1. Sponsored by the National Science Foundation GENI Terminology: How All the Pieces Fit Together Sarah Edwards GENI Project Office

2. Sponsored by the National Science Foundation 2 Train-the-TA – January 30, 2015 GENI Terminology slice project aggregate experimenter resource

3. Sponsored by the National Science Foundation 3 Train-the-TA – January 30, 2015 Experimenter An experimenter is a researcher who uses GENI resources Different types of experimenters have different roles and permissions: Advisor vs Grad Student Teacher vs TA vs Student Experimenter

4. Sponsored by the National Science Foundation 4 Train-the-TA – January 30, 2015 Slice credentials Clearinghouse and Aggregates Clearinghouse: Manages users, projects and slices –Standard credentials shared via custom API or new Common CH API –GENI supported accounts: GENI Portal/CH, PlanetLab CH, ProtoGENI CH Aggregate: Provides resources to GENI experimenters –Typically owned and managed by an organization –Speaks the GENI AM API –Examples: PlanetLab, Emulab, GENI Racks on various campuses Create & Register Slice Researcher Aggregate Manager API - listResources - createSliver … Aggregate Manager Aggregate Resources users slice s clearinghouse projects Tool

5. Sponsored by the National Science Foundation 5 Train-the-TA – January 30, 2015 Creating a GENI account GENI Portal is at: https://portal.geni.net Instructions for creating an account are: http://groups.geni.net/geni/wiki/SignMeUp

6. Sponsored by the National Science Foundation 6 Train-the-TA – January 30, 2015 GENI User Authentication For many experimenters: no new passwords familiar login screens The GENI Portal leverages InCommon for single sign-on authentication Experimenters from 304 educational and research institutions have InCommon accounts GENI Project Office runs a federated IdP to provide accounts for non-federated organizations.

7. Sponsored by the National Science Foundation 7 Train-the-TA – January 30, 2015 Projects Projects organize research in GENI Project Lead Members Slice Projects contain both people and their experiments A project is led by a single responsible individual: the project lead Today we will use a project created for this class

8. Sponsored by the National Science Foundation 8 Train-the-TA – January 30, 2015 Slice A slice is a container of resources used in an experiment. A slice can contain resources from one or more aggregates A slice is in a single project A slice has an expiration Slice names are public, reusable and unique (within a project)

9. Sponsored by the National Science Foundation 9 Train-the-TA – January 30, 2015 Resource A resource is a piece of infrastructure A resource can be real or virtual. Resource specifications (aka. RSpecs) are used to describe and request resources. Examples: Compute: computer vs virtual machine (VM) Wireline Network: VLAN or OpenFlow Wireless: WiMAX

10. Sponsored by the National Science Foundation 10 Train-the-TA – January 30, 2015 Aggregate An aggregate manages a set of reservable resources Aggregates include: GENI racks OpenFlow WiMAX InstaGENI RackExoGENI Rack

11. Sponsored by the National Science Foundation 11 Train-the-TA – January 30, 2015 Expiration and renewal slice expiration time ≤ project expiration time each resource expiration time ≤ slice expiration time each resource expiration time ≤ aggregate’s max expiration project slice resource (optional) project expiration time slice expiration time resource expiration time now In general, to extend the lifetime of your resource reservation, you must renew the slice and all resources resource

12. Sponsored by the National Science Foundation 12 Train-the-TA – January 30, 2015 Experimenter (aka Student) Putting it all together slice aggregate project Member: Lead: Experimenter (aka Professor) Layer 2 resource

13. Sponsored by the National Science Foundation 13 Train-the-TA – January 30, 2015 Using SSH with a public/private keypair Login to all GENI compute resources using ssh with a private key 1.The public key is loaded onto the node when you reserve resources. 2.You provide the private key when you log into the node. There are several ways to offer your private key to ssh. You should never be prompted for a password to log into a GENI compute node. If you are, something has always gone wrong. No password!

14. Sponsored by the National Science Foundation 14 Train-the-TA – January 30, 2015 SSH with a password ssh Experimenter local> ssh jdoe@remote.edu jdoe@remote.edu’s password: ######## Welcome to remote! jdoe@remote> exit local> ssh jdoe@remote2.edu jdoe@remote2.edu’s password: ######## Hash of password stored on each remote machine User enters password once for each connection to each machine *nix-based system (Windows behavior may vary)

15. Sponsored by the National Science Foundation 15 Train-the-TA – January 30, 2015 SSH with a private key Experimenter local> ssh-add ~/.ssh/id_rsa Enter passphrase for ~/.ssh/id_rsa: ######## local> ssh jdoe@remote.edu Welcome to remote! jdoe@remote> exit local> ssh jdoe@remote2.edu Welcome to remote2! jdoe@remote2> exit local> ssh jdoe@remote3.edu Welcome to remote3! jdoe@remote3> exit ssh Public key is stored on each remote machine User enters passphrase to unlock private key for all connections to all machine Private key is stored only on local machine *nix-based system (Windows behavior may vary)

