ryu documentation - read the docs
TRANSCRIPT
ryu DocumentationRelease 330
ryu development team
February 23 2016
Contents
1 Getting Started 311 Whatrsquos Ryu 312 Quick Start 313 Optional Requirements 314 Support 4
2 Writing Your Ryu Application 521 The First Application 522 Components of Ryu 623 Ryu application API 824 Library 1325 OpenFlow protocol API Reference 2026 Nicira Extension Structures 2027 Ryu API Reference 21
3 Configuration 2331 Setup TLS Connection 2332 Topology Viewer 24
4 Tests 2741 Testing VRRP Module 2742 Testing OF-config support with LINC 30
5 Using Ryu Network Operating System with OpenStack as OpenFlow controller 35
6 Snort Intergration 3761 Overview 3762 Installation Snort 3863 Configure Snort 3864 Usage 38
7 Built-in Ryu applications 4171 ryuappofctl 4172 ryuappofctl_rest 41
8 Indices and tables 83
Python Module Index 85
i
ii
ryu Documentation Release 330
Contents
Contents 1
ryu Documentation Release 330
2 Contents
CHAPTER 1
Getting Started
11 Whatrsquos Ryu
Ryu is a component-based software defined networking framework
Ryu provides software components with well defined API that make it easy for developers to create new network man-agement and control applications Ryu supports various protocols for managing network devices such as OpenFlowNetconf OF-config etc About OpenFlow Ryu supports fully 10 12 13 14 15 and Nicira Extensions
All of the code is freely available under the Apache 20 license Ryu is fully written in Python
12 Quick Start
Installing Ryu is quite easy
pip install ryu
If you prefer to install Ryu from the source code
git clone gitgithubcomosrgryugit cd ryu python setuppy install
If you want to write your Ryu application have a look at Writing ryu application document After writing yourapplication just type
ryu-manager yourapppy
13 Optional Requirements
Some functionalities of ryu requires extra packages
bull OF-Config requires lxml
bull NETCONF requires paramiko
bull BGP speaker (ssh console) requires paramiko
If you want to use the functionalities please install requirements
pip install lxml pip install paramiko
3
ryu Documentation Release 330
14 Support
Ryu Official site is httposrggithubioryu
If you have any questions suggestions and patches the mailing list is available at ryu-devel ML The ML archive atGmane is also available
4 Chapter 1 Getting Started
CHAPTER 2
Writing Your Ryu Application
21 The First Application
211 Whetting Your Appetite
If you want to manage the network gears (switches routers etc) at your way you need to write your Ryu applicationYour application tells Ryu how you want to manage the gears Then Ryu configures the gears by using OpenFlowprotocol etc
Writing Ryu application is easy Itrsquos just Python scripts
212 Start Writing
We show a Ryu application that make OpenFlow switches work as a dumb layer 2 switch
Open a text editor creating a new file with the following content
from ryubase import app_manager
class L2Switch(app_managerRyuApp)def __init__(self args kwargs)
super(L2Switch self)__init__(args kwargs)
Ryu application is just a Python script so you can save the file with any name extensions and any place you wantLetrsquos name the file lsquol2pyrsquo at your home directory
This application does nothing useful yet however itrsquos a complete Ryu application In fact you can run this Ryuapplication
ryu-manager ~l2pyloading app Usersfujital2pyinstantiating app Usersfujital2py
All you have to do is defining needs a new subclass of RyuApp to run your Python script as a Ryu application
Next letrsquos add the functionality of sending a received packet to all the ports
from ryubase import app_managerfrom ryucontroller import ofp_eventfrom ryucontrollerhandler import MAIN_DISPATCHERfrom ryucontrollerhandler import set_ev_cls
class L2Switch(app_managerRyuApp)
5
ryu Documentation Release 330
def __init__(self args kwargs)super(L2Switch self)__init__(args kwargs)
set_ev_cls(ofp_eventEventOFPPacketIn MAIN_DISPATCHER)def packet_in_handler(self ev)
msg = evmsgdp = msgdatapathofp = dpofprotoofp_parser = dpofproto_parser
actions = [ofp_parserOFPActionOutput(ofpOFPP_FLOOD)]out = ofp_parserOFPPacketOut(
datapath=dp buffer_id=msgbuffer_id in_port=msgin_portactions=actions)
dpsend_msg(out)
A new method lsquopacket_in_handlerrsquo is added to L2Switch class This is called when Ryu receives an OpenFlowpacket_in message The trick is lsquoset_ev_clsrsquo decorator This decorator tells Ryu when the decorated function shouldbe called
The first argument of the decorator indicates an event that makes function called As you expect easily every timeRyu gets a packet_in message this function is called
The second argument indicates the state of the switch Probably you want to ignore packet_in messages before thenegotiation between Ryu and the switch finishes Using lsquoMAIN_DISPATCHERrsquo as the second argument means thisfunction is called only after the negotiation completes
Next letrsquos look at the first half of the lsquopacket_in_handlerrsquo function
bull evmsg is an object that represents a packet_in data structure
bull msgdp is an object that represents a datapath (switch)
bull dpofproto and dpofproto_parser are objects that represent the OpenFlow protocol that Ryu and the switchnegotiated
Ready for the second half
bull OFPActionOutput class is used with a packet_out message to specify a switch port that you want to send thepacket out of This application need a switch to send out of all the ports so OFPP_FLOOD constant is used
bull OFPPacketOut class is used to build a packet_out message
bull If you call Datapath classrsquos send_msg method with a OpenFlow message class object Ryu builds and send theon-wire data format to the switch
Here you finished implementing your first Ryu application You are ready to run this Ryu application that doessomething useful
A dumb l2 switch is too dumb You want to implement a learning l2 switch Move to the next step You can learnfrom the existing Ryu applications at ryuapp directory and integrated tests directory
22 Components of Ryu
221 Executables
binryu-manager
The main executable
6 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
222 Base components
ryubaseapp_manager
223 OpenFlow controller
ryucontrollercontroller
ryucontrollerdpset
ryucontrollerofp_event
ryucontrollerofp_handler
224 OpenFlow wire protocol encoder and decoder
ryuofprotoofproto_v1_0
ryuofprotoofproto_v1_0_parser
ryuofprotoofproto_v1_2
ryuofprotoofproto_v1_2_parser
ryuofprotoofproto_v1_3
ryuofprotoofproto_v1_3_parser
ryuofprotoofproto_v1_4
ryuofprotoofproto_v1_4_parser
ryuofprotoofproto_v1_5
ryuofprotoofproto_v1_5_parser
225 Ryu applications
ryuappcbench
ryuappsimple_switch
ryutopology
Switch and link discovery module Planned to replace ryucontrollerdpset
22 Components of Ryu 7
ryu Documentation Release 330
226 Libraries
ryulibpacket
ryulibovs
ovsdb interaction library
ryulibof_config
OF-Config implementation
ryulibnetconf
NETCONF definitions used by ryulibof_config
ryulibxflow
An implementation of sFlow and NetFlow
227 Third party libraries
ryucontribovs
Open vSwitch python binding Used by ryulibovs
ryucontribosloconfig
Oslo configuration library Used for ryu-managerrsquos command-line options and configuration files
ryucontribncclient
Python library for NETCONF client Used by ryulibof_config
23 Ryu application API
231 Ryu application programming model
Threads events and event queues
Ryu applications are single-threaded entities which implement various functionalities in Ryu Events are messagesbetween them
Ryu applications send asynchronous events each other Besides that there are some Ryu-internal event sources whichare not Ryu applications One of examples of such event sources is OpenFlow controller While an event can currentlycontain arbitrary python objects itrsquos discouraged to pass complex objects (eg unpickleable objects) between Ryuapplications
8 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
Contents
1 Getting Started 311 Whatrsquos Ryu 312 Quick Start 313 Optional Requirements 314 Support 4
2 Writing Your Ryu Application 521 The First Application 522 Components of Ryu 623 Ryu application API 824 Library 1325 OpenFlow protocol API Reference 2026 Nicira Extension Structures 2027 Ryu API Reference 21
3 Configuration 2331 Setup TLS Connection 2332 Topology Viewer 24
4 Tests 2741 Testing VRRP Module 2742 Testing OF-config support with LINC 30
5 Using Ryu Network Operating System with OpenStack as OpenFlow controller 35
6 Snort Intergration 3761 Overview 3762 Installation Snort 3863 Configure Snort 3864 Usage 38
7 Built-in Ryu applications 4171 ryuappofctl 4172 ryuappofctl_rest 41
8 Indices and tables 83
Python Module Index 85
i
ii
ryu Documentation Release 330
Contents
Contents 1
ryu Documentation Release 330
2 Contents
CHAPTER 1
Getting Started
11 Whatrsquos Ryu
Ryu is a component-based software defined networking framework
Ryu provides software components with well defined API that make it easy for developers to create new network man-agement and control applications Ryu supports various protocols for managing network devices such as OpenFlowNetconf OF-config etc About OpenFlow Ryu supports fully 10 12 13 14 15 and Nicira Extensions
All of the code is freely available under the Apache 20 license Ryu is fully written in Python
12 Quick Start
Installing Ryu is quite easy
pip install ryu
If you prefer to install Ryu from the source code
git clone gitgithubcomosrgryugit cd ryu python setuppy install
If you want to write your Ryu application have a look at Writing ryu application document After writing yourapplication just type
ryu-manager yourapppy
13 Optional Requirements
Some functionalities of ryu requires extra packages
bull OF-Config requires lxml
bull NETCONF requires paramiko
bull BGP speaker (ssh console) requires paramiko
If you want to use the functionalities please install requirements
pip install lxml pip install paramiko
3
ryu Documentation Release 330
14 Support
Ryu Official site is httposrggithubioryu
If you have any questions suggestions and patches the mailing list is available at ryu-devel ML The ML archive atGmane is also available
4 Chapter 1 Getting Started
CHAPTER 2
Writing Your Ryu Application
21 The First Application
211 Whetting Your Appetite
If you want to manage the network gears (switches routers etc) at your way you need to write your Ryu applicationYour application tells Ryu how you want to manage the gears Then Ryu configures the gears by using OpenFlowprotocol etc
Writing Ryu application is easy Itrsquos just Python scripts
212 Start Writing
We show a Ryu application that make OpenFlow switches work as a dumb layer 2 switch
Open a text editor creating a new file with the following content
from ryubase import app_manager
class L2Switch(app_managerRyuApp)def __init__(self args kwargs)
super(L2Switch self)__init__(args kwargs)
Ryu application is just a Python script so you can save the file with any name extensions and any place you wantLetrsquos name the file lsquol2pyrsquo at your home directory
This application does nothing useful yet however itrsquos a complete Ryu application In fact you can run this Ryuapplication
ryu-manager ~l2pyloading app Usersfujital2pyinstantiating app Usersfujital2py
All you have to do is defining needs a new subclass of RyuApp to run your Python script as a Ryu application
Next letrsquos add the functionality of sending a received packet to all the ports
from ryubase import app_managerfrom ryucontroller import ofp_eventfrom ryucontrollerhandler import MAIN_DISPATCHERfrom ryucontrollerhandler import set_ev_cls
class L2Switch(app_managerRyuApp)
5
ryu Documentation Release 330
def __init__(self args kwargs)super(L2Switch self)__init__(args kwargs)
set_ev_cls(ofp_eventEventOFPPacketIn MAIN_DISPATCHER)def packet_in_handler(self ev)
msg = evmsgdp = msgdatapathofp = dpofprotoofp_parser = dpofproto_parser
actions = [ofp_parserOFPActionOutput(ofpOFPP_FLOOD)]out = ofp_parserOFPPacketOut(
datapath=dp buffer_id=msgbuffer_id in_port=msgin_portactions=actions)
dpsend_msg(out)
A new method lsquopacket_in_handlerrsquo is added to L2Switch class This is called when Ryu receives an OpenFlowpacket_in message The trick is lsquoset_ev_clsrsquo decorator This decorator tells Ryu when the decorated function shouldbe called
The first argument of the decorator indicates an event that makes function called As you expect easily every timeRyu gets a packet_in message this function is called
The second argument indicates the state of the switch Probably you want to ignore packet_in messages before thenegotiation between Ryu and the switch finishes Using lsquoMAIN_DISPATCHERrsquo as the second argument means thisfunction is called only after the negotiation completes
Next letrsquos look at the first half of the lsquopacket_in_handlerrsquo function
bull evmsg is an object that represents a packet_in data structure
bull msgdp is an object that represents a datapath (switch)
bull dpofproto and dpofproto_parser are objects that represent the OpenFlow protocol that Ryu and the switchnegotiated
Ready for the second half
bull OFPActionOutput class is used with a packet_out message to specify a switch port that you want to send thepacket out of This application need a switch to send out of all the ports so OFPP_FLOOD constant is used
bull OFPPacketOut class is used to build a packet_out message
bull If you call Datapath classrsquos send_msg method with a OpenFlow message class object Ryu builds and send theon-wire data format to the switch
Here you finished implementing your first Ryu application You are ready to run this Ryu application that doessomething useful
A dumb l2 switch is too dumb You want to implement a learning l2 switch Move to the next step You can learnfrom the existing Ryu applications at ryuapp directory and integrated tests directory
22 Components of Ryu
221 Executables
binryu-manager
The main executable
6 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
222 Base components
ryubaseapp_manager
223 OpenFlow controller
ryucontrollercontroller
ryucontrollerdpset
ryucontrollerofp_event
ryucontrollerofp_handler
224 OpenFlow wire protocol encoder and decoder
ryuofprotoofproto_v1_0
ryuofprotoofproto_v1_0_parser
ryuofprotoofproto_v1_2
ryuofprotoofproto_v1_2_parser
ryuofprotoofproto_v1_3
ryuofprotoofproto_v1_3_parser
ryuofprotoofproto_v1_4
ryuofprotoofproto_v1_4_parser
ryuofprotoofproto_v1_5
ryuofprotoofproto_v1_5_parser
225 Ryu applications
ryuappcbench
ryuappsimple_switch
ryutopology
Switch and link discovery module Planned to replace ryucontrollerdpset
22 Components of Ryu 7
ryu Documentation Release 330
226 Libraries
ryulibpacket
ryulibovs
ovsdb interaction library
ryulibof_config
OF-Config implementation
ryulibnetconf
NETCONF definitions used by ryulibof_config
ryulibxflow
An implementation of sFlow and NetFlow
227 Third party libraries
ryucontribovs
Open vSwitch python binding Used by ryulibovs
ryucontribosloconfig
Oslo configuration library Used for ryu-managerrsquos command-line options and configuration files
ryucontribncclient
Python library for NETCONF client Used by ryulibof_config
23 Ryu application API
231 Ryu application programming model
Threads events and event queues
Ryu applications are single-threaded entities which implement various functionalities in Ryu Events are messagesbetween them
Ryu applications send asynchronous events each other Besides that there are some Ryu-internal event sources whichare not Ryu applications One of examples of such event sources is OpenFlow controller While an event can currentlycontain arbitrary python objects itrsquos discouraged to pass complex objects (eg unpickleable objects) between Ryuapplications
8 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ii
ryu Documentation Release 330
Contents
Contents 1
ryu Documentation Release 330
2 Contents
CHAPTER 1
Getting Started
11 Whatrsquos Ryu
Ryu is a component-based software defined networking framework
Ryu provides software components with well defined API that make it easy for developers to create new network man-agement and control applications Ryu supports various protocols for managing network devices such as OpenFlowNetconf OF-config etc About OpenFlow Ryu supports fully 10 12 13 14 15 and Nicira Extensions
All of the code is freely available under the Apache 20 license Ryu is fully written in Python
12 Quick Start
Installing Ryu is quite easy
pip install ryu
If you prefer to install Ryu from the source code
git clone gitgithubcomosrgryugit cd ryu python setuppy install
If you want to write your Ryu application have a look at Writing ryu application document After writing yourapplication just type
ryu-manager yourapppy
13 Optional Requirements
Some functionalities of ryu requires extra packages
bull OF-Config requires lxml
bull NETCONF requires paramiko
bull BGP speaker (ssh console) requires paramiko
If you want to use the functionalities please install requirements
