Category Archives: mininet

Learning OVS (open vswitch) using mininet — Part 6

In previous post we have seen that how we can add the flows to switch manually. Actually in switch flows are getting added in table, by default the flows are getting added in “table 0” but while adding new flow we can mention the table as well. In this post I am going to show how to add flow in table 0 which pass the network traffic  to table 1 and then suitable action taken on the network traffic in table 1.  This thing can be cascaded in forward direction.

Purpose this post is to only show how to add flows manually by specifying the tables.

Step 1 : Once again created topology without any controller.

root@mininet-vm:~# mn –topo=single,4 –mac –controller=none
*** Creating network
*** Adding controller
*** Adding hosts:
h1 h2 h3 h4
*** Adding switches:
s1
*** Adding links:
(h1, s1) (h2, s1) (h3, s1) (h4, s1)
*** Configuring hosts
h1 h2 h3 h4
*** Starting controller

*** Starting 1 switches
s1 …
*** Starting CLI:

Step 2 : I added the basic flow without specifying the table value and this time I am checking the flow working using ovs-appctl command.

mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
mininet> sh ovs-ofctl add-flow s1 priority=1000,in_port=1,actions=output:2

mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=2.023s, table=0, n_packets=0, n_bytes=0, idle_age=2, priority=1000,in_port=1 actions=output:2

mininet> sh ovs-appctl ofproto/trace s1 in_port=1
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=1000,in_port=1
OpenFlow actions=output:2

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,dl_type=0x0000,nw_frag=no
Datapath actions: 4

We can see that ovs-appctl is showing the detailed results that which flow rules is matching the ingress traffic here Flow is containing the keywords from input and Rule is matching flow which is applied on Flow and OpenFlow is the appropriate actioin taken on the ingress traffic.

Step 3 : I deleted the flow added in step 2 and added in new flow which will forward the traffic to table 1 here “resubmit(,1) is the keyword to forward the traffic to table 1.

mininet> sh ovs-ofctl del-flows s1
mininet> sh ovs-ofctl add-flow s1 “table=0,priority=1000,in_port=1,actions=resubmit(,1)”

Step 4 : I added new flow to forward the traffic to port 2 i.e veth pair connecting to h2 in my configuration again we can verify the same using ovs-appctl command.

mininet> sh ovs-ofctl add-flow s1 “table=1,priority=1000,actions=output:2”
mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=159.275s, table=0, n_packets=0, n_bytes=0, idle_age=159, priority=1000,in_port=1 actions=resubmit(,1)
cookie=0x0, duration=3.471s, table=1, n_packets=0, n_bytes=0, idle_age=3, priority=1000 actions=output:2
mininet> sh ovs-appctl ofproto/trace s1 in_port=1
Flow: metadata=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:00,dl_dst=00:00:00:00:00:00,dl_type=0x0000
Rule: table=0 cookie=0 priority=1000,in_port=1
OpenFlow actions=resubmit(,1)

Resubmitted flow: unchanged
Resubmitted regs: reg0=0x0 reg1=0x0 reg2=0x0 reg3=0x0 reg4=0x0 reg5=0x0 reg6=0x0 reg7=0x0
Resubmitted  odp: drop
Rule: table=1 cookie=0 priority=1000
OpenFlow actions=output:2

Final flow: unchanged
Relevant fields: skb_priority=0,in_port=1,dl_type=0x0000,nw_frag=no
Datapath actions: 4

Learning OVS (open vswitch) using mininet — Part 5

In previous article we have seen how the flow entries are getting added in switch automatically from SDN controller. In this article I am going to show you how to add them manually. For the purpose of this article I am going to create mininet configuration without using controller.

Step 1 : Creating topology without using controller. Only difference in the command is addition of “–controller=none” option.

root@mininet-vm:~# mn –topo=single,4 –mac –controller=none
*** Creating network
*** Adding controller
*** Adding hosts:
h1 h2 h3 h4
*** Adding switches:
s1
*** Adding links:
(h1, s1) (h2, s1) (h3, s1) (h4, s1)
*** Configuring hosts
h1 h2 h3 h4
*** Starting controller

*** Starting 1 switches
s1 …
*** Starting CLI:
mininet> nodes
available nodes are:
h1 h2 h3 h4 s1
mininet> dump
<Host h1: h1-eth0:10.0.0.1 pid=1717>
<Host h2: h2-eth0:10.0.0.2 pid=1720>
<Host h3: h3-eth0:10.0.0.3 pid=1722>
<Host h4: h4-eth0:10.0.0.4 pid=1724>
<OVSSwitch s1: lo:127.0.0.1,s1-eth1:None,s1-eth2:None,s1-eth3:None,s1-eth4:None pid=1729>

