第一步 生成实验拓扑
from mininet.net import Mininet
from mininet.topo import Topo
from mininet.log import lg, setLogLevel
from mininet.cli import CLI
from mininet.node import RemoteController
'SEA': {'dpid': '000000000000010%s'},
'SFO': {'dpid': '000000000000020%s'},
'LAX': {'dpid': '000000000000030%s'},
'ATL': {'dpid': '000000000000040%s'},
'IAD': {'dpid': '000000000000050%s'},
'EWR': {'dpid': '000000000000060%s'},
'SLC': {'dpid': '000000000000070%s'},
'MCI': {'dpid': '000000000000080%s'},
'ORD': {'dpid': '000000000000090%s'},
'CLE': {'dpid': '0000000000000a0%s'},
'IAH': {'dpid': '0000000000000b0%s'},
class I2Topo(Topo):
def __init__(self, enable_all = True):
"Create Internet2 topology."
# Add default members to class.
super(I2Topo, self).__init__()
# Add core switches
self.cores = {}
for switch in CORES:
self.cores[switch] = self.addSwitch(switch, dpid=(CORES[switch]['dpid'] % '0'))
# Add hosts and connect them to their core switch
for switch in CORES:
for count in xrange(1, FANOUT + 1):
# Add hosts
host = 'h_%s_%s' % (switch, count)
ip = '10.0.0.%s' % count
mac = CORES[switch]['dpid'][4:] % count
h = self.addHost(host, ip=ip, mac=mac)
# Connect hosts to core switches
self.addLink(h, self.cores[switch])
# Connect core switches
self.addLink(self.cores['SFO'], self.cores['SEA'])
self.addLink(self.cores['SEA'], self.cores['SLC'])
self.addLink(self.cores['SFO'], self.cores['LAX'])
self.addLink(self.cores['LAX'], self.cores['SLC'])
self.addLink(self.cores['LAX'], self.cores['IAH'])
self.addLink(self.cores['SLC'], self.cores['MCI'])
self.addLink(self.cores['MCI'], self.cores['IAH'])
self.addLink(self.cores['MCI'], self.cores['ORD'])
self.addLink(self.cores['IAH'], self.cores['ATL'])
self.addLink(self.cores['ORD'], self.cores['ATL'])
self.addLink(self.cores['ORD'], self.cores['CLE'])
self.addLink(self.cores['ATL'], self.cores['IAD'])
self.addLink(self.cores['CLE'], self.cores['IAD'])
self.addLink(self.cores['CLE'], self.cores['EWR'])
self.addLink(self.cores['EWR'], self.cores['IAD'])
if __name__ == '__main__':
topo = I2Topo()
ip = ''
port = 6633
c = RemoteController('c', ip=ip, port=port)
net = Mininet(topo=topo, autoSetMacs=True, xterms=False, controller=None)
print "Hosts configured with IPs, switches pointing to OpenVirteX at %s:%s" % (ip, port)
第二步 运行OVX
$ cd OpenVirteX/scripts
$ sh ovx.sh
第三步 确定租户网络
第四步 网络配置
确定好目标,就要一步步配置网络,使用命令行工具 ovxctl,可以通过JOSN API 对OVX进行配置。先对该工具简单了解
$ python ovxctl.py ‐‐help ```
-h HOST, --hostname=HOST
Specify the OpenVirteX host; default='localhost'
-p PORT, --port=PORT
Specify the OpenVirteX web port; default=8080
-u OVX_USER, --user=OVX_USER
OpenVirtex admin user; default='admin'
-n, --no-passwd Run ovxctl with no password; default false
-v, --version
Available commands are:
addControllers Adds controllers to a virtual switch
