Sponsored by the National Science Foundation GENI Terminology: How All the Pieces Fit Together Sarah Edwards GENI Project Office

Sponsored by the National Science Foundation 2 Train-the-TA – January 30, 2015 GENI Terminology slice project aggregate experimenter resource

Sponsored by the National Science Foundation 3 Train-the-TA – January 30, 2015 Experimenter An experimenter is a researcher who uses GENI resources Different types of experimenters have different roles and permissions: Advisor vs Grad Student Teacher vs TA vs Student Experimenter

Sponsored by the National Science Foundation 4 Train-the-TA – January 30, 2015 Slice credentials Clearinghouse and Aggregates Clearinghouse: Manages users, projects and slices –Standard credentials shared via custom API or new Common CH API –GENI supported accounts: GENI Portal/CH, PlanetLab CH, ProtoGENI CH Aggregate: Provides resources to GENI experimenters –Typically owned and managed by an organization –Speaks the GENI AM API –Examples: PlanetLab, Emulab, GENI Racks on various campuses Create & Register Slice Researcher Aggregate Manager API - listResources - createSliver … Aggregate Manager Aggregate Resources users slice s clearinghouse projects Tool

Sponsored by the National Science Foundation 5 Train-the-TA – January 30, 2015 Creating a GENI account GENI Portal is at: Instructions for creating an account are:

Sponsored by the National Science Foundation 6 Train-the-TA – January 30, 2015 GENI User Authentication For many experimenters: no new passwords familiar login screens The GENI Portal leverages InCommon for single sign-on authentication Experimenters from 304 educational and research institutions have InCommon accounts GENI Project Office runs a federated IdP to provide accounts for non-federated organizations.

Sponsored by the National Science Foundation 7 Train-the-TA – January 30, 2015 Projects Projects organize research in GENI Project Lead Members Slice Projects contain both people and their experiments A project is led by a single responsible individual: the project lead Today we will use a project created for this class

Sponsored by the National Science Foundation 8 Train-the-TA – January 30, 2015 Slice A slice is a container of resources used in an experiment. A slice can contain resources from one or more aggregates A slice is in a single project A slice has an expiration Slice names are public, reusable and unique (within a project)

Sponsored by the National Science Foundation 9 Train-the-TA – January 30, 2015 Resource A resource is a piece of infrastructure A resource can be real or virtual. Resource specifications (aka. RSpecs) are used to describe and request resources. Examples: Compute: computer vs virtual machine (VM) Wireline Network: VLAN or OpenFlow Wireless: WiMAX

Sponsored by the National Science Foundation 10 Train-the-TA – January 30, 2015 Aggregate An aggregate manages a set of reservable resources Aggregates include: GENI racks OpenFlow WiMAX InstaGENI RackExoGENI Rack

Sponsored by the National Science Foundation 11 Train-the-TA – January 30, 2015 Expiration and renewal slice expiration time ≤ project expiration time each resource expiration time ≤ slice expiration time each resource expiration time ≤ aggregate’s max expiration project slice resource (optional) project expiration time slice expiration time resource expiration time now In general, to extend the lifetime of your resource reservation, you must renew the slice and all resources resource

Sponsored by the National Science Foundation 12 Train-the-TA – January 30, 2015 Experimenter (aka Student) Putting it all together slice aggregate project Member: Lead: Experimenter (aka Professor) Layer 2 resource

Sponsored by the National Science Foundation 13 Train-the-TA – January 30, 2015 Using SSH with a public/private keypair Login to all GENI compute resources using ssh with a private key 1.The public key is loaded onto the node when you reserve resources. 2.You provide the private key when you log into the node. There are several ways to offer your private key to ssh. You should never be prompted for a password to log into a GENI compute node. If you are, something has always gone wrong. No password!

Sponsored by the National Science Foundation 14 Train-the-TA – January 30, 2015 SSH with a password ssh Experimenter local> ssh password: ######## Welcome to remote! exit local> ssh password: ######## Hash of password stored on each remote machine User enters password once for each connection to each machine *nix-based system (Windows behavior may vary)

Sponsored by the National Science Foundation 15 Train-the-TA – January 30, 2015 SSH with a private key Experimenter local> ssh-add ~/.ssh/id_rsa Enter passphrase for ~/.ssh/id_rsa: ######## local> ssh Welcome to remote! exit local> ssh Welcome to remote2! exit local> ssh Welcome to remote3! exit ssh Public key is stored on each remote machine User enters passphrase to unlock private key for all connections to all machine Private key is stored only on local machine *nix-based system (Windows behavior may vary)

Sponsored by the National Science Foundation 16 Train-the-TA – January 30, 2015 Are you ready for the tutorial? 1.Grab a Worksheet and instructions 2.Did you do the pre-work? A. Do you have an account? B. Have you installed the tools? * SSH * omni GENI Portal is at: 3.Connect to the network Connect to MSU-Visitor Mac Users: a.Browse to: b.Enter your address

Sponsored by the National Science Foundation Lab Zero: A First Experiment using GENI Sarah Edwards GENI Project Office

Sponsored by the National Science Foundation 18 Train-the-TA – January 30, 2015 Hands On Exercise Do a Simple Experiment in GENI Reserve two VMs connected at Layer 2 Layer 2 VM

Sponsored by the National Science Foundation 19 Train-the-TA – January 30, 2015 Use the GENI Portal and Jacks

Sponsored by the National Science Foundation 20 Train-the-TA – January 30, 2015 Experiment Workflow Part I: Design/Setup Part II: Execute Part III: Finish

Sponsored by the National Science Foundation 21 Train-the-TA – January 30, 2015 The GENI Portal is… A web-based tool for experimenters to manage experimenters, projects, and slices. Includes simple tools to reserve resources. More to come in the future.

Sponsored by the National Science Foundation 22 Train-the-TA – January 30, 2015 Jacks and jFed are … Graphical user interfaces (GUIs) for: –designing topologies in GENI –reserving resources in GENI

Sponsored by the National Science Foundation 23 Train-the-TA – January 30, 2015 Experiment Workflow Part I: Design/Setup Part II: Execute Part III: Finish

Sponsored by the National Science Foundation 24 Train-the-TA – January 30, 2015 Part I: Establish Management Environment 1 Pre-work: Design your experiment 2.1 Pre-work: Create a GENI account 2.2 Pre-work: Project lead (aka professor) adds you to project Project Name: TrainTheTA 2.3 Generate and Download SSH Keypair

You are here Projects Slices Log Messages HelpProfile Tools Map

2 Login Join Project Generate SSH Keys & SSL Certs

On your local machine… > mv ~/Downloads/id_geni_ssh_rsa ~/.ssh/. > chmod 600 ~/.ssh/id_geni_ssh_rsa > ssh-add ~/.ssh/id_geni_ssh_rsa 2

Sponsored by the National Science Foundation 28 Train-the-TA – January 30, 2015 slice Part I continued: Obtain Resources 3.1 Create a slice 3.2 (optional) Renew your slice 3.3 Reserve two VMs at one aggregate 3.4 Check Whether VMs are Ready to be Used Layer 2 VM

3.1 Create Slice

3.2 Extend slice expiration

3.3 Launch tool

Launch Tool 3.3

Draw two VMs connected by a link 3.3

Change names of VMs 3.3

Set IP and mask of interfaces

3.3 Reserve resources Bind to an Aggregate Select a Slice

Resources are READY!!! 3.4

Sponsored by the National Science Foundation 38 Train-the-TA – January 30, 2015 Experiment Workflow Part I: Design/Setup Part II: Execute Part III: Finish

Sponsored by the National Science Foundation 39 Train-the-TA – January 30, 2015 Part II: Execute Experiment 4.1 Login to all three nodes 5.1 Test Connectivity 5.2 Explore the Data and Control Planes 6.1 Logout of nodes Internet Data Interfaces Control Interfaces ssh Layer 2 Experimenter serverclient

Login 4.1

$ sudo ifconfig $ ping –c 5 # server data i/f $ ping –c 5 # server ctrl i/f $ sudo ifconfig NodeB/ NodeC NodeA 5.1

Worksheet Slice Name: lab0 5.1 NodeA eth___ ___.___.___.___ NodeB eth___ ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