pip install lxml pip install paramiko
3
ryu Documentation Release 330
14 Support
Ryu Official site is httposrggithubioryu
If you have any questions suggestions and patches the mailing list is available at ryu-devel ML The ML archive atGmane is also available
4 Chapter 1 Getting Started
CHAPTER 2
Writing Your Ryu Application
21 The First Application
211 Whetting Your Appetite
If you want to manage the network gears (switches routers etc) at your way you need to write your Ryu applicationYour application tells Ryu how you want to manage the gears Then Ryu configures the gears by using OpenFlowprotocol etc
Writing Ryu application is easy Itrsquos just Python scripts
212 Start Writing
We show a Ryu application that make OpenFlow switches work as a dumb layer 2 switch
Open a text editor creating a new file with the following content
from ryubase import app_manager
class L2Switch(app_managerRyuApp)def __init__(self args kwargs)
super(L2Switch self)__init__(args kwargs)
Ryu application is just a Python script so you can save the file with any name extensions and any place you wantLetrsquos name the file lsquol2pyrsquo at your home directory
This application does nothing useful yet however itrsquos a complete Ryu application In fact you can run this Ryuapplication
ryu-manager ~l2pyloading app Usersfujital2pyinstantiating app Usersfujital2py
All you have to do is defining needs a new subclass of RyuApp to run your Python script as a Ryu application
Next letrsquos add the functionality of sending a received packet to all the ports
from ryubase import app_managerfrom ryucontroller import ofp_eventfrom ryucontrollerhandler import MAIN_DISPATCHERfrom ryucontrollerhandler import set_ev_cls
class L2Switch(app_managerRyuApp)
5
ryu Documentation Release 330
def __init__(self args kwargs)super(L2Switch self)__init__(args kwargs)
set_ev_cls(ofp_eventEventOFPPacketIn MAIN_DISPATCHER)def packet_in_handler(self ev)
msg = evmsgdp = msgdatapathofp = dpofprotoofp_parser = dpofproto_parser
actions = [ofp_parserOFPActionOutput(ofpOFPP_FLOOD)]out = ofp_parserOFPPacketOut(
datapath=dp buffer_id=msgbuffer_id in_port=msgin_portactions=actions)
dpsend_msg(out)
A new method lsquopacket_in_handlerrsquo is added to L2Switch class This is called when Ryu receives an OpenFlowpacket_in message The trick is lsquoset_ev_clsrsquo decorator This decorator tells Ryu when the decorated function shouldbe called
The first argument of the decorator indicates an event that makes function called As you expect easily every timeRyu gets a packet_in message this function is called
The second argument indicates the state of the switch Probably you want to ignore packet_in messages before thenegotiation between Ryu and the switch finishes Using lsquoMAIN_DISPATCHERrsquo as the second argument means thisfunction is called only after the negotiation completes
Next letrsquos look at the first half of the lsquopacket_in_handlerrsquo function
bull evmsg is an object that represents a packet_in data structure
bull msgdp is an object that represents a datapath (switch)
bull dpofproto and dpofproto_parser are objects that represent the OpenFlow protocol that Ryu and the switchnegotiated
Ready for the second half
bull OFPActionOutput class is used with a packet_out message to specify a switch port that you want to send thepacket out of This application need a switch to send out of all the ports so OFPP_FLOOD constant is used
bull OFPPacketOut class is used to build a packet_out message
bull If you call Datapath classrsquos send_msg method with a OpenFlow message class object Ryu builds and send theon-wire data format to the switch
Here you finished implementing your first Ryu application You are ready to run this Ryu application that doessomething useful
A dumb l2 switch is too dumb You want to implement a learning l2 switch Move to the next step You can learnfrom the existing Ryu applications at ryuapp directory and integrated tests directory
22 Components of Ryu
221 Executables
binryu-manager
The main executable
6 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
222 Base components
ryubaseapp_manager
223 OpenFlow controller
ryucontrollercontroller
ryucontrollerdpset
ryucontrollerofp_event
ryucontrollerofp_handler
224 OpenFlow wire protocol encoder and decoder
ryuofprotoofproto_v1_0
ryuofprotoofproto_v1_0_parser
ryuofprotoofproto_v1_2
ryuofprotoofproto_v1_2_parser
ryuofprotoofproto_v1_3
ryuofprotoofproto_v1_3_parser
ryuofprotoofproto_v1_4
ryuofprotoofproto_v1_4_parser
ryuofprotoofproto_v1_5
ryuofprotoofproto_v1_5_parser
225 Ryu applications
ryuappcbench
ryuappsimple_switch
ryutopology
Switch and link discovery module Planned to replace ryucontrollerdpset
22 Components of Ryu 7
ryu Documentation Release 330
226 Libraries
ryulibpacket
ryulibovs
ovsdb interaction library
ryulibof_config
OF-Config implementation
ryulibnetconf
NETCONF definitions used by ryulibof_config
ryulibxflow
An implementation of sFlow and NetFlow
227 Third party libraries
ryucontribovs
Open vSwitch python binding Used by ryulibovs
ryucontribosloconfig
Oslo configuration library Used for ryu-managerrsquos command-line options and configuration files
ryucontribncclient
Python library for NETCONF client Used by ryulibof_config
23 Ryu application API
231 Ryu application programming model
Threads events and event queues
Ryu applications are single-threaded entities which implement various functionalities in Ryu Events are messagesbetween them
Ryu applications send asynchronous events each other Besides that there are some Ryu-internal event sources whichare not Ryu applications One of examples of such event sources is OpenFlow controller While an event can currentlycontain arbitrary python objects itrsquos discouraged to pass complex objects (eg unpickleable objects) between Ryuapplications
8 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
Contents
Contents 1
ryu Documentation Release 330
2 Contents
CHAPTER 1
Getting Started
11 Whatrsquos Ryu
Ryu is a component-based software defined networking framework
Ryu provides software components with well defined API that make it easy for developers to create new network man-agement and control applications Ryu supports various protocols for managing network devices such as OpenFlowNetconf OF-config etc About OpenFlow Ryu supports fully 10 12 13 14 15 and Nicira Extensions
All of the code is freely available under the Apache 20 license Ryu is fully written in Python
12 Quick Start
Installing Ryu is quite easy
pip install ryu
If you prefer to install Ryu from the source code
git clone gitgithubcomosrgryugit cd ryu python setuppy install
If you want to write your Ryu application have a look at Writing ryu application document After writing yourapplication just type
ryu-manager yourapppy
13 Optional Requirements
Some functionalities of ryu requires extra packages
bull OF-Config requires lxml
bull NETCONF requires paramiko
bull BGP speaker (ssh console) requires paramiko
If you want to use the functionalities please install requirements
pip install lxml pip install paramiko
3
ryu Documentation Release 330
14 Support
Ryu Official site is httposrggithubioryu
If you have any questions suggestions and patches the mailing list is available at ryu-devel ML The ML archive atGmane is also available
4 Chapter 1 Getting Started
CHAPTER 2
Writing Your Ryu Application
21 The First Application
211 Whetting Your Appetite
If you want to manage the network gears (switches routers etc) at your way you need to write your Ryu applicationYour application tells Ryu how you want to manage the gears Then Ryu configures the gears by using OpenFlowprotocol etc
Writing Ryu application is easy Itrsquos just Python scripts
212 Start Writing
We show a Ryu application that make OpenFlow switches work as a dumb layer 2 switch
Open a text editor creating a new file with the following content
from ryubase import app_manager
class L2Switch(app_managerRyuApp)def __init__(self args kwargs)
super(L2Switch self)__init__(args kwargs)
Ryu application is just a Python script so you can save the file with any name extensions and any place you wantLetrsquos name the file lsquol2pyrsquo at your home directory
This application does nothing useful yet however itrsquos a complete Ryu application In fact you can run this Ryuapplication
ryu-manager ~l2pyloading app Usersfujital2pyinstantiating app Usersfujital2py
All you have to do is defining needs a new subclass of RyuApp to run your Python script as a Ryu application
Next letrsquos add the functionality of sending a received packet to all the ports
from ryubase import app_managerfrom ryucontroller import ofp_eventfrom ryucontrollerhandler import MAIN_DISPATCHERfrom ryucontrollerhandler import set_ev_cls
class L2Switch(app_managerRyuApp)
5
ryu Documentation Release 330
def __init__(self args kwargs)super(L2Switch self)__init__(args kwargs)
set_ev_cls(ofp_eventEventOFPPacketIn MAIN_DISPATCHER)def packet_in_handler(self ev)
msg = evmsgdp = msgdatapathofp = dpofprotoofp_parser = dpofproto_parser
actions = [ofp_parserOFPActionOutput(ofpOFPP_FLOOD)]out = ofp_parserOFPPacketOut(
datapath=dp buffer_id=msgbuffer_id in_port=msgin_portactions=actions)
dpsend_msg(out)
A new method lsquopacket_in_handlerrsquo is added to L2Switch class This is called when Ryu receives an OpenFlowpacket_in message The trick is lsquoset_ev_clsrsquo decorator This decorator tells Ryu when the decorated function shouldbe called
The first argument of the decorator indicates an event that makes function called As you expect easily every timeRyu gets a packet_in message this function is called
The second argument indicates the state of the switch Probably you want to ignore packet_in messages before thenegotiation between Ryu and the switch finishes Using lsquoMAIN_DISPATCHERrsquo as the second argument means thisfunction is called only after the negotiation completes
Next letrsquos look at the first half of the lsquopacket_in_handlerrsquo function
bull evmsg is an object that represents a packet_in data structure
bull msgdp is an object that represents a datapath (switch)
bull dpofproto and dpofproto_parser are objects that represent the OpenFlow protocol that Ryu and the switchnegotiated
Ready for the second half
bull OFPActionOutput class is used with a packet_out message to specify a switch port that you want to send thepacket out of This application need a switch to send out of all the ports so OFPP_FLOOD constant is used
bull OFPPacketOut class is used to build a packet_out message
bull If you call Datapath classrsquos send_msg method with a OpenFlow message class object Ryu builds and send theon-wire data format to the switch
Here you finished implementing your first Ryu application You are ready to run this Ryu application that doessomething useful
A dumb l2 switch is too dumb You want to implement a learning l2 switch Move to the next step You can learnfrom the existing Ryu applications at ryuapp directory and integrated tests directory
22 Components of Ryu
221 Executables
binryu-manager
The main executable
6 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
222 Base components
ryubaseapp_manager
223 OpenFlow controller
ryucontrollercontroller
ryucontrollerdpset
ryucontrollerofp_event
ryucontrollerofp_handler
224 OpenFlow wire protocol encoder and decoder
ryuofprotoofproto_v1_0
ryuofprotoofproto_v1_0_parser
ryuofprotoofproto_v1_2
ryuofprotoofproto_v1_2_parser
ryuofprotoofproto_v1_3
ryuofprotoofproto_v1_3_parser
ryuofprotoofproto_v1_4
ryuofprotoofproto_v1_4_parser
ryuofprotoofproto_v1_5
ryuofprotoofproto_v1_5_parser
225 Ryu applications
ryuappcbench
ryuappsimple_switch
ryutopology
Switch and link discovery module Planned to replace ryucontrollerdpset
22 Components of Ryu 7
ryu Documentation Release 330
226 Libraries
ryulibpacket
ryulibovs
ovsdb interaction library
ryulibof_config
OF-Config implementation
ryulibnetconf
NETCONF definitions used by ryulibof_config
ryulibxflow
An implementation of sFlow and NetFlow
227 Third party libraries
ryucontribovs
Open vSwitch python binding Used by ryulibovs
ryucontribosloconfig
Oslo configuration library Used for ryu-managerrsquos command-line options and configuration files
ryucontribncclient
Python library for NETCONF client Used by ryulibof_config
23 Ryu application API
231 Ryu application programming model
Threads events and event queues
Ryu applications are single-threaded entities which implement various functionalities in Ryu Events are messagesbetween them
Ryu applications send asynchronous events each other Besides that there are some Ryu-internal event sources whichare not Ryu applications One of examples of such event sources is OpenFlow controller While an event can currentlycontain arbitrary python objects itrsquos discouraged to pass complex objects (eg unpickleable objects) between Ryuapplications
8 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
2 Contents
CHAPTER 1
Getting Started
11 Whatrsquos Ryu
Ryu is a component-based software defined networking framework
Ryu provides software components with well defined API that make it easy for developers to create new network man-agement and control applications Ryu supports various protocols for managing network devices such as OpenFlowNetconf OF-config etc About OpenFlow Ryu supports fully 10 12 13 14 15 and Nicira Extensions
All of the code is freely available under the Apache 20 license Ryu is fully written in Python
12 Quick Start
Installing Ryu is quite easy
pip install ryu
If you prefer to install Ryu from the source code
git clone gitgithubcomosrgryugit cd ryu python setuppy install
If you want to write your Ryu application have a look at Writing ryu application document After writing yourapplication just type
ryu-manager yourapppy
13 Optional Requirements
Some functionalities of ryu requires extra packages
bull OF-Config requires lxml
bull NETCONF requires paramiko
bull BGP speaker (ssh console) requires paramiko
If you want to use the functionalities please install requirements
pip install lxml pip install paramiko
3
ryu Documentation Release 330
14 Support
Ryu Official site is httposrggithubioryu
If you have any questions suggestions and patches the mailing list is available at ryu-devel ML The ML archive atGmane is also available
4 Chapter 1 Getting Started
CHAPTER 2
Writing Your Ryu Application
21 The First Application
211 Whetting Your Appetite
If you want to manage the network gears (switches routers etc) at your way you need to write your Ryu applicationYour application tells Ryu how you want to manage the gears Then Ryu configures the gears by using OpenFlowprotocol etc
Writing Ryu application is easy Itrsquos just Python scripts
212 Start Writing
We show a Ryu application that make OpenFlow switches work as a dumb layer 2 switch
Open a text editor creating a new file with the following content
from ryubase import app_manager
class L2Switch(app_managerRyuApp)def __init__(self args kwargs)
super(L2Switch self)__init__(args kwargs)
Ryu application is just a Python script so you can save the file with any name extensions and any place you wantLetrsquos name the file lsquol2pyrsquo at your home directory
This application does nothing useful yet however itrsquos a complete Ryu application In fact you can run this Ryuapplication
ryu-manager ~l2pyloading app Usersfujital2pyinstantiating app Usersfujital2py
All you have to do is defining needs a new subclass of RyuApp to run your Python script as a Ryu application
Next letrsquos add the functionality of sending a received packet to all the ports
from ryubase import app_managerfrom ryucontroller import ofp_eventfrom ryucontrollerhandler import MAIN_DISPATCHERfrom ryucontrollerhandler import set_ev_cls
class L2Switch(app_managerRyuApp)
5
ryu Documentation Release 330
def __init__(self args kwargs)super(L2Switch self)__init__(args kwargs)
set_ev_cls(ofp_eventEventOFPPacketIn MAIN_DISPATCHER)def packet_in_handler(self ev)
msg = evmsgdp = msgdatapathofp = dpofprotoofp_parser = dpofproto_parser
actions = [ofp_parserOFPActionOutput(ofpOFPP_FLOOD)]out = ofp_parserOFPPacketOut(
datapath=dp buffer_id=msgbuffer_id in_port=msgin_portactions=actions)
dpsend_msg(out)
A new method lsquopacket_in_handlerrsquo is added to L2Switch class This is called when Ryu receives an OpenFlowpacket_in message The trick is lsquoset_ev_clsrsquo decorator This decorator tells Ryu when the decorated function shouldbe called
The first argument of the decorator indicates an event that makes function called As you expect easily every timeRyu gets a packet_in message this function is called
The second argument indicates the state of the switch Probably you want to ignore packet_in messages before thenegotiation between Ryu and the switch finishes Using lsquoMAIN_DISPATCHERrsquo as the second argument means thisfunction is called only after the negotiation completes
Next letrsquos look at the first half of the lsquopacket_in_handlerrsquo function
