一种基于openflow的虚拟化层软件flowvisor的API测试
注明:本文并不對openflow進行分析,本人也是略略知道這個概念,對flowvisor也只是對其API有所測試,更深的源碼并未涉及,只是希望該文能對以后的flowvisor研究者提供些許幫助。
一:flowvisor簡介
flowvisor是基于openflow的一個中間代理層,其目的在于對物理資源的抽象和分片,從而使得每個控制器下的slice相互隔離,從而做到網絡的虛擬化。現有的openflow機制中,主要提供了虛擬交換機如open vswitch,還有控制器如POX,floodlight等,但沒有一個很好地資源抽象來實現多用戶隔離和分片,flowvisor就是希望完成這個目標。
flowvisor中有幾個比較關鍵的概念。
1.flow:這個其實是對應著openflow報文的10個field的,每一個精確地flow就是這10個filed的一個精確匹配。換言之,由于這10個field總計占256bit,所以這是一個256維的空間,每一個flow就是這個256維空間中的一個點.
2.flowspace:上文提到整個openflow報文在匹配(match)時是一個256維空間中的一個點,那么對于整個網絡而言,其flowspace就是256維空間。正如論文中所說的那樣,flowspace是他們對匹配頭的一個稱呼。比如slice1下控制有一個所有協議使用TCP/IP的報文的流,那么這所有符合這個匹配條件的流就是這一個slice所對應的子空間,也就是改slice所擁有的一個flowspace。不同的slice可以對同一個flowspace有權限,但其權限應該不同.此概念不易理解,可以直接參考論文進行理解。
3.slice:網絡虛擬化的目的,就是希望不同的用戶看到完全隔離的不同的物理網絡,但實際網絡并非用戶看到的那樣,所以slice就是一個對物理網絡的抽象和劃分,就是資源的分割,權限的分配。每一個slice本質上就是一個配置文件,其中對slice的參數進行的描述。在flowvisor中,其存儲在數據庫中。
flowvisor是基于RPC機制的,目前其使用的是JSON-RPC機制,其大致機制如下:
二:API測試
測試環境:ubuntu12.04 LTS
節點拓撲結構:
?
flowspace match字段: all or any is used to specify a flow that matches all packets.
????? in_port=port_no
????????????? Matches? physical? port? port_no.?? Switch ports are numbered as
????????????? displayed by fvctl getDeviceInfo DPID.
?
?????? dl_vlan=vlan
????????????? Matches IEEE 802.1q virtual LAN tag? vlan.?? Specify? 0xffff? as
????????????? vlan? to? match? packets that are not tagged with a virtual LAN;
????????????? otherwise, specify a number between 0 and? 4095,? inclusive,? as
????????????? the 12-bit VLAN ID to match.
?
?????? dl_src=mac
????????????? Matches? Ethernet? source address mac, which should be specified
????????????? as 6 pairs of? hexadecimal? digits? delimited? by? colons,? e.g.
????????????? 00:0A:E4:25:6B:B0.
?
?????? dl_dst=mac
????????????? Matches Ethernet destination address mac.
?
?????? dl_type=ethertype
????????????? Matches Ethernet protocol type ethertype, which should be speci‐
????????????? fied as a integer between 0 and 65535, inclusive, either in dec‐
????????????? imal? or? as a hexadecimal number prefixed by 0x, e.g. 0x0806 to
????????????? match ARP packets.
????? nw_src=ip[/netmask]
????????????? Matches IPv4 source address ip, which should be specified as? an
????????????? IP? address,? e.g.? 192.168.1.1.?? The? optional? netmask allows
????????????? matching only on an IPv4 address prefix.? The netmask is? speci‐
????????????? ficed "CIDR-style", i.e., 192.168.1.0/24.
?
?????? nw_dst=ip[/netmask]
????????????? Matches IPv4 destination address ip.
?
?????? nw_proto=proto
????????????? Matches? IP? protocol type proto, which should be specified as a
????????????? decimal number between 0 and 255, inclusive, e.g. 6 to match TCP
????????????? packets.
?
?????? nw_tos=tos/dscp
????????????? Matches? ToS/DSCP? (only? 6-bits, not modify reserved 2-bits for
????????????? future use) field of IPv4 header tos/dscp, which should be spec‐
????????????? ified as a decimal number between 0 and 255, inclusive.
