Friday, September 16, 2016

Include files

FAUCET allows you to split your config into separate files, so that automated generation/replacement of files is easier (E.g., if you want to change the configuration of a single ACL, you can replace just that file rather than having to merge your change into one file).

For an example, see https://github.com/REANNZ/faucet/blob/master/tests/config/testconfigv2.yaml. Specifically:

# test include
include:
- testconfigv2-dps.yaml
# test include-optional
include-optional:
- testconfigv2-acls.yaml

The first file will be read and included (and it must be present). 

The second file will be read and included, if present.

Where's the northbound API?

(For background, see https://www.sdxcentral.com/sdn/definitions/north-bound-interfaces-api/)

When speaking about SDN, a northbound API is something used to tell an SDN controller (versus an SDN controlled device) to do something. For example, you might use it to tell an SDN controller to prioritize a certain user's traffic over other traffic. It's up to the SDN controller to instruct devices in turn to do implement your request (generally with a southbound API, like OpenFlow).

FAUCET doesn't have a northbound API as such, because it doesn't need one. Instead, you can just change FAUCET's config file and HUP the FAUCET to have the change take effect. As an example, see https://faucet-sdn.blogspot.com/2016/07/8021x-authentication-on-faucet-nfv.html - we combine NFV (of authentication) with a triggered update of FAUCET's config file (to remove an ACL from a port once a user has been authenticated).

In summary. If you want to orchestrate a fleet of FAUCET based switches, change user VLANs on the fly, update ACLs, override forwarding with policy based forwarding (Eg, https://faucet-sdn.blogspot.com/2016/07/policy-based-forwarding-with-faucet.html), etc, then you would script generation of new FAUCET configs as appropriate and signal FAUCET to apply the change.


Tuesday, September 13, 2016

ODBC support (flows and stats logging to external database)


FAUCET's monitoring application, Gauge, can now push flow table changes and port based statistics to ODBC databases (including CouchDB). This means that monitoring and security applications are much easier to develop, because they don't need to directly interact with OpenFlow switches, and since FAUCET can push statistics there is no need for a database to poll each switch or FAUCET instance.

You can find an overview of how this is configured at https://github.com/REANNZ/faucet/blob/master/src/docs/database_architecture.rst.


Friday, September 2, 2016

FAUCET V1.1

FAUCET version 1.1 has been released:

https://pypi.python.org/pypi/ryu-faucet/

https://github.com/REANNZ/faucet/releases/tag/v1_1

This release consolidates and introduces:

  • further progress on automated testing (including automated testing of hardware)
  • new configuration format and support for a single FAUCET controller handling multiple datapaths
  • policy based forwarding (ACLs can override and/or augment standard forwarding behavior).
  • BGP routing
  • Configuration of OpenFlow pipelines with the standard "table features" mechanism.

Monday, August 29, 2016

FAUCET on docker

docker allows you to precisely describe what an application needs, and also isolate it from what it shouldn't need. This makes installation and testing much easier. In FAUCET's case, WAND have done a nice job - as well as packaging installation, they have packaged tests. Running FAUCET's unit tests is now very easy (see below). See also for how to use docker to install and upgrade FAUCET itself.

Dockerfile.tests

This runs the mininet tests from the docker entry-point:
docker build -t reannz/faucet-tests -f Dockerfile.tests .
apparmor_parser -R /etc/apparmor.d/usr.sbin.tcpdump
modprobe openvswitch
sudo docker run --privileged -ti reannz/faucet-tests

Thursday, August 18, 2016

SimpleSwitch 2

https://inside-openflow.com/2016/08/05/ryu-api-reimagining-simple-switch/

SimpleSwitch Reimagined is heavily influenced byFaucet, an Open Source commercial-grade OpenFlow controller application for Ryu. Our purpose was not to rewrite Faucet, but to write an easy-to-understand controller application for learning more advanced OpenFlow concepts. As a result, SS2 does not include some of Faucet’s features such as VLAN learning, but is written to be very easy to follow and and to teach useful design patterns for Ryu controller applications and OpenFlow in general. This tutorial will run through the core of SS2, explaining the thinking and design behind every bit of code and hopefully provide you with ideas on writing your own controller application. The structure and concepts employed by SS2 will also help introduce the logic behind Faucet when we explore it in the near future.