OpenWRT, OpenFlow and bro-ids on Routerboard 450g
This small form factor board has a capacity to be used as enterprise CPE, no other hardware in this class has this much of RAM, CPU or flash storage (which are used for SOHO devices), where advance security features, routing features could be used.
OpenWrt is described as a Linux distribution for embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developer, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.
My intention to port openwrt to routerboard 450G was to play and learn openflow protocol and learn new things about it about it.
The development platform I used is ubuntu vm on virtualbox.
lets start the build process:
Building the image
apt-get install build-essential binutils flex bison autoconf gettext texinfo sharutils subversion libncurses5-dev ncurses-term zlib1g-dev gawk
mkdir ~/ofwrt
cd ~/ofwrt
makeV=99 # to speed up compilation on multicore systems,
Flashing the Router
You need a tftp and dhcp server. I used tftpd32 it has built-in dhcp and tftp server, copy 'openwrt-ar71xx-nand-vmlinux-initramfs.elf' file from trunk/bin/ to tftp root directory,
and set the tftpd32 like this,
attached rb450g to your computer's serial port, on the boot menu select boot options-> Ethernet then nand flash, boot protocol -> dhcp
press 'x' on the main menu.
the router board will successfully boot from the ethernet, as the router is booted, make neccessary network configuration, e.g. connect ethernet (switch port to your computer, assign your computer the ip address 192.168.1.2/24) after succesful connectivity.
This small form factor board has a capacity to be used as enterprise CPE, no other hardware in this class has this much of RAM, CPU or flash storage (which are used for SOHO devices), where advance security features, routing features could be used.
- AR7161 680MHz Atheros CPU, could turbo boost to 800 Mghz
- 256MB RAM
- 512MB built-in NAND flash and a microSD slot, you can also boot RB from microSD if you are using bootloader ver 3.02.
- 4 x 1 port Athros ( AR8316 Switch )
- 1 WAN port
- 10-24V DC
- for more details you can check http://routerboard.com/RB450g and http://wiki.openwrt.org/toh/mikrotik/rb450g
OpenWrt is described as a Linux distribution for embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developer, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.
My intention to port openwrt to routerboard 450G was to play and learn openflow protocol and learn new things about it about it.
The development platform I used is ubuntu vm on virtualbox.
lets start the build process:
Building the image
apt-get install build-essential binutils flex bison autoconf gettext texinfo sharutils subversion libncurses5-dev ncurses-term zlib1g-dev gawk
mkdir ~/ofwrt
cd ~/ofwrt
svn co svn://svn.openwrt.org/openwrt/trunk/
cd trunk/
sudo ./scripts/feeds update -a
sudo ./scripts/feeds install -a
cd ~/ofwrt/
git clone git://gitosis.stanford.edu/openflow-openwrt
cd ~/ofwrt/trunk/packages/
ln -s ~/ofwrt/openflow-openwrt/openflow-1.0/
cd ~/ofwrt/trunk/
ln -s ~/ofwrt/openflow-openwrt/openflow-1.0/files
cd ~/ofwrt/
Apply Patch to kernel for making a larger parition on the NAND to fit the bigger kernel in
vi target/linux/ar71xx/files/drivers/mtd/nand/rb4xx_nand.c
locate the lines:
From:
{ .name = "kernel", .offset = (256 * 1024), .size = (4 * 1024 * 1024) - (256 * 1024), }, To:{ .name = "kernel", .offset = (256 * 1024), .size = (8 * 1024 * 1024) - (256 * 1024), },
or you can also download the patch here and apply,
make menuconfig
- Select your platform for Target System (Atheros AR71xx)
- Select OpenFlow package under network
- Select tc package under network
- Select kmod-tun under Kernel Modules->Network Support
- in Target Images -> select [ ] ramdisk --->
- Save and Exit
- make kernel_menuconfig
- Under Networking Support->Networking options->QoS and/or fair queueing select Hierarchical Token Bucket (HTB)
- Save and Exit
makeV=99 # to speed up compilation on multicore systems,
ionice -c 3 nice -n 20 make -j 2 #for quad-core CPU put -j 3make sure internet is accessible from this machine this process will download neccessary source code if missing otherwise the process will not complete.