????? tp_src=port
????????????? Matches transport-layer (e.g., TCP, UDP, ICMP) source port port,
????????????? which should be specified as a? decimal? number? between? 0? and
????????????? 65535? (in? the case of TCP or UDP) or between 0 and 255 (in the
????????????? case of ICMP), inclusive, e.g. 80 to match? packets? originating
????????????? from a HTTP server.
?
?????? tp_dst=port
????????????? Matches transport-layer destination port port.
?
slice權限參數:DELEGATE(1), READ(2), and WRITE(4)
?
API測試:
一:add-
1.add-slice:
命令語法:
fvctl add-slice [options] <slicename> <controller-url> <admin-email>
?
? -d DROP, --drop-policy=DROP
??????????????????????? Drop rule type; default='exact'
? -l, --recv-lldp?????? Slice to receive unknown LLDP; default=False
? -f FLOW, --flowmod-limit=FLOW
??????????????????????? Slice tcam usage; default is none (-1)
? -r RATE, --rate-limit=RATE
??????????????????????? Slice control path rate limit; default is none (-1)
? -p PASSWD, --password=PASSWD
??????????????????????? Slice password
? --disabled??? ????????Disable this slice initially; default=False
輸入:fvctl -p 8081 add-slice -l s4 tcp:127.0.0.1 hyd@126.com
輸出:
Slice s4 was successfully created
root@icecamel-virtual-machine:/home/icecamel/nv# fvctl -p 8081 list-slice-info s4
Password:
{
? "admin-contact": "hyd@126.com",
? "admin-status": true,
? "controller-url": "tcp:127.0.0.1:6633",
? "current-flowmod-usage": 0,
? "current-rate": 0,
? "drop-policy": "exact",
? "recv-lldp": true,
? "slice-name": "s4"
}
輸入:fvctl -p 8081 add-slice -r 1 s5 tcp:127.0.0.1:6640 hyd@126.com
輸出:
Slice s5 was successfully created
root@icecamel-virtual-machine:/home/icecamel/nv# fvctl -p 8081 list-slice-info s5
Password:
{
? "admin-contact": "hyd@126.com",
? "admin-status": true,
? "controller-url": "tcp:127.0.0.1:6640",
? "current-flowmod-usage": 0,
? "current-rate": 0,
? "drop-policy": "exact",
? "recv-lldp": false,
? "slice-name": "s5"
}
ps:
????? 1.slice不可同名
????? 2.slice的controller不可相同
?
2.add-flowspace
語法規則: fvctl add-flowspace [options] <flowspace-name> <dpid> <priority> <match> <slice-perm>
Options:
? -h, --help??????????? show this help message and exit
? -q QUEUES, --queues=QUEUES
??????????????????????? Define list of queues permitted on this flowspace.
? -f FQUEUE, --forced-queue=FQUEUE
??????????????????????? Force a queue id upon output action.
注明:match字段如文檔開頭描述,在這里用perm1=x1,perm=x2的形式列舉希望匹配的字段即可,all或者any可以表示所有資源,slice-perm的規則是slice-name1=num1,slice-name2=num2,其中slice權限參數:DELEGATE(1), READ(2), and WRITE(4)
輸入:fvctl -p 8081 add-flowspace -f 2 fs3 all 100 all s1=5
輸出:
FlowSpace fs3 was added with request id 4
{"force-enqueue": 2, "name": "fs3", "slice-action": [{"slice-name": "s1", "permission": 5}], "queues": [], "priority": 100, "dpid": "all_dpids", "id": 5, "match": {"wildcards": 4194303}}
輸入:fvctl -p 8081 add-flowspace fs12 all 90 all s2=4
輸出:
{
?"dpid": "all_dpids",
?"force-enqueue": -1,
?"id": 7,
?"match": {
? "wildcards": 4194303
?},
?"name": "fs12",
?"priority": 90,
?"queues": [],
?"slice-action": [
? {
?? "permission": 4,
?? "slice-name": "s2"
? }
?]
