Version 12 (modified by 11 years ago) (diff) | ,
---|
Table of Contents
Federation Users Guide
This tutorial walks through using the federation command line tools to create and operate federated experiments. To simplify the tutorial, most of the experiments are actually federated withing DETERLab or between DETERLab and a desktop federant. The procedures generalize to more wide open federation.
In order to create federated experiments you will need permission to open holes in DETER's containment. Being able to connect across experiments or from an experiment to outside hosts means that users can send traffic that seems to originate from inside DETERLab - in fact some examples explain how to do that fairly generally. To get this privilege contact testbed operations.
Creating A Federated Experiment
We start by creating an experiment with the layout shown here:
Each square is a computer and each line a link. The layout is a simple dumbbell with nodes a and c as the ends of the inner "bar" and b, d, e, and f as the leaves. Nodes a, b, and d are in one testbed and c, e, f and f in another.
The following ns2 file is a description for such a topology:
# Simple federated topology, all on DETER # # SERVICE: project_export:deter/exp1::project=TIED # SERVICE: project_export:deter/exp2::project=TIED # set ns [new Simulator] source tb_compat.tcl set a [$ns node] set b [$ns node] set c [$ns node] set d [$ns node] set e [$ns node] set f [$ns node] tb-set-node-testbed $a "deter/exp1" tb-set-node-testbed $b "deter/exp1" tb-set-node-testbed $c "deter/exp2" tb-set-node-testbed $d "deter/exp1" tb-set-node-testbed $e "deter/exp2" tb-set-node-testbed $f "deter/exp2" set link0 [ $ns duplex-link $a $b 1Gb 0ms DropTail] set link1 [ $ns duplex-link $a $c 1Gb 0ms DropTail] set link2 [ $ns duplex-link $a $d 1Gb 0ms DropTail] set link3 [ $ns duplex-link $e $c 1Gb 0ms DropTail] set link4 [ $ns duplex-link $f $c 1Gb 0ms DropTail] $ns rtproto Static $ns run
A copy of that file is attached to this page.
Most of that file looks like any other simple DETERLab experiment layout, and one can swap it in on DETERLab directly and get a single experiment. The differences are
- The assignments of nodes to testbeds using
tb-set-node-testbed
- The assignments of projects within a testbed by the
SERVICE
directives in the comments
The this layout connects 2 experiment on DETERLab. This is because the testbeds are all prefixed with the deter
testbed name. The testbed/sub-testbed syntax allows multiple instantiations of experiments on the same testbed. This layout creates 2 experiment on DETERLab (DETERLab's experiment contoller? maps the deter
testbed name to DETERLab).
To create the federated experiment, execute the fedd_create.py command on users.isi.deterlab.net
:
users:~$ fedd_create.py --file federation1.tcl --experiment_name fed1
The parameters are the file containing the layout (federation1.tcl
) and the shorthand name the caller wants to use to refer to the federated experiment. The shorthand is a request. The experiment controller defines the namespace of experiments and will resolve conflicts. That is, if another user has already named an experiment fed1
on this controller, the controller with pick an new name.
This will run for a little while, as much as a few minutes. It is gathering rights to access remote testbeds and starting the sub-experiments on them. Shortly you will see something like:
localname: fed1 fedid: 6a4f58292d572c57ef612e3e44e5d8134196e550 status: starting
The localname
is the name that the controller picked for the federated experiment, usually the same as the experiment_name
parameter. If the output is different, the user will need to use that shorthand in subsequent commands.
The fedid
is a unique identifier that refers to this experiment. We discuss ways to use this below.
Assuming that status
is starting
the experiment is being created. If there has been a error, there will be an error message as well.
At any time a user can poll the current status of their federated experiment using the fedd_multistatus.py command. Run it like this on users.isi.deterlab.net
and you should see similar output:
users:~$ fedd_multistatus.py fed1:6a4f58292d572c57ef612e3e44e5d8134196e550:starting
The output is the experiment name, the experiment fedid, and the status, comma separated. If an experiment creation has failed the output will look more like:
users:~$ fedd_multistatus.py fed1:6a4f58292d572c57ef612e3e44e5d8134196e550:starting bad_experiment:da83eb06712a2006abeae34308c363b0ab0faa0a:failed
The experiment called bad_experiment
has failed to get created. When fed1 has finished swapping in (both parts) in DETERLab, the output will look like:
users:~$ fedd_multistatus.py fed1:6a4f58292d572c57ef612e3e44e5d8134196e550:active bad_experiment:da83eb06712a2006abeae34308c363b0ab0faa0a:failed
A user can certainly use the fedd_multistatus.py command to poll and monitor experiment creation, but output is fairly terse and polling is inefficient. The fedd_spewlog.py command will output a debugging log from the experiment controller. If the experiment is being created or terminated, the command puts out the log so far and continues updating it until the operation succeeds or fails. A user can follow the progress of the creation in real time using this command.
