53-1003034-02 9 December, 2013 Multi-Service IronWare Software Defined Networking (SDN) Configuration Guide ®
Supporting Multi-Service IronWare R05.6.00 Copyright © 2013 Brocade Communications Systems, Inc. All Rights Reserved. ADX, AnyIO, Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, MyBrocade, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Contents About This Document In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Supported hardware and software . . . . . . . . . . . . . . . . . . . . . . . . . . . vi Supported software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .vi Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
OpenFlow configuration considerations . . . . . . . . . . . . . . . . . . . . . . 29 Behavior of ports and devices . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Removing OpenFlow configuration from a device . . . . . . . . . . . 30 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
In this chapter About This Document In this chapter • Audience. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v • Supported hardware and software. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi • Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii • Notice to the reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
In this chapter Supported hardware and software The following hardware platforms are supported by this release of this guide: TABLE 1 Supported devices Brocade NetIron XMR Series Brocade MLX Series NetIron CES 2000 and NetIron CER 2000 Series Brocade NetIron XMR 4000 Brocade MLX-4 Brocade NetIron CES 2024C Brocade NetIron XMR 8000 Brocade MLX-8 Brocade NetIron CES 2024F Brocade NetIron XMR 16000 Brocade MLX-16 Brocade NetIron CES 2048C Brocade NetIron XMR 32000 Brocade MLX-32 Brocade NetIr
In this chapter Document conventions This section describes text formatting conventions and important notice formats used in this document.
In this chapter Notice to the reader This document may contain references to the trademarks of the following corporations. These trademarks are the properties of their respective companies and corporations. These references are made for informational purposes only.
In this chapter Getting technical help or reporting errors To contact Technical Support, go to http://www.brocade.com/services-support/index.page for the latest e-mail and telephone contact information.
In this chapter x Multi-Service IronWare SDN Configuration Guide 53-1003034-02
Chapter 1 OpenFlow Table 2 lists the individual Brocade NetIron devices and the OpenFlow features they support.
1 Overview of OpenFlow TABLE 2 Supported Brocade OpenFlow features Features supported Brocade NetIron XMR Series Brocade MLX Series Brocade NetIron CES 2000 Series BASE package Brocade NetIron CES 2000 Series ME_PREM package Brocade NetIron CES 2000 Series L3_PREM package Brocade NetIron CER 2000 Series Base package Brocade NetIron CER 2000 Series Advanced Services package Simulteneous Layer2 and Layer3 support for OpenFlow Yes Yes Yes Yes Yes Yes Yes Match both source and destination MA
Overview of OpenFlow FIGURE 2 1 OpenFlow flow table entries Flow table entries Table 3 lists the OpenFlow match rules supported on Brocade devices. The implementation supports two modes of operation when enabling OpenFlow on a port: Layer 2 mode and Layer 3 mode. Layer 2 mode supports OpenFlow matching rules based on the Layer 2 fields shown in Figure 2, while Layer 3 mode supports the OpenFlow matching rules based on the Layer 3 fields.
1 Overview of OpenFlow The Brocade MLX Series and Brocade NetIron XMR devices support enabling ports in either Layer 2 or Layer 3 mode. The Brocade NetIron CER and Brocade NetIron CES devices support Layer 2 mode by default (OpenFlow Layer 3 mode configuration on a port is currently not supported on these devices).
Overview of OpenFlow 1 Brocade devices support the actions listed in Table 4.
1 Overview of OpenFlow The following per port counters are available in the flow table: TABLE 5 OpenFlow counters supported on devices Counter Description Brocade MLX Series Brocade NetIron XMR Brocade NetIron CER Brocade NetIron CES Received packets Number of packets received on the port Yes Yes Transmitted packets Number of packets transmitted from the port Yes Yes Received bytes Number of bytes received on the port Yes No Transmitted bytes Number of bytes transmitted from the port
Overview of OpenFlow 1 • Before you can disable OpenFlow globally on the device, you must disable OpenFlow on all interfaces individually. • Spanning tree protocol and other Layer 2 or Layer 3 protocols are not supported on OpenFlow-enabled ports. • Support up to three concurrent sessions with a maximum of two concurrent SSL sessions. • Up to 3000 configured flows are supported if all the flows are with a wildcard for the incoming port. • Local and normal actions defined by the OpenFlow 1.
1 Hybrid switch and OpenFlow hybrid port mode • An action to modify the VLAN priority of an untagged frame will result in a VLAN tag being added to the frame. If the action does not specify a VLAN ID value, the VLAN ID will be set to 0. • The action to modify IP DSCP is only supported for flows on ports enabled for Layer 3 mode. • Matching a VLAN ID on a Layer 3 mode port is only supported for packets with an IP payload.
Hybrid switch and OpenFlow hybrid port mode 1 Hybrid port mode operation Consider Device-1 in Figure 3. Ingress traffic on VLAN 10 on hybrid port 1/1 will be processed for IPv4 and IPv6 unicast routing. Traffic on other VLANs will be processed against OpenFlow flows on port 1/1 and switched accordingly. A preconfigured number of protected VLANs can be supported for normal routing.