}
ps:
如果執行fvctl -p 8081 add-flowspace all 90 all s1=5,s2=5,會出現兩個完全一模一樣的flowspace,其ID也是一樣的,避免使用。
?
?
二:list-
1.list-datapaths:Displays the devices
輸入: fvctl -p 8081 list-datapaths
輸出:Connected switches:
? 1 : 00:00:1e:e3:d3:5e:b1:47
? 2 : 00:00:4a:e6:f6:f2:1e:4c
? 3 : 00:00:72:cf:98:c4:27:41
? 4 : 00:00:ee:95:d7:4d:0f:49
?
2.list-datapath-info:Displays information for a connected device
輸入:fvctl -p 8081 list-datapath-info 00:00:1e:e3:d3:5e:b1:47 (00:00:1e:e3:d3:5e:b1:47 是dpid)
輸出:
{
? "connection": "/127.0.0.1:6633-->/127.0.0.1:58527",
? "current-flowmod-usage": {
??? "fvadmin": 0,
??? "s1": 0,
??? "s2": 0
? },
? "dpid": "00:00:1e:e3:d3:5e:b1:47",
? "num-ports": 4,
? "port-list": [
??? 3,
??? 2,
??? 65534,
??? 1
? ],
? "port-names": [
??? "b2-b3",
??? "b2-b1",
??? "b2",
??? "p2"
? ]
}
?
3.list-datapath-stats:Display statistics for a connected device
輸入:fvctl -p 8081 list-datapath-stats 00:00:1e:e3:d3:5e:b1:47
輸出:
{
? "drop": {
??? "Total": {}
? },
? "rx": {
??? "Total": {
????? "ECHO_REPLY": 426,
????? "ECHO_REQUEST": 423,
????? "FEATURES_REPLY": 1,
????? "HELLO": 1
??? },
??? "classifier-dpid=00:00:1e:e3:d3:5e:b1:47": {
????? "ECHO_REPLY": 426,
????? "ECHO_REQUEST": 423,
????? "FEATURES_REPLY": 1,
????? "HELLO": 1
??? }
? },
? "tx": {
??? "Total": {
????? "ECHO_REPLY": 423,
????? "ECHO_REQUEST": 426,
????? "FEATURES_REQUEST": 1,
????? "FLOW_MOD": 1,
????? "HELLO": 1
??? },
??? "classifier-dpid=00:00:1e:e3:d3:5e:b1:47": {
????? "ECHO_REPLY": 423,
????? "ECHO_REQUEST": 426,
????? "FEATURES_REQUEST": 1,
????? "FLOW_MOD": 1,
????? "HELLO": 1
??? }
? }
}
?
4.list-slices: Displays the configured slices
輸入:fvctl -p 8081 list-slices
輸出:
fvadmin???????? --> enabled
s1????????????? --> enabled
s2??????????? ??--> enabled
?
5.list-slice-info:Displays slice information
輸入:fvctl -p 8081 list-slice-info s1
輸出:
{
? "admin-contact": "hyd@126.com",
? "admin-status": true,
? "controller-url": "tcp:127.0.0.1:6636",
? "current-flowmod-usage": 0,
? "current-rate": 0,
? "drop-policy": "exact",
? "recv-lldp": false,
? "slice-name": "s1"
}
?
6.list-slice-stats:Displays statistics about a slice
輸入:
fvctl -p 8081 list-slice-stats s1
fvctl -p 8081 list-slice-stats s2
fvctl -p 8081 list-slice-stats fvadmin
輸出:
Internal Error -> list-slice-stats: No stats exist for this slice : s1
Internal Error -> list-slice-stats: No stats exist for this slice : s2
Internal Error -> list-slice-stats: No stats exist for this slice : fvadmin
?
7.list-flowspace:
fvctl list-flowspace [options]
????? ? -s SLICE, --slice-name=SLICE Fetch flowspace for specified slice.
