15-OpenFlow Command Reference

HomeSupportResource CenterSwitchesH3C S6300 Switch SeriesH3C S6300 Switch SeriesTechnical DocumentsCommandCommand ReferencesH3C S6300 Switch Series Command References-Release 243x-6W10015-OpenFlow Command Reference
Table of Contents
Related Documents
01-OpenFlow commands
Title Size Download
01-OpenFlow commands 148.89 KB

OpenFlow commands

In this chapter, an OpenFlow switch is the same as an OpenFlow instance, unless otherwise specified.

active instance

Use active instance to activate or reactivate an OpenFlow instance.

Use undo active instance to deactivate an OpenFlow instance.

Syntax

active instance

undo active instance

Default

An OpenFlow instance is not activated.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

An OpenFlow instance takes effect only after it is activated.

Reactivating an OpenFlow instance refreshes the configuration data and interrupts communication with the controllers.

You can reactivate an OpenFlow instance by using the active instance command after you deactivate the OpenFlow instance by using the undo active instance command.

Examples

# Activate OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] active instance

classification global

Use classification global to enable the global mode for an OpenFlow instance.

Use undo classification to remove the configuration.

Syntax

classification global

undo classification

Default

An OpenFlow instance is in the VLAN mode.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

If you execute the classification global and classification vlan commands multiple times, the most recent configuration takes effect.

By default, an OpenFlow instance is in the VLAN mode. When an OpenFlow instance is associated with VLANs, the flow entries take effect only on packets within those VLANs.

When the global mode is enabled for an OpenFlow instance, the flow entries take effect on packets within the network. All interfaces on the device belong to the OpenFlow instance, including VLAN interfaces and Layer 2 Ethernet interfaces.

Examples

# Enable the global mode for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] classification global

Related commands

classification vlan

classification vlan

Use classification vlan to associate VLANs with an OpenFlow instance.

Use undo classification to cancel the association.

Syntax

classification vlan vlan-id [ mask vlan-mask ] [ loosen ]

undo classification

Default

An OpenFlow instance is not associated with any VLAN.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies the VLAN ID in the range of 1 to 4094.

vlan-mask: Specifies a VLAN mask in the range of 0 to 4095. The default value is 4095.

loosen: Specifies the loosen mode for the OpenFlow instance-VLAN association.

Usage guidelines

The system calculates the VLANs to be associated according to the specified VLAN ID and mask. To view the associated VLANs, use the display openflow instance command.

If you execute this command multiple times, the most recent configuration takes effect.

When the loosen keyword is specified, a port belongs to an OpenFlow instance only when the VLANs associated with the OpenFlow instance overlap with the VLANs permitted on the port.

When the loosen keyword is not specified, a port belongs to an OpenFlow instance only when the VLANs associated with the OpenFlow instance are a subset of the VLANs permitted on the port.

Examples

# Associate an OpenFlow instance with a list of VLANs determined by VLAN ID 255 and VLAN mask 7.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] classification vlan 255 mask 7

Related commands

display openflow instance

controller address

Use controller address to specify a controller for an OpenFlow switch and configure the main connection to the controller.

Use undo controller address to remove the configuration.

Syntax

controller controller-id address { ip ip-address | ipv6 ipv6-address } [ port port-number ] [ local address { ip ip-address | ipv6 ipv6-address } [ port port-number ]] [ ssl ssl-policy-name ] [ vrf vrf-name ]

undo controller controller-id address

Default

An OpenFlow instance does not have a main connection to a controller.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

controller-id: Specifies a controller by its ID in the range of 0 to 63.

ip ip-address: Specifies the IPv4 address of the controller or the device.

ipv6 ipv6-address: Specifies the IPv6 address of the controller or the device.

local address: Specifies the IPv4 or IPv6 address that the device uses to establish connections with the controller.

port port-number: Sets the port number that the device or the controller uses to establish TCP connections between them. The value range for the port number is 1 to 65535. The default value is 6633.

ssl ssl-policy-name: Specifies the SSL client policy that the controller uses to authenticate the OpenFlow switch. The policy name is a case-insensitive string of 1 to 31 characters.

vrf vrf-name: Specifies the name of the VPN instance to which the controller belongs, a case-insensitive string of 1 to 31 characters.

Usage guidelines

You can specify multiple controllers for an OpenFlow switch. The OpenFlow channel between the OpenFlow switch and each controller can have only one main connection.

The OpenFlow switch exchanges control messages with a controller through the main connection to perform the following tasks:

·           Receive flow table entries or data from the controller.

·           Report information to the controller.