connectHost Connect host to a virtual port
connectLink Connect two virtual ports through a virtual link
connectRoute Connect two virtual ports inside a virtual big-switch
createNetwork Creates a virtual network
createPort Create virtual port
createSwitch Create virtual switch
disconnectHost Disconnect host from a virtual port
disconnectLink Disconnect link between two virtual ports
disconnectRoute Disconnect big-switch internal route between two virtual ports
getPhysicalFlowtable Get the physical flowtable of a specified switch or all switches
getPhysicalHosts Get a list of physical hosts
getPhysicalTopology Get the physical topology
getVirtualAddressMapping Get the virtual to physical address mapping for a specified virtual network
getVirtualFlowtable Get the flowtable in the specified virtual network
getVirtualHosts Get list of hosts in virtual network
getVirtualLinkMapping Get the virtual to physical link mapping
getVirtualSwitchMapping Get the virtual to physical switch mapping
getVirtualTopology Get the virtual topology
listVirtualNetworks Get a list of all virtual network tenant ID's
removeNetwork Remove a virtual network
removePort Remove virtual port
removeSwitch Remove virtual switch
setInternalRouting Set big-switch internal routing mechanism
setLinkPath Set the physical path of a virtual link
startNetwork Start a virtual network
startPort Start a virtual port
startSwitch Start a virtual switch
stopNetwork Stop a virtual network
stopPort Shutdown a virtual port
stopSwitch Shutdown a virtual switch
##### 1、创建网络
``` $ python ovxctl.py ‐n createNetwork tcp:localhost:10000 16 ```
表示指定控制器地址为,即在该VM上运行,通信端口号为10000,该网络地址范围。该命令会返回一个tanant ID,若为初次建立则为1。
##### 2、创建虚拟交换机
$ python ovxctl.py ‐n createSwitch 1 00:00:00:00:00:00:01:00
$ python ovxctl.py ‐n createSwitch 1 00:00:00:00:00:00:02:00
$ python ovxctl.py ‐n createSwitch 1 00:00:00:00:00:00:03:00
>For the curious, the structure of the virtual DPID is as follows: first byte is 0x00, the 24bit ON.Lab OUI (Organizationally Unique Identifier) of a4:23:05, and the final 4 bytes represent a counter (starting at 1) for the number of virtual switches per tenant. For instance, the second virtual switch we create in this virtual network has DPID 00:a4:23:05:00:00:00:02. As before, you should also inspect the OVX log to ensure the virtual switch has been created.
##### 3、创建虚拟端口
$ python ovxctl.py ‐n createPort 1 00:00:00:00:00:00:01:00 1
$ python ovxctl.py ‐n createPort 1 00:00:00:00:00:00:01:00 5
$ python ovxctl.py ‐n createPort 1 00:00:00:00:00:00:02:00 5
$ python ovxctl.py ‐n createPort 1 00:00:00:00:00:00:02:00 6
$ python ovxctl.py ‐n createPort 1 00:00:00:00:00:00:03:00 5
$ python ovxctl.py ‐n createPort 1 00:00:00:00:00:00:03:00 2
