-vsctl list-ports br0
ovs-vsctl list-ifaces br0
ovs-ofctl dump-flows br0
ovs-ofctl snoop br0
ovs-vsctl add-br br0 - set bridge br0 datapath_type=pica8
ovs-vsctl del-br br0
ovs-vsctl set-controller br0 tcp:172.16.1.240:6633
ovs-vsctl del-controller br0
ovs-vsctl set Bridge br0 stp_enable=true
ovs-vsctl add-port br0 ge-1/1/1 - set interface ge-1/1/1 type=pica8
ovs-vsctl add-port br0 ge-1/1/2 - set interface ge-1/1/2 type=pica8
ovs-vsctl add-port br0 ge-1/1/3 - set interface ge-1/1/3 type=pica8
ovs-vsctl add-port br0 ge-1/1/4 - set interface ge-1/1/4 type=pica8
ovs-vsctl add-port br0 ge-1/1/1 type=pronto options:link_speed=1G
ovs-vsctl del-port br0 ge-1/1/1
ovs-ofctl add-flow br0 in_port=1,actions=output:2
ovs-ofctl mod-flows br0
in_port=1,dl_type=0x0800,nw_src=100.10.0.1,actions=output:2
ovs-ofctl add-flow br0 in_port=1,actions=output:2,3,4
ovs-ofctl add-flow br0 in_port=1,actions=output:4
ovs-ofctl del-flows br0
ovs-ofctl mod-port br0 1 no-flood
ovs-ofctl add-flow br0
in_port=1,dl_type=0x0800,nw_src=192.168.1.241,actions=output:3
ovs-ofctl add-flow br0
in_port=4,dl_type=0x0800,dl_src=60:eb:69:d2:9c:dd,nw_src=198.168.1.2,nw_dst=124.12.123.55
mod-flows br0 in_port=4,dl_type=0x0800,nw_src=192.210.23.45,actions=output:3
ovs-ofctl del-flows br0 in_port=1
Packet address file
100.10.0.1,1a:2a:3a:4a:5a:01,stream1
100.10.0.2,1a:2a:3a:4a:5a:02,stream2
100.10.0.3,1a:2a:3a:4a:5a:03,stream3
100.10.0.4,1a:2a:3a:4a:5a:04,stream4
100.10.0.5,1a:2a:3a:4a:5a:05,stream5
100.10.0.6,1a:2a:3a:4a:5a:06,stream6
100.10.0.7,1a:2a:3a:4a:5a:07,stream7
100.10.0.8,1a:2a:3a:4a:5a:08,stream8
100.10.0.9,1a:2a:3a:4a:5a:09,stream9
100.10.0.10,1a:2a:3a:4a:5a:0a,stream10
100.10.0.101,1a:2a:3a:4a:5a:d1,stream101
100.10.0.102,1a:2a:3a:4a:5a:d2,stream102
100.10.0.103,1a:2a:3a:4a:5a:d3,stream103
100.10.0.104,1a:2a:3a:4a:5a:d4,stream104
100.10.0.105,1a:2a:3a:4a:5a:d5,stream105
100.10.0.106,1a:2a:3a:4a:5a:d6,stream106
100.10.0.107,1a:2a:3a:4a:5a:d7,stream107
100.10.0.108,1a:2a:3a:4a:5a:d8,stream108
100.10.0.109,1a:2a:3a:4a:5a:d9,stream109
100.10.0.110,1a:2a:3a:4a:5a:da,stream110
28
OpenFlow Tutorial
Connection to a Ryu Controller
Ryu Introduction
Introduce RYU Open Flow Controller
Configure OVS for RYU Open Flow Controller
Controller-OVS Interaction
RYU Simple Switch Application
Open flow message type
Ryu Guide OVS commands reference
Ryu Introduction
This document provides instructions on how to configure Pica8's open switches to work in various
application scenarios. This document assumes the reader with minimal to no knowledge of the
Open Virtual Switch (OVS) implementation defined by http://openvswitch.org/ or the OpenFlow
protocol, defined by https://www.opennetworking.org/. After studying this guide, you will have the
tools you need to configure Pica8's open switches as an OpenFlow switch. You will also gain
insights on how to optimize the configuration to work in your application environment while also
learning about OVS and the OpenFlow protocol.
