Dell OpenFlow Deployment and User Guide 4.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Introduction .................................................................................................................................................. 5 OpenFlow 1.0 Support.......................................................................................................................................................6 OpenFlow 1.3 Support..................................................................................................................................................
dynamic–vlan–learn enable............................................................................................................................................ 43 echo-request interval ..................................................................................................................................................... 44 fail-mode secure........................................................................................................................................................
1 Introduction OpenFlow (OF) 1.0 [STD-1] is supported on the S4810, S4820T, S6000, Z9500, and MXL switches. Overview In a software-defined network (SDN), an external controller cluster manages the network and the resources on each switch. OpenFlow is a protocol used for communication between the controller and the switch. In the example topology below, the controller uses the OpenFlow protocol to communicate with two S4810 switches. Figure 1.
OpenFlow 1.0 Support OpenFlow (OF) 1.0 [STD-1] is supported on the S4810, S4820T, S6000, and MXL switches. NOTE: When of-instance is enabled with version 1.3, the OpenFlow 1.0 functionality is also supported. Match Parameters and Supported Values Using OpenFlow, you can transmit the switch’s ports and forwarding tables to the controller, allowing the controller to configure forwarding entries on the switch.
• OFPAT_DROP: Drops all packets that match the specified criteria. • MODIFY FIELD — Set VLAN ID: Assigns a VLAN ID (from 0 to 4094). • MODIFY FIELD — Set VLAN priority: Assigns a priority to a VLAN (from 0 to 7). • MODIFY FIELD — Modify Ethernet source MAC address: Changes the Ethernet source MAC address to the specified value. • MODIFY FIELD — Modify Ethernet destination MAC address: Changes the Ethernet destination MAC address to the specified value.
Limitations • OFPAT_OUTPUT to OFPP_FLOOD and OFPP_ALL are supported on the S4810, S4820T, S6000, and MXL switches. • Multiple output ports are supported on S4810, S4820T, and MXL switches. • The set/modify actions must precede the output ports actions. If you specify multiple output ports, the switch cannot transmit different copies. • You cannot specify individual output ports for ALL or FLOOD actions. OpenFlow 1.3 Support OpenFlow (OF) 1.
Match Parameter Supported Values ICMP type 0 to 255 ICMP code 0 to 255 Supported Flow Actions The following flow actions are supported: • OFPAT_FLOOD or OFPAT_ALL: Floods packets to all ports and VLANs on the OF interface. • OFPAT_CONTROLLER: Sends all NO_MATCH or ACTION packets to the controller specified by the packet’s VLAN tag. • OFPAT_out_port: Displays a list of ports that can receive traffic. • OFPAT_DROP: Drops all packets that match the specified criteria.
• OFPAT_OUTPUT to OFPP_IN_PORT • OFPAT_OUTPUT to OFPP_TABLE • OFPAT_OUTPUT to OFPP_NORMAL • OFPAT_OUTPUT to OFPP_LOCAL • FORWARD — Normal • FORWARD — LOCAL • FORWARD — Inport • MODIFY FIELD — Strip VLAN header • MODIFY FIELD — Modify IPv4 source address • MODIFY FIELD — Modify IPv4 destination address • MODIFY FIELD — Modify transport source port • MODIFY FIELD — Modify transport destination port • MAX_BYTES_TO_SENDLimitations Limitations • OFPAT_OUTPUT to OFPP_FLOOD and OFPP_ALL
L2 (MAC) and TCAM (ACL)Table The NEC PFC controller can only install flows in the TCAM (ACL) table. This limits the maximum flows that can be installed on the switch to the limited size of the TCAM. The OpenFlow Ethernet Fabric (OEF) architecture is implemented by NEC PFC to expand the OF flow table’s on a switch to include two tables – L2 (MAC) table and TCAM (ACL) table. The L2 table allows L2 forwarding based on VLAN + DMAC.
