编者按:环路广播风暴,如果有环路,数据帧将会在环路中来回传递,大量增生数据帧,形成广播风暴。在SDN中部分控制器可以抑制环路广播风暴的产生,如Floodlight,而像POX控制器,就不能很好的解决广播风暴的问题。
接下来将对Floodlight和POX控制器进行广播风暴实验的对比。
物理连接上OF1、OF2、OF3形成环路,使用Flowvisor(192.168.20.6:6634)隔离成两个虚网。VM1和VM3在一个虚网中,由POX(192.168.20.6:6635)控制,VM2和VM3在另一个虚网中,由Floodlight(192.168.20.6:6636)控制。
POX安装与配置
安装:
git clonehttp://github.com/noxrepo/pox
启动:
./pox.py forwarding.l2_learning openflow.of_01 --port=6635
Floodlight安装与安装
安装:
apt-get install build-essential default-jdk ant python-dev
git clone git://github.com/floodlight/floodlight.git
ant;
端口配置:
vi ./src/main/resources/floodlightdefault.properties
启动:
nohup java -jar target/floodlight.jar > /dev/null &
Flowvisor安装与配置
安装:
sudo apt-get install ant
sudo apt-get install openjdk-6-jdk
wget https://github.com/OPENNETWORKINGLAB/flowvisor/archive/1.2-MAINT.zip
make && make install
端口配置
vi /etc/flowvisor/config.json(目前使用监听端口6634)
普通用户下启动:
nohup flowvisor /etc/flowvisor/config.json >/dev/null &
OvS安装与配置
OvS在之前已经写过,详情可查看《Open vSwitch2.3.0版本安装部署及基本操作》。
创建虚网
创建两个slice,分别指定到POX和Floodlight上:
fvctl -p 8181 add-slice s1 tcp:127.0.0.1:6635 1@1
fvctl -p 8181 add-slice s2 tcp:127.0.0.1:6636 2@2
修改OvS的dpid:
192.168.20.3:ovs-vsctl set bridge br0 other_config:datapath-id=1000000000000001
192.168.20.4:ovs-vsctl set bridge br0 other_config:datapath-id=1000000000000002
192.168.20.5:ovs-vsctl set bridge br0 other_config:datapath-id=1000000000000003
root@fnic8:~# ovs-vsctl list bridge br0
_uuid : 9a7f1e47-b5f1-410f-9a63-0393acf1a651
controller : [1ab5ceec-3965-47c4-89ab-1f1f408470bb]
datapath_id : "1000000000000001"
查看端口号:
root@fnic8:~# ovs-ofctl show br0
OFPT_FEATURES_REPLY (xid=0x2): dpid:1000000000000001
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE
1(vnet0): addr:fe:54:00:d4:fa:b1
config: 0
state: 0
current: 10MB-FD COPPER
speed: 10 Mbps now, 0 Mbps max
2(eth1): addr:74:86:7a:d7:65:65
config: 0
state: 0
current: 100MB-FD COPPER AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG AUTO_PAUSE
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG
speed: 100 Mbps now, 1000 Mbps max
3(eth2): addr:74:86:7a:d7:65:66
config: 0
state: 0
current: 1GB-FD COPPER AUTO_NEG
advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG AUTO_PAUSE
supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-HD 1GB-FD COPPER AUTO_NEG
speed: 1000 Mbps now, 1000 Mbps max
LOCAL(br0): addr:74:86:7a:d7:65:65
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
虚网隔离创建
执行以下脚本,创建flowspace:
DP1=1000000000000001
DP2=1000000000000002
DP3=1000000000000003
#s1-dpid1
fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=1,nw_dst=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=1,nw_src=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=2,nw_dst=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=2,nw_src=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=3,nw_dst=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP1 1 in_port=3,nw_src=10.0.0.1 s1=7
#s1-dpid2
fvctl -p 8181 add-flowspace -f 1 space1 $DP2 1 in_port=2,nw_dst=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP2 1 in_port=2,nw_src=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP2 1 in_port=3,nw_dst=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP2 1 in_port=3,nw_src=10.0.0.1 s1=7
#s1-dpid3
fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=1,nw_dst=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=1,nw_src=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=2,nw_dst=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=2,nw_src=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=3,nw_dst=10.0.0.1 s1=7
fvctl -p 8181 add-flowspace -f 1 space1 $DP3 1 in_port=3,nw_src=10.0.0.1 s1=7
#s2-dpid1
fvctl -p 8181 add-flowspace -f 2 space1 $DP1 1 in_port=2,nw_dst=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP1 1 in_port=2,nw_src=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP1 1 in_port=3,nw_dst=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP1 1 in_port=3,nw_src=10.0.0.2 s2=7
