Dell OpenFlow Deployment and User Guide Dell Software-Defined Networking (SDN)
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2014 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 Introduction ...............................................................................................................5 OpenFlow 1.0 Support.......................................................................................................................... 6 2 Configuring ACL CAM Carving on the S4810, S4820T, S6000, and MXL switch.....................................................................................................................
shutdown (OpenFlow Instance)......................................................................................................... 46 src-suppression...................................................................................................................................
Introduction 1 OpenFlow (OF) 1.0 [STD-1] is supported on the S4810, S4820T, S6000, Z9000, and MXL switches. Overview In a software-defined network (SDN), an external controller cluster manages the network and the resources on each switch. OpenFlow is a protocol used for communication between the controller and the switch. In the example topology below, the controller uses the OpenFlow protocol to communicate with two S4810 switches. Figure 1.
OpenFlow 1.0 Support OpenFlow (OF) 1.0 [STD-1] is supported on the S4810, S4820T, S6000, Z9000, and MXL switches. Match Parameters and Supported Values Using OpenFlow, you can transmit the switch’s ports and forwarding tables to the controller, allowing the controller to configure forwarding entries on the switch. OpenFlow also allows the controller to insert control packets through the switch and to redirect any missed flow packets from the switch to the controller.
• OFPAT_CONTROLLER: Sends all NO_MATCH or ACTION packets to the controller specified by the packet’s VLAN tag. • OFPAT_out_port: Displays a list of ports that can receive traffic. • OFPAT_DROP: Drops all packets that match the specified criteria. • MODIFY FIELD — Set VLAN ID: Assigns a VLAN ID (0 to 4094). • MODIFY FIELD — Set VLAN priority: Assigns a priority to a VLAN (0 to 7). • MODIFY FIELD — Modify Ethernet source MAC address: Changes the Ethernet source MAC address to the specified value.
• MODIFY FIELD — Strip VLAN header • MODIFY FIELD — Modify IPv4 source address • MODIFY FIELD — Modify IPv4 destination address • MODIFY FIELD — Modify transport source port • MODIFY FIELD — Modify transport destination port • MAX_BYTES_TO_SEND Limitations • OFPAT_OUTPUT to OFPP_FLOOD and OFPP_ALL are supported on the S4810, S4820T, S6000, and MXL switches. Support for these commands on the Z9000 was introduced in version 9.4(0.0).
Configuring ACL CAM Carving on the S4810, S4820T, S6000, and MXL switch 2 Dell Networking switches can operate in Hybrid mode, which enables OpenFlow and legacy functionality on the same switch. By default, access control list content addressable memory (ACL CAM) space is not allocated for OpenFlow. To enable OpenFlow, reserve CAM space for OpenFlow using the following commands. The amount of CAM space that you allocate for OpenFlow determines the number of available ACL entries.
3 Configuring ACL CAM Carving on Z9000 Dell Networking switches can operate in Hybrid mode, which enables OpenFlow and legacy functionality on the same switch. By default, access control list content addressable memory (ACL CAM) space is not allocated for OpenFlow. To enable OpenFlow, reserve CAM space for OpenFlow using the following commands. The amount of CAM space that you allocate for OpenFlow determines the number of available ACL entries.
Flow Types 4 Dell Networking switches support three types of flows: • ACL • L2 • L3 The following sections describe the mandatory match fields, optional match fields, mandatory actions, and optional actions for each flow type. ACL Flows Parameter Type Parameters Mandatory match fields None; any of the match parameters can be wildcards. Optional match fields All 12 match fields defined in OpenFlow (OF) 1.0 are supported. Mandatory actions None.
Parameter Type Mandatory actions Optional actions Parameters • All fields other than the ones listed in “Mandatory match fields” and “Optional match fields” must be wildcards. • You must specify set_dl_src (set src-mac) as the port mac (local mac) for the swtich. • set_dl_dst (set dst-mac) • Single OFPAT_OUTPUT action to a switch port. OFPAT_SET_VLAN is optional for OpenFlow (OF) ports and mandatory for OF virtual local area networks (VLANs).
