Re: [nox-dev] A question regarding Authenticator module
I agree, this is by no means meant to replace doxygen, which is essential for lower-level doc. It is meant for high level presentation and other information that is hard to get in doxygen (e.g.FAQ) On Fri, Mar 12, 2010 at 2:53 PM, kk yap wrote: > Hi, > > I would suggest using doxygen, since we already have some effort going > forward there already. I would be happy to push any documentation > patches for doxygen. > > regards > KK > > On 12 March 2010 14:49, Kyriakos Zarifis wrote: > > > > > > On Fri, Mar 12, 2010 at 2:38 PM, Natasha Gude > wrote: > >> > >> Comments inline: > >> On Fri, Mar 12, 2010 at 1:56 PM, Guanyao Huang > >> wrote: > >>> > >>> I think some document of authenticator module is very necessary. > >>> The newest version of authenticator module seems changed a lot, but > >>> the code for routing module remains the same. > >>> For example, why there are many events defined in host_event.hh, > >> > >> host_event.hh has comments describing the meanings of the different > >> events. > >> > > > > I've started putting together documentation from different sources here. > > it's still missing important bits, anyone who feels like adding something > > please do so. > > Nice explanations like the one Natasha just gave could be added directly > > there > > > > http://74.207.253.160/noxwiki/index.php/Authenticator > > > > > > ___ > > nox-dev mailing list > > nox-dev@noxrepo.org > > http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org > > > > > ___ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
Re: [nox-dev] A question regarding Authenticator module
If you look at authenticator.hh, you will see the AUTH_WITH_ROUTING #ifdef When this is enabled, the authenticator component depends on the application named "routing_module" (which is basically just a library). The application named "routing" meanwhile (defined by sprouting.hh/.cc) will actually route flows based on the flow-in events it sees. I was just saying that AUTH_WITH_ROUTING can be enabled without running the "routing" application since it only depends on the library (thus allowing someone to run a different routing application should they so choose). On Fri, Mar 12, 2010 at 4:11 PM, Guanyao Huang wrote: > Sorry. > I dont quite follow your reply below. > Do you mean I just enable AUTH_WITH_ROUTING then the existing routing > module will work? I canot find this AUTH_WITH_ROUTING > What do you mean by "which depends on the routing_module library, > NOT the sprouting.hh/sprouting.cc component"?? > > > Finally, in regard to the presence of multiple locations for a given mac > > address. We found the need for this in certain topologies where a host > was > > effectively connected to two distinct openflow ports in the network, > > sending/receiving packets on both using the same mac address. If this > > doesn't happen in your topologies, and the AUTH_WITH_ROUTING ifdef is > > enabled in authenticator.hh (which depends on the routing_module library, > > NOT the sprouting.hh/sprouting.cc component) then you should not be > seeing > > multiple locations, or they should be timing out. > > Feel free to resend any questions I missed. > > Natasha > >> > >> On Fri, Mar 12, 2010 at 1:40 PM, Srini Seetharaman > >> wrote: > >> > Just to add to Guanyao's observations: I wanted to mention that the > >> > host having two bindings is something we run across often in our > >> > Stanford setup. However, we notice it only when the topology is > >> > changed during runtime. > >> > > >> > Srini. > >> > > > > > > ___ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
Re: [nox-dev] A question regarding Authenticator module
Sorry. I dont quite follow your reply below. Do you mean I just enable AUTH_WITH_ROUTING then the existing routing module will work? I canot find this AUTH_WITH_ROUTING What do you mean by "which depends on the routing_module library, NOT the sprouting.hh/sprouting.cc component"?? > Finally, in regard to the presence of multiple locations for a given mac > address. We found the need for this in certain topologies where a host was > effectively connected to two distinct openflow ports in the network, > sending/receiving packets on both using the same mac address. If this > doesn't happen in your topologies, and the AUTH_WITH_ROUTING ifdef is > enabled in authenticator.hh (which depends on the routing_module library, > NOT the sprouting.hh/sprouting.cc component) then you should not be seeing > multiple locations, or they should be timing out. > Feel free to resend any questions I missed. > Natasha >> >> On Fri, Mar 12, 2010 at 1:40 PM, Srini Seetharaman >> wrote: >> > Just to add to Guanyao's observations: I wanted to mention that the >> > host having two bindings is something we run across often in our >> > Stanford setup. However, we notice it only when the topology is >> > changed during runtime. >> > >> > Srini. >> > > > ___ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
Re: [nox-dev] A question regarding Authenticator module
Hi, I would suggest using doxygen, since we already have some effort going forward there already. I would be happy to push any documentation patches for doxygen. regards KK On 12 March 2010 14:49, Kyriakos Zarifis wrote: > > > On Fri, Mar 12, 2010 at 2:38 PM, Natasha Gude wrote: >> >> Comments inline: >> On Fri, Mar 12, 2010 at 1:56 PM, Guanyao Huang >> wrote: >>> >>> I think some document of authenticator module is very necessary. >>> The newest version of authenticator module seems changed a lot, but >>> the code for routing module remains the same. >>> For example, why there are many events defined in host_event.hh, >> >> host_event.hh has comments describing the meanings of the different >> events. >> > > I've started putting together documentation from different sources here. > it's still missing important bits, anyone who feels like adding something > please do so. > Nice explanations like the one Natasha just gave could be added directly > there > > http://74.207.253.160/noxwiki/index.php/Authenticator > > > ___ > nox-dev mailing list > nox-dev@noxrepo.org > http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org > > ___ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
Re: [nox-dev] A question regarding Authenticator module
On Fri, Mar 12, 2010 at 2:38 PM, Natasha Gude wrote: > Comments inline: > > On Fri, Mar 12, 2010 at 1:56 PM, Guanyao Huang wrote: > >> I think some document of authenticator module is very necessary. >> The newest version of authenticator module seems changed a lot, but >> the code for routing module remains the same. >> For example, why there are many events defined in host_event.hh, > > > host_event.hh has comments describing the meanings of the different events. > > I've started putting together documentation from different sources here. it's still missing important bits, anyone who feels like adding something please do so. Nice explanations like the one Natasha just gave could be added directly there http://74.207.253.160/noxwiki/index.php/Authenticator ___ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
Re: [nox-dev] A question regarding Authenticator module
Comments inline: On Fri, Mar 12, 2010 at 1:56 PM, Guanyao Huang wrote: > I think some document of authenticator module is very necessary. > The newest version of authenticator module seems changed a lot, but > the code for routing module remains the same. > For example, why there are many events defined in host_event.hh, host_event.hh has comments describing the meanings of the different events. > why > there are many entries, bindings defined in authenticator.hh. > For networks wanting to identify hosts with certain addresses, or coming up on certain locations, with specific identifiers. e.g. Someone wants to say "mac address ab:cd:ef:12:34:56 will always be host A so when that mac address shows up, the host event should include host A's identifier." If such an identifier doesn't exist then the entity is tagged with a default identifier, which is probably what you see as it doesn't seem that you are using this feature - it's optional. > Normally, given a mac address, or, IP address, what is the API used to > get its datapath? > get_addr_entry() and look at and authenticated locations. an AuthedLocation can be traversed to find the port and datapathid. if those switches/ports have been tagged with identifiers, those can be seen as well, though again, it doesn't seem like you're using that, so you can ignore it. > Without such things, I feel easily get lost in the code. > I guess many people are developing their own module based on flow_in > event. It would be nice if they know how this flow_in event was > generated. > > all the flow-in is trying to do is annotate a packet-in event with identifiers. e.g. this packet was sent by host A which is on switch B and has user C logged in. if you don't need this functionality, you are free to ignore the flow-in and just use the packet-in. to address KK's comments, the flow-in event is not generated for the sole purpose of routing. 1. the tagging can prove very useful in other scenarios (as we use internally) and 2. pulling in the the routing component using the flow_in_event is completely optional, and can be replaced by a component using packet-in's instead. sprouting.hh/.cc uses the flow-in event to set up routes from the original source instead of the one the packet came in on (as you may have seen, these datapaths are not always the same) to support mobility. In general, it's actions reflect what's need to get to end-to-end routing working in somewhat of a dynamic network. Finally, in regard to the presence of multiple locations for a given mac address. We found the need for this in certain topologies where a host was effectively connected to two distinct openflow ports in the network, sending/receiving packets on both using the same mac address. If this doesn't happen in your topologies, and the AUTH_WITH_ROUTING ifdef is enabled in authenticator.hh (which depends on the routing_module library, NOT the sprouting.hh/sprouting.cc component) then you should not be seeing multiple locations, or they should be timing out. Feel free to resend any questions I missed. Natasha On Fri, Mar 12, 2010 at 1:40 PM, Srini Seetharaman > wrote: > > Just to add to Guanyao's observations: I wanted to mention that the > > host having two bindings is something we run across often in our > > Stanford setup. However, we notice it only when the topology is > > changed during runtime. > > > > Srini. > > > ___ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