MAC Move MAC addresses can move from one port to another port that is also a tagged member of an OF-VLAN. The flow will be set up with the new MAC address learnt and the VLAN and DMAC entry learnt on the orignal port will be flushed out when the MAC aging timer expires. SDN link protection using Group Type Fast Fail-over (FF) SDN link protection using group type - FF provides single-hop link protection between two SDN switches.
NOTE: In a scaled scenario where max flows are configured on a Group-FF, the recommended configuration for OF-instance sndbuf is “32000” as shown below. The speed for management interface should be set to “100”. This will prevent messages sent to the controller from being dropped. Dell#show running-config interface managementethernet 1/0 ! interface ManagementEthernet 1/0 ip address 10.11.55.8/8 speed 100 no shutdown Dell(conf)#openflow of-instance 1 Dell(conf-of-instance-1)#controller 1 10.11.54.
2 Configuring ACL CAM Carving on the C9000 Series Dell Networking switches can operate in Hybrid mode, which enables OpenFlow and legacy functionality on the same switch. By default, access control list content addressable memory (ACL CAM) space is not allocated for OpenFlow. To enable OpenFlow, reserve CAM space for OpenFlow using the following commands. The amount of CAM space that you allocate for OpenFlow determines the number of available ACL entries.
3 Configuring ACL CAM Carving on S3048–ON and S3100 Series Dell Networking switches can operate in Hybrid mode, which enables OpenFlow and legacy functionality on the same switch. By default, access control list content addressable memory (ACL CAM) space is not allocated for OpenFlow. To enable OpenFlow, reserve CAM space for OpenFlow using the following commands. The amount of CAM space that you allocate for OpenFlow determines the number of available ACL entries.
4 Configuring ACL CAM Carving on S4048–ON, S4048T-ON and S6010–ON Dell Networking switches can operate in Hybrid mode, which enables OpenFlow and legacy functionality on the same switch. By default, access control list content addressable memory (ACL CAM) space is not allocated for OpenFlow. To enable OpenFlow, reserve CAM space for OpenFlow using the following commands. The amount of CAM space that you allocate for OpenFlow determines the number of available ACL entries.
5 Configuring ACL CAM Carving on the S4810, S4820T, S6000, S5000, and MXL switch Dell Networking switches can operate in Hybrid mode, which enables OpenFlow and legacy functionality on the same switch. By default, access control list content addressable memory (ACL CAM) space is not allocated for OpenFlow. To enable OpenFlow, reserve CAM space for OpenFlow using the following commands. The amount of CAM space that you allocate for OpenFlow determines the number of available ACL entries.
6 Configuring ACL CAM Carving on S6100-ON and Z9100-ON Dell Networking switches can operate in Hybrid mode, which enables OpenFlow and legacy functionality on the same switch. By default, access control list content addressable memory (ACL CAM) space is not allocated for OpenFlow. To enable OpenFlow, reserve CAM space for OpenFlow using the following commands. The amount of CAM space that you allocate for OpenFlow determines the number of available ACL entries.
7 Configuring ACL CAM Carving on Z9500 Dell Networking switches can operate in Hybrid mode, which enables OpenFlow and legacy functionality on the same switch. By default, access control list content addressable memory (ACL CAM) space is not allocated for OpenFlow. To enable OpenFlow, reserve CAM space for OpenFlow using the following commands. The amount of CAM space that you allocate for OpenFlow determines the number of available ACL entries.
8 Flow Types Dell Networking switches support three types of flows: • ACL • L2 • L3 The following sections describe the mandatory match fields, optional match fields, mandatory actions, and optional actions for each flow type. ACL Flows Parameter Type Parameters Mandatory match fields None; any of the match parameters can be wildcards. Optional match fields All 12 match fields defined in OpenFlow (OF) 1.0 are supported. Mandatory actions None.
Parameter Type Parameters Optional actions • set_dl_dst (set dst-mac) • Single OFPAT_OUTPUT action to a switch port. OFPAT_SET_VLAN is optional for OpenFlow (OF) ports and mandatory for OF virtual local area networks (VLANs). L2 Flows Parameter Type Parameters Mandatory match fields • dl_vlan (input vlan id) • dl_dst (dst-mac) Optional match fields All fields other than dl_vlan and dl_dst must be wildcards. Mandatory actions Single OFPAT_OUTPUT action to a switch port.