$ sudo apt-get install iperf $ hash # server data i/f $ iperf –c … # server ctrl i/f $ iperf –c … $ sudo apt-get install iperf $ hash # start an iperf server $ iperf -s NodeB NodeA 5.1

What is the bandwidth of the data link? Why? What is the bandwidth of the control link? Why? NodeA eth___ ___.___.___.___ NodeB eth___ ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

Demo here

5.2 Configure routing eth___

5.2 Configure a static route route add -net netmask gw dev eth0 In above command: add -Indicates that the route is added to routing table. -net -Indicates that desination is a network Indicates IP address of destination network. netmask -Indicates the subnetmask of destination network. From: sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward' Configure IP routing

# ping server data i/f $ ping … # ping server ctrl i/f $ ping … $ exit # For ExoGENI only do: $ sudo service neuca stop # bring down data i/f $ sudo ifconfig eth12541 down # bring down ctrl i/f $ sudo ifconfig eth999 down NodeB NodeA 5.3

Demo here

5.3 When you bring down the data interface, the destination should become unreachable. Why? NodeA eth___ ___.___.___.___ NodeB eth___ ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

5.3 After you bring down the control interface, the destination becomes unreachable. Why? NodeA eth___ ___.___.___.___ NodeB eth___ ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

5.3 After you bring down the control interface, your ssh session should immediately hang. Why? NodeA eth___ ___.___.___.___ NodeB eth___ ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

Sponsored by the National Science Foundation 53 Train-the-TA – January 30, 2015 You are trying to log in to a compute node on GENI using SSH and can’t. Which are possible explanations? a)You entered the wrong password b)You didn’t offer the private key that matches the public key c)The public key wasn’t loaded onto the node d)Permissions on the private key are too permissive e)(b), (c), and (d)

Sponsored by the National Science Foundation 54 Train-the-TA – January 30, 2015 Experiment Workflow Part I: Design/Setup Part II: Execute Part III: Finish

Sponsored by the National Science Foundation 55 Train-the-TA – January 30, 2015 Finish Don’t Delete YET!!! We will clean up later

Delete Resources 7

Sponsored by the National Science Foundation 57 Train-the-TA – January 30, 2015 Part III: Finish Experiment When your experiment is done, you should always release your resources. –Normally this is when you would archive your data –Delete your resources at each aggregate slice project aggregate experimenter resource

Sponsored by the National Science Foundation 58 Train-the-TA – January 30, 2015 Congratulations! You have… –Run your first GENI Experiment! –Exercised your knowledge of GENI terminology –Used the GENI Portal and Flack

Sponsored by the National Science Foundation 59 Train-the-TA – January 30, 2015 Welcome to GENI!

Sponsored by the National Science Foundation 60 Train-the-TA – January 30, 2015 Backups

Sponsored by the National Science Foundation 61 Train-the-TA – January 30, 2015 NodeA eth___ ___.___.___.___ NodeB eth___ ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

Sponsored by the National Science Foundation 62 Train-the-TA – January 30, 2015 eth___

Sponsored by the National Science Foundation 63 Train-the-TA – January 30, 2015 NodeA eth___ ___.___.___.___ eth___ ___.___.___.___ NodeB Control i/f Internet Control plane switch GENI Rack NodeC eth___ Data plane switch eth___

Sponsored by the National Science Foundation 64 Train-the-TA – January 30, 2015 NodeA eth___ ___.___.___.___ eth___ ___.___.___.___ NodeB Control i/f Internet Control plane switch GENI Rack NodeC eth___ Data plane switch eth___

Sponsored by the National Science Foundation 65 Train-the-TA – January 30, 2015 NodeA eth___ ___.___.___.___ eth___ ___.___.___.___ NodeB Control i/f Internet Control plane switch GENI Rack NodeC eth___ Data plane switch eth___

Sponsored by the National Science Foundation 66 Train-the-TA – January 30, 2015 Data plane switch NodeA eth___ ___.___.___.___ eth___ ___.___.___.___ NodeB Control i/f Internet Control plane switch GENI Rack NodeC eth___ eth___