WB 15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5412R zl2 Switch

HP OpenFlow 1.3 Administrator Guide

Wired Switches K/KA/KB/WB 15.15

Abstract

This document describes the general steps and individual commands for enabling OpenFlow operation on HP Switches.

Applicable Products

HP Switch 2920 series

HP Switch 3500 series

HP Switch 3800 series

HP Switch 5400 series, v1 and v2 modules

HP Switch 5406R series

HP Switch 5412A series

HP Switch 6200 series

HP Switch 6600 series

HP Switch 8200 series, v1 and v2 modules

HP Part Number: 5998-5517

Published: March 2014

Edition: 2

Summary of content (79 pages)

PAGE 1
HP OpenFlow 1.3 Administrator Guide Wired Switches K/KA/KB/WB 15.15 Abstract This document describes the general steps and individual commands for enabling OpenFlow operation on HP Switches.
PAGE 2
© Copyright 2014 Hewlett-Packard Development Company, L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
PAGE 3
Contents 1 Introduction...............................................................................................6 Conceptual overview.................................................................................................................6 OpenFlow architecture..............................................................................................................7 Virtualization mode..........................................................................................................
PAGE 4
Create a limiter......................................................................................................................33 Get limiter details...................................................................................................................33 Support flow with a limiter.......................................................................................................33 5 Administering OpenFlow...........................................................................
PAGE 5
Before you contact HP........................................................................................................63 HP contact information.......................................................................................................63 Subscription service............................................................................................................63 Documents....................................................................................................................
PAGE 6
1 Introduction This document provides the following: • General steps for OpenFlow configuration and administration • OpenFlow command syntax descriptions, including show commands • OpenFlow troubleshooting commands and debug actions This document only covers the additional features and commands for administering OpenFlow on certain HP switches that use software version 15.10 or later, as described below: Release Version Description K/KA.15.10 Added OpenFlow 1.
PAGE 7
Figure 1 OpenFlow switches and controller HP implementation complies with OpenFlow Switch Specification v1.0.0 (December 31, 2009.) With the K/KA.15.14 and WB.15.14 release, HP switches support OpenFlow Switch Specification v1.3.1 (September 2012). For implementation limitations with respect to the supported specifications, see “Supported RFCs and standards” (page 11). For more information see the Open Networking Foundation website at https:// www.opennetworking.org/.
PAGE 8
Figure 2 Virtualization mode Aggregation mode In Aggregation mode, all VLANs in the switch are part of an OpenFlow instance. The exception is the management VLAN and a VLAN that communicates to the controller. Similar to a lab environment the OpenFlow controller manages all the switching and routing for the switch. NOTE: 8 Introduction When Aggregation is configured, there is only OpenFlow traffic, no production traffic.
PAGE 9
Figure 3 Aggregation mode Figure 4 Example network with production non-OpenFlow, production OpenFlow, and experimental OpenFlow OpenFlow features and benefits With the addition of OpenFlow Specification 1.
PAGE 10