Step 2 : As we have not created a controller hence the hosts are not reachable to each other.

mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
From 10.0.0.1 icmp_seq=3 Destination Host Unreachable
^C
— 10.0.0.2 ping statistics —
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4025ms
pipe 3

Step 3 : Before adding the flow table we need to see the mapping between of the port number  and port name, we can do this using below command.

mininet> sh ovs-ofctl show s1
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000000000000001
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE
1(s1-eth1): addr:be:22:14:42:b8:9a
config:     0
state:      0
current:    10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
2(s1-eth2): addr:46:26:0a:c6:78:12
config:     0
state:      0
current:    10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
3(s1-eth3): addr:82:85:b3:ba:68:c8
config:     0
state:      0
current:    10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
4(s1-eth4): addr:66:b0:35:2f:4c:10
config:     0
state:      0
current:    10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
LOCAL(s1): addr:b2:98:b9:65:30:41
config:     0
state:      0
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

Step 4 : Simplest way to make hosts reachable to each other is to change the bridge to normal L2 device which can be done using below command. Once we added the flow using “action=normal” keyword switch is changed to L2 device.

mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
mininet> sh ovs-ofctl add-flow s1 action=normal
mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=6.631s, table=0, n_packets=0, n_bytes=0, idle_age=6, actions=NORMAL

After that I am able to ping the hosts.

mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=1.69 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.069 ms
^C
— 10.0.0.2 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.069/0.884/1.699/0.815 ms

Step 5 : I am going to add two flows to the device manually. I have mentioned the priority and in_port and out_port in the the rules. Higher value in priority means it will overrule any rule with lower value.

mininet> sh ovs-ofctl add-flow s1 priority=1000,in_port=1,actions=output:2
mininet> sh ovs-ofctl add-flow s1 priority=1000,in_port=2,actions=output:1
mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=15.544s, table=0, n_packets=0, n_bytes=0, idle_age=15, priority=1000,in_port=1 actions=output:2
cookie=0x0, duration=10.744s, table=0, n_packets=0, n_bytes=0, idle_age=10, priority=1000,in_port=2 actions=output:1

Step 6 : If  I am going to add the flow with higher priority and with action to drop the packets. Again the communication between hosts will stop.

mininet> sh ovs-ofctl add-flow s1 priority=1001,actions=drop
mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=126.42s, table=0, n_packets=7, n_bytes=574, idle_age=85, priority=1000,in_port=1 actions=output:2
cookie=0x0, duration=121.62s, table=0, n_packets=7, n_bytes=574, idle_age=85, priority=1000,in_port=2 actions=output:1
cookie=0x0, duration=2.519s, table=0, n_packets=0, n_bytes=0, idle_age=2, priority=1001 actions=drop
mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
— 10.0.0.2 ping statistics —
2 packets transmitted, 0 received, 100% packet loss, time 1006ms

Step  7: Once the delete the “drop” flow again the communication between the hosts resumed.

mininet> sh ovs-ofctl del-flows s1 –strict priority=1001
mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=2092.636s, table=0, n_packets=7, n_bytes=574, idle_age=2051, priority=1000,in_port=1 actions=output:2
cookie=0x0, duration=2087.836s, table=0, n_packets=7, n_bytes=574, idle_age=2051, priority=1000,in_port=2 actions=output:1
mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=1.07 ms
^C
— 10.0.0.2 ping statistics —
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.073/1.073/1.073/0.000 ms

Learning OVS (open vswitch) using mininet — Part 4

Continuing in the series, in previous post we have seen how the SDN controller is adding the flowtable entries in the vswitch. In this post I am going to show you some more details on the same topic.

Step 1 : First I am going to delete the existing entries present in switch and verifying that no entry is present in it.

mininet> sh ovs-ofctl del-flows s1
mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):

Step 2 : Lets start the tcpdump in backgound and then start the ping from h1 to h2.

a) Starting tcpdump in background.

mininet@mininet-vm:~$ sudo tcpdump -s0 -i lo -w /tmp/h1pingh2.pcap &
[1] 2484
mininet@mininet-vm:~$ tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes

b) Initiate a ping from h1 to h2.

mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=2.57 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=2.17 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.265 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=0.060 ms
^C
— 10.0.0.2 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.060/1.268/2.574/1.118 ms

c) Kill the tcpdump background process.

mininet@mininet-vm:~$ sudo kill 2484
21 packets captured
42 packets received by filter
0 packets dropped by kernel
[1]+  Done                    sudo tcpdump -s0 -i lo -w /tmp/h1pingh2.pcap