Parameter Types Parameters Optional Match Fields None. Action Types Mandatory Actions • ALL • output_port NOTE: Multiple actions in a single bucket is not supported. This feature is available only when ofinstance version is set to 1.3. Optional Actions None.
9 Configuring OpenFlow Instances This section describes how to enable and configure OpenFlow instances on a switch. • You can use up to 8 OpenFlow instances on a switch. The OpenFlow (OF) ID range is from 1 to 8. • You must allocate CAM blocks for use by OpenFlow before configuring any OpenFlow instances.
NOTE: All new OF instances are disabled by default. For existing OF instances, you must disable the OpenFlow instance before you can configure it. OPENFLOW INSTANCE mode shutdown 3 Add a physical interface or VLAN to an OpenFlow instance. INTERFACE mode of-instance of-id NOTE: For more information, refer to OpenFlow Interfaces 4 Specify the interface type for the OF instance.
10 Forwarding Features Flow Failover This feature provides failover support if a controller is unavailable. If the connection to a controller is lost, installed flows are retained and used for forwarding traffic until they are updated. This feature is enabled by default but you can disable failover on individual instances by using the use the no fail-mode secure command. If you disable failover, all flows to the unavailable controller are dropped. For more information, refer to the fail-mode secure command.
11 Egress QoS The controller can provide basic egress quality of service (QoS) policies for packets and assign a priority based on match parameters specified by the controller. To enable QoS, use one flow to determine the egress port for the packet (for example, an L3 flow) and another flow such as an ACL flow to determine the egress port for all packets matching the specified parameters.
12 OpenFlow Interfaces This section describes how you can apply OpenFlow to specific interfaces. • You can use the S4810, S4820T, S6000, S5000, Z9500, MXL or C9000 Series switch as a Hybrid switch, allowing both OpenFlow (OF) and legacy functionality simultaneously. • By default, all ports are available for legacy functionality. • To enable OpenFlow, associate a port or virtual local area network (VLAN) to an OF instance. You can only do this when the OF instance is disabled.
NOTE: You cannot assign the default VLAN as an OF VLAN. There is an interface-type parameter in each instance. By default, this parameter is set to port, indicating that the instance is used for OF ports. To use an OF instance in an OF VLAN, change this parameter to vlan, as shown in the example below: Dell(conf)#openflow of-instance 1 Dell(conf-of-instance-1)#interface-type vlan Dell(conf-of-instance-1)# To use both OF ports and OF VLANs, set the interface type to any.
Platform ACL Mode S6100–ON Maximum Scale Number Tested FP Region set to 9 with Interface type set as “Port” Max Flow Entries: 744 S4048–ON S3048-ON S4048T-ON (Open Day Light Controller for OF 1.3) S4048T-ON (Big Switch Controller for OF 1.
13 Flow Setup This chapter describes the configuration options required to set up flows. Sample Topology In the following sample topology, two OF instances are shown. of-instance 1 has an interface type of port and demonstrates ACL and L3 flows. of-instance 2 has an interface type of vlan and demonstrates ACL, L2, and L3 flows. L2 flows are supported on OF VLANs only. Figure 2.
Controller 1 Controller 2 Port List : TCP, 10.11.54.186/6633, rcv/sndbuf 1000/1000, connected (equal) high-priority : : Vlan List : Vlan Mbr list : Vl 50 Fo 1/16 (209), Fo 1/20 (213), Fo 2/0 (385) To display information for the second OF instance, use the show running-config openflow of-instance 2 command: Dell# show running-config openflow of-instance 2 ! openflow of-instance 2 controller 1 10.11.205.
