Dell OpenFlow Deployment and User Guide 3.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2015 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 Introduction .......................................................................................................... 5 OpenFlow 1.0 Support.......................................................................................................................... 6 OpenFlow 1.3 Support.......................................................................................................................... 8 2 Configuring ACL CAM Carving on the S4810, S4820T, S6000, S5000, and MXL switch........
openflow vlan......................................................................................................................................46 show openflow....................................................................................................................................47 show openflow flows......................................................................................................................... 48 shutdown (OpenFlow Instance)..........................................
Introduction 1 OpenFlow (OF) 1.0 [STD-1] is supported on the S4810, S4820T, S6000, Z9000, Z9500, and MXL switches. Overview In a software-defined network (SDN), an external controller cluster manages the network and the resources on each switch. OpenFlow is a protocol used for communication between the controller and the switch. In the example topology below, the controller uses the OpenFlow protocol to communicate with two S4810 switches. Figure 1.
OpenFlow 1.0 Support OpenFlow (OF) 1.0 [STD-1] is supported on the S4810, S4820T, S6000, Z9000, and MXL switches. NOTE: When of-instance is enabled with version 1.3, the OpenFlow 1.0 functionality is also supported. Match Parameters and Supported Values Using OpenFlow, you can transmit the switch’s ports and forwarding tables to the controller, allowing the controller to configure forwarding entries on the switch.
Supported Flow Actions The following flow actions are supported: • OFPAT_FLOOD or OFPAT_ALL: Floods packets to all ports and VLANs on the OF interface. • OFPAT_CONTROLLER: Sends all NO_MATCH or ACTION packets to the controller specified by the packet’s VLAN tag. • OFPAT_out_port: Displays a list of ports that can receive traffic. • OFPAT_DROP: Drops all packets that match the specified criteria. • MODIFY FIELD — Set VLAN ID: Assigns a VLAN ID (from 0 to 4094).
• OFPAT_OUTPUT to OFPP_NORMAL • OFPAT_OUTPUT to OFPP_LOCAL • FORWARD — Normal • FORWARD — LOCAL • FORWARD — Inport • MODIFY FIELD — Strip VLAN header • MODIFY FIELD — Modify IPv4 source address • MODIFY FIELD — Modify IPv4 destination address • MODIFY FIELD — Modify transport source port • MODIFY FIELD — Modify transport destination port • MAX_BYTES_TO_SEND Limitations • OFPAT_OUTPUT to OFPP_FLOOD and OFPP_ALL are supported on the S4810, S4820T, S6000, and MXL switches.
Match Parameter Supported Values External VLAN ID 0 to 4094 External VLAN priority 0 to 7 IP source address IP address (x:x:x:x::x format then the prefix length in the /x format) IP destination address IP address (x:x:x:x::x format then the prefix length in the /x format) IP protocol type • • • Type of service (ToS) 0 to 255 Transport source port (transport sport) 0 to 65535 Transport destination port (transport dport) 0 to 65535 ICMP type 0 to 255 ICMP code 0 to 255 session initiation
Unsupported OpenFlow Messages The following OpenFlow messages are not supported. Some unsupported messages generate OFPT_ERROR, which is an error message sent to the controller. Table 4. Unsupported OpenFlow Messages Message System Response OFPT_SET_CONFIG This message is ignored by the switch. OFPT_QUEUE_GET_CONFIG_REQUEST OFPT_ERROR generates in response. Emergency Flows (OFPFF_EMERG) OFPT_ERROR generates in response. Queue Statistics (OFPST_QUEUE) OFPT_ERROR generates in response.
Configuring ACL CAM Carving on the S4810, S4820T, S6000, S5000, and MXL switch 2 Dell Networking switches can operate in Hybrid mode, which enables OpenFlow and legacy functionality on the same switch. By default, access control list content addressable memory (ACL CAM) space is not allocated for OpenFlow. To enable OpenFlow, reserve CAM space for OpenFlow using the following commands. The amount of CAM space that you allocate for OpenFlow determines the number of available ACL entries.
NOTE: To upgrade any configuration changes that have changed the NVRAM content if you enable BMP 3.0, use the reload conditional nvram-cfg-change command to perform a reload on the chassis.
3 Configuring ACL CAM Carving on Z9000 and Z9500 Dell Networking switches can operate in Hybrid mode, which enables OpenFlow and legacy functionality on the same switch. By default, access control list content addressable memory (ACL CAM) space is not allocated for OpenFlow. To enable OpenFlow, reserve CAM space for OpenFlow using the following commands. The amount of CAM space that you allocate for OpenFlow determines the number of available ACL entries.
