广播风暴 flowvisor和floodlight（安装在一台机器上）配置：配置了两个slice 和一些flowspace

Yüklə 48,6 Kb.

tarix	07.11.2018
ölçüsü	48,6 Kb.
	#78879

广播风暴 flowvisor和floodlight（安装在一台机器上）配置：

配置了两个slice 和一些flowspace

实际组网：ovs1—ovs2—ovs3 两两相连，3个ovs都连接floodlight和flowvisor

3个ovs下都下挂虚拟机VM

实际组网1：ovs1/ovs2/ovs3 两两相连，都连接控制器与虚拟网。Ovs1和ovs3 下挂虚拟机。Ovs2 没有，这个slice 与pox 相连，pox是没有风暴过滤调整机制的，所以ovs1 ping ovs3 会产生风暴。

实际组网2：ovs1/ovs2/ovs3 两两相连，都连接控制器与虚拟网。Ovs2和ovs3 下挂虚拟机。Ovs1 没有，这个slice 与floodlight 相连，是有风暴过滤调整机制的如生成树/datapath，所以ovs2 通过虚拟机ping 通ovs3， ovs1 ping ovs3不通，因为ovs1没有安装虚拟机。

下面是floodlight 和flowvisor配置：

首先成功安装floodlight 和flowvisor 和pox

root@fnic2:~# ps -ef|grep pox

root 24389 1 1 Aug02 ? 00:52:01 python2.7 -u -O ./pox.py forwarding.l2_learning openflow.of_01 --port=6635

root 30999 30940 0 11:56 pts/11 00:00:00 grep --color=auto pox

查看floodlight安装和接口

root@fnic2:~# ps -ef|grep floodlight

root 24281 1 1 Aug02 ? 00:52:17 java -jar target/floodlight.jar

root 31218 30940 0 11:59 pts/11 00:00:00 grep --color=auto floodlight

root@fnic2:~# find / -name "floodlight*"

/root/floodlight

/root/floodlight/floodlight.sh

/root/floodlight/src/main/java/net/floodlightcontroller

/root/floodlight/src/main/resources/web/img/floodlight.png

/root/floodlight/src/main/resources/floodlightdefault.properties

/root/floodlight/src/test/java/net/floodlightcontroller

/root/floodlight/target/bin-test/net/floodlightcontroller

/root/floodlight/target/bin/net/floodlightcontroller

/root/floodlight/target/floodlight-test.jar

/root/floodlight/target/floodlight.jar

/root/floodlight/lib/gen-java/net/floodlightcontroller

/root/floodlight/floodlight_style_settings.xml

root@fnic2:~# more /root/floodlight/src/main/resources/floodlightdefault.properties

floodlight.modules = net.floodlightcontroller.storage.memory.MemoryStorageSource,\