Here is sample output from the sample creation above:
users:~$ fedd_spewlog.py --experiment_name fed1 07 May 14 11:15:34 fedd.experiment_control.fed1 Calling StartSegment at https://users.isi.deterlab.net:23231 07 May 14 11:15:34 fedd.experiment_control.fed1 Calling StartSegment at https://users.isi.deterlab.net:23231 07 May 14 11:15:34 fedd.experiment_control.fed1 Calling StartSegment at https://users.isi.deterlab.net:23233 Allocated vlan: 380807 May 14 11:16:34 fedd.experiment_control.fed1 Waiting for sub threads (it has been 1 mins) 07 May 14 11:17:34 fedd.experiment_control.fed1 Waiting for sub threads (it has been 2 mins) 07 May 14 11:15:37 fedd.access.fed1-exp1 State is swapped 07 May 14 11:15:37 fedd.access.fed1-exp1 [swap_exp]: Terminating fed1-exp1 07 May 14 11:15:41 fedd.access.fed1-exp1 [swap_exp]: Terminate succeeded 07 May 14 11:15:41 fedd.access.fed1-exp1 [make_null_experiment]: Creating experiment 07 May 14 11:16:02 fedd.access.fed1-exp1 [make_null_experiment]: Create succeeded 07 May 14 11:16:02 fedd.access.fed1-exp1 [start_segment]: creating script file 07 May 14 11:16:02 fedd.access.fed1-exp1 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/tmp739CnG faber@users.isi.deterlab.net:tmp739CnG 07 May 14 11:16:02 fedd.access.fed1-exp1 [ssh_cmd]: /usr/bin/ssh -n -o 'IdentitiesOnly yes' -o 'StrictHostKeyChecking no' -o 'ForwardX11 no' -i /usr/local/etc/fedd/deter/fedd_rsa faber@users.isi.deterlab.net sh -x tmp739CnG 07 May 14 11:16:03 fedd.access.fed1-exp1 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-P0TiQP/fedgw_rsa.pub faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp1/tmp/fedgw_rsa.pub 07 May 14 11:16:03 fedd.access.fed1-exp1 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-P0TiQP/fedgw_rsa faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp1/tmp/fedgw_rsa 07 May 14 11:16:03 fedd.access.fed1-exp1 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-P0TiQP/hosts faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp1/tmp/hosts 07 May 14 11:16:04 fedd.access.fed1-exp1 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-P0TiQP/ca.pem faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp1/tmp/ca.pem 07 May 14 11:16:04 fedd.access.fed1-exp1 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-P0TiQP/node.pem faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp1/tmp/node.pem 07 May 14 11:16:04 fedd.access.fed1-exp1 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-P0TiQP/client.conf faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp1/tmp/client.conf 07 May 14 11:16:05 fedd.access.fed1-exp1 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-P0TiQP/experiment.tcl faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp1/tmp/experiment.tcl 07 May 14 11:16:05 fedd.access.fed1-exp1 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-P0TiQP/software/fedkit.tgz faber@users.isi.deterlab.net:/proj/TIED/software//fed1-exp1/fedkit.tgz 07 May 14 11:16:06 fedd.access.fed1-exp1 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-P0TiQP/software/seer-fbsd71-current.tgz faber@users.isi.deterlab.net:/proj/TIED/software//fed1-exp1/seer-fbsd71-current.tgz 07 May 14 11:16:06 fedd.access.fed1-exp1 [modify_exp]: Modifying fed1-exp1 07 May 14 11:16:23 fedd.access.fed1-exp1 [modify_exp]: Modify succeeded 07 May 14 11:16:23 fedd.access.fed1-exp1 [swap_exp]: Swapping fed1-exp1 in 07 May 14 11:17:49 fedd.access.fed1-exp1 [swap_exp]: Swap succeeded 07 May 14 11:17:49 fedd.access.fed1-exp1 [get_mapping] Generating mapping 07 May 14 11:17:49 fedd.access.fed1-exp1 Node mapping complete 07 May 14 11:17:49 fedd.access.fed1-exp1 Link mapping complete07 May 14 11:15:37 fedd.access.fed1-exp2 State is swapped 07 May 14 11:15:37 fedd.access.fed1-exp2 [swap_exp]: Terminating fed1-exp2 07 May 14 11:15:41 fedd.access.fed1-exp2 [swap_exp]: Terminate succeeded 07 May 14 11:15:41 fedd.access.fed1-exp2 [make_null_experiment]: Creating experiment 07 May 14 11:16:02 fedd.access.fed1-exp2 [make_null_experiment]: Create succeeded 07 May 14 11:16:02 fedd.access.fed1-exp2 [start_segment]: creating script file 07 May 14 11:16:02 fedd.access.fed1-exp2 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/tmp6dcyg4 faber@users.isi.deterlab.net:tmp6dcyg4 07 May 14 11:16:02 fedd.access.fed1-exp2 [ssh_cmd]: /usr/bin/ssh -n -o 'IdentitiesOnly yes' -o 'StrictHostKeyChecking no' -o 'ForwardX11 no' -i /usr/local/etc/fedd/deter/fedd_rsa faber@users.isi.deterlab.net sh -x tmp6dcyg4 07 May 14 11:16:03 fedd.access.fed1-exp2 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-iH3Eaj/fedgw_rsa.pub faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp2/tmp/fedgw_rsa.pub 07 May 14 11:16:03 fedd.access.fed1-exp2 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-iH3Eaj/fedgw_rsa faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp2/tmp/fedgw_rsa 07 May 14 11:16:03 fedd.access.fed1-exp2 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-iH3Eaj/hosts faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp2/tmp/hosts 07 May 14 11:16:04 fedd.access.fed1-exp2 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-iH3Eaj/ca.pem faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp2/tmp/ca.pem 07 May 14 11:16:04 fedd.access.fed1-exp2 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-iH3Eaj/node.pem faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp2/tmp/node.pem 07 May 14 11:16:04 fedd.access.fed1-exp2 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-iH3Eaj/client.conf faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp2/tmp/client.conf 07 May 14 11:16:05 fedd.access.fed1-exp2 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-iH3Eaj/experiment.tcl faber@users.isi.deterlab.net:/proj/TIED/exp/fed1-exp2/tmp/experiment.tcl 07 May 14 11:16:05 fedd.access.fed1-exp2 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-iH3Eaj/software/fedkit.tgz faber@users.isi.deterlab.net:/proj/TIED/software//fed1-exp2/fedkit.tgz 07 May 14 11:16:06 fedd.access.fed1-exp2 [scp_file]: /usr/bin/scp -o IdentitiesOnly yes -o StrictHostKeyChecking no -o ForwardX11 no -i /usr/local/etc/fedd/deter/fedd_rsa /tmp/access-iH3Eaj/software/seer-fbsd71-current.tgz faber@users.isi.deterlab.net:/proj/TIED/software//fed1-exp2/seer-fbsd71-current.tgz 07 May 14 11:16:06 fedd.access.fed1-exp2 [modify_exp]: Modifying fed1-exp2 07 May 14 11:16:23 fedd.access.fed1-exp2 [modify_exp]: Modify succeeded 07 May 14 11:16:23 fedd.access.fed1-exp2 [swap_exp]: Swapping fed1-exp2 in 07 May 14 11:18:09 fedd.access.fed1-exp2 [swap_exp]: Swap succeeded 07 May 14 11:18:09 fedd.access.fed1-exp2 [get_mapping] Generating mapping 07 May 14 11:18:10 fedd.access.fed1-exp2 Node mapping complete 07 May 14 11:18:10 fedd.access.fed1-exp2 Link mapping complete07 May 14 11:18:11 fedd.experiment_control.fed1 [start_segment]: Experiment fed1 active active
Much of that is useful only for debugging but the last line indicates the final status of the experiment creation. The two choices are active
and failed
.
Examining the Federated Experiment
To gather detailed information about how the system has created the experiment, use the fedd_ftopo.py command (ftopo is short for "federated topology"). Here's a sample invocation; again the --experiment_name
parameter is the shorthand name returned by fedd_create.py
or picked from fedd_multistatus.py
.
users:~$ fedd_ftopo.py --experiment_name fed1 d:bpc144.isi.deterlab.net,d.fed1-exp1.TIED.isi.deterlab.net:active::deter/exp1 e:bpc130.isi.deterlab.net,e.fed1-exp2.TIED.isi.deterlab.net:active::deter/exp2 a:bpc151.isi.deterlab.net,a.fed1-exp1.TIED.isi.deterlab.net:active::deter/exp1 f:bpc142.isi.deterlab.net,f.fed1-exp2.TIED.isi.deterlab.net:active::deter/exp2 b:bpc154.isi.deterlab.net,b.fed1-exp1.TIED.isi.deterlab.net:active::deter/exp1 c:bpc150.isi.deterlab.net,c.fed1-exp2.TIED.isi.deterlab.net:active::deter/exp2
The output is colon-separated. The first fields are:
- The node name from the experiment layout file
- The local names that the individual testbed has given to the node. These are testbed dependent. If there is more than one name assigned by the testbed, they will be comma-separated.