Flow Types 4 Dell Networking switches support three types of flows: • ACL • L2 • L3 The following sections describe the mandatory match fields, optional match fields, mandatory actions, and optional actions for each flow type. ACL Flows Parameter Type Parameters Mandatory match fields None; any of the match parameters can be wildcards. Optional match fields All 12 match fields defined in OpenFlow (OF) 1.0 are supported. Mandatory actions None.
Parameter Type Mandatory actions Optional actions Parameters • All fields other than the ones listed in “Mandatory match fields” and “Optional match fields” must be wildcards. • You must specify set_dl_src (set src-mac) as the port mac (local mac) for the swtich. • set_dl_dst (set dst-mac) • Single OFPAT_OUTPUT action to a switch port. OFPAT_SET_VLAN is optional for OpenFlow (OF) ports and mandatory for OF virtual local area networks (VLANs).
Group Flows Parameter Types Parameters Mandatory Match Fields None. Optional Match Fields None. Action Types Mandatory Actions • ALL • output_port NOTE: Multiple actions in a single bucket is not supported. This feature is available only when of-instance version is set to 1.3. Optional Actions None.
Configuring OpenFlow Instances 5 This section describes how to enable and configure OpenFlow instances on a switch. • You can use up to 8 OpenFlow instances on a switch. The OpenFlow (OF) ID range is from 1 to 8. • You must allocate CAM blocks for use by OpenFlow before configuring any OpenFlow instances.
If you do not specify a default VLAN for packet routing, the software assigns the first available VLAN as the default VLAN when you create the first OF instance. To specify a default VLAN, use the openflow vlan command. 1. Create or modify an OF instance. CONFIGURATION mode openflow of-instance of-id 2. If this is a new OF instance, continue to step 3. To change an existing OF instance, disable it first. NOTE: All new OF instances are disabled by default.
9. (OPTIONAL) Specify if flows installed by the controller should be interpreted by the switch for placement in L2 or L3 tables. OPENFLOW INSTANCE mode flow-map {l2|l3} enable 10. (OPTIONAL) Advertise all forwarding tables (ACL, L2, and L3) to the controller. OPENFLOW INSTANCE mode multiple-fwd-table enable 11. Enable the OF instance.
Forwarding Features 6 Flow Failover This feature provides failover support if a controller is unavailable. If the connection to a controller is lost, installed flows are retained and used for forwarding traffic until they are updated. This feature is enabled by default but you can disable failover on individual instances by using the use the no fail-mode secure command. If you disable failover, all flows to the unavailable controller are dropped.
VLAN Tag Removal This feature allows an interface processor (IFP) action to remove the outer VLAN tag from a packet before sending it out of the egress port. OpenFlow VLAN egress ports are now supported and flows with the strip-vlan action and an OF VLAN member port as the egress port are accepted. NOTE: This feature is supported for OF egress ports only.
7 Egress QoS The controller can provide basic egress quality of service (QoS) policies for packets and assign a priority based on match parameters specified by the controller. To enable QoS, use one flow to determine the egress port for the packet (for example, an L3 flow) and another flow such as an ACL flow to determine the egress port for all packets matching the specified parameters.
OpenFlow Interfaces 8 This section describes how you can apply OpenFlow to specific interfaces. • You can use the S4810, S4820T, S6000, S5000, Z9000, Z9500, or MXL switch as a Hybrid switch, allowing both OpenFlow (OF) and legacy functionality simultaneously. • By default, all ports are available for legacy functionality. • To enable OpenFlow, associate a port or virtual local area network (VLAN) to an OF instance. You can only do this when the OF instance is disabled.
OF VLANs Instead of assigning an entire port to an OF instance, you can assign a VLAN to an OF instance when you create the VLAN. You can only create OF VLANs when the associated instance is disabled using the shutdown command. Configure OF VLAN members in the same way as you would configure a legacy VLAN. NOTE: You cannot assign the default VLAN as an OF VLAN. There is an interface-type parameter in each instance. By default, this parameter is set to port, indicating that the instance is used for OF ports.
Vlan Mbr list : Fo 1/16 (209), Fo 1/20 (213), Fo 2/0 (385) 25
Flow Setup 9 This chapter describes the configuration options required to set up flows. Sample Topology In the following sample topology, two OF instances are shown. of-instance 1 has an interface type of port and demonstrates ACL and L3 flows. of-instance 2 has an interface type of vlan and demonstrates ACL, L2, and L3 flows. L2 flows are supported on OF VLANs only. Figure 2.
Connect interval: 15 seconds Number of Flows : 21 (acl:21) Packets (acl) : 575600 Bytes (acl) : 36838400 Fail mode : secure Flow misses : copy-to-controller Controller 1 : TCP, 10.11.54.