Examples

# Specify controller 10 for OpenFlow instance 1. The controller's IP address is 1.1.1.1 and the port number is 6666.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] controller 10 address ip 1.1.1.1 port 6666

controller connect interval

Use controller connect interval to set a reconnection interval for an OpenFlow instance.

Use undo controller connect interval to restore the default.

Syntax

controller connect interval interval-value

undo controller connect interval

Default

The reconnection interval is 60 seconds for an OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

interval-value: Sets a reconnection interval in seconds, in the range of 10 to 120.

Usage guidelines

The OpenFlow instance waits a reconnection interval before it attempts to reconnect to a controller.

Examples

# Set the reconnection interval to 10 seconds for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] controller connect interval 10

controller echo-request interval

Use controller echo-request interval to set the connection detection interval for an OpenFlow switch. The connection detection interval specifies the interval at which the OpenFlow switch sends an Echo Request message to a controller.

Use undo controller echo-request interval to restore the default.

Syntax

controller echo-request interval interval-value

undo controller echo-request interval

Default

The connection detection interval is 5 seconds for an OpenFlow switch.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

interval-value: Specifies the connection detection interval in seconds. The value range is 1 to 10.

Usage guidelines

As a best practice to reduce the CPU load, set the connection detection interval to a large value.

Examples

# Set the connection detection interval to 10 seconds for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] controller echo-request interval 10

controller mode

Use controller mode to set the controller mode for an OpenFlow instance.

Use undo controller mode to restore the default.

Syntax

controller mode { multiple | single }

undo controller mode

Default

The controller mode is multiple.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

multiple: Configures the controller mode as multiple.

single: Configures the controller mode as single.

Usage guidelines

An OpenFlow instance can connect to one or more controllers, depending on the controller mode the OpenFlow instance uses:

·           Single—The OpenFlow instance connects to only one controller at a time. When communication with the current controller fails, the OpenFlow instance uses another controller.

·           Multiple—The OpenFlow instance can simultaneously connect to multiple controllers. When communication with any controller fails, the OpenFlow instance attempts to reconnect to the controller after a reconnection interval.

Examples

# Configure the controller mode as single for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] controller mode single

datapath-id

Use datapath-id to configure the datapath ID for an OpenFlow instance.

Use undo datapath-id to restore the default.

Syntax

datapath-id datapath-id

undo datapath-id

Default

The datapath ID of an OpenFlow instance contains the instance ID and the bridge MAC address. The upper 16 bits are the instance ID and the lower 48 bits are the bridge MAC address.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

datapath-id: Specifies the datapath ID for an OpenFlow instance. The argument is a hexadecimal number and the value range is 1 to 0xFFFFFFFFFFFFFFFF.

Examples

# Set the datapath ID to 0x123456 for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] datapath-id 123456

default table-miss permit

Use default table-miss permit to change the default action of the table-miss flow entry to forward packets to the normal pipeline.

Use undo default table-miss permit to restore the default.

Syntax

default table-miss permit

undo default table-miss permit

Default

The default action of the table-miss flow entry is to drop packets after the OpenFlow instance is activated and before the controller deploys flow entries.

Views

OpenFlow instance view

Predefined user roles

network-admin

Examples

# Change the default action of the table-miss flow entry to forward packets to the normal pipeline.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] default table-miss permit

description

Use description to configure a description for an OpenFlow instance.

Use undo description to restore the default.

Syntax

description text

undo description

Default

An OpenFlow instance does not have a description.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

text: Specifies a description for the OpenFlow instance, a case-insensitive string of 1 to 255 characters.

Examples

# Configure a description for OpenFlow instance 1 as test-desc.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] description test-desc

display openflow controller

Use display openflow controller to display controller information for an OpenFlow instance.

Syntax

display openflow instance instance-id controller [ controller-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

controller-id: Specifies a controller by its ID in the range of 0 to 63. If no controller ID is specified, this command displays information about all controllers for an OpenFlow instance.

Usage guidelines

The controller information includes connection information and packet statistics.

Examples

# Display controller information for OpenFlow instance 10.

<Sysname> display openflow instance 10 controller

Instance 10 controller information:                                             

 Reconnect interval: 60 (s)                                                    

 Echo interval     : 5  (s)                                                    

                                                                               

 Controller ID           : 1                                                   

 Controller IP address   : 192.168.49.49                                       

 Controller port         : 6633                                                

 Controller role         : --                                                  

 Connect type            : TCP                                                  

 Connect state           : Idle                                                

 Packets sent            : 0                                                   

 Packets received        : 0                                                    

 SSL policy              : --                                                  

 VRF name                : --

Table 1 Command output

Field

Description

Reconnect interval

Reconnection interval (in seconds) for an OpenFlow instance to reconnect to all controllers.

