1 A complete description of the Service Function Chaining API can be found under
2 https://docs.openstack.org/developer/networking-sfc/api.html
5 This section describes a complete, working example of the SFC API with Sonata.
6 The following diagram shows the structure of the service chain that will be created.
9 +-------+ +------+ +------+ +-------+
10 | Host1 | | VNF1 | | VNF2 | | Host2 |
11 +-------+ +------+ +------+ +-------+
12 |p1 p2| |p3 p4| |p5 p6|
13 | | | | | | PC1 = {{p1, p2}, {p3, p4}, {p5, p6}}
14 +------>----+ +---->----+ +---->-----+
17 +-------------------<------------------+
19 Two port chains, PC1 and PC2, are created. PC1 chains packets from Host1 over VNF1 and VNF2 to Host2.
20 Both network functions, VNF1 and VNF2, simply forward all packets from ingress to egress. PC2 creates a
21 direct chain from Host2 to Host1, such that replies can be routed send back.
22 (Note: Port chains are unidirectional)
25 The following python packages required in order for the Openstack CLI commands to work.
27 sudo pip install python-openstackclient networking-sfc
29 Also the docker images `ubuntu:trusty` and `sonatanfv/sonata-snort-ids-vnf` have to be locally available
30 (otherwise Sonata cannot start the containers).
33 First, start the DCEmulator:
35 sudo python src/emuvim/examples/openstack_single_dc.py
37 It creates a single data center and connects it to an instance of the Openstack API listening on `http://0.0.0.0:6001`.
39 Then execute the following script. It starts the containers and sets up the port chains as described above.
40 Finally a ping from Host1 to Host2 is executed to check the connection established by the port chains.
43 export OS_USERNAME="admin"
44 export OS_PASSWORD="nope"
45 export OS_PROJECT_NAME="nope"
46 export OS_AUTH_URL="http://0.0.0.0:6001"
49 openstack port create --network default p1
50 openstack port create --network default p2
51 openstack port create --network default p3
52 openstack port create --network default p4
53 openstack port create --network default p5
54 openstack port create --network default p6
57 openstack server create --image ubuntu:trusty --flavor m1.tiny --port p1 Host1
58 openstack server create --image sonatanfv/sonata-snort-ids-vnf --flavor m1.tiny \
59 --port p2 --port p3 --property IFIN="p2-0" --property IFOUT="p3-0" VNF1
60 openstack server create --image sonatanfv/sonata-snort-ids-vnf --flavor m1.tiny \
61 --port p4 --port p5 --property IFIN="p4-0" --property IFOUT="p5-0" VNF2
62 openstack server create --image ubuntu:trusty --flavor m1.tiny --port p6 Host2
64 # 3. Create port pairs
65 openstack sfc port pair create --ingress p1 --egress p2 PP1
66 openstack sfc port pair create --ingress p3 --egress p4 PP2
67 openstack sfc port pair create --ingress p5 --egress p6 PP3
68 openstack sfc port pair create --ingress p6 --egress p1 PP4 # for direct ping reply Host2->Host1
70 # 4. Create port groups
71 openstack sfc port pair group create --port-pair PP1 --port-pair PP2 --port-pair PP3 PPG1
72 openstack sfc port pair group create --port-pair PP4 PPG2
74 # 5. Create port chain
75 openstack sfc port chain create --port-pair-group PPG1 PC1
76 openstack sfc port chain create --port-pair-group PPG2 PC2
78 # 6. Test the port chain
79 export HOST1_DOCKER=$(openstack server list | grep "Host1" | awk '{print "mn."$4}')
80 export HOST2_IP=$(openstack port show p6 | grep fixed_ips \
81 | awk 'match($4, "\x27,") {print substr($4, 13, RSTART - 13)}')
82 sudo docker exec -it ${HOST1_DOCKER} ping -c 5 ${HOST2_IP}
85 To verify that the port chains actually works, commenting out the creation of either port chain (step 5)
86 will result in the ping packets not getting through.
88 ### Unimplemented Features
89 While all functions of the API are implemented and can be called, some of the internal functionality
90 remains unimplemented at the moment:
91 * Updating/deleting port chains (the metadata is updated, but the implemented chain is not)
92 * FlowClassifiers (can be called, metadata is handles but not actually implemented with the chain)
projects / osm / vim-emu.git / blob