calum.org:~#

Playing with software defined networking

Tags: software defined networking, sdn,

Added: 2020-07-17T12:44:44

Playing with software defined networking

If you want to get a basic OpenFlow SDN network set up, then these are the instructions you'll need to follow.
Mainly for my own records.

If you don't know about Software Defined Networking, then you'll probably do the steps below and wonder what the deal is.

SDN shines when you have a network that needs to change and reconfigure a lot. The hardware in an SDN network is a collection of dumb ports (in fact - the distinction between switches, routers and firewalls starts to blur), and the brains of the network is the SDN controller.
The network can reconfigure itself based on what the controller is programmed to do.
For instance, when a device is plugged in, the network can reconfigure itself to give access to the correct things, as well as optimise the flows.
It can audit, and enforce security among many other things.


Assuming you don't have real OpenFlow enabled hardware around, this will connect OpenVswitch to an ONOS controller. ONOS is the controller I prefer and that I've worked with before. The code project and code was much better structured and written than the others I looked at.
There are other controllers out there though.
The controller will run on the same box as openvswitch, although this isn't how it would be in a proper network. In a real network, the control plane (which the controller sits on) would be a separated network purely for management traffic.
The more real network ports you can use, the more fun you can have. If you don't have real ports, you will have to try and manage with dummy interfaces: modprobe -v dummy numdummies=8

Run ONOS

docker run -it --rm --name onos -p6653:6653 -p8181:8181 -p6640:6640 onosproject/onos


Enable the required applications


Log in to http://127.0.0.1:8181/onos/ui with onos, password rocks.
Menu, applications, start org.onosproject.openflow-base, org.onosproject.fwd

The default applications in the ONOS controller are more list demonstrators. You're not really meant to run a proper network on them. Ideally, you'd need to write your own applications. It's been a few years now since I did this, but I remember it being fairly logical and straight-forward.
However, for this, the default applications should be OK.

Install OpenVSwitch


Usually, there'll be some packages for your OS. If not, install from source.
I only had a CentOS 8 box knocking around, so these instructions are for that.
yum install autoconf automake libtool python38 make git
git clone https://github.com/openvswitch/ovs.git
./boot.sh && ./configure --disable-ssl && make && make install


Initialise the DB

ovsdb-tool create


Run the services


I would guess you won't need to do this if you've installed via packages.
ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock
ovs-vswitchd
(When you're happy with them, you can run them with --detach on the end)

Set up a bridge

ovs-vsctl add-br openflow
ovs-vsctl set bridge openflow protocols=OpenFlow10,OpenFlow12,OpenFlow13
ovs-vsctl set-controller openflow tcp:127.0.0.1
ovs-vsctl show


You should now see happy connected messages in the output from ovs-switchd.

On the ONOS UI, you should also see your device.

What now?


Right now, it won't look that impressive, and won't be actually doing anything.
You should be able to add ports to your openflow bridge, and control them by pushing flows in ONOS.
You can either work reactively, which means the network device contacts the SDN controller when it encounters an event it doesn't have a rule for, or set up flows in advance.

If you want to run the ONOS cli, then the command is 
docker exec -it onos /root/onos/apache-karaf-4.2.9/bin/client


Remember though, that the interaction with the network should be via software you write that runs on the controller, and not through the CLI or the slightly sparse UI that comes with it. If you think "this UI isn't up to much" or "it's a bit awkward to add flows through the CLI", you're right.

Network discovery


There are a few ways that ONOS learns about links between network devices. LLDP is the standard way.
If you set up a second device, run lldpd on both of them
yum install lldpad
lldpad -d
Then enable it for whatever interfaces you see fit
for i in `ls /sys/class/net/ | grep 'dummy\|eth\|ens\|eno'` ;     do echo "enabling lldp for interface: $i" ;     lldptool set-lldp -i $i adminStatus=rxtx ;     lldptool -T -i $i -V sysName enableTx=yes;     lldptool -T -i $i -V portDesc enableTx=yes ;     lldptool -T -i $i -V sysDesc enableTx=yes;     lldptool -T -i $i -V sysCap enableTx=yes;     lldptool -T -i $i -V mngAddr enableTx=yes;     done

Also, start the org.onosproject.lldpprovider application in ONOS.

Real OpenFlow hardware


I really want to get hold of some proper SDN-enabled hardware. It's usually pretty expensive though. There are a couple of options for me right now:
1. A PC running Linux and OpenVSwitch, with extra network cards added.
2. Some sort of network device like a Wifi router, running OpenWRT and OpenVSwitch

Both aren't ideal - one has loads of CPU, memory, disk, but not enough network cards, and the other is a resource-constrained device with a few network cards.
Ideally, I'd like to be able to run some sort of open-source firmware on my Netgear GS724, but I haven't been able to find anything like that.

posted by Calum on 2020-07-16T21:00 under

Add a comment

Your IP:
Please enter 9072630 here: