Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 02-H3C_OpenFlow_Based_Multicast_NAT_Configuration_Examples | 93.22 KB |
|
|
|
H3C OpenFlow-Based Multicast NAT |
|
Configuration Examples |
|
|
|
|
Software version: Release 7595
Document version: 6W100-20201031
Copyright © 2020 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Introduction
This document provides examples for configuring OpenFlow-based multicast NAT.
OpenFlow-based multicast NAT use OpenFlow flow entries and group entries to implement on-demand forwarding of packets from multicast sources on the public network to different receivers in private networks. Based on the flow entries and group entries, the device translates the IP address, port number, VLAN, and MAC address of the packets to those of the receivers in private networks.
Prerequisites
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of OpenFlow, NAT, and multicast.
Example: Configuring OpenFlow-based multicast NAT
Network configuration
As shown in Figure 1, Source 1 on the Internet sends video traffic. Host A in VLAN 4 and Host B in VLAN 5 request to receive the video traffic. Configure the controller to issue an OpenFlow flow entry and group entry to Switch A to implement multicast NAT:
· Switch A performs NAT on the public packets from Source 1.
· Switch A sends the unicast packets from Source 1 to both Host A and Host B.
In this example, the controller is an Open vSwitch (OVS) controller.
Table 1 Network parameters for the devices
|
Device name |
MAC address |
IP address |
UDP port number |
|
Source 1 |
00:02:fc:00:22:2b |
11.110.5.100 |
6457 |
|
Host A |
00:e0:4c:68:0e:d4 |
192.168.4.2 |
4488 |
|
Host B |
00:50:56:c0:00:08 |
192.168.5.2 |
2356 |
Analysis
Make sure Switch A and the controller can reach each other so that the OpenFlow instance can establish an OpenFlow channel with the controller. In this example, Switch A uses the management interface to communicate with the controller.
For the receiver hosts to receive traffic from the source, deploy the controller to issue the OpenFlow group entry that meets the following requirements:
· Switch A can use the group entry to match packets from Source 1.
· Switch A can use the group entry to change the VLAN ID, destination IP address, destination MAC address, and destination UDP number of the matching packets to those of Host A and Host B.
· Switch A can use the group entry to forward the matching packets out of Ten-GigabitEthernet 1/0/4 and Ten-GigabitEthernet 1/0/5.
Procedures
Configuring Switch A
# Create VLAN 4, VLAN 5, and VLAN 4081.
<SwitchA> system-view
[SwitchA] vlan 4 5 4081
# Configure Ten-GigabitEthernet 1/0/1 as a trunk port and assign the port to VLAN 4081.
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 4081
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# Configure Ten-GigabitEthernet 1/0/4 as a trunk port and assign the port to VLAN 4.
[SwitchA] interface ten-gigabitethernet 1/0/4
[SwitchA-Ten-GigabitEthernet1/0/4] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/4] port trunk permit vlan 4
[SwitchA-Ten-GigabitEthernet1/0/4] quit
# Configure Ten-GigabitEthernet 1/0/5 as a trunk port and assign the port to VLAN 5.
[SwitchA] interface ten-gigabitethernet 1/0/5
[SwitchA-Ten-GigabitEthernet1/0/5] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/5] port trunk permit vlan 5
[SwitchA-Ten-GigabitEthernet1/0/5] quit
# Configure M-GigabitEthernet 0/0/0 on Switch A for communicating with the controller.
[SwitchA] interface M-GigabitEthernet 0/0/0
[SwitchA-M-GigabitEthernet0/0/0] ip address 172.16.147.136 255.255.0.0
[SwitchA-M-GigabitEthernet0/0/0] quit
# Create OpenFlow instance 1 and configure it to operate in global mode.
[SwitchA] openflow instance 1
[SwitchA-of-inst-1] classification global
# Specify controller 0 with