Step 3 : Dump the flow tables which are added on switch. Okay we can see that four flow tables are added.

mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=42.955s, table=0, n_packets=1, n_bytes=42, idle_timeout=60, idle_age=42, priority=65535,arp,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02,arp_spa=10.0.0.1,arp_tpa=10.0.0.2,arp_op=2 actions=output:2
cookie=0x0, duration=42.957s, table=0, n_packets=1, n_bytes=42, idle_timeout=60, idle_age=42, priority=65535,arp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01,arp_spa=10.0.0.2,arp_tpa=10.0.0.1,arp_op=1 actions=output:1
cookie=0x0, duration=46.958s, table=0, n_packets=3, n_bytes=294, idle_timeout=60, idle_age=44, priority=65535,icmp,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=8,icmp_code=0 actions=output:2
cookie=0x0, duration=47.959s, table=0, n_packets=4, n_bytes=392, idle_timeout=60, idle_age=44, priority=65535,icmp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01,nw_src=10.0.0.2,nw_dst=10.0.0.1,nw_tos=0,icmp_type=0,icmp_code=0 actions=output:1

Step 4 : Opening the tcpdump captured in Step 2. I have applied the filter of OF (openflow) traffic to keep the output precise. Basically we are looking for that info only.

mininet@mininet-vm:~$ tshark -tad -n -r /tmp/h1pingh2.pcap -Y of
1 2015-09-18 10:12:23.071616    127.0.0.1 -> 127.0.0.1    OF 1.0 74 of_echo_request
2 2015-09-18 10:12:23.071967    127.0.0.1 -> 127.0.0.1    OF 1.0 74 of_echo_reply
4 2015-09-18 10:12:25.594213     10.0.0.1 -> 10.0.0.2     OF 1.0 182 of_packet_in
5 2015-09-18 10:12:25.595114    127.0.0.1 -> 127.0.0.1    OF 1.0 90 of_packet_out
7 2015-09-18 10:12:25.595604     10.0.0.2 -> 10.0.0.1     OF 1.0 182 of_packet_in
8 2015-09-18 10:12:25.596331    127.0.0.1 -> 127.0.0.1    OF 1.0 146 of_flow_add
10 2015-09-18 10:12:26.597366     10.0.0.1 -> 10.0.0.2     OF 1.0 182 of_packet_in
11 2015-09-18 10:12:26.597788    127.0.0.1 -> 127.0.0.1    OF 1.0 146 of_flow_add
13 2015-09-18 10:12:30.598132 00:00:00:00:00:02 -> 00:00:00:00:00:01 OF 1.0 126 of_packet_in
14 2015-09-18 10:12:30.598557    127.0.0.1 -> 127.0.0.1    OF 1.0 146 of_flow_add
16 2015-09-18 10:12:30.600227 00:00:00:00:00:01 -> 00:00:00:00:00:02 OF 1.0 126 of_packet_in
17 2015-09-18 10:12:30.600544    127.0.0.1 -> 127.0.0.1    OF 1.0 146 of_flow_add
19 2015-09-18 10:12:35.070848    127.0.0.1 -> 127.0.0.1    OF 1.0 74 of_echo_request
20 2015-09-18 10:12:35.071205    127.0.0.1 -> 127.0.0.1    OF 1.0 74 of_echo_reply

If you look closely in above output, we can see that Frame 8,11,14, and 17 has added the flow tables in the switch; remember in step 3 also we have seen the four flow tables while dumping the switch table entries.

Opening the frame 8 which has added first entry in switch. It contain various important values.

mininet@mininet-vm:~$ tshark -tad -n -r /tmp/h1pingh2.pcap -O of -Y ‘of && frame.number  == 8’
Frame 8: 146 bytes on wire (1168 bits), 146 bytes captured (1168 bits)
Ethernet II, Src: 00:00:00:00:00:00 (00:00:00:00:00:00), Dst: 00:00:00:00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
Transmission Control Protocol, Src Port: 6633 (6633), Dst Port: 60705 (60705), Seq: 33, Ack: 241, Len: 80
OpenFlow
version: 1
type: OFPT_FLOW_MOD (14)
length: 80
xid: 0
of_match
wildcards: 0x0000000000000000
in_port: 2
eth_src: 00:00:00:00:00:02 (00:00:00:00:00:02)
eth_dst: 00:00:00:00:00:01 (00:00:00:00:00:01)
vlan_vid: 65535
vlan_pcp: 0
eth_type: 2048
ip_dscp: 0
ip_proto: 1
ipv4_src: 10.0.0.2 (10.0.0.2)
ipv4_dst: 10.0.0.1 (10.0.0.1)
tcp_src: 0
tcp_dst: 0
cookie: 0
_command: 0
idle_timeout: 60
hard_timeout: 0
priority: 0
buffer_id: 270
out_port: 0
flags: Unknown (0x00000000)
of_action list
of_action_output
type: OFPAT_OUTPUT (0)
len: 8
port: 1
max_len: 0