Echo interval

Interval (in seconds) at which an OpenFlow instance sends an Echo Request message to all controller.

Controller IP address

IP address of the controller.

Controller port

TCP port number of the controller.

Controller role

Role of the controller:

·          EqualThe controller has the same mode as other controllers that are specified for the OpenFlow instance.

·          MasterThe controller is the master controller for the OpenFlow instance.

·          SlaveThe controller is a subordinate controller for the OpenFlow instance.

If the controller is not configured with any role, this field displays two hyphens (--).

Connect type

Type of the connection between the OpenFlow instance and the controller: TCP or SSL.

Connect state

State of the connection between the OpenFlow instance and the controller: Idle or Established.

Packets sent

Number of packets that have been sent to the controller.

Packets received

Number of packets that have been received from the controller.

SSL policy

Name of the SSL client policy used for SSL connections.

If no SSL client policy controller is configured, this field displays two hyphens (--).

VRF name

Name of the VPN instance to which the controller belongs.

 

display openflow flow-table

Use display openflow flow-table to display flow table information for an OpenFlow instance.

Syntax

display openflow instance instance-id flow-table [ table-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

table-id: Specifies a flow table by its ID in the range of 0 to 254.

Usage guidelines

If you do not specify the flow table ID, this command displays information about all flow tables for the specified OpenFlow instance.

Examples

# Display information about all flow tables for OpenFlow instance 10.

<Sysname> display openflow instance 10 flow-table

Instance 10 flow table information:

 

Table 0 information:

 Table type: MAC-IP, flow entry count: 1, total flow entry count: 2

 

MissRule (default) flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: reset_counts

 |no_pkt_counts|no_byte_counts, byte count: --, packet count: --

Match information: any

Instruction information:

 Write actions:

  Drop

 

Flow entry 1 information:

 cookie: 0x0, priority: 1, hard time: 0, idle time: 0, flags: none,

 byte count: --, packet count: --

Match information:

 Ethernet destination MAC address: 0000-0000-0001

 Ethernet destination MAC address mask: ffff-ffff-ffff

 VLAN ID: 100, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: XGE1/0/4

 Write metadata/mask: 0x0000000000000001/0xffffffffffffffff

 Goto table: 1

 

Table 1 information:

 Table type: Extensibility, flow entry count: 2, total flow entry count: 2

 

MissRule Flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: none,

 byte count: --, packet count: 60

Match information: any

Instruction information:

 Write actions:

  Drop

 

Flow entry 1 information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem

 |check_overlap, byte count: --, packet count: 1

Match information:

 Input interface: XGE1/0/3

 Ethernet source MAC address: 0000-0000-0001

 Ethernet source MAC address mask: ffff-ffff-ffff

Instruction information:

 Set meter: 100

 Apply actions:

  Output interface: XGE1/0/4

 Write actions:

  Output interface: Controller, send length: 128 bytes

Table 2 Command output

Field

Description

Table type

Type of the flow table: MAC-IP or Extensibility.

flow entry count

Number of flow entries deployed by controllers.

total flow entry count

Total number of flow entries in the table.

cookie

Cookie ID of the flow entry.

priority

Priority of the flow entry. The larger the value, the higher the priority.

hard time

Hard timeout of the flow entry, in seconds. The flow entry is aged out immediately after the hard timeout expires.

If the flow entry has no hard timeout, the field displays 0.

idle time

Idle timeout of the flow entry, in seconds. The flow entry is aged out if no packet matches the entry within the idle timeout.

If the flow entry has no idle timeout, the field displays 0.

flags

Flags that the flow entry includes:

·          flow_send_rem—Sends a flow removed message when the flow entry is removed or expires.

·          check_overlap—Checks for overlapping flow entries.

·          reset_counts—Resets flow table counters.

·          no_pkt_counts—Does not count packets.

·          no_byte_counts—Does not count bytes.

If the flow entry does not include any flags, this field displays none.

byte count

Number of bytes that have matched the flow entry.

packet count

Number of packets that have matched the flow entry.

Match information

Contents in the Match field of the flow entry (see Table 3).

Instruction information

Contents in the Instruction field of the flow entry:

·          Set meter—Sends the matched packet to a specified meter.

·          Write metadata/mask—Writes the masked metadata value into the metadata fields of the matched packet.  Metadata is used for passing messages between flow tables.

·          Goto table—Sends the matched packet to the next flow table for processing.

·          Clear actionsImmediately clears all actions in the action set of the matched packet.

·          Apply actionsImmediately applies specified actions in the action set of the matched packet.