Configuring OpenFlow Instances 5 This section describes how to enable and configure OpenFlow instances on a switch. • You can use up to 16 OpenFlow instances on a switch. The OpenFlow (OF) ID range is from 1 to 16. • You must allocate CAM blocks for use by OpenFlow before configuring any OpenFlow instances.
If you do not specify a default VLAN for packet routing, the software assigns the first available VLAN as the default VLAN when you create the first OF instance. To specify a default VLAN, use the openflow vlan command. 1. Create or modify an OF instance. CONFIGURATION mode openflow of-instance of-id 2. If this is a new OF instance, continue to step 3. To change an existing OF instance, disable it first. NOTE: All new OF instances are disabled by default.
9. Enable the OF instance.
Forwarding Features 6 Flow Failover This feature provides failover support if a controller is unavailable. If the connection to a controller is lost, installed flows are retained and used for forwarding traffic until they are updated. This feature is enabled by default but you can disable failover on individual instances by using the use the no fail-mode secure command. If you disable failover, all flows to the unavailable controller are dropped.
VLAN Tag Removal This feature allows an interface processor (IFP) action to remove the outer VLAN tag from a packet before sending it out of the egress port. NOTE: This feature is supported for OF egress ports only. OF VLAN egress ports are not supported and flows with the strip-vlan action and an OF VLAN member port as the egress port are rejected.
7 Egress QoS The controller can provide basic egress quality of service (QoS) policies for packets and assign a priority based on match parameters specified by the controller. To enable QoS, use one flow to determine the egress port for the packet (for example, an L3 flow) and another flow such as an ACL flow to determine the egress port for all packets matching the specified parameters.
OpenFlow Interfaces 8 This section describes how you can apply OpenFlow to specific interfaces. • • • • You can use the S4810, S4820T, S6000, Z9000 or MXL switch as a Hybrid switch, allowing both OpenFlow (OF) and legacy functionality simultaneously. By default, all ports are available for legacy functionality. To enable OpenFlow, associate a port or virtual local area network (VLAN) to an OF instance. You can only do this when the OF instance is disabled.
shutdown command. Configure OF VLAN members in the same way as you would configure a legacy VLAN. NOTE: You cannot assign the default VLAN as an OF VLAN. There is an interface-type parameter in each instance. By default, this parameter is set to port, indicating that the instance is used for OF ports.
Flow Setup 9 This chapter describes the configuration options required to set up flows. Sample Topology In the following sample topology, two OF instances are shown. of-instance 1 has an interface type of port and demonstrates ACL and L3 flows. of-instance 2 has an interface type of vlan and demonstrates ACL, L2, and L3 flows. L2 flows are supported on OF VLANs only. Figure 2.
Number of Flows Packets (acl) Bytes (acl) Controller 1 Controller 2 Port List : : : : : : Vlan List Vlan Mbr list : : 1 TCP, 10.11.205.184/6633, connected (equal) Te 0/7 (8), Te 0/31 (32) To display information for the second OF instance, use the show running-config openflow ofinstance 2 command: Dell# show running-config openflow of-instance 2 ! openflow of-instance 2 controller 1 10.11.205.
Valid Match: Etype,DMAC,IP proto,DPort In Port : * EType SMAC : * DMAC VLAN id : * VLAN PCP IP TOS : * IP proto Src IP : * Dest IP Src Port : * Dest Port Actions: Set VLAN id: 111 Output: Te 0/31 : : : : : : ip 00:11:11:11:11:11 * udp * 8900 Dell#show openflow of-instance 1 Instance : 1 Admin State : Up Interface Type : Port DP Id : 00:01:00:01:e8:8b:1a:30 Forwarding Tbls : acl,mac,route Flow map : l3 EchoReq interval: 15 seconds Connect interval: 15 seconds Number of Flows : 1 (acl:1) Packets (acl) : 1
Priority: 32768, Internal Priority: 0 Up Time: 0d 00:00:13, Hard Timeout: 0 seconds Idle Timeout: 0 seconds, Internal Idle Timeout: 0 seconds Packets: -, Bytes: Match Parameters: Valid Match: Etype,DMAC,DIP In Port : * EType : ip SMAC : * DMAC : 00:01:e8:8b:1a:32 VLAN id : * VLAN PCP : * IP TOS : * IP proto : * Src IP : * Dest IP : 1.1.1.
