Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-OpenFlow commands | 143.51 KB |
OpenFlow commands
active instance
Use active instance to activate or reactivate an OpenFlow instance.
Use undo active instance to deactivate an OpenFlow instance.
Syntax
active instance
undo active instance
Default
An OpenFlow instance is not activated.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
To change the VLAN configuration or flow table configuration of an activated OpenFlow instance, perform the following tasks:
1. Use the undo active instance command to deactivate the OpenFlow instance.
If you do not deactivate the OpenFlow instance first, the system prompts an error.
2. Modify the VLAN configuration or flow table configuration for the OpenFlow instance.
3. Use the active instance command to reactivate the instance to make the configuration change take effect.
Examples
# Activate OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] active instance
classification
Use classification to configure the OpenFlow instance mode.
Use undo classification to remove the configuration.
Syntax
classification { global | vlan vlan-id [ mask vlan-mask ] [ loosen ] }
undo classification
Default
The OpenFlow instance mode is not configured.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
global: Specifies the global mode.
vlan: Specifies the VLAN mode.
vlan-id: Specifies the VLAN ID in the range of 1 to 4094.
vlan-mask: Specifies a VLAN mask in the range of 0 to 4095. The default value is 4095.
loosen: Specifies the loosen mode. If the loosen mode is used, a port belongs to the OpenFlow instance when VLANs associated with the OpenFlow instance overlap with the port's allowed VLANs. Otherwise, a port belongs to an OpenFlow instance only when VLANs associated with the OpenFlow instance are within the port's allowed VLAN list.
Usage guidelines
The VLANs to be associated are calculated by a bitwise AND operation on the specified VLAN ID and mask. The VLAN mask supports non-contiguous 1s and ignores all 0 bits. To view the associated VLANs, use the display openflow instance command.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Associate OpenFlow instance 1 with a list of VLANs determined by VLAN ID 255 and VLAN mask 7.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] classification vlan 255 mask 7
Related commands
display openflow instance
controller address
Use controller address to specify a controller for an OpenFlow switch and configure the main connection to the controller.
Use undo controller address to remove the configuration.
Syntax
controller controller-id address { ip ip-address | ipv6 ipv6-address } [ port port-number ] [ local address { ip local-ip-address | ipv6 local-ipv6-address } [ port local-port- number ] ] [ ssl ssl-policy-name ] [ vrf vrf-name ]
undo controller controller-id address
Default
An OpenFlow instance does not have a main connection to a controller.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
controller-id: Specifies a controller by its ID in the range of 0 to 63.
ip ip-address: Specifies the IPv4 address of the controller.
ipv6 ipv6-address: Specifies the IPv6 address of the controller.
port port-number: Sets the port number used to establish TCP connections to the controller. The value range for the port number is 1 to 65535. The default value is 6633.
local address: Specifies the source IP address used to establish TCP connections to the controller. When multiple routes are available between a controller and a switch, you can use this keyword to configure a source IP address for the switch. When the switch restarts or an active/standby switchover occurs, the switch can use the original route to reconnect to the controller without selecting a new route.
ip local-ip-address: Specifies the source IPv4 address.
ipv6 local-ipv6-address: Specifies the source IPv6 address.
port local-port-number: Specifies the source port number in the range of 1 to 65535. If you do not specify a source port number, the system automatically assigns a source port number during connection establishment.
ssl ssl-policy-name: Specifies the SSL client policy that the controller uses to authenticate the OpenFlow switch. The ssl-policy-name argument is a case-insensitive string of 1 to 31 characters.
vrf vrf-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the controller belongs to the public network.
Usage guidelines
You can specify multiple controllers for an OpenFlow switch. The OpenFlow channel between the OpenFlow switch and each controller can have only one main connection.
The OpenFlow switch uses the main connection to a controller to exchange control messages with the controller to perform the following operations:
· Receive flow table entries or data from the controller.
· Report information to the controller.
As a best practice, configure a unicast IP address for a controller. Otherwise, an OpenFlow switch might fail to establish a connection with the controller.
As a best practice, configure a unicast source IP address that is the IP address of a port belonging to the OpenFlow instance. Otherwise, the OpenFlow switch might fail to establish a connection with the controller.
Examples
# Specify controller 1 for OpenFlow instance 1. The controller's IP address is 1.1.1.1 and the port number is 6666.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] controller 1 address ip 1.1.1.1 port 6666
controller connect interval
Use controller connect interval to set the reconnection interval for an OpenFlow instance.
Use undo controller connect interval to restore the default.
Syntax
controller connect interval interval-value
undo controller connect interval
Default
The reconnection interval is 60 seconds.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
interval-value: Sets a reconnection interval in the range of 10 to 120 seconds.
Usage guidelines
The OpenFlow switch waits until the reconnection interval has expired before it attempts to reconnect to a controller.