·          Write actions—Writes specified actions into the action set of the matched packet.

For more information about actions, see Table 4.

 

Table 3 Match information

Match field

Match field mask

Description

Input interface

N/A

Ingress port (see Table 5).

Physical input interface

N/A

Ingress physical port.

Metadata

Mask

Metadata and mask that are transmitted between flow tables.

Ethernet destination MAC address

Mask

Ethernet destination MAC address and mask.

Ethernet source MAC address

Mask

Ethernet source MAC address and mask.

Ethernet type

N/A

Ethernet type of the OpenFlow packet payload.

VLAN ID

Mask

VLAN ID and mask.

VLAN PCP

N/A

VLAN priority.

IP DSCP

N/A

Differentiated Services Code Point (DSCP)  value.

IP ECN

N/A

Explicit Congestion Notification (ECN) value in the IP header.

IP protocol

N/A

IPv4 or IPv6 protocol number.

IPv4 source address

Mask

IPv4 source address and mask.

IPv4 destination address

Mask

IPv4 destination address and mask.

TCP source port

N/A

TCP source port.

TCP destination port

N/A

TCP destination port.

UDP source port

N/A

UDP source port.

UDP destination port

N/A

UDP destination port.

ICMPv4 type

N/A

ICMPv4 type.

ICMPv4 code

N/A

ICMPv4 code.

ARP source IPv4 address

Mask

Sender IPv4 address and mask in the ARP payload.

ARP source MAC address

Mask

Sender MAC address and mask in the ARP payload.

IPv6 source address

Mask

Source IPv6 address and mask.

IPv6 destination address

Mask

Destination IPv6 address and mask.

IPv6 flow label

Mask

IPv6 flow label and mask.

ICMPv6 type

N/A

ICMPv6 type.

ICMPv6 code

N/A

ICMPv6 code.

Output interface

N/A

Output port.

 

Table 4 Actions

Field

Description

Drop

Drops the matched packet.

Output interface

Sends the packet through a specified port. For more information about ports, see Table 5.

Group

Specifies a group to process the packet.

Set queue

Maps the flow entry to a queue specified by ID.

Set field

Modifies a field of the packet.

 

Table 5 Ports

Port name

Ingress port

Output port

Description

Normal

Not supported.

Supported.

Normal forwarding workflow of the switch.

Flood

Not supported.

Supported.

Flooding workflow.

All

Not supported.

Supported.

All ports.

Controller

Supported.

Supported.

Channel connected to the controller.

Local

Supported.

Supported.

Local CPU.

XGE1/0/3 (port name)

Supported.

Supported.

Name of a physical or logical port, such as a link aggregation port.

 

display openflow group

Use display openflow group to display the group table information for an OpenFlow instance.

Syntax

display openflow instance instance-id group [ group-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

group-id: Specifies a group by its ID in the range of 0 to 4294967040. If this argument is not specified, this command displays information about all group entries of the OpenFlow instance.

Usage guidelines

The group entries are referenced by flow entries to make the OpenFlow device support more packet forwarding functions, for example, multicast and broadcast. Each group table contains multiple action buckets. The actions in the buckets of a group entry are performed for packets matching the group entry.

You cannot configure group entries on the OpenFlow devices. Instead, you can configure group entries on the controller and issue the group entries to the OpenFlow device.

Examples

# Display the group table information for OpenFlow instance 10.

<Sysname> display openflow instance 10 group

Instance 10 group table information:

 Group count: 1

 

Group entry 1:

 Type: All, byte count: 55116, packet count: 401

 Bucket 1 information:

Action count 1, watch port: any, watch group: any

Byte count 55116, packet count 401

  Output interface: XGE1/0/11

 Bucket 2 information:

Action count 1, watch port: any, watch group: any

Byte count --, packet count --

  Output interface: XGE1/0/12

 Referenced information:

  Count: 3 

  Flow table 0

  Flow entry: 1, 2, 3

Table 6 Output description

Field

Description

Group count

Number of group entries contained in the OpenFlow instance.

Type

Group table type:

All—Execute all buckets in the group. This group is used for multicast or broadcast forwarding.

Action count

Number of actions in the action bucket.

Byte count

Number of bytes processed by the action bucket.

packet count

Number of packets processed by the action bucket.

watch port

Ports that affect the action bucket status.

watch group

Group table IDs of the ports that affect the action bucket status.

Output interface

Output interface in the group table.

Referenced information

Information about the group entry referenced by flow entries.

Count

Total number of flow entries that reference the group entry.

Flow table

Flow table to which the flow entries that reference the group entry belong.

Flow entry

Flow entries that reference the group entry.