You need a tftp and dhcp server. I used tftpd32 it has built-in dhcp and tftp server, copy 'openwrt-ar71xx-nand-vmlinux-initramfs.elf' file from trunk/bin/ to tftp root directory,
and set the tftpd32 like this,
attached rb450g to your computer's serial port, on the boot menu select boot options-> Ethernet then nand flash, boot protocol -> dhcp
press 'x' on the main menu.
the router board will successfully boot from the ethernet, as the router is booted, make neccessary network configuration, e.g. connect ethernet (switch port to your computer, assign your computer the ip address 192.168.1.2/24) after succesful connectivity.
Here you need to run the build process again and create an image that could be installed on the router, for this
access the machine where you were building from the source, locate to trunk directory
- cd ~/ofwrt/trunk/
- make menuconfig
- under Target Images --->
- uncheck ramdisk --->
- make V=99
come back to your machine install babyftp or any other ftp or http server.
copy files 'openwrt-ar71xx-nand-vmlinux-lzma.elf' and 'openwrt-ar71xx-nand-rootfs.tar.gz' from trunk/bin/ar71xx/ to your ftp|http root.
come to openwrt shell on rb450g, type the following command,
wget2nand ftp://192.168.1.xxx/
wget2nand will automatically download the required files and burn them onto flash. If every thing goes successful it will prompt a success msg and ask you to reboot. simply reboot the device and it will give you access to openwrt shell runnning on rb450g.
next is to install openflow package you compiled to openwrt, download the package openflow_1.0.0-1_ar71xx.ipk and install via
opkg install openflow_1.0.0-1_ar71xx.ipk
copy files 'openwrt-ar71xx-nand-vmlinux-lzma.elf' and 'openwrt-ar71xx-nand-rootfs.tar.gz' from trunk/bin/ar71xx/ to your ftp|http root.
come to openwrt shell on rb450g, type the following command,
wget2nand ftp://192.168.1.xxx/
wget2nand will automatically download the required files and burn them onto flash. If every thing goes successful it will prompt a success msg and ask you to reboot. simply reboot the device and it will give you access to openwrt shell runnning on rb450g.
next is to install openflow package you compiled to openwrt, download the package openflow_1.0.0-1_ar71xx.ipk and install via
opkg install openflow_1.0.0-1_ar71xx.ipk
start the openflow service...
/etc/init.d/openflow start
root@OpenWrt:~# /etc/init.d/openflow start
eth1.1
Configuring OpenFlow switch for out-of-band control
No need for further configuration for out-of-band control
Jan 25 12:52:24|00001|vlog|INFO|opened log file /var/log/ofprotocol.log
Jan 25 12:52:24|00002|secchan|INFO|OpenFlow reference implementation version 1.0.0
Jan 25 12:52:24|00003|secchan|INFO|OpenFlow protocol version 0x01
Jan 25 12:52:24|00004|secchan|WARN|new management connection will receive asynchronous messages
Jan 25 12:52:24|00005|rconn|INFO|unix:/var/run/dp0.sock: connecting...
Jan 25 12:52:24|00006|rconn|INFO|tcp:192.168.1.2:6633: connecting...
Jan 25 12:52:24|00007|rconn|INFO|unix:/var/run/dp0.sock: connected
root@OpenWrt:~# ps | grep of
3 root 0 SW [ksoftirqd/0]
1355 root 1268 S ofdatapath punix:/var/run/dp0.sock -i eth1.1 --no-lo
1371 root 1068 S ofprotocol unix:/var/run/dp0.sock tcp:192.168.1.2:66
1373 root 1500 S grep of
if you have successfully installed the package, both daemons ofdatapath and pfprotcol must be running.
lets install bro-ids
setup up your routerboard to internet access and execute the following command,
wget http://sysnet.org.pk/upload/rc_shrimpFiles/openwrt-bro.tar.gz
it will download and install dependencies.
thats all! i will upload a working lab in which
http://wiki.openwrt.org/doc/howto/buildroot.exigence
root@OpenWrt:~# /etc/init.d/openflow start
eth1.1
Configuring OpenFlow switch for out-of-band control
No need for further configuration for out-of-band control
Jan 25 12:52:24|00001|vlog|INFO|opened log file /var/log/ofprotocol.log
Jan 25 12:52:24|00002|secchan|INFO|OpenFlow reference implementation version 1.0.0
Jan 25 12:52:24|00003|secchan|INFO|OpenFlow protocol version 0x01
Jan 25 12:52:24|00004|secchan|WARN|new management connection will receive asynchronous messages
Jan 25 12:52:24|00005|rconn|INFO|unix:/var/run/dp0.sock: connecting...