Examples
# Set the reconnection interval to 10 seconds for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] controller connect interval 10
controller echo-request interval
Use controller echo-request interval to set the connection detection interval for an OpenFlow switch.
Use undo controller echo-request interval to restore the default.
Syntax
controller echo-request interval interval-value
undo controller echo-request interval
Default
The connection detection interval is 5 seconds.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
interval-value: Sets the connection detection interval in the range of 1 to 10 seconds.
Usage guidelines
The connection detection interval specifies the interval at which the OpenFlow switch sends an Echo Request message to a controller.
Examples
# Set the connection detection interval to 10 seconds for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] controller echo-request interval 10
controller mode
Use controller mode to set the controller mode for an OpenFlow instance.
Use undo controller mode to restore the default.
Syntax
controller mode { multiple | single }
undo controller mode
Default
The controller mode is multiple.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
multiple: Specifies the multiple mode.
single: Specifies the single mode.
Usage guidelines
In single mode, the OpenFlow switch connects to only one controller at a time. When communication with the current controller fails, the OpenFlow instance uses another controller.
In multiple mode, the OpenFlow switch simultaneously connects to all controllers. If one or more controllers become invalid or disconnected, the OpenFlow switch continues to exchange messages with the rest of the controllers.
Examples
# Set all controllers of OpenFlow instance 1 to operate in single mode.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] controller mode single
controller tcp nsr disable
Use controller tcp nsr disable to disable OpenFlow connection backup.
Use undo controller tcp nsr disable to restore the default.
Syntax
controller tcp nsr disable
undo controller tcp nsr disable
Default
OpenFlow connection backup is enabled.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command takes effect only on OpenFlow connections that the OpenFlow instance establishes with controllers through TCP.
By default, an OpenFlow instance backs up OpenFlow connections established over TCP on the standby MPU. This prevents connection interruption when an active/standby switchover occurs.
Examples
# Disable OpenFlow connection backup for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] controller tcp nsr disable
datapath-id
Use datapath-id to set a datapath ID for an OpenFlow instance.
Use undo datapath-id to restore the default.
Syntax
datapath-id id
undo datapath-id
Default
The datapath ID of an OpenFlow instance contains the instance ID and the bridge MAC address of the device. The lower 16 bits are the instance ID and the upper 48 bits are the bridge MAC address of the device.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
id: Specifies the datapath ID for the OpenFlow instance, in the range of 1 to 0xFFFFFFFFFFFFFFFF.
Examples
# Set the datapath ID to 0x123456 for OpenFlow instance 1.
[Sysname] openflow instance 1
[Sysname-of-inst-1] datapath-id 123456
default table-miss permit
Use default table-miss permit to change the default action of table-miss flow entries to forward packets to the normal pipeline.
Use undo default table-miss permit to restore the default.
Syntax
default table-miss permit
undo default table-miss permit
Default
The default action of a table-miss flow entry is to drop packets.
Views
OpenFlow instance view
Predefined user roles
network-admin
Examples
# Configure the default action of a table-miss flow entry to forward packets to the normal pipeline.
[Sysname] openflow instance 1
[Sysname-of-inst-1] default table-miss permit
description
Use description to set a description for an OpenFlow instance.
Use undo description to restore the default.
Syntax
description text
undo description
Default
An OpenFlow instance does not have a description.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
text: Specifies a description for the OpenFlow instance, which is a case-sensitive string of 1 to 255 characters.
Examples
# Set the description to test-desc for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] description test-desc
display openflow controller
Use display openflow controller to display controller information for an OpenFlow instance.
Syntax
display openflow instance instance-id controller [ controller-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
controller-id: Specifies a controller by its ID in the range of 0 to 63. If you do not specify a controller ID, this command displays information about all controllers for an OpenFlow instance.
Examples
# Display controller information for OpenFlow instance 100.
<Sysname> display openflow instance 100 controller
Instance 100 controller information:
Reconnect interval : 60 (s)
Echo interval : 5 (s)
Controller ID : 1
Controller IP address : 192.168.49.49
Controller port : 6633
Local IP address : 192.0.0.1
Local port : 5566
Controller role : Equal
Connect type : TCP
Connect state : Established
Packets sent : 9
Packets received : 9
SSL policy : --
VRF name : --
Table 1 Command output
|
Field |
Description |
|
Reconnection interval (in seconds) for an OpenFlow instance to reconnect to all controllers. |
|
|
Connection detection interval (in seconds) at which an OpenFlow instance sends an Echo Request message to all controllers. |
|
|
IP address of the controller. |
|
|
TCP port number of the controller. |
|
|
Source IP address of the controller that corresponds to an OpenFlow instance. |
|
|
Source TCP port number of the current controller. |
|
|
Controller role |
Role of the controller: · Equal—The controller has the same mode as other controllers that are specified for the OpenFlow instance. · Master—The controller is the master controller for the OpenFlow instance. · Slave—The controller is a subordinate controller for the OpenFlow instance. If the controller is not configured with any role, this field displays two hyphens (--). |
|
Connect type |
Type of the connection between the OpenFlow instance and the controller: TCP or SSL. |
|
Connect state |
State of the connection between the OpenFlow instance and the controller: Idle or Established. |
|
Packets sent |
Number of packets that have been sent to the controller. |
|
Packets received |
Number of packets that have been received from the controller. |
|
SSL policy |
Name of the SSL client policy used for SSL connections. If no SSL client policy controller is configured, this field displays two hyphens (--). |
|
VRF name |
Name of the MPLS L3VPN to which the controller belongs. |
display openflow flow-table
Use display openflow flow-table to display flow table information for an OpenFlow instance.