bull evmsg is an object that represents a packet_in data structure
bull msgdp is an object that represents a datapath (switch)
bull dpofproto and dpofproto_parser are objects that represent the OpenFlow protocol that Ryu and the switchnegotiated
Ready for the second half
bull OFPActionOutput class is used with a packet_out message to specify a switch port that you want to send thepacket out of This application need a switch to send out of all the ports so OFPP_FLOOD constant is used
bull OFPPacketOut class is used to build a packet_out message
bull If you call Datapath classrsquos send_msg method with a OpenFlow message class object Ryu builds and send theon-wire data format to the switch
Here you finished implementing your first Ryu application You are ready to run this Ryu application that doessomething useful
A dumb l2 switch is too dumb You want to implement a learning l2 switch Move to the next step You can learnfrom the existing Ryu applications at ryuapp directory and integrated tests directory
22 Components of Ryu
221 Executables
binryu-manager
The main executable
6 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
222 Base components
ryubaseapp_manager
223 OpenFlow controller
ryucontrollercontroller
ryucontrollerdpset
ryucontrollerofp_event
ryucontrollerofp_handler
224 OpenFlow wire protocol encoder and decoder
ryuofprotoofproto_v1_0
ryuofprotoofproto_v1_0_parser
ryuofprotoofproto_v1_2
ryuofprotoofproto_v1_2_parser
ryuofprotoofproto_v1_3
ryuofprotoofproto_v1_3_parser
ryuofprotoofproto_v1_4
ryuofprotoofproto_v1_4_parser
ryuofprotoofproto_v1_5
ryuofprotoofproto_v1_5_parser
225 Ryu applications
ryuappcbench
ryuappsimple_switch
ryutopology
Switch and link discovery module Planned to replace ryucontrollerdpset
22 Components of Ryu 7
ryu Documentation Release 330
226 Libraries
ryulibpacket
ryulibovs
ovsdb interaction library
ryulibof_config
OF-Config implementation
ryulibnetconf
NETCONF definitions used by ryulibof_config
ryulibxflow
An implementation of sFlow and NetFlow
227 Third party libraries
ryucontribovs
Open vSwitch python binding Used by ryulibovs
ryucontribosloconfig
Oslo configuration library Used for ryu-managerrsquos command-line options and configuration files
ryucontribncclient
Python library for NETCONF client Used by ryulibof_config
23 Ryu application API
231 Ryu application programming model
Threads events and event queues
Ryu applications are single-threaded entities which implement various functionalities in Ryu Events are messagesbetween them
Ryu applications send asynchronous events each other Besides that there are some Ryu-internal event sources whichare not Ryu applications One of examples of such event sources is OpenFlow controller While an event can currentlycontain arbitrary python objects itrsquos discouraged to pass complex objects (eg unpickleable objects) between Ryuapplications
8 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
CHAPTER 1
Getting Started
11 Whatrsquos Ryu
Ryu is a component-based software defined networking framework
Ryu provides software components with well defined API that make it easy for developers to create new network man-agement and control applications Ryu supports various protocols for managing network devices such as OpenFlowNetconf OF-config etc About OpenFlow Ryu supports fully 10 12 13 14 15 and Nicira Extensions
All of the code is freely available under the Apache 20 license Ryu is fully written in Python
12 Quick Start
Installing Ryu is quite easy
pip install ryu
If you prefer to install Ryu from the source code
git clone gitgithubcomosrgryugit cd ryu python setuppy install
If you want to write your Ryu application have a look at Writing ryu application document After writing yourapplication just type
ryu-manager yourapppy
13 Optional Requirements
Some functionalities of ryu requires extra packages
bull OF-Config requires lxml
bull NETCONF requires paramiko
bull BGP speaker (ssh console) requires paramiko
If you want to use the functionalities please install requirements
pip install lxml pip install paramiko
3
ryu Documentation Release 330
14 Support
Ryu Official site is httposrggithubioryu
If you have any questions suggestions and patches the mailing list is available at ryu-devel ML The ML archive atGmane is also available
4 Chapter 1 Getting Started
CHAPTER 2
Writing Your Ryu Application
21 The First Application
211 Whetting Your Appetite
If you want to manage the network gears (switches routers etc) at your way you need to write your Ryu applicationYour application tells Ryu how you want to manage the gears Then Ryu configures the gears by using OpenFlowprotocol etc
Writing Ryu application is easy Itrsquos just Python scripts
212 Start Writing
We show a Ryu application that make OpenFlow switches work as a dumb layer 2 switch
Open a text editor creating a new file with the following content
from ryubase import app_manager
class L2Switch(app_managerRyuApp)def __init__(self args kwargs)
super(L2Switch self)__init__(args kwargs)
Ryu application is just a Python script so you can save the file with any name extensions and any place you wantLetrsquos name the file lsquol2pyrsquo at your home directory
This application does nothing useful yet however itrsquos a complete Ryu application In fact you can run this Ryuapplication
ryu-manager ~l2pyloading app Usersfujital2pyinstantiating app Usersfujital2py
All you have to do is defining needs a new subclass of RyuApp to run your Python script as a Ryu application
Next letrsquos add the functionality of sending a received packet to all the ports
from ryubase import app_managerfrom ryucontroller import ofp_eventfrom ryucontrollerhandler import MAIN_DISPATCHERfrom ryucontrollerhandler import set_ev_cls
class L2Switch(app_managerRyuApp)
5
ryu Documentation Release 330
def __init__(self args kwargs)super(L2Switch self)__init__(args kwargs)
set_ev_cls(ofp_eventEventOFPPacketIn MAIN_DISPATCHER)def packet_in_handler(self ev)
msg = evmsgdp = msgdatapathofp = dpofprotoofp_parser = dpofproto_parser
actions = [ofp_parserOFPActionOutput(ofpOFPP_FLOOD)]out = ofp_parserOFPPacketOut(
datapath=dp buffer_id=msgbuffer_id in_port=msgin_portactions=actions)
dpsend_msg(out)
A new method lsquopacket_in_handlerrsquo is added to L2Switch class This is called when Ryu receives an OpenFlowpacket_in message The trick is lsquoset_ev_clsrsquo decorator This decorator tells Ryu when the decorated function shouldbe called
The first argument of the decorator indicates an event that makes function called As you expect easily every timeRyu gets a packet_in message this function is called
The second argument indicates the state of the switch Probably you want to ignore packet_in messages before thenegotiation between Ryu and the switch finishes Using lsquoMAIN_DISPATCHERrsquo as the second argument means thisfunction is called only after the negotiation completes
Next letrsquos look at the first half of the lsquopacket_in_handlerrsquo function
bull evmsg is an object that represents a packet_in data structure
bull msgdp is an object that represents a datapath (switch)
bull dpofproto and dpofproto_parser are objects that represent the OpenFlow protocol that Ryu and the switchnegotiated
Ready for the second half
bull OFPActionOutput class is used with a packet_out message to specify a switch port that you want to send thepacket out of This application need a switch to send out of all the ports so OFPP_FLOOD constant is used
bull OFPPacketOut class is used to build a packet_out message
bull If you call Datapath classrsquos send_msg method with a OpenFlow message class object Ryu builds and send theon-wire data format to the switch
Here you finished implementing your first Ryu application You are ready to run this Ryu application that doessomething useful
A dumb l2 switch is too dumb You want to implement a learning l2 switch Move to the next step You can learnfrom the existing Ryu applications at ryuapp directory and integrated tests directory
22 Components of Ryu
221 Executables
binryu-manager
The main executable
6 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
222 Base components
ryubaseapp_manager
223 OpenFlow controller
ryucontrollercontroller
ryucontrollerdpset
ryucontrollerofp_event
ryucontrollerofp_handler
224 OpenFlow wire protocol encoder and decoder
ryuofprotoofproto_v1_0
ryuofprotoofproto_v1_0_parser
ryuofprotoofproto_v1_2
ryuofprotoofproto_v1_2_parser
ryuofprotoofproto_v1_3
ryuofprotoofproto_v1_3_parser
ryuofprotoofproto_v1_4
ryuofprotoofproto_v1_4_parser
ryuofprotoofproto_v1_5
ryuofprotoofproto_v1_5_parser
225 Ryu applications
ryuappcbench
ryuappsimple_switch
ryutopology
Switch and link discovery module Planned to replace ryucontrollerdpset
22 Components of Ryu 7
ryu Documentation Release 330
226 Libraries
ryulibpacket
ryulibovs
ovsdb interaction library
ryulibof_config
OF-Config implementation
ryulibnetconf
NETCONF definitions used by ryulibof_config
ryulibxflow
An implementation of sFlow and NetFlow
227 Third party libraries
ryucontribovs
Open vSwitch python binding Used by ryulibovs
ryucontribosloconfig
Oslo configuration library Used for ryu-managerrsquos command-line options and configuration files
ryucontribncclient
Python library for NETCONF client Used by ryulibof_config
23 Ryu application API
231 Ryu application programming model
Threads events and event queues
Ryu applications are single-threaded entities which implement various functionalities in Ryu Events are messagesbetween them
Ryu applications send asynchronous events each other Besides that there are some Ryu-internal event sources whichare not Ryu applications One of examples of such event sources is OpenFlow controller While an event can currentlycontain arbitrary python objects itrsquos discouraged to pass complex objects (eg unpickleable objects) between Ryuapplications
8 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
14 Support
Ryu Official site is httposrggithubioryu
If you have any questions suggestions and patches the mailing list is available at ryu-devel ML The ML archive atGmane is also available
4 Chapter 1 Getting Started
CHAPTER 2
Writing Your Ryu Application
21 The First Application
211 Whetting Your Appetite
If you want to manage the network gears (switches routers etc) at your way you need to write your Ryu applicationYour application tells Ryu how you want to manage the gears Then Ryu configures the gears by using OpenFlowprotocol etc
Writing Ryu application is easy Itrsquos just Python scripts
212 Start Writing
We show a Ryu application that make OpenFlow switches work as a dumb layer 2 switch
Open a text editor creating a new file with the following content
from ryubase import app_manager
class L2Switch(app_managerRyuApp)def __init__(self args kwargs)
super(L2Switch self)__init__(args kwargs)
Ryu application is just a Python script so you can save the file with any name extensions and any place you wantLetrsquos name the file lsquol2pyrsquo at your home directory
This application does nothing useful yet however itrsquos a complete Ryu application In fact you can run this Ryuapplication
ryu-manager ~l2pyloading app Usersfujital2pyinstantiating app Usersfujital2py
All you have to do is defining needs a new subclass of RyuApp to run your Python script as a Ryu application
Next letrsquos add the functionality of sending a received packet to all the ports
from ryubase import app_managerfrom ryucontroller import ofp_eventfrom ryucontrollerhandler import MAIN_DISPATCHERfrom ryucontrollerhandler import set_ev_cls
class L2Switch(app_managerRyuApp)
5
ryu Documentation Release 330
def __init__(self args kwargs)super(L2Switch self)__init__(args kwargs)
set_ev_cls(ofp_eventEventOFPPacketIn MAIN_DISPATCHER)def packet_in_handler(self ev)
msg = evmsgdp = msgdatapathofp = dpofprotoofp_parser = dpofproto_parser
actions = [ofp_parserOFPActionOutput(ofpOFPP_FLOOD)]out = ofp_parserOFPPacketOut(
datapath=dp buffer_id=msgbuffer_id in_port=msgin_portactions=actions)
dpsend_msg(out)
A new method lsquopacket_in_handlerrsquo is added to L2Switch class This is called when Ryu receives an OpenFlowpacket_in message The trick is lsquoset_ev_clsrsquo decorator This decorator tells Ryu when the decorated function shouldbe called
The first argument of the decorator indicates an event that makes function called As you expect easily every timeRyu gets a packet_in message this function is called
The second argument indicates the state of the switch Probably you want to ignore packet_in messages before thenegotiation between Ryu and the switch finishes Using lsquoMAIN_DISPATCHERrsquo as the second argument means thisfunction is called only after the negotiation completes
Next letrsquos look at the first half of the lsquopacket_in_handlerrsquo function
bull evmsg is an object that represents a packet_in data structure
bull msgdp is an object that represents a datapath (switch)
bull dpofproto and dpofproto_parser are objects that represent the OpenFlow protocol that Ryu and the switchnegotiated
Ready for the second half
bull OFPActionOutput class is used with a packet_out message to specify a switch port that you want to send thepacket out of This application need a switch to send out of all the ports so OFPP_FLOOD constant is used
bull OFPPacketOut class is used to build a packet_out message
bull If you call Datapath classrsquos send_msg method with a OpenFlow message class object Ryu builds and send theon-wire data format to the switch
Here you finished implementing your first Ryu application You are ready to run this Ryu application that doessomething useful
A dumb l2 switch is too dumb You want to implement a learning l2 switch Move to the next step You can learnfrom the existing Ryu applications at ryuapp directory and integrated tests directory
22 Components of Ryu
221 Executables
binryu-manager
The main executable
6 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
222 Base components
ryubaseapp_manager
223 OpenFlow controller
ryucontrollercontroller
ryucontrollerdpset
ryucontrollerofp_event
ryucontrollerofp_handler
224 OpenFlow wire protocol encoder and decoder
ryuofprotoofproto_v1_0
ryuofprotoofproto_v1_0_parser
ryuofprotoofproto_v1_2
ryuofprotoofproto_v1_2_parser
ryuofprotoofproto_v1_3
ryuofprotoofproto_v1_3_parser
ryuofprotoofproto_v1_4
ryuofprotoofproto_v1_4_parser
ryuofprotoofproto_v1_5
ryuofprotoofproto_v1_5_parser
225 Ryu applications
ryuappcbench
ryuappsimple_switch
ryutopology
Switch and link discovery module Planned to replace ryucontrollerdpset
22 Components of Ryu 7
ryu Documentation Release 330
226 Libraries
ryulibpacket
ryulibovs
ovsdb interaction library
ryulibof_config
OF-Config implementation
ryulibnetconf
NETCONF definitions used by ryulibof_config
ryulibxflow
An implementation of sFlow and NetFlow
227 Third party libraries
ryucontribovs
Open vSwitch python binding Used by ryulibovs
ryucontribosloconfig
Oslo configuration library Used for ryu-managerrsquos command-line options and configuration files
ryucontribncclient
Python library for NETCONF client Used by ryulibof_config
23 Ryu application API
231 Ryu application programming model
Threads events and event queues
Ryu applications are single-threaded entities which implement various functionalities in Ryu Events are messagesbetween them
Ryu applications send asynchronous events each other Besides that there are some Ryu-internal event sources whichare not Ryu applications One of examples of such event sources is OpenFlow controller While an event can currentlycontain arbitrary python objects itrsquos discouraged to pass complex objects (eg unpickleable objects) between Ryuapplications
8 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
CHAPTER 2
Writing Your Ryu Application
21 The First Application
211 Whetting Your Appetite
If you want to manage the network gears (switches routers etc) at your way you need to write your Ryu applicationYour application tells Ryu how you want to manage the gears Then Ryu configures the gears by using OpenFlowprotocol etc
Writing Ryu application is easy Itrsquos just Python scripts
212 Start Writing
We show a Ryu application that make OpenFlow switches work as a dumb layer 2 switch
Open a text editor creating a new file with the following content
from ryubase import app_manager
class L2Switch(app_managerRyuApp)def __init__(self args kwargs)
super(L2Switch self)__init__(args kwargs)
Ryu application is just a Python script so you can save the file with any name extensions and any place you wantLetrsquos name the file lsquol2pyrsquo at your home directory
This application does nothing useful yet however itrsquos a complete Ryu application In fact you can run this Ryuapplication
ryu-manager ~l2pyloading app Usersfujital2pyinstantiating app Usersfujital2py
All you have to do is defining needs a new subclass of RyuApp to run your Python script as a Ryu application
Next letrsquos add the functionality of sending a received packet to all the ports
