Thanks Patricio this really help. I've a few more questions : How to decode NSH header in SFs nodes with tcpdump or wireshark ? Is it possible to rewrite NSH header as iptables does for IP packets ?
Regards, On 6 September 2016 at 04:09, Patricio Latini <[email protected]> wrote: > Here you have the procedure (no special bridge for the machines they use > br-sfc as in the demo103). > > Starting with 6 clean VMs with Debian 8.5 > > *On Both Classifiers and SFFs (Build OVS with PAtch)* > > curl -o start-ovs-deb.sh https://raw.githubusercontent. > com/priteshk/ovs/nsh-v8/third-party/start-ovs-deb.sh > chmod 755 start-ovs-deb.sh > sed -i "s|nodownload=*|nodownload=1|" start-ovs-deb.sh > git clone https://github.com/openvswitch/ovs > git clone https://github.com/yyang13/ovs_nsh_patches > cd ovs > git reset --hard 7d433ae57ebb90cd68e8fa948a096f619ac4e2d8 > cp ../ovs_nsh_patches/*.patch ./ > git am *.patch > cd .. > bash ./start-ovs-deb.sh > > service openvswitch-switch stop > rm -rf /var/log/openvswitch/* > rm -rf /etc/openvswitch/conf.db > rm -rf /etc/openvswitch/.conf.db.~lock~ > rm -rf /var/lib/openvswitch/conf.db > rm -rf /var/lib/openvswitch/.conf.db.~lock~ > service openvswitch-switch start > ovs-vsctl show > ovs-vsctl set-manager tcp:10.0.0.20:6640 > ovs-vsctl show > ovs-vsctl list Open_vSwitch > ovs-vsctl add-br br-sfc > > *On Both Classifiers * > > ip netns add app > ip link add veth-app type veth peer name veth-br > ovs-vsctl add-port br-sfc veth-br > ip link set dev veth-br up > ip link set veth-app netns app > > *Then On Classifier 1* > ip netns exec app ifconfig veth-app 192.168.2.1/24 up > ip netns exec app ip link set dev veth-app addr 00:00:11:11:11:11 > ip netns exec app arp -s 192.168.2.2 00:00:22:22:22:22 -i veth-app > ip netns exec app ip link set dev veth-app up > ip netns exec app ip link set dev lo up > ip netns exec app ifconfig veth-app mtu 1400 > ovs-vsctl show > sudo ovs-ofctl dump-flows -OOpenflow13 br-sfc > sudo ip netns exec app wget http://192.168.2.2 > > *Then On Classifier 2* > > ip netns exec app ifconfig veth-app 192.168.2.2/24 up > ip netns exec app ip link set dev veth-app addr 00:00:22:22:22:22 > ip netns exec app arp -s 192.168.2.1 00:00:11:11:11:11 -i veth-app > ip netns exec app ip link set dev veth-app up > ip netns exec app ip link set dev lo up > ip netns exec app ifconfig veth-app mtu 1400 > ovs-vsctl show > ip netns exec app python -m SimpleHTTPServer 80 > > *—————-* > > *On the SFs* > > apt-get update > apt-get install -y python3-pip unzip > git clone https://git.opendaylight.org/gerrit/p/sfc.git > cd sfc > wget https://git.opendaylight.org/gerrit/changes/41530/revisions/ > 60b361ad463518a87210c73fc16d1245c49212b9/patch?zip > wget https://git.opendaylight.org/gerrit/changes/41532/revisions/ > db9d1944eff2cbb156597230c148d68af4e74011/patch?zip > unzip patch?zip > unzip patch?zip.1 > git am *.diff > cd sfc/sfc-py > pip3 install -r requirements.txt > nohup python3.4 sfc/sfc_agent.py --rest --odl-ip-port 10.0.0.20:8181 & > > *—————————————————* > *Openstack commands* > > *In my case i was using the same ODL used for Openstack so instead of > using 192.168.1.5 i was using 10.0.0.20 for my ODL instance and has to > route it through the network node* > > *Commands* > > > > *neutron net-create ext-net --shared --router:externalneutron > subnet-create ext-net 192.168.2.0/24 <http://192.168.2.0/24> --name > ext-subnet \ --allocation-pool start=192.168.2.200,end=192.168.2.219 \ > --disable-dhcp --gateway 192.168.2.1neutron router-create SFC-Routerneutron > net-create SFC-Net --provider:network_type vxlan --provider:segmentation_id > 20neutron subnet-create SFC-Net —name=SFC-Subnet 192.168.1.0/24 > <http://192.168.1.0/24>neutron router-interface-add SFC-Router > SFC-Subnet#neutron router-gateway-set SFC-Router ext-netneutron > router-gateway-set --disable-snat SFC-Router ext-netneutron router-update > SFC-Router --route destination=10.0.0.0/24,nexthop=192.168.2.145 > <http://10.0.0.0/24,nexthop=192.168.2.145>openstack server create --flavor > m1.small --image “SFC Server 1 - Classifier 1" --nic net-id=$(openstack > network show SFC-Net | awk '/ id / {print $4}'),v4-fixed-ip=192.168.1.10 > --security-group default --key-name mykey "SFC Server 1 - Classifier 1"* > *openstack server create --flavor m1.small --image "SFC Server 2 - > Classifier 2" --nic net-id=$(openstack network