Syntax
display openflow instance instance-id flow-table [ table-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
table-id: Specifies a flow table by its ID in the range of 0 to 254.
Usage guidelines
If you do not specify the flow table ID, this command displays information about all flow tables for the specified OpenFlow instance.
Examples
# Display information about all flow tables for OpenFlow instance 100.
<Sysname> display openflow instance 100 flow-table
Instance 100 flow table information:
Table 0 information:
Table type: MAC-IP, flow entry count: 2, total flow entry count: 3
MissRule (default) flow entry information:
cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: reset_counts
|no_pkt_counts|no_byte_counts, byte count: --, packet count: --
Match information: any
Instruction information:
Write actions:
Drop
Flow entry rule 1 information:
cookie: 0x0, priority: 1, hard time: 0, idle time: 0, flags: none,
byte count: --, packet count: --
Match information:
Ethernet destination MAC address: 0000-0000-0001
Ethernet destination MAC address mask: ffff-ffff-ffff
VLAN ID: 100, mask: 0xfff
Instruction information:
Write actions:
Output interface: GE1/0/4
Write metadata/mask: 0x0000000000000001/0xffffffffffffffff
Goto table: 1
Flow entry 2 information:
cookie: 0x0, priority: 1, hard time: 0, idle time: 0, flags: check_overlap,
byte count: --, packet count: --
Match information:
Ethernet type: 0x0800
IPv4 destination address: 4.4.4.1, mask: 255.255.255.255
Experiment:
Address ID: 15
Instruction information:
Write actions:
Output interface: Tun100
Set field:
Ethernet destination MAC address: 00aa-bbaa-ccdd
Tunnel ID: 1000
Goto table: 1
Table 1 information:
Table type: Extensibility, flow entry count: 1, total flow entry count: 2
MissRule (default) Flow entry information:
cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: none,
byte count: --, packet count: 60
Match information: any
Instruction information:
Write actions:
Drop
Flow entry rule 1 information:
cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem
|check_overlap, byte count: --, packet count: 1
Match information:
Input interface: GE1/0/3
Ethernet source MAC address: 0000-0000-0001
Ethernet source MAC address mask: ffff-ffff-ffff
Instruction information:
Set meter: 100
Apply actions:
Output interface: GE1/0/4
Write actions:
Output interface: Controller, send length: 128 bytes
Table 2 Command output
|
Field |
Description |
|
Table information |
Information about the flow table. |
|
Table type |
Type of the flow table: MAC-IP or Extensibility. |
|
flow entry count |
Number of flow entries deployed by the controller. |
|
total flow entry count |
Total number of flow entries in the table. |
|
Flow entry rule information |
Information about the flow entry. |
|
cookie |
Cookie ID of the flow entry. |
|
priority |
Priority of the flow entry. The larger the value, the higher the priority. |
|
hard time |
Hard timeout of the flow entry, in seconds. The flow entry is removed when the timer times out, whether or not the flow entry matches any data stream. If the flow entry has no hard timeout, the field displays 0. |
|
idle time |
Idle timeout of the flow entry, in seconds. The flow entry is removed if the flow entry does not match any data stream during the idle time. If the flow entry has no idle timeout, the field displays 0. |
|
flags |
Flags that the flow entry includes: · flow_send_rem—Sends a flow removed message when the flow entry is removed or expires. · check_overlap—Checks for overlapping flow entries. · reset_counts—Resets flow table counters. · no_pkt_counts—Does not count packets. · no_byte_counts—Does not count bytes. If the flow entry does not include any flags, this field displays none. |
|
byte count |
Number of bytes that have matched the flow entry. |
|
packet count |
Number of packets that have matched the flow entry. |
|
Match information |
Contents of the match field of the flow entry (see Table 3). |
|
Instruction information |
Contents of the instruction set of the flow entry: · Set meter—Sends the matched packet to a specific meter. · Write metadata—Writes the value into the metadata fields of the matched packet. Metadata is used for passing messages between flow tables. · Write metadata mask—Specifies which bits of the metadata should be modified. · Goto table—Sends the matched packet to the next flow table for processing. · Clear actions—Immediately clears all actions in the action set. · Apply actions—Immediately applies specified actions in the action set. · Write actions—Writes specified actions into the current action set. For more information about actions, see Table 4. |
