Wednesday, February 19, 2014

Manage FloodLight using PowerShell

PowerShell is very powerful tool for manage Hyper-V and VMware environments.

That why it would be useful have possibity manage networks using same tool.

FloodLight contains REST API which is very simple call from PowerShell. I created PowerShell module for basic FloodLight's management. PowerShell module and it's documentation is available in here: https://floodlightpscmdlet.codeplex.com/documentation

Tuesday, February 18, 2014

Build latest of FloodLight's version from GitHub

FloodLight's documentation includes information about Virtual Network Filter v1.1:
http://docs.projectfloodlight.org/display/floodlightcontroller/VirtualNetworkFilter+%28Quantum+Plugin%29+%28Dev%29

FloodLight version which is included to Ubuntu is only supporting older Quantum Plugin 1.0. That why I wanted build latest version from GitHub to deb package and use it.

Reason for using deb package is that when some day newer version is included to Ubuntu's repository you can upgrade FloodLight using apt-get.

Here is short guide how you can build your own deb package:
# Installing pre-requirements
sudo apt-get install build-essential git default-jdk ant python-dev devscripts debhelper junit4 thrift-compiler libjs-twitter-bootstrap libjs-backbone libjs-jquery libjs-underscore yui-compressor

# Clone latest source code from GitHub
git clone git://github.com/floodlight/floodlight.git
mv floodlight floodlight-0.90+dfsg-9custom1
cd floodlight-0.90+dfsg-9custom1

GitHub contains only very basic version of deb packaging information. That why it is easier your remove debian folder cloned from GitHub and use Ubuntu's own version for template.
rm -rf debian
wget http://archive.ubuntu.com/ubuntu/pool/universe/f/floodlight/floodlight_0.90+dfsg-0ubuntu1.debian.tar.gz
tar -zxvf floodlight_0.90+dfsg-0ubuntu1.debian.tar.gz

You need add new version information. Other why apt-get upgrade will replace you package.
debchange -i
floodlight (0.90+dfsg-9custom1) raring; urgency=low

  * Latest version from GitHub

 -- Olli Janatuinen <olli.janatuinen@gmail.com>  Tue, 18 Feb 2014 18:18:06 +0000

Some modifications was also needed because them was requested by debian/rules script.
rm debian/source/format
cp README.md README.txt

Then we just need build new package and install it.
dpkg-buildpackage -b
cd ..
sudo dpkg -i floodlight_0.90+dfsg-9custom1_all.deb

Sunday, February 16, 2014

How to create OpenFlow testing virtual machine over Hyper-V

Like I said on my welcome post idea is create OpenFlow testing virtual machine (VM) over Hyper-V. So here is guide how do that :)

This configuration isn't production ready but it still is enough good for testing and learning OpenFlow. I will create another posts about production ready configurations.

I'm speaking here only about Hyper-V here but it should be possible do everything I describe on this post  over VMware too. You just need create and networks manually.

Components used in here and reasons for selecting them:
  • Floodlight OpenFlow Controller
    • Active OpenFlow Controller project
    • Good REST API which is easy call using PowerShell.
    • OpenStack have support for FloodLight. (I probably will talking about OpenStack later)
  • Open vSwitch
    • Included to Ubuntu
    • Easy creating virtual OpenFlow switch
  • Ubuntu Server 13.10
    • I'm already familiar with Ubuntu.
    • Latest LTS (Long Term Support) version doesn't include Floodlight.
    • Hyper-V drivers are included to Ubuntu.

Couple words about network topology

On Hyper-V you can create virtual switches which type is "Private network" but these networks are still shared between VMs. That why we need create as many virtual switches to Hyper-V than we want create ports to our Open vSwitch.

Hyper-V supports extensible switch extensions which makes possible connect it directly to OpenFlow controller but unfortunately there isn't yet any free/open source solution for that.

Logical picture how virtual machines and virtual switches will be connected on this scenario.


Creating virtual machine to Hyper-V

Like my colleague said it "Because real admins are not using GUI", here is PowerShell script for generating virtual switches to Hyper-V and virtual machine which uses them. That VM will contain OpenFlow controller and OpenFlow switch.

You can specify number of switch ports in to varible $SwitchPortNum but then you need change same value to Open vSwitch ports configuration script too.