Re: [nox-dev] A question regarding Authenticator module
I would like to put forth a "concise rant" here. The short story is that *no one should use flow-in event* and we should deprecate it. I have several reasons for saying so. 1) The flow-in semantics is hard to reason about. We generate a flow-in using packet-in. And if a route cannot be found, the flow-in is flooded? The flooding is actually done to a packet and not a flow. 2) You do not have control over the packet in thereafter. Some two components can be handling the packet-in and flow-in, which refers to the same packets actually. 3) Flow-in really does not give you much anyway. If you want the header fields in flow-in, just use flow.hh. It parses those. So, ends my quibble about flow-in. Regards KK On 12 March 2010 13:56, Guanyao Huang wrote: > I think some document of authenticator module is very necessary. > The newest version of authenticator module seems changed a lot, but > the code for routing module remains the same. > For example, why there are many events defined in host_event.hh, why > there are many entries, bindings defined in authenticator.hh. > Normally, given a mac address, or, IP address, what is the API used to > get its datapath? > Without such things, I feel easily get lost in the code. > I guess many people are developing their own module based on flow_in > event. It would be nice if they know how this flow_in event was > generated. > > On Fri, Mar 12, 2010 at 1:40 PM, Srini Seetharaman > wrote: >> Just to add to Guanyao's observations: I wanted to mention that the >> host having two bindings is something we run across often in our >> Stanford setup. However, we notice it only when the topology is >> changed during runtime. >> >> Srini. >> > > ___ > nox-dev mailing list > nox-dev@noxrepo.org > http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org > ___ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
Re: [nox-dev] A question regarding Authenticator module
I think some document of authenticator module is very necessary. The newest version of authenticator module seems changed a lot, but the code for routing module remains the same. For example, why there are many events defined in host_event.hh, why there are many entries, bindings defined in authenticator.hh. Normally, given a mac address, or, IP address, what is the API used to get its datapath? Without such things, I feel easily get lost in the code. I guess many people are developing their own module based on flow_in event. It would be nice if they know how this flow_in event was generated. On Fri, Mar 12, 2010 at 1:40 PM, Srini Seetharaman wrote: > Just to add to Guanyao's observations: I wanted to mention that the > host having two bindings is something we run across often in our > Stanford setup. However, we notice it only when the topology is > changed during runtime. > > Srini. > ___ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
Re: [nox-dev] A question regarding Authenticator module
Just to add to Guanyao's observations: I wanted to mention that the host having two bindings is something we run across often in our Stanford setup. However, we notice it only when the topology is changed during runtime. Srini. ___ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
Re: [nox-dev] Building nox with older versions of openflow
Hi Tim, In git://noxrepo.org/nox, there is a openflow-0.9 branch. It works with OpenFlow v0.9. I believe routing will not work though, since the flow_mod is not updated. My apologies, I should have backported these from the openflow-1.0 branch. FYI. Regards KK On 12 March 2010 07:53, wrote: > Good morning all, > > I am trying to set up a nox controller with a switch that is currently > implementing the 0.9.0 OpenFlow spec. Is there a version of nox I can build > with OF 0.9.0 floating around? > > Thanks, > -- > Tim Upthegrove > Georgia Institute of Technology > College of Computing > > ___ > nox-dev mailing list > nox-dev@noxrepo.org > http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org > ___ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org
[nox-dev] Building nox with older versions of openflow
Good morning all, I am trying to set up a nox controller with a switch that is currently implementing the 0.9.0 OpenFlow spec. Is there a version of nox I can build with OF 0.9.0 floating around? Thanks, -- Tim Upthegrove Georgia Institute of Technology College of Computing ___ nox-dev mailing list nox-dev@noxrepo.org http://noxrepo.org/mailman/listinfo/nox-dev_noxrepo.org