 

display openflow instance

Use display openflow instance to display detailed information about an OpenFlow instance.

Syntax

display openflow instance [ instance-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

Examples

# Display detailed information about OpenFlow instances.

<Sysname> display openflow instance

Instance 10 information:

 

Configuration information:

 Description   : test-desc

 Active status : Active

 Inactive configuration:

 Active configuration:

  Classification :VLAN, loosen mode, total VLANs(1)

   2

  In-band management VLAN, total VLANs(0)

   Empty VLAN

  Connect mode: Multiple

  MAC address learning: Enabled

  Flow table:

   Table ID(type): 0(MAC-IP), count: 0

  Flow-entry max-limit: 65535

  Datapath ID: 0x0000001234567891

  Default table-miss: Drop

  Forbidden port: None

Port information:

 Ten-GigabitEthernet1/0/3

Active channel information:

 Controller 1 IP address: 192.168.49.49  port: 6633

 Controller 2 IP address: 192.168.43.49  port: 6633

Table 7 Command output

Field

Description

Description

Description of the OpenFlow instance.

Active status

Activation status of the OpenFlow instance.

Inactive configuration

Inactive OpenFlow instance configuration.

Active configuration

Active OpenFlow instance configuration.

Classification: VLAN, loosen mode, total VLANs

OpenFlow instance scope, VLANs associated with the OpenFlow instance, the total number of these VLANs.

In-band management VLAN, total VLANs

Inband management VLANs and the total number of inband management VLANs. empty VLAN is displayed when no inband management VLAN is configured.

Connect mode

Controller mode of the OpenFlow instance:

·          Multiple.

·          Single.

MAC address learning

MAC address learning status in the VLANs associated with the OpenFlow instance:

·          Enabled—MAC address learning is enabled in the VLANs associated with the OpenFlow instance.

·          Disabled—MAC address learning is disabled in the VLANs associated with the OpenFlow instance.

Flow-entry max-limit

Maximum number of flow entries allowed in the extensibility flow table.

Datapath ID

Datapath ID of the OpenFlow instance.

Default table-miss

Default action of the table-miss flow entry:

·          PermitForward packets to the normal pipeline.

·          DropDrop packets.

Forbidden port

Port types forbidden to be reported to controllers:

·          VLAN interface.

·          Virtual Switch Interface.

Port information

Ports added to the OpenFlow instance.

Flow table

Flow table information of the OpenFlow instance.

Table ID(type)

Flow table ID (flow table type). The flow table type can be MAC-IP or Extensibility.

count

Total number of flow entries in the flow table.

Active channel information

Information about active control channels.

Controller id IP address:  port:

Brief information of controllers which have established connections to the OpenFlow instance. This field is displayed only when the OpenFlow instance has established connections to controllers.

Failopen mode

Connection interruption mode when the OpenFlow instance is disconnected from all controllers (this field is displayed only when the OpenFlow instance is disconnected from all controllers):

·          secure—The OpenFlow switch uses flow tables for traffic forwarding after it is disconnected from all controllers.

·          standalone—The OpenFlow switch uses the normal forwarding process after it is disconnected from all controllers.

 

display openflow meter

Use display openflow meter to display meter entry information for an OpenFlow instance.

Syntax

display openflow instance instance-id meter [ meter-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

meter-id: Specifies a meter by its ID in the range of 0 to 4294901760. If no meter ID is specified, this command displays information about all meter entries for an OpenFlow instance.

Examples

# Display meter entry information for OpenFlow instance 10.

<Sysname> display openflow instance 10 meter

Meter flags: KBPS  -- Rate value in kb/s, PKTPS -- Rate value in packet/sec

             BURST -- Do burst size,      STATS -- Collect statistics

 

Instance 10 meter table information:

 meter entry count: 2

 

Meter entry 100 information:

 Meter flags: KBPS

 Band 1 information

 Type: drop, rate: 1024, burst size: 65536

 Byte count: --, packet count: 0

 Referencedinformation:

  Count: 3

  Flow table: 0

  Flow entry: 1, 2, 3

 

Meter entry 200 information:

 Meter flags: KBPS

 Band 1 information

 Type: drop, rate: 10240, burst size: 655360

 Byte count: --, packet count: --

 Referenced information:

  Count: 0

Table 8 Command output

Field

Description

Group entry count

Total number of meter entries included in the OpenFlow instance.

Meter flags

Flags configured for the meter:

·          KBPS—The rate value is in kbps.

·          PKTPS—The rate value is in pps.

·          BURST—The burst size field in the band is used and the length of the packet or byte burst is determined by the burst size.

·          STATS—Meter statistics are collected.