Step 5 : After few minutes again I tried to ping the h2 from h1, first reply again took more time which was not expected because this time our path of traffic should be (h1–>s1–>h2) instead of (h1–>s1–>c1–>s1–>h2) in step 1.

mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=3.43 ms   <<<<
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=2.59 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.303 ms
^C
— 10.0.0.2 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.303/2.112/3.436/1.325 ms

Because of idle_timeout value flowtables added after step1 are automatically purged and new tables are added after Step 5. I verified the same in tcpdump as well.

Step 6 : Again with in few seconds, I pinged h2 from h1 this time first reply didn’t take much time because the flowtables were already present, confirmed the same in tcpdump output that no of_flow_add has been seen this time.

mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.898 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.067 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.039 ms
64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=0.068 ms
^C
— 10.0.0.2 ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 0.039/0.268/0.898/0.363 ms

Learning OVS (open vswitch) using mininet — Part 3

In this post, I am basically going to cover the topic of openflow. I am going to show the flowtable entries which are added by SDN  controller in switch.

Step 1 : I am creating topology using 4 hosts. I have used the –mac option to keep the MAC address simple for the hosts.

root@mininet-vm:~# mn –topo=single,4 –mac
*** Creating network
*** Adding controller
*** Adding hosts:
h1 h2 h3 h4
*** Adding switches:
s1
*** Adding links:
(h1, s1) (h2, s1) (h3, s1) (h4, s1)
*** Configuring hosts
h1 h2 h3 h4
*** Starting controller
c0
*** Starting 1 switches
s1 …
*** Starting CLI:
mininet> dump
<Host h1: h1-eth0:10.0.0.1 pid=2062>
<Host h2: h2-eth0:10.0.0.2 pid=2065>
<Host h3: h3-eth0:10.0.0.3 pid=2067>
<Host h4: h4-eth0:10.0.0.4 pid=2069>
<OVSSwitch s1: lo:127.0.0.1,s1-eth1:None,s1-eth2:None,s1-eth3:None,s1-eth4:None pid=2074>
<Controller c0: 127.0.0.1:6633 pid=2055>
mininet> net
h1 h1-eth0:s1-eth1
h2 h2-eth0:s1-eth2
h3 h3-eth0:s1-eth3
h4 h4-eth0:s1-eth4
s1 lo:  s1-eth1:h1-eth0 s1-eth2:h2-eth0 s1-eth3:h3-eth0 s1-eth4:h4-eth0
c0

Step 2 : Let’s dump the current port settings on open vSwitch after creating the four hosts. Hosts are connected to different ports on open vswitch. Below output help us to match the port number with the portname. In flowtables we can only see the port number hence this output helps to match port number with port name.

mininet> sh ovs-ofctl dump-ports-desc s1
OFPST_PORT_DESC reply (xid=0x2):
1(s1-eth1): addr:7e:cc:5e:8b:a6:5d
config:     0
state:      0
current:    10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
2(s1-eth2): addr:52:06:cb:a1:c7:2c
config:     0
state:      0
current:    10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
3(s1-eth3): addr:62:9f:a7:47:d5:f0
config:     0
state:      0
current:    10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
4(s1-eth4): addr:8a:0a:6e:fe:13:da
config:     0
state:      0
current:    10GB-FD COPPER
speed: 10000 Mbps now, 0 Mbps max
LOCAL(s1): addr:4a:7a:a0:aa:9a:46
config:     0
state:      0
speed: 0 Mbps now, 0 Mbps max

Step 3 : You can check the statistics of each port using below command.

mininet> sh ovs-ofctl dump-ports s1
OFPST_PORT reply (xid=0x2): 5 ports
port  3: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
tx pkts=0, bytes=0, drop=0, errs=0, coll=0
port  1: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
tx pkts=0, bytes=0, drop=0, errs=0, coll=0
port  4: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
tx pkts=0, bytes=0, drop=0, errs=0, coll=0
port  2: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
tx pkts=0, bytes=0, drop=0, errs=0, coll=0
port LOCAL: rx pkts=0, bytes=0, drop=0, errs=0, frame=0, over=0, crc=0
tx pkts=0, bytes=0, drop=0, errs=0, coll=0

