Monday, August 29, 2016

FAUCET on docker

docker allows you to precisely describe what an application needs, and also isolate it from what it shouldn't need. This makes installation and testing much easier. In FAUCET's case, WAND have done a nice job - as well as packaging installation, they have packaged tests. Running FAUCET's unit tests is now very easy (see below). See also for how to use docker to install and upgrade FAUCET itself.

https://github.com/REANNZ/faucet/blob/master/docs/README.docker.md

Dockerfile.tests

This runs the mininet tests from the docker entry-point:
docker build -t reannz/faucet-tests -f Dockerfile.tests .
apparmor_parser -R /etc/apparmor.d/usr.sbin.tcpdump
modprobe openvswitch
sudo docker run --privileged -ti reannz/faucet-tests

Thursday, August 18, 2016

SimpleSwitch 2

https://inside-openflow.com/2016/08/05/ryu-api-reimagining-simple-switch/

SimpleSwitch Reimagined is heavily influenced byFaucet, an Open Source commercial-grade OpenFlow controller application for Ryu. Our purpose was not to rewrite Faucet, but to write an easy-to-understand controller application for learning more advanced OpenFlow concepts. As a result, SS2 does not include some of Faucet’s features such as VLAN learning, but is written to be very easy to follow and and to teach useful design patterns for Ryu controller applications and OpenFlow in general. This tutorial will run through the core of SS2, explaining the thinking and design behind every bit of code and hopefully provide you with ideas on writing your own controller application. The structure and concepts employed by SS2 will also help introduce the logic behind Faucet when we explore it in the near future.

Tuesday, August 9, 2016

FAUCET now supports multiple switches/datapaths

FAUCET now supports the configuration and control of multiple switches, via the same FAUCET process.

Here is a configuration extract for FAUCET controlling two switches at once (Allied Telesis and Zodiac FX).

version: 2
vlans:
    100:
        name: "clock"
        unicast_flood: False
        max_hosts: 3
    2001:
        name: "trusted network"
        unicast_flood: true 
        max_hosts: 20
    2002:
        name: "untrusted network"
        unicast_flood: False 
        max_hosts: 20
    2003:
        name: "roof network"
        unicast_flood: True
        max_hosts: 10
acls:
    100:
        - rule:
            dl_src: "ae:ad:61:7d:02:2f"
            actions:
                allow: 1 
        - rule:
            actions:
                allow: 0
dps:
    zodiac-fx-1:
        dp_id: 0x70b3d56cd0c0
        hardware: "Open vSwitch"
        interfaces:
            1:
                native_vlan: 100 
                name: "clock"
            2:
                native_vlan: 100
                name: "VLAN 2001"
                acl_in: 100
    windscale-faucet-1:
        dp_id: 0x0000eccd6df72de7
        description: "Josh's experimental AT-X930"   
        hardware: "Allied-Telesis" 
        interfaces:
            1:
                tagged_vlans: [2001,2002,2003]
                name: "port1.0.1"
                description: "windscale"
            2:
                native_vlan: 2001
                name: "port1.0.2"

                description: "vek-x"

FAUCET deployments

Here is a map, that we will keep updated with sites that have deployed FAUCET (and don't mind saying so!).

https://www.google.com/maps/d/u/0/viewer?mid=1MZ0M9ZtZOp2yHWS0S-BQH0d3e4s&hl=en

Sunday, August 7, 2016

New configuration format (better Gauge, and enabling multiple datapaths)

FAUCET's original author, Chris Lorier has significantly improved FAUCET configuration.

In particular, it's now possible for you to do things like configure InfluxDb's credentials or even have multiple different kinds of polling/data logging.

You can also configure multiple datapaths (switches) in the same config file - a forthcoming feature will enable one FAUCET process to control many switches.

Read more about the changes here: https://github.com/REANNZ/faucet/commit/b7602a4f5e328414dd8c678c1e3b78ccfd6e577e

In summary, each switch now as a stanza under "dps", and "interfaces" moves under each datapath's configuration. VLAN configuration is shared among datapaths for the moment.

It is strongly recommended you update your configuration to the new format as soon as possible, as the old format is deprecated and will be removed shortly.