Band

Bands included in the meter.

Type

Type of the band:

·          dropDiscard the packet.

·          dscp remarkModify the drop precedence of the DSCP field in the IP header of the packet.

Rate

Rate value above which the corresponding band may apply to packets.

Burst size

Length of the packet or byte burst to consider for applying the meter.

Byte count

Number of bytes processed by a band.

If this field is not supported, the field displays two hyphens (--).

packet count

Number of packets processed by a band.

If this field is not supported, the field displays two hyphens (--).

Referenced information

Information about the meter entry referenced by flow entries.

Count

Total number of flow entries that reference the meter entry.

Flow table

Flow table to which the flow entries that reference the meter entry belong.

Flow entry

Flow entries that reference the meter entry.

 

display openflow summary

Use display openflow summary to display summary OpenFlow instance information, including OpenFlow instance ID, activation status, and datapath ID.

Syntax

display openflow instance summary

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display summary information about OpenFlow instances.

<Sysname> display openflow summary

Fail Open mode: Se -- secure mode, Sa -- standalone mode

 

ID    Status    Datapath-ID         Channel    Table-num  Port-num  Reactivate

1     active    0x0000000100001221  Connected       2         8       Y

10    deactive           -             -            -         -       -

4094  active    0x00000ffe00001221  Failed(Sa)        2         0       N

Table 9 Command output

Field

Description

ID

OpenFlow instance ID.

Status

Activation status of the OpenFlow instance:

·          active—The OpenFlow instance is active.

·          deactive—The OpenFlow instance is inactive.

Datapath-ID

Datapath ID of the OpenFlow instance. A hyphen (-) is displayed when the OpenFlow instance is inactive.

Channel

Status of the secure channel between the OpenFlow instance and the controller:

·          connected—The secure channel between the OpenFlow instance and the controller has been established.

·          Failed(Se)—The secure channel between the OpenFlow instance and the controller has been disconnected, and the connection interruption mode is secure mode.

·          Failed(Sa)—The channel between the OpenFlow instance and the controller has been disconnected, and the connection interruption mode is standalone mode.

A hyphen (-) is displayed when the OpenFlow instance is inactive.

Table-num

Number of flow tables in the OpenFlow instance. A hyphen (-) is displayed when the OpenFlow instance is inactive.

Port-num

Number of ports belonging to the OpenFlow instance. A hyphen (-) is displayed when the OpenFlow instance is inactive.

Reactivate

Indicates whether the OpenFlow instance needs to be reactivated:

·          Y—The OpenFlow instance needs to be reactivated.

·          N—The OpenFlow instance does not need to be reactivated.

A hyphen (-) is displayed when the OpenFlow instance is inactive.

 

fail-open mode

Use fail-open mode to set the connection interruption mode for an OpenFlow switch.

Use undo fail-open mode to restore the default.

Syntax

fail-open mode { secure | standalone }

undo fail-open mode

Default

The connection interruption mode is secure, and the controller deploys the table-miss flow entry (the action is Drop) to the OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

secure: Configures the OpenFlow switch to use flow tables for traffic forwarding after it is disconnected from all controllers.

standalone: Configures the OpenFlow switch to use the normal forwarding process after it is disconnected from all controllers.

Examples

# Configure the connection interruption mode to standalone for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] fail-open mode standalone

flow-entry max-limit

Use flow-entry max-limit to configure the maximum number of entries that every extensibility flow table can include.

Use undo flow-entry max-limit to restore the default.

Syntax

flow-entry max-limit limit-value

undo flow-entry max-limit

Default

An extensibility flow table can include up to 65535 flow entries.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the maximum number of flow entries, in the range of 1 to 65535.

Examples

# Configure OpenFlow instance 1 to include up to 256 entries in each extensibility flow table.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] flow-entry max-limit 256

flow-table

Use flow-table to configure a flow table for an OpenFlow instance.

Use undo flow-table to restore the default.

Syntax

flow-table { [ ingress-vlan ingress-table-id ] [ extensibility extensibility-table-id | mac-ip mac-ip-table-id ] * [ egress-vlan egress-table-id ] }

undo flow-table

Default

An OpenFlow instance has an extensibility flow table whose ID is 0.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

ingress-vlan ingress-table-id: Specifies a VLAN tagging flow table by its ID in the range of 0 to 254. If you specify this option, the device tags all incoming packets matching the table.

extensibility extensibility-table-id: Specifies an extensibility flow table by its ID in the range of 0 to 254.

mac-ip mac-ip-table-id: Specifies a MAC-IP flow table by its ID in the range of 0 to 254.

egress-vlan egress-table-id: Specifies a VLAN untagging flow table by its ID in the range of 0 to 254. If you specify this option, the device untags all outgoing packets matching the table.