- The status of the individual node
- Operations allowed on the node
- The testbed name on which the node is instantiated
The first line describes node d
. It can be accessed at bpc144.isi.deterlab.net
and d.fed1-exp1.TIED.isi.deterlab.net
. The node is active, defines no operations, is instantiated on deter/exp1
.
Simple views of the topology can be produced by the fedd_image.py command. This invocation:
users:~$ fedd_image.py --experiment_name fed1 --out fed1.png
Produces this image in fed1.png
.
Computers are green squares, links are lines, and shared networks are blue circles (not shown). Each node is labeled with its name, each link or network with its name, and interfaces with their IP address. The labels can be removed with the --no_labels
parameter:
The nodes can be grouped by any attribute, the most useful of which is the testbed on which they are instantiated:
fedd_image.py --experiment_name fed1 --group testbed --out fed1-group.png
produces
This is very similar to the image at the top of the page. That image was also produced using fedd_image.py
but using the layout description directly:
users:~$ fedd_image.py --file federation1.tcl --group testbed --out fed1-groups.png
because the specification does not include the IP addresses, they are not in the image.
Looking Around Inside The Federated Experiment
Armed with the information from fedd_ftopo.py
a user can log in to an experiment node and see the unified experiment. The user can log into a node d
by:
users:~$ ssh d.fed1-exp1.TIED
From there the user can ping the various nodes in both parts of the federated experiment and run any tools, etc. as though it were a single DETER experiment.
The experiment is composed of two DETER experiments. The federation system does hide this, but it is not hard to deduce the experiment names from the fedd-ftopo.py
output. In this case the two experiments are:
and
Because each testbed only knows about the resources it has committed to the federated experiment, these representations are incomplete. Even the two virtual testbeds on DETERLab do not include information about the other testbed.
It can be instructive to see how the federation system interconnects these experiments.
Logging into node d
in the deter/exp2
sub-experiment, inspecting the routing table shows:
d:~$ ip route default via 192.168.1.254 dev eth1 10.0.0.0/24 dev eth2 proto kernel scope link src 10.0.0.1 10.0.1.0/24 via 10.0.0.2 dev eth2 proto zebra metric 30 10.0.2.0/24 via 10.0.0.2 dev eth2 proto zebra metric 30 10.0.3.0/24 via 10.0.0.2 dev eth2 proto zebra metric 20 10.0.4.0/24 via 10.0.0.2 dev eth2 proto zebra metric 20 192.168.0.0/22 dev eth1 proto kernel scope link src 192.168.3.144 192.168.252.0/22 via 192.168.1.254 dev eth1 proto zebra
There are routes in the table to hosts that are not in the DETERLab experiment. Specifically none of 10.0.0.0/24, 10.0.3.0/24 or 10.0.4.0/24 are present in the TIED/fed1-exp2
experiment that contains d
. (The 192.168. addresses are all for accessing DETERLab infrastrcuture.)
The federation system has done 4 things to make it possible and simple for the sub-experiments to communicate.
- The experiment controller? assigned consistent network (IP) addresses to the experiment nodes.
- The controller configured and started ospf routers on each machine to propagate routes between the two experiments.
- The controller interconnected the two experiments through a local VLAN (by coordinating with a third virtual testbed)
- Entries for the nodes in the other experiment were added to
/etc/hosts
so symbolic names can be used to reach nodes allocated in either experiment.
Similar work can be done to present unified login information and shared filesystems. That is not done in this case because the experiments are both in the same DETER project and testbed.
Releasing Resources
When the federated experiment is no longer needed, the fedd_terminate.py command is used to release resources. Individual testbeds release resources and the experiment controller purges all its data. To release the experiment above:
users:~$ fedd_terminate.py --experiment_name fed1
The command does not return until the individual testbeds have released their resources.
The --force
parameter can be used to terminate experiments that are not in the active
state, or that have other problems.
Attachments (11)
-
federation1.png (7.3 KB) - added by 11 years ago.
Experiment Layout
-
federation1.tcl (802 bytes) - added by 11 years ago.
Experiment Layout Description in ns2
-
federation1.xml (4.4 KB) - added by 11 years ago.
Experiment Layout in topdl
-
fed1.png (11.4 KB) - added by 11 years ago.
layout image
-
fed1-nolabels.png (9.9 KB) - added by 11 years ago.
unalbeled layout
-
fed1-group.png (9.5 KB) - added by 11 years ago.
grouped layout
-
exp1.png (65.9 KB) - added by 11 years ago.
Experiment 1
-
exp2.png (49.3 KB) - added by 11 years ago.
Experiment 2
-
desk.tcl (675 bytes) - added by 10 years ago.
Desktop federation layout
-
desk.png (7.9 KB) - added by 10 years ago.
Desktop federation example visualization
-
NATS.png (29.3 KB) - added by 10 years ago.
NAT diagram
Download all attachments as: .zip