创建虚拟端口要指定tenant ID,物理交换机DPID和物理端口号,在这些信息下虚拟出一个端口,该命令会返回一个端口号,编号从1开始。
##### 4、创建虚拟链路
$ python ovxctl.py ‐n connectLink 1 00:a4:23:05:00:00:00:01 2 00:a4:23:05:00:00:00:02 1 spf 1
$ python ovxctl.py ‐n connectLink 1 00:a4:23:05:00:00:00:02 2 00:a4:23:05:00:00:00:03 1 spf 1
##### 5、连接主机
$ python ovxctl.py ‐n connectHost 1 00:a4:23:05:00:00:00:01 1 00:00:00:00:01:01
$ python ovxctl.py ‐n connectHost 1 00:a4:23:05:00:00:00:03 2 00:00:00:00:03:02
##### 6、 take off
``` $ python ovxctl.py ‐n startNetwork 1 ```
##### 7、 验证分析
``` mininet> dpctl dump‐flows ```
该命令要在执行了 minimet>h_SEA_1 ping -c3 h_LAX_2 后才能查看,且要注意流表项超时时间较短。
> LAX ------------------------------------------------------------------------
NXST_FLOW reply (xid=0x4):
cookie=0x100000002, duration=4.529s, table=0, n_packets=2, n_bytes=196, idle_timeout=5, idle_age=2, priority=0,in_port=5,vlan_tci=0x0000,dl_src=a4:23:05:01:00:00,dl_dst=a4:23:05:20:00:02 actions=mod_nw_src:,mod_nw_dst:,mod_dl_src:00:00:00:00:01:01,mod_dl_dst:00:00:00:00:03:02,output:2
cookie=0x100000003, duration=4.496s, table=0, n_packets=2, n_bytes=196, idle_timeout=5, idle_age=2, priority=0,in_port=2,vlan_tci=0x0000,dl_src=00:00:00:00:03:02,dl_dst=00:00:00:00:01:01 actions=mod_nw_dst:,mod_nw_src:,mod_dl_src:a4:23:05:01:00:00,mod_dl_dst:a4:23:05:20:00:04,output:5
SEA ------------------------------------------------------------------------
NXST_FLOW reply (xid=0x4):
cookie=0x100000003, duration=4.544s, table=0, n_packets=2, n_bytes=196, idle_timeout=5, idle_age=2, priority=0,in_port=5,vlan_tci=0x0000,dl_src=a4:23:05:01:00:00,dl_dst=a4:23:05:10:00:04 actions=mod_nw_src:,mod_nw_dst:,mod_dl_src:00:00:00:00:03:02,mod_dl_dst:00:00:00:00:01:01,output:1
cookie=0x100000002, duration=4.569s, table=0, n_packets=2, n_bytes=196, idle_timeout=5, idle_age=2, priority=0,in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:01:01,dl_dst=00:00:00:00:03:02 actions=mod_nw_dst:,mod_nw_src:,mod_dl_src:a4:23:05:01:00:00,mod_dl_dst:a4:23:05:10:00:02,output:5
*** SFO ------------------------------------------------------------------------
NXST_FLOW reply (xid=0x4):
cookie=0x100000002, duration=4.573s, table=0, n_packets=2, n_bytes=196, idle_timeout=5, idle_age=2, priority=0,in_port=5,vlan_tci=0x0000,dl_src=a4:23:05:01:00:00,dl_dst=a4:23:05:10:00:02 actions=mod_dl_src:a4:23:05:01:00:00,mod_dl_dst:a4:23:05:20:00:02,output:6
cookie=0x100000003, duration=4.541s, table=0, n_packets=2, n_bytes=196, idle_timeout=5, idle_age=2, priority=0,in_port=6,vlan_tci=0x0000,dl_src=a4:23:05:01:00:00,dl_dst=a4:23:05:20:00:04 actions=mod_dl_src:a4:23:05:01:00:00,mod_dl_dst:a4:23:05:10:00:04,output:5