Step 4 : Lets initially print the flow tables. It’s showing nothing as this is a new topology and no host in this topology has tried to connect other hosts.
 
mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):

By the way, if you want to see the controller attached to the switch below command can used to print the information about the controller.

mininet> sh ovs-vsctl get-controller s1
ptcp:6634
tcp:127.0.0.1:6633

Step 5 : Lets create some traffic. We are going to ping h2 host from h1. We can notice first packet has taken more time, because the first packet will follow the path (h1–>s1–>c1–>s1–>h2) and subsequent will follow the path (h1–>s1–>h2)

mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=6.34 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=1.04 ms
64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.061 ms
^C
— 10.0.0.2 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.061/2.482/6.340/2.757 ms

Step 6 : Dump the flow table which was created during the first packet. We can see the new ARP rules are added. In the last you are seeing the :1 and :2 these are the port number of the switch, remember the Step 2.

mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=0.027s, table=0, n_packets=1, n_bytes=42, idle_timeout=60, idle_age=0, priority=65535,arp,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02,arp_spa=10.0.0.1,arp_tpa=10.0.0.2,arp_op=2 actions=output:2
cookie=0x0, duration=5.032s, table=0, n_packets=1, n_bytes=42, idle_timeout=60, idle_age=5, priority=65535,arp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01,arp_spa=10.0.0.2,arp_tpa=10.0.0.1,arp_op=2 actions=output:1
cookie=0x0, duration=0.029s, table=0, n_packets=1, n_bytes=42, idle_timeout=60, idle_age=0, priority=65535,arp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01,arp_spa=10.0.0.2,arp_tpa=10.0.0.1,arp_op=1 actions=output:1
cookie=0x0, duration=5.031s, table=0, n_packets=3, n_bytes=294, idle_timeout=60, idle_age=3, priority=65535,icmp,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=8,icmp_code=0 actions=output:2
cookie=0x0, duration=5.029s, table=0, n_packets=3, n_bytes=294, idle_timeout=60, idle_age=3, priority=65535,icmp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01,nw_src=10.0.0.2,nw_dst=10.0.0.1,nw_tos=0,icmp_type=0,icmp_code=0 actions=output:1

Step 7 : Similarly ping in reverse direction will add some more flowtable entries.

mininet> h2 ping h1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=2.16 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.937 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.068 ms
^C
— 10.0.0.1 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.068/1.057/2.167/0.861 ms

Step 8 : Checking the content of flows in s1.

mininet> sh ovs-ofctl dump-flows s1
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=49.62s, table=0, n_packets=1, n_bytes=42, idle_timeout=60, idle_age=49, priority=65535,arp,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02,arp_spa=10.0.0.1,arp_tpa=10.0.0.2,arp_op=2 actions=output:2
cookie=0x0, duration=54.625s, table=0, n_packets=2, n_bytes=84, idle_timeout=60, idle_age=0, priority=65535,arp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01,arp_spa=10.0.0.2,arp_tpa=10.0.0.1,arp_op=2 actions=output:1
cookie=0x0, duration=0.005s, table=0, n_packets=1, n_bytes=42, idle_timeout=60, idle_age=0, priority=65535,arp,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02,arp_spa=10.0.0.1,arp_tpa=10.0.0.2,arp_op=1 actions=output:2
cookie=0x0, duration=49.622s, table=0, n_packets=1, n_bytes=42, idle_timeout=60, idle_age=49, priority=65535,arp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01,arp_spa=10.0.0.2,arp_tpa=10.0.0.1,arp_op=1 actions=output:1
cookie=0x0, duration=54.624s, table=0, n_packets=3, n_bytes=294, idle_timeout=60, idle_age=52, priority=65535,icmp,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=8,icmp_code=0 actions=output:2
cookie=0x0, duration=5.009s, table=0, n_packets=3, n_bytes=294, idle_timeout=60, idle_age=3, priority=65535,icmp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01,nw_src=10.0.0.2,nw_dst=10.0.0.1,nw_tos=0,icmp_type=8,icmp_code=0 actions=output:1
cookie=0x0, duration=54.622s, table=0, n_packets=3, n_bytes=294, idle_timeout=60, idle_age=52, priority=65535,icmp,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:00:02,dl_dst=00:00:00:00:00:01,nw_src=10.0.0.2,nw_dst=10.0.0.1,nw_tos=0,icmp_type=0,icmp_code=0 actions=output:1
cookie=0x0, duration=5.009s, table=0, n_packets=3, n_bytes=294, idle_timeout=60, idle_age=3, priority=65535,icmp,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:00:01,dl_dst=00:00:00:00:00:02,nw_src=10.0.0.1,nw_dst=10.0.0.2,nw_tos=0,icmp_type=0,icmp_code=0 actions=output:2

Learning OVS (open vswitch) using mininet — Part 2

In the last article we have seen how to create a default topology and some useful commands to get familiar with mininet. In this article we will create other topologies using mininet.