1 Hybrid switch and OpenFlow hybrid port mode • Packets tagged with a protected VLAN id will be forwarded by IPv4 and IPv6 unicast routing, if IPv4 or IPv6 routing is configured on that VLAN. If IPv4 or IPv6 routing is not configured on that VLAN, such packets will be dropped. • Packets tagged with an unprotected VLAN id: • Packets tagged with an unprotected VLAN id will be subject first to OpenFlow flows.
Hybrid switch and OpenFlow hybrid port mode 1 Adding or Deleting protected VLANs Use openflow protected -vlans to add or delete protected VLANs on a hybrid port-mode interface. The no form of the command deletes the configured protected VLANs from the hybrid-enabled port. Brocade(config-if-e10000-2/5)# openflow protected-vlans 10 Syntax: [no] openflow protected-vlans id1 id2 …idn VLANs can be configured individually. NOTE A VLAN range is not specified for this command .
1 Hybrid switch and OpenFlow hybrid port mode Local IP address:port <-> Remote IP address:port TCP state RcvQue RxBuffe SendQue TxBuffe 10.20.178.73 8807 10.20.101.
Hybrid switch and OpenFlow hybrid port mode 1 Sample configurations VPLS support to configure OpenFlow hybrid mode port For VPLS instance, you can configure a port as an OpenFlow hybrid mode port by executing these commands.
1 Hybrid switch and OpenFlow hybrid port mode Brocade(config-mpls)# Brocade(config-mpls)#vpls v1 100 Brocade(config-mpls)#vpls-peer 17.17.17.17 Brocade(config-mpls-vpls-v1)#vlan 100 Brocade(config-mpls-vpls-v8-vlan-100)#tag e 2/8 Brocade(config-mpls)#int e 2/8 Brocade(config-if-e10000-2/8)#openflow enable layer2 hybrid-mode Check for global system-max unprotected VLAN number, while configuring a port as a hybrid port.
Hybrid switch and OpenFlow hybrid port mode 1 Brocade(config-mpls-vpls-v8-vlan-100)#tag e 2/8 Brocade(config-mpls)#int e 2/8 Brocade(config-if-e10000-2/8)#openflow protected-vlans 100 Brocade(config-if-e10000-2/8)#openflow enable layer2 hybrid-mode Since this protected VLAN has become part of VPLS VLAN on this port, VPLS switching on this protected VLAN will be supported.
1 Configuring OpenFlow Brocade(config)#no tag e 2/8 Now that, the port has become a normal port and VPLS instance is configured on the port, It will do VPLS processing for that VLAN. To remove OpenFlow hybrid mode from a port with configured unprotected VLAN and a VPLS instance, execute the following commands. Brocade(config)# Brocade(config)#router mpls Brocade(config-mpls)# Brocade(config-mpls)#vpls v1 100 Brocade(config-mpls)#vpls-peer 17.17.17.
Configuring OpenFlow 1 Enabling OpenFlow on Brocade NetIron CER and Brocade NetIron CES devices You can optionally specify the MAC address match rule capability as either source MAC or destination MAC address. Default is destination MAC address. On these devices, you cannot change the MAC address match option dynamically. You must first disable the current mode and then enable the new option.
1 Configuring OpenFlow You can specify Layer 2 or Layer 3 or both layers in hybrid mode as Layer23 matching mode to be supported on the interface. By default, interfaces on these devices support Layer 2 matching mode. If you enable Layer 2 matching mode on the specified interface, only Layer 2 matching fields are supported on that interface. Flow validation These validations are required before programming flows on Layer23 port. • When IP fields exist in rule then ether_type must be 0x800.
Configuring OpenFlow 1 Setting the system maximum The system-max openflow-pvlan-entries command sets the CAM size of OpenFlow protected VLAN entries for the device. By default, this value is set to 0. Brocade(config)# system-max openflow-pvlan-entries 2000 Syntax: system-max openflow-pvlan-entries value The value variable represents the number of port and protected VLAN combination entries that can be configured in the system. The range is from 0 to 2048.
1 Configuring OpenFlow The ip-address keyword specifies the IP address of the Controller. By default, the connection with the Controller uses SSL encryption, but you can optionally disable SSL encryption using the no-ssl keyword. By default, the OpenFlow connection uses TCP port 6633, but you can specify another port using the port keyword. Use the [no] version of the command to remove the specified OpenFlow Controller connection.
Configuring OpenFlow 1 To reenable SSL client in the device, use the [no] version of the command. Configuring multiple controller connections Brocade devices support up to three controller connections. You can configure these connections with active or passive modes, in any combination, such as all active, all passive, or some active and some passive. Each connection requires its own separate command. To configure these, you enter separate commands.