????? ? -x, --output-hex????? Displays relevant fields in hex
????? ? -p, --pretty-print??? Pretty print output
????? ? --show-disabled?????? Display flowspace for disabled slices
輸入1:fvctl -p 8081 list-flowspace
輸出1:
{"force-enqueue": -1, "name": "fs1", "slice-action": [{"slice-name": "s1", "permission": 5}], "queues": [], "priority": 100, "dpid": "all_dpids", "id": 1, "match": {"wildcards": 4194263, "nw_proto": 0, "dl_dst": "78:45:c4:2d:72:51"}}
輸入2:fvctl -p 8081 list-flowspace? -s s1
輸出:符合結果
輸入3:fvctl -p 8081 list-flowspace? -x (可輸入slice-name)
輸入3:fvctl -p 8081 list-flowspace -p:以列表形式輸出
?
8.list-datapath-flowdb:Displays the contents of the flow db if flow tracking is enabled(跟蹤從slice push到switch的flow)
輸入:fvctl -p 8081 list-datapath-flowdb 00:00:1e:e3:d3:5e:b1:47
輸出:
Flows seen at FlowVisor:
?
9. list-datapath-flowrewritedb:Displays the rewrites (or expansions) FlowVisor has applied(當controller把一個flow向flowvisor push的時候,flowvisor可能會擴展該流,次命令查閱該擴展)
命令格式:fvctl list-datapath-flowrewritedb slice-name dpid
輸入:fvctl -p 8081 list-datapath-flowrewritedb s1 00:00:36:f1:bb:00:67:47
輸出:
Rewrites applied by FlowVisor:
輸入:fvctl -p 8081 list-datapath-flowrewritedb s1 000036f1bb006747
輸出:同上
ps:dpid的格式如果錯誤,會報錯,詳情如下:
輸入:fvctl -p 8081 list-datapath-flowrewritedb s2 0000-3a02-5569-824c
輸出:
HTTP Error 500: Server Error
Rewrites applied by FlowVisor:
Traceback (most recent call last):
? File "/usr/local/bin/fvctl", line 1103, in <module>
??? do_func(gopts, opts, args)
? File "/usr/local/bin/fvctl", line 702, in do_listrewritedb
??? for fbe in ret:
TypeError: 'NoneType' object is not iterable
?
10:list-fs-status:
命令格式: fvctl list-fs-status <fs-id>
命令作用:查看添加flowspace的請求是否被處理或者請求,返回值有UNKNOWN,PENDING,SUCCESS,或者錯誤信息
輸入:fvctl -p 8081 list-fs-status 1
輸出:FlowSpace Request id 1 : SUCCESS
輸入:?? fvctl -p 8081 list-fs-status 10
輸出:FlowSpace Request id 10 : UNKNOWN
?
11:list-fv-health:呈現一些參數
輸入:fvctl -p 8081? list-fv-health
輸出:
{
? "average-delay": 0,
? "instant-delay": 0
}
?
12:list-links:
輸入:fvctl -p 8081 list-links
輸出:
[
? {
??? "attributes": "fakeLink=true",
??? "dstDPID": "00:00:42:49:a6:41:b1:41",
??? "dstPort": "1",
??? "srcDPID": "00:00:3a:02:55:69:82:4c",
??? "srcPort": "0"
? },
? {
??? "attributes": "fakeLink=true",
??? "dstDPID": "00:00:62:0b:89:0d:f5:46",
??? "dstPort": "1",
??? "srcDPID": "00:00:42:49:a6:41:b1:41",
??? "srcPort": "0"
? },
? {
??? "attributes": "fakeLink=true",
??? "dstDPID": "00:00:36:f1:bb:00:67:47",
??? "dstPort": "1",
??? "srcDPID": "00:00:62:0b:89:0d:f5:46",
??? "srcPort": "0"
? },
? {
??? "attributes": "fakeLink=true",
??? "dstDPID": "00:00:3a:02:55:69:82:4c",
??? "dstPort": "1",
??? "srcDPID": "00:00:36:f1:bb:00:67:47",
??? "srcPort": "0"
? }
]
?
