Software Defined Networking is extremely popular because it's one of the main enablers of cloud, simplifies network management with automation, increases security, and provides a huge ROI for its agility. SDN-enabled switches can be programmed in several possible ways, with OpenFlow being a standardized communications protocol. A controller that supports OpenFlow can modify the flow tables of OpenFlow-enabled switches in an automated way to accomplish what used to be manual vendor-specific configuration. The controller can collect metrics, perform security audits, topology verification, etc.
In a datacenter network, there are lots of switches and many different ways to connect them. For network topologies, there's Clos, HyperX, Dcell, BCube, and many other fundamentally different topologies, all with the end goal of trying to connect as many hosts as possible and preserve wicked fast transfers with graceful switch failure conditions. OpenFlow can be used to configure all of those topologies. Furthermore, a few controllers can manage an entire datacenter of switches and provide 4x more bandwidth than the current state-of-the-art Equal Cost Multipath (ECMP) routing.
Experimenting with OpenFlow on my router
There are a lot of guides on testing OpenFlow controllers in AWS but I wanted to test it with my home router. I have nodes on the router communicating and an out-of-band management connect for OpenDaylight.
Here the goal is to configure OpenWrt and Open vSwitch (OVS) on a TP-LINK WR1043ND v2.1 router, and have it managed by an OpenDaylight controller. The four LAN ports are for OVS and the WAN is for out-of-band management. First I cover some OpenDaylight setup since it doesn't have the web GUI out of the box; then we'll configure OpenWrt's network and firewall, and link it to the controller. By the end, the controller will see the switch and connected devices with the devices communicating.
Setup OpenDaylight Web GUI (DLUX)
OpenDaylight is my controller of choice since it seems to be very popular in OpenStack deployments, but nearly any controller will work (I've tested Floodlight and OpenDaylight). There is a little setup needed to enable the web GUI, which they call "DLUX", covered below. I keep piling on references but check out the OpenDaylight User Guide for a lot of great information. OpenDaylight is easy to get working in an Ubuntu VM which has JDK7/Maven installed, and JAVA_HOME set.
After downloading the OpenDaylight package, start karaf with /bin/karaf
and you should get the embedded shell. The shell is used for interfacing with the system and installing new packages. Use karaf feature:install to get DLUX and the L2switch: feature:install odl-dlux-core odl-dlux-node odl-dlux-yangui odl-dlux-yangvisualizer odl-l2switch-switch-ui
.
After DLUX is installed the web GUI is at http://localhost:8181/index.html. That URL is for OpenDaylight 3.2 Lithium-SR2 and if it doesn't work, be sure to read the manual to find the correct URL. Also remember the IP address of the controller for later.
Configuring TP-LINK switch for OpenFlow
The switch needs to be configured such that OVS can control/update the flows instead of the switch firmware. This is "just" configuration but I was entirely new to OpenWrt and it took a week+ to understand the details of the files. To configure OpenWrt, ssh to the router (default is 192.168.1.1 on LAN) and look at the files in /etc/config/
then modify as I do in the next sections.
Install Open vSwitch
I'm using OpenWrt trunk and opkg to install Open vSwitch and its dependencies. Install with opkg update && opkg install openvswitch
. I attempted compiling the firmware and OVS package myself but encountered difficulties, so installing via opkg is my suggestion.
Configure /etc/config/network
The network configuration is device dependent and extremely tricky. At a high level, we want the WAN port to be used for out-of-band management with DHCP or static IP; the four LAN ports are on individual static VLANs to be managed by OpenFlow.
Here's my configuration of /etc/config/network
for the WR1043ND v2.1 running OpenWrt with Open vSwitch:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd9e:ad02:4a25::/48'
# dhcp wan for management
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth0'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
option enable_learning '0'
# The OpenWRT wiki says that WAN should always be vlan 2
# and all others start at vlan 3.
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 6'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '1 0t'
config switch_vlan
option device 'switch0'
option vlan '4'
option ports '2 0t'
config switch_vlan
option device 'switch0'
option vlan '5'
option ports '3 0t'
config switch_vlan
option device 'switch0'
option vlan '6'
option ports '4 0t'
# eth1.* should be static and controlled by the controller
config interface 'lan1'
option ifname 'eth1.3'
option proto 'static'
config interface 'lan2'
option ifname 'eth1.4'
option proto 'static'
config interface 'lan3'
option ifname 'eth1.5'
option proto 'static'
config interface 'lan4'
option ifname 'eth1.6'
option proto 'static'
Configure /etc/config/firewall
The WAN is for remote management and it's easiest to allow all communication by using the below /etc/config/firewall
configuration.
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward ACCEPT
Fix a small issue with Open vSwitch Startup
There an issue with OVS and OpenWrt: when the switch is rebooted, the OVS bridge doesn't load correctly. I didn't find the exact cause but you can either (1) restart OVS after each reboot with /etc/init.d/openvswitch restart
or (2) use my hack below.
On boot, OpenWrt executes /etc/rc.d/openvswitch
and something breaks. To workaround the issue, add a simple sleep 2
in the start() of the script.
Add the ports to Open vSwitch bridge
Reboot the router and connect the switch's WAN port to your LAN. Determine the address of the switch (using nmap) if you didn't set a static IP and ssh to it.
The ovs-vsctl command is used to configure the ovs switch. This step is easy and we'll create the br-lan bridge, set the supported OpenFlow versions, set the OpenFlow controller, then add the four LAN ports (eth1.3 through eth1.6).
ovs-vsctl add-br br-lan \
-- set bridge br-lan other-config:hwaddr=00:00:aa:bb:cc:dd \
-- set bridge br-lan protocols=OpenFlow10,OpenFlow13 \
-- set-controller br-lan tcp:${YOUR_CONTROLLER_IP}:6633 \
-- add-port br-lan eth1.3 \
-- add-port br-lan eth1.4 \
-- add-port br-lan eth1.5 \
-- add-port br-lan eth1.6
Check that the bridge was created and is connected to the controller with ovs-vsctl show
.
Topology in OpenDaylight
Refresh the DLUX GUI (http://localhost:8181/index.html) and there should be a controller listed showing devices and their MAC and IP.
I'm happy to have made it this far in my experimentation~~, but I was unable to figure out how to get IP addresses assigned in the OVS bridge. I tried static IPs, and adding a forward-flow, and adding the WAN to the bridge. Fail. If you know how to fix this let me know~~. Jamo Larson commented that my setup looked like it should work, so I tested a few more changes and IT WORKS. All that my setup needed was a DHCP server.
Here's an image of the full setup which matches the configuration above. The LAN ports are devices the are controlled by OpenDaylight, and the WAN is used for out-of-band management (OpenDaylight).
Let me know if you try this!
Happy Hacking