• Multiple Flow tables ◦ Pipeline processing • OpenFlow physical, logical and reserve ports • Version negotiation • Group tables • Auxiliary connections • OpenFlow Extensible Match (OXM) • Multiple controllers • Support for IPv6 flows OpenFlow switch side configuration enables the user to: • Enable or disable OpenFlow • Create OpenFlow instances and configure controller connections • Display OpenFlow related configuration • Availability of Config support to retain OpenFlow configuratio
PAGE 11
Supported RFCs and standards HP switches support OpenFlow Switch Specification, version 1.3.1 (September 2012) from the Open Networking Foundation, https://www.opennetworking.org/ with some differences. Unsupported features: • OFPP TABLE action. • Set-Queue action. • Handling of IP Fragments: OFPC_IP_REASM/OFPC_FRAG_REASM.
PAGE 12
Table 1 HP Switch features and interoperability with OpenFlow — by effect on feature or application (continued) Effect Feature Q-in-Q Remote Mirror Endpoint Transparent Mode Feature cannot be configured if OpenFlow is used OpenFlow can override this feature 5 4 Meshing DHCP Snooping DHCPv4 client DHCPv4 relay DHCPv6 client DNS Ping SNTP Telnet client and server TFTP TimeP Traceroute UDP broadcast forwarder OpenFlow can override this feature 5 BGP DHCPv6 relay Dynamic ARP Protection Dynamic IP Lockdo
PAGE 13
Table 1 HP Switch features and interoperability with OpenFlow — by effect on feature or application (continued) Effect Feature GVRP LACP Loop Protect sFlow UDLD OpenFlow does not affect this feature 7 STP loop guard BPDU guard MSTP RSTP STP PVST 1 2 3 4 5 These authentication features still function in an OpenFlow instance and ports of an OpenFlow instance. The security features take a first look at the packet before sending the packets to OpenFlow.
PAGE 14
Table 2 Switch modules scalability (continued) Switch/Modules 14 Introduction K/KA.15.10 K/KA.15.14, WB.15.14 Hardware: TCAM - 2000 per slot TCAM – 500 per slot for 2920 Hardware: Compatible mode – 1.
PAGE 15
2 Configuring OpenFlow Configuration overview 1. 2. 3. 4. 5. 6. 7. 8. 9.
PAGE 16
Syntax openflow [ enable | disable ] [no] openflow enable enable Enables OpenFlow globally. disable Disables OpenFlow globally. NOTE: Using no openflow without any additional parameters deletes all OpenFlow configuration. A warning message to confirm this command appears. NOTE: OpenFlow instance parameters can only be changed with OpenFlow disabled. Instance parameters cannot be changed when instance is enabled. To enable an instance use the following command.
PAGE 17
Instance names can have a maximum length of 32 case-insensitive alphanumeric characters, numerals, and underscore. aggregate Creates an OpenFlow instance that includes all VLANs except the management VLAN and the OpenFlow controller VLANs. See “Aggregation mode” (page 8) for details on the use of this parameter. enable Enables the named OpenFlow instance or aggregate. disable Disables the named OpenFlow instance or aggregate. OpenFlow instance mode OpenFlow can work either in active or passive mode.
PAGE 18
instance-name Add a member to this OpenFlow instance. vlan vlan-id Adds the VLAN to the named OpenFlow instance. Flow location This command sets the location of flows for an instance or the aggregate. In hardware-only mode, flows are programmed only in hardware. The flows are located in hardware and software by default. Syntax [no] openflow instance { instance-name | aggregate } flow-location hardware-only instance-name Sets flow location for the named instance.
PAGE 19
RECEIVED: stat_repl {type="port-desc", flags="0x0" {no="4", hw_addr="08:2e:5f:69:6e:7c", name="1/4", config="0x0" , state="0x1", curr="0x0", adv="0x0", supp="0x0", peer="0x0", curr_spd="0kbps", max_spd="0kbps"}, {no="2", hw_addr="08:2e:5f:69:6e:7e", name="1/2", config="0x0", state="0x4", curr="0x220", adv="0x0", supp="0x22f", peer="0x0", curr_spd="3567587328kbps", max_spd="3567587328kbps"}, {no="5", hw_addr="08:2e:5f:69:6e:7b", name="1/5", config="0x0", state="0x1", curr="0x0", adv="0x0", supp="0x0", peer="
PAGE 20