Usage guidelines

You can specify only one MAC-IP flow table and one extensibility flow table for an OpenFlow instance, and the MAC-IP flow table ID must be smaller than the extensibility flow table ID.

Configure flow tables before you activate an OpenFlow instance.

If you execute this command multiple times, the most recent configuration takes effect.

If you specify the ingress-vlan ingress-table-id option, make sure the VLAN tagging flow table has the smallest ID among all flow tables. If you specify the egress-vlan egress-table-id option, make sure the VLAN untagging flow table has the largest ID among all flow tables. The VLAN tagging flow table and untagging flow table take effect only when the following conditions are met:

·           The OpenFlow instance is configured to perform QinQ tagging for double-tagged packets passing an extensibility flow table.

·           The device operates in standalone mode.

Examples

# Configure a MAC-IP flow table with ID 0 and an extensibility flow table with ID 1 for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] flow-table mac-ip 0 extensibility 1

forbidden port

Use forbidden port to forbid an OpenFlow instance from reporting ports of the specified types to controllers.

Use undo forbidden port to restore the default.

Syntax

forbidden port { l3-physical-interface | vlan-interface } *

undo forbidden port

Default

All ports that belong to an OpenFlow instance are reported to the controllers.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

l3-physical-interface: Specifies Layer 3 Ethernet interfaces that belong to an OpenFlow instance. This keyword is not supported in the current software version.

vlan-interface: Specifies VLAN interfaces that belong to an OpenFlow instance.

Examples

# Forbid OpenFlow instance 1 from reporting VLAN interfaces that belong to the OpenFlow instance to controllers.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] forbidden port vlan-interface

in-band management vlan

Use in-band management vlan to configure inband management VLANs.

Use undo in-band management vlan to restore the default.

Syntax

in-band management vlan vlan-list

undo in-band management vlan

Default

No inband management VLAN is configured for an OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

vlan-list: Specifies a list of VLANs in the format of vlan-list = { vlan-id1 [ to vlan-id2 ] }&<1-10>, where vlan-id1 and vlan-id2 are both in the range of 1 to 4094, vlan-id2 cannot be smaller than vlan-id1, and &<1-10> indicates that you can specify up to 10 vlan-id1 [ to vlan-id2 ] parameters.

Usage guidelines

The inband management VLANs must be a subset of the VLANs associated with the OpenFlow instance.

This command is applicable only to OpenFlow instances that are in the VLAN mode.

Examples

# Configure VLAN 10 as an inband management VLAN in OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] in-band management vlan 10

loop-protection enable

Use loop-protection enable to enable loop guard for an OpenFlow instance.

Use undo loop-protection enable to restore the default.

Syntax

loop-protection enable

undo loop-protection enable

Default

Loop guard is disabled for an OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

This feature enables the deactivated OpenFlow instance to create a flow entry for dropping all traffic in the VLANs to which the OpenFlow instance belongs to avoid loops.

Examples

# Enable loop guard for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] loop-protection enable

mac-ip dynamic-mac aware

Use mac-ip dynamic-mac aware to configure OpenFlow to support dynamic MAC addresses.

Use undo mac-ip dynamic-mac aware to restore the default.

Syntax

mac-ip dynamic-mac aware

undo mac-ip dynamic-mac aware

Default

An OpenFlow instance ignores dynamic MAC address messages sent from controllers.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

When a MAC-IP flow table is configured for an OpenFlow switch, you can configure OpenFlow to support querying and deleting dynamic MAC addresses in the table.

When this command is configured, the OpenFlow switch does not send change events for the dynamic MAC addresses to controllers.

This command is applicable only to OpenFlow instances that are in the VLAN mode.

Examples

# Configure OpenFlow instance 1 to support dynamic MAC addresses.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] mac-ip dynamic-mac aware

mac-learning forbidden

Use mac-learning forbidden to configure OpenFlow to forbid MAC address learning for the VLANs associated with the OpenFlow instance.

Use undo mac-learning forbidden to restore the default.

Syntax

mac-learning forbidden

undo mac-learning forbidden

Default

MAC address learning is allowed in the VLANs associated with an OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

This command is applicable only to OpenFlow instances that are in the VLAN mode.

Examples

# Forbid MAC address learning in the VLANs associated with OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] mac-learning forbidden

openflow instance

Use openflow instance to create an OpenFlow instance and enter OpenFlow instance view.

Use undo openflow instance to remove an OpenFlow instance.

Syntax

openflow instance instance-id

undo openflow instance instance-id

Default

No OpenFlow instance exists.