IP TOS : * Src IP : * Src Port : * Meta Data : 0/* Actions: Set VLAN id: 50 Set DMAC: 10:00:00:00:00:01 Output: Fo 1/16 IP proto : * Dest IP : * Dest Port : * Dell#show openflow of-instance 1 Instance : Admin State : OF Version : Interface Type : DP Id : Forwarding Tbls : Flow map : EchoReq interval: Connect interval: Number of Flows : Packets (acl) : Bytes (acl) : Fail mode : Flow misses : Controller 1 : Controller 2 : Port List : Vlan List : Vlan Mbr list : 1 Up V1-3 Vlan 00:01:74:86:7a:ff:6f:e4 acl
Match Parameters: Valid Match: Etype,DMAC,DIP In Port : * SMAC : * VLAN id : * IP TOS : * Src IP : * Src Port : * Meta Data : 0/* Actions: Set SMAC: 00:01:e8:8b:1a:32 Set DMAC: 00:00:00:00:00:11 Output: Te 0/31 EType DMAC VLAN PCP IP proto Dest IP Dest Port : : : : : : ip 00:01:e8:8b:1a:32 * * 1.1.1.
VLAN id IP TOS Src IP Src Port Meta Data Actions: Output: Te : : : : : 200 * * * 0/* VLAN PCP IP proto Dest IP Dest Port : : : : * * * * 0/1 For complete L2 flow formats, refer to Flow Types . Packet Trace Enable OpenFlow protocol packet tracing by using the debug openflow packets packet-type {packets} of-instance {of-id} command. For more information, refer to debug openflow packets.
14 Exceptions This section describes the constraints of OpenFlow. • Dell Networking switches can operate as Hybrid switches (switches running OpenFlow and legacy functions simultaneously). You cannot enable Legacy functionality (switching and routing) on OF ports or OF virtual local area networks (VLANs), as these interfaces are controlled by an OpenFlow controller and are not available. • Stacking of OpenFlow switches is not supported for the S4810, S4820T, S6000, or MXL switches.
• Flow priority is ignored for L2 flows. • L2 flows are supported on OF VLANs only.
15 High Availability This section describes OpenFlow (OF) protocol 1.0 and 1.3 support for High Availability (HA) on the C9000 Series. NOTE: OpenFlow protocol is supported on chassis (LP) and Line Module (LM) ports. It is not supported on Port Extender (PE) ports. High availability (HA) is a collection of features that preserves system continuity by maximizing uptime and minimizing packet loss during system disruptions.
16 OpenFlow Commands Use the following commands for software-defined networking (SDN) OpenFlow.
• • • • • • • • openflow vlan reconnect-timer recover-timer show openflow show openflow flows show openflow groups shutdown (OpenFlow Instance) src-suppression SDN Command Modes To navigate and launch various CLI modes, use the following commands. CONFIGURATION Mode In EXEC Privilege mode, use the configure command to enter CONFIGURATION mode and configure routing protocols and access interfaces. To enter CONFIGURATION mode: 1 Verify that you are logged in to EXEC Privilege mode.
1 Verify that you are logged in to CONFIGURATION mode. 2 Enter the openflow of-instance command then the OpenFlow ID number of the instance you want to create or configure. The prompt changes to include (conf-of-instance of-id). You can return to the CONFIGURATION mode by entering the exit command. connect retry-interval Configure the timed interval (in seconds) that the OpenFlow (OF) instance waits after requesting a connection with the OpenFlow controller.
Parameter controller-id Enter the controller number. Enter 1 to assign the controller a primary role or enter 2 to assign the controller a backup role. ip-address Enter the IP address of the controller. port port-number Enter the keyword port followed by the port number to use for the connection. The range is from 1 to 65535. high-priority Enter the keyword high-priority to configure the controller as higher priority. rcvbuf Enter the keyword rcvbuf to specify the socket receive buffer size.
OpenFlow Commands echo-reply Enable debugging for echo-reply packets. echo-request Enable debugging for echo-request packets. error Enable debugging for error packets. featuresreply Enable debugging for features-reply packets. featuresrequest Enable debugging for features-request packets. flow-mod Enable debugging for flow-mod packets. flow-removed Enable debugging for flow-removed packets. get-asyncrequest Enable debugging for get-async-request packets (V1.3).
of-instance {of-id} table-mod Enable debugging for table-mod packets (V1.3). vendor Enable debugging for vendor packets. Enter the keywords of-instance followed by the OF instance ID. The range is 1 to 8. Defaults None Command Modes EXEC Command History The following is a list of the Dell Networking OS version history for this command. Usage Information Version Description 9.10(0.1) Introduced on the S4048T-ON and S6010-ON. 9.9(0.0) Introduced on the C9010. 9.8(1.