The no removes the identified controller, if the controller is not in use by any OpenFlow instances. Range: 1 – 128 ip-address OpenFlow controller IP address. tcp-port Optional: Specify the port through which to connect to a controller. Default: port number 6633 Range: 1024 – 65535 controller-interface The no form of the command with this parameter deletes the OpenFlow controller connection. vlan-id Connect to the OpenFlow controller through the identified VLAN.
PAGE 21
Securing the connection between an OpenFlow instance and the controller Syntax [no] controller-id controller-id secure secure Initiates a TLS connection with the controller (TLS version 1.0 or greater.) This command: • Secures the instance controller main connection. This option is available for OpenFlow version1.0 as well as OpenFlow version 1.3. • Supports CA signed certificates. For CA signed certificates, same ROOT certificate is used to sign both controller and switch certificate.
PAGE 22
The packets supported on an auxiliary channel are: • OFPT_HELLO • OFPT_ERROR • OFPT_ECHO_REQUEST/ REPLY • OFPT_FEATURES_REQUEST/REPLY • OFPT_PACKET_IN • OFPT_PACKET_OUT The main use of an auxiliary connection is for transactions related to message of type: OFPT_PACKET_IN/OFPT_PACKET_OUT. Options index Unique identifier for an auxiliary connection. port Protocol port on which the controller can be reached. type Type of transport protocol to be used: TCP or UDP.
PAGE 23
Controller Id Connection Status Connection State Secure Role ------------- ----------------- ---------------- ------ -----1 Disconnected Void No Equal Auxiliary Auxiliary Auxiliary Controller Id Conn. index Auxiliary ID Conn. Status Conn. State Type ------------- ----------- ------------ ------------- ----------- ---1 1 1 Disconnected Void TCP #HP-8206zl# show run openflow controller-id 1 ip 20.0.0.
PAGE 24
fail-standalone If the switch loses connection with all controllers, packets of new flows are handled by the legacy switching and routing functions. Existing flows of this OpenFlow instance are removed. Setting maximum backoff interval for an instance You can specify the maximum interval between two consecutive attempts to connect to a controller by an OpenFlow instance. The interval between two consecutive attempts increases exponentially until it reaches the specified value.
PAGE 25
Controller roles Controller Roles is a mechanism which helps controllers synchronize handoff’s in a scenario where multiple controllers are connected to the switch. A Controller is assigned one of the following roles: • Equal • Master • Slave Equal This is the default role for a controller. The controller has full access to the switch and is equal to other controllers in the same role receiving all of the switch asynchronous messages (such as packet-in, flow-removed.
PAGE 26
2 Connected Active No Master Controller role change When a controller’s role is changed, the following messages occur: OFPT_ROLE_REQUEST Message from controller to change or query its role. OFPT_ROLE_REPLY Message sent in response to the OFPT_ROLE_REQUEST, it returns the current Roleof the controller. OFPT_SET_ASYNC A controller, through this message can configure what asynchronous message it wants to receive.
PAGE 27
Port Modification Port #: 5 MAC Address: HewlettP_02:2c:bb (84:34:97:02:2c:bb) Port ConfigFlags .... .... .... .... .... .... .... ...0 = Port is administratively down: No (0) .... .... .... .... .... .... .... ..0. = Disable 802.1D spanning tree on port: No (0) .... .... .... .... .... .... .... .0.. = Drop non-802.1D packets received on port: No (0) .... .... .... .... .... .... .... 0... = Drop received 802.1D STP packets: No (0) .... .... .... .... .... .... ...1 ....
PAGE 28
.... .... .... .... .... ..0. .... .... = Auto-negotiation support: No (0) .... .... .... .... .... .0.. .... .... = Pause support: No (0) .... .... .... .... .... 0... .... .... = Asymmetric pause support: No (0) Pad: 0 Pad: 0 Pad: 0 Pad: 0 Example Send a Port-Mod command to the switch using dpctl, a controller utility. root@openflow-ubuntu-10:/home/openflow# dpctltcp:10.20.30.50:6633 port-desc ...
PAGE 29
