# AtlanticWave SDX Cross-Domain Orchestration and Provisioning for Facilities and R&E Networks user interfaces with the SDXLib in Fabric Jupyter Notebook





# FABRIC users authentication using CILogon

This Jupyter notebook will walk you through implementing authentication using Fabric CILogon to pass JSON authentication to SDX project. The "FABRIC users authentication using CILogon" experiment tests the configuration of your environment to ensure you can create and access resources on FABRIC.  Specifically, the experiment deploys a slice of resources with a single virtual machine and confirms you can log into the virtual machine using FABLib methods.

## Configure the Environment

Before running this notebook, you will need to configure your environment using the [Configure Environment](../../../configure_and_validate.ipynb) notebook. Please stop here, open and run that notebook, then return to this notebook.

If you are using the FABRIC JupyterHub many of the environment variables will be automatically configured for you.  You will still need to set your bastion username, upload your bastion private key, and set the path to where you put your bastion private key. Your bastion username and private key should already be in your possession.  

If you are using the FABRIC API outside of the JupyterHub you will need to configure all of the environment variables. Defaults below will be correct in many situations but you will need to confirm your configuration.  If you have questions about this configuration, please contact the FABRIC admins using the [FABRIC User Forum](https://learn.fabric-testbed.net/forums/) 

More information about accessing your experiments through the FABRIC bastion hosts can be found [here](https://learn.fabric-testbed.net/knowledge-base/logging-into-fabric-vms/).


## Import the FABlib Library

In [None]:
from fabrictestbed_extensions.fablib.fablib import FablibManager as fablib_manager

fablib = fablib_manager()

fablib.show_config();

## Create the Experiment Slice

The following creates a single node with basic compute capabilities. You build a slice by creating a new slice and adding resources to the slice. After you build the slice, you must submit a request for the slice to be instantiated.   

By default, the submit function will block until the node is ready and will display the progress of your slice being built.

In [None]:
slice_name = "Slice-AWSDX"

facility_port_site='FIU'

### Facility port info

#### Find the facility ports on the site
List the facility ports
- Facility Port Name
- Available VLAN range
- Currently allocated VLAN range

In [None]:
cell_output = 'pandas'
output_list = fablib.list_facility_ports(filter_function=lambda x: x['site_name'] == facility_port_site, output=cell_output)

#### Select the Facility Port on the site

In [None]:
facility_port_name = 'AmLight-EXP-Layer2-FIU'

facility_port_vlan='4015'

### Create Slice

In [None]:
slice = fablib.new_slice(name=slice_name)

# Example: One VM on FABRIC-STAR with a NIC - sharedNIC (basic) or dedicated smartNIC (ConnectX_6)
node = slice.add_node(name=f"Node1", site='STAR')

node_iface = node.add_component(model='NIC_Basic', name="nic1").get_interfaces()[0]

# Add facility port to the network service configuration along with the node interface(s)

In [None]:
facility_port = slice.add_facility_port(name=facility_port_name, site=facility_port_site, vlan=facility_port_vlan)
facility_port_interface =facility_port.get_interfaces()[0]

net = slice.add_l2network(name=f'net_facility_port', interfaces=[])
net.add_interface(node_iface)
net.add_interface(facility_port_interface)

# Print Facility port Info

In [None]:
print(f"facility_port.get_site(): {facility_port.get_site()}")
print(f"facility_port.get_fim_interface(): {facility_port.get_fim_interface()}")

## Observe the Slice's Attributes


In [None]:
slice = fablib.get_slice(slice_name)

In [None]:
slice.show()
slice.list_nodes()
slice.list_networks()
slice.list_interfaces()


## Run the Experiment

In [None]:
from ipaddress import ip_address, IPv4Address, IPv6Address, IPv4Network, IPv6Network

# Configure the interface(s) of the VM(s) with designated subnet
subnet = IPv4Network("192.168.1.0/24")
available_ips = list(subnet)[2:]

In [None]:
node1 = slice.get_node(name=f"Node1")        
node1_iface = node1.get_interface(network_name=f'net_facility_port') 
node1_addr = available_ips.pop(99)
print(f"node1_addr: {node1_addr}")
node1_iface.ip_addr_add(addr=node1_addr, subnet=subnet)

stdout, stderr = node1.execute(f'ip addr show {node1_iface.get_os_interface()}')

stdout, stderr = node1.execute(f'sudo ip link set dev {node1_iface.get_physical_os_interface_name()} up')

stdout, stderr = node1.execute(f'sudo ip link set dev {node1_iface.get_os_interface()} up')

In [None]:
# Ping the node(s) that are active on the Facility Port side (e.g 192.168.1.10)
node1 = slice.get_node(name=f"Node1")     
node1_iface = node1.get_interface(network_name=f'net_facility_port') 

stdout, stderr = node1.execute(f'ping -c 5 192.168.1.10')   # This is expected to fail. 