net.floodlightcontroller.core.FloodlightProvider,\

net.floodlightcontroller.threadpool.ThreadPool,\

net.floodlightcontroller.devicemanager.internal.DeviceManagerImpl,\

net.floodlightcontroller.devicemanager.internal.DefaultEntityClassifier,\

net.floodlightcontroller.staticflowentry.StaticFlowEntryPusher,\

net.floodlightcontroller.firewall.Firewall,\

net.floodlightcontroller.forwarding.Forwarding,\

net.floodlightcontroller.linkdiscovery.internal.LinkDiscoveryManager, \

net.floodlightcontroller.topology.TopologyManager, \

net.floodlightcontroller.flowcache.FlowCache, \

net.floodlightcontroller.flowcache.FlowReconcileManager, \

net.floodlightcontroller.jython.JythonDebugInterface,\

net.floodlightcontroller.counter.CounterStore,\

net.floodlightcontroller.debugcounter.DebugCounter,\

net.floodlightcontroller.perfmon.PktInProcessingTime,\

net.floodlightcontroller.ui.web.StaticWebRoutable,\

net.floodlightcontroller.loadbalancer.LoadBalancer

net.floodlightcontroller.restserver.RestApiServer.port = 8080

net.floodlightcontroller.core.FloodlightProvider.openflowport = 6636

net.floodlightcontroller.jython.JythonDebugInterface.port = 6655

net.floodlightcontroller.forwarding.Forwarding.idletimeout = 5

net.floodlightcontroller.forwarding.Forwarding.hardtimeout = 0

root@fnic2:~#
查看有无安装flowvisor，和它的端口

root@fnic2:~# ps -ef | grep flowvisor

root 29358 1 0 10:58 ? 00:00:00 sudo -u fnic /usr/local/sbin/flowvisor

fnic 29359 29358 28 10:58 ? 00:21:02 java -server -Xms100M -Xmx2000M -XX:OnError=flowvisor-crash-logger -XX:+UseConcMarkSweepGC -Dorg.flowvisor.config_dir=/etc/flowvisor -Dorg.flowvisor.install_dir=/usr/local/libexec/flowvisor -Dderby.system.home=/usr/local/share/db/flowvisor -Dfvlog.configuration=/etc/flowvisor/fvlog.config -Dorg.flowvisor.config_dir=/etc/flowvisor -Dorg.flowvisor.install_dir=/usr/local/libexec/flowvisor -Dderby.system.home=/usr/local/share/db/flowvisor -Dfvlog.configuration=/etc/flowvisor/fvlog.config -Djavax.net.ssl.keyStore=/etc/flowvisor/mySSLKeyStore -Djavax.net.ssl.keyStorePassword=CHANGEME_PASSWD -cp /usr/local/libexec/flowvisor/openflow.jar:/usr/local/libexec/flowvisor/xmlrpc-client-3.1.3.jar:/usr/local/libexec/flowvisor/xmlrpc-common-3.1.3.jar:/usr/local/libexec/flowvisor/xmlrpc-server-3.1.3.jar:/usr/local/libexec/flowvisor/commons-logging-1.1.jar:/usr/local/libexec/flowvisor/ws-commons-util-1.0.2.jar:/usr/local/libexec/flowvisor/jsse.jar:/usr/local/libexec/flowvisor/asm-3.0.jar:/usr/local/libexec/flowvisor/cglib-2.2.jar:/usr/local/libexec/flowvisor/commons-codec-1.4.jar:/usr/local/libexec/flowvisor/commons-collections-3.2.1.jar:/usr/local/libexec/flowvisor/commons-dbcp-1.4.jar:/usr/local/libexec/flowvisor/commons-pool-1.5.6.jar:/usr/local/libexec/flowvisor/gson-2.0.jar:/usr/local/libexec/flowvisor/jetty-continuation-7.0.2.v20100331.jar:/usr/local/libexec/flowvisor/jetty-http-7.0.2.v20100331.jar:/usr/local/libexec/flowvisor/jetty-io-7.0.2.v20100331.jar:/usr/local/libexec/flowvisor/jetty-security-7.0.2.v20100331.jar:/usr/local/libexec/flowvisor/jetty-server-7.0.2.v20100331.jar:/usr/local/libexec/flowvisor/jetty-util-7.0.2.v20100331.jar:/usr/local/libexec/flowvisor/servlet-api-2.5.jar:/usr/local/libexec/flowvisor/derby.jar:/usr/local/libexec/flowvisor/derbytools.jar:/usr/local/libexec/flowvisor/jna.jar:/usr/local/libexec/flowvisor/syslog4j-0.9.46-bin.jar:/usr/local/libexec/flowvisor/log4j-1.2.16.jar:/usr/local/libexec/flowvisor/jsonrpc2-base-1.30.jar:/usr/local/libexec/flowvisor/jsonrpc2-server-1.8.jar:/usr/local/libexec/flowvisor/flowvisor.jar org.flowvisor.FlowVisor

root 32287 30940 0 12:11 pts/11 00:00:00 grep --color=auto flowvisor

root@fnic2:~# more /etc/flowvisor/config.json

{

"switches": [],

"flowvisor": [

{

"api_webserver_port": -1,

"db_version": 2,

"host": "localhost",

"log_ident": "flowvisor",

"checkpointing": false,

"listen_port": 6634,

"logging": "NOTE",

"run_topology_server": false,

"log_facility": "LOG_LOCAL7",

"version": "flowvisor-1.2.0",

"config_name": "default",

"api_jetty_webserver_port": 8181,

"default_flood_perm": "fvadmin",

"track_flows": false,

"stats_desc_hack": false

}

],

"FlowSpaceRule": [],

"Slice": [

{

"contact_email": "fvadmin@localhost",

"admin_status": true,

"creator": "fvadmin",

"passwd_salt": "-1344813177",

"drop_policy": "exact",

"config_name": "default",

"max_flow_rules": -1,

"name": "fvadmin",

"controller_port": 0,

"controller_hostname": "none",

"flowmap_type": "federated",

"passwd_crypt": "c11cfd4ba7938e9234b222fca34284f8",

"lldp_spam": true

}

]

}

配置slice

创建两个slice，分别指定到POX和Floodlight上：

fvctl -p 8181 add-slice s1 tcp:127.0.0.1:6635 1@1

fvctl -p 8181 add-slice s2 tcp:127.0.0.1:6636 2@2

root@fnic2:~# fvctl -p 8181 list-slice-info s1

Password:

{

"admin-contact": "1@1",

"admin-status": true,

"controller-url": "tcp:127.0.0.1:6635",

"current-flowmod-usage": 234023,

"current-rate": 1,

"drop-policy": "exact",

"recv-lldp": false,

"slice-name": "s1"