from ryubase import app_managerfrom ryucontroller import ofp_eventfrom ryucontrollerhandler import MAIN_DISPATCHERfrom ryucontrollerhandler import set_ev_cls
class L2Switch(app_managerRyuApp)
5
ryu Documentation Release 330
def __init__(self args kwargs)super(L2Switch self)__init__(args kwargs)
set_ev_cls(ofp_eventEventOFPPacketIn MAIN_DISPATCHER)def packet_in_handler(self ev)
msg = evmsgdp = msgdatapathofp = dpofprotoofp_parser = dpofproto_parser
actions = [ofp_parserOFPActionOutput(ofpOFPP_FLOOD)]out = ofp_parserOFPPacketOut(
datapath=dp buffer_id=msgbuffer_id in_port=msgin_portactions=actions)
dpsend_msg(out)
A new method lsquopacket_in_handlerrsquo is added to L2Switch class This is called when Ryu receives an OpenFlowpacket_in message The trick is lsquoset_ev_clsrsquo decorator This decorator tells Ryu when the decorated function shouldbe called
The first argument of the decorator indicates an event that makes function called As you expect easily every timeRyu gets a packet_in message this function is called
The second argument indicates the state of the switch Probably you want to ignore packet_in messages before thenegotiation between Ryu and the switch finishes Using lsquoMAIN_DISPATCHERrsquo as the second argument means thisfunction is called only after the negotiation completes
Next letrsquos look at the first half of the lsquopacket_in_handlerrsquo function
bull evmsg is an object that represents a packet_in data structure
bull msgdp is an object that represents a datapath (switch)
bull dpofproto and dpofproto_parser are objects that represent the OpenFlow protocol that Ryu and the switchnegotiated
Ready for the second half
bull OFPActionOutput class is used with a packet_out message to specify a switch port that you want to send thepacket out of This application need a switch to send out of all the ports so OFPP_FLOOD constant is used
bull OFPPacketOut class is used to build a packet_out message
bull If you call Datapath classrsquos send_msg method with a OpenFlow message class object Ryu builds and send theon-wire data format to the switch
Here you finished implementing your first Ryu application You are ready to run this Ryu application that doessomething useful
A dumb l2 switch is too dumb You want to implement a learning l2 switch Move to the next step You can learnfrom the existing Ryu applications at ryuapp directory and integrated tests directory
22 Components of Ryu
221 Executables
binryu-manager
The main executable
6 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
222 Base components
ryubaseapp_manager
223 OpenFlow controller
ryucontrollercontroller
ryucontrollerdpset
ryucontrollerofp_event
ryucontrollerofp_handler
224 OpenFlow wire protocol encoder and decoder
ryuofprotoofproto_v1_0
ryuofprotoofproto_v1_0_parser
ryuofprotoofproto_v1_2
ryuofprotoofproto_v1_2_parser
ryuofprotoofproto_v1_3
ryuofprotoofproto_v1_3_parser
ryuofprotoofproto_v1_4
ryuofprotoofproto_v1_4_parser
ryuofprotoofproto_v1_5
ryuofprotoofproto_v1_5_parser
225 Ryu applications
ryuappcbench
ryuappsimple_switch
ryutopology
Switch and link discovery module Planned to replace ryucontrollerdpset
22 Components of Ryu 7
ryu Documentation Release 330
226 Libraries
ryulibpacket
ryulibovs
ovsdb interaction library
ryulibof_config
OF-Config implementation
ryulibnetconf
NETCONF definitions used by ryulibof_config
ryulibxflow
An implementation of sFlow and NetFlow
227 Third party libraries
ryucontribovs
Open vSwitch python binding Used by ryulibovs
ryucontribosloconfig
Oslo configuration library Used for ryu-managerrsquos command-line options and configuration files
ryucontribncclient
Python library for NETCONF client Used by ryulibof_config
23 Ryu application API
231 Ryu application programming model
Threads events and event queues
Ryu applications are single-threaded entities which implement various functionalities in Ryu Events are messagesbetween them
Ryu applications send asynchronous events each other Besides that there are some Ryu-internal event sources whichare not Ryu applications One of examples of such event sources is OpenFlow controller While an event can currentlycontain arbitrary python objects itrsquos discouraged to pass complex objects (eg unpickleable objects) between Ryuapplications
8 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
def __init__(self args kwargs)super(L2Switch self)__init__(args kwargs)
set_ev_cls(ofp_eventEventOFPPacketIn MAIN_DISPATCHER)def packet_in_handler(self ev)
msg = evmsgdp = msgdatapathofp = dpofprotoofp_parser = dpofproto_parser
actions = [ofp_parserOFPActionOutput(ofpOFPP_FLOOD)]out = ofp_parserOFPPacketOut(
datapath=dp buffer_id=msgbuffer_id in_port=msgin_portactions=actions)
dpsend_msg(out)
A new method lsquopacket_in_handlerrsquo is added to L2Switch class This is called when Ryu receives an OpenFlowpacket_in message The trick is lsquoset_ev_clsrsquo decorator This decorator tells Ryu when the decorated function shouldbe called
The first argument of the decorator indicates an event that makes function called As you expect easily every timeRyu gets a packet_in message this function is called
The second argument indicates the state of the switch Probably you want to ignore packet_in messages before thenegotiation between Ryu and the switch finishes Using lsquoMAIN_DISPATCHERrsquo as the second argument means thisfunction is called only after the negotiation completes
Next letrsquos look at the first half of the lsquopacket_in_handlerrsquo function
bull evmsg is an object that represents a packet_in data structure
bull msgdp is an object that represents a datapath (switch)
bull dpofproto and dpofproto_parser are objects that represent the OpenFlow protocol that Ryu and the switchnegotiated
Ready for the second half
bull OFPActionOutput class is used with a packet_out message to specify a switch port that you want to send thepacket out of This application need a switch to send out of all the ports so OFPP_FLOOD constant is used
bull OFPPacketOut class is used to build a packet_out message
bull If you call Datapath classrsquos send_msg method with a OpenFlow message class object Ryu builds and send theon-wire data format to the switch
Here you finished implementing your first Ryu application You are ready to run this Ryu application that doessomething useful
A dumb l2 switch is too dumb You want to implement a learning l2 switch Move to the next step You can learnfrom the existing Ryu applications at ryuapp directory and integrated tests directory
22 Components of Ryu
221 Executables
binryu-manager
The main executable
6 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
222 Base components
ryubaseapp_manager
223 OpenFlow controller
ryucontrollercontroller
ryucontrollerdpset
ryucontrollerofp_event
ryucontrollerofp_handler
224 OpenFlow wire protocol encoder and decoder
ryuofprotoofproto_v1_0
ryuofprotoofproto_v1_0_parser
ryuofprotoofproto_v1_2
ryuofprotoofproto_v1_2_parser
ryuofprotoofproto_v1_3
ryuofprotoofproto_v1_3_parser
ryuofprotoofproto_v1_4
ryuofprotoofproto_v1_4_parser
ryuofprotoofproto_v1_5
ryuofprotoofproto_v1_5_parser
225 Ryu applications
ryuappcbench
ryuappsimple_switch
ryutopology
Switch and link discovery module Planned to replace ryucontrollerdpset
22 Components of Ryu 7
ryu Documentation Release 330
226 Libraries
ryulibpacket
ryulibovs
ovsdb interaction library
ryulibof_config
OF-Config implementation
ryulibnetconf
NETCONF definitions used by ryulibof_config
ryulibxflow
An implementation of sFlow and NetFlow
227 Third party libraries
ryucontribovs
Open vSwitch python binding Used by ryulibovs
ryucontribosloconfig
Oslo configuration library Used for ryu-managerrsquos command-line options and configuration files
ryucontribncclient
Python library for NETCONF client Used by ryulibof_config
23 Ryu application API
231 Ryu application programming model
Threads events and event queues
Ryu applications are single-threaded entities which implement various functionalities in Ryu Events are messagesbetween them
Ryu applications send asynchronous events each other Besides that there are some Ryu-internal event sources whichare not Ryu applications One of examples of such event sources is OpenFlow controller While an event can currentlycontain arbitrary python objects itrsquos discouraged to pass complex objects (eg unpickleable objects) between Ryuapplications
8 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
222 Base components
ryubaseapp_manager
223 OpenFlow controller
ryucontrollercontroller
ryucontrollerdpset
ryucontrollerofp_event
ryucontrollerofp_handler
224 OpenFlow wire protocol encoder and decoder
ryuofprotoofproto_v1_0
ryuofprotoofproto_v1_0_parser
ryuofprotoofproto_v1_2
ryuofprotoofproto_v1_2_parser
ryuofprotoofproto_v1_3
ryuofprotoofproto_v1_3_parser
ryuofprotoofproto_v1_4
ryuofprotoofproto_v1_4_parser
ryuofprotoofproto_v1_5
ryuofprotoofproto_v1_5_parser
225 Ryu applications
ryuappcbench
ryuappsimple_switch
ryutopology
Switch and link discovery module Planned to replace ryucontrollerdpset
22 Components of Ryu 7
ryu Documentation Release 330
226 Libraries
ryulibpacket
ryulibovs
ovsdb interaction library
ryulibof_config
OF-Config implementation
ryulibnetconf
NETCONF definitions used by ryulibof_config
ryulibxflow
An implementation of sFlow and NetFlow
227 Third party libraries
ryucontribovs
Open vSwitch python binding Used by ryulibovs
ryucontribosloconfig
Oslo configuration library Used for ryu-managerrsquos command-line options and configuration files
ryucontribncclient
Python library for NETCONF client Used by ryulibof_config
23 Ryu application API
231 Ryu application programming model
Threads events and event queues
Ryu applications are single-threaded entities which implement various functionalities in Ryu Events are messagesbetween them
Ryu applications send asynchronous events each other Besides that there are some Ryu-internal event sources whichare not Ryu applications One of examples of such event sources is OpenFlow controller While an event can currentlycontain arbitrary python objects itrsquos discouraged to pass complex objects (eg unpickleable objects) between Ryuapplications
8 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
226 Libraries
ryulibpacket
ryulibovs
ovsdb interaction library
ryulibof_config
OF-Config implementation
ryulibnetconf
NETCONF definitions used by ryulibof_config
ryulibxflow
An implementation of sFlow and NetFlow
227 Third party libraries
ryucontribovs
Open vSwitch python binding Used by ryulibovs
ryucontribosloconfig
Oslo configuration library Used for ryu-managerrsquos command-line options and configuration files
ryucontribncclient
Python library for NETCONF client Used by ryulibof_config
23 Ryu application API
231 Ryu application programming model
Threads events and event queues
Ryu applications are single-threaded entities which implement various functionalities in Ryu Events are messagesbetween them
Ryu applications send asynchronous events each other Besides that there are some Ryu-internal event sources whichare not Ryu applications One of examples of such event sources is OpenFlow controller While an event can currentlycontain arbitrary python objects itrsquos discouraged to pass complex objects (eg unpickleable objects) between Ryuapplications
8 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
Each Ryu application has a receive queue for events The queue is FIFO and preserves the order of events Each Ryuapplication has a thread for event processing The thread keep draining the receive queue by dequeueing an event andcalling the appropritate event handler for the event type Because the event handler is called in the context of the eventprocessing thread it should be careful for blocking Ie while an event handler is blocked no further events for theRyu application will be processed
There are kinds of events which are used to implement synchronous inter-application calls between Ryu applicationsWhile such requests uses the same machinary as ordinary events their replies are put on a queue dedicated to thetransaction to avoid deadlock
While threads and queues is currently implemented with eventletgreenlet a direct use of them in a Ryu application isstrongly discouraged
Contexts
Contexts are ordinary python objects shared among Ryu applications The use of contexts are discouraged for newcode
232 Create a Ryu application
A Ryu application is a python module which defines a subclass of ryubaseapp_managerRyuApp If two or moresuch classes are defined in a module the first one (by name order) will be picked by app_manager Ryu application issingleton only single instance of a given Ryu application is supported
233 Observe events
A Ryu application can register itself to listen for specific events using ryucontrollerhandlerset_ev_cls decorator
234 Generate events
A Ryu application can raise events by calling appropriate ryubaseapp_managerRyuApprsquos methods like send_eventor send_event_to_observers
235 Event classes
An event class describes a Ryu event generated in the system By convention event class names are prefixed byldquoEventrdquo Events are generated either by the core part of Ryu or Ryu applications A Ryu application can register itsinterest for a specific type of event by providing a handler method using ryucontrollerhandlerset_ev_cls decorator
OpenFlow event classes
ryucontrollerofp_event module exports event classes which describe receptions of OpenFlow messages from con-nected switches By convention they are named as ryucontrollerofp_eventEventOFPxxxx where xxxx is the nameof the corresponding OpenFlow message For example EventOFPPacketIn for packet-in message The OpenFlowcontroller part of Ryu automatically decodes OpenFlow messages received from switches and send these events toRyu applications which expressed an interest using ryucontrollerhandlerset_ev_cls OpenFlow event classes have atleast the following attributes
23 Ryu application API 9
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
Attribute Descriptionmsg An object which describes the corresponding OpenFlow messagemsgdatapath A ryucontrollercontrollerDatapath instance which describes an OpenFlow switch from which
we received this OpenFlow message
The msg object has some more additional members whose values are extracted from the original OpenFlow messageSee OpenFlow protocol API Reference for more info about OpenFlow messages
236 ryubaseapp_managerRyuApp
See Ryu API Reference
237 ryucontrollerhandlerset_ev_cls(ev_cls dispatchers=None)
A decorator for Ryu application to declare an event handler Decorated method will become an event handler ev_clsis an event class whose instances this RyuApp wants to receive dispatchers argument specifies one of the followingnegotiation phases (or a list of them) for which events should be generated for this handler Note that in case an eventchanges the phase the phase before the change is used to check the interest
Negotiation phase DescriptionryucontrollerhandlerHANDSHAKE_DISPATCHER Sending and waiting for hello messageryucontrollerhandlerCONFIG_DISPATCHER Version negotiated and sent features-request messageryucontrollerhandlerMAIN_DISPATCHER Switch-features message received and sent set-config
messageryucontrollerhandlerDEAD_DISPATCHER Disconnect from the peer Or disconnecting due to some
unrecoverable errors
238 ryucontrollercontrollerDatapath
A class to describe an OpenFlow switch connected to this controller An instance has the following attributes
10 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
Attribute Descriptionid 64-bit OpenFlow Datapath ID Only available for
ryucontrollerhandlerMAIN_DISPATCHER phaseofproto A module which exports OpenFlow definitions mainly constants
appeared in the specification for the negotiated OpenFlow version Forexample ryuofprotoofproto_v1_0 for OpenFlow 10
ofproto_parser A module which exports OpenFlow wire message encoder and decoderfor the negotiated OpenFlow version For exampleryuofprotoofproto_v1_0_parser for OpenFlow 10
ofproto_parserOFPxxxx(datapath ) A callable to prepare an OpenFlow message for the given switch It canbe sent with Datapathsend_msg later xxxx is a name of the messageFor example OFPFlowMod for flow-mod message Arguemnts dependon the message
set_xid(self msg) Generate an OpenFlow XID and put it in msgxidsend_msg(self msg) Queue an OpenFlow message to send to the corresponding switch If
msgxid is None set_xid is automatically called on the message beforequeueing
send_packet_out deprecatedsend_flow_mod deprecatedsend_flow_del deprecatedsend_delete_all_flows deprecatedsend_barrier Queue an OpenFlow barrier message to send to the switchsend_nxt_set_flow_format deprecatedis_reserved_port deprecated
239 ryucontrollereventEventBase
The base of all event classes A Ryu application can define its own event type by creating a subclass
2310 ryucontrollereventEventRequestBase
The base class for synchronous request for RyuAppsend_request