# Settings
$vmMemory = 2048MB
$vmCPU = 2
$vmName = "OpenFlowTestVM"
$vmSwitchBaseName = "OpenFlow-SwitchPort"
$SwitchPortNum = 5

# Create VM
New-VM -Name OpenFlowTestVM -MemoryStartupBytes $vmMemory
Set-VM -Name $vmName -ProcessorCount $vmCPU

# Create private networks for switch ports and connect them to VM
For ($i = 1; $i -ile $SwitchPortNum; $i++) {
     New-VMSwitch -Name "$vmSwitchBaseName`-$i" -SwitchType Private
     Add-VMNetworkAdapter -VMName $vmName -SwitchName "$vmSwitchBaseName`-$i" -Name "eth$i"
}

# Allow mac address spoofingh for all NICs (needed by Open vSwitch)
Set-VMNetworkAdapter -VMName $vmName -MacAddressSpoofing On

Installing VM


Here is two possible ways installing this VM. You can use kickstart script which I already created for you and do everything manually.

Automatic install and configure for VM

Connect VM to network where is DHCP available.
Boot VM from Ubuntu's ISO -file.
Select language, click F6, click ESC, write ks=http://pastebin.com/raw.php?i=N1unnRjp and click Enter.
If you are not using USA keyboard and you want copy paste that url to VM, you also need click F3 and select your keymap.

Then VM will be automatically installed.
Open vSwitch port configurations you can generate using command (remember fix number of ports to it first):
sudo /configure-switch-ports.sh

Credentials to VM are:
Username: user
Password: Qwerty7!

Manually install and configure VM

Connect VM to network where is DHCP available.
Boot VM from Ubuntu's ISO -file.
Use default settings on installation (including OpenSSH is good idea).

Installing FloodLight

sudo apt-get install floodlight
sudo update-rc.d floodlight start 90 2 3 4 5 . stop 10 0 1 6 .
sudo reboot

Installing Open vSwitch, configure switch ports and connect it to Floodlight

# Installing Open vSwitch
sudo apt-get install openvswitch-switch

# Enable automatic start and stop for service
sudo update-rc.d openvswitch-switch start 91 2 3 4 5 . stop 10 0 1 6 .

# Config switch ports
sudo -s
# Guide: cat /usr/share/doc/openvswitch-switch/README.Debian
PORTSNUM=5
CONFIG="/etc/network/interfaces"
echo >> $CONFIG
echo "allow-ovs br0" >> $CONFIG
echo "iface br0 inet manual" >> $CONFIG
echo "ovs_type OVSBridge" >> $CONFIG
for ((i=1; i<=$PORTSNUM; i++)) {
  OVSPORTS+="eth$i "
}
echo "ovs_ports $OVSPORTS" >> $CONFIG
echo "ovs_extra set-controller br0 tcp:127.0.0.1:6633" >> $CONFIG
echo >> $CONFIG

for ((i=1; i<=$PORTSNUM; i++)) {
  echo "allow-br0 eth$i" >> $CONFIG
  echo "iface eth$i inet manual" >> $CONFIG
  echo "ovs_bridge br0" >> $CONFIG
  echo "ovs_type OVSPort" >> $CONFIG
  echo >> $CONFIG
}

sudo reboot

Testing

You need at least two virtual machines for testing this configuration.
Connect first VM to network OpenFlow-SwitchPort1 and second one to network OpenFlow-SwitchPort2

Because forwarding is enabled by default on Ubuntu's FloodLight package, ping between these machines should working now (disable firewall from them if it isn't).

Just to be sure that OpenFlow really controls traffic you can try disable forwarding module.
sudo nano /etc/floodlight/floodlightdefault.properties
remove line "net.floodlightcontroller.forwarding.Forwarding,\"
sudo service floodlight restart
After that ping reply should stops working. More information about FloodLights's modules: http://www.openflowhub.org/display/floodlightcontroller/Module+Applications


On next post I will talking more about how control traffic using OpenFlow.

Tuesday, February 11, 2014

Welcome to my blog

Hi

I'm working on Solution Architect in Cloud Architecture and Availability team in SaaS providing company.

Our company is not yet using network virtualization but I can see that them would give us easier way handling network security.

I created this blog for the purpose of I didn't find any guide how to test OpenFlow with Hyper-V and/or multi hypervisor environments.

Plan is that I will start testing and learning OpenFlow over Hyper-V share my experiences with you.


Reason for my OpenFlow interest is that in mixed VMware + Hyper-V environment you need two different network virtualization technologies (VXLAN and NVGRE) and also like more a vendor independent solutions.


I hope that this blog will give you useful information.


EDIT on 2014-07-13: Looks that this blog will also contain lot of my ideas and experiences from all Cloud technology areas which with I'm working.