|
Field |
Mask field |
Description |
|
Input interface |
N/A |
Ingress port (see Table 5). |
|
Physical input interface |
N/A |
Ingress physical port. |
|
Metadata |
Metadata mask |
Metadata and mask. |
|
Ethernet destination MAC address |
Ethernet destination MAC address mask |
Ethernet destination MAC address and mask. |
|
Ethernet source MAC address |
Ethernet source MAC address mask |
Ethernet source MAC address and mask. |
|
Ethernet type |
N/A |
Ethernet type of the OpenFlow packet payload. |
|
VLAN ID |
Mask |
VLAN ID and mask. |
|
VLAN PCP |
N/A |
VLAN priority. |
|
IP DSCP |
N/A |
Differentiated Services Code Point (DSCP) value. |
|
IP ECN |
N/A |
Explicit Congestion Notification (ECN) value in the IP header. |
|
IP protocol |
N/A |
IPv4 or IPv6 protocol number. |
|
IPv4 source address |
Mask |
IPv4 source address and mask. |
|
IPv4 destination address |
Mask |
IPv4 destination address and mask. |
|
TCP source port |
Mask |
TCP source port and mask. |
|
TCP destination port |
Mask |
TCP destination port and mask. |
|
UDP source port |
Mask |
UDP source port and mask. |
|
UDP destination port |
Mask |
UDP destination port and mask. |
|
SCTP source port |
Mask |
Stream Control Transmission Protocol (SCTP) source port and mask. |
|
SCTP destination port |
Mask |
SCTP destination port and mask. |
|
ICMPv4 type |
N/A |
ICMPv4 type. |
|
ICMPv4 code |
N/A |
ICMPv4 code. |
|
ARP opcode |
N/A |
ARP opcode. |
|
ARP source IPv4 address |
Mask |
Sender IPv4 address and mask in the ARP payload. |
|
ARP target IPv4 address |
Mask |
Target IPv4 address and mask in the ARP payload. |
|
ARP source MAC address |
ARP source MAC address mask |
Sender MAC address and mask in the ARP payload. |
|
ARP target MAC address |
ARP target MAC address mask |
Target MAC address and mask in the ARP payload. |
|
IPv6 source address |
IPv6 source address mask |
Source IPv6 address and mask. |
|
IPv6 destination address |
IPv6 destination address mask |
Destination IPv6 address and mask. |
|
IPv6 flow label |
Mask |
IPv6 flow label and mask. |
|
ICMPv6 type |
N/A |
ICMPv6 type. |
|
ICMPv6 code |
N/A |
ICMPv6 code. |
|
IPv6 ND target address |
N/A |
Target IP address in an IPv6 Neighbor Discovery message. |
|
IPv6 ND source MAC address |
N/A |
Source link-layer address in an IPv6 Neighbor Discovery message. |
|
IPv6 ND target MAC address |
N/A |
Target link-layer address in an IPv6 Neighbor Discovery message. |
|
MPLS label |
N/A |
Label in the first MPLS header. This field is not supported in the current software version. |
|
MPLS tc |
N/A |
Traffic Class (TC) in the first MPLS header. This field is not supported in the current software version. |
|
Tunnel ID |
Mask |
Metadata and mask that are associated with a logical port. |
|
IPv6 extension header |
Mask |
IPv6 extension header and mask. |
|
N/A |
Output port. |
|
|
N/A |
VPN index. |
|
|
N/A |
Fragment. |
|
|
N/A |
Output physical port. |
|
|
CVLAN ID and mask. |
||
|
Experiment |
N/A |
Extension matching fields. Address ID represents the unique identifier of an address. |
|
Field |
Description |
|
Drop |
Drops the matched packet. This action is not defined in the OpenFlow specifications. |
|
Output interface |
Sends the packet through a specific port. For more information about ports, see Table 5. |
|
send length |
Specifies the max length of bytes to be taken from the packet and sent to the controller. This field appears only when the reserved port of the controller type is specified as the output port. |
|
Group |
Specifies a group table to process the packet. |
|
Set queue |
Maps the flow entry to a queue specified by its ID. |
|
Set field |
Modifies a field of the packet. |
|
Set MPLS TTL |
Sets the MPLS TTL. This field is not supported in the current software version. |
|
Set IP TTL |
Sets the IP TTL. |
|
Push VLAN tag |
Adds a VLAN tag to the packet. This field is not supported in the current software version. |
|
Push MPLS tag |
Adds an MPLS tag to the packet. This field is not supported in the current software version. |
|
Pop MPLS tag |
Removes the outermost MPLS tag from the packet. This field is not supported in the current software version. |
|
Push PBB tag |
Adds a PBB service tag to the packet. This field is not supported in the current software version. |
|
Pop VLAN tag |
Removes the outermost VLAN tag from the packet. This field is not supported in the current software version. |