Jan 25 12:52:24|00006|rconn|INFO|tcp:192.168.1.2:6633: connecting...
Jan 25 12:52:24|00007|rconn|INFO|unix:/var/run/dp0.sock: connected
root@OpenWrt:~# ps | grep of
3 root 0 SW [ksoftirqd/0]
1355 root 1268 S ofdatapath punix:/var/run/dp0.sock -i eth1.1 --no-lo
1371 root 1068 S ofprotocol unix:/var/run/dp0.sock tcp:192.168.1.2:66
1373 root 1500 S grep of
if you have successfully installed the package, both daemons ofdatapath and pfprotcol must be running.
lets install bro-ids
setup up your routerboard to internet access and execute the following command,
wget http://sysnet.org.pk/upload/rc_shrimpFiles/openwrt-bro.tar.gz
it will download and install dependencies.
thats all! i will upload a working lab in which
http://wiki.openwrt.org/doc/howto/buildroot.exigence
http://www.openflow.org/wk/index.php/OpenFlow_1.0_for_OpenWRT
Any other results to report? How much traffic can the box handle? Do you have any thoughts about how to handle the Bro logs that are generated?
ReplyDeleteactually we are working on a project to use bro-ids with openflow and we are working on it to make some way, as we are able to do it ill for sure upload here.
Deletethanks,
When /etc/init.d/openflow start
ReplyDeleteI get:
/sbin/ofdown: .: line 4: can't open '/etc/functions.sh'
/sbin/ofup: .: line 5: can't open '/etc/functions.sh
What Can I do??
I solved the problem linking with ln -s to /etc/functions.sh
ReplyDeleteBy the way which configuration you used for /etc/config/network and /etc/config/openflow.
Ty!!
Hi Adria,
DeleteI am having the same error you have encountered, how exactly did you solve it?
Thanks!
ok ill share network and openflow files tom as i dont have it right now.
ReplyDeleteso i have a doubt are you using the ovs for openflow, i mean is the ehtrnet port connected to the ovs and is then following openflow or just directly following openflow ?
ReplyDeleteSrujan Yes you are right about not using ovs, the panto team has created their own drivers to address these issues. there is a package which needs to be compiled and installed later in the openwrt which actually controls the the data path and a daemon that connects to the control plane (openflow controller).
DeleteThank you very much
ReplyDelete--------------------------------------
http://www.easyzonecorp.net cloud radius billing for mikrotik
Hi!
ReplyDeleteI really enjoyed your article, but I am having the same problem as Adria, when I run /etc/init.d/openflow start, I get
/sbin/ofdown: .: line 4: can't open '/etc/functions.sh'
/sbin/ofup: .: line 5: can't open '/etc/functions.sh
How do I fix this? Any help would be appreciated!
Toshi
First thanks for article, it has solved a big problem for me (RouterOS Openflow does not support IP or Port Flows) by changing to OpenWRT
ReplyDeleteI also had the problem about starting openflow:
" /sbin/ofdown: .: line 4: can't open '/etc/functions.sh'
/sbin/ofup: .: line 5: can't open '/etc/functions.sh "
I tracked it down, it was caused by the dev team moving the functions.sh to /lib (ref: https://dev.openwrt.org/changeset/28857)
To fix create a symbolic link in the /etc directory with the following commands:
cd /etc/
ln -s /lib/functions.sh
Now you can start openflow with the command
/etc/init.d/openflow start
Cheers
Joe
Well, looks like I spoke too soon, solve one problem and find another.
ReplyDeleteI think this is a configuration issue. I am having a difficult time finding settings for the /etc/config/network and /etc/config/openflow there doesn't seem to be any examples of configuring a RB40G.
I am trying to do an out of band setup on port 0 which is communicating with the controller (OpenDaylight) and set ports 1-4 as openflow ports.
Do you have your old config files by chance? you seem to be one of the few to attempt it. A point in the right direction would be appreciated.
We have made a tutorial to make RouterBoard 750GL Openflow enabled.
ReplyDeleteWhat this tutorial contain:
-Installation procedure of OpenWRT on RouterBoard GL750
-Installation procedure of Openflow v1.0 on RouterBoard GL750
-Installation of NOX/POX/Floodlight Controller
-Testing of OpenFlow enabled Network
This tutorial can be downloaded from the following link:
http://andash.seecs.nust.edu.pk/andash_publications/SDN.pdf