show SFC-Net | awk '/ id / > {print $4}'),v4-fixed-ip=192.168.1.60 --security-group default --key-name > mykey "SFC Server 2 - Classifier 2"* > *openstack server create --flavor m1.small --image "SFC Server 3 - SFF 1" > --nic net-id=$(openstack network show SFC-Net | awk '/ id / {print > $4}'),v4-fixed-ip=192.168.1.20 --security-group default --key-name mykey > "SFC Server 3 - SFF 1"* > *openstack server create --flavor m1.small --image "SFC Server 4 - SFF 2" > --nic net-id=$(openstack network show SFC-Net | awk '/ id / {print > $4}'),v4-fixed-ip=192.168.1.50 --security-group default --key-name mykey > "SFC Server 4 - SFF 2"* > *openstack server create --flavor m1.small --image "SFC Server 5 - SF 1" > --nic net-id=$(openstack network show SFC-Net | awk '/ id / {print > $4}'),v4-fixed-ip=192.168.1.30 --security-group default --key-name mykey > "SFC Server 3 - SF 1"* > *openstack server create --flavor m1.small --image "SFC Server 6 - SF 2" > --nic net-id=$(openstack network show SFC-Net | awk '/ id / {print > $4}'),v4-fixed-ip=192.168.1.40 --security-group default --key-name mykey > "SFC Server 4 - SF 2"* > > *Then you can run the jsons to ODL to create the specific objects (I > created a Postman collection with the data taken from the source).* > > *Hope it helps * > > On Sep 5, 2016, at 4:56 PM, Alioune <[email protected]> wrote: > > Thanks Patricio, > > I've a few questions about your configurations: > - Did you create SFFs and Classifiers into the openstack's br-int ? > - In a such case which IP address you used since br-int hasn't any IP ? > > Regards, > > On 5 September 2016 at 19:58, Patricio Latini <[email protected]> > wrote: > >> Right, anyway I have successfully replicated the configuration of SFC103 >> using Openstack and have been able to “manually” get it running using the >> Debian 8.5 base image for the Classifiers,SFF and SF. I was working on >> automating that using cloudinit but i will better wait to see Tim’s Tacker >> Implementation as that is the end goal… >> >> Patricio >> >> On Sep 4, 2016, at 8:54 PM, Zhou, Danny <[email protected]> wrote: >> >> You can absolutely analysis the NSH traffics with NSH and transport >> header, using tcpdump and Wireshark which needs to >> install a NSH decoder, see attached for details about that decoder. >> >> SFC-103 starts OVS and SF using scripts, so it cannot work directly on >> Openstack platform, but Tim had integrated ODL SFC >> with Openstack as well as Tacker for a similar setup for SFC@OPNFV >> project. >> >> *From:* Alioune [mailto:[email protected] <[email protected]>] >> *Sent:* Monday, September 5, 2016 7:48 AM >> *To:* Zhou, Danny <[email protected]> >> *Cc:* sfc-dev opendaylight <[email protected]> >> *Subject:* Re: [sfc-dev] SFC-103 SF NSH aware >> >> Thanks Danny for the reply. >> >> If I understand we can not analyse the traffic on SFs since the real one >> is encapsulated by NSH. >> >> Someone has already tried SFC-103 demo on Openstack platform ? >> >> Regards, >> >> On 5 September 2016 at 01:30, Zhou, Danny <[email protected]> wrote: >> >> The SFC-103 only includes the NSH aware SF, which means the SF recognizes >> the NSH as well as transports (e.g. VxLAN-GPE, Eth) in >> front of the original frame (say the TCP/HTTP packet in your case), so >> the SFF should keep the NSH instead of removing them. >> >> The SFC-104 demo post Boron will be including VPP based NSH proxy which >> could remove the NSH when steering traffic to >> NSH unaware SFs. >> >> *From:* [email protected] [mailto:sfc-dev >> [email protected]] *On Behalf Of *Alioune >> *Sent:* Monday, September 5, 2016 5:40 AM >> *To:* sfc-dev opendaylight <[email protected]> >> *Subject:* [sfc-dev] SFC-103 SF NSH aware >> >> Hi all, >> I'm testing the SFC 103 demo, after launching the demo.sh all nodes and >> SFC services are corretlly configured. >> I run tcpdump on eth0 in SF1 and I expect to se e the HTTP traffic but it >> is encapsulated in UDP frames. >> >> Why does the SFF1 not remove the NSH headers ? >> Is there specific configuration for doing that ? >> >> Regards, >> >> >> <Mail Attachment.eml>_______________________________________________ >> sfc-dev mailing list >> [email protected] >> https://lists.opendaylight.org/mailman/listinfo/sfc-dev >> >> >> > >
_______________________________________________ sfc-dev mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/sfc-dev