This starter kit provides screen shots, and a list of off the shelf applications needed to complete the
configuration, as well as highlighting the problems you may encounter during the setup. More
documents or cookbooks on other subjects will be published periodically. This document provides
a tutorial on how to:
Configure Pica 8 as an OVS OpenFlow switch
Create bridges, add ports, show bridge and port statistics, status, as well as the OVS
database
Configure flow tables for uni-directional, bi-directional, traffic switching, one-to-many
multi-casting, mirroring, filtering, many-to-one aggregation, etc.,
Configure Pica 8 OVS OpenFlow switches to interface with the RYU OpenFlow Controller
29
OpenFlow Tutorial
Figure 1 – Test bed configuration
In this document, the system configuration depicted in Figure 1 includes:
A Pica8 P-3295 open switch with 48 x 1 GbE and 4 x 10 GbE uplinks
5 Linux PCs running Ubuntu 12.4.1 LTS, one is connected to the management LAN port
(RJ45) and console port (RJ45F); this PC is referred to the controller PC. The OpenFlow
controller will be running on this PC. Four PCs are connected to 1GbE port 1 to 4 and serve
as a data terminal for generating and monitoring traffic
Tools from installed on all the PCs are listed below. They can be installed through Linux
installation utility apt-get
Terminal emulator minicom
Traffic monitoring tool Wireshark
Packet generator Packeth
ftp and ftpd
telnet and telnetd
Introduce RYU Open Flow Controller
RYU is an open flow controller that has been integrated with the Pica8 open switch with OVS 1.10
implementation that supports Open Flow v1.3. Additional RYU information can be found at RYU
website http://osrg.github.com/ryu/. The purpose of Pica8 RYU integration is to provide an open
source SDN platform that the SDN community can prototype, test, and develop application in an
open source environment with an open flow switching platform for real traffic testing. With the
configuration provided in this starter kit, user should be able to have real traffic running in a week
to test out the application scenarios using OVS commands. Both OVS and RYU are open source
with Apache license that developers can access easily.
To clone the RYU directory, open a shell window from $home directory then use git clone
git://github.com/osrg/ryu.git to copy the RYU code base. It will create a ryu directory in $home.
30
OpenFlow Tutorial
Figure 2 – Clone RYU
Then cd ryu and sudo python ./setup.py install to complete the installation.
Figure 3 – Install RYU
The installation installs the ryu-manager and ryu-client to the $home/ryu/bin and /usr/local/bin
directories. Now we are ready to run the test applications.
Figure 4 – RYU-manager and RYU-client
Configure OVS for RYU Open Flow Controller
In OVS, the controller property of the bridge created earlier needs to be added to include the
controller IP address and port number. The command ovs-vsctl set-controller br0
tcp:200.16.1.240:6633 is to set controller address for bridge br0. The command ovs-vsctl show
can now show the bridge information, the connection status is not shown because the controller
has not been started yet.
31
OpenFlow Tutorial
Figure 5 – Set RYU controller IP address
The RYU controller will be running on the controller PC with IP address10.10.50.41 using default
port 6633. The port number can be changed. For this exercise, the controller will be started with
the –verbose mode.
Figure 6 – Start RYU-manager with verbose option
The --verbose mode helps us understand the RYU controller-OVS interaction. Use the command
ryu-manager –verbose to start the controller. The TCP connection is established first and the
connection information is printed with peer (OVS) IP address 10.10.50.20. Once the controller is
started, the connection status will change to is_connected: true. The controller port information can
also be shown using the command ovs-ofctl show br0.
32
OpenFlow Tutorial
Figure 7 – Show controller connection status
Controller-OVS Interaction
Once the controller and OVS are connected, a set of messages will be exchanged. For example,
the OVS sends an OFPT_HELLO message to the controller. The hello message is captured on the
wireshark screen. The first byte of the message is the version number and the second byte is the
OFPT_TYPE. OFTP_HELLO message is type 0.
After the hello message from the switch, the controller sends OFPT_FEATURES_REQUEST
(type=5) to retrieve the switch capabilities including supported open flow version, switch
configuration, and port hardware address etc. The switch sends OFPT_FEATURES_REPLY
(type=6) to provide the feature information. The message is shown on both the controller console
and switch console.
Figure 8 – OFPT_HELLO message
33
OpenFlow Tutorial
The switch console information is provided by the snoop option of the ovs-ofctl command. The
command is ovs-ofctl snoop br0. It shows the feature request from the controller and the feature
reply with the bridge information. Reader can compare the switch console information with the
controller console information to get a better understanding of the message exchange.
Figure 9 – ovs-ofctl snoop br0
The wireshark also captured the information. Notice the message type in the second byte is 6
representing the OFPT_FEATURES_REPLY. After the feature reply, the controller sends an
OFPT_SET_CONFIG message to set the message parameters like the max length etc. Once the
controller is connected, the OVS changes its default behavior from a layer 2 switch to an OVS
switch. It means the flooding is disabled and open flow packet processing starts. Each packet is
processed based on the flow table entry. Unmatched packet is forwarded to the controller for
analysis unless a rule is defined to drop the packet.
