Sunday, February 16, 2014

How to create OpenFlow testing virtual machine over Hyper-V

Like I said on my welcome post idea is create OpenFlow testing virtual machine (VM) over Hyper-V. So here is guide how do that :)

This configuration isn't production ready but it still is enough good for testing and learning OpenFlow. I will create another posts about production ready configurations.

I'm speaking here only about Hyper-V here but it should be possible do everything I describe on this post  over VMware too. You just need create and networks manually.

Components used in here and reasons for selecting them:
  • Floodlight OpenFlow Controller
    • Active OpenFlow Controller project
    • Good REST API which is easy call using PowerShell.
    • OpenStack have support for FloodLight. (I probably will talking about OpenStack later)
  • Open vSwitch
    • Included to Ubuntu
    • Easy creating virtual OpenFlow switch
  • Ubuntu Server 13.10
    • I'm already familiar with Ubuntu.
    • Latest LTS (Long Term Support) version doesn't include Floodlight.
    • Hyper-V drivers are included to Ubuntu.

Couple words about network topology

On Hyper-V you can create virtual switches which type is "Private network" but these networks are still shared between VMs. That why we need create as many virtual switches to Hyper-V than we want create ports to our Open vSwitch.

Hyper-V supports extensible switch extensions which makes possible connect it directly to OpenFlow controller but unfortunately there isn't yet any free/open source solution for that.

Logical picture how virtual machines and virtual switches will be connected on this scenario.


Creating virtual machine to Hyper-V

Like my colleague said it "Because real admins are not using GUI", here is PowerShell script for generating virtual switches to Hyper-V and virtual machine which uses them. That VM will contain OpenFlow controller and OpenFlow switch.

You can specify number of switch ports in to varible $SwitchPortNum but then you need change same value to Open vSwitch ports configuration script too.

# Settings
$vmMemory = 2048MB
$vmCPU = 2
$vmName = "OpenFlowTestVM"
$vmSwitchBaseName = "OpenFlow-SwitchPort"
$SwitchPortNum = 5

# Create VM
New-VM -Name OpenFlowTestVM -MemoryStartupBytes $vmMemory
Set-VM -Name $vmName -ProcessorCount $vmCPU

# Create private networks for switch ports and connect them to VM
For ($i = 1; $i -ile $SwitchPortNum; $i++) {
     New-VMSwitch -Name "$vmSwitchBaseName`-$i" -SwitchType Private
     Add-VMNetworkAdapter -VMName $vmName -SwitchName "$vmSwitchBaseName`-$i" -Name "eth$i"
}

# Allow mac address spoofingh for all NICs (needed by Open vSwitch)
Set-VMNetworkAdapter -VMName $vmName -MacAddressSpoofing On

Installing VM


Here is two possible ways installing this VM. You can use kickstart script which I already created for you and do everything manually.

Automatic install and configure for VM

Connect VM to network where is DHCP available.
Boot VM from Ubuntu's ISO -file.
Select language, click F6, click ESC, write ks=http://pastebin.com/raw.php?i=N1unnRjp and click Enter.
If you are not using USA keyboard and you want copy paste that url to VM, you also need click F3 and select your keymap.

Then VM will be automatically installed.
Open vSwitch port configurations you can generate using command (remember fix number of ports to it first):
sudo /configure-switch-ports.sh

Credentials to VM are:
Username: user
Password: Qwerty7!

Manually install and configure VM

Connect VM to network where is DHCP available.
Boot VM from Ubuntu's ISO -file.
Use default settings on installation (including OpenSSH is good idea).

Installing FloodLight

sudo apt-get install floodlight
sudo update-rc.d floodlight start 90 2 3 4 5 . stop 10 0 1 6 .
sudo reboot

Installing Open vSwitch, configure switch ports and connect it to Floodlight

# Installing Open vSwitch
sudo apt-get install openvswitch-switch

# Enable automatic start and stop for service
sudo update-rc.d openvswitch-switch start 91 2 3 4 5 . stop 10 0 1 6 .

# Config switch ports
sudo -s
# Guide: cat /usr/share/doc/openvswitch-switch/README.Debian
PORTSNUM=5
CONFIG="/etc/network/interfaces"
echo >> $CONFIG
echo "allow-ovs br0" >> $CONFIG
echo "iface br0 inet manual" >> $CONFIG
echo "ovs_type OVSBridge" >> $CONFIG
for ((i=1; i<=$PORTSNUM; i++)) {
  OVSPORTS+="eth$i "
}
echo "ovs_ports $OVSPORTS" >> $CONFIG
echo "ovs_extra set-controller br0 tcp:127.0.0.1:6633" >> $CONFIG
echo >> $CONFIG

for ((i=1; i<=$PORTSNUM; i++)) {
  echo "allow-br0 eth$i" >> $CONFIG
  echo "iface eth$i inet manual" >> $CONFIG
  echo "ovs_bridge br0" >> $CONFIG
  echo "ovs_type OVSPort" >> $CONFIG
  echo >> $CONFIG
}

sudo reboot

Testing

You need at least two virtual machines for testing this configuration.
Connect first VM to network OpenFlow-SwitchPort1 and second one to network OpenFlow-SwitchPort2

Because forwarding is enabled by default on Ubuntu's FloodLight package, ping between these machines should working now (disable firewall from them if it isn't).

Just to be sure that OpenFlow really controls traffic you can try disable forwarding module.
sudo nano /etc/floodlight/floodlightdefault.properties
remove line "net.floodlightcontroller.forwarding.Forwarding,\"
sudo service floodlight restart
After that ping reply should stops working. More information about FloodLights's modules: http://www.openflowhub.org/display/floodlightcontroller/Module+Applications


On next post I will talking more about how control traffic using OpenFlow.

1 comment:

  1. This article gives the light in which we can observe the reality. This is very nice one and gives indepth information. Thanks for this nice article. vpn

    ReplyDelete