You are here: Home Research SDN@EDGE: Operations guide

SDN@EDGE: Operations guide

by Fabio Mignini last modified Apr 24, 2015 04:49 PM

Operations guide for FROG3.0 infrastructure

Operational guide

In this section is presented some operations that could be done in the FROG environment (e.g instantiate a Service Graph or a Forwarding Graph).

Instantiate a Service Graph

  • Obtain the keystone token:
  • Method: PUT
      Description: Authenticates and generates a token (this token is necessary for all other requests, not only for the service graph instantiation).
        URL: http://controller.ipv6.polito.it:35357/v2.0/tokens
          Header: 
          Content-Type: application/json
            Request:

            Replace <tenant-name>, <username> and <password> with your credential provided by the FROG administrator at the POLITO domain.

            {"auth": {"tenantName": <tenant-name>, "passwordCredentials": {"username": <username>, "password": <password>}}}
          • Service layer API to instantiate a service graph:
          • Method: PUT
              Description: Instantiate the user's service graph if it is not yet instantiated, otherwise update the NF-FG with a new ingress rule for the new device.
                URL: http://orchestrator.ipv6.polito.it:8000/orchestrator/
                  Header: 
                  Content-Type: application/json
                  X-Auth-Token: <kestone-token>
                    Request:

                    The field mac is not mandatory

                    {"session":{
                    "session_param" : {
                    "mac": <device_mac_address>
                    }}}
                    Normal response code: 202

                  Delete a Service Graph

                  • Service layer API to delete a service graph:
                  • Method: DELETE
                      Description: Delete the user's service graph. If the service graph that you are going to delete is associated to multiple MAC addresses, this operation will delete only the ingress rule associated with the specified MAC address, not the entire service graph.
                        URL: http://orchestrator.ipv6.polito.it:8000/orchestrator/<mac_address> or http://orchestrator.ipv6.polito.it:8000/orchestrator/
                          Header: 
                          Content-Type: application/json
                          X-Auth-Token: <kestone-token>
                          Normal response code: 200

                        Add a new Virtual Network Function

                        • Upload the image to the Image Service:
                        • $ glance image-create --name=IMAGELABEL --disk-format=FILEFORMAT \
                            --container-format=CONTAINERFORMAT --is-public=ACCESSVALUE < IMAGEFILE
                          • Where:
                          • IMAGELABEL: Arbitrary label. The name by which users refer to the image. FILEFORMAT: Specifies the format of the image file. Valid formats include qcow2, raw, vhd, vmdk, vdi, iso, aki, ari, and ami. 
                            • You can verify the format using the file command: 
                              • $ file cirros-0.3.2-x86_64-disk.img
                              cirros-0.3.2-x86_64-disk.img: QEMU QCOW Image (v2), 41126400 bytes

                            CONTAINERFORMAT: Specifies the container format. Valid formats include: bare, ovf, aki, ari and ami. Specify bare to indicate that the image file is not in a file format that contains metadata about the virtual machine. Although this field is currently required, it is not actually used by any of the OpenStack services and has no effect on system behavior. Because the value is not used anywhere, it is safe to always specify bare as the container format. 

                            ACCESSVALUE: Specifies image access:

                            • true - All users can view and use the image.
                            • false - Only administrators can view and use the image.
                            IMAGEFILE: Specifies the name of your downloaded image file.
                        • Create a new VNF template:
                          • Example template:
                          • {
                            	"name": "switch",
                            	"expandable": false,
                            	"uri": "http://repository_of_vnf_descriptor/example",
                            	"vnf-type": "virtual-machine",
                            	"memory-size": 4096,
                            	"root-file-system-size": 40,
                            	"ephemeral-file-system-size": 0,
                            	"swap-disk-size": 0,
                            	"CPUrequirements": {
                            		"platformType": "x86",
                            		"socket": [
                            			{
                            				"coreNumbers": 1
                            			}
                            		]
                            	},
                            	"ports": [
                            		{
                                  		"position": "0-N",
                                  		"label": "L2",
                                  		"min": "1",
                                  		"ipv4-config": "none",
                                  		"ipv6-config": "static",
                                  		"name": "eth"
                                	}
                            	]
                            }
                          • Field details:
                          • Field Description Parent Field
                            name Identify the template.  