Example Openflow # egress-only-ports Configured OF Version : 1.0 Negotiated OF Version : 1.0 Instance Name : test Admin. Status : Enabled Member List : VLAN 3 Listen Port : None Oper. Status : Up\ Oper. Status Reason : NA DatapathID : 00032c4138c98500 Mode : Active Flow Location : Hardware and Software No. of Hw Flows : 0 No. of Sw Flows : 0 Hw. Rate Limit : 0 kbps Sw. Rate Limit : 100 pps Conn. Interrupt Mode : Fail-Secure Maximum BackoffInterval : 60 seconds Probe Interval : 10 seconds Hw.
PAGE 30
NOTE: Increasing the software rate limit increases CPU consumption and may impact system performance. If the software rate limit is specified beyond 1000 pps, the warning listed below will be displayed: Increasing the software rate limit would increase CPU consumption and may impact the system performance.
PAGE 31
Example openflow# limit multiport-filter-usage [1-100] 0-100: Maximum percentage of Multiport filters used by OpenFlow. HP-3500yl-24G-PoEP# show openflow multiport-filter-limit Total Multiport Filters: 2037 Filters Filters Filters Features Allocated Used Free ------------ ---------- ----------- ----------OpenFlow 1024 0 1024 Hardware statistics refresh rate Syntax openflow-instance-name [#]hardware statistics|refresh rate policy-engine-table Refresh rate for policy engine table statistics.
PAGE 32
3 Group table Groups represent sets of actions for flooding as well as more complex forwarding semantics (e.g. multipath, fast reroute, and link aggregation). As a general layer of indirection, groups also enable multiple flow entries to forward to a single identifier (e.g. IP forwarding to a common next hop). This abstraction allows common output actions across flow entries to be changed efficiently.
PAGE 33
4 OpenFlow per-flow rate limiting OpenFlow supports per-flow rate-limiters for OpenFlow 1.0 as HP vendor extensions. A rate-limiter controls the rate of packets passing through a switch. Per-flow rate-limiters associate an arbitrary number of flows with a rate-limiter. Using OpenFlow with per flow rate-limiters, any number of flows can be flexibly mapped to a rate-limiter, regardless of their source and destination ports.
PAGE 34
5 Administering OpenFlow Additional fields and filters added in OpenFlow version 1.3 increases the available show commands. Monitoring OpenFlow OpenFlow can be monitored at several levels and the rate at which the information from the hardware is refreshed can be configured. Displaying OpenFlow information Displays the versions of OpenFlow instance with status and flow data.
PAGE 35
controllers Shows controllers configured for OpenFlow. See “Viewing OpenFlow controllers” (page 41) instance-name Instance information can be obtained for ports or flows. port-statistics Shows port statistics. flows flow-type Shows the flow table entries for a particular OpenFlow instance. The various flows displayed using flow-type are shown in Example 2 “Flow version 1.0” and Example 3 “Flow version 1.3” below.
PAGE 36
Example 2 Flow version 1.0 ()# show openflow instance titan flows Flow 1 Match Incoming Port : F24 Ethernet Type : IP Source MAC : 000000-000000 Destination MAC : 000000-000000 VLAN ID Source Protocol Address Target Protocol Address IP Protocol Source Port Attributes Priority Hard Timeout Byte Count Controller ID Flow Location Reason Code Reason Description Actions Modify Destination IP Modify Source IP Output 36 Administering OpenFlow : : : : 0 255.255.255.255/32 128.128.128.
PAGE 37
Example 3 Flow version 1.3 ()# show openflow instance titan flows Flow 1 Match Incoming Port : 1/17 Ethernet Type : IP Source MAC : 000000-000000 Destination MAC : 000000-000000 VLAN ID : 0 VLAN Priority : 0 Source Protocol Address : 255.255.255.255/32 Target Protocol Address : 128.128.128.
PAGE 38
Activity Count Hardware Index Flow 4 Match Source MAC VLAN ID : 0xffffffff : 1 : 000000-000000 : 0 ARP Opcode ARP Source MAC ARP Target MAC Source Protocol Address Target Protocol Address Source IP Destination IP IPv6 Flow Label IPv6 Ext.
PAGE 39
flow-table Show flows that are hit most corresponding to the flow table number. ingress-port Show flows matching the ingress port. source-ipv6 Show flows matching the source IPv6 address. Viewing OpenFlow instances You can display OpenFlow information for a specific instance. This includes the memberships of OpenFlow instance, the controllers and listen-port for that instance and other relevant information.
