1 ==== How To Create Mac Map In VTN
5 * This page demonstrates Mac Mapping. This demonstration aims at enabling communication between two hosts and denying communication of particular host by associating a Vbridge to the hosts and configuring Mac Mapping (mac address) to the Vbridge.
7 * This page targets Beryllium release, so the procedure described here does not work in other releases.
9 .Single Controller Mapping
10 image::vtn/Single_Controller_Mapping.png["Single_Controller_Mapping",width=500]
14 ====== Configure mininet and create a topology
16 * https://wiki.opendaylight.org/view/OpenDaylight_Virtual_Tenant_Network_(VTN):Scripts:Mininet#Network_with_Multiple_Hosts_for_Service_Function_Chain[Script for emulating network with multiple hosts].
17 * Before executing the mininet script, please confirm Controller is up and running.
18 * Run the mininet script.
19 * Replace <path> and <Controller IP> based on your environment.
22 sudo mn --controller=remote,ip=<Controller IP> --custom <path>\topo_handson.py --topo mytopo2
32 srvc1 srvc1-eth0:s3-eth3 srvc1-eth1:s4-eth3
33 srvc2 srvc2-eth0:s3-eth4 srvc2-eth1:s4-eth4
34 s1 lo: s1-eth1:h11-eth0 s1-eth2:h12-eth0 s1-eth3:s2-eth4 s1-eth4:s3-eth2
35 s2 lo: s2-eth1:h21-eth0 s2-eth2:h22-eth0 s2-eth3:h23-eth0 s2-eth4:s1-eth3 s2-eth5:s4-eth1
36 s3 lo: s3-eth1:s4-eth2 s3-eth2:s1-eth4 s3-eth3:srvc1-eth0 s3-eth4:srvc2-eth0
37 s4 lo: s4-eth1:s2-eth5 s4-eth2:s3-eth1 s4-eth3:srvc1-eth1 s4-eth4:srvc2-eth1
42 To create Mac Map in VTN, execute REST API provided by VTN Manager as follows. It uses curl command to call REST API.
44 * Create a virtual tenant named Tenant1 by executing
45 https://jenkins.opendaylight.org/releng/view/vtn/job/vtn-merge-beryllium/lastSuccessfulBuild/artifact/manager/model/target/site/models/vtn.html#update-vtn[the update-vtn RPC].
48 curl --user "admin":"admin" -H "Content-type: application/json" -X POST http://localhost:8181/restconf/operations/vtn:update-vtn -d '{"input":{"tenant-name":"Tenant1"}}'
51 * Create a virtual bridge named vBridge1 in the tenant Tenant1 by executing
52 https://jenkins.opendaylight.org/releng/view/vtn/job/vtn-merge-beryllium/lastSuccessfulBuild/artifact/manager/model/target/site/models/vtn-vbridge.html#update-vbridge[the update-vbridge RPC].
55 curl --user "admin":"admin" -H "Content-type: application/json" -X POST http://localhost:8181/restconf/operations/vtn-vbridge:update-vbridge -d '{"input":{"tenant-name":"Tenant1","bridge-name":"vBridge1"}}'
58 * Configuring Mac Mappings on the vBridge1 by giving the mac address of host h12 and host h22 as follows to allow the communication by executing
59 https://jenkins.opendaylight.org/releng/view/vtn/job/vtn-merge-beryllium/lastSuccessfulBuild/artifact/manager/model/target/site/models/vtn-mac-map.html#set-mac-map[the set-mac-map RPC].
62 curl --user "admin":"admin" -H "Content-type: application/json" -X POST http://localhost:8181/restconf/operations/vtn-mac-map:set-mac-map -d '{"input":{"operation":"SET","allowed-hosts":["de:05:40:c4:96:76@0","62:c5:33:bc:d7:4e@0"],"tenant-name":"Tenant1","bridge-name":"vBridge1"}}'
65 NOTE: Mac Address of host h12 and host h22 can be obtained with the following command in mininet.
69 h12-eth0 Link encap:Ethernet HWaddr 62:c5:33:bc:d7:4e
70 inet addr:10.0.0.2 Bcast:10.255.255.255 Mask:255.0.0.0
71 inet6 addr: fe80::60c5:33ff:febc:d74e/64 Scope:Link
76 h22-eth0 Link encap:Ethernet HWaddr de:05:40:c4:96:76
77 inet addr:10.0.0.4 Bcast:10.255.255.255 Mask:255.0.0.0
78 inet6 addr: fe80::dc05:40ff:fec4:9676/64 Scope:Link
81 * MAC Mapping will not be activated just by configuring it, a two end communication needs to be established to activate Mac Mapping.
83 * Ping host h22 from host h12 in mininet, the ping will not happen between the hosts as only one way activation is enabled.
87 PING 10.0.0.4 (10.0.0.4) 56(84) bytes of data.
88 From 10.0.0.2 icmp_seq=1 Destination Host Unreachable
89 From 10.0.0.2 icmp_seq=2 Destination Host Unreachable
92 * Ping host h12 from host h22 in mininet, now the ping communication will take place as the two end communication is enabled.
96 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
97 64 bytes from 10.0.0.2: icmp_req=1 ttl=64 time=91.8 ms
98 64 bytes from 10.0.0.2: icmp_req=2 ttl=64 time=0.510 ms
101 * After two end communication enabled, now host h12 can ping host h22
104 mininet> h12 ping h22
105 PING 10.0.0.4 (10.0.0.4) 56(84) bytes of data.
106 64 bytes from 10.0.0.4: icmp_req=1 ttl=64 time=0.780 ms
107 64 bytes from 10.0.0.4: icmp_req=2 ttl=64 time=0.079 ms
112 * To view the configured Mac Map of allowed host execute the following command.
115 curl --user "admin":"admin" -H "Content-type: application/json" -X GET http://localhost:8181/restconf/operational/vtn:vtns/vtn/Tenant1/vbridge/vBridge1/mac-map
124 "mac-address": "c6:44:22:ba:3e:72",
126 "port-id": "openflow:1:2"
129 "mac-address": "f6:e0:43:b6:3a:b7",
131 "port-id": "openflow:2:2"
137 "vlan-host-desc-list": [
139 "host": "c6:44:22:ba:3e:72@0"
142 "host": "f6:e0:43:b6:3a:b7@0"
152 When Deny is configured a broadcast message is sent to all the hosts connected to the vBridge, so a two end communication need not be establihed like allow, the hosts can communicate directly without any two way communication enabled.
154 . To Deny host h23 communication from hosts connected on vBridge1, the following configuration can be applied.
157 curl --user "admin":"admin" -H "Content-type: application/json" -X POST http://localhost:8181/restconf/operations/vtn-mac-map:set-mac-map -d '{"input":{"operation": "SET", "denied-hosts": ["0a:d3:ea:3d:8f:a5@0"],"tenant-name": "Tenant1","bridge-name": "vBridge1"}}'
162 * You can delete the virtual tenant Tenant1 by executing
163 https://jenkins.opendaylight.org/releng/view/vtn/job/vtn-merge-beryllium/lastSuccessfulBuild/artifact/manager/model/target/site/models/vtn.html#remove-vtn[the remove-vtn RPC].
166 curl --user "admin":"admin" -H "Content-type: application/json" -X POST http://localhost:8181/restconf/operations/vtn:remove-vtn -d '{"input":{"tenant-name":"Tenant1"}}'
Code Review / docs.git / blob