Controller Setup

Once the switches have been configured to run OpenFlow and each instance pointed to the controller running on port 6633, we start the controller on that port in a dedicated server.

Guest controller

There are several options to running the OpenFlow controller. You either run NOX (Please refer to the Controller Setup Section for multiple PCs/NetFPGA setup) or SNAC. In the production environment, we recommend running SNAC.

SNAC

• Download the SNAC binary on the dedicated server. SNAC binary requires that you have a Debian system (The packages were built on Debian stable lenny)
• Install the required dependencies

$ sudo apt-get update
$ sudo apt-get install openssl libboost-test1.34.1 libboost-filesystem1.34.1 libboost-serialization1.34.1 libxerces-c28 python2.5 python-twisted python-simplejson python-mako python-openssl tmpreaper

• Unzip and Install the binaries

$ tar xvfz snac_packages.tar.gz
$ sudo dpkg -i *.deb

• After that installs SNAC, you need to configure the installation by editing /etc/default/noxcore to add these lines:

OF_LISTEN="-i ptcp:8888"
WWW_LISTEN_PORT="80"

• Start SNAC by running command "sudo /etc/init.d/noxcore restart".
• Visit https://controller-IP-address/ and login as “admin” with no password.
• All new switches will appear in the list of switches as “unregistered”. You must register each by clicking on “Register Switch”, after which they start being switches using SNAC

FlowVisor

To run multiple experiments (or OpenFlow networks) over the same infrastructure, we use the FlowVisor software. FlowVisor is a special purpose OpenFlow controller that acts as a transparent proxy between OpenFlow switches and multiple OpenFlow controllers. Thus, it creates slices of network resources and delegates control of each slice to a different controller. Slices can be defined by any combination of switch ports (layer 1), src/dst ethernet address or type (layer 2), src/dst IP address or type (layer 3), and src/dst TCP/UDP port or ICMP code/type (layer 4).

To instantiate the different slices, undertake the following steps:

• Download and compile latest code of FlowVisor while being in user mode:

$ git clone git://openflowswitch.org/flowvisor.git 
$ cd flowvisor
$ ./boot.sh
$ ./configure --with-openflow-src-dir=/path/to/openflow 
$ make

• Once installed, you need to create the ./flowvisor-conf.d directory for listing the different policy configurations. Current flowvisor implementation requires that you add the default.switch and at least one controller.guest policy file:

$cd  <flowvisor src dir>
$mkdir flowvisor-conf.d
$cat  >  flowvisor-conf.d/default.switch
Default: 1
ID: 9999

$cat >  flowvisor-conf.d/snac.guest
Name: snac
ID: 1
Host: tcp:localhost:8888
FlowSpace: deny:  tp_src: 80  limit: 10000
FlowSpace: deny:  tp_dst: 80  limit: 10000
FlowSpace: allow:  limit: 10000

• The above configuration means that the FlowVisor will forward ALL control messages, except that belonging to HTTP traffic, to the SNAC instance running on the localhost port number 8888.
• Run FlowVisor from user mode with the following command.

$./flowvisor ptcp:6633

• It is possible to start a new guest slice by adding another guest file in the directory and restarting FlowVisor:

$cat >  flowvisor-conf.d/http.guest
Name: http
ID: 2
Host: tcp:localhost:8890
FlowSpace: allow:  tp_src: 80  limit: 10000
FlowSpace: allow:  tp_dst: 80  limit: 10000

This creates two slices: one for the production traffic (managed by SNAC), and one for the experimental HTTP traffic (possibly managed by NOX). This is the simplest case. To slice the network in more finer grain, please refer to the FlowVisor manual.