PAGE 40
Possible connection states are Active, Idle, Backoff, Connecting, or Void. Possible connection status values are Connected or Disconnected. Viewing instance aggregate Display information of an OpenFlow aggregate instance. Example 4 Show OpenFlow instance aggregate show openflow instance titan Configured OF Version : 1.3 Negotiated OF Version : NA OpenFlow Version : 1.3 Instance Name : titan Admin. Status : Disabled Member List : VLAN 1 Listen Port : 6633 Oper. Status : Down Oper.
PAGE 41
Example 5 Show OpenFlow resources HP Switch(config)# show openflow resources Resource usage in Policy Enforcement Engine | Rules | Rules Used Slots | Available | ACL | QoS | IDM | VT | Mirr | PBR | OF | Other | --------------+-----------+-----+-----+-----+-----+------+-----+------+-------| A | 3055| 0| 0| 0| 0| 0| 0| 0| 0| F | 3055| 0| 0| 0| 0| 0| 0| 0| 0| | Meters | Meters Used Slots | Available | ACL | QoS | IDM | VT | Mirr | PBR | OF | Other | --------------+-----------+-----+-----+-----+-----+------+---
PAGE 42
NOTE: This option is available only for instances running OpenFlow version 1.3. Viewing additional flow information Syntax show openflow instance instance-name flow-table flow-table-id table-capability Viewing global flow table information Syntax show openflow flow-table Displays global flow table information. Example HP-5406zl(of-inst-t1)# show openflow flow-table Flow Table Information Table Name ----------------------IP Control Table Policy Engine Table Max.
PAGE 43
Example 7 Show table-capability show openflow instance test flow-table 50 table-capability OpenFlow IP Control Table Table Match Capabilites: VLAN ID Source IPv4, IPv6 Destination IPv4, IPv6 Table Instructions: Goto Table 101 Table-Miss Instructions: *Goto Table 102 *Currently configured action for table-miss flow.
PAGE 44
IP Proto Source IPv4, IPv6 Source Port IPV6 Flow Label Source SCTP Port ICMPv4 Type ARP Opcode ARP Source IPv4 ARP Source MAC ICMPv6 Type IPv6 ND SLL ND IPv6 Target Table Instructions: Apply-Actions Set-Field VLAN ID Strip VLAN Source MAC Set TTL IP ECN Output Drop, Normal Clear-Actions Write-Actions Write-Metadata Table-Miss Instructions: Apply-Actions Output Drop, Normal Goto Table-201, *202, 203, 204 Destination IPv4, IPv6 Destination Port Destination SCTP Port ICMPv4 Code ARP Destination IPv4 ARP Desti
PAGE 45
Actions :output F2 Packet Count : 0 Byte Count : 0 Watch port : Any Weight : 0 Action : Output F23 Group ID : 1 Group Type : SELECT Reference Count: 0Packet Count: 0 Byte Count: 0 Duration: 10 Action Buckets: 1 Bucket 1: Packet Count: 0 Byte Count: 0 Watch Port: Any Weight: 1 Actions: output A Group ID: 7 Group Type: INDIRECT Reference Count: 0 Packet Count: 0 Byte Count: 0 Duration: 10 Action Buckets: 1 Bucket 1 Packet Count: 0 Byte Count: 0 Watch Port: Any Weight: 0 Actions: output A1 Group ID: 32 Group T
PAGE 46
supported only in extended match mode; however DSCP remark type band meter cannot be attached to flows with a non-IP match. Syntax show openflow instance instance-name meters HP-3800-24SFP-2SFPP# show open inst t3 meters OpenFlow Instance Meters Meter ID : 1 Flow Count : 1 Input Packet Count : 0 Duration : 0 Packet Band Type Rate Count --------- ------------ -------Drop 150 kbps 0 Viewing auxiliary connection information Only one auxiliary connection is supported per main controller connection.
PAGE 47
Example 9 Show OpenFlow instance information HP-3500yl-24G-PoEP# show openflow instance limiters OpenFlow Instance Per Flow Rate Limiters Maximum Limiters : 256 Rate Limiter ID ---------112 Action -----Drop (kbps) ---------128 Flow Count ---------2 Viewing group table information Viewing multiport-filter-limit Syntax show openflow multiport-filter-limit Displays multiport filter information. (Only in OpenFlow version 1.3.
PAGE 48