三:配置
1.get-config:fvctl -p 8081 get-config
結果:Password:
{
? "api_jetty_webserver_port": 8081,
? "api_webserver_port": 8080,
? "checkpointing": false,
? "config_name": "default",
? "db_version": "2",
? "enable-topo-ctrl": false,
? "flood-perm": {
??? "dpid": "all",
??? "slice-name": "fvadmin"
? },
? "flow-stats-cache": 30,
? "flowmod-limit": {
??? "fvadmin": {
????? "00:00:1e:e3:d3:5e:b1:47": -1,
????? "00:00:4a:e6:f6:f2:1e:4c": -1,
????? "00:00:72:cf:98:c4:27:41": -1,
????? "00:00:ee:95:d7:4d:0f:49": -1,
????? "any": null
??? },
??? "s1": {
????? "00:00:1e:e3:d3:5e:b1:47": -1,
????? "00:00:4a:e6:f6:f2:1e:4c": -1,
????? "00:00:72:cf:98:c4:27:41": -1,
????? "00:00:ee:95:d7:4d:0f:49": -1,
????? "any": null
??? },
??? "s2": {
????? "00:00:1e:e3:d3:5e:b1:47": -1,
????? "00:00:4a:e6:f6:f2:1e:4c": -1,
????? "00:00:72:cf:98:c4:27:41": -1,
????? "00:00:ee:95:d7:4d:0f:49": -1,
????? "any": null
??? }
? },
? "host": "localhost",
? "log_facility": "LOG_LOCAL7",
? "log_ident": "flowvisor",
? "logging": "NOTE",
? "stats-desc": false,
? "track-flows": false,
? "version": "flowvisor-1.4.0"
}
?
2.set-config:設置flowvisor的參數:
For flood permissions, if both the dpid and the
slice are given, then that slice is given permission for that dpid. Otherwise,
the given slice is set as the slice global flood permissions. For flowmod
limits, the limit is set per slice per dpid. The dpid in case could be 'any'.
語法規則:
fvctl set-config [options]
Options:
? -h, --help??????????? show this help message and exit
? -f SLICE[,DPID], --flood-perm=SLICE[,DPID]
??????????????????????? Set the floodperm
? -l SLICE,DPID,LIMIT, --flowmod-limit=SLICE,DPID,LIMIT
??????????????????????? Set the flowmod limit.
? --enable-tracking???? Enable flow tracking.
? --disable-tracking??? Disable flow tracking.
? --enable-stats-desc?? Enable stats description hijacking.
? --disable-stats-desc? Disable stats description hijacking.
? --enable-topo-ctrl??? Enable topology controller.
? --disable-topo-ctrl?? Disable topology controller.
? -c CACHE, --flow-stats-cache=CACHE
??????????????????????? Set the aging timer for the flow stats cache.
輸入:fvctl -p 8081 set-config -f s1 -- enable-tracking
輸出:
Configuration has been updated
(調用get-config后可以看到的確成功修改)
輸入:fvctl -p 8081 set-config -l s1,00:00:36:f1:bb:00:67:47,10
輸出:(修改成功)
root@icecamel-virtual-machine:~# fvctl -p 8081 get-config -s s1 -d 00:00:36:f1:bb:00:67:47
Password:
{
? "api_jetty_webserver_port": 8081,
? "api_webserver_port": 8080,
? "checkpointing": false,
? "config_name": "default",
? "db_version": "2",
? "enable-topo-ctrl": false,
? "flood-perm": {
?? ?"dpid": "00:00:36:f1:bb:00:67:47",
??? "slice-name": ""
? },
? "flow-stats-cache": 30,
? "flowmod-limit": {
??? "s1": {
????? "00:00:36:f1:bb:00:67:47": 10
??? }
? },
? "host": "localhost",
? "log_facility": "LOG_LOCAL7",
? "log_ident": "flowvisor",
? "logging": "NOTE",
? "stats-desc": false,
? "track-flows": true,
? "version": "flowvisor-1.4.0"
}
?
3.save-config:
語法規則:fvctl save-config <file>
輸入: fvctl -p 8081 save-config /home/icecamel/nv/config_test.json
輸出:
Config file written to /home/icecamel/nv/config_test.json.
root@icecamel-virtual-machine:/home/icecamel/nv# ls
config_test.json
?
四:remove與update
1.remove-slice
輸入:fvctl -p 8081 remove-slice s4
輸出:(正常刪除)
?
2.remove-flowspace
輸入:fvctl -p 8081 remove-flowspace fs4
輸出:(正常刪除)
ps:之前在add-flowspace時通過命令fvctl -p 8081 add-flowspace all 100 all s1=5,s2=5同時生成的兩個一模一樣的flowspace通過該命令會被同時刪除
?