|
Pop PBB tag |
Removes the outermost PBB service tag from the packet. This field is not supported in the current software version. |
|
Decrement MPLS TTL |
Decreases the MPLS TTL by 1. This field is not supported in the current software version. |
|
Decrement IP TTL |
Decreases the IP TTL by 1. |
|
Copy TTL inwards |
Copies the TTL from the outermost header to the second outermost header. |
|
Copy TTL outwards |
Copies the TTL from the second outermost header to the outermost header. |
|
Port name |
Ingress port |
Output port |
Description |
|
In port |
Not supported. |
Not supported. |
Forwarding the packet out of the ingress port. |
|
Table |
Not supported. |
Not supported. |
Submitting the packet to the first flow table so that the packet can be processed through the regular OpenFlow pipeline. |
|
Normal |
Not supported. |
Supported. |
Processing the packet by using the normal forwarding process. |
|
Flood |
Not supported. |
Not supported. |
Flooding the packet to all physical ports in VLANs, except the ingress port and those blocked or link-down ports. |
|
All |
Not supported. |
Not supported. |
Forwarding the packet out of all ports except the ingress port. |
|
Controller |
Not supported. |
Supported. |
Sending the packet to the controller. |
|
Local |
Not supported. |
Supported. |
Sending the packet to the local CPU. |
|
Any |
Not supported. |
Not supported. |
Special value used in some OpenFlow commands when you do not specify a port. |
|
port name |
Supported. |
Supported. |
Valid physical or logical port on the switch, such as an aggregate interface. |
display openflow group
Use display openflow group to display group entry information for an OpenFlow instance.
Syntax
display openflow instance instance-id group [ group-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
group-id: Specifies a group by its ID in the range of 0 to 4294967040. If you do not specify a group ID, this command displays information about all group entries for an OpenFlow instance.
Examples
# Display group entry information for OpenFlow instance 100.
<Sysname> display openflow instance 100 group
Instance 100 group table information:
Group count: 2
Group entry 103:
Type: All, byte count: 55116, packet count: 401
Bucket 1 information:
Action count 1, watch port: any, watch group: any
Byte count 55116, packet count 401
Output interface: BAGG100
Bucket 2 information:
Action count 1, watch port: any, watch group: any
Byte count --, packet count --
Output interface: Controller, send length: 128 bytes
Referenced information:
Count: 3
Flow table 0
Flow entry: 1, 2, 3
Group entry 104:
Type: All, byte count: 0, packet count: 0
Bucket 1 information:
Action count 1, watch port: any, watch group: any
Byte count --, packet count --
Output interface: Controller, send length: 128 bytes
Referenced information:
Count: 0
Table 6 Command output
|
Field |
Description |
|
Group count |
Total number of group entries included in the OpenFlow instance. |
|
Type |
Type of the group entry: · All—Executes all buckets in the group. This group is used for multicast or broadcast forwarding. · Select—Executes one bucket in the group. · Indirect—Executes the one defined bucket in the group. · Fast failover—Executes the first live bucket. |
|
Bucket |
Buckets included in the group table. |
|
Action count |
Number of actions included in the bucket. |
|
Byte count |
Number of bytes processed by a group or by a bucket. If this field is not supported, the field displays two hyphens (--). |
|
packet count |
Number of packets processed by a group or by a bucket. If this field is not supported, the field displays two hyphens (--). |
|
watch port |
Port whose state affects whether this bucket is live. |
|
watch group |
Group whose state affects whether this bucket is live. |
|
Output interface |
Output interface included in the group entry. |
|
Referenced information |
Information about the group entry referenced by flow entries. |
|
Count |
Total number of flow entries that reference the group entry. |
|
Flow table |
Flow table to which the flow entries that reference the group entry belong. |
|
Flow entry |
Flow entries that reference the group entry. |
display openflow instance
Use display openflow instance to display detailed information about an OpenFlow instance.
Syntax
display openflow instance [ instance-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094. If you do not specify a instance ID, this command displays detailed information about all OpenFlow instances.