                            expandable

                            If it is true means that the VNF linked in the uri is in turn an NF-FG.  

                            uri

                            URI of the image of the VNF. The structure of the uri is: 

                            http://controller.ipv6.polito.it:9292/v2/images/<image-id>. You can obtain the image id using this command: glance image-list.

                             

                            vnf-type

                            Identify the type of VNF. It could be 'virtual-machine' or 'docker'.  

                            memory-size

                            Identify the minimum requirements in terms of memory of the VNF.  

                            root-file-system-size

                            Identify the minimum requirements in terms of root file system of the VNF.  

                            ephemeral-file-system-size

                            Identify the minimum requirements in terms of ephemeral file system of the VNF.  

                            swap-disk-size

                            Identify the minimum requirements in terms of swap disk size of the VNF.  

                            cpu-requirements

                            Contain the minimum requirement in terms of cpu.  

                            platformType

                            Identify the platform supported by the VNF. cpu-requirements

                            socket

                            Contain a list of minimum sockets required by the VNF. cpu-requirements

                            coreNumbers

                            Identify the minimum cpu core number required by the VNF. socket

                            ports

                            Contain the  requirements in terms of virtual interfaces of the VNF.  

                            position

                            Specifies both the number of the ports of a certain type (label) and the internal index of the interfaces. The number of ports of a specific label is given by the difference between the second and the first number of the range more one (e.g. "position": "1-2" means there are 2 ports of that label), it is ´┐╝also possible to insert N as value of last number of the range to indicate a variable number of interfaces available on VNF. ports

                            label

                            Specifies the purpose of that port, and it is useful in the definition of the SG, since it helps to properly connect the VNF with the other components of the service (e.g., the external port of the firewall should be connected towards the Internet, while the internal ones should be connected towards the users). The label could assume any value, and it is meaningful only in the context of the VNF. The only value intercepted by our infrastructure is 'control'. In that case thi service layer automatically connect that port to a control network. ports

                            min

                            Determine the minimal number of port of a specific label. ports

                            ipv4-config

                            Indicates if the port cannot be associated with an IPv4 address (none), or if it can be statically (static) or dynamically configured (DHCP). ports

                            ipv6-config

                            Same of ipv4-config. ports

                            name

                            Internal name of the interface (e.g. eth, em) ports

                        • Send the VNF template to the FROG administrator at the POLITO domain.

                         