3.update-admin-password
語法規則:
fvctl update-admin-password [options]
Update the admin password.
Options:
? -h, --help??????????? show this help message and exit
? -p PASSWD, --password=PASSWD
??????????????????????? New password for admin.
輸入:fvctl update-admin-password -p 123
正常更改
輸入:fvctl -p 8081 update-admin-password -p 123
輸出:前面的更改生效且這次也成功更改
ps:在修改過后重啟,密碼修改失效
?
4.update-flowspace
語法規則:
fvctl update-flowspace [options] <flowspace-name>
Options:
? -h, --help??????????? show this help message and exit
? -d DPID, --dpid=DPID? Set the dpid for flowspace entry.
? -p PRIO, --priority=PRIO
??????????????????????? Set the priority for flowspace entry.
? -m MATCH, --match=MATCH
? ??????????????????????Set the match for flowspace entry.
? -s SACT, --slice-action=SACT
??????????????????????? Set the slice(s) for flowspace entry.
? -q QUEUES, --queues=QUEUES
??????????????????????? Define list of queues permitted on this flowspace.
? -f FQUEUE, --forced-queue=FQUEUE
??????????????????????? Force a queue id upon output action.
輸入:fvctl -p 8081 update-flowspace fs6 -m dl_src=0a:a1:f9:da:26:13,nw_proto=0x1
輸出:
Flowspace fs6 was updated with request id 10
{
?"dpid": "all_dpids",
?"force-enqueue": -1,
?"id": 10,
?"match": {
? "dl_src": "0a:a1:f9:da:26:13",
? "nw_proto": 1,
? "wildcards": 4194267
?},
?"name": "fs6",
?"priority": 101,
?"queues": [
? 2,
? 3,
? 4
?],
?"slice-action": [
? {
?? "permission": 5,
?? "slice-name": "s2"
? }
?]
}
(成功修改,且無論是添加flowspace還是修改flowspace,均會使id增加,修改id為x的flowspace,其輸出結果id=x+n,且該flowspace 的id變為x)
輸入:fvctl -p 8081 update-flowspace fs6 -s s2=5
輸出:Flowspace fs6 was updated with request id 11
?
5.update-slice-password
語法規則:fvctl update-slice-password slice-name -p NewPasswd\
輸入:fvctl update-slice-password s2 -p 123
輸出:Slice password for s2 has been updated.
?
6.update-slice
語法規則:fvctl update-slice [options] <slicename>
輸入:fvctl -p 8081 update-slice s1 -n 192.168.1.133
輸出:
Slice s1 has been successfully updated
{
? "admin-contact": "hyd@126.com",
? "admin-status": true,
? "controller-url": "tcp:192.168.1.133:6636",
? "current-flowmod-usage": 0,
? "current-rate": 0,
? "drop-policy": "exact",
? "recv-lldp": false,
? "slice-name": "s1"
}
輸入: fvctl -p 8081 update-slice s1 -d rule
輸出:
Slice s1 has been successfully updated
root@icecamel-virtual-machine:/home/icecamel/nv# fvctl -p 8081 list-slice-info s1
Password:
{
? "admin-contact": "hyd@126.com",
? "admin-status": true,
? "controller-url": "tcp:192.168.1.133:6636",
? "current-flowmod-usage": 0,
? "current-rate": 0,
? "drop-policy": "rule",
? "recv-lldp": false,
? "slice-name": "s1"
}
?
7.register-event-callback:Registers for events from FlowVisor. Possible events are: DEVICE_CONNECTED,
SLICE_CONNECTED, SLICE_DISCONNECTED and FLOWTABLE_CALLBACK. For
FLOWTABLE_CALLBACK event type dpid has to be input with -d option. More events
may be added later.
語法規則:
fvctl register-event-callback <url> <methodname> <eventtype> <name>
轉載于:https://www.cnblogs.com/hyd-desert-camel/p/3891515.html
總結
以上是生活随笔為你收集整理的一种基于openflow的虚拟化层软件flowvisor的API测试的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: JS replace()方法-字符串首字
- 下一篇: JS事件冒泡