Examples
# Display detailed information about all OpenFlow instances.
<Sysname> display openflow instance
Instance 100 information:
Configuration information:
Description : test-desc
Active status : Active
Inactive configuration:
None
Active configuration:
Classification VLAN, loosen mode, total VLANs(1)
2
In-band management VLAN, total VLANs(0)
Empty VLAN
Connect mode: Multiple
MAC address learning: Disabled
TCP DSCP value: 10
Flow table:
Table ID(type): 0(MAC-IP), count: 0
Table ID(type): 1(Extensibility) , count: 0
Flow-entry max-limit: 65535
Datapath ID: 0x0000001234567891
Default table-miss: Drop
Forbidden port: None
Qinq Network: Disabled
Tcp Nsr: Enabled
Port information:
GigabitEthernet1/0/3
Active channel information:
Controller 1 IP address: 192.168.49.49 port: 6633
Controller 2 IP address: 192.168.43.49 port: 6633
Instance 200 information:
Configuration information:
Description : test
Active status : Active
Inactive configuration:
None
Active configuration:
Classification VLAN, total VLANs(4)
8, 10, 12, 14
In-band management VLAN, total VLANs(1)
10
Connect mode: Multiple
MAC address learning: Disabled
TCP DSCP value: 10
Flow table:
Table ID(type): 0(MAC-IP), count: 0
Flow-entry max-limit: 65535
Datapath ID: 0x0000001234567801
Default table-miss: Drop
Forbidden port: None
Qinq Network: Disabled
Tcp Nsr: Enabled
Port information:
GigabitEthernet1/0/3
Active channel information:
Failopen mode: Secure
Instance 300 information:
Configuration information:
Description : test
Active status : Inactive
Inactive configuration:
Classification VLAN, total VLANs(1)
1
In-band management VLAN, total VLANs(0)
Empty VLAN
Connect mode: Multiple
MAC address learning: Disabled
TCP DSCP value: 10
Flow table:
Table ID(type): 0(MAC-IP)
Table ID(type): 1(Extensibility)
Flow-entry max-limit: 65535
Datapath ID: 0x0000001234567890
Default table-miss: Permit
Forbidden port: VLAN interface
Qinq Network: Disabled
Tcp Nsr: Enabled
Active configuration:
None
Table 7 Command output
|
Description |
|
|
Information about the configuration. |
|
|
Active configuration for the OpenFlow instance. |
|
|
VLANs that are associated with the OpenFlow instance and the total number of these VLANs. |
|
|
The loose mode is used. |
|
|
Connection mode of the controller: · Single—The OpenFlow instance connects to only one controller at a time. · Multiple—The OpenFlow instance can simultaneously connect to multiple controllers. |
|
|
Whether MAC address learning is disabled: Enabled or Disabled. |
|
|
TCP DSCP value |
DSCP value for OpenFlow packets. |
|
Type of the flow table: MAC-IP or Extensibility. |
|
|
Total number of flow entries included in the current flow table. |
|
|
Maximum number of flow entries that the current flow table can include. |
|
|
Default action of the table-miss flow entry: Permit or Drop. |
|
|
Type of interfaces that are forbidden to be reported to the controller: · VLAN interface. · Virtual Switch Interface. The switch does not support the Virtual Switch Interface type in the current software version. · L3 Physical Interface—Layer 3 Ethernet interfaces. |
|
|
Qinq Network |
QinQ tagging for double-tagged packets passing an extensibility flow table. This field is not supported in the current software version. |
|
Tcp Nsr |
Whether OpenFlow connection backup is enabled: · Enabled. · Disabled. |
|
IP address of the controller configured for the OpenFlow instance. |
|
|
Connection interruption mode for the OpenFlow instance: Standalone or Secure. |
display openflow meter
Use display openflow meter to display meter entry information for an OpenFlow instance.
Syntax
display openflow instance instance-id meter [ meter-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
meter-id: Specifies a meter by its ID in the range of 1 to 4294901760. If you do not specify a meter ID, this command displays information about all meter entries for an OpenFlow instance.
Examples
# Display meter entry information for OpenFlow instance 100.
<Sysname> display openflow instance 100 meter
Meter flags: KBPS -- Rate value in kb/s, PKTPS -- Rate value in packet/sec
BURST -- Do burst size, STATS -- Collect statistics
Instance 100 meter table information:
Meter entry count: 2
Meter entry 100 information:
Meter flags: KBPS
Band 1 information
Type: drop, rate: 1024kbps, burst size: 65536kb
Byte count: --, packet count: --
Referencedinformation:
Count: 3
Flow table: 0
Flow entry: 1, 2, 3
Meter entry 200 information:
Meter flags: KBPS
Band 1 information
Type: drop, rate: 10240kbps, burst size: 655360kb
Byte count: --, packet count: --
Referenced information:
Count: 0
Table 8 Command output
|
Field |
Description |
|
Group entry count |
Total number of meter entries included in the OpenFlow instance. |
|
Meter flags |
Flags configured for the meter: · KBPS—The rate value is in kbps. · PKTPS—The rate value is in pps. · BURST—The burst size field in the band is used and the length of the packet or byte burst is determined by the burst size. · STATS—Meter statistics are collected. |
|
Band |
Bands included in the meter. |
|
Type |
Type of the band: · drop—Discard the packet. · dscp remark—Modify the drop precedence of the DSCP field in the IP header of the packet. |
|
Rate |
Rate value above which the corresponding band applies to packets. |
|
Burst size |
Length of the packet or byte burst to consider for applying the meter. |
|
Byte count |
Number of bytes processed by a band. If this field is not supported, the field displays two hyphens (--). |
|
packet count |
Number of packets processed by a band. If this field is not supported, the field displays two hyphens (--). |
|
Referenced information |
Information about the meter entry referenced by flow entries. |
|
Count |
Total number of flow entries that reference the meter entry. |
|
Flow table |
Flow table to which the flow entries that reference the meter entry belong. |
|
Flow entry |
Flow entries that reference the meter entry. |
display openflow summary
Use display openflow summary to display brief OpenFlow instance information.
