FIBRE-BR Camp, 28-29 April 2012

Ouro Preto (MG), Brazil

Report on

OFELIA

Cesar A. C. Marcondes

Federal University of São Carlos (UFSCar)

2

UFSCar (Federal University of São Carlos)

• state of São Paulo (near Campinas and São Paulo – capital)

• Previous and Related On-Going Activities (PROCAD-NF, CTIC/RNP)

• We have done OpenFlow courses (at UFSCar, at UNIFACS)

• We have done OpenFlow and netFPGA Development

− TCP in hardware

− HTTP Load Balancer,

− P2P inspired Load Balancing,

− CASTFLOW: Amortized Multicast-redesign in OpenFlow1

− RouteFlow Topology Multiplexing (2 virtual nets over same infra)

UFSCar – working on WP2

• Specially Task 2.3 on CMF (as task leader)

• Organized and with colleagues wrote a Short Course on CMFs

• We set a CHALLENGE to replicate one OFELIA island in an UFSCar local

brazilian testbed

Introduction

To be presented @ ISCC 2012 – Cappadocia - Turkey

3

Borrowed from

OFELIA slides

4

Borrowed from

OFELIA slides

5

Borrowed from

OFELIA D5.1

6

Borrowed from

OFELIA D5.1

OFELIA Step-by-Step

Duilio, Antonio and Ricardo

8

• Registering an account:

• https://alpha.fp7-

ofelia.eu/doc/index.php/Getting_an_OFELIA_account

• Settting up a OpenVPN connection:

• https://alpha.fp7-ofelia.eu/doc/index.php/VPN_setup

• Logging into a OFELIA Island:

• i.e.: https://exp.i2cat.fp7-ofelia.eu/

• Creating a project:

• Submit permission request;

• Fill in project information fields, add members,

manage project slices.

From OFELIA Registration

To Create a Project

9

• Adding Aggregates;

• Creating a Slice:

• Fill in slice name, description, TTL

and add Aggregates;

• Managing Slice Resources:

• Create VMs (VM name, image,

memory);

• Configuring VMs:

• SSH into it, install and configure

tools;

From Create a Slice

To Manage Resources

10

• Booking Resources:

• Select ports and switches,

configure flowspaces;

• Setting Slice Controller:

• Inside a VM or through VPN;

• Fill in IP Address, port, protocol

type, password;

• Starting the Slice.

From Allocate Resources

To Start the Experiment

We will show a presentation using the

i2cat OFELIA facility and go over

these steps in a short time

DEMO

12

• Dependencies

• Debian Squeeze (recommended)

• Python 2.x

• MySQL, Flowvisor (CF)

• XEN kernel and userland (Agent)

• Tarball from Ofelia's Codebasin

site, unzip to /opt/ofelia

OFELIA CF – Installation

Basic Steps

13

• Control Framework

• Configuring the networks

• Management & Experimentation

• Installing Flowvisor

• Setting up MySQL

• Installing the Control

Framework

• cd /opt/ofelia/{expedient,

vt_manager, optin_manager}

• ofver install -f

OFELIA CF – Installing The

Control Framework

14

• XEN Agent (OXA)

• Setting up the networks

• Loading additional modules upon

boot (loop)

• Editing XEN configuration files

• Unzipping Ofelia's tarball

− /opt/OFELIA/oxa/repository

• Obtaining a VM template

• Installing the XEN Agent

− Editing the scripts

− Executing ofver

OFELIA CF – Installing The

Agents

15

• Creating an IP Range

• Creating an Ethernet Range

• Adding OXA

• Specify the server details

• Management bridges

• Data bridges

Management / Operation of

VT Manager

16

• Setting up Flowvisor

• Setting up Clearinghouse

• Approving a flowspace

• Manually adding a flowspace

• Editing flowspace rules

Management / Operation of

Optin Manager

17

• Adding and configuring

aggregates

• Openflow Aggregate

• Virtualization Aggregate

• Detecting the Topology

• Management of users and

permissions

Management / Operation of

Expedient

Lessons

19

• We had INTENSE and SUPORTIVE help from i2cat – 97 emails from january to march (many thanks, guys!!!). We had some issues when replicating the i2cat testbed and had some work-arounds

• SAME TARBALL 2 SUB-DIRECTORIES (/opt/ofelia /opt/ofelia/oxa – different paths

indicate different functionalities)

• TEMPLATE – the OFELIA VM template was not available at the time, we had to create our own and hack the ofver setup to point to a different TEMPLATE URL

• KERNEL BOOT - We found out that the kernel VM was hardcoded at the boot, assuming amd64, we changed to x86 in the local files (not ofver) – difficult to debug

• 2 VMs at the SAME PHYSICAL AGENT can ping each other even without a controller enabled (if openvswitch used versus xen-bridged)

• OPENWRT+PANTOU – it uses fixed VLANs to obtain the port isolation in the equipment, thus when OFELIA/Flowvisor sends slices -VLANs OFELIA / FlowVisor, the equipment rewrite the VLAN tags and flowvisor drops the packet (very hard to debug)

Lessons Learnt (using OFELIA v0.1)

20

• NETFPGA: We have 4 netFPGA Boards in our lab to experiment with, the fact is

multiple interconnected netFPGAs do not appear in the “discovery” topology in

OFELIA, although single netFPGA works, netFPGA -host –netFPGA-host works.

− We couldn’t finish yet this debugging, we speculate that direct DPCTL

commands sent by the OFELIA seem not work with netFPGA and thus using

LLDP could be a way to go in OFELIA topology discovery

• CONTROLLER OVER VPN - We set a remote controller instead of a controller VM.

The first time worked, but second time didn't, slice stuck.

− We found out that the flowvisor was not removing the controller entry therefore

next time, the VPN could have another IP associated to the remote controller

and then flowvisor didn't allow the use of it.

− same remote controller managing 2 slices is not possible - important to mention

that controller over VPN is not officially supported)

• Other OPERATIONAL issues, that could happen in FIBRE-BR

− There were issues with DHCP, at the beginning, VMs didn’t start

− LDAP, firewall, etc, issues happened (as it would normally happen anywhere)

− VPN setup was actived on i2cat island but disabled and open at ETH/Zurich, a

security issue, but fixed rapidly

Lessons Learnt (using OFELIA v0.1)

marcondes@dc.ufscar.br