Flow map : EchoReq interval: Connect interval: Number of Flows : Packets (acl) : Bytes (acl) : Fail mode : Flow misses : Controller 1 : Controller 2 : Port List : 15 seconds 15 seconds 10 (acl:10) 8820 599760 secure copy-to-controller TCP,10.11.54.60/6633, rcv/sndbuf 2000/2000, connected (equal) - Dell(conf-of-instance-2)#show config openflow of-instance 2 controller 1 10.11.54.60 tcp interface-type vlan multiple-fwd-table enable of-version 1.
To disable flow failover, use the no fail-mode secure command on the specific OF instance. Command Modes OPENFLOW INSTANCE Command History The following is a list of the Dell Networking OS version history for this command. Usage Information Version Description 9.10(0.1) Introduced on the S4048T-ON and S6010-ON. 9.9(0.0) Introduced on the C9010. 9.8(1.0) Introduced on the Z9100–ON. 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.0P2) Introduced on the S3048-ON 9.7(0.
Usage Information L2 flow-mapping is not supported on OpenFlow instances with an interface-type of port. Related Commands openflow of-instance — Creates or modifies an OpenFlow instance. flow-misses drop Prevents flow misses (flows that do not reach their intended destination) from being copied to the controller. Syntax flow-misses drop To copy flow misses to the controller, use the no flow-misses drop on the specific OF instance.
port Default. Enter the keyword port to enable configuration of LAGs or physical interfaces on the selected OF instance. vlan Enter the keyword vlan to enable configuration of VLANs on the selected OF instance. NOTE: You must associate the OF instance with the VLAN when you create the VLAN. Command Modes OPENFLOW INSTANCE Command History controller — Specifies the OpenFlow controller configuration that the OpenFlow instance uses to establish a connection. Version Description 9.10(0.
Command Modes CONFIGURATION Command History The following is a list of the Dell Networking OS version history for this command. Usage Information Related Commands Version Description 9.10(0.1) Introduced on the S4048T-ON and S6010-ON. 9.9(0.0) Introduced on the C9010. 9.8(1.0) Introduced on the Z9100–ON. 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.0P2) Introduced on the S3048-ON 9.7(0.0) Introduced on the S5000, S6000-ON, and Z9500. 9.3(0.0) Introduced on the S6000. 9.2(0.
Connect interval: Number of Flows : Packets (acl) : Bytes (acl) : Fail mode : Flow misses : Controller 1 : Controller 2 : Port List : 15 seconds 10 (acl:10) 8820 599760 secure copy-to-controller TCP,10.11.54.60/6633, rcv/sndbuf 2000/2000, connected (equal) - Dell(conf-of-instance-2)#show config openflow of-instance 2 controller 1 10.11.54.60 tcp interface-type vlan multiple-fwd-table enable of-version 1.
of-instance (Configuration) Create an OF instance or modify an existing OF instance. Syntax openflow of-instance of-id Parameters of-id Enter the number of the OF instance. The range is from 1 to 8. If you are creating a new OF instance, enter the number you want to assign to the OF instance. If you are modifying an existing OF instance, enter the number of the instance you want to change. NOTE: Disable the OF instance before making any configuration changes.
Related Commands Flow Type Maximum Number of Available Flows ACL 256 or 512 (depending on ACL CAM carving) L2 48,000 L3 6,000 • To avoid session timeout issues if you change the time or date on the system clock, you must disable and reenable all existing OpenFlow instances. • shutdown — Enables or disables the OpenFlow instance. • show openflow — Displays general information about OpenFlow instances.