2311 ryucontrollereventEventReplyBase
The base class for synchronous request reply for RyuAppsend_reply
2312 ryucontrollerofp_eventEventOFPStateChange
An event class for negotiation phase change notification An instance of this class is sent to observer after changingthe negotiation phase An instance has at least the following attributes
Attribute Descriptiondatapath ryucontrollercontrollerDatapath instance of the switch
2313 ryucontrollerdpsetEventDP
An event class to notify connectdisconnect of a switch For OpenFlow switches one can get the same notification byobserving ryucontrollerofp_eventEventOFPStateChange An instance has at least the following attributes
23 Ryu application API 11
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchenter True when the switch connected to our controller False for disconnect
2314 ryucontrollerdpsetEventPortAdd
An event class for switch port status notification This event is generated when a new port is added to a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2315 ryucontrollerdpsetEventPortDelete
An event class for switch port status notification This event is generated when a port is removed from a switch ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2316 ryucontrollerdpsetEventPortModify
An event class for switch port status notification This event is generated when some attribute of a port is changed ForOpenFlow switches one can get the same notification by observing ryucontrollerofp_eventEventOFPPortStatus Aninstance has at least the following attributes
Attribute Descriptiondp A ryucontrollercontrollerDatapath instance of the switchport port number
2317 ryucontrollernetworkEventNetworkPort
An event class for notification of port arrival and deperture This event is generated when a port is introduced to orremoved from a network by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portadd_del True for adding a port False for removing a port
2318 ryucontrollernetworkEventNetworkDel
An event class for network deletion This event is generated when a network is deleted by the REST API An instancehas at least the following attributes
Attribute Descriptionnetwork_id Network ID
12 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
2319 ryucontrollernetworkEventMacAddress
An event class for end-point MAC address registration This event is generated when a end-point MAC address isupdated by the REST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDdpid OpenFlow Datapath ID of the switch to which the port belongsport_no OpenFlow port number of the portmac_address The old MAC address of the port if add_del is False Otherwise the new MAC addressadd_del False if this event is a result of a port removal Otherwise True
2320 ryucontrollertunnelsEventTunnelKeyAdd
An event class for tunnel key registration This event is generated when a tunnel key is registered or updated by theREST API An instance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2321 ryucontrollertunnelsEventTunnelKeyDel
An event class for tunnel key registration This event is generated when a tunnel key is removed by the REST API Aninstance has at least the following attributes
Attribute Descriptionnetwork_id Network IDtunnel_key Tunnel Key
2322 ryucontrollertunnelsEventTunnelPort
An event class for tunnel port registration This event is generated when a tunnel port is added or removed by theREST API An instance has at least the following attributes
Attribute Descriptiondpid OpenFlow Datapath IDport_no OpenFlow port numberremote_dpid OpenFlow port number of the tunnel peeradd_del True for adding a tunnel False for removal
24 Library
Ryu provides some useful library for your network applications
24 Library 13
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
241 Packet library
Introduction
Ryu packet library helps you to parse and build various protocol packets dpkt is the popular library for the samepurpose however it is not designed to handle protocols that are interleaved vlan mpls gre etc So we implementedour own packet library
Network Addresses
Unless otherwise specified MACIPv4IPv6 addresses are specified using human readable strings for this library Forexample lsquo08606e7f74e7rsquo lsquo192021rsquo lsquofe80a606efffe7f74e7rsquo
Parsing Packet
First letrsquos look at how we can use the library to parse the received packets in a handler for OFPPacketIn messages
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pktprotocols
print p
You can create a Packet class instance with the received raw data Then the packet library parses the data and createsprotocol class instances included the data The packet class lsquoprotocolsrsquo has the protocol class instances
If a TCP packet is received something like the following is printed
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketvlanvlan object at 0x107a5d7d0gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
If vlan is not used you see something like
ltryulibpacketethernetethernet object at 0x107a5d790gtltryulibpacketipv4ipv4 object at 0x107a5d810gtltryulibpackettcptcp object at 0x107a5d850gt
You can access to a specific protocol class instance by using the packet class iterator Letrsquos try to check VLAN id ifVLAN is used
from ryulibpacket import packet
handlerset_ev_cls(ofp_eventEventOFPPacketIn handlerMAIN_DISPATCHER)def packet_in_handler(self ev)
pkt = packetPacket(arrayarray(B evmsgdata))for p in pkt
print pprotocol_name pif pprotocol_name == vlan
print vid = pvid
You see something like
14 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
ethernet ltryulibpacketethernetethernet object at 0x107a5d790gtvlan ltryulibpacketvlanvlan object at 0x107a5d7d0gtvid = 10ipv4 ltryulibpacketipv4ipv4 object at 0x107a5d810gttcp ltryulibpackettcptcp object at 0x107a5d850gt
Building Packet
You need to create protocol class instances that you want to send add them to a packet class instance via add_protocolmethod and then call serialize method You have the raw data to send The following example is building an arppacket
from ryuofproto import etherfrom ryulibpacket import ethernet arp packet
e = ethernetethernet(dst=ffffffffffffsrc=08606e7f74e7ethertype=etherETH_TYPE_ARP)
a = arparp(hwtype=1 proto=0x0800 hlen=6 plen=4 opcode=2src_mac=08606e7f74e7 src_ip=192021dst_mac=000000000000 dst_ip=192022)
p = packetPacket()padd_protocol(e)padd_protocol(a)pserialize()print repr(pdata) the on-wire packet
242 Packet library API Reference
Packet class
Stream Parser class
Protocol Header classes
243 OF-Config support
Ryu has a library for OF-Config support
XML schema files for NETCONFIG and OFConfig
XML schema files for NETCONF and OFConfig are stolen from LINC whose licence is Apache 20 It supports onlypart of OFConfig so that its schema files are (intentionally) limited such that operation attributes are allowed only inseveral limited places Once our library is tested with other OFConfig switches the schema files should be updated toallow operation attribute in more places
References
bull NETCONF ietf
bull NETCONF ietf wiki
24 Library 15
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
bull OF-Config spec
bull ncclient
bull ncclient repo
bull LINC git repo
244 BGP speaker library
Introduction
Ryu BGP speaker library helps you to enable your code to speak BGP protocol The library supports ipv4 ipv4 vpnand ipv6 vpn address families
Example
The following simple code creates a BGP instance with AS number 64512 and Router ID 10001 It tries to establish abgp session with a peer (its IP is 19216817732 and the AS number is 64513) The instance advertizes some prefixes
import eventlet
BGPSpeaker needs sockets patchedeventletmonkey_patch()
initialize a log handler this is not strictly necessary but useful if you get messages like No handlers could be found for logger ryulibhubimport loggingimport syslog = logginggetLogger()logaddHandler(loggingStreamHandler(sysstderr))
from ryuservicesprotocolsbgpbgpspeaker import BGPSpeaker
def dump_remote_best_path_change(event)print the best path changed eventremote_as eventprefix
eventnexthop eventis_withdraw
def detect_peer_down(remote_ip remote_as)print Peer down remote_ip remote_as
if __name__ == __main__speaker = BGPSpeaker(as_number=64512 router_id=10001
best_path_change_handler=dump_remote_best_path_changepeer_down_handler=detect_peer_down)
speakerneighbor_add(19216817732 64513) uncomment the below line if the speaker needs to talk with a bmp server speakerbmp_server_add(1921681772 11019)count = 1while True
eventletsleep(30)prefix = 1020 + str(count) + 024print add a new prefix prefixspeakerprefix_add(prefix)count += 1
16 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
if count == 4speakershutdown()break
245 BGP speaker library API Reference
BGPSpeaker class
246 OVSDB Manager library
Introduction
Ryu OVSDB Manager library allows your code to interact with devices speaking the OVSDB protocol This enablesyour code to perform remote management of the devices and react to topology changes on them
Example
The following logs all new OVSDB connections and allows creating a port on a bridge
import uuid
from ryubase import app_managerfrom ryuservicesprotocolsovsdb import api as ovsdbfrom ryuservicesprotocolsovsdb import event as ovsdb_event
class MyApp(app_managerRyuApp)set_ev_cls(ovsdb_eventEventNewOVSDBConnection)def handle_new_ovsdb_connection(self ev)
system_id = evsystem_idselfloggerinfo(New OVSDB connection from system id s
systemd_id)
def create_port(self systemd_id bridge_name name)new_iface_uuid = uuiduuid4()new_port_uuid = uuiduuid4()
def _create_port(tables insert)bridge = ovsdbrow_by_name(self system_id bridge_name)
iface = insert(tables[Interface] new_iface_uuid)ifacename = nameifacetype = internal
port = insert(tables[Port] new_port_uuid)portname = nameportinterfaces = [iface]
brdigeports = bridfeports + [port]
return (new_port_uuid new_iface_uuid)
req = ovsdb_eventEventModifyRequest(system_id _create_port)rep = selfsend_request(req)
24 Library 17
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
if repstatus = successselfloggererror(Error creating port s on bridge s s
name bridge repstatus)return None
return replyinsert_uuid[new_port_uuid]
18 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-
ryu Documentation Release 330
24 Library 19
ryu Documentation Release 330
25 OpenFlow protocol API Reference
251 OpenFlow version independent classes and functions
Base class for OpenFlow messages
Functions
252 OpenFlow v10 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Queue Configuration Messages
Read State Messages
Send Packet Message
Barrier Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Vendor
Port Structures
Flow Match Structure
Action Structures
253 OpenFlow v12 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Read State Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
254 OpenFlow v13 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Flow Table Configuration
Modify State Messages
Multipart Messages
Queue Configuration Messages
Packet-Out Message
Barrier Message
Role Request Message
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Error Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
255 OpenFlow v14 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Instruction Structures
Action Structures
256 OpenFlow v15 Messages and Structures
Controller-to-Switch Messages
Handshake
Switch Configuration
Modify State Messages
Multipart Messages
Packet-Out Message
Barrier Message
Role Request Message
Bundle Messages
Set Asynchronous Configuration Message
Asynchronous Messages
Packet-In Message
Flow Removed Message
Port Status Message
Controller Role Status Message
Table Status Message
Request Forward Message
Controller Status Message
Symmetric Messages
Hello
Echo Request
Echo Reply
Error Message
Experimenter
Port Structures
Flow Match Structure
Flow Stats Structures
Flow Instruction Structures
Action Structures
Controller Status Structure
26 Nicira Extension Structures
261 Nicira Extension Actions Structures
The followings shows the supported NXAction classes in OF13 but also available in OF12+
20 Chapter 2 Writing Your Ryu Application
ryu Documentation Release 330
262 Nicira Extended Match Structures
27 Ryu API Reference
27 Ryu API Reference 21
ryu Documentation Release 330
22 Chapter 2 Writing Your Ryu Application
CHAPTER 3
Configuration
31 Setup TLS Connection
If you want to use secure channel to connect OpenFlow switches you need to use TLS connection This documentdescribes how to setup Ryu to connect to the Open vSwitch over TLS
311 Configuring a Public Key Infrastructure
If you donrsquot have a PKI the ovs-pki script included with Open vSwitch can help you This section is based on theINSTALLSSL in the Open vSwitch source code
NOTE How to install Open vSwitch isnrsquot described in this document Please refer to the Open vSwitch documents
Create a PKI by using ovs-pki script
ovs-pki init(Default directory is usrlocalvarlibopenvswitchpki)
The pki directory consists of controllerca and switchca subdirectories Each directory contains CA files
Create a controller private key and certificate
ovs-pki req+sign ctl controller
ctl-privkeypem and ctl-certpem are generated in the current directory
Create a switch private key and certificate
ovs-pki req+sign sc switch
sc-privkeypem and sc-certpem are generated in the current directory
312 Testing TLS Connection
Configuring ovs-vswitchd to use CA files using the ovs-vsctl ldquoset-sslrdquo command eg
ovs-vsctl set-ssl etcopenvswitchsc-privkeypem etcopenvswitchsc-certpem usrlocalvarlibopenvswitchpkicontrollercacacertpem
ovs-vsctl add-br br0 ovs-vsctl set-controller br0 ssl1270016633
23
ryu Documentation Release 330
Substitute the correct file names if they differ from the ones used above You should use absolute file names
Run Ryu with CA files
ryu-manager --ctl-privkey ctl-privkeypem --ctl-cert ctl-certpem --ca-certs usrlocalvarlibopenvswitchpkiswitchcacacertpem --verbose
You can see something like
loading app ryucontrollerofp_handlerinstantiating app ryucontrollerofp_handlerBRICK ofp_event
CONSUMES EventOFPSwitchFeaturesCONSUMES EventOFPErrorMsgCONSUMES EventOFPHelloCONSUMES EventOFPEchoRequest
connected socketltSSLSocket fileno=4 sock=1270016633 peer=12700161302gt address(127001 61302)hello ev ltryucontrollerofp_eventEventOFPHello object at 0x1047806d0gtmove onto config modeswitch features ev version 0x1 msg_type 0x6 xid 0xb0bb34e5 port OFPPhyPort(port_no=65534 hw_addr=x16xdcxa2xe2K name=br0x00x00x00x00x00x00x00x00x00x00x00x00x00 config=0 state=0 curr=0 advertised=0 supported=0 peer=0)move onto main mode
32 Topology Viewer
ryuappgui_topologygui_topology provides topology visualization
This depends on following ryu applications
ryuapprest_topology Get node and link dataryuappws_topology Being notified change of link updownryuappofctl_rest Get flows of datapaths
321 Usage
Run mininet (or join your real environment)
$ sudo mn --controller remote --topo treedepth=3
Run GUI application
$ PYTHONPATH= binryu run --observe-links ryuappgui_topologygui_topologypy
Access httpltip address of ryu hostgt8080 with your web browser
24 Chapter 3 Configuration
ryu Documentation Release 330
322 Screenshot
32 Topology Viewer 25
ryu Documentation Release 330
26 Chapter 3 Configuration
CHAPTER 4
Tests
41 Testing VRRP Module
This page describes how to test Ryu VRRP service
411 Running integrated tests
Some testing scripts are available
bull ryutestsintegratedtest_vrrp_linux_multipy
bull ryutestsintegratedtest_vrrp_multipy
Each files include how to run in the comment Please refer to it
412 Running multiple Ryu VRRP in network namespace
The following command lines set up necessary bridges and interfaces
And then run RYU-VRRP
ip netns add gateway1 ip netns add gateway2
brctl addbr vrrp-br0 brctl addbr vrrp-br1
ip link add veth0 type veth peer name veth0-br0 ip link add veth1 type veth peer name veth1-br0 ip link add veth2 type veth peer name veth2-br0 ip link add veth3 type veth peer name veth3-br1 ip link add veth4 type veth peer name veth4-br1 ip link add veth5 type veth peer name veth5-br1
brctl addif vrrp-br0 veth0-br0 brctl addif vrrp-br0 veth1-br0 brctl addif vrrp-br0 veth2-br0 brctl addif vrrp-br1 veth3-br1 brctl addif vrrp-br1 veth4-br1 brctl addif vrrp-br1 veth5-br1
ip link set vrrp-br0 up
27
ryu Documentation Release 330
ip link set vrrp-br1 up
ip link set veth0 up ip link set veth0-br0 up ip link set veth1-br0 up ip link set veth2-br0 up ip link set veth3-br1 up ip link set veth4-br1 up ip link set veth5 up ip link set veth5-br1 up
ip link set veth1 netns gateway1 ip link set veth2 netns gateway2 ip link set veth3 netns gateway1 ip link set veth4 netns gateway2
ip netns exec gateway1 ip link set veth1 up ip netns exec gateway2 ip link set veth2 up ip netns exec gateway1 ip link set veth3 up ip netns exec gateway2 ip link set veth4 up
ip netns exec gateway1 ryu-vrrp veth1 10002 254 ip netns exec gateway2 ryu-vrrp veth2 10003 100