During initial start up with the controller, the flow table is empty; therefore, packets received from
any port are forwarded to the controller. The next message from the switch is type
OFPT_PACKET_IN (type=10/0x0a).
34
OpenFlow Tutorial
Figure 10 – OFPT_FEATURE_REPLY message
In this exercise, the RYU-manager does not have any application to receive and process the
OFPT_PACKET_IN message, therefore, on the controller screen, a bunch of unhandled_events
are printed on the console. At this point, the RYU-OVS open flow session is established and ready
for Open Flow application to take over the event handling and flow configuration.
RYU Simple Switch Application
With just the controller connected without any application, the ping between the PCs cannot work,
because the ARP requests are forwarded to the controller without any packet processing
instructions in the flow tables. RYU code distribution comes with a set of applications to show how
applications can be integrated. Next, we will run the simple switch application. The application
processes the packet_in messages (e.g., ICMP_REQUEST) and instructs the bridge to flood all
other ports with the packets. Once the destination host received the request and replied with its
MAC address. This simple switch application sets up the flow table to forward traffic from source
port to the correct destination port. This is the default switch behavior that we have tested before.
The application is in the $home/ryu/ryu/application directory. Run the ryu-manager –verbose
simple_switch.py command to start the application.
35
OpenFlow Tutorial
Figure 11 – RYU-manager with simple switch application
Once the simple switch application starts, the first part of the message output is the same as
before, but instead of receiving unhandled events only as the previous RYU-manager only run. It
sends an OFPT_PACKET_OUT message to the switch with FLOOD actions on first two packet_in
messages. The first one is a probe message sent by the controller on local port.
Figure 12 – Switch responses with simple switch application
The second message is an ICMP request comes in from port 3 and target destination is port 4.
This message is the result of a ping test running on the PC connected to port 3 to PC on port 4.
Since the controller does not know which port has the PC 4 MAC address. It sends the
OFPT_PACKET_OUT instruction to the switch to flood the message received on port 3. Once the
PC on port 4 received the ICMP request and responded with its reply. The controller matches the
reply destination MAC address with the PC3 on port3, and sends an OFPT_FLOW_MOD action to
create a flow from port 4 to port 3 to forward the packets. The same processing repeats again for
setting up the flow from port 3 and port 4.
36
OpenFlow Tutorial
Figure 13 – Flow tables set up by simple switch application
As a result, the dump-flows show 2 flows created by the simple switch application. To test it again,
simply use del-flows command to delete the flow.
Figure 14 – Delete flow event from switch to controller
Once the flows are deleted, two OPEN_FLOW_REMOVED events are generated by the switch to
notify the controller. The MAC learning process repeats itself again; the two flows will be created
when the next round of the ICMP requests come into the controller. Reader can dump the flow
table to verify its behavior.At this point, the starter kit has demonstrated the basic RYU controller
integration with OVS and a simple application built on top of the RYU controller. Reader should be
able to start testing and writing test applications using the SDN platform presented in this
document.