To clear these statistics, use the clear openflow statistics of-instance command. The following sample ACL flow was configured using a controller. It matches by dmac, ether-type, ipprotocol, and tcp-dst-port, then sets the VLAN ID to 111 and forwards the packet from Te 0/31.
multiple-fwd-table enable no shutdown The entry for dst-mac in the match field and set-src-mac in the action set must use the switch’s port MAC address. All ports on a Dell Networking switch are associated with the same MAC address, which you can view using the show interface command. Dell#show interfaces tengigabitethernet 0/0 TenGigabitEthernet 0/0 is up, line protocol is up Hardware is DellForce10Eth, address is 00:01:e8:8b:1a:32 Current address is 00:01:e8:8b:1a:32 ...
L2 Flows L2 flows are only supported on OF VLANs. In the following example, of-instance 2 is used to demonstrate an L2 flow. To use the L2 flow table, enable the multiple-fwd-table and flow-map l2 commands, as shown in the following example. If you do not enable either command, L2 flows are added to the ACL table. Dell#show running-config openflow of-instance 2 ! openflow of-instance 2 controller 1 10.11.205.
Exceptions 10 This section describes the constraints of OpenFlow. • Dell Networking switches can operate as Hybrid switches (switches running OpenFlow and legacy functions simultaneously). You cannot enable Legacy functionality (switching and routing) on OF ports or OF virtual local area networks (VLANs), as these interfaces are controlled by an OpenFlow controller and are not available. • Stacking of OpenFlow switches is not supported for the S4810, S4820T, S6000, or MXL switches.
L3 Flow Exceptions • Non-zero integers for the idle timeout are not supported and are ignored for L3 flows. L3 flows are not aged out. • For L3 flows, flow priority is not applicable. Instead, the destination IP (dst-ip) network mask length is used to prioritize the flow, with longer mask lengths having priority over shorter mask lengths. For example, an L3 flow with a dst-ip network mask length of 32 has priority over a flow with a dst-ip network mask length of 31.
OpenFlow Commands 11 Use the following commands for software-defined networking (SDN) OpenFlow.
When you are in EXEC mode, the > prompt is displayed following the host name prompt, which is “Dell” by default. You can change the host name prompt using the hostname command. NOTE: Each mode prompt is preceded by the host name. INTERFACE Mode Use INTERFACE mode to configure interfaces or IP services on those interfaces. An interface can be physical (for example, a Gigabit Ethernet port) or virtual (for example, the Null interface). To enter INTERFACE mode: 1.
Version Description 9.2(0.0) Introduced on the S4820T and MXL. 9.1(0.0) Introduced on the Z9000 and S4810. Usage Information After the interval time lapses, the OpenFlow instance reattempts to establish a connection to the OpenFlow controller. Related Commands openflow of-instance — Creates or modifies an OpenFlow instance. controller Specify the OpenFlow controller configuration that the OpenFlow instance uses to establish a connection.
Version Description 9.1(0.0) Introduced on the Z9000 and S4810. Usage Information Only TCP connection is supported. Related Commands openflow of-instance — Creates or modifies an OpenFlow instance. debug openflow packets Enable debugging for OpenFlow packets. Syntax Parameter 36 debug openflow packets packet-type {packet-type} of-instance {of-id} {packet-type packet-type} Enter the keywords packet-type followed by one of the following packet types: all Enable debugging for all packets.
get-configrequest Enable debugging for get-configrequest packets. group-mod Enable debugging for group-mod packets (V1.3). hello Enable debugging for hello packets. meter-modrequest Enable debugging for meter-mod packets (V1.3). multipartrequest Enable debugging for multipartrequest packets (V1.3). multipartreply Enable debugging for multipart-reply packets (V1.3). packet-in Enable debugging for packet-in packets. packet-out Enable debugging for packet-out packets.
of-instance {of-id} Defaults None Command Modes EXEC Command History Usage Information Enter the keywords of-instance followed by the OF instance ID. The range is 1 to 8. Version Description 9.7(0.0) Introduced on the S5000, S6000-ON, and Z9500. Packet instances corresponding to Version 1.3 are included. 9.3(0.0) Introduced on the S6000. 9.2(0.0) Introduced on the S4820T and MXL. 9.1(0.0) Introduced on the Z9000 and S4810.