Caveats
Please make sure that all interfaces and bridges are UP Donrsquot forget interfaces in netns gateway1gateway2
^ veth5|V veth5-br1
-----------------------|Linux Brirge vrrp-br1|-----------------------
veth3-br1^ ^ veth4-br1| |
veth3V V veth4---------- ----------|netns | |netns ||gateway1| |gateway2||ryu-vrrp| |ryu-vrrp|---------- ----------veth1^ ^ veth2
| |veth1-br0V V veth2-br0
-----------------------|Linux Brirge vrrp-br0|-----------------------
^ veth0-br0|V veth0
Herersquos the helper executable ryu-vrrp
usrbinenv python Copyright (C) 2013 Nippon Telegraph and Telephone Corporation
28 Chapter 4 Tests
ryu Documentation Release 330
Copyright (C) 2013 Isaku Yamahata ltyamahata at valinux co jpgt Licensed under the Apache License Version 20 (the License) you may not use this file except in compliance with the License You may obtain a copy of the License at httpwwwapacheorglicensesLICENSE-20 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied See the License for the specific language governing permissions and limitations under the License
from ryulib import hubhubpatch()
TODO Right now we have our own patched copy of ovs python bindings Once our modification is upstreamed and widely deployed use it NOTE this modifies syspath and thus affects the following imports eg osloconfigcfgimport ryucontrib
from osloconfig import cfgimport loggingimport netaddrimport sysimport time
from ryu import loglogearly_init_log(loggingDEBUG)
from ryu import flagsfrom ryu import versionfrom ryubase import app_managerfrom ryucontroller import controllerfrom ryulib import mac as lib_macfrom ryulibpacket import vrrpfrom ryuservicesprotocolsvrrp import api as vrrp_apifrom ryuservicesprotocolsvrrp import event as vrrp_event
CONF = cfgCONF
_VRID = 7_IP_ADDRESS = 10001_PRIORITY = 100
class VRRPTestRouter(app_managerRyuApp)def __init__(self args kwargs)
super(VRRPTestRouter self)__init__(args kwargs)print argsselfloggerdebug(vrrp_config s args)
41 Testing VRRP Module 29
ryu Documentation Release 330
self_ifname = args[0]self_primary_ip_address = args[1]self_priority = int(args[2])
def start(self)print starthubspawn(self_main)
def _main(self)print selfinterface = vrrp_eventVRRPInterfaceNetworkDevice(
lib_macDONTCARE self_primary_ip_address None self_ifname)selfloggerdebug(s interface)
ip_addresses = [_IP_ADDRESS]config = vrrp_eventVRRPConfig(
version=vrrpVRRP_VERSION_V3 vrid=_VRID priority=self_priorityip_addresses=ip_addresses)
selfloggerdebug(s config)
rep = vrrp_apivrrp_config(self interface config)selfloggerdebug(s rep)
def main()vrrp_config = sysargv[-3]sysargv = sysargv[-3]CONF(project=ryu version=ryu-vrrp s version)
loginit_log() always enable ofp for nowapp_lists = [ryuservicesprotocolsvrrpmanager
ryuservicesprotocolsvrrpdumperryuservicesprotocolsvrrpsample_manager]
app_mgr = app_managerAppManagerget_instance()app_mgrload_apps(app_lists)contexts = app_mgrcreate_contexts()app_mgrinstantiate_apps(contexts)vrrp_router = app_mgrinstantiate(VRRPTestRouter vrrp_config contexts)vrrp_routerstart()
while Truetimesleep(999999)
app_mgrclose()
if __name__ == __main__main()
42 Testing OF-config support with LINC
This page describes how to setup LINC and test Ryu OF-config with it
The procedure is as follows Although all the procedure is written for readerrsquos convenience please refer to LINC
30 Chapter 4 Tests
ryu Documentation Release 330
document for latest informations of LINC
httpsgithubcomFlowForwardingLINC-Switch
The test procedure
bull install Erlang environment
bull build LINC
bull configure LINC switch
bull setup for LINC
bull run LINC switch
bull run Ryu test_of_config app
For gettinginstalling Ryu itself please refer to httposrggithubioryu
421 Install Erlang environment
Since LINC is written in Erlang you need to install Erlang execution environment Required version is R15B+
The easiest way is to use binary package from httpswwwerlang-solutionscomdownloadsdownload-erlang-otp
The distribution may also provide Erlang package
422 build LINC
install necessary packages for build
install necessary build tools
On Ubuntu
apt-get install git-core bridge-utils libpcap08 libpcap-dev libcap2-bin uml-utilities
On RedHatCentOS
yum install git sudo bridge-utils libpcap libpcap-devel libcap tunctl
Note that on RedHatCentOS 5x you need a newer version of libpcap
yum erase libpcap libpcap-devel yum install flex byacc wget httpwwwtcpdumporgreleaselibpcap-121targz tar xzf libpcap-121targz cd libpcap-121 configure make ampamp make install
get LINC repo and built
Clone LINC repo
git clone gitgithubcomFlowForwardingLINC-Switchgit
42 Testing OF-config support with LINC 31
ryu Documentation Release 330
Then compile everything
cd LINC-Switch make
Note At the time of this writing test_of_config fails due to a bug of LINC You can try this test with LINC which isbuilt by the following methods
cd LINC-Switch make cd depsof_config git reset --hard f772af4b765984381ad024ca8e5b5b8c54362638 cd make offline
423 Setup LINC
edit LINC switch configuration file rellincreleases01sysconfig Here is the sample sysconfig fortest_of_configpy to run
[linc[of_configenabledcapable_switch_ports
[port1[interfacelinc-port]port2[interfacelinc-port2]port3[interfacelinc-port3]port4[interfacelinc-port4]]
capable_switch_queues[queue991[min_rate10max_rate120]queue992[min_rate10max_rate130]queue993[min_rate200max_rate300]queue994[min_rate400max_rate900]]
logical_switches[switch0
[backendlinc_us4controllers[Switch0-Default-Controller1270016633tcp]controllers_listener1270019998tcpqueues_statusenabledports[port1queues[]port2queues[991992]]]
switch7[backendlinc_us3controllers[Switch7-Controller1270016633tcp]controllers_listenerdisabledqueues_statusenabledports[port4queues[]port3queues[993994]]]
]]enetconf
[capabilities[base10base11startup10writable-running10]
callback_modulelinc_ofconfig
32 Chapter 4 Tests
ryu Documentation Release 330
sshd_ip127001sshd_port1830sshd_user_passwords[linclinc]]
lager[handlers
[lager_console_backenddebuglager_file_backend
[logerrorlogerror10485760$D05logconsoleloginfo10485760$D05]]]
sasl[sasl_error_loggerfilelogsasl-errorlogerrlog_typeerrorerror_logger_mf_dirlogsaslerror_logger_mf_maxbytes10485760error_logger_mf_maxfiles5]
sync[excluded_modules[procket]]]
424 setup for LINC
As the above sysconfig requires some network interface create them
ip link add linc-port type veth peer name linc-port-peer ip link set linc-port up ip link add linc-port2 type veth peer name linc-port-peer2 ip link set linc-port2 up ip link add linc-port3 type veth peer name linc-port-peer3 ip link set linc-port3 up ip link add linc-port4 type veth peer name linc-port-peer4 ip link set linc-port4 up
After stopping LINC those created interfaces can be deleted
ip link delete linc-port ip link delete linc-port2 ip link delete linc-port3 ip link delete linc-port4
425 Starting LINC OpenFlow switch
Then run LINC
rellincbinlinc console
426 Run Ryu test_of_config app
Run test_of_config app
ryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
If you donrsquot install ryu and are working in the git repo directly
PYTHONPATH= binryu-manager --verbose ryutestsintegratedtest_of_config ryuapprest
42 Testing OF-config support with LINC 33
ryu Documentation Release 330
34 Chapter 4 Tests
CHAPTER 5
Using Ryu Network Operating System with OpenStack as OpenFlowcontroller
Ryu cooperates with OpenStack using Quantum Ryu plugin The plugin is available in the official Quantum releases
For more information please visit httpgithubcomosrgryuwikiOpenStack We described instructions of the in-stallation configuration of OpenStack with Ryu and we provide pre-configured VM image to be able to easily tryOpenStack with Ryu
bull OpenStack httpwwwopenstackorg
bull Quantum httpsgithubcomopenstackquantum
35
ryu Documentation Release 330
36 Chapter 5 Using Ryu Network Operating System with OpenStack as OpenFlow controller
CHAPTER 6
Snort Intergration
This document describes how to integrate Ryu with Snort
61 Overview
There are two options can send alert to Ryu controller The Option 1 is easier if you just want to demonstrate or testSince Snort need very large computation power for analyzing packets you can choose Option 2 to separate them
[Option 1] Ryu and Snort are on the same machine
+---------------------+| unixsock || Ryu == snort |+----eth0-----eth1----+
| |+-------+ +----------+ +-------+| HostA |---| OFSwitch |---| HostB |+-------+ +----------+ +-------+
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Unix Domain Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
[Option 2] Ryu and Snort are on the different machines
+---------------+| Snort eth0--|| Sniffer | |+-----eth1------+ |
| |+-------+ +----------+ +-----------+| HostA |---| OFSwitch |---| LAN (CP) |+-------+ +----------+ +-----------+
| |+----------+ +----------+| HostB | | Ryu |+----------+ +----------+
CP Control Plane
The above depicts Ryu and Snort architecture Ryu receives Snort alert packet via Network Socket To monitorpackets between HostA and HostB installing a flow that mirrors packets to Snort
37
ryu Documentation Release 330
62 Installation Snort
Snort is an open source network intrusion prevention and detectionsystem developed by Sourcefire If you are notfamiliar with installingsetting up Snort please referto snort setup guides
httpwwwsnortorgdocuments
63 Configure Snort
The configuration example is below
bull Add a snort rules file into etcsnortrules named Myrulesrules
alert icmp any any -gt any any (msgPingingsid1000004)alert tcp any any -gt any 80 (msgPort 80 is accessing sid1000003)
bull Add the custom rules in etcsnortsnortconf
include $RULE_PATHMyrulesrules
Configure NIC as a promiscuous mode
$ sudo ifconfig eth1 promisc
64 Usage
[Option 1]
1 Modify the simple_switch_snortpy
socket_config = unixsock True True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application
$ sudo binryu-manager ryuappsimple_switch_snortpy
The incoming packets will all mirror to port 3 which should be connect to Snort network interface You can modifythe mirror port by assign a new value in the selfsnort_port = 3 of simple_switch_snortpy
3 Run Snort
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
5 You can see the result under next section
[Option 2]
1 Modify the simple_switch_snortpy
38 Chapter 6 Snort Intergration
ryu Documentation Release 330
socket_config = unixsock False True Unix Domain Socket Server [Option1] False Network Socket Server [Option2]
2 Run Ryu with sample application (On the Controller)
$ binryu-manager ryuappsimple_switch_snortpy
3 Run Snort (On the Snort machine)
$ sudo -i$ snort -i eth1 -A unsock -l tmp -c etcsnortsnortconf
4 Run pigrelaypy (On the Snort machine)
$ sudo python pigrelaypy
This program listening snort alert messages from unix domain socket and sending it to Ryu using network socket
You can clone the source code from this repo httpsgithubcomJohn-Linpigrelay
5 Send an ICMP packet from HostA (192168840) to HostB (192168850)
$ ping 192168850
6 You can see the alert message below
alertmsg Pingingicmp(code=0csum=19725data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=8)
ipv4(csum=42562dst=192168850flags=0header_length=5identification=724offset=0option=Noneproto=1src=192168840tos=0total_length=60ttl=128version=4)
ethernet(dst=0023545a0514ethertype=2048src=0023546c1d17)
alertmsg Pingingicmp(code=0csum=21773data=echo(data=array(B [97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 97 98 99 100 101 102 103 104 105])id=1seq=78)type=0)
ipv4(csum=52095dst=192168840flags=0header_length=5identification=7575offset=0option=Noneproto=1src=192168850tos=0total_length=60ttl=64version=4)
64 Usage 39
ryu Documentation Release 330
40 Chapter 6 Snort Intergration
CHAPTER 7
Built-in Ryu applications
Ryu has some built-in Ryu applications Some of them are examples Others provide some functionalities to otherRyu applications
71 ryuappofctl
ryuappofctl provides a convenient way to use OpenFlow messages synchronously
OfctlService ryu application is automatically loaded if your Ryu application imports ofctlapi module
Example
import ryuappofctlapi
OfctlService application internally uses OpenFlow barrier messages to ensure message boundaries As OpenFlowmessages are asynchronous and some of messages does not have any replies on success barriers are necessary forcorrect error handling
711 api module
712 exceptions
exception ryuappofctlexceptionInvalidDatapath(result)Datapath is invalid
This can happen when the bridge disconnects
exception ryuappofctlexceptionOFError(result)OFPErrorMsg is received
exception ryuappofctlexceptionUnexpectedMultiReply(result)Two or more replies are received for reply_muiti=False request
72 ryuappofctl_rest
ryuappofctl_rest provides REST APIs for retrieving the switch stats and Updating the switch stats This applicationhelps you debug your application and get various statistics
This application supports OpenFlow version 10 12 and 13
41
ryu Documentation Release 330
Contents
bull ryuappofctl_restndash Retrieve the switch stats
Get all switches Get the desc stats Get all flows stats Get flows stats filtered by fields Get aggregate flow stats Get aggregate flow stats filtered by fields Get table stats Get table features Get ports stats Get ports description Get queues stats Get queues config Get groups stats Get group description stats Get group features stats Get meters stats Get meter config stats Get meter features stats
ndash Update the switch stats Add a flow entry Modify all matching flow entries Modify flow entry strictly Delete all matching flow entries Delete flow entry strictly Delete all flow entries Add a group entry Modify a group entry Delete a group entry Modify the behavior of the port Add a meter entry Modify a meter entry Delete a meter entry
ndash Support for experimenter multipart Send a experimenter message
ndash Reference Description of Match and Actions Description of Match on request messages Description of Actions on request messages
721 Retrieve the switch stats
Get all switches
Get the list of all switches which connected to the controller
Usage
Method GETURI statsswitches
42 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Response message body
Attribute Description Exampledpid Datapath ID 1
Example of use
$ curl -X GET httplocalhost8080statsswitches
[123
]
Note The result of the REST command is formatted for easy viewing
Get the desc stats
Get the desc stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomfr_desc Manufacturer description ldquoNicira Incrdquohw_desc Hardware description ldquoOpen vSwitchrdquosw_desc Software description ldquo2390rdquoserial_num Serial number ldquoNonerdquodp_desc Human readable description of datapath ldquoNonerdquo
Example of use
$ curl -X GET httplocalhost8080statsdesc1
1
mfr_desc Nicira Inchw_desc Open vSwitchsw_desc 2390serial_num Nonedp_desc None
Get all flows stats
Get all flows stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 43
ryu Documentation Release 330
Method GETURI statsflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquolength Length of this entry 88table_id Table ID 0duration_sec Time flow has been alive in seconds 2dura-tion_nsec
Time flow has been alive in nanoseconds beyondduration_sec
676e+08
priority Priority of the entry 11111idle_timeout Number of seconds idle before expiration 0hard_timeout Number of seconds before expiration 0flags Bitmap of OFPFF_ flags 1cookie Opaque controller-issued identifier 1packet_count Number of packets in flow 0byte_count Number of bytes in flow 0match Fields to match ldquoin_portrdquo
1actions Instruction set [rdquoOUT-
PUT2rdquo]
Example of use
$ curl -X GET httplocalhost8080statsflow1
1 [
length 88table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0flags 1cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
Get flows stats filtered by fields
Get flows stats of the switch filtered by the OFPFlowStats fields This is POST method version of Get allflows stats
44 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Usage
Method POSTURI statsflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get all flows stats
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsflow1
1 [
table_id 0duration_sec 2duration_nsec 676e+08priority 11111idle_timeout 0hard_timeout 0cookie 1packet_count 0byte_count 0match in_port 1
actions [OUTPUT2
]
]
72 ryuappofctl_rest 45
ryu Documentation Release 330
Get aggregate flow stats
Get aggregate flow stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsaggregateflowltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquopacket_count Number of packets in flows 18byte_count Number of bytes in flows 756flow_count Number of flows 3
Example of use
$ curl -X GET httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get aggregate flow stats filtered by fields
Get aggregate flow stats of the switch filtered by the OFPAggregateStats fields This is POST methodversion of Get aggregate flow stats
Usage