Open flow message type
37
OpenFlow Tutorial
# enum ofp_type
OFPT_HELLO = 0 # Symmetric message
OFPT_ERROR = 1 # Symmetric message
OFPT_ECHO_REQUEST = 2 # Symmetric message
OFPT_ECHO_REPLY = 3 # Symmetric message
OFPT_VENDOR = 4 # Symmetric message
OFPT_FEATURES_REQUEST = 5 # Controller/switch message
OFPT_FEATURES_REPLY = 6 # Controller/switch message
OFPT_GET_CONFIG_REQUEST = 7 # Controller/switch message
OFPT_GET_CONFIG_REPLY = 8 # Controller/switch message
OFPT_SET_CONFIG = 9 # Controller/switch message
OFPT_PACKET_IN = 10 # Async message
OFPT_FLOW_REMOVED = 11 # Async message
OFPT_PORT_STATUS = 12 # Async message
OFPT_PACKET_OUT = 13 # Controller/switch message
OFPT_FLOW_MOD = 14 # Controller/switch message
OFPT_PORT_MOD = 15 # Controller/switch message
OFPT_STATS_REQUEST = 16 # Controller/switch message
OFPT_STATS_REPLY = 17 # Controller/switch message
OFPT_BARRIER_REQUEST = 18 # Controller/switch message
OFPT_BARRIER_REPLY = 19 # Controller/switch message
OFPT_QUEUE_GET_CONFIG_REQUEST = 20 # Controller/switch message
OFPT_QUEUE_GET_CONFIG_REPLY = 21 # Controller/switch message
Ryu Guide OVS commands reference
38
OpenFlow Tutorial
ovs-vsctl show
ovs-ofctl show br0
ovs-ofctl dump-ports br0
ovs-vsctl list-br
ovs-vsctl list-ports br0
ovs-vsctl list-ifaces br0
ovs-ofctl dump-flows br0
ovs-ofctl snoop br0
ovs-vsctl add-br br0 - set bridge br0 datapath_type=pica8
ovs-vsctl del-br br0
ovs-vsctl set-controller br0 tcp:172.16.1.240:6633
ovs-vsctl del-controller br0
ovs-vsctl set Bridge br0 stp_enable=true
ovs-vsctl add-port br0 ge-1/1/1 - set interface ge-1/1/1 type=pica8
ovs-vsctl add-port br0 ge-1/1/2 - set interface ge-1/1/2 type=pica8
ovs-vsctl add-port br0 ge-1/1/3 - set interface ge-1/1/3 type=pica8
ovs-vsctl add-port br0 ge-1/1/4 - set interface ge-1/1/4 type=pica8
ovs-vsctl add-port br0 ge-1/1/1 type=pronto options:link_speed=1G
ovs-vsctl del-port br0 ge-1/1/1
ovs-ofctl add-flow br0 in_port=1,actions=output:2
ovs-ofctl mod-flows br0
in_port=1,dl_type=0x0800,nw_src=100.10.0.1,actions=output:2
ovs-ofctl add-flow br0 in_port=1,actions=output:2,3,4
ovs-ofctl add-flow br0 in_port=1,actions=output:4
ovs-ofctl del-flows br0
ovs-ofctl mod-port br0 1 no-flood
ovs-ofctl add-flow br0
in_port=1,dl_type=0x0800,nw_src=192.168.1.241,actions=output:3
ovs-ofctl add-flow br0
in_port=4,dl_type=0x0800,dl_src=60:eb:69:d2:9c:dd,nw_src=198.168.1.2,nw_dst=124.12.123.55
mod-flows br0 in_port=4,dl_type=0x0800,nw_src=192.210.23.45,actions=output:3
ovs-ofctl del-flows br0 in_port=1
39
OpenFlow Tutorial
Connection to Opendaylight controller
OpenDaylight introduction
Introduce OpenDaylight Open Flow Controller
Configure OVS for OpenDaylight Open Flow Controller
Opendaylight Controller-OVS Interaction
OpenDaylight Simple Switch Application
message type of open flow
OVS commands reference04
OpenDaylight introduction
This document provides instructions on how to configure Pica8's open switches to work in various
application scenarios. This document assumes the reader with minimal to no knowledge of the
Open Virtual Switch (OVS) implementation defined by http://openvswitch.org/ or the OpenFlow
protocol, defined byhttps://www.opennetworking.org/ . After studying this guide, you will have the
tools you need to configure Pica8's open switches as an OpenFlow switch. You will also gain
insights on how to optimize the configuration to work in your application environment while also
learning about OVS and the OpenFlow protocol.
This starter kit provides screen shots, and a list of off the shelf applications needed to complete the
configuration, as well as highlighting the problems you may encounter during the setup. More
documents or cookbooks on other subjects will be published periodically. This document provides
a tutorial on how to:
Configure Pica 8 as an OVS OpenFlow switch
Create bridges, add ports, show bridge and port statistics, status, as well as the OVS
database
Configure flow tables for uni-directional, bi-directional, traffic switching, one-to-many
multi-casting, mirroring, filtering, many-to-one aggregation, etc.,
Configure Pica 8 OVS OpenFlow switches to interface with the OpenDaylight OpenFlow
Controller
40
OpenFlow Tutorial
Figure 1 – Test bed configuration
In this document, the system configuration depicted in Figure 1 includes:
A Pica8 P-3295 open switch with 48 x 1 GbE and 4 x 10 GbE uplinks
5 Linux PCs running Ubuntu 12.4.1 LTS, one is connected to the management LAN port
(RJ45) and console port (RJ45F); this PC is referred to the controller PC. The OpenFlow
controller will be running on this PC. Four PCs are connected to 1GbE port 1 to 4 and serve
as a data terminal for generating and monitoring traffic
Tools from installed on all the PCs are listed below. They can be installed through Linux
installation utility apt-get
Terminal emulator minicom
Traffic monitoring tool Wireshark
Packet generator Packeth
ftp and ftpd
telnet and telnetd
Introduce OpenDaylight Open Flow Controller
OpenDaylight is an open flow controller that has been integrated with the Pica8 open switch with
OVS 1.10 implementation that supports Open Flow v1.3. Additional OpenDaylight information can
be found at OpenDaylight website http://www.opendaylight.org. The purpose of Pica8
Opendaylight integration is to provide an open source SDN platform that the SDN community can
prototype, test, and develop application in an open source environment with an open flow switching
platform for real traffic testing. With the configuration provided in this starter kit, user should be
able to have real traffic running in a week to test out the application scenarios using OVS
commands. Both OVS and Opendaylight are open source with Apache license that developers can
access easily.