Command Modes Command History Usage Information OPENFLOW INSTANCE Version Description 9.7(0.0) Introduced on the S5000, S6000-ON, and Z9500. 9.3(0.0) Introduced on the S6000. 9.2(0.2) Introduced on the S4820T and MXL. 9.2(0.2) Introduced on the Z9000 and S4810. This feature provides failover support if a controller is unavailable. If the connection to a controller is lost, installed flows are retained and used for forwarding traffic until they are updated.
flow-misses drop Prevents flow misses (flows that do not reach their intended destination) from being copied to the controller. Syntax flow-misses drop To copy flow misses to the controller, use the no flow-misses drop on the specific OF instance. Defaults none Command Modes OPENFLOW INSTANCE Command History Version Description 9.7(0.0) Introduced on the S5000, S6000-ON, and Z9500. 9.3(0.0) Introduced on the S6000. 9.2(0.2) Introduced on the S4820T and MXL. 9.2(0.
NOTE: You must associate the OF instance with the VLAN when you create the VLAN. Command Modes Command History OPENFLOW INSTANCE Version Description 9.7(0.0) Introduced on the S5000, S6000-ON, and Z9500. 9.3(0.0) Introduced on the S6000. 9.2(0.0) Introduced on the S4820T and MXL. 9.1(0.0) Introduced on the Z9000 and S4810.
Usage Information Related Commands Version Description 9.3(0.0) Introduced on the S6000. 9.2(0.2) Introduced on the S4820T and MXL. 9.2(0.2) Introduced on the Z9000 and S4810. • You cannot configure an IP address as an OF VLAN. • You cannot add an existing VLAN to an OpenFlow instance. • You cannot enable STP if you have configured an OF VLAN. • You cannot assign the default VLAN as an OF VLAN. openflow of-instance — Creates or modifies an OpenFlow instance.
Parameter Command Modes Command History Example of-id Enter the OpenFlow instance ID. The range is from 1 to 8. INTERFACE MODE Version Description 9.7(0.0) Introduced on the S5000, S6000-ON, and Z9500. 9.3(0.0) Introduced on the S6000. 9.2(0.0) Introduced on the S4820T and MXL. 9.1(0.0) Introduced on the Z9000 and S4810.
• MAC • MTU • Port-channel protocols • Spanning-tree protocols • Switchport The following features are not supported on LAGs associated with an OpenFlow instance: Related Commands • Ethernet • GVRP • IPv4 • IPv6 • MAC • MTU • Spanning-tree protocols • Switchport openflow of-instance — Creates or modifies an OpenFlow instance. of-instance (Configuration) Create an OF instance or modify an existing OF instance.
Usage Information Version Description 9.1(0.0) Introduced on the Z9000 and S4810. • Stacking for S4810 and virtual link trunking (VLT) are not supported on OF instances. High availability (HA) is supported only with AFC. • To enable OpenFlow on the S4810, the stack unit number must be zero.
Defaults The default port number for the TCP connection is 6633. Command Modes OPENFLOW INSTANCE Command History Related Commands Version 9.7(0.0) Introduced on the S-Series and Z-Series. openflow of-instance — Creates or modifies an OpenFlow instance. openflow vlan Assign a default VLAN ID to an OpenFlow port to copy certain packet types received on an OF port to the controller and forward them out of a physical switch port. Syntax Parameters openflow vlan vlan-id vlan-id Enter the VLAN ID.
Related Commands shutdown — Enables or disables the OpenFlow instance. show openflow — Displays general information about OpenFlow instances. controller — Specifies the OpenFlow controller configuration that the OpenFlow instance uses to establish a connection. show openflow Display general information about OpenFlow instances.
Port List : Vlan List : Vlan Mbr list : Vl 200 Fo 1/16 (209), Fo 1/20 (213), Fo 2/0 (385) Usage Information To display general information such as version, capabilities, and supported actions, use the show openflow command. Related Commands openflow of-instance — Creates or modifies an OpenFlow instance. show openflow flows Display detailed information about OpenFlow instances.
shutdown (OpenFlow Instance) Enable or disable the OpenFlow instance. Syntax [no] shutdown Defaults Disabled (shutdown) Command Modes OPENFLOW INSTANCE Command History Usage Information Version Description 9.7(0.0) Introduced on the S5000, S6000-ON, and Z9500. 9.3(0.0) Introduced on the S6000. 9.2(0.0) Introduced on the S4820T and MXL. 9.1(0.0) Introduced on the Z9000 and S4810. To enable the OpenFlow instance, use the no shutdown command.
Usage Information Version Description 9.2(0.2) Introduced on the S4820T and MXL. 9.2(0.2) Introduced on the Z9000 and S4810. Source suppression prevents received packets from being transmitted from the ingress port. Source suppression is enabled by default and is applied to all instances on the switch. If you disable source suppression, received packets can be transmitted from the ingress port.
