OESS is a set of software that can be used to configure and control dynamic (user-controlled) layer 2 virtual circuit (VLAN) networks using OpenFlow Enabled switches. OESS provides sub-second circuit provisioning, automatic circuit failover, per-interface permissions, and automatic per-VLAN statistics. It includes simple and user friendly web-based user interface as well as a web services API.
Please see here for additional documentation on OESS.
Steps to install OE-SS on the IDC (this replaces DRAGON)
0) Become root and stop OSCARS
sudo su -
/etc/init.d/oscars stop
1) Make a backup of the config /etc/oscars/PSSService
cp /etc/oscars/PSSService /etc/oscars/PSSService.bak
2) Remove PSS Dragon
yum remove oscars-pss-dragon
3) Install PSS Stub
yum install oscars-pss-stub
4) Set publishTo
vi /etc/oscars/PSSService/conf/config.SSL.yaml
—
soap:
publishTo: 'https://<your.host.name>/idc/idc.cgi'
5) Follow the OE-SS installation instructions:http://code.google.com/p/nddi/wiki/README
Also, in the list of downloads is a PDF documenting the OE-SS frontend:http://code.google.com/p/nddi/downloads/list
Commands to check OESS status on the switch
switch>show openflow of-instance 1
Instance : 1
Admin State : Up
Interface Type : Port
DP Id : 00:01:00:01:e8:8b:59:c6
Forwarding Tbls : acl
Flow map :
LB assist : disabled
EchoReq interval: 15 seconds
Connect interval: 15 seconds
Number of Flows : 4 (acl:4)
Packets (acl) : 263
Bytes (acl) : 18824
Controller 1 : TCP, 207.75.165.218/6633, connected (equal)
Controller 2 : -
Port List :
Te 0/0 (1), Te 0/18 (19), Te 0/19 (20)
Te 0/24 (25)
Vlan List :
Vlan Mbr list :
Look for the ports that are part of the OpenFlow instance in the Port List. The Controller information should match the IDC and indicate "connected."
Check to see if a local circuit creation worked. In this case, Te0/0 and Te0/19 on vlan 503.
Look for the VLAN id and the In Port and Output: port, highlighted below. There should be two flows, one for each end of the VLAN path. There are some default flows that will appear in the list.
switch>show openflow flows of-instance 1
Instance: 1, Table: acl, Flow: 3, Cookie: 0x0
Priority: 32768, Internal Priority: 32768
Up Time: 0d 00:10:38, Hard Timeout: 0 seconds
Idle Timeout: 0 seconds, Internal Idle Timeout: 0 seconds
Packets: 0, Bytes: 0
Match Parameters:
Valid Match: InPort,Vid
In Port : Te 0/0 EType : *
SMAC : * DMAC : *
VLAN id : 503 VLAN PCP : *
IP TOS : * IP proto : *
Src IP : * Dest IP : *
Src Port : * Dest Port : *
Actions:
Set VLAN id: 503
Output: Te 0/19
Instance: 1, Table: acl, Flow: 4, Cookie: 0x0
Priority: 32768, Internal Priority: 32768
Up Time: 0d 00:10:39, Hard Timeout: 0 seconds
Idle Timeout: 0 seconds, Internal Idle Timeout: 0 seconds
Packets: 0, Bytes: 0
Match Parameters:
Valid Match: InPort,Vid
In Port : Te 0/19 EType : *
SMAC : * DMAC : *
VLAN id : 503 VLAN PCP : *
IP TOS : * IP proto : *
Src IP : * Dest IP : *
Src Port : * Dest Port : *
Actions:
Set VLAN id: 503
Output: Te 0/0
Add port to your set of OESS Active Network Elements.
The process for adding ports to your openflow instance consists of two parts. Adding the port(s) to the of-instance on the switch and configuring that port in the OESS web ui.
Adding ports to the switch is done in three parts: shutdown openflow, add the port(s), re-enable openflow. The switch will continue to pass traffic while the openflow instance is shut down.