41
OpenFlow Tutorial
To install the opendaylight, user need download the file from
http://www.opendaylight.org/software/downloads. Then user can follow the install guide to install
opendaylight.
After installing the opendalight, user can edit the configuration file in
/opendaylight/configuration/config.ini. Then, user can start the opendaylight controller by "./run.sh"
root@dev-42:/home/ychen/opendaylight# ./run.sh
osgi> 2014-05-27 10:45:50.871 CST [Start Level Event Dispatcher] INFO
o.o.c.c.s.internal.ClusterManager - I'm a GossipRouter will listen on port
12001
2014-05-27 10:45:51.016 CST [Start Level Event Dispatcher] INFO
o.o.c.c.s.internal.ClusterManager - Started GossipRouter
GossipRouter started at Tue May 27 10:45:51 CST 2014
Listening on port 12001 bound on address 0.0.0.0/0.0.0.0
Backlog is 1000, linger timeout is 2000, and read timeout is 0
2014-05-27 10:45:51.016 CST [Start Level Event Dispatcher] INFO
o.o.c.c.s.internal.ClusterManager - Starting the ClusterManager
2014-05-27 10:45:52.075 CST [fileinstall-./plugins] INFO
o.o.c.n.i.osgi.NetconfImplActivator - Starting TCP netconf server at
/127.0.0.1:8383
2014-05-27 10:45:52.341 CST [fileinstall-./plugins] INFO
o.o.c.s.binding.impl.BrokerActivator - Binding Aware Broker initialized
2014-05-27 10:45:52.556 CST [ConfigPersister-registrator] INFO
o.o.c.n.p.i.ConfigPersisterNotificationHandler - Session id received from
netconf server: 1
2014-05-27 10:45:52.556 CST [ConfigPersister-registrator] INFO
o.o.c.n.p.i.ConfigPersisterNotificationHandler - No last config provided by
backend storage PersisterImpl
[storage=org.opendaylight.controller.netconf.persist.impl.NoOpStorageAdapter@ade6f7]201410:45:55.705 CST [Start Level Event Dispatcher] INFO
o.o.c.c.i.ConfigurationService - ConfigurationService Manager init
2014-05-27 10:45:56.239 CST [ControllerI/O Thread] INFO
o.o.c.p.o.core.internal.ControllerIO - Controller is now listening on
any:6655
Configure OVS for OpenDaylight Open Flow Controller
In OVS, the controller property of the bridge created earlier needs to be added to include the
controller IP address and port number. The command ovs-vsctl set-controller br0
tcp:200.16.1.240:6633 is to set controller address for bridge br0. The command ovs-vsctl show
can now show the bridge information, the connection status is not shown because the controller
has not been started yet.
42
OpenFlow Tutorial
Figure 2 – Set Opendaylight controller IP address
The OpenDaylight controller will be running on the controller PC with IP address 200.16.1.240
using default port 6633. The port number can be changed. For this exercise, the controller will be
started with "./run.sh"
Figure 6 – Start Opendaylight-manager
Once the controller is started, the connection status will change to is_connected: true. The
controller port information can also be shown using the command ovs-ofctl show br0.
Figure 7 – Show controller connection status
43
OpenFlow Tutorial
Opendaylight Controller-OVS Interaction
Once the controller and OVS are connected, a set of messages will be exchanged. For example,
the OVS sends an OFPT_HELLO message to the controller. The hello message is captured on the
wireshark screen. The first byte of the message is the version number and the second byte is the
OFPT_TYPE. OFTP_HELLO message is type 0.
After the hello message from the switch, the controller sends OFPT_FEATURES_REQUEST
(type=5) to retrieve the switch capabilities including supported open flow version, switch
configuration, and port hardware address etc. The switch sends OFPT_FEATURES_REPLY
(type=6) to provide the feature information. The message is shown on both the controller console
and switch console.