The following example demonstrates a sample flow of-vlan 200: Dell#show openflow flows of-instance 2 Instance: 2, Table: mac, Flow: 4, Cookie: 0xffffffffac2dbbf2 Priority: 32768, Internal Priority: 0 Up Time: 0d 00:00:09, Hard Timeout: 0 seconds Idle Timeout: 0 seconds, Internal Idle Timeout: 0 seconds Packets: -, Bytes: Match Parameters: Valid Match: DMAC,Vid In Port : * EType : * SMAC : * DMAC : 00:22:22:22:22:22 VLAN id : 200 VLAN PCP : * IP TOS : * IP proto : * Src IP : * Dest IP : * Src Port : * Dest P
Exceptions 10 This section describes the constraints of OpenFlow. • Dell Networking switches can operate as Hybrid switches (switches running OpenFlow and legacy functions simultaneously). You cannot enable Legacy functionality (switching and routing) on OF ports or OF virtual local area networks (VLANs), as these interfaces are controlled by an OpenFlow controller and are not available. • Stacking of OpenFlow switches is not supported for the S4810, S4820T, S6000, or MXL switches.
L3 Flow Exceptions • Non-zero integers for the idle timeout are not supported and are ignored for L3 flows. L3 flows are not aged out. • For L3 flows, flow priority is not applicable. Instead, the destination IP (dst-ip) network mask length is used to prioritize the flow, with longer mask lengths having priority over shorter mask lengths. For example, an L3 flow with a dst-ip network mask length of 32 has priority over a flow with a dst-ip network mask length of 31.
OpenFlow Commands 11 Use the following commands for software-defined networking (SDN) OpenFlow.
NOTE: Each mode prompt is preceded by the host name. INTERFACE Mode Use INTERFACE mode to configure interfaces or IP services on those interfaces. An interface can be physical (for example, a Gigabit Ethernet port) or virtual (for example, the Null interface). To enter INTERFACE mode: 1. Verify that you are logged in to CONFIGURATION mode. 2. Enter the interface command and then enter an interface type and interface number that is available on the switch.
Related Commands openflow of-instance — Creates or modifies an OpenFlow instance. controller Specify the OpenFlow controller configuration that the OpenFlow instance uses to establish a connection. Z9000, S4810, S4820T, S6000, and MXL Syntax Parameter controller {controller-id}{ip-address}[port port-number]tcp controller-id Enter the controller number. Enter 1 to assign the controller a primary role or enter 2 to assign the controller a backup role. ip-address Enter the IP address of the controller.
barrierreply Enable debugging for barrier-reply packets. barrierrequest Enable debugging for barrier-request packets. echo-reply Enable debugging for echo-reply packets. echo-request Enable debugging for echo-request packets. error Enable debugging for error packets. featuresreply Enable debugging for features-reply packets. featuresrequest Enable debugging for features-request packets. flow-mod Enable debugging for flow-mod packets.
of-instance {of-id} Defaults None Command Modes EXEC Command History statsrequest Enable debugging for stats-request packets. vendor Enable debugging for vendor packets. Enter the keywords of-instance followed by the OF instance ID. The range is 1 to 16. Version 9.3(0.0) Introduced on the S6000. Version 9.2(0.0) Introduced on the S4820T and MXL. Version 9.1(0.0) Introduced on the Z9000 and S4810.
flow-map Specify if flows installed by the controller should be interpreted by the switch for placement in L2 or L3 tables. Z9000, S4810, S4820T, S6000, and MXL Syntax Parameter flow-map {l2|l3} enable l2 Enter l2 to interpret Layer 2 flows. l3 Enter l3 to interpret Layer 3 flows. Defaults None (not enabled) Command Modes OPENFLOW INSTANCE Command History Version 9.3(0.0) Introduced on the S6000. Version 9.2(0.0) Introduced on the S4820T and MXL. Version 9.1(0.