上面为对应的三个交换机上的流表项,每个交换机包含两个流表项,对SEA,第二条流表,从主机1到主机2,控制器检查原地址发现是tenant 1中的主机,发送packetIn给控制器,控制器根据虚拟网策略,下发流表,流表匹配in_port=1,vlan_tci=0x0000,dl_src=00:00:00:00:01:01,dl_dst=00:00:00:00:03:02 ,对应的动作为mod_nw_dst:,mod_nw_src:,mod_dl_src:a4:23:05:01:00:00,mod_dl_dst:a4:23:05:10:00:02,output:5,即将IP和MAC地址重写,从端口5交给SFO;对SFO,同样控制器下发流表指导数据转发,当匹配上即SEA重写后的MAC时(in_port=5,vlan_tci=0x0000,dl_src=a4:23:05:01:00:00,dl_dst=a4:23:05:10:00:02 ),对应动作为mod_dl_src:a4:23:05:01:00:00,mod_dl_dst:a4:23:05:20:00:02,output:6,源和目的MAC不变,从端口6转发,可以看出,core OVXSwitch只对数据包进行转发。对LAX,和SEA一样为边缘路由器,负责完成OVX到Physical的映射,匹配上dl_src=a4:23:05:01:00:00,dl_dst=a4:23:05:20:00:02 ,对应动作为actions=mod_nw_src:,mod_nw_dst:,mod_dl_src:00:00:00:00:01:01,mod_dl_dst:00:00:00:00:03:02,output:2,即将虚拟的IP、MAC地址转换为实际物理地址。
注意:由于操作不熟练,强调一下,为了避免虚拟网络之间的影响,某个租户网络不使用时需要removeNetwork清除掉,当然,mininet退出后使用 mn -c清除数据。
$ python ovxctl.py ‐n createNetwork tcp:localhost:20000 16
$ python ovxctl.py ‐n createSwitch 2 00:00:00:00:00:00:01:00
$ python ovxctl.py ‐n createSwitch 2 00:00:00:00:00:00:02:00
$ python ovxctl.py ‐n createSwitch 2 00:00:00:00:00:00:03:00
$ python ovxctl.py ‐n createPort 2 00:00:00:00:00:00:01:00 3
$ python ovxctl.py ‐n createPort 2 00:00:00:00:00:00:01:00 5
$ python ovxctl.py ‐n createPort 2 00:00:00:00:00:00:02:00 5
$ python ovxctl.py ‐n createPort 2 00:00:00:00:00:00:02:00 6
$ python ovxctl.py ‐n createPort 2 00:00:00:00:00:00:03:00 5
$ python ovxctl.py ‐n createPort 2 00:00:00:00:00:00:03:00 4
$ python ovxctl.py ‐n connectLink 2 00:a4:23:05:00:00:00:01 2 00:a4:23:05:00:00:00:02 1 spf 1
$ python ovxctl.py ‐n connectLink 2 00:a4:23:05:00:00:00:02 2 00:a4:23:05:00:00:00:03 1 spf 1
$ python ovxctl.py ‐n connectHost 2 00:a4:23:05:00:00:00:01 1 00:00:00:00:01:03
$ python ovxctl.py ‐n connectHost 2 00:a4:23:05:00:00:00:03 2 00:00:00:00:03:04
$ python ovxctl.py ‐n startNetwork 2
按部就班,创建了tenant ID=2的租户网络,该网络也是在上面实验的基础上,只不过使用了不同的虚拟网络,可以实现隔离。
python ovxctl.py ‐createSwitch 3 00:00:00:00:00:00:05:00,00:00:00:00:00:00:06:00,00:00:00:00:00:00:0A:python ovxctl.py -n createNetwork tcp:localhost:30000 16
python ovxctl.py -n createSwitch 3 00:00:00:00:00:00:05:00,00:00:00:00:00:00:06:00,00:00:00:00:00:00:0A:00
python ovxctl.py -n createPort 3 00:00:00:00:00:00:05:00 1
python ovxctl.py -n createPort 3 00:00:00:00:00:00:06:00 2
python ovxctl.py -n createPort 3 00:00:00:00:00:00:0A:00 3
python ovxctl.py -n connectHost 3 00:a4:23:05:00:00:00:01 1 00:00:00:00:05:01
python ovxctl.py -n connectHost 3 00:a4:23:05:00:00:00:01 2 00:00:00:00:06:02
python ovxctl.py -n connectHost 3 00:a4:23:05:00:00:00:01 3 00:00:00:00:0A:03
python ovxctl.py -n createSwitch 3 00:00:00:00:00:00:08:00
python ovxctl.py -n createPort 3 00:00:00:00:00:00:05:00 5
python ovxctl.py -n createPort 3 00:00:00:00:00:00:08:00 6
python ovxctl.py -n connectLink 3 00:a4:23:05:00:00:00:01 4 00:a4:23:05:00:00:00:02 1 spf 1
python ovxctl.py -n createPort 3 00:00:00:00:00:00:08:00 4
python ovxctl.py -n connectHost 3 00:a4:23:05:00:00:00:02 2 00:00:00:00:08:04