16. Sponsored by the National Science Foundation 16 Train-the-TA – January 30, 2015 Are you ready for the tutorial? 1.Grab a Worksheet and instructions 2.Did you do the pre-work? A. Do you have an account? B. Have you installed the tools? * SSH * omni GENI Portal is at: http://portal.geni.net 3.Connect to the network Connect to MSU-Visitor Mac Users: a.Browse to: https://1.1.1.1/login.html b.Enter your e-mail address

17. Sponsored by the National Science Foundation Lab Zero: A First Experiment using GENI Sarah Edwards GENI Project Office

18. Sponsored by the National Science Foundation 18 Train-the-TA – January 30, 2015 Hands On Exercise Do a Simple Experiment in GENI Reserve two VMs connected at Layer 2 Layer 2 VM

19. Sponsored by the National Science Foundation 19 Train-the-TA – January 30, 2015 Use the GENI Portal and Jacks

20. Sponsored by the National Science Foundation 20 Train-the-TA – January 30, 2015 Experiment Workflow Part I: Design/Setup Part II: Execute Part III: Finish

21. Sponsored by the National Science Foundation 21 Train-the-TA – January 30, 2015 The GENI Portal is… A web-based tool for experimenters to manage experimenters, projects, and slices. Includes simple tools to reserve resources. More to come in the future.

22. Sponsored by the National Science Foundation 22 Train-the-TA – January 30, 2015 Jacks and jFed are … Graphical user interfaces (GUIs) for: –designing topologies in GENI –reserving resources in GENI

23. Sponsored by the National Science Foundation 23 Train-the-TA – January 30, 2015 Experiment Workflow Part I: Design/Setup Part II: Execute Part III: Finish

24. Sponsored by the National Science Foundation 24 Train-the-TA – January 30, 2015 Part I: Establish Management Environment 1 Pre-work: Design your experiment 2.1 Pre-work: Create a GENI account 2.2 Pre-work: Project lead (aka professor) adds you to project Project Name: TrainTheTA 2.3 Generate and Download SSH Keypair

25. You are here Projects Slices Log Messages HelpProfile Tools Map

26. 2 Login Join Project Generate SSH Keys & SSL Certs

27. On your local machine… > mv ~/Downloads/id_geni_ssh_rsa ~/.ssh/. > chmod 600 ~/.ssh/id_geni_ssh_rsa > ssh-add ~/.ssh/id_geni_ssh_rsa 2

28. Sponsored by the National Science Foundation 28 Train-the-TA – January 30, 2015 slice Part I continued: Obtain Resources 3.1 Create a slice 3.2 (optional) Renew your slice 3.3 Reserve two VMs at one aggregate 3.4 Check Whether VMs are Ready to be Used Layer 2 VM

29. 3.1 Create Slice

30. 3.2 Extend slice expiration

31. 3.3 Launch tool

32. Launch Tool 3.3

33. Draw two VMs connected by a link 3.3

34. Change names of VMs 3.3

35. Set IP and mask of interfaces

36. 3.3 Reserve resources Bind to an Aggregate Select a Slice

37. Resources are READY!!! 3.4

38. Sponsored by the National Science Foundation 38 Train-the-TA – January 30, 2015 Experiment Workflow Part I: Design/Setup Part II: Execute Part III: Finish

39. Sponsored by the National Science Foundation 39 Train-the-TA – January 30, 2015 Part II: Execute Experiment 4.1 Login to all three nodes 5.1 Test Connectivity 5.2 Explore the Data and Control Planes 6.1 Logout of nodes Internet Data Interfaces Control Interfaces ssh Layer 2 Experimenter serverclient

40. Login 4.1

41. $ sudo ifconfig $ ping 192.168.1.11 –c 5 # server data i/f $ ping 172.17.1.9 –c 5 # server ctrl i/f $ sudo ifconfig NodeB/ NodeC NodeA 5.1

42. Worksheet Slice Name: lab0 5.1 NodeA eth___ 192.168.1.10 ___.___.___.___ NodeB eth___ 192.168.1.11 ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

43. $ sudo apt-get install iperf $ hash # server data i/f $ iperf –c 192.168.1.11 … # server ctrl i/f $ iperf –c 172.17.2.4 … $ sudo apt-get install iperf $ hash # start an iperf server $ iperf -s NodeB NodeA 5.1

44. What is the bandwidth of the data link? Why? What is the bandwidth of the control link? Why? NodeA eth___ 10.1.1.1 ___.___.___.___ NodeB eth___ 10.1.1.2 ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