Example 11 Display port statistics for version 1.3 HP-Switch# show openflow instance test port-statistics Number of Ports: 2 Port 47: Up Status Admin. Status : Enabled Flood : Enabled Receive : Enabled Forward : Enabled Packet_in : Enabled Statistics Collisions : 0 Rx Packets : 0 Tx Packets : 68 Rx Bytes : 0 Tx Bytes : 8066 Rx Dropped : 0 Tx Dropped : 0 Rx Errors : 0 Tx Errors : 0 Frame Errors : 0 CRC Errors : 0 Overrun Errors : 0 Port 48: Down Status Admin.
PAGE 49
Example 12 Show OpenFlow instance message-statistics OpenFlow #: show OpenFlow Message Type --------------OFPT_FLOW_MOD OFPT_PORT_MOD OFPT_GROUP_MOD OFPT_METER_MOD openflow instance instance-name message statistics Received -------100 120 22 12 Rejected -------12 22 2 0 Viewing OpenFlow instance information Syntax show openflow instance capabilities Displays OpenFlow instance capabilities.
PAGE 50
6 Troubleshooting OpenFlow Diagnostic Tools Overview and Usage Debug OpenFlow You can display OpenFlow protocol packets or event description. NOTE: The debug openflow packets option only displays OpenFlow protocol packets exchanged between the switch and the controller. Syntax HP Switch# debug openflow errors Display OpenFlow error messages. events Enable debug messages for all OpenFlow events like addition/deletion/modification, enable/disable etc.
PAGE 51
Meshing cannot be configured when OpenFlow is enabled. Enable OpenFlow with QinQ Enabling OpenFlow when Q-in-Q is enabled will result in an error message similar to the following. OpenFlow cannot be enabled when Q-in-Q is configured. Enabling QinQ with OpenFlow Enabling Q-in-Q when OpenFlow is enabled will result in an error message similar to the following. Q-in-Q cannot be configured when OpenFlow is enabled.
PAGE 52
Enable LACP Trying to enable LACP while OpenFlow is enabled generates the following error message. LACP cannot be configured when OpenFlow is enabled. Enable OpenFlow Trying to enable OpenFlow when LACP is enabled generates the following error message. OpenFlow cannot be configured when LACP is enabled. Show per-flow rate limiters Trying to show per-flow rate limiters for an instance running OpenFlow version 1.3 generates an error message similar to the following.
PAGE 53
Configure or modifying an existing controller Attempting to configure a controller that already exists or modifying the parameters of an existing controller will result in an error message similar to the following. A controller is already configured with this ID. Associated controllers Attempting to delete existing controllers previously associated with an OpenFlow instance will result in an error message similar to the following. Controller cannot be removed when in use by an OpenFlow instance.
PAGE 54
No limiters found for this OpenFlow instance. VLAN error messages Member to controller VLAN Specifying a member VLAN as a controller VLAN will result in an error message similar to the following. The specified VLAN is already member of OpenFlow instance instance-name and hence cannot be added as controller interface. VLAN in an OpenFlow instance Specifying a VLAN that is already a part of a different OpenFlow instance will result in an error message similar to the following.
PAGE 55
Instance error messages Enable a named instance Attempting to enable a named instance without a listen port or controller and a member VLAN will display an error message similar to the following. A controller and a member VLAN must be added to the named instance before enabling it. Enable an aggregate instance Attempt to enable an aggregate instance without a listen port or controller will display an error message similar to the following.
PAGE 56
Modifying backoff interval Trying to modify the backoff interval when the instance is enabled will display an error message similar to the following. Instance configuration cannot be modified when the instance is enabled. Instance name When naming an instance, only alphanumeric characters, numerals and underscores are allowed in the instance name. Failure to following this rule will display an error message similar to the following. Invalid name. Only alphanumeric characters and underscores are allowed.
PAGE 57