Figure 8 – OFPT_HELLO message
The switch console information is provided by the snoop option of the ovs-ofctl command. The
command is ovs-ofctl snoop br0. It shows the feature request from the controller and the feature
reply with the bridge information. Reader can compare the switch console information with the
controller console information to get a better understanding of the message exchange.
44
OpenFlow Tutorial
Figure 9 – ovs-ofctl snoop br0
The wireshark also captured the information. Notice the message type in the second byte is 6
representing the OFPT_FEATURES_REPLY. After the feature reply, the controller sends an
OFPT_SET_CONFIG message to set the message parameters like the max length etc. Once the
controller is connected, the OVS changes its default behavior from a layer 2 switch to an OVS
switch. It means the flooding is disabled and open flow packet processing starts. Each packet is
processed based on the flow table entry. Unmatched packet is forwarded to the controller for
analysis unless a rule is defined to drop the packet.
During initial start up with the controller, the flow table is empty; therefore, packets received from
any port are forwarded to the controller. The next message from the switch is type
OFPT_PACKET_IN (type=10/0x0a).
45
OpenFlow Tutorial
Figure 10 – OFPT_FEATURE_REPLY message
In this exercise, the Opendaylight controller does not have any application to receive and process
the OFPT_PACKET_IN message, therefore, on the controller screen, a bunch of
unhandled_events are printed on the console. At this point, the Opendaylight-OVS open flow
session is established and ready for Open Flow application to take over the event handling and
flow configuration.
OpenDaylight Simple Switch Application
With just the controller connected without any application, the ping between the PCs cannot work,
because the ARP requests are forwarded to the controller without any packet processing
instructions in the flow tables. Opendaylight code distribution comes with a set of applications to
show how applications can be integrated. Next, we will run the simple switch application. The
application processes the packet_in messages (e.g., ICMP_REQUEST) and instructs the bridge to
flood all other ports with the packets. Once the destination host received the request and replied
with its MAC address. This simple switch application sets up the flow table to forward traffic from
source port to the correct destination port. This is the default switch behavior that we have tested
before. When you start the opendaylight controller with "/home/ychen/opendaylight# ./run.sh",users
can configure the controller on the web, http://10.10.50.42:8080/.
46
OpenFlow Tutorial
Figure 11 – web configure
message type of open flow
# enum ofp_type
OFPT_HELLO = 0 # Symmetric message
OFPT_ERROR = 1 # Symmetric message
OFPT_ECHO_REQUEST = 2 # Symmetric message
OFPT_ECHO_REPLY = 3 # Symmetric message
OFPT_VENDOR = 4 # Symmetric message
OFPT_FEATURES_REQUEST = 5 # Controller/switch message
OFPT_FEATURES_REPLY = 6 # Controller/switch message
OFPT_GET_CONFIG_REQUEST = 7 # Controller/switch message
OFPT_GET_CONFIG_REPLY = 8 # Controller/switch message
OFPT_SET_CONFIG = 9 # Controller/switch message
OFPT_PACKET_IN = 10 # Async message
OFPT_FLOW_REMOVED = 11 # Async message
OFPT_PORT_STATUS = 12 # Async message
OFPT_PACKET_OUT = 13 # Controller/switch message
OFPT_FLOW_MOD = 14 # Controller/switch message
OFPT_PORT_MOD = 15 # Controller/switch message
OFPT_STATS_REQUEST = 16 # Controller/switch message
OFPT_STATS_REPLY = 17 # Controller/switch message
OFPT_BARRIER_REQUEST = 18 # Controller/switch message
OFPT_BARRIER_REPLY = 19 # Controller/switch message
OFPT_QUEUE_GET_CONFIG_REQUEST = 20 # Controller/switch message
OFPT_QUEUE_GET_CONFIG_REPLY = 21 # Controller/switch message
47
OpenFlow Tutorial
OVS commands reference04
ovs-vsctl show
ovs-ofctl show br0
ovs-ofctl dump-ports br0
ovs-vsctl list-br
ovs-vsctl list-ports br0
ovs-vsctl list-ifaces br0
ovs-ofctl dump-flows br0
ovs-ofctl snoop br0
ovs-vsctl add-br br0 -- set bridge br0 datapath_type=pica8
ovs-vsctl del-br br0
ovs-vsctl set-controller br0 tcp:172.16.1.240:6633
ovs-vsctl del-controller br0
ovs-vsctl set Bridge br0 stp_enable=true