Syntax
display openflow instance summary
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display brief OpenFlow instance information.
<Sysname> display openflow summary
Fail-Open mode: Se -- secure mode, Sa -- standalone mode
ID Status Datapath-ID Channel Table-num Port-num Reactivate
1 Active 0x0000000100001221 Connected 2 8 Y
10 Inactive - - - - -
4094 Active 0x00000ffe00001221 Failed(Sa) 2 0 N
Table 9 Command output
|
Field |
Description |
|
ID |
ID of the OpenFlow instance. |
|
Status |
Activation status of the OpenFlow instance: · Active—The OpenFlow instance has been activated. · Inactive—The OpenFlow instance has not been activated. |
|
Datapath ID of the OpenFlow instance. If the OpenFlow instance is not activated, this field displays a hyphen (-). |
|
|
Channel |
Status of the connection channel to the controller: · Connected—A secure channel has been established. · Failed(Se)—The connection channel is disconnected from the controller, and the OpenFlow instance is in secure mode. · Failed(Sa)—The connection channel is disconnected from the controller, and the OpenFlow instance is in standalone mode. If the OpenFlow instance is not activated, this field displays a hyphen (-). |
|
Table-num |
Number of flow tables included in the OpenFlow instance. If the OpenFlow instance is not activated, this field displays a hyphen (-). |
|
Port-num |
Number of ports included in the OpenFlow instance. If the OpenFlow instance is not activated, this field displays a hyphen (-). |
|
Reactivate |
Whether the configuration for an OpenFlow instance is changed and whether the OpenFlow instance needs to be reactivated: · Y—The configuration is changed, and the OpenFlow instance needs to be reactivated. · N—The configuration is unchanged, and the OpenFlow instance does not need to be reactivated. |
fail-open mode
Use fail-open mode to set the connection interruption mode for an OpenFlow switch.
Use undo fail-open mode to restore the default.
Syntax
fail-open mode { secure | standalone }
undo fail-open mode
Default
The connection interruption mode is secure after an OpenFlow instance is activated, and the controller deploys the table-miss flow entry (the action is Drop) to the OpenFlow instance.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
secure: Configures the OpenFlow switch to use flow tables for traffic forwarding after it is disconnected from all controllers.
standalone: Configures the OpenFlow switch to use the normal forwarding process after it is disconnected from all controllers.
Examples
# Set the connection interruption mode to standalone for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] fail-open mode standalone
flow-entry max-limit
Use flow-entry max-limit to set the maximum number of entries for the extensibility flow table on an OpenFlow switch.
Use undo flow-entry max-limit to restore the default.
Syntax
flow-entry max-limit limit-value
undo flow-entry max-limit
Default
The extensibility flow table has a maximum of 65535 flow entries.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
limit-value: Specifies the maximum number of flow entries, in the range of 1 to 65535.
Examples
# Configure the extensibility flow table to have a maximum of 256 entries on OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] flow-entry max-limit 256
flow-table
Use flow-table to create a flow table for an OpenFlow instance.
Use undo flow-table to restore the default.
Syntax
flow-table { extensibility extensibility-table-id | mac-ip mac-ip-table-id }
undo flow-table
Default
An OpenFlow instance has an extensibility flow table with ID 0.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
extensibility extensibility-table-id: Specifies an extensibility flow table by its ID in the range of 0 to 254.
mac-ip mac-ip-table-id: Specifies a MAC-IP flow table by its ID in the range of 0 to 254.
Usage guidelines
You can create a MAC-IP flow table, an extensibility flow table, or both for an OpenFlow instance. If you execute this command multiple times, the most recent configuration takes effect.
Create flow tables for an OpenFlow instance before you activate the OpenFlow instance.
The ID you enter for extensibility flow table must be larger than the ID for MAC-IP flow table.
Examples
# Create a MAC-IP flow table with ID 0 and an extensibility flow table with ID 1 for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] flow-table mac-ip 0 extensibility 1
forbidden port
Use forbidden port to forbid an OpenFlow instance to report ports of the specified types to controllers.
Use undo forbidden port to restore the default.
Syntax
forbidden port { vlan-interface | vsi-interface | l3-physical-interface } *
undo forbidden port
Default
All ports that belong to an OpenFlow instance are reported to the controllers.