python ovxctl.py -n startNetwork 3
该拓扑实现了将 交换机CLE、EWR、IAD虚拟为一个OVXBigSwitch,对应每个物理交换机再虚拟出一个接口,各自连接上一个主机。另外将MCI虚拟化,创建虚拟端口,生成两者之间的虚拟链路。主机h_IAD_1、h_EWR_2、h_CLE_3连接在一个OVXBigSwitch上,而h_MCI_4连接在一个OVXSingleSwitch上,在同一个租户网络中。
### 脚本配置网络 (take off once again)
```$ python utils/embedder.py ```
#####2 ) 脚本文件
"id": "1",
"jsonrpc": "2.0",
"method": "createNetwork",
"params": {
"network": {
"controller": {
"ctrls": [
"type": "custom"
"hosts": [
"dpid": "00:00:00:00:00:00:02:00",
"mac": "00:00:00:00:02:01",
"port": 1
"dpid": "00:00:00:00:00:00:05:00",
"mac": "00:00:00:00:05:02",
"port": 2
"dpid": "00:00:00:00:00:00:06:00",
"mac": "00:00:00:00:06:03",
"port": 3
"dpid": "00:00:00:00:00:00:09:00",
"mac": "00:00:00:00:09:04",
"port": 4
"routing": {
"algorithm": "spf",
"backup_num": 1
"subnet": "",
"type": "bigswitch"
##### 3)运行脚本
``` $ curl localhost:8000 ‐X POST ‐d @bigswitch.json ```
mininet> h_SFO_1 ping -c3 h_ORD_2
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=41.8 ms
64 bytes from icmp_seq=2 ttl=64 time=1.63 ms
64 bytes from icmp_seq=3 ttl=64 time=0.135 ms
--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.135/14.531/41.825/19.309 ms
mininet> h_SFO_1 ping -c3 h_ATL_2
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=45.4 ms
64 bytes from icmp_seq=2 ttl=64 time=1.41 ms
64 bytes from icmp_seq=3 ttl=64 time=0.060 ms
--- ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2005ms
rtt min/avg/max/mdev = 0.060/15.636/45.439/21.081 ms
>be able to ping between hosts h_SFO_1, h_IAD_2, h_EWR_3, and h_ORD_4.
***{可能的原因:ping时其实ping的是主机IP地址,初始网络时每个交换机下面的主机IP地址都是一样的,从10.0.0.1到10.0.0.4,而现网络有点特殊,一是所有的交换机都在同一个tenant 网络中形成一个big switch,二是添加的四个主机地址全覆盖。换句话说,像在本文前面网络,只覆盖了个别交换机,当不再同一个tenant ID中的交换机下的主机就算IP地址一样也无法ping通,二是如果同一个tenant 网络中,该主机地址没有添加进网络也无法ping通。回过头去想,OVX限制一个物理交换机只能属于一个虚拟网络}***
>The only restriction we impose
in OVX is that you cannot partition a single physical switch into multiple virtual switches.
"id": "1",
"jsonrpc": "2.0",
"method": "createNetwork",
"params": {
"network": {
"controller": {
"ctrls": [
"type": "custom"
"copy-dpid": true,
"hosts": [
"dpid": "00:00:00:00:00:00:01:00",
"mac": "00:00:00:00:01:01",
"port": 1
"dpid": "00:00:00:00:00:00:04:00",
"mac": "00:00:00:00:04:02",
"port": 2
"dpid": "00:00:00:00:00:00:08:00",
"mac": "00:00:00:00:08:03",
"port": 3
"dpid": "00:00:00:00:00:00:0B:00",
"mac": "00:00:00:00:0B:04",
"port": 4
"routing": {
"algorithm": "spf",
"backup_num": 1
"subnet": "",
"type": "physical"
>The option is especially useful as we already know the physical DPIDs and you’re not always sure of the order in which OVX will create the virtual switches.
文档后面提到了当网络在运行而需要对主机修改时,可以用disconnectHost命令,指定网络号和主机号,该主机号为connectHost时返回的 host ID。
*笔者 : 袁其杰 ,北京邮电大学IsWIT研究中心研究生,2016.9至今
QQ 441711184*