ovs-vsctl add-port br0 ge-1/1/1 - set interface ge-1/1/1 type=pica8
ovs-vsctl add-port br0 ge-1/1/2 - set interface ge-1/1/2 type=pica8
ovs-vsctl add-port br0 ge-1/1/3 - set interface ge-1/1/3 type=pica8
ovs-vsctl add-port br0 ge-1/1/4 - set interface ge-1/1/4 type=pica8
ovs-vsctl add-port br0 ge-1/1/1 type=pronto options:link_speed=1G
ovs-vsctl del-port br0 ge-1/1/1
ovs-ofctl add-flow br0 in_port=1,actions=output:2
ovs-ofctl mod-flows br0
in_port=1,dl_type=0x0800,nw_src=100.10.0.1,actions=output:2
ovs-ofctl add-flow br0 in_port=1,actions=output:2,3,4
ovs-ofctl add-flow br0 in_port=1,actions=output:4
ovs-ofctl del-flows br0
ovs-ofctl mod-port br0 1 no-flood
ovs-ofctl add-flow br0
in_port=1,dl_type=0x0800,nw_src=192.168.1.241,actions=output:3
ovs-ofctl add-flow br0
in_port=4,dl_type=0x0800,dl_src=60:eb:69:d2:9c:dd,nw_src=198.168.1.2,nw_dst=124.12.123.55
mod-flows br0 in_port=4,dl_type=0x0800,nw_src=192.210.23.45,actions=output:3
ovs-ofctl del-flows br0 in_port=1
48
OpenFlow Tutorial
Connection to a Floodlight Controller
Floodlight controller Introduction
Floodlight Open Flow Controller
Test Topology
Configure OVS
Launch Floodlight
Floodlight REST Interface
Floodlight controller Introduction
This is the fourth document of the Open SDN Starter Kit series. This document provides
instructions how to configure Pica8's open switches in order to work with Floodlight Controller. This
document assumes the reader has read the first two documents of the Open SDN Starter Kit series
.
Floodlight Open Flow Controller
The Floodlight Open SDN Controller is an enterprise-class, Apache-licensed, Java-based
OpenFlow Controller and it supports OpenFlow v1.0. In fact, Floodlight is not just an OpenFlow
controller and it also includes a collection of applications built on top the Floodlight Controller.
Additional Floodlight information can be found at Floodlight website
http://www.projectfloodlight.org/floodlight/.
You can either download the Floodlight source from http://www.projectfloodlight.org/download/ or
follow the Installation Guide,
http://docs.projectfloodlight.org/display/floodlightcontroller/Installation+Guide to install Floodlight.
In this document, we follow the Installation Guide to clone the source to an Ubuntu 11.10 system:
49
OpenFlow Tutorial
Figure 1 – Clone Floodlight
Why Make Changes
By default, Floodlight performs forwarding the unknown packets from Pica8 switch to the
destination. In this case, things may go well even if there are no flows set in Pica8 switch. The
purpose of this document is to show you how to use Floodlight REST interface to add flows to
Pica8 switch and verify the transmission of the traffics. In order to eliminate the confusion whether
the packets are forwarded by Pica8 switch or Floodlight controller, we disable Floodlight's default
forwarding feature.
Changes to Floodlight
The Floodlight's default setting is in $floodlight/src/resources/floodlightdefault.properties. We need
to remove the line "net.floodlightcontroller.forwarding.Forwarding,\" as shown below:
Figure 2 – Edit Floodlight Default Properties
Build Floodlight
Before building Floodlight, we need to install JDK and Ant. Then, issue ant to build Floodlight.
50
OpenFlow Tutorial
Figure 3 – Build Floodlight
Then, the Floodlight Java Archive file, floodlight.jar, is generated under target directory and ready
to be run.
Figure 4 – floodlight.jar
Test Topology
The following picture shows the test topology which is similar to the topology in the first two
documents of the Open SDN Starter Kit series even though the IP addresses are different.
51
OpenFlow Tutorial
Figure 5 – Test Topology
In this document, the systems depicted in the above diagram include:
A Pica8 switch which is P-3295
5 Linux PCs running Ubuntu 11.10
The one, connected to the P-3295 management port (RJ45) and console port
(RJ45F), is referred as the controller PC. The Floodlight controller will be running on
this PC.
The other four PCs are connected to physical port 1 to 4 and serve as a data terminal
to verify the flow.
Configure OVS
In this document, we start OVS manually. After powering on the Pica8 switch, you will see the
following messages on the console display. Select choice " 2 " for OVS and enter " yes " to start
OVS by manual.