}

root@fnic2:~# fvctl -p 8181 list-slice-info s2

Password:

{

"admin-contact": "2@2",

"admin-status": true,

"controller-url": "tcp:127.0.0.1:6636",

"current-flowmod-usage": 32,

"current-rate": 1,

"drop-policy": "exact",

"recv-lldp": false,

"slice-name": "s2"

}

root@fnic2:~# ll

total 68

drwx------ 7 root root 4096 Aug 5 12:05 ./

drwxr-xr-x 23 root root 4096 Jul 23 10:14 ../

-rw------- 1 root root 6224 Aug 5 10:58 .bash_history

-rw-r--r-- 1 root root 3106 Apr 19 2012 .bashrc

drwx------ 2 root root 4096 Jul 23 11:39 .cache/

-rwxr-xr-x 1 root root 2593 Aug 1 13:00 config_fv2.sh*

-rw-r--r-- 1 root root 12288 Aug 5 11:19 .config_fv2.sh.swp

drwxr-xr-x 7 root root 4096 Aug 2 11:50 floodlight/

drwxr-xr-x 7 root root 4096 Aug 5 10:32 pox/

-rw-r--r-- 1 root root 140 Apr 19 2012 .profile

drwx------ 2 root root 4096 Aug 1 11:09 .ssh/

drwxr-xr-x 2 root root 4096 Aug 2 11:49 .vim/

-rw------- 1 root root 7976 Aug 5 12:05 .viminfo

通过脚本安装flowspace：

修改OvS的dpid：

192.168.20.3：ovs-vsctl set bridge br0 other_config:datapath-id=1000000000000001

192.168.20.4：ovs-vsctl set bridge br0 other_config:datapath-id=1000000000000002

192.168.20.5：ovs-vsctl set bridge br0 other_config:datapath-id=1000000000000003

root@fnic2:~# more config_fv2.sh

DP1=1000000000000001

DP2=1000000000000002

DP3=1000000000000003

#s1-dpid1

fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=1,nw_dst=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=1,nw_src=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=2,nw_dst=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=2,nw_src=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=3,nw_dst=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=3,nw_src=10.0.0.1 s1=7

#s1-dpid2

fvctl -p 8181 add-flowspace -f 1 space1 $DP2 1 in_port=2,nw_dst=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP2 1 in_port=2,nw_src=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP2 1 in_port=3,nw_dst=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP2 1 in_port=3,nw_src=10.0.0.1 s1=7

#s1-dpid3

fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=1,nw_dst=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=1,nw_src=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=2,nw_dst=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=2,nw_src=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=3,nw_dst=10.0.0.1 s1=7

fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=3,nw_src=10.0.0.1 s1=7
#slice2

fvctl -p 8181 add-flowspace -f 2 space1 $DP1 1 in_port=2,nw_dst=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP1 1 in_port=2,nw_src=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP1 1 in_port=3,nw_dst=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP1 1 in_port=3,nw_src=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=1,nw_dst=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=1,nw_src=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=2,nw_dst=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=2,nw_src=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=3,nw_dst=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=3,nw_src=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=1,nw_dst=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=1,nw_src=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=2,nw_dst=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=2,nw_src=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=3,nw_dst=10.0.0.2 s2=7

fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=3,nw_src=10.0.0.2 s2=7
修改openflow交换机:
配置交换机port

因为flowspace中指定了slice的port ，首先要指定虚拟机端口与ovs的eth0(vnet0)相连

配置了一个br0，两个port，eth1 eth2

交换机指定到flowvisor上：ovs-vsctl set-controller br0 tcp:192.168.20.6:6634

root@fnic8:~# ovs-vsctl show

e3c2c37f-aff2-4fb1-bf09-b8fc4d69b8c2

Bridge "br0"

Controller "tcp:192.168.20.6:6634"

is_connected: true

fail_mode: secure

Port "vnet0"

Interface "vnet0"

Port "eth2"

Interface "eth2"

Port "eth1"

Interface "eth1"

Port "br0"

Interface "br0"

type: internal
root@fnic8:~# ovs-vsctl list bridge br0

_uuid : 9a7f1e47-b5f1-410f-9a63-0393acf1a651

controller : [1ab5ceec-3965-47c4-89ab-1f1f408470bb]

datapath_id : "1000000000000001"

