These instructions use the OpenFlow userspace switch that runs as an
integrated userspace program.
-0. The commands below must run as root, so log in as root, or use a
- program such as "su" to become root temporarily.
-
1. Start the OpenFlow controller running in the background, by running
the "controller" program with a command like the following:
# controller ptcp: &
- This command causes the controller to bind to port 975 (the
+ This command causes the controller to bind to port 6633 (the
default) awaiting connections from OpenFlow switches. See
controller(8) for details.
+
+ The "controller" program does not require any special privilege, so
+ you do not need to run it as root.
-2. On the same machine, use the "switch" program to start an OpenFlow
+2. The "switch" program must run as root, so log in as root, or use a
+ program such as "su" to become root temporarily.
+
+3. On the same machine, use the "switch" program to start an OpenFlow
switch, specifying network devices to use as switch ports on the -i
option as a comma-separated list, like so:
The network devices that you specify should not have configured IP
addresses.
-3. The controller causes each switch that connects to it to act like a
+4. The controller causes each switch that connects to it to act like a
learning Ethernet switch. Thus, devices plugged into the specified
network ports should now be able to send packets to each other, as
if they were plugged into ports on a conventional Ethernet switch.
The udatapath program is part of the OpenFlow extensions repository,
which is not included in every OpenFlow distribution.
-0. The commands below must run as root, so log in as root, or use a
- program such as "su" to become root temporarily.
-
1. Start the OpenFlow controller running in the background, by running
the "controller" program with a command like the following:
This command causes the controller to bind to the specified Unix
domain socket, awaiting connections from OpenFlow switches. See
controller(8) for details.
+
+ The "controller" program does not require any special privilege, so
+ you do not need to run it as root.
-2. Create a datapath instance running in the background. The command
+2. The commands below must run as root, so log in as root, or use a
+ program such as "su" to become root temporarily.
+
+3. Create a datapath instance running in the background. The command
below creates a datapath that listens for connections from secchan
on a Unix domain socket located in /var/run and services physical
ports eth1 and eth2:
# udatapath punix:/var/run/dp0.sock -i eth1,eth2 &
-3. Run secchan to start the secure channel connecting the datapath and
+4. Run secchan to start the secure channel connecting the datapath and
the controller:
# secchan unix:/var/run/controller.sock unix:/var/run/dp0.sock &
-4. Devices plugged into the network ports specified in step 2 should
+5. Devices plugged into the network ports specified in step 2 should
now be able to send packets to each other, as if they were plugged
into ports on a conventional Ethernet switch.
On the machine that is to be the OpenFlow controller, start the
"controller" program listening for connections from switches on TCP
-port 975 (the default), as shown below. (Because it listens on a
-low-numbered port, this command must run as root.)
+port 6633 (the default), as shown below.
# controller -v ptcp:
the IP address of the controller as the first argument to the
switch program, and the network devices to include in the switch as
arguments to the -i option. For example, if the controller is
- running on host 192.168.1.2 port 975 (the default port), and eth1
+ running on host 192.168.1.2 port 6633 (the default port), and eth1
and eth2 are to be the switch ports, the switch invocation would
look like this:
4. Run secchan to start the secure channel connecting the datapath to
a remote controller. If the controller is running on host
- 192.168.1.2 port 975 (the default port), the secchan invocation
+ 192.168.1.2 port 6633 (the default port), the secchan invocation
would look like this:
# secchan unix:/var/run/dp0.sock tcp:192.168.1.2
4. Run secchan to start the secure channel connecting the datapath to
a remote controller. If the controller is running on host
- 192.168.1.2 port 975 (the default port), the secchan invocation
+ 192.168.1.2 port 6633 (the default port), the secchan invocation
would look like this:
# secchan nl:0 tcp:192.168.1.2
OpenFlow can use it directly. Otherwise, refer to "Establishing a
Public Key Infrastructure" below.
-To configure the controller to listen for SSL connections on port 976
+To configure the controller to listen for SSL connections on port 6633
(the default), invoke it as follows:
# controller -v pssl: --private-key=PRIVKEY --certificate=CERT \
# controller -v pssl: --private-key=ctl-privkey.pem \
--certificate=ctl-cert.pem --ca-cert=pki/switchca/cacert.pem
-To configure a switch to connect to a controller running on port 976
+To configure a switch to connect to a controller running on port 6633
(the default) on host 192.168.1.2 over SSL, invoke secchan as follows:
# secchan -v DATAPATH ssl:192.168.1.2 --private-key=PRIVKEY \