# Import SDXLIB and FABLib Libraries

In [None]:
from pprint import pprint
from sdxlib.sdx_token_auth import TokenAuthentication
from sdxlib.sdx_client import SDXClient
from sdxlib.sdx_exception import SDXException

# Instantiate the TokenAuthentication class with the correct token file path (if needed)

In [None]:
# Read token from Jupyter Hub environment
import os

# token_file_path = "expired_id_token.json"
token_file_path = os.getenv("FABRIC_TOKEN_LOCATION", "/home/fabric/.tokens.json")

# Specify proxy_host
proxy_hostname = "sdxapi.atlanticwave-sdx.ai"

# Specify proxy_port
proxy_port = "443"

# Specify the endpoint
endpoint = "SDX-Controller/topology"  # Replace with your desired endpoint

# Instantiate the TokenAuthentication class with the correct token file path and endpoint
token_auth = TokenAuthentication(
    token_path=token_file_path,
    proxy_hostname=proxy_hostname,
    proxy_port=proxy_port,
    endpoint=endpoint)

In [None]:
# Load the token
token_auth.load_token()

# Print the decoded token for debugging (optional)
pprint(token_auth.token_decoded)

# Validate the token
pprint(token_auth.validate_token())

fabric_token = token_auth.fabric_token

## Show the Slice's Attributes

## Configure the Subnet

In [None]:
from ipaddress import ip_address, IPv4Address, IPv6Address, IPv4Network, IPv6Network

# Configure the interface(s) of the VM(s) with designated subnet
subnet = IPv4Network("192.168.1.0/24")
available_ips = list(subnet)[2:]

## Configure the Node

In [None]:
node1 = slice.get_node(name=f"Node1")        
node1_iface = node1.get_interface(network_name=f'net_facility_port') 
node1_addr = available_ips.pop(99)
print(f"node1_addr: {node1_addr}")
node1_iface.ip_addr_add(addr=node1_addr, subnet=subnet)

stdout, stderr = node1.execute(f'ip addr show {node1_iface.get_os_interface()}')

stdout, stderr = node1.execute(f'sudo ip link set dev {node1_iface.get_physical_os_interface_name()} up')

stdout, stderr = node1.execute(f'sudo ip link set dev {node1_iface.get_os_interface()} up')

## List Nodes

In [None]:
slice.list_nodes()


## List Networks

In [None]:
slice.list_networks()


## List Interfaces

In [None]:
slice.list_interfaces()

## Ping a node on the Amlight Facility Port side

In [None]:
stdout, stderr = node1.execute(f'ping -c 5 192.168.1.10')   

## Assign SDX Controller URL

In [None]:
# url = "http://controller.atlanticwave-sdx.net:8080/SDX-Controller"
url = "https://sdxapi.atlanticwave-sdx.ai/api"

## List SDX Domain Nodes and Ports


In [None]:
client=SDXClient(fabric_token, url)
client.get_available_ports()

## Create SDX Layer 2 VPN

The below specification is the minimum information needed to create the layer 2 VPN. 

In [None]:
client_name = "Test SDX SC24 L2VPN"
client_endpoints = [
    {"port_id": "urn:sdx:port:amlight.net:MIA-MI1-SW17:7", "vlan": "4015"}, 
    {"port_id": "urn:sdx:port:amlight.net:MIA-MI1-SW15:9", "vlan": "4015"},
]
client = SDXClient(fabric_token, url, client_name, client_endpoints)

In [None]:
try:
    response = client.create_l2vpn()  
    print("L2VPN creation successful!")
    pprint(response)
except SDXException as e:
    print(f"L2VPN creation failed: {e}") 

## List All SDX L2VPNs

Both of the list methods have the option of query results being listed as a DataFrame(default) or as a JSON by passing the optional argument format='json'.

In [None]:
client.get_all_l2vpns()

## Show created L2VPN Details

In [None]:
client.get_l2vpn(service_id = response['service_id'])

## Ping a node on the Amlight Facility Port side

In [None]:
stdout, stderr = node1.execute(f'ping -c 5 192.168.1.10')   

## Delete created SDX L2VPN

Please make certain to delete when you are finished. 

In [None]:
client.delete_l2vpn(service_id = response['service_id'])

## Ping a node on the Amlight Facility Port side

In [None]:
stdout, stderr = node1.execute(f'ping -c 5 192.168.1.10')   