                        Create a Service Graph

                        • Service Graph example:
                        • Service graph example 
                        • The following JSON is the representation of the above picture:
                        • {
                            "profile": {
                              "VNFs": [
                                {
                                  "vnf_descriptor": "switch.json",
                                  "id": "Switch",
                                  "name": "Switch",
                                  "ports": [
                                    {
                                      "id": "L2Port:0",
                                      "outgoing_label": {
                                        "flowrules": [
                                          {
                                            "action": {
                                              "VNF": {
                                                "id": "dhcp_ISP",
                                                "port": "inout:0"
                                              },
                                              "type": "output"
                                            },
                                            "flowspec": {
                                              "matches": [
                                                {
                                                  "priority": "32770",
                                                  "id": "1"
                                                }
                                              ]
                                            }
                                          }
                                        ]
                                      }
                                    },
                                    {
                                      "ingoing_label": {
                                        "flowrules": [
                                          {
                                            "action": {
                                              "VNF": {
                                                "id": "Switch",
                                                "port": "L2Port:1"
                                              },
                                              "type": "output"
                                            },
                                            "flowspec": {
                                              "matches": [
                                                {
                                                  "priority": "33770",
                                                  "id": "2"
                                                }
                                              ],
                                              "ingress_endpoint": "ingress"
                                            }
                                          }
                                        ]
                                      },
                                      "id": "L2Port:1",
                                      "outgoing_label": {
                                        "flowrules": [
                                          {
                                            "action": {
                                              "endpoint": {
                                                "port": "ingress"
                                              },
                                              "type": "output"
                                            },
                                            "flowspec": {
                                              "matches": [
                                                {
                                                  "priority": "32770",
                                                  "id": "3"
                                                }
                                              ]
                                            }
                                          }
                                        ]
                                      }
                                    },
                                    {
                                      "id": "L2Port:2",
                                      "outgoing_label": {
                                        "flowrules": [
                                          {
                                            "action": {
                                              "VNF": {
                                                "id": "Router-Nat",
                                                "port": "User:0"
                                              },
                                              "type": "output"
                                            },
                                            "flowspec": {
                                              "matches": [
                                                {
                                                  "priority": "32770",
                                                  "id": "199433939"
                                                }
                                              ]
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                {
                                  "vnf_descriptor": "cisco_dhcp.json",
                                  "id": "dhcp_ISP",
                                  "name": "dhcp_isp",
                                  "ports": [
                                    {
                                      "id": "inout:0",
                                      "outgoing_label": {
                                        "flowrules": [
                                          {
                                            "action": {
                                              "VNF": {
                                                "id": "Switch",
                                                "port": "L2Port:0"
                                              },
                                              "type": "output"
                                            },
                                            "flowspec": {
                                              "matches": [
                                                {
                                                  "priority": "32770",
                                                  "id": "4"
                                                }
                                              ]
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                },
                                {
                                  "vnf_descriptor": "cisco_nat.json",
                                  "id": "Router-Nat",
                                  "name": "Router-Nat",
                                  "ports": [
                                    {
                                      "ingoing_label": {
                                        "flowrules": [
                                          {
                                            "action": {
                                              "VNF": {
                                                "id": "Router-Nat",
                                                "port": "WAN:0"
                                              },
                                              "type": "output"
                                            },
                                            "flowspec": {
                                              "matches": [
                                                {
                                                  "priority": "32770",
                                                  "id": "5"
                                                }
                                              ],
                                              "ingress_endpoint": "egress"
                                            }
                                          }
                                        ]
                                      },
                                      "id": "WAN:0",
                                      "outgoing_label": {
                                        "flowrules": [
                                          {
                                            "action": {
                                              "endpoint": {
                                                "port": "egress"
                                              },
                                              "type": "output"
                                            },
                                            "flowspec": {
                                              "matches": [
                                                {
                                                  "priority": "32770",
                                                  "id": "6"
                                                }
                                              ]
                                            }
                                          }
                                        ]
                                      }
                                    },
                                    {
                                      "id": "User:0",
                                      "outgoing_label": {
                                        "flowrules": [
                                          {
                                            "action": {
                                              "VNF": {
                                                "id": "Switch",
                                                "port": "L2Port:2"
                                              },
                                              "type": "output"
                                            },
                                            "flowspec": {
                                              "matches": [
                                                {
                                                  "priority": "32770",
                                                  "id": "7"
                                                }
                                              ]
                                            }
                                          }
                                        ]
                                      }
                                    }
                                  ]
                                }
                              ],
                              "endpoints": [
                                {
                                  "id": "ingress",
                                  "name": "INGRESS"
                                },
                                {
                                  "id": "egress",
                                  "name": "EGRESS"
                                }
                              ],
                              "id": "2",
                              "name": "Plain_access_to_the_internet"
                            }
                          }
                        • Download the existent service graph from keystone:
                        • Method: GET 
                          Description: Delete a service graph for a user. 
                          URL: http://controller.ipv6.polito.it:35357/v2.0/OS-UPROF/profile/users/4960a4c61e3545aabb1c2cdee18aa253 
                          Header: 
                          Content-Type: application/json
                          X-Auth-Token: <kestone-token>
                          Request:

                          Replace <tenant-name>, <username> and <password> with your credential provided by the FROG administrator at the POLITO domain.

                          {"auth": {"tenantName": <tenant-name>, "passwordCredentials": {"username": <username>, "password": <password>}}}
                        • Upload the service graph and associate it with a user:
                        • Method: PUT 
                          Description: Create or update the service graph for a user. 
                          URL: 

                          http://controller.ipv6.polito.it:35357/v2.0/OS-UPROF/profile/users/<user-id>

                          (The user id is returned in the REST used to obtain the token) 
                          Header: 
                          Content-Type: application/json
                          X-Auth-Token: <kestone-token>
                          Request:

                          Replace <tenant-name>, <username> and <password> with your credential provided by the FROG administrator at the POLITO domain.

                          <service_graph>
                        Document Actions