Friday, September 16, 2016

Include files

FAUCET allows you to split your config into separate files, so that automated generation/replacement of files is easier (E.g., if you want to change the configuration of a single ACL, you can replace just that file rather than having to merge your change into one file).

For an example, see https://github.com/REANNZ/faucet/blob/master/tests/config/testconfigv2.yaml. Specifically:

# test include
include:
- testconfigv2-dps.yaml
# test include-optional
include-optional:
- testconfigv2-acls.yaml

The first file will be read and included (and it must be present). 

The second file will be read and included, if present.

Where's the northbound API?

(For background, see https://www.sdxcentral.com/sdn/definitions/north-bound-interfaces-api/)

When speaking about SDN, a northbound API is something used to tell an SDN controller (versus an SDN controlled device) to do something. For example, you might use it to tell an SDN controller to prioritize a certain user's traffic over other traffic. It's up to the SDN controller to instruct devices in turn to do implement your request (generally with a southbound API, like OpenFlow).

FAUCET doesn't have a northbound API as such, because it doesn't need one. Instead, you can just change FAUCET's config file and HUP the FAUCET to have the change take effect. As an example, see https://faucet-sdn.blogspot.com/2016/07/8021x-authentication-on-faucet-nfv.html - we combine NFV (of authentication) with a triggered update of FAUCET's config file (to remove an ACL from a port once a user has been authenticated).

In summary. If you want to orchestrate a fleet of FAUCET based switches, change user VLANs on the fly, update ACLs, override forwarding with policy based forwarding (Eg, https://faucet-sdn.blogspot.com/2016/07/policy-based-forwarding-with-faucet.html), etc, then you would script generation of new FAUCET configs as appropriate and signal FAUCET to apply the change.


Tuesday, September 13, 2016

ODBC support (flows and stats logging to external database)


FAUCET's monitoring application, Gauge, can now push flow table changes and port based statistics to ODBC databases (including CouchDB). This means that monitoring and security applications are much easier to develop, because they don't need to directly interact with OpenFlow switches, and since FAUCET can push statistics there is no need for a database to poll each switch or FAUCET instance.

You can find an overview of how this is configured at https://github.com/REANNZ/faucet/blob/master/src/docs/database_architecture.rst.


Friday, September 2, 2016

FAUCET V1.1

FAUCET version 1.1 has been released:

https://pypi.python.org/pypi/ryu-faucet/

https://github.com/REANNZ/faucet/releases/tag/v1_1

This release consolidates and introduces:

  • further progress on automated testing (including automated testing of hardware)
  • new configuration format and support for a single FAUCET controller handling multiple datapaths
  • policy based forwarding (ACLs can override and/or augment standard forwarding behavior).
  • BGP routing
  • Configuration of OpenFlow pipelines with the standard "table features" mechanism.