Method POSTURI statsaggregateflowltdpidgt
Request message body
Attribute Description Example Defaulttable_id Table ID (int) 0 OF-
PTT_ALLout_port Require matching entries to include this as an
output port (int)2 OFPP_ANY
out_group Require matching entries to include this as anoutput group (int)
1 OFPG_ANY
cookie Require matching entries to contain this cookievalue (int)
1 0
cookie_maskMask used to restrict the cookie bits that mustmatch (int)
1 0
match Fields to match (dict) ldquoin_portrdquo1
wild-carded
Response message body The same as Get aggregate flow stats
46 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Example of use
$ curl -X POST -d table_id 0out_port 2cookie 1cookie_mask 1match
in_port1
httplocalhost8080statsaggregateflow1
1 [
packet_count 18byte_count 756flow_count 3
]
Get table stats
Get table stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstableltdpidgt
Response message body(OpenFlow10)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomax_entries Max number of entries supported 1e+06wildcards Bitmap of OFPFW_ wildcards that are
supported by the table[rdquoIN_PORTrdquordquoDL_VLANrdquo]
ac-tive_count
Number of active entries 0
lookup_count Number of packets looked up in table 8matched_countNumber of packets that hit table 0
Response message body(OpenFlow12)
72 ryuappofctl_rest 47
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquoclassifierrdquomatch Bitmap of (1 ltlt OFPXMT_) that indicate the
fields the table can match on[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
wild-cards
Bitmap of (1 ltlt OFPXMT_) wildcards that aresupported by the table
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
write_actionsBitmap of OFPAT_ that are supported by thetable with OFPIT_WRITE_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
ap-ply_actions
Bitmap of OFPAT_ that are supported by thetable with OFPIT_APPLY_ACTIONS
[rdquoOUT-PUTrdquordquoSET_MPLS_TTLrdquo]
write_setfieldsBitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_WRITE_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
ap-ply_setfields
Bitmap of (1 ltlt OFPXMT_) header fields thatcan be set with OFPIT_APPLY_ACTIONS
[rdquoOFB_IN_PORTrdquordquoOFB_METADATArdquo]
meta-data_match
Bits of metadata table can match 18446744073709552000
meta-data_write
Bits of metadata table can write 18446744073709552000
instruc-tions
Bitmap of OFPIT_ values supported [rdquoGOTO_TABLErdquordquoWRITE_METADATArdquo]
config Bitmap of OFPTC_ values []max_entriesMax number of entries supported 1e+06ac-tive_count
Number of active entries 0
lookup_countNumber of packets looked up in table 0matched_countNumber of packets that hit table 8
Response message body(OpenFlow13)
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0active_count Number of active entries 0lookup_count Number of packets looked up in table 8matched_count Number of packets that hit table 0
Example of use
$ curl -X GET httplocalhost8080statstable1
Response (OpenFlow10)
1 [
table_id 0lookup_count 8max_entries 1e+06active_count 0name classifiermatched_count 0wildcards [IN_PORTDL_VLAN
48 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
]
table_id 253lookup_count 0max_entries 1e+06active_count 0name table253matched_count 0wildcards [IN_PORTDL_VLAN]
]
Response (OpenFlow12)
1 [
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions[GOTO_TABLEWRITE_METADATA]table_id 0metadata_match 18446744073709552000lookup_count 8wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name classifiermatched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0
72 ryuappofctl_rest 49
ryu Documentation Release 330
max_entries 1e+06
apply_setfields [OFB_IN_PORTOFB_METADATA]match [OFB_IN_PORTOFB_METADATA]metadata_write 18446744073709552000config []instructions [GOTO_TABLEWRITE_METADATA]table_id 253metadata_match 18446744073709552000lookup_count 0wildcards [OFB_IN_PORTOFB_METADATA]write_setfields [OFB_IN_PORTOFB_METADATA]write_actions [OUTPUTSET_MPLS_TTL]name table253matched_count 0apply_actions [OUTPUTSET_MPLS_TTL]active_count 0max_entries 1e+06
]
Response (OpenFlow13)
1 [
active_count 0table_id 0lookup_count 8matched_count 0
active_count 0table_id 253
50 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
lookup_count 0matched_count 0
]
Get table features
Get table features of the switch which specified with Datapath ID in URI
Usage
Method GETURI statstablefeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquotable_id Table ID 0name Name of Table ldquotable_0rdquometa-data_match
Bits of metadata table canmatch
18446744073709552000
meta-data_write
Bits of metadata table canwrite
18446744073709552000
config Bitmap of OFPTC_ values 0max_entries Max number of entries
supported4096
properties structofp_table_feature_prop_header
[ldquotyperdquoldquoINSTRUCTIONSrdquordquoinstruction_idsrdquo[]]
Example of use
$ curl -X GET httplocalhost8080statstablefeatures1
1 [
metadata_write 18446744073709552000config 0table_id 0metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]
72 ryuappofctl_rest 51
ryu Documentation Release 330
name table_0
metadata_write 18446744073709552000config 0table_id 1metadata_match 18446744073709552000max_entries 4096properties [type INSTRUCTIONSinstruction_ids [len 4type 1
]
]name table_1
]
Get ports stats
Get ports stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsportltdpidgt
Response message body
52 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquoport_no Port number 1rx_packets Number of received packets 9tx_packets Number of transmitted packets 6rx_bytes Number of received bytes 738tx_bytes Number of transmitted bytes 252rx_dropped Number of packets dropped by RX 0tx_dropped Number of packets dropped by TX 0rx_errors Number of receive errors 0tx_errors Number of transmit errors 0rx_frame_err Number of frame alignment errors 0rx_over_err Number of packets with RX overrun 0rx_crc_err Number of CRC errors 0collisions Number of collisions 0duration_sec Time port has been alive in seconds 12dura-tion_nsec
Time port has been alive in nanoseconds beyondduration_sec
976e+08
Example of use
$ curl -X GET httplocalhost8080statsport1
1 [
port_no 1rx_packets 9tx_packets 6rx_bytes 738tx_bytes 252rx_dropped 0tx_dropped 0rx_errors 0tx_errors 0rx_frame_err 0rx_over_err 0rx_crc_err 0collisions 0duration_sec 12duration_nsec 976e+08
]
Get ports description
Get ports description of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 53
ryu Documentation Release 330
Method GETURI statsportdescltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1hw_addr Ethernet hardware address ldquo0ab6d00ce1d7rdquoname Name of port ldquos1-eth1rdquoconfig Bitmap of OFPPC_ flags 0state Bitmap of OFPPS_ flags 0curr Current features 2112advertised Features being advertised by the port 0supported Features supported by the port 0peer Features advertised by peer 0curr_speed Current port bitrate in kbps 1e+07max_speed Max port bitrate in kbps 0
Example of use
$ curl -X GET httplocalhost8080statsportdesc1
1 [
port_no 1hw_addr 0ab6d00ce1d7name s1-eth1config 0state 0curr 2112advertised 0supported 0peer 0curr_speed 1e+07max_speed 0
]
Get queues stats
Get queues stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsqueueltdpidgt
Response message body
54 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquoport_no Port number 1queue_id Queue ID 0tx_bytes Number of transmitted bytes 0tx_packets Number of transmitted packets 0tx_errors Number of packets dropped due to overrun 0duration_sec Time queue has been alive in seconds 4294963425dura-tion_nsec
Time queue has been alive in nanoseconds beyondduration_sec
3912967296
Example of use
$ curl -X GET httplocalhost8080statsqueue1
1 [
port_no 1queue_id 0tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
port_no 1queue_id 1tx_bytes 0tx_packets 0tx_errors 0duration_sec 4294963425duration_nsec 3912967296
]
Get queues config
Get queues config of the switch which specified with Datapath ID and Port in URI
Usage
Method GETURI statsqueueconfigltdpidgtltportgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoport Port which was queried 1queues struct ofp_packet_queuendashqueue_id
ID for the specific queue 2
ndash port Port this queue is attached to 0ndashproperties
struct ofp_queue_prop_headerproperties
[ldquopropertyrdquo ldquoMIN_RATErdquordquoraterdquo80]
72 ryuappofctl_rest 55
ryu Documentation Release 330
Example of use
$ curl -X GET httplocalhost8080statsqueueconfig11
1 [
port 1queues [properties [property MIN_RATErate 80
]port 0queue_id 1
properties [property MAX_RATErate 120
]port 2queue_id 2
properties [property EXPERIMENTERdata []experimenter 999
]port 3queue_id 3
]
]
Get groups stats
Get groups stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupltdpidgt
Response message body
56 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquolength Length of this entry 56group_id Group ID 1ref_count Number of flows or groups that directly forward to this
group1
packet_count Number of packets processed by group 0byte_count Number of bytes processed by group 0duration_sec Time group has been alive in seconds 161duration_nsec Time group has been alive in nanoseconds beyond
duration_sec303e+08
bucket_stats struct ofp_bucket_counterndashpacket_count
Number of packets processed by bucket 0
ndash byte_count Number of bytes processed by bucket 0
Example of use
$ curl -X GET httplocalhost8080statsgroup1
1 [
length 56group_id 1ref_count 1packet_count 0byte_count 0duration_sec 161duration_nsec 303e+08bucket_stats [packet_count 0byte_count 0
]
]
Get group description stats
Get group description stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupdescltdpidgt
Response message body
72 ryuappofctl_rest 57
ryu Documentation Release 330
Attribute Description Exampledpid Datapath ID ldquo1rdquotype One of OFPGT_ ldquoALLrdquogroup_id Group ID 1buckets struct ofp_bucketndash weight Relative weight of bucket (Only defined for select groups) 0ndashwatch_port
Port whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndashwatch_group
Group whose state affects whether this bucket is live (Onlyrequired for fast failover groups)
4294967295
ndash actions 0 or more actions associated with the bucket [rdquoOUT-PUT1rdquo]
Example of use
$ curl -X GET httplocalhost8080statsgroupdesc1
1 [
type ALLgroup_id 1buckets [weight 0watch_port 4294967295watch_group 4294967295actions [OUTPUT1
]
]
]
Get group features stats
Get group features stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsgroupfeaturesltdpidgt
Response message body
58 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example
dpid Datapath ID ldquo1rdquotypes Bitmap of (1 ltlt OFPGT_)
values supported[]
capabil-ities
Bitmap of OFPGFC_capability supported
[rdquoSE-LECT_WEIGHTrdquordquoSELECT_LIVENESSrdquordquoCHAININGrdquo]
max_groupsMaximum number of groupsfor each type
[ldquoALLrdquo 4294967040]
actions Bitmaps of (1 ltlt OFPAT_)values supported
[ldquoALLrdquo [rdquoOUTPUTrdquo]]
Example of use
$ curl -X GET httplocalhost8080statsgroupfeatures1
1 [
types []capabilities [SELECT_WEIGHTSELECT_LIVENESSCHAINING
]max_groups [ALL 4294967040
SELECT 4294967040
INDIRECT 4294967040
FF 4294967040
]actions [ALL [OUTPUTCOPY_TTL_OUTCOPY_TTL_INSET_MPLS_TTLDEC_MPLS_TTLPUSH_VLANPOP_VLANPUSH_MPLSPOP_MPLSSET_QUEUEGROUPSET_NW_TTLDEC_NW_TTLSET_FIELD
]
72 ryuappofctl_rest 59
ryu Documentation Release 330
SELECT []
INDIRECT []
FF []
]
]
Get meters stats
Get meters stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterltdpidgt
Response message body
Attribute Description Exam-ple
dpid Datapath ID ldquo1rdquometer_id Meter ID 1len Length in bytes of this stats 56flow_count Number of flows bound to meter 0packet_in_count Number of packets in input 0byte_in_count Number of bytes in input 0duration_sec Time meter has been alive in seconds 37duration_nsec Time meter has been alive in nanoseconds beyond
duration_sec988000
band_stats struct ofp_meter_band_statsndashpacket_band_count
Number of packets in band 0
ndash byte_band_count Number of bytes in band 0
Example of use
$ curl -X GET httplocalhost8080statsmeter1
1 [
meter_id 1len 56flow_count 0packet_in_count 0byte_in_count 0duration_sec 37duration_nsec 988000band_stats [
60 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
packet_band_count 0byte_band_count 0
]
]
Get meter config stats
Get meter config stats of the switch which specified with Datapath ID in URI
Usage
Method GETURI statsmeterconfigltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquoflags All OFPMC_ that apply ldquoKBPSrdquometer_id Meter ID 1bands struct ofp_meter_band_headerndash type One of OFPMBT_ ldquoDROPrdquondash rate Rate for this band 1000ndash burst_size Size of bursts 0
Example of use
$ curl -X GET httplocalhost8080statsmeterconfig1
1 [
flags [KBPS
]meter_id 1bands [type DROPrate 1000burst_size 0
]
]
Get meter features stats
Get meter features stats of the switch which specified with Datapath ID in URI
Usage
72 ryuappofctl_rest 61
ryu Documentation Release 330
Method GETURI statsmeterfeaturesltdpidgt
Response message body
Attribute Description Exampledpid Datapath ID ldquo1rdquomax_meter Maximum number of meters 256band_types Bitmaps of (1 ltlt OFPMBT_) values
supported[rdquoDROPrdquo]
capabili-ties
Bitmaps of ldquoofp_meter_flagsrdquo [rdquoKBPSrdquo ldquoBURSTrdquoldquoSTATSrdquo]
max_bands Maximum bands per meters 16max_color Maximum color value 8
Example of use
$ curl -X GET httplocalhost8080statsmeterfeatures1
1 [
max_meter 256band_types [DROP
]capabilities [KBPSBURSTSTATS
]max_bands 16max_color 8
]
722 Update the switch stats
Add a flow entry
Add a flow entry to the switch
Usage
Method POSTURI statsflowentryadd
Request message body
62 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Note For description of match and actions please see Reference Description of Match and Actions
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 22222match
in_port1actions[
typeGOTO_TABLEtable_id 1
72 ryuappofctl_rest 63
ryu Documentation Release 330
] httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 33333match
in_port1actions[
typeWRITE_METADATAmetadata 1metadata_mask 1
]
httplocalhost8080statsflowentryadd
$ curl -X POST -d dpid 1priority 44444match
in_port1actions[
typeMETERmeter_id 1
]
httplocalhost8080statsflowentryadd
Note To confirm flow entry registration please see Get all flows stats or Get flows stats filtered by fields
Modify all matching flow entries
Modify all matching flow entries of the switch
Usage
Method POSTURI statsflowentrymodify
Request message body
64 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify
Modify flow entry strictly
Modify flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrymodify_strict
Request message body
72 ryuappofctl_rest 65
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
flags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrymodify_strict
Delete all matching flow entries
Delete all matching flow entries of the switch
Usage
Method POSTURI statsflowentrydelete
Request message body
66 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete
Delete flow entry strictly
Delete flow entry strictly matching wildcards and priority
Usage
Method POSTURI statsflowentrydelete_strict
Request message body
72 ryuappofctl_rest 67
ryu Documentation Release 330
At-tribute
Description Example Default
dpid Datapath ID (int) 1 (Mandatory)cookie Opaque controller-issued identifier
(int)1 0
cookie_maskMask used to restrict the cookie bits(int)
1 0
table_id Table ID to put the flow in (int) 0 0idle_timeoutIdle time before discarding (seconds)
(int)30 0
hard_timeoutMax time before discarding(seconds) (int)
30 0
priority Priority level of flow entry (int) 11111 0buffer_id Buffered packet to apply to or
OFP_NO_BUFFER (int)1 OFP_NO_BUFFER
out_port Output port (int) 1 OFPP_ANYout_group Output group (int) 1 OFPG_ANYflags Bitmap of OFPFF_ flags (int) 1 0match Fields to match (dict) ldquoin_portrdquo1
wildcardedactions Instruction set (list of dict) [ldquotyperdquordquoOUTPUTrdquo
ldquoportrdquo2][] DROP
Example of use
$ curl -X POST -d dpid 1cookie 1cookie_mask 1table_id 0idle_timeout 30hard_timeout 30priority 11111flags 1match
in_port1actions[
typeOUTPUTport 2
]
httplocalhost8080statsflowentrydelete_strict
Delete all flow entries
Delete all flow entries of the switch which specified with Datapath ID in URI
Usage
Method DELETEURI statsflowentryclearltdpidgt
Example of use
68 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X DELETE httplocalhost8080statsflowentryclear1
Add a group entry
Add a group entry to the switch
Usage
Method POSTURI statsgroupentryadd
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentryadd
Note To confirm group entry registration please see Get group description stats
Modify a group entry
Modify a group entry to the switch
72 ryuappofctl_rest 69
ryu Documentation Release 330
Usage
Method POSTURI statsgroupentrymodify
Request message body
At-tribute
Description Example De-fault
dpid Datapath ID (int) 1 (Manda-tory)