Other scenarios Setting policy engine resource usage when OpenFlow is enabled When the policy engine resource usage is set while OpenFlow is enabled, will display an error message similar to the following. Resource usage can be set only when OpenFlow is disabled. Securing a connection with no certificate configured When securing a connection with no certificate configured for OpenFlow, will display an error message similar to the following. Certificate for OpenFlow is not configured.
PAGE 58
Datapath ID : 0003082e5f698e25 Mode : Active Flow Location : Hardware and Software No. of Hw Flows : 0 No. of Sw Flows : 0 Hw. Rate Limit : 0 kbps Sw. Rate Limit : 100 pps Conn. Interrupt Mode : Fail-Secure Maximum Backoff Interval : 60 seconds Probe Interval : 10 seconds Hw. Table Miss Count : 0 No.
PAGE 59
Flow modification Add/Modify/Delete flow When a request to add, modify or delete a flow mod is rejected by the switch, use the following command.
PAGE 60
OFPERR_OFPBMC_BAD_FIELD (Bad or unsupported match parameter in the flow) OFPERR_OFPBAC_BAD_TYPE (Bad or unsupported action in the flow) OFPERR_OFPBIC_BAD_TABLE_ID OFPERR_OFPFMFC_UNKNOWN (Any internal system error) Policy engine table restrictions Error conditions for Table 100, 101, or 102 may result from the following: • In Aggregate mode, an Output-Port action is allowed only if the flow has VLAN as a match field or has as a Modify-VLAN action specified.
PAGE 61
For an OpenFlow1.3 instance, there could be several software tables, 200 to 203. Troubleshooting scenarios and error messages How to troubleshoot if instance is not coming up When an instance is not coming up, use the following commands to troubleshoot the instance status. 1. Run the command HP-Stack-3800(config)# show openflow HP-Stack-3800(config)# show openflow OpenFlow : Enabled IP Control Table Mode : Disabled Instance Information No. of No. of OpenFlow Instance Name Oper.
PAGE 62
NOTE: The HP Support Center at HP Support Center offers peer-to-peer support to solve problems and is free to users after registration. If this is a new problem or if you need additional help, log your problem with the HP Support Center, either on line through the support case manager at HP Support Center, or by calling HP Support.
PAGE 63
7 Support and other resources Contacting HP Before you contact HP Be sure to have the following information available before you call contact HP: • Technical support registration number (if applicable) • Product serial number • Product model name and number • Product identification number • Applicable error message • Add-on boards or hardware • Third-party hardware or software • Operating system type and revision level HP contact information For the name of the nearest HP authorized reseller
PAGE 64
• Basic Operation Guide • IPv6 Configuration Guide • Management and Configuration Guide • Multicast and Routing Guide • Event Log Message Reference Guide • Comware CLI Commands in ProVision Software Websites HP product websites are available for additional information. • HP Switch Networking web site: http://www.hp.com/networking/support • HP Technical Support website: http://www.hp.
PAGE 65
{} The contents are required in syntax. If the contents are a list separated by |, you must choose one of the items. ... The preceding element can be repeated an arbitrary number of times. Indicates the continuation of a code example. | Separates items in a list of choices. WARNING A warning calls attention to important information that if not understood or followed will result in personal injury or nonrecoverable system problems.
PAGE 66
For more information about the HP Customer Self Repair program, contact your local service provider. For the North American program, visit the HP website at http://www.hp.com/go/ selfrepair.
PAGE 67
8 Documentation feedback HP is committed to providing documentation that meets your needs. To help us improve the documentation, send any errors, suggestions, or comments to Documentation Feedback (docsfeedback@hp.com.) Include the document title and part number, version number, or the URL when submitting your feedback. NOTE: There has been a change to the style of the documentation with the newest release.
PAGE 68
