FlowVisor config 0.4

From OpenFlow Wiki

Contents 1 Overview 2 Syntax 3 Guests/Slices 3.1 Example: 'alice.guest' 3.2 Required fields 3.3 Optional fields 4 FlowSpace 4.1 Actions 4.2 Fields 4.3 Values 5 Switches 5.1 Example: 'swan-ap27.switch' 5.2 Example: 'default.switch' 5.3 Required Fields 5.4 Optional Fields 6 Config Validation: flowspace_check 7 Back

Overview

• STOP NOW This page shows how to configure FlowVisor 0.4, a _very_ old version of the FlowVisor. If you want to configure a modern FlowVisor, please start here FlowVisor_run
• There are two high level types of configuration files: .guest files and .switch files
  • .guest files define the location and permissions of a slice
  • .switch files bind a datapath id (i.e., the mac address used by the switch to identify itself) to a human readable name
• All config files live in the config directory, which is "./flowvisor-conf.d" by default
• The flowvisor automatically parses all files in that directory matching *.guest and *.switch
• The flowvisor ignores all other files in the config directory as well as subdirectories
• Use `killall -HUP flowvisor` to tell the flowvisor to re-read its config files
• The './regress/' and './example-confs' directories in the source contains a number of example configurations

Syntax

• Keywords are case insensitive
• '#' is the comment character
  • anything after '#' is ignored until EOLN
• One directive per line
  • Blank lines are ignored
• Terms are whitespace (tabs, multiple spaces) delimited
  • "This: is fine" is the same as
  • "This: <space><space> is <tab> fine"

Guests/Slices

Example: 'alice.guest'

 Name: alice
 ID: 1
 Host: tcp:localhost:54321
 AllowedPorts: 0,2,3     switch1
 FlowSpace: allow: dl_src: 00:00:00:00:00:02
 FlowSpace: allow: dl_src: 00:00:00:00:00:03

Required fields

• ID is an integer unique among the guests
  • Note 1: This is a fugly code artifact that is going away ASAP
  • Note 2: In case you have two FlowVisor slices stitched together in the data plane, you should configure the two slices to have the same ID
• Host is the ip/port pair of this slice's controller
  • Actually vconn string that looks like a URL
  • tcp:host[:port]; default port == 6633
  • FIXME: change to 'Controller' for clarity
• FlowSpace ordered list of permissions/definition of this slice
  • One slice can have many FlowSpace lines
  • Must have at least one FlowSpace line
  • Full Syntax definitions below

Optional fields

• Name: a human readable name for this slice
  • Defaults to base of filename "foo.guest" == "Name: foo"
• AllowedPorts: restrict usable ports on a switch
  • AllowedPorts: portlist switchname
  • switchname should match the "Name: foo" from foo.switch
    • There is a special switch name called "default" that affects all switches
      • e.g., "AllowedPorts: none default" turns off all ports on all switches
      • This can then be overridden by enabling specific ports with subsequent AllowedPorts lines
  • Ports are a comma separated list "1,2,3" or dash separated for ranges "1,2,3-8"
    • Use the string "none" to indicate no ports usable
    • The string "all" can be used to explicitly specify all ports (the default)
  • FIXME: allow datapathids to be used here
• Type: specifies the type of a slice. Useful for making a "catch all" default slice or a slice that transparently monitors everything
  • Values:
    • Normal: only packets that match the flowspace are forwarded to this slice
    • Default: send all packets that match no NORMAL slice
      • like the default line in a switch() statement
    • Transparent: just like Normal, but packets sent to this slice are also sent to Default slices
  • Defaults to "normal"
• Vlan:: force all packets on this slice to a specific VLAN
  • Takes an integer parameter between 1-4096
• VlanPCP:: Forces all slice traffic to a specific Vlan Priority
  • Takes an integer parameter between 0-7
  • Need to configure the meaning of each Vlan Priority via CLI on each switch in the network
• BandwidthSlice: Forces all slice traffic to a specific Slicing Queue
  • Takes an integer parameter between 0 and MAX # of queues for the switch
  • Need to configure the meaning of each queue via some out-of-band mechanisms, e.g., the switch CLI or OpenFlow config protocol if supported by the switch
  • Assumes that all switches are configured uniformly, i.e., that a slices traffic is mapped to queue #3 on all switches

FlowSpace

• Syntax: "FlowSpace: action: [field1:<space>value1] [...] "
• A message is tested against each rule in the order listed
  • The action of the first rule matched is applied
    • in ipf terminology, all rules are quick

Actions

• readonly: this slice can receives messages, but cannot send messages
  • useful for 'monitoring' slices
• allow: full read/write control
• deny: block messages matching this flowspace

Fields

• Layer 2 fields: src/dst MAC and ether type
  • dl_src: MAC_addr
  • dl_dst: MAC_addr
  • dl_type: integer
    • Range of values: 0 to 65535
  • vlan: integer
    • Range of values: 0 to 4095
  • vlan_pcp: integer
    • Range of values: 0 to 7
• Layer 3 fields: src/dst IP and protocol
  • ip_src: IP_addr
  • ip_dst: IP_addr
    • accepts both ipv4 addresses and CIDR-style netmasks, e.g., both "128.8.128.8" and "128.8.0.0/16"
  • ip_proto: integer
    • Range of values: 0 to 255
  • ip_tos: integer
    • Range of values: 0 to 7
• Layer 4 fields: src/dst TCP/UDP port or ICMP type/code
  • tp_src: integer
  • tp_dst: integer
    • Range of values: 0 to 65535
• QoS
  • limit: integer
    • Range from 1 to MAXINT
    • Used to limit the number of packet_in's per second that match this rule before sending a SQUELCH

Values

• MAC_addr: 6 byte colon separated hex string
  • e.g., "01:20:30:43:ef:a0"
• integer:
  • e.g., "133"
• IP_addr: 4 byte period separtated decimal string
  • e.g., "192.168.0.1"

Switches

• All switch definitions files match *.switch

Example: 'swan-ap27.switch'

 # This is a comment: whitespace only lines are ignored
 Name: swan-ap27
 Id: 31
 DataPathID: 02:0d:b9:16:ef:b4:00:00

Example: 'default.switch'

 # For switches that do not have a their own, specific config file
 Default: 1
 # Start numbering "default" switches at 10000
 Id: 10000
 

Required Fields

• ID: same as guest ID
  • needs to be unique across switches; should go away ASAP
• DataPathID: 64-bit number switch uses to identify itself
  • NOTE: this number must be 8 hexadecimal bytes, even though most switches only use 6 to identify themselves (i.e., a MAC address), thus, in practice, the last two bytes will often be zero

Optional Fields

• Name: the switches human readable name
  • no white space allowed in name string
  • defaults to base of filename, i.e., "foo.switch" == "Name: foo"
• 'Default": 1
  • says that this controller accepts connections from switches not explicitly specified
  • This is very useful and will probably become obsolete/implicit
  • the "ID" of a default switch starts counting from the ID specified in this file

Config Validation: flowspace_check

flowspace_check [<path_to_config_dir>]

• Configurations are complicated and you may want to sanity a config without running it through the flowvisor
• Flowvisor ships with a program flowspace_check that allows users to test parse new configs without changing the current running flowvisor
• This program is a place holder for a better sanity checking program
  • e.g., policy manager module

Back

• Back to the FlowVisor main page