Usage Information By default, flow misses are copied to the controller. To disable this feature on an OF instance, configure the controller to drop flow misses instead of copying them to the controller by using the flow-misses drop command. Related Commands shutdown — Enables or disables the OpenFlow instance. show openflow — Displays general information about OpenFlow instances. controller — Specifies the OpenFlow controller configuration that the OpenFlow instance uses to establish a connection.
Dell Networking does not recommend configuring global STP instances on ports using both legacy VLANs and OF VLANs. Related Commands openflow of-instance — Creates or modifies an OpenFlow instance. interface vlan Creates a VLAN and associates it with an OpenFlow instance. Z9000, S4810, S4820T, S6000, and MXL Syntax Parameters Command Modes Command History Usage Information Related Commands interface vlan vlan-id of-instance of-id vlan-id Enter the keyword vlan then the VLAN ID to specify a VLAN.
Command History Version 9.3(0.0) Introduced on the S6000. Version 9.2(0.0) Introduced on the S4820T and MXL. Version 9.1(0.0) Introduced on the Z9000 and S4810. Usage Information This is a vendor-specific CLI. Related Commands openflow of-instance — Creates or modifies an OpenFlow instance. of-instance (Interface) Add a physical interface or LAG to an OpenFlow instance. After you assign an interface to an OF instance, you cannot apply L2 or L3 protocols to that instance.
• Not a destination port for a port monitoring session If any of the above apply, the interface is not applied to the OF instance. LAGs or port-channel interfaces are supported as OF ports or OF VLAN members on OpenFlow. By default, all ports are available for legacy functionality.
If you are creating a new OF instance, enter the number you want to assign to the OF instance. If you are modifying an existing OF instance, enter the number of the instance you want to change. NOTE: Disable the OF instance before making any configuration changes. Defaults none Command Modes CONFIGURATION Command History Usage Information Version 9.3(0.0) Introduced on the S6000. Version 9.2(0.0) Introduced on the S4820T and MXL. Version 9.1(0.0) Introduced on the Z9000 and S4810.
controller — Specifies the OpenFlow controller configuration that the OpenFlow instance uses to establish a connection. openflow vlan Assign a default VLAN ID to an OpenFlow port to copy certain packet types received on an OF port to the controller and forward them out of a physical switch port. Z9000, S4810, S4820T, S6000, and MXL Syntax Parameters openflow vlan vlan-id vlan-id Enter the VLAN ID. The range is from 1 to 4094. Defaults none Command Modes OPENFLOW INSTANCE Command History Version 9.
show openflow Display general information about OpenFlow instances. Z9000, S4810, S4820T, S6000, and MXL Syntax Parameter show openflow [of-instance[of-id]] of-instance ofid (OPTIONAL) Enter the keywords of-instance to display information such as administrative state, interface-type, and operational state for all OpenFlow instances. (OPTIONAL) Enter the keywords of-instance followed by the OF instance ID to display details for the specified OF instance. The range is from 1 to 16.
show openflow flows Display detailed information about OpenFlow instances. Z9000, S4810, S4820T, S6000, and MXL Syntax Parameter show openflow flows[of-instance{of-id}][table{acl|mac|route| vlan}flow-id{flow-id}] of-instance ofid Enter the keywords of-instance followed by the OF instance ID to display details of all flows installed for the specified OF instance. The range is from 1 to 16.
Command History Usage Information Version 9.3(0.0) Introduced on the S6000. Version 9.2(0.0) Introduced on the S4820T and MXL. Version 9.1(0.0) Introduced on the Z9000 and S4810. To enable the OpenFlow instance, use the no shutdown command. When you use the no shutdown command, the OpenFlow instance sends a request to the OpenFlow controller to establish a connection. To disable an OpenFlow instance, use the shutdown command.
NOTE: If you disable source suppression, the following conditions apply: Related Commands • Dell Networking does not recommend enabling legacy features. • You cannot enable Hybrid mode. • If you install flows using OFPP_FLOOD or OFPP_ALL, traffic loops may occur. If you disable source suppression, Dell Networking recommends that you do not install flows using these parameters. shutdown — Enables or disables the OpenFlow instance. show openflow — Displays general information about OpenFlow instances.