Dell(conf-if-gi-1/31)#of-instance 1 Dell(conf-if-gi-1/31)# Dell(conf)#interface gigabitethernet 1/7 Dell(conf-if-gi-1/7)#of-instance 1 Dell(conf-if-gi-1/7)#interface gigabitethernet 1/31 Dell(conf-if-gi-1/31)#of-instance 1 Dell(conf-if-gi-1/31)# Dell(conf)#interface tengigabitethernet 1/7/1 Dell(conf-if-te-1/7/1)#of-instance 1 Dell(conf-if-te-1/7/1)#interface tengigabitethernet 1/31/1 Dell(conf-if-te-1/31/1)#of-instance 1 Dell(conf-if-te-1/31/1)# Dell(conf)#interface tengigabitethernet 1/7 Dell(conf-if-te-1
Related Commands • IPv6 • MAC • MTU • Spanning-tree protocols • Switchport openflow of-instance — Creates or modifies an OpenFlow instance. of-version Specify the of-version of OpenFlow instances. Syntax Parameter of-version {1.0 | 1.3} 1.0 Enter the keyword 1.0 to specify the OF instance version as 1.0. 1.3 Enter the keyword 1.3 to specify the OF instance version as 1.3. Defaults The default port number for the TCP connection is 6633.
Version Description 9.10(0.1) Introduced on the S4048T-ON and S6010-ON. 9.9(0.0) Introduced on the C9010. 9.8(1.0) Introduced on the Z9100–ON. 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.0P2) Introduced on the S3048-ON 9.7(0.0) Introduced on the S5000, S6000-ON, and Z9500. 9.3(0.0) Introduced on the S6000. 9.2(0.2) Introduced on the S4820T and MXL. 9.2(0.2) Introduced on the S4810.
Usage Information Version Description 9.9(0.0) Introduced on the C9010. The recover-timer configuration sets the time interval for OF-instance to receive all configured flows from the controller after the reconnect timer expires or when it is canceled . Related Commands recover-timer Set a time interval for OF-instance to receive all configured flows from the controller when the reconnect-timer expires or is canceled.
Command History Example (show openflow) Example (show openflow ofinstance) The following is a list of the Dell Networking OS version history for this command. Version Description 9.10(0.1) Introduced on the S4048T-ON and S6010-ON. 9.9(0.0) Introduced on the C9010. 9.8(1.0) Introduced on the Z9100–ON. 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.0P2) Introduced on the S3048-ON 9.7(0.0) Introduced on the S5000, S6000-ON, and Z9500. 9.3(0.0) Introduced on the S6000. 9.2(0.
Usage Information To display general information such as version, capabilities, and supported actions, use the show openflow command. Related Commands openflow of-instance — Creates or modifies an OpenFlow instance. show openflow flows Display detailed information about OpenFlow instances.
In Port SMAC DMAC VLAN id IP TOS Src IP Src Port Meta Data Actions Related Commands : : : : : : : : : Gi 1/8(62) * * * * * * 1/1 Implicit Permit EType : * VLAN PCP IP proto Dest IP Dest Port : : : : * * * * show openflow — Displays general information about OpenFlow instances. show openflow groups Display detailed information about OpenFlow groups for an OF instance.
Command History Usage Information The following is a list of the Dell Networking OS version history for this command. Version Description 9.10(0.1) Introduced on the S4048T-ON and S6010-ON. 9.9(0.0) Introduced on the C9010. 9.8(1.0) Introduced on the Z9100–ON. 9.8(0.0P5) Introduced on the S4048-ON. 9.8(0.0P2) Introduced on the S3048-ON 9.7(0.0) Introduced on the S5000, S6000-ON, and Z9500. 9.3(0.0) Introduced on the S6000. 9.2(0.0) Introduced on the S4820T and MXL. 9.1(0.
Usage Information Version Description 9.2(0.2) Introduced on the S4820T and MXL. 9.2(0.2) Introduced on the S4810. Source suppression prevents received packets from being transmitted from the ingress port. Source suppression is enabled by default and is applied to all instances on the switch. If you disable source suppression, received packets can be transmitted from the ingress port.