type One of OFPGT_ (string) ldquoALLrdquo ldquoALLrdquogroup_id Group ID (int) 1 0buckets struct ofp_bucketndashweight
Relative weight of bucket (Only defined forselect groups)
0 0
ndashwatch_port
Port whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPP_ANY
ndashwatch_group
Group whose state affects whether this bucket islive (Only required for fast failover groups)
4294967295 OFPG_ANY
ndashactions
0 or more actions associated with the bucket(list of dict)
[ldquotyperdquoldquoOUTPUTrdquoldquoportrdquo 1]
[]DROP
Example of use
$ curl -X POST -d dpid 1type ALLgroup_id 1buckets [
actions [
type OUTPUTport 1
]
]
httplocalhost8080statsgroupentrymodify
Delete a group entry
Delete a group entry to the switch
Usage
Method POSTURI statsgroupentrydelete
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)group_id Group ID (int) 1 0
Example of use
70 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
$ curl -X POST -d dpid 1group_id 1
httplocalhost8080statsgroupentrydelete
Modify the behavior of the port
Modify the behavior of the physical port
Usage
Method POSTURI statsportdescmodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)port_no Port number (int) 1 0config Bitmap of OFPPC_ flags (int) 1 0mask Bitmap of OFPPC_ flags to be changed (int) 1 0
Example of use
$ curl -X POST -d dpid 1port_no 1config 1mask 1 httplocalhost8080statsportdescmodify
Note To confirm port description please see Get ports description
Add a meter entry
Add a meter entry to the switch
Usage
Method POSTURI statsmeterentryadd
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
72 ryuappofctl_rest 71
ryu Documentation Release 330
$ curl -X POST -d dpid 1flags KBPSmeter_id 1bands [
type DROPrate 1000
]
httplocalhost8080statsmeterentryadd
Note To confirm meter entry registration please see Get meter config stats
Modify a meter entry
Modify a meter entry to the switch
Usage
Method POSTURI statsmeterentrymodify
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)flags Bitmap of OFPMF_ flags (list) [rdquoKBPSrdquo] [] Emptymeter_id Meter ID (int) 1 0bands struct ofp_meter_band_headerndash type One of OFPMBT_ (string) ldquoDROPrdquo Nonendash rate Rate for this band (int) 1000 Nonendash burst_size Size of bursts (int) 100 None
Example of use
$ curl -X POST -d dpid 1meter_id 1flags KBPSbands [
type DROPrate 1000
]
httplocalhost8080statsmeterentrymodify
Delete a meter entry
Delete a meter entry to the switch
Usage
Method POSTURI statsmeterentrydelete
72 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)meter_id Meter ID (int) 1 0
Example of use
$ curl -X POST -d dpid 1meter_id 1
httplocalhost8080statsmeterentrydelete
723 Support for experimenter multipart
Send a experimenter message
Send a experimenter message to the switch which specified with Datapath ID in URI
Usage
Method POSTURI statsexperimenterltdpidgt
Request message body
Attribute Description Example Defaultdpid Datapath ID (int) 1 (Mandatory)experimenter Experimenter ID (int) 1 0exp_type Experimenter defined (int) 1 0data_type Data format type (ldquoasciirdquo or ldquobase64rdquo) ldquoasciirdquo ldquoasciirdquodata Data to send (string) ldquodatardquo ldquordquo Empty
Example of use
$ curl -X POST -d dpid 1experimenter 1exp_type 1data_type asciidata data httplocalhost8080statsexperimenter1
724 Reference Description of Match and Actions
Description of Match on request messages
List of Match fields (OpenFlow10)
72 ryuappofctl_rest 73
ryu Documentation Release 330
Matchfield
Description Example
in_port Input switch port (int) ldquoin_portrdquo 7dl_src Ethernet source address (string) ldquodl_srcrdquo ldquoaabbcc112233rdquodl_dst Ethernet destination address (string) ldquodl_dstrdquo ldquoaabbcc112233rdquodl_vlan Input VLAN id (int) ldquodl_vlanrdquo 5dl_vlan_pcp Input VLAN priority (int) ldquodl_vlan_pcprdquo 3 ldquodl_vlanrdquo 3dl_type Ethernet frame type (int) ldquodl_typerdquo 123nw_tos IP ToS (int) ldquonw_tosrdquo 16 ldquodl_typerdquo 2048nw_proto IP protocol or lower 8 bits of ARP
opcode (int)ldquonw_protordquo 5 ldquodl_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquodl_typerdquo 2048
nw_dst IPv4 destination address (string) ldquonw_dstrdquo ldquo1921680124rdquoldquodl_typerdquo 2048
tp_src TCPUDP source port (int) ldquotp_srcrdquo 1 ldquonw_protordquo 6ldquodl_typerdquo 2048
tp_dst TCPUDP destination port (int) ldquotp_dstrdquo 2 ldquonw_protordquo 6ldquodl_typerdquo 2048
Note IPv4 address field can be described as IP Prefix like as follows
IPv4 address
192168011921680224
List of Match fields (OpenFlow12 or later)
Match field Description Examplein_port Switch input port (int) ldquoin_portrdquo 7in_phy_port Switch physical input port
(int)ldquoin_phy_portrdquo 5 ldquoin_portrdquo3
metadata Metadata passed between ta-bles (int or string)
ldquometadatardquo 12345ldquometadatardquoldquo0x12120xffffrdquo
dl_dst Ethernet destination address(string)
ldquodl_dstrdquoldquoaabbcc11223300000000ffffrdquo
dl_src Ethernet source address(string)
ldquodl_srcrdquoldquoaabbcc112233rdquo
eth_dst Ethernet destination address(string)
ldquoeth_dstrdquoldquoaabbcc11223300000000ffffrdquo
eth_src Ethernet source address(string)
ldquoeth_srcrdquoldquoaabbcc112233rdquo
dl_type Ethernet frame type (int) ldquodl_typerdquo 123eth_type Ethernet frame type (int) ldquoeth_typerdquo 2048dl_vlan VLAN id (int or string) See Example of VLAN ID
match fieldvlan_vid VLAN id (int or string) See Example of VLAN ID
match fieldvlan_pcp VLAN priority (int) ldquovlan_pcprdquo 3 ldquovlan_vidrdquo
3Continued on next page
74 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleip_dscp IP DSCP (6 bits in ToS field)
(int)ldquoip_dscprdquo 3 ldquoeth_typerdquo2048
ip_ecn IP ECN (2 bits in ToS field)(int)
ldquoip_ecnrdquo 0 ldquoeth_typerdquo34525
nw_proto IP protocol (int) ldquonw_protordquo 5 ldquoeth_typerdquo2048
ip_proto IP protocol (int) ldquoip_protordquo 5 ldquoeth_typerdquo34525
tp_src Transport layer source port(int)
ldquotp_srcrdquo 1 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tp_dst Transport layer destinationport (int)
ldquotp_dstrdquo 2 ldquoip_protordquo 6ldquoeth_typerdquo 2048
nw_src IPv4 source address (string) ldquonw_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
nw_dst IPv4 destination address(string)
ldquonw_dstrdquoldquo1921680124rdquoldquoeth_typerdquo 2048
ipv4_src IPv4 source address (string) ldquoipv4_srcrdquo ldquo19216801rdquoldquoeth_typerdquo 2048
ipv4_dst IPv4 destination address(string)
ldquoipv4_dstrdquoldquo19216810102552552550rdquoldquoeth_typerdquo 2048
tcp_src TCP source port (int) ldquotcp_srcrdquo 3 ldquoip_protordquo 6ldquoeth_typerdquo 2048
tcp_dst TCP destination port (int) ldquotcp_dstrdquo 5 ldquoip_protordquo 6ldquoeth_typerdquo 2048
udp_src UDP source port (int) ldquoudp_srcrdquo 2 ldquoip_protordquo17 ldquoeth_typerdquo 2048
udp_dst UDP destination port (int) ldquoudp_dstrdquo 6 ldquoip_protordquo17 ldquoeth_typerdquo 2048
sctp_src SCTP source port (int) ldquosctp_srcrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
sctp_dst SCTP destination port (int) ldquosctp_dstrdquo 99 ldquoip_protordquo132 ldquoeth_typerdquo 2048
icmpv4_type ICMP type (int) ldquoicmpv4_typerdquo 5ldquoip_protordquo 1 ldquoeth_typerdquo2048
icmpv4_code ICMP code (int) ldquoicmpv4_coderdquo 6ldquoip_protordquo 1 ldquoeth_typerdquo2048
arp_op ARP opcode (int) ldquoarp_oprdquo 3 ldquoeth_typerdquo2054
arp_spa ARP source IPv4 address(string)
ldquoarp_spardquo ldquo192168011rdquoldquoeth_typerdquo 2054
arp_tpa ARP target IPv4 address(string)
ldquoarp_tpardquoldquo19216804424rdquoldquoeth_typerdquo 2054
arp_sha ARP source hardware address(string)
ldquoarp_shardquoldquoaabbcc112233rdquoldquoeth_typerdquo 2054
Continued on next page
72 ryuappofctl_rest 75
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Examplearp_tha ARP target hardware address
(string)ldquoarp_thardquoldquoaabbcc11223300000000ffffrdquoldquoeth_typerdquo 2054
ipv6_src IPv6 source address (string) ldquoipv6_srcrdquoldquo2001aaaabbbbcccc1111rdquoldquoeth_typerdquo 34525
ipv6_dst IPv6 destination address(string)
ldquoipv6_dstrdquoldquo2001ffffccccbbbb111164rdquoldquoeth_typerdquo 34525
ipv6_flabel IPv6 Flow Label (int) ldquoipv6_flabelrdquo 2ldquoeth_typerdquo 34525
icmpv6_type ICMPv6 type (int) ldquoicmpv6_typerdquo 3ldquoip_protordquo 58 ldquoeth_typerdquo34525
icmpv6_code ICMPv6 code (int) ldquoicmpv6_coderdquo 4ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_target Target address for NeighborDiscovery (string)
ldquoipv6_nd_targetrdquoldquo2001ffffccccbbbb1111rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_sll Source link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_sllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 135ldquoip_protordquo 58 ldquoeth_typerdquo34525
ipv6_nd_tll Target link-layer for Neigh-bor Discovery (string)
ldquoipv6_nd_tllrdquoldquoaabbcc112233rdquoldquoicmpv6_typerdquo 136ldquoip_protordquo 58 ldquoeth_typerdquo34525
mpls_label MPLS label (int) ldquompls_labelrdquo 3 ldquoeth_typerdquo34888
mpls_tc MPLS Traffic Class (int) ldquompls_tcrdquo 2 ldquoeth_typerdquo34888
mpls_bos MPLS BoS bit (int) ldquompls_bosrdquo 1 ldquoeth_typerdquo34888
pbb_isid PBB I-SID (int or string) ldquopbb_isidrdquo 5 ldquoeth_typerdquo35047
ldquopbb_isidrdquo ldquo0x050xffrdquoldquoeth_typerdquo 35047
tunnel_id Logical Port Metadata (int orstring)
ldquotunnel_idrdquo 7
ldquotunnel_idrdquo ldquo0x070xffrdquo
Continued on next page
76 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Table 71 ndash continued from previous pageMatch field Description Exampleipv6_exthdr IPv6 Extension Header
pseudo-field (int or string)ldquoipv6_exthdrrdquo 3ldquoeth_typerdquo 34525
ldquoipv6_exthdrrdquoldquo0x400x1F0rdquo ldquoeth_typerdquo34525
Note Some field can be described with mask like as follows
Ethernet address
aabbcc112233aabbcc11223300000000ffff
IPv4 address
1921680111921680442419216810102552552550
IPv6 address
2001ffffccccbbbb11112001ffffccccbbbb2222642001ffffccccbbbb2222ffffffffffffffff0
Metadata
0x12121212121212120x34343434343434340x01010101010101010
Example of VLAN ID match field
The following is available in OpenFlow10 or later
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 5actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
72 ryuappofctl_rest 77
ryu Documentation Release 330
Note When ldquodl_vlanrdquo field is described as decimal int value OFPVID_PRESENT(0x1000) bit is auto-matically applied
The following is available in OpenFlow12 or later
bull To match only packets without a VLAN tag
$ curl -X POST -d dpid 1match
dl_vlan 0x0000 Describe OFPVID_NONE(0x0000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with a VLAN tag regardless of its value
$ curl -X POST -d dpid 1match
dl_vlan 0x10000x1000 Describe OFPVID_PRESENT(0x10000x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
bull To match only packets with VLAN tag and VLAN ID equal value 5
$ curl -X POST -d dpid 1match
dl_vlan 0x1005 Describe sum of VLAN-ID(eg 5) | OFPVID_PRESENT(0x1000)actions[
typeOUTPUTport 1
]
httplocalhost8080statsflowentryadd
Note When using the descriptions for OpenFlow12 or later please describe ldquodl_vlanrdquo field as hexadec-imal string value and OFPVID_PRESENT(0x1000) bit is NOT automatically applied
78 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
Description of Actions on request messages
List of Actions (OpenFlow10)
Actions Description ExampleOUTPUT Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3SET_VLAN_VIDSet the 8021Q VLAN ID using
ldquovlan_vidrdquoldquotyperdquo ldquoSET_VLAN_VIDrdquoldquovlan_vidrdquo 5
SET_VLAN_PCPSet the 8021Q priority usingldquovlan_pcprdquo
ldquotyperdquo ldquoSET_VLAN_PCPrdquoldquovlan_pcprdquo 3
STRIP_VLANStrip the 8021Q header ldquotyperdquo ldquoSTRIP_VLANrdquoSET_DL_SRCSet ethernet source address using
ldquodl_srcrdquoldquotyperdquo ldquoSET_DL_SRCrdquo ldquodl_srcrdquoldquoaabbcc112233rdquo
SET_DL_DSTSet ethernet destination addressusing ldquodl_dstrdquo
ldquotyperdquo ldquoSET_DL_DSTrdquo ldquodl_dstrdquoldquoaabbcc112233rdquo
SET_NW_SRCIP source address using ldquonw_srcrdquo ldquotyperdquo ldquoSET_NW_SRCrdquoldquonw_srcrdquo ldquo10001rdquo
SET_NW_DSTIP destination address usingldquonw_dstrdquo
ldquotyperdquo ldquoSET_NW_DSTrdquoldquonw_dstrdquo ldquo10001rdquo
SET_NW_TOSSet IP ToS (DSCP field 6 bits)using ldquonw_tosrdquo
ldquotyperdquo ldquoSET_NW_TOSrdquo ldquonw_tosrdquo184
SET_TP_SRC Set TCPUDP source port usingldquotp_srcrdquo
ldquotyperdquo ldquoSET_TP_SRCrdquo ldquotp_srcrdquo8080
SET_TP_DST Set TCPUDP destination portusing ldquotp_dstrdquo
ldquotyperdquo ldquoSET_TP_DSTrdquo ldquotp_dstrdquo8080
ENQUEUE Output to queue with ldquoqueue_idrdquoattached to ldquoportrdquo
ldquotyperdquo ldquoENQUEUErdquo ldquoqueue_idrdquo3 ldquoportrdquo 1
List of Actions (OpenFlow12 or later)
72 ryuappofctl_rest 79
ryu Documentation Release 330
Actions Description ExampleOUT-PUT
Output packet from ldquoportrdquo ldquotyperdquo ldquoOUTPUTrdquo ldquoportrdquo 3
COPY_TTL_OUTCopy TTL outwards ldquotyperdquo ldquoCOPY_TTL_OUTrdquoCOPY_TTL_INCopy TTL inwards ldquotyperdquo ldquoCOPY_TTL_INrdquoSET_MPLS_TTLSet MPLS TTL using ldquompls_ttlrdquo ldquotyperdquo ldquoSET_MPLS_TTLrdquo
ldquompls_ttlrdquo 64DEC_MPLS_TTLDecrement MPLS TTL ldquotyperdquo ldquoDEC_MPLS_TTLrdquoPUSH_VLANPush a new VLAN tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_VLANrdquoldquoethertyperdquo 33024
POP_VLANPop the outer VLAN tag ldquotyperdquo ldquoPOP_VLANrdquoPUSH_MPLSPush a new MPLS tag with
ldquoethertyperdquoldquotyperdquo ldquoPUSH_MPLSrdquo ldquoethertyperdquo34887
POP_MPLSPop the outer MPLS tag withldquoethertyperdquo
ldquotyperdquo ldquoPOP_MPLSrdquo ldquoethertyperdquo2054
SET_QUEUESet queue id using ldquoqueue_idrdquo whenoutputting to a port
ldquotyperdquo ldquoSET_QUEUErdquo ldquoqueue_idrdquo7
GROUP Apply group identified byldquogroup_idrdquo
ldquotyperdquo ldquoGROUPrdquo ldquogroup_idrdquo 5
SET_NW_TTLSet IP TTL using ldquonw_ttlrdquo ldquotyperdquo ldquoSET_NW_TTLrdquo ldquonw_ttlrdquo64
DEC_NW_TTLDecrement IP TTL ldquotyperdquo ldquoDEC_NW_TTLrdquoSET_FIELDSet a ldquofieldrdquo using ldquovaluerdquo (The set
of keywords available for ldquofieldrdquo isthe same as match field)
See Example of set-field action
PUSH_PBBPush a new PBB service tag withldquoethertyperdquo
ldquotyperdquo ldquoPUSH_PBBrdquo ldquoethertyperdquo35047
POP_PBB Pop the outer PBB service tag ldquotyperdquo ldquoPOP_PBBrdquoGOTO_TABLE(Instruction) Setup the next table
identified by ldquotable_idrdquoldquotyperdquo ldquoGOTO_TABLErdquoldquotable_idrdquo 8
WRITE_METADATA(Instruction) Setup the metadatafield using ldquometadatardquo andldquometadata_maskrdquo
ldquotyperdquo ldquoWRITE_METADATArdquoldquometadatardquo 0x3 ldquometadata_maskrdquo0x3
METER (Instruction) Apply meter identifiedby ldquometer_idrdquo
ldquotyperdquo ldquoMETERrdquo ldquometer_idrdquo 3
WRITE_ACTIONS(Instruction) Write the action(s)onto the datapath action set
ldquotyperdquo ldquoWRITE_ACTIONSrdquoactionsrdquo[ldquotyperdquordquoPOP_VLANrdquoldquotyperdquordquoOUTPUTrdquo ldquoportrdquo 2]
CLEAR_ACTIONS(Instruction) Clears all actions fromthe datapath action set
ldquotyperdquo ldquoCLEAR_ACTIONSrdquo
Example of set-field action
To set VLAN ID to non-VLAN-tagged frame
actions[
type PUSH_VLAN Push a new VLAN tag if a input frame is non-VLAN-taggedethertype 33024 Ethertype 0x8100(=33024) IEEE 8021Q VLAN-tagged frame
type SET_FIELDfield vlan_vid Set VLAN ID
80 Chapter 7 Built-in Ryu applications
ryu Documentation Release 330
value 4102 Describe sum of vlan_id(eg 6) | OFPVID_PRESENT(0x1000=4096)
type OUTPUTport 2
]
72 ryuappofctl_rest 81
ryu Documentation Release 330
82 Chapter 7 Built-in Ryu applications
CHAPTER 8
Indices and tables
bull genindex
bull modindex
bull search
83
ryu Documentation Release 330
84 Chapter 8 Indices and tables
Python Module Index
rryuappofctlexception 41ryulibnetconf 8ryulibof_config 8ryulibovs 8ryulibxflow 8ryutopology 7
85
ryu Documentation Release 330
86 Python Module Index
Index
IInvalidDatapath 41
OOFError 41
Rryuappofctlexception (module) 41ryulibnetconf (module) 8ryulibof_config (module) 8ryulibovs (module) 8ryulibxflow (module) 8ryutopology (module) 7
UUnexpectedMultiReply 41
87
- Getting Started
-
- Whats Ryu
- Quick Start
- Optional Requirements
- Support
-
- Writing Your Ryu Application
-
- The First Application
- Components of Ryu
- Ryu application API
- Library
- OpenFlow protocol API Reference
- Nicira Extension Structures
- Ryu API Reference
-
- Configuration
-
- Setup TLS Connection
- Topology Viewer
-
- Tests
-
- Testing VRRP Module
- Testing OF-config support with LINC
-
- Using Ryu Network Operating System with OpenStack as OpenFlow controller
- Snort Intergration
-
- Overview
- Installation Snort
- Configure Snort
- Usage
-
- Built-in Ryu applications
-
- ryuappofctl
- ryuappofctl_rest
-
- Indices and tables
- Python Module Index
-