Views
OpenFlow instance view
Predefined user roles
network-admin
Parameters
vlan-interface: Specifies VLAN interfaces that belong to an OpenFlow instance.
vsi-interface: Specifies VSI interfaces that belong to an OpenFlow instance. This keyword does not take effect after it is configured.
l3-physical-interface: Specifies Layer 3 Ethernet interfaces that belong to an OpenFlow instance.
Examples
# Forbid OpenFlow instance 1 to report VLAN interfaces that belong to the OpenFlow instance to controllers.
[Sysname] openflow instance 1
[Sysname-of-inst-1] forbidden port vlan-interface
in-band management vlan
Use in-band management vlan to configure inband management VLANs for an OpenFlow instance.
Use undo in-band management vlan to remove the configuration.
Syntax
in-band management vlan { vlan-id [ to vlan-id ] } &<1-10>
Default
No inband management VLAN is configured for an OpenFlow instance.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
vlan-id: Specifies a VLAN ID in the range of 1 to 4094.
Usage guidelines
Traffic in inband management VLANs is forwarded in the normal forwarding process instead of the OpenFlow forwarding process.
Inband management VLANs are used by an OpenFlow instance to connect to controllers.
Examples
# Configure VLAN 10 as the inband management VLAN for OpenFlow instance 1.
[Sysname] openflow instance 1
[Sysname-of-inst-1] in-band management vlan 10
mac-ip dynamic-mac aware
Use mac-ip dynamic-mac aware to configure an OpenFlow instance to support dynamic MAC addresses.
Use undo mac-ip dynamic-mac aware to restore the default.
Syntax
mac-ip dynamic-mac aware
undo mac-ip dynamic-mac aware
Default
An OpenFlow instance ignores dynamic MAC address messages sent from controllers.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command configures an OpenFlow instance to support querying and deleting dynamic MAC addresses in only MAC-IP flow tables.
When this command is configured, the OpenFlow instance does not send change events for the dynamic MAC addresses to controllers.
Examples
# Configure OpenFlow instance 1 to support dynamic MAC addresses.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] mac-ip dynamic-mac aware
mac-learning forbidden
Use mac-learning forbidden to configure OpenFlow to forbid MAC address learning in VLANs associated with an OpenFlow instance.
Use undo mac-learning forbidden to restore the default.
Syntax
mac-learning forbidden
undo mac-learning forbidden
Default
MAC address learning is allowed for VLANs associated with an OpenFlow instance.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Examples
# Forbid MAC address learning in VLANs associated with OpenFlow instance 1.
[Sysname] openflow instance 1
[Sysname-of-inst-1] mac-learning forbidden
openflow instance
Use openflow instance to create an OpenFlow instance and enter OpenFlow instance view.
Use undo openflow instance to remove an OpenFlow instance.
Syntax
openflow instance instance-id
undo openflow instance instance-id
Default
No OpenFlow instance exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
Examples
# Create OpenFlow instance 1 and enter OpenFlow instance view.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1]
permit-port-type member-port
Use permit-port-type member-port to allow link aggregation member ports to be OpenFlow instance ports.
Use undo permit-port-type to restore the default.
Syntax
Default
Link aggregation member ports are not allowed to be OpenFlow instance ports.
Views
OpenFlow instance view
Predefined user roles
network-admin
Examples
# Configure OpenFlow instance 1 to allow link aggregation member ports to be OpenFlow instance ports.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] permit-port-type member-port
protocol-packet filter slow
Use protocol-packet filter slow to create a highest-priority flow entry for dropping slow protocol packets.
Use undo protocol-packet filter to restore the default.
Syntax
protocol-packet filter slow
undo protocol-packet filter
Default
An OpenFlow instance does not have a highest-priority flow entry for dropping slow protocol packets.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The slow protocols include LACP, LAMP, and OAM.
Examples
# Create a highest-priority flow entry for OpenFlow instance 1 to drop slow protocol packets.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] protocol-packet filter slow
reset openflow instance controller statistics
Use reset openflow instance controller statistics to clear statistics on packets that a controller sends and receives for an OpenFlow instance.
Syntax
reset openflow instance instance-id controller [ controller-id ] statistics
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
controller-id: Specifies a controller by its ID in the range of 0 to 63. If you do not specify a controller ID, this command clears statistics on packets that all controllers send and receive for an OpenFlow instance.
Examples
# Clear statistics on packets that all controllers send and receive for OpenFlow instance 1.
<Sysname> reset openflow instance 1 controller statistics
tcp dscp
Use tcp dscp to set a DSCP value for OpenFlow packets.
Use undo tcp dscp to restore the default.
Syntax
tcp dscp dscp-value
undo tcp dscp
Default
The DSCP value for OpenFlow packets is 10.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
dscp-value: Specifies a DSCP value for OpenFlow packets, in the range of 0 to 63.
Usage guidelines
This command takes effect only on OpenFlow packets over the main connection that the OpenFlow instance establishes with a controller through TCP.
Examples
# Set the DSCP value to 63 for OpenFlow packets.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] tcp dscp 63
