Deploy an SDN Wired/Wireless Network with Open vSwitch* and Faucet*

ID 标签 688372
已更新 4/24/2017
版本 Latest
公共

author-image

作者

By Shivaram Mysore

Overview

This article describes a Software Defined Networking (SDN) enabled wireless network using Intel hardware, Open vSwitch* (OvS) and Faucet*, which is an open source SDN controller. Instructions on how to configure this network are included.

Why an SDN-Enabled Network?

Unlike a traditional L2/L3 switch, an SDN-enabled switch provides for control and data plane separation. In the above illustration, Faucet represents a controller, and OvS can represent a data plane switch. With the use of standards-based OpenFlow* protocol, you don’t have to write device-specific drivers to handle various switch data paths. Additional advantages include the following:

  • Upgrade controller in <1 sec while the network is still running, without having to reboot the hardware; help prevent zero-day attacks
  • Easy automation and integration with YAML-based configuration
  • Configurable learning; example: unicast flooding
  • Configurable routing algorithms
  • ACLs, policy-based forwarding (PBF), policy-based routing (PBR) based on OpenFlow matches
  • Stacking of vendor-agnostic switches (fabric)
  • High availability via Idempotency
  • Scalability
  • Data plane for network functions virtualization (NFV)
  • NFV offload support: DHCP, DNS, NTP, BGP, Radius, and more
  • Dynamic segmentation based on 802.1x
  • Real-time network statistics and flow information (at most a 10 second delay). Statistics are in time-series Influx database so that one can look at the network historically. Flows are stored in CouchDB*.
  • Applications are written to Apache CouchDB™ and InfluxDB* APIs for network state information without causing network switch performance overhead.

Refer to Faucet presentations and articles for more detailed information.

Faucet Network Deployment

The figure above shows the network configuration. The Intel® processor-based server hosts the OvS (v2.6) software on Ubuntu* v16.10 to serve as the OpenFlow switch data plane. Another Intel® Celeron® processor-based box (QOTOM Mini PC) running Ubuntu 16.10 serves as the host for the Faucet and Gauge* controller. A pfSense*-based router is used for network isolation.

Setting Up the Software

PfSense

Download and install the open source PfSense router software on an Intel processor-based box (example: QOTOM Mini PC). Most of the required services run out of the box on installation.

Faucet and Gauge Controller

  1. Install Ubuntu 16.10 server on an Intel processor-based box (example: QOTOM Mini PC). Alternatively, a virtual machine or Docker image can be used. Refer to the Faucet website for more information.
  2. After installation, as user root, git clone the repository.
    $ sudo su
    $ cd ~/
    # git clone https://github.com/shivarammysore/faucetsdn-intel/
    # cd ~/faucetsdn-intel/src/scripts/install
  3. Run the script to set up Faucet, CouchDB, Grafana* Server for Gauge.
    # cd ~/faucetsdn-intel/src/scripts/install
    # ./install_4faucet.sh
  4. Make sure to update the configuration files with the correct Datapath ID (dp_id) and port information. For more information on modifying the files, check out the Faucet YouTube* demo videos :
    # /etc/ryu/faucet/faucet.yaml
    # /etc/ryu/faucet/gauge.yaml


    Restart services as needed.
    # systemctl restart faucet
    # systemctl restart gauge
  5. This should start the Faucet and Gauge services. Note the IP address of the machine. Faucet runs on port 6653 and Gauge on port 6654.

Installing Open vSwitch on Intel x86

This section lists the steps for getting OvS working as a software switch. Here we will make sure all the connectivity and software stack works.

  1. Install the Ubuntu 16.10 server on the Intel processor-based server as shown in the figure above. You only need to install the OpenSSH* basic system utilities packages.
  2. After installation, as user root, git clone the repository
    $ sudo su
    $ cd ~/
    # git clone https://github.com/shivarammysore/faucetsdn-intel/
    # cd ~/faucetsdn-intel/src/scripts/install
  3. Edit the installation script - Step1_install_u16_10s_pkgs.sh
    1. Things to edit - USER_LIST - name of the user on the system
    2. Check all the interface names to make sure that they match your system.
  4. Run the script to install the required packages, and then set up Docker. Note: For simplification, at this time Docker is not used, so you may want to consider commenting out the Docker section as appropriate.
    # ./Step1_install_u16_10s_pkgs.sh
  5. Edit the ovswitch.properties file, which is self-descriptive.
    1. Make sure IPV6 = false and DPDK = false
    2. Refer to the above figure for various port names and relationships.
  6. Run the script to set up OvS
    # ./Step3_setup_ovs.sh
  7. Make sure that the value of DATAPATH_ID in ovswitch.properties is that same as the one in /etc/ryu/faucet/faucet.yaml file. This tells the controller which switch it needs to manage and monitor.
  8. If everything is set up right, OvS is running and should already be managed by the controller.

Wireless

  1. Connect any wireless access point, such as the low cost TP-LINK TL-WA855RE, to one of the OpenFlow ports managed by the OvS bridge.
  2. Because the LAN cable terminates on an OpenFlow port, any client connected to the wireless AP will be served by OpenFlow-enabled OvS and controlled by Faucet.

Summary

In this article, we learned how simple it is to configure an Enterprise grade, fully programmable SDN Wired/Wireless network using off-the-shelf Intel x86 Hardware and Faucet SDN Controller software. This setup enables on-demand programming for security and network operations scenarios.

Questions and Support

About the Author

Shivaram Mysore has been a serial entrepreneur, proven results oriented business leader and recognized technical expert in Security (Cryptography, Identity, Web Services, XML) & Networking (SDN). He has worked for companies such as Sun Microsystems (Sunlabs/JavaSoft), Microsoft, Infoblox, consulted for fortune 500 companies apart from contributing to development of many industry standards at W3C, ONF, PC/SC Workgroup and ANSI . Currently, he contributes as a core team member to Faucet SDN related open source initiatives and helping organizations deploy SDN.  He can be reached via shivaram dot mysore at gmail dot com.

References

"