52
OpenFlow Tutorial
Figure 6 – Start OVS Manually
Please refer to PicOS 1.6 OVS Configuration Guide,
http://www.pica8.org/document/picos-1.6-ovs-configuration-guide.pdf, for the details how to
configure OVS. At first, we need to give a fixed IP address to the Pica8 switch, create the OVS
database, and launch the OVS database server and the switch daemon. Here are the commands:
ifconfig eth0 172.16.0.234/24
ovsdb-tool create /ovs/ovs-vswitchd.conf.db /ovs/bin/vswitch.ovsschema
ovsdb-server /ovs/ovs-vswitchd.conf.db --remote=ptcp: 6632 :172.16.0.234 &
ovs-vswitchd tcp:172.16.0.234:6632 --pidfile=pica8 --overwrite-pidfile > /var/log/ovs.log 2>
/dev/null &
Figure 7 – Configure OVS - 1
In the following steps, we create the bridge, br0, and add 4 physical ports to it and set up its
connection to a specific OpenFlow Controller (Floodlight in this case):
ovs-vsctl add-br br0 – set bridge br0 datapath_type=pica8
ovs-vsctl add-port br0 ge-1/1/1 – set interface ge-1/1/1 type=pica8
53
OpenFlow Tutorial
ovs-vsctl add-port br0 ge-1/1/2 – set interface ge-1/1/2 type=pica8
ovs-vsctl add-port br0 ge-1/1/3 – set interface ge-1/1/3 type=pica8
ovs-vsctl add-port br0 ge-1/1/4 – set interface ge-1/1/4 type=pica8
ovs-vsctl set-controller br0 tcp:172.16.0.179:6633
Figure 8 – Configure OVS - 2
We can verify the configuration by issuing:
ovs-vsctl show
Figure 9 – Show OVS Configuration
In the above pictures, it shows that the OpenFlow Controller has been defined. After the
connection between Pica8 switch and OpenFlow Controller, the same command will show the
connection status.
54
OpenFlow Tutorial
Launch Floodlight
There are no differences to launch Floodlight before or after bringing up Pica8 switch. In this
document, we start Floodlight after bringing up Pica8 switch.
Figure 10 – Start Floodlight - 1
The following picture shows the connection between Pica8 switch and Floodlight.
Figure 10 – Start Floodlight - 2
We can also use Wireshark to capture the traffic between Pica8 switch and Floodlight as shown
below:
Figure 11 – Wireshark Captures
We can also use the following command to show the connection status:
ovs-vsctl show
55
OpenFlow Tutorial
Figure 12 – Show OVS Connection Status
Now, we can use the following command to verify that all of the physical ports are connected:
ovs-ofctl show br0
Figure 13 – Show Physical Port Status
At this moment, there are no flows defined:
ovs-ofctl dump-flows br0
56
OpenFlow Tutorial
Figure 14 – No Flows defined in Pica8 Switch
If we try to ping from PC1 to PC2, it fails:
Figure 15 – Ping Fails
Floodlight REST Interface
We can use browser to view Floodlight's real time information. The URL can be
http://172.16.0.179:8080/ui/index.html or http://127.0.0.1:8080/ui/index.html if you access it from
Controller PC.
Figure 15 – Access Floodlight Info
Please pay attention to the DPID in the above picture. You need to replace it by your own DPID in
the following tests.
57
OpenFlow Tutorial
curl
curl is a command line tool for transferring data with URL syntax and it is the tool to send Floodlight
REST APIs to configure Pica8 switch flows. We can use apt-get to install it on Controller PC:
sudo apt-get install curl
Add Flows
Here is the command to add a flow from port 1 to port 2:
curl -d '{"switch": "67:8c:08:9e:01:82:38:26", "name":"pc1-pc2", "cookie":"0", "priority":"0",
"ingress-port":"1", "active":"true", "actions":"output=2"}'
http://127.0.0.1:8080/wm/staticflowentrypusher/json
We need another flow from port 2 to port 1 in order to make the ping between PC1 and PC2
working.
curl -d '{"switch": "67:8c:08:9e:01:82:38:26", "name":"pc2-pc1", "cookie":"0", "priority":"0",
"ingress-port":"2", "active":"true", "actions":"output=1"}'
http://127.0.0.1:8080/wm/staticflowentrypusher/json
Now, ping from PC1 to PC2 works.
Figure 16 – Ping Successes
We can add the same flows between port 3 and port 4 to make ping working between them.
Figure 17 – Flows Added
Delete Flows
We can remove all of the flows by issuing:
curl http://127.0.0.1:8080/wm/staticflowentrypusher/clear/67:8c:08:9e:01:82:38:26/json
58
OpenFlow Tutorial
59
Open as PDF
Similar pages