A Flow classification on v1 and v2 modules Hardware differences between v1 and v2 Modules affect flow match and capabilities. For additional information about v1 and v2 Modules, compatibility and inter-operation of v2 zl Modules with v1 zl Modules in a chassis switch, see the latest Release Notes for your switch in the Compatibility Mode section, and the HP 8200 zl, 5400 zl, 3500, and 6200 yl Switch Series Technical Overview White Paper, 4AA0-5388ENW.
PAGE 69
Figure 6 OpenFlow v1.0 – K.15.10 for 5400 and 8200 with v2 modules, KA.15.10 for 3800 and WB.15.
PAGE 70
Figure 7 OpenFlow v1.0 and v1.3 – K.15.14 for 3500, 6200, 5400 and 8200 with v2 modules, KA.15.14 for 3800 and WB.15.14 for 2920 OpenFlow 1.
PAGE 71
Figure 9 IP control table mode Table 3 Device modes and OpenFlow table model Openflow Protocol Version Switch Mode Table Model V1.0 Compatible Mode Single table only – “allow-v1-modules” Number of tables Matching ability Actions in Hardware (Nov 2013) 1 Same as 15_10 Same as 15_10 1 Full 12 tuple match Same as 15_10 in policy engine Plus new actions – rewrite VLAN ID, rewrite MAC address, forward to multiple ports (V1 and V2) acts as V1 V1.
PAGE 72
B Implementation notes This section documents some of the behaviors exhibited during the implementation of OpenFlow. These behaviors were exposed during testing and may include unit, conformance, integration, interoperability, stress and system testing. A hardware flow with an idle timeout of 10 seconds gets deleted even though packets match the flow within the idle timeout Problem statement A hardware rule is programmed with idle timeout as 10 seconds and hard timeout as 0.
PAGE 73
Actions Controller Port DUT matches and processes incoming untagged packets for VLAN id For certain flows with a match on the VLAN ID, even untagged packets are matched. This happens on untagged ports only. The existing behavior exists because L2 hardware adds the VLAN id and VLAN priority meta-information irrespective of whether the packet came in tagged or untagged.
PAGE 74
a subnet mask of /24. Note that 10.10.10.1 here is the IP address of the switch which has an OpenFlow listen port open on port 6633. openflow@openflow-ubuntu-08:~$ ovs-ofctl add-flow tcp:10.10.0.1:6633 ip,nw_src=1.1.1.1/24,actions=output:1 To verify that this flow has been installed on the switch, we run the ovs-ofctl command and verify the output. openflow@openflow-ubuntu-08:~$ ovs-ofctl dump-flows tcp:10.10.0.1:6633 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=13.
PAGE 75
when it came in to the switch or based on the membership of the port that the packet came in to the switch. Precedence level in meters As per the OpenFlow specification 1.3.1, the prec_level given in the ofp_meter_band_dscp_remark indicates by what amount the DSCP value in the packets should be incremented if the packets exceed the band.
PAGE 76
C Configuring secure connection HP VAN SDN controller HP Switches running OpenFlow can securely connect to HP VAN SDN controller. Follow the procedures to accomplish the secure connection. 1. On the HP Switch running OpenFlow, create a crypto profile. Syntax crypto pki ta-profile VanProfile 2. Copy root certificate to the HP switch using this command: Syntax copy tftp ta-certificate VanProfile [103.0.11.34] HpRoot.pem 3.
PAGE 77
Index Symbols 6in4 tunnels, 10 802.
PAGE 78
H hardware flows, 18 hardware rate limiting, 29 I IDM, 11 IGMP Proxy, 12 IGMPv2, 12 IGMPv3, 12 Implementation notes CPU generated packets, 73 IP address masking, 73 Operation Status, 73 tagged/untagged packets, 73 Virtualization mode, 74 in_port command, 73 instance errors, 55 members, 17 instance to controller association, 20 instances, 16 Interoperability PVST, 13 interoperability, 11 802.
PAGE 79
OSPFv2, 12 OSPFv3, 12 ovs-ofctl, 10 P passive mode, 17 Per-flow rate-limiters Creating limiters, 33 flow, 33 Limiter details, 33 Maintaining limiters, 33 Per-flow rate-limiting QoS vendor extensions, 33 PIM-DM, 12 PIM-SM, 12 Ping, 12 policy engine errors, 61 Port ACLs, 11 Port Security, 11 PVST interoperability, 13 Q Q-in-Q, 12, 51 QoS vendor extensions Per-flow rate-limiters, 33 R rate limiting, 11, 29 Rate-limiter, 33 Remote Mirror Endpoint, 12, 51 RIP, 12 Router ACLs, 11 RSTP, 13 T TABLE action, 11 t