1 Configuring OpenFlow Use the show running configuration command: When OpenFlow is enabled on the device, the show running configuration command displays output similar to the following: Brocade(config)# show run Current configuration: ver V5.4.0iT183 mirror ethernet 1/19 openflow enable ofv100 Show command The show OpenFlow command displays the configuration for OpenFlow. It includes the configured unprotected VLANs as well.
Configuring OpenFlow 1 Syntax: show openflow Displaying the OpenFlow status If OpenFlow is enabled on a device, you can get detailed report of the OpenFlow status on that device. Brocade NetIron CER and Brocade NetIron CES devices: On these devices, only Layer 2 matching mode is supported on the interfaces. Brocade(config)# show openflow interface Port Link Port-State Speed Tag MAC OF-portid Name 1/1 Up Forward 1G No 0000.00b4.89c1 1 1/2 Up Forward 1G No 0000.00b4.89c2 2 1/3 Up Forward 1G No 0000.00b4.
1 Configuring OpenFlow Member of VLAN 1 (untagged), port is in untagged mode, port state is Disabled STP configured to ON, Priority is level0, flow control enabled OpenFlow enabled, Openflow Index 1, Flow Type Layer2 Priority force disabled, Drop precedence level 0, Drop precedence force disabled dhcp-snooping-trust configured to OFF Displaying the configured connections to controllers Use the show openflow command to display the OpenFlow configuration, including the configured connections to controllers
Configuring OpenFlow TABLE 8 1 Output fields for the show openflow command Field Description Administrative Status Indicates the administrative status of OpenFlow on the device. Controller Type Indicates the OpenFlow protocol version that is supported on the device. Currently, Brocade devices support OpenFlow version 1.0.0. Number of controllers Lists the number of controller connections configured on the device. Brocade devices support up to three concurrent controller connections.
1 Configuring OpenFlow Total number of data bytes sent to controller: Flow ID: 1 Priority: 32768 Status: Active Rule: In Port: e1/2 In Vlan: Untagged Destinaltion Mac: 000.0000.0001 Destination Mac Mask:FFFF.FFFF.FFFF Action: FORWARD Out Port: e1/1, Untagged Statistics: 0 Total Pkts: 0 Total Bytes: 0 0 Flow ID: 2 Priority: 32768 Status: Active Rule: In Port: e1/2 In Vlan: Tagged [10] Vlan PCP: 4 Destinaltion Mac: 0000.0000.0001 Destination Mac Mask:FFFF.FFFF.
Administrating OpenFlow 1 OpenFlow scaling • Switchover and HLOS are not supported. When the active management processor (MP) goes down, communication with the controller is brought down and the flow tables on the MP and all line processors (LP) are cleared. The connection with the controller is re-established after switchover. • When LP is reset, the flow table on the LP is restored once the LP comes up and flows specific to that LP are maintained in the MP.
1 Show tech Show tech The show tech-support openflow command captures the output of multiple show commands at one time, tobe used for diagnostic purposes. Brocade# show tech-support openflow.
OpenFlow configuration considerations 1 Example TABLE 10 Output fields for the show openflow command Field Description Administrative Status Indicates the administrative status of OpenFlow on the device. Controller Type Indicates the OpenFlow protocol version that is supported on the device. Currently, Brocade devices support OpenFlow version 1.0.0. Number of controllers Indicates the number of controller connections configured on the device.
1 OpenFlow configuration considerations • OpenFlow defines port numbers sequentially from 1. The OF-portid parameter in the output of the show openflow interface command is assigned to the ports on the device. On Brocade MLX Series and Brocade NetIron XMR devices, 48 OpenFlow ports are reserved per slot. OpenFlow port numbering starts from slot 1. That is, OpenFlow port 1 is port 1/1 (1/1 = slot 1/port 1), OpenFlow port 2 is port 1/2, and so on.
Commands 1 3. Optional: Set the maximum number of flows to zero using the system-max openflow-flow-entries 0 command. 4. Reload the device.
1 openflow enable layer2|layer3 |layer23 hybrid-mode openflow enable layer2|layer3 |layer23 hybrid-mode Enables or disables the hybrid port mode on the port. Syntax Parameters [no] openflow enable layer2|layer3 | layer23 hybrid-mode slot/port Specifies the port that you want to enable or disable the hybrid port mode.
openflow enable layer2|layer3 |layer23 hybrid-mode 1 History Release Command History Multi-Service IronWare R05.6.00 This command was modifed to display OpenFlow hybrid port mode information.
1 clear openflow flowid | all clear openflow flowid | all Delete flows from the flow table. Syntax Parameters clear openflow flowid|all flow-id Flow ID Clears the given flow-id that you want to delete from the flow table .all Deletes all flows from the flow table Command Modes User EXEC mode Privileged EXEC mode Global configuration mode Usage Guidelines When an OpenFlow rule or all flows in the flow table need to be deleted you can use the clear openflow flowid/all flow-id command.