#s2-dpid2
fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=1,nw_dst=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=1,nw_src=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=2,nw_dst=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=2,nw_src=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=3,nw_dst=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP2 1 in_port=3,nw_src=10.0.0.2 s2=7
#s2-dpid3
fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=1,nw_dst=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=1,nw_src=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=2,nw_dst=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=2,nw_src=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=3,nw_dst=10.0.0.2 s2=7
fvctl -p 8181 add-flowspace -f 2 space1 $DP3 1 in_port=3,nw_src=10.0.0.2 s2=7
设置队列
OvS1设置队列,流量隔离
执行以下脚本设置队列:
#!/bin/bash
#clear config
ovs-vsctl del-br br0
ovs-vsctl -- --all destroy qos
ovs-vsctl -- --all destroy queue
ovs-vsctl add-br br0 -- set bridge br0 other_config:datapath-id=1000000000000001
ovs-vsctl set-controller br0 tcp:192.168.20.6:6634
ovs-vsctl set bridge br0 fail_mode=secure
virsh destroy vm3 //vm3为VM名称
sleep 5
virsh start vm3
sleep 5
ovs-vsctl add-port br0 eth1
ovs-vsctl add-port br0 eth2
#qos
ovs-vsctl set port eth1 qos=@newqos -- --id=@newqos create qos type=linux-htb\
queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth1 link-speed`\
-- --id=@q1 create queue other_config:min-rate=10000000\
-- --id=@q2 create queue other_config:min-rate=10000000
ovs-vsctl set port eth2 qos=@newqos -- --id=@newqos create qos type=linux-htb\
queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth2 link-speed`\
-- --id=@q1 create queue other_config:min-rate=10000000\
-- --id=@q2 create queue other_config:min-rate=10000000
OvS2设置队列,流量隔离
执行以下脚本设置队列:
#!/bin/bash
#clear config
ovs-vsctl del-br br0
ovs-vsctl -- --all destroy qos
ovs-vsctl -- --all destroy queue
ovs-vsctl add-br br0 -- set bridge br0 other_config:datapath-id=1000000000000002
ovs-vsctl set-controller br0 tcp:192.168.20.6:6634
ovs-vsctl set bridge br0 fail_mode=secure
virsh destroy vm4
sleep 5
virsh start vm4
sleep 5
ovs-vsctl add-port br0 eth1
ovs-vsctl add-port br0 eth2
#qos
ovs-vsctl set port eth1 qos=@newqos -- --id=@newqos create qos type=linux-htb\
queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth1 link-speed`\
-- --id=@q1 create queue other_config:min-rate=10000000\
-- --id=@q2 create queue other_config:min-rate=10000000
ovs-vsctl set port eth2 qos=@newqos -- --id=@newqos create qos type=linux-htb\
queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth2 link-speed`\
-- --id=@q1 create queue other_config:min-rate=10000000\
-- --id=@q2 create queue other_config:min-rate=10000000
OvS3设置队列,流量隔离
执行以下脚本设置队列:
#!/bin/bash
#clear config
ovs-vsctl del-br br0
ovs-vsctl -- --all destroy qos
ovs-vsctl -- --all destroy queue
ovs-vsctl add-br br0 -- set bridge br0 other_config:datapath-id=1000000000000003
ovs-vsctl set-controller br0 tcp:192.168.20.6:6634
ovs-vsctl set bridge br0 fail_mode=secure
virsh destroy vm5
sleep 5
virsh start vm5
sleep 5
ovs-vsctl add-port br0 eth1
ovs-vsctl add-port br0 eth2
#qos
ovs-vsctl set port eth1 qos=@newqos -- --id=@newqos create qos type=linux-htb\
queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth1 link-speed`\
-- --id=@q1 create queue other_config:min-rate=10000000\
-- --id=@q2 create queue other_config:min-rate=10000000
ovs-vsctl set port eth2 qos=@newqos -- --id=@newqos create qos type=linux-htb\
queues=1=@q1,2=@q2 other_config:max-rate=`ovs-vsctl get interface eth2 link-speed`\
-- --id=@q1 create queue other_config:min-rate=10000000\
-- --id=@q2 create queue other_config:min-rate=10000000
实验结果
VM1与VM3形成广播风暴;
VM2与VM3可以ping通,Floodlight的最小生成树协议成功抑制了广播风暴;
VM1与VM2由于在不同的flowspace中ping不通。