Views

System view

Predefined user roles

network-admin

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

Examples

# Create OpenFlow instance 1, and enter the OpenFlow instance view.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1]

openflow lossless enable

Use openflow lossless enable to enable packet loss prevention for OpenFlow forwarding.

Use undo openflow lossless enable to disable packet loss prevention for OpenFlow forwarding.

Syntax

openflow lossless enable

undo openflow lossless enable

Default

Packet loss prevention for OpenFlow forwarding is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, ACLs cannot match packets by IPv6 address.

After you enable or disable this feature, save the configuration and reboot the switch to make the configuration take effect.

Examples

# Enable packet loss prevention for OpenFlow forwarding.

<Sysname> system-view

[Sysname] openflow lossless enable

Do you want to change the lossless traffic mode? [Y/N]:y

For the setting to take effect, save the configuration, and then reboot the device.

openflow shutdown

Use openflow shutdown to shut down an interface by OpenFlow.

Use undo openflow shutdown to restore the default.

Syntax

openflow shutdown

undo openflow shutdown

Default

An interface is not shut down by OpenFlow.

Views

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Usage guidelines

After an interface is shut down by OpenFlow, the Current state field displays OFP DOWN in the display interface command output.

You can use the undo openflow shutdown command to bring up an interface shut down by OpenFlow. The interface can also be brought up by port modification messages from controllers.

Examples

# Shut down Ten-GigabitEthernet1/0/1 by OpenFlow.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] openflow shutdown

permit-port-type member-port

Use permit-port-type member-port to allow link aggregation member ports to be in the deployed flow tables.

Use undo permit-port-type to forbid link aggregation member ports to be in the deployed flow tables.

Syntax

permit-port-type member-port

undo permit-port-type

Default

Link aggregation member ports cannot be in the deployed flow tables.

Views

OpenFlow instance view

Predefined user roles

network-admin

Examples

# Configure OpenFlow instance 1 to allow link aggregation member ports to be in the deployed flow tables.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] permit-port-type member-port

protocol-packet filter slow

Use protocol-packet filter slow to create a highest-priority flow entry for dropping slow protocol packets.

Use undo protocol-packet filter to restore the default.

Syntax

protocol-packet filter slow

undo protocol-packet filter

Default

An OpenFlow instance does not have a highest-priority flow entry for dropping slow protocol packets.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

The flow entry created by using this command has a higher priority than the flow entries deployed by the controller.

The slow protocols include LACP, LAMP, and OAM.

Examples

# Create a highest-priority flow entry for OpenFlow instance 1 to drop slow protocol packets.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] protocol-packet filter slow

qinq-network enable

Use qinq-network enable to enable an OpenFlow instance to perform QinQ tagging for double-tagged packets passing an extensibility flow table.

Use undo qinq-network enable to restore the default.

Syntax

qinq-network enable

undo qinq-network enable

Default

A double-tagged packet becomes single-tagged after it passes an extensibility flow table.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

Execute this command to make double-tagged packets keep double-tagged after the packets pass an extensibility flow table.

Examples

# Enable OpenFlow instance 1 to perform QinQ tagging for double-tagged packets passing an extensibility flow table.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] qinq-network enable

reset openflow instance controller statistics

Use reset openflow instance controller statistics to clear statistics on packets that a controller sends and receives for an OpenFlow instance.

Syntax

reset openflow instance instance-id controller [ controller-id ] statistics

Views

User view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

controller-id: Specifies a controller by its ID in the range of 0 to 63. If no controller ID is specified, this command clears statistics on packets that all controllers send and receive for an OpenFlow instance.

Examples

# Clear statistics on packets that all controllers send and receive for OpenFlow instance 1.

<Sysname> reset openflow instance 1 controller statistics

tcp dscp

Use tcp dscp to set a DSCP value for OpenFlow packets.

Use undo tcp dscp to restore the default.

Syntax

tcp dscp dscp-value

undo tcp dscp

Default

The DSCP value for OpenFlow packets is 10.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value for OpenFlow packets, in the range of 0 to 63.

Examples

# Set the DSCP value to 63 for OpenFlow packets.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] tcp dscp 63

tcp-connection backup

Use tcp-connection backup to enable OpenFlow connection backup.

Use undo tcp-connection backup to disable OpenFlow connection backup.

Syntax

tcp-connection backup

undo tcp-connection backup

Default

OpenFlow connection backup is enabled.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

This command enables an OpenFlow instance to back up OpenFlow connections established over TCP. This prevents connection interruption when an active/standby switchover occurs.

Examples

# Enable OpenFlow connection backup for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] tcp-connection backup