Configuring the port in the OESS web ui consists of four parts: Admin - Network to update the VLAN list, Admin - Workgroups to give ownership of the interface to a workgroup, Admin - Network (again) to add an ACL to the interface, Admin - Remote Links to upload the changed topology file to the Topology Lookup service.
#---- First you must add the port to the openflow of-instance on the switch. The of-instance must be shutdown before doing this. #---- Otherwise you get an error. In addition, you must be in enable mode to do this. #---- If you don't first shutdown the openflow instance, this happens... sw-yourswitch(conf)#interface tengigabitethernet 0/20 sw-yourswitch(conf-if-te-0/20)#of-instance 1 % Error: Cannot modify OF instance while admin up. #---- Do this instead. Adds port Te0/20. sw-yourswitch#conf sw-yourswitch(conf)#openflow of-instance 1 sw-yourswitch(conf-of-instance-1)#shutdown sw-yourswitch(conf-of-instance-1)#exit sw-yourswitch(conf)#interface tengigabitethernet 0/20 sw-yourswitch(conf-if-te-0/20)#description OpenFlow controlled port 0/20 <- Or whatever description you designate sw-yourswitch(conf-if-te-0/20)#no switchport sw-yourswitch(conf-if-te-0/20)#of-instance 1 sw-yourswitch(conf-if-te-0/20)#exit sw-yourswitch(conf)#openflow of-instance 1 sw-yourswitch(conf-of-instance-1)#no shutdown sw-yourswitch(conf-of-instance-1)#exit sw-yourswitch(conf)#exit sw-yourswitch# show openflow of-instance 1 should display the newly added port.
Now go to the Admin interface in the OESS UI. When you click Network and click on the switch (the blue dot) in Active Network Elements you should see the newly added port. If you don't see it, check to see that oess is running on the vm (service oess status). If it isn't issue service oess restart. Click the VLAN Tags cell in the new ports row and update the available VLAN range. If you click View ACLs at this point you'll get an alert stating, "You must first add a workgroup as the owner of this interface." Click ok if the alert is present. I suggest also setting the Description cell for the new port. That will help later when setting up VLANs. If you're done, click "Update Device." DO NOT CLICK Decommission Device!!! Please contact the Internet2 NOC if this happens.
The new port must now be added to a workgroup before it can be used. Click on Workgroups on the left. Select the workgroup to which you'd like to add the port. Click Add Interface under the Owned Interfaces box on the right. A map will be displayed with your devices designated by blue dots. Click the dot representing your device. Select the interface(s) in the list that appears. If you select a port or ports that are already in the workgroup you'll get a message "Error adding port: Interface already belongs to this workgroup's edge ports." Click the port and you should see the message "Interface Added Successfully." Click Done Adding Interfaces when finished.
Now go back and click the Network tab on the left and click your blue dot. Now when the list of interfaces appears you should see the newly added interface with the workgroup that was just added in the proper cell. At this point you can now click View ACLs and make changes as you see fit. Click Update Device when done.
IMPORTANT STEP
The changes just made will result in changes to your topology file that OSCARS uses to calculate paths. That file should be uploaded to the Topology Lookup service. In the Admin interface (Admin button in the upper right) click "Remote Links." On the right are two buttons: "View Topology" and "Submit Topology." View shows what the topology file currently contains. Check that the new interface(s) are in this file and that the VLAN ranges are correct. When everything looks correct, click "Submit Topology." The message: "Topology has been resubmitted successfully." should appear. Click Ok. Check that the Lookup service has the new changes. https://ndb7.net.internet2.edu/TopologyViewer/ and enter your domain at Enter Domain. There may be a delay of a few minutes before your changes appear in the Lookup service.
Add a user to the user list
First add the user in the OESS web ui.
Login to the vm as root
— Now add the new user's password to htpasswd file
/usr/bin/htpasswd /usr/share/oess-frontend/www/.htpasswd username
New password:
Re-type new password:
Adding password for user username