查看端口号：

root@fnic8:~# ovs-ofctl show br0

OFPT_FEATURES_REPLY (xid=0x2): dpid:1000000000000001

n_tables:254, n_buffers:256

capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP

actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE

1(vnet0): addr:fe:54:00:d4:fa:b1

config: 0

state: 0

current: 10MB-FD COPPER

speed: 10 Mbps now, 0 Mbps max

2(eth1): addr:74:86:7a:d7:65:65

config: 0

state: 0

current: 100MB-FD COPPER AUTO_NEG

advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG AUTO_PAUSE

supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG

speed: 100 Mbps now, 1000 Mbps max

3(eth2): addr:74:86:7a:d7:65:66

config: 0

state: 0

current: 1GB-FD COPPER AUTO_NEG

advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG AUTO_PAUSE

supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG

speed: 1000 Mbps now, 1000 Mbps max

LOCAL(br0): addr:74:86:7a:d7:65:65

config: 0

state: 0

speed: 0 Mbps now, 0 Mbps max

OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

设置队列，流量隔离：

192.168.20.3：

执行以下脚本设置队列：

#!/bin/bash

#clear config

ovs-vsctl del-br br0

ovs-vsctl -- --all destroy qos

ovs-vsctl -- --all destroy queue

ovs-vsctl add-br br0 -- set bridge br0 other_config:datapath-id=1000000000000001

ovs-vsctl set-controller br0 tcp:192.168.20.6:6634

ovs-vsctl set bridge br0 fail_mode=secure

virsh destroy vm3 //vm3为VM名称

sleep 5

virsh start vm3

sleep 5

ovs-vsctl add-port br0 eth1

ovs-vsctl add-port br0 eth2

#qos

ovs-vsctl set port eth1 qos=@newqos -- --id=@newqos create qos type=linux-htb\

queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth1 link-speed`\

-- --id=@q1 create queue other_config:min-rate=10000000\

-- --id=@q2 create queue other_config:min-rate=10000000

ovs-vsctl set port eth2 qos=@newqos -- --id=@newqos create qos type=linux-htb\

queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth2 link-speed`\

-- --id=@q1 create queue other_config:min-rate=10000000\

-- --id=@q2 create queue other_config:min-rate=10000000

192.168.20.4：

#!/bin/bash

#clear config

ovs-vsctl del-br br0

ovs-vsctl -- --all destroy qos

ovs-vsctl -- --all destroy queue

ovs-vsctl add-br br0 -- set bridge br0 other_config:datapath-id=1000000000000002

ovs-vsctl set-controller br0 tcp:192.168.20.6:6634

ovs-vsctl set bridge br0 fail_mode=secure

virsh destroy vm4

sleep 5

virsh start vm4

sleep 5

ovs-vsctl add-port br0 eth1

ovs-vsctl add-port br0 eth2

#qos

ovs-vsctl set port eth1 qos=@newqos -- --id=@newqos create qos type=linux-htb\

queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth1 link-speed`\

-- --id=@q1 create queue other_config:min-rate=10000000\

-- --id=@q2 create queue other_config:min-rate=10000000

ovs-vsctl set port eth2 qos=@newqos -- --id=@newqos create qos type=linux-htb\

queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth2 link-speed`\

-- --id=@q1 create queue other_config:min-rate=10000000\

-- --id=@q2 create queue other_config:min-rate=10000000

192.168.20.5：

#!/bin/bash

#clear config

ovs-vsctl del-br br0

ovs-vsctl -- --all destroy qos

ovs-vsctl -- --all destroy queue

ovs-vsctl add-br br0 -- set bridge br0 other_config:datapath-id=1000000000000003

ovs-vsctl set-controller br0 tcp:192.168.20.6:6634

ovs-vsctl set bridge br0 fail_mode=secure

virsh destroy vm5

sleep 5

virsh start vm5

sleep 5

ovs-vsctl add-port br0 eth1

ovs-vsctl add-port br0 eth2

#qos

ovs-vsctl set port eth1 qos=@newqos -- --id=@newqos create qos type=linux-htb\

queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth1 link-speed`\

-- --id=@q1 create queue other_config:min-rate=10000000\

-- --id=@q2 create queue other_config:min-rate=10000000

ovs-vsctl set port eth2 qos=@newqos -- --id=@newqos create qos type=linux-htb\

queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth2 link-speed`\

-- --id=@q1 create queue other_config:min-rate=10000000\

-- --id=@q2 create queue other_config:min-rate=10000000

实验结果

VM1与VM3形成广播风波

VM2与VM3可以ping通，Floodlight的最小生成树协议成功抑制了广播风暴

VM1与VM2 由于在不同的flowspace中ping不通

虚拟机配置：

详见《安装KVM虚拟机V0.1.docx》
File/新员工入门学习资料/安装KVM虚拟机V0.1.docx

还有一个广播风暴配置：

Yüklə 48,6 Kb.

Dostları ilə paylaş:

广播风暴 flowvisor和floodlight（安装在一台机器上）配置： 配置了两个slice 和一些flowspace

广播风暴 flowvisor和floodlight（安装在一台机器上）配置：配置了两个slice 和一些flowspace