By default, mininet is creating two hosts and one switch.

Case 1 : Creating topology using four hosts and one switch.

root@mininet-vm:~# mn –topo=single,4
*** Creating network
*** Adding controller
*** Adding hosts:
h1 h2 h3 h4
*** Adding switches:
s1
*** Adding links:
(h1, s1) (h2, s1) (h3, s1) (h4, s1)
*** Configuring hosts
h1 h2 h3 h4
*** Starting controller
c0
*** Starting 1 switches
s1 …
*** Starting CLI:

a) Let’s check the ovs status. We can see that four interfaces are created on OVS.

mininet> sh ovs-vsctl show
0b8ed0aa-67ac-4405-af13-70249a7e8a96
Bridge “s1”
Controller “ptcp:6634”
Controller “tcp:127.0.0.1:6633”
is_connected: true
fail_mode: secure
Port “s1”
Interface “s1”
type: internal
Port “s1-eth3”
Interface “s1-eth3”
Port “s1-eth2”
Interface “s1-eth2”
Port “s1-eth1”
Interface “s1-eth1”
Port “s1-eth4”
Interface “s1-eth4”
ovs_version: “2.0.2”

b) Checking the number of nodes and ip address information.

mininet> nodes
available nodes are:
c0 h1 h2 h3 h4 s1
mininet> dump
<Host h1: h1-eth0:10.0.0.1 pid=2698>
<Host h2: h2-eth0:10.0.0.2 pid=2701>
<Host h3: h3-eth0:10.0.0.3 pid=2703>
<Host h4: h4-eth0:10.0.0.4 pid=2705>
<OVSSwitch s1: lo:127.0.0.1,s1-eth1:None,s1-eth2:None,s1-eth3:None,s1-eth4:None pid=2710>
<Controller c0: 127.0.0.1:6633 pid=2691>

Case 2 : Creating linear topology with 4 nodes. Here we can see that four hosts and same number of switches are created.

root@mininet-vm:~# mn –topo=linear,4
*** Creating network
*** Adding controller
*** Adding hosts:
h1 h2 h3 h4
*** Adding switches:
s1 s2 s3 s4
*** Adding links:
(h1, s1) (h2, s2) (h3, s3) (h4, s4) (s2, s1) (s3, s2) (s4, s3)
*** Configuring hosts
h1 h2 h3 h4
*** Starting controller
c0
*** Starting 4 switches
s1 s2 s3 s4 …
*** Starting CLI:

a) Checking the status OVS using below command we can see that four bridges are created.

mininet> sh ovs-vsctl show
0b8ed0aa-67ac-4405-af13-70249a7e8a96
Bridge “s3”
Controller “ptcp:6636”
Controller “tcp:127.0.0.1:6633”
fail_mode: secure
Port “s3”
Interface “s3”
type: internal
Port “s3-eth1”
Interface “s3-eth1”
Port “s3-eth2”
Interface “s3-eth2”
Port “s3-eth3”
Interface “s3-eth3”
Bridge “s2”
Controller “ptcp:6635”
Controller “tcp:127.0.0.1:6633”
fail_mode: secure
Port “s2”
Interface “s2”
type: internal
Port “s2-eth3”
Interface “s2-eth3”
Port “s2-eth1”
Interface “s2-eth1”
Port “s2-eth2”
Interface “s2-eth2”
Bridge “s4”
Controller “ptcp:6637”
Controller “tcp:127.0.0.1:6633”
fail_mode: secure
Port “s4-eth1”
Interface “s4-eth1”
Port “s4”
Interface “s4”
type: internal
Port “s4-eth2”
Interface “s4-eth2”
Bridge “s1”
Controller “ptcp:6634”
Controller “tcp:127.0.0.1:6633”
fail_mode: secure
Port “s1-eth2”
Interface “s1-eth2”
Port “s1”
Interface “s1”
type: internal
Port “s1-eth1”
Interface “s1-eth1”
ovs_version: “2.0.2”

b) Checking the number of nodes and IP information.

mininet> nodes
available nodes are:
c0 h1 h2 h3 h4 s1 s2 s3 s4

mininet> dump
<Host h1: h1-eth0:10.0.0.1 pid=2986>
<Host h2: h2-eth0:10.0.0.2 pid=2989>
<Host h3: h3-eth0:10.0.0.3 pid=2991>
<Host h4: h4-eth0:10.0.0.4 pid=2993>
<OVSSwitch s1: lo:127.0.0.1,s1-eth1:None,s1-eth2:None pid=2998>
<OVSSwitch s2: lo:127.0.0.1,s2-eth1:None,s2-eth2:None,s2-eth3:None pid=3001>
<OVSSwitch s3: lo:127.0.0.1,s3-eth1:None,s3-eth2:None,s3-eth3:None pid=3004>
<OVSSwitch s4: lo:127.0.0.1,s4-eth1:None,s4-eth2:None pid=3007>
<Controller c0: 127.0.0.1:6633 pid=2979>

Case 3 : Creating tree topology here it’s creating four hosts and three switches.

root@mininet-vm:~# mn –topo=tree,2,2
*** Creating network
*** Adding controller
*** Adding hosts:
h1 h2 h3 h4
*** Adding switches:
s1 s2 s3
*** Adding links:
(s1, s2) (s1, s3) (s2, h1) (s2, h2) (s3, h3) (s3, h4)
*** Configuring hosts
h1 h2 h3 h4
*** Starting controller
c0
*** Starting 3 switches
s1 s2 s3 …
*** Starting CLI:

a) Checking the status of open vswitch.

mininet> sh ovs-vsctl show
0b8ed0aa-67ac-4405-af13-70249a7e8a96
Bridge “s2”
Controller “ptcp:6635”
Controller “tcp:127.0.0.1:6633”
is_connected: true
fail_mode: secure
Port “s2”
Interface “s2”
type: internal
Port “s2-eth1”
Interface “s2-eth1”
Port “s2-eth3”
Interface “s2-eth3”
Port “s2-eth2”
Interface “s2-eth2”
Bridge “s1”
Controller “tcp:127.0.0.1:6633”
is_connected: true
Controller “ptcp:6634”
fail_mode: secure
Port “s1-eth2”
Interface “s1-eth2”
Port “s1-eth1”
Interface “s1-eth1”
Port “s1”
Interface “s1”
type: internal
Bridge “s3”
Controller “tcp:127.0.0.1:6633”
is_connected: true
Controller “ptcp:6636”
fail_mode: secure
Port “s3-eth3”
Interface “s3-eth3”
Port “s3-eth1”
Interface “s3-eth1”
Port “s3”
Interface “s3”
type: internal
Port “s3-eth2”
Interface “s3-eth2”
ovs_version: “2.0.2”

b) Checking the number of nodes and ip information.

mininet> nodes
available nodes are:
c0 h1 h2 h3 h4 s1 s2 s3
mininet> dump
<Host h1: h1-eth0:10.0.0.1 pid=3478>
<Host h2: h2-eth0:10.0.0.2 pid=3481>
<Host h3: h3-eth0:10.0.0.3 pid=3483>
<Host h4: h4-eth0:10.0.0.4 pid=3485>
<OVSSwitch s1: lo:127.0.0.1,s1-eth1:None,s1-eth2:None pid=3490>
<OVSSwitch s2: lo:127.0.0.1,s2-eth1:None,s2-eth2:None,s2-eth3:None pid=3493>
<OVSSwitch s3: lo:127.0.0.1,s3-eth1:None,s3-eth2:None,s3-eth3:None pid=3496>
<Controller c0: 127.0.0.1:6633 pid=3471>

In my next article I will show how to use custom options while creating a topology.

Learning OVS (open vswitch) using mininet — Part 1

In this post  I am going to show you the usage information about the mininet. mininet is wonderful tool for network emulation, we can create switches, host and connection between them for testing purpose.

I have downloaded the mininet from http://mininet.org/download/ and import it as a VM inside the Oracle Virtual box. It’s pretty much easy to do that within few minutes your machine will be ready.

Step 1 : I powered on the VM, and login using mininet username and password. Initially it was having only one interface (eth0).

root@mininet-vm:~# ifconfig -s
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0       458      0      0 0           190      0      0      0 BMRU
lo        65536 0      3449      0      0 0          3449      0      0      0 LRU

Step 2 : I switched to root using “sudo su -” command and issued below command to create a topology. By default it will create a linear topology with two hosts and one switch.

root@mininet-vm:~# mn
*** Creating network
*** Adding controller
*** Adding hosts:
h1 h2
*** Adding switches:
s1
*** Adding links:
(h1, s1) (h2, s1)
*** Configuring hosts
h1 h2
*** Starting controller
c0
*** Starting 1 switches
s1 …
*** Starting CLI:

Step 3 : Now I am at new prompt if I want to issue any OS command instead of coming out of this prompt, we can append the sh to any command, it will show the results from original shell.

mininet> sh ifconfig -s
Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0       1500 0       501      0      0 0           245      0      0      0 BMRU
lo        65536 0      3470      0      0 0          3470      0      0      0 LRU
s1         1500 0         0      0      0 0             0      0      0      0 BRU
s1-eth1    1500 0         0      0      0 0             0      0      0      0 BMRU
s1-eth2    1500 0         0      0      0 0             0      0      0      0 BMRU

Step 4 : Checking the OVS-bridge configuration after configuration of two hosts and one switch.

mininet> sh ovs-vsctl show
0b8ed0aa-67ac-4405-af13-70249a7e8a96
Bridge “s1”
Controller “tcp:127.0.0.1:6633”
is_connected: true
Controller “ptcp:6634”
fail_mode: secure
Port “s1”
Interface “s1”
type: internal
Port “s1-eth2”
Interface “s1-eth2”
Port “s1-eth1”
Interface “s1-eth1”
ovs_version: “2.0.2”

Step 5 : Commands in step 3 and 4 are issued on root shell instead of in mn environment. I am issuing below commands at mn prompt to see the current topology settings.

a) nodes command showing the us all the components present in topology.

mininet> nodes
available nodes are:
c0 h1 h2 s1

b) dump command can give us the more detailed information of every component.
mininet> dump
<Host h1: h1-eth0:10.0.0.1 pid=1870>
<Host h2: h2-eth0:10.0.0.2 pid=1873>
<OVSSwitch s1: lo:127.0.0.1,s1-eth1:None,s1-eth2:None pid=1878>
<Controller c0: 127.0.0.1:6633 pid=1863>
mininet> net
h1 h1-eth0:s1-eth1

c) net command to see the networking connection between the components.

mininet> net
h1 h1-eth0:s1-eth1
h2 h2-eth0:s1-eth2
s1 lo:  s1-eth1:h1-eth0 s1-eth2:h2-eth0
c0

d) We can ping the h2 host from h1 using below command.

mininet> h1 ping h2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=1.44 ms
64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.817 ms
^C
— 10.0.0.2 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.817/1.130/1.443/0.313 ms

e) If I want to issue any command inside the virtual host h1 we can use the SYNTAX like below. It’s showing the interface information from the h1 host.

mininet> h1 ifconfig
h1-eth0   Link encap:Ethernet  HWaddr 1a:3f:3b:a5:4e:dc
inet addr:10.0.0.1  Bcast:10.255.255.255  Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:280 (280.0 B)  TX bytes:280 (280.0 B)

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
UP LOOPBACK RUNNING  MTU:65536  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

f) pingall is wonderful command to test the connectivity of all hosts present in topology.

mininet> pingall
*** Ping: testing ping reachability
h1 -> h2
h2 -> h1
*** Results: 0% dropped (2/2 received)

g) exit command will terminate the existing topology.

mininet> exit
*** Stopping 1 controllers
c0
*** Stopping 2 links
..
*** Stopping 1 switches
s1
*** Stopping 2 hosts
h1 h2
*** Done
completed in 488.486 seconds

h) It’s advisable to run the below command to clear any zombie process once you are back at shell.

root@mininet-vm:~# sudo mn -c
*** Removing excess controllers/ofprotocols/ofdatapaths/pings/noxes
killall controller ofprotocol ofdatapath ping nox_core lt-nox_core ovs-openflowd ovs-controller udpbwtest mnexec ivs 2> /dev/null
killall -9 controller ofprotocol ofdatapath ping nox_core lt-nox_core ovs-openflowd ovs-controller udpbwtest mnexec ivs 2> /dev/null
pkill -9 -f “sudo mnexec”
*** Removing junk from /tmp
rm -f /tmp/vconn* /tmp/vlogs* /tmp/*.out /tmp/*.log
*** Removing old X11 tunnels
*** Removing excess kernel datapaths
ps ax | egrep -o ‘dp[0-9]+’ | sed ‘s/dp/nl:/’
***  Removing OVS datapaths
ovs-vsctl –timeout=1 list-br
ovs-vsctl –timeout=1 list-br
*** Removing all links of the pattern foo-ethX
ip link show | egrep -o ‘([-_.[:alnum:]]+-eth[[:digit:]]+)’
ip link show
*** Killing stale mininet node processes
pkill -9 -f mininet:
*** Shutting down stale tunnels
pkill -9 -f Tunnel=Ethernet
pkill -9 -f .ssh/mn
rm -f ~/.ssh/mn/*
*** Cleanup complete.

In the next article I will show how to create other topologies instead of the default one.