45. Demo here

46. 5.2 Configure routing eth___

47. 5.2 Configure a static route route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 dev eth0 In above command: add -Indicates that the route is added to routing table. -net -Indicates that desination is a network. 192.168.0.1 -Indicates IP address of destination network. netmask -Indicates the subnetmask of destination network. From: https://www.hscripts.com/tutorials/linux-commands/route.html sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward' Configure IP routing

48. # ping server data i/f $ ping 192.168.1.11 … # ping server ctrl i/f $ ping 172.17.2.4 … $ exit # For ExoGENI only do: $ sudo service neuca stop # bring down data i/f $ sudo ifconfig eth12541 down # bring down ctrl i/f $ sudo ifconfig eth999 down NodeB NodeA 5.3

49. Demo here

50. 5.3 When you bring down the data interface, the destination should become unreachable. Why? NodeA eth___ 10.1.1.1 ___.___.___.___ NodeB eth___ 10.1.1.2 ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

51. 5.3 After you bring down the control interface, the destination becomes unreachable. Why? NodeA eth___ 10.1.1.1 ___.___.___.___ NodeB eth___ 10.1.1.2 ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

52. 5.3 After you bring down the control interface, your ssh session should immediately hang. Why? NodeA eth___ 10.1.1.1 ___.___.___.___ NodeB eth___ 10.1.1.2 ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

53. Sponsored by the National Science Foundation 53 Train-the-TA – January 30, 2015 You are trying to log in to a compute node on GENI using SSH and can’t. Which are possible explanations? a)You entered the wrong password b)You didn’t offer the private key that matches the public key c)The public key wasn’t loaded onto the node d)Permissions on the private key are too permissive e)(b), (c), and (d)

54. Sponsored by the National Science Foundation 54 Train-the-TA – January 30, 2015 Experiment Workflow Part I: Design/Setup Part II: Execute Part III: Finish

55. Sponsored by the National Science Foundation 55 Train-the-TA – January 30, 2015 Finish Don’t Delete YET!!! We will clean up later

56. Delete Resources 7

57. Sponsored by the National Science Foundation 57 Train-the-TA – January 30, 2015 Part III: Finish Experiment When your experiment is done, you should always release your resources. –Normally this is when you would archive your data –Delete your resources at each aggregate slice project aggregate experimenter resource

58. Sponsored by the National Science Foundation 58 Train-the-TA – January 30, 2015 Congratulations! You have… –Run your first GENI Experiment! –Exercised your knowledge of GENI terminology –Used the GENI Portal and Flack

59. Sponsored by the National Science Foundation 59 Train-the-TA – January 30, 2015 Welcome to GENI!

60. Sponsored by the National Science Foundation 60 Train-the-TA – January 30, 2015 Backups

61. Sponsored by the National Science Foundation 61 Train-the-TA – January 30, 2015 NodeA eth___ 192.168.1.10 ___.___.___.___ NodeB eth___ 192.168.1.11 ___.___.___.___ Data i/f Control i/f Data i/f Control i/f Internet Control plane switch Data plane switch GENI Rack

62. Sponsored by the National Science Foundation 62 Train-the-TA – January 30, 2015 eth___

63. Sponsored by the National Science Foundation 63 Train-the-TA – January 30, 2015 NodeA eth___ 192.168.1.10 ___.___.___.___ eth___ 192.168.1.11 ___.___.___.___ NodeB Control i/f Internet Control plane switch GENI Rack NodeC eth___ 192.168.3.12 Data plane switch 192.168.2.12 192.168.2.11 eth___ 192.168.3.10

64. Sponsored by the National Science Foundation 64 Train-the-TA – January 30, 2015 NodeA eth___ 192.168.1.10 ___.___.___.___ eth___ 192.168.1.11 ___.___.___.___ NodeB Control i/f Internet Control plane switch GENI Rack NodeC eth___ 192.168.3.12 Data plane switch 192.168.2.12 192.168.2.11 eth___ 192.168.3.10

65. Sponsored by the National Science Foundation 65 Train-the-TA – January 30, 2015 NodeA eth___ 192.168.1.10 ___.___.___.___ eth___ 192.168.1.11 ___.___.___.___ NodeB Control i/f Internet Control plane switch GENI Rack NodeC eth___ 192.168.3.12 Data plane switch 192.168.2.12 192.168.2.11 eth___ 192.168.3.10

66. Sponsored by the National Science Foundation 66 Train-the-TA – January 30, 2015 Data plane switch NodeA eth___ 192.168.1.10 ___.___.___.___ eth___ 192.168.1.11 ___.___.___.___ NodeB Control i/f Internet Control plane switch GENI Rack NodeC eth___ 192.168.3.12 192.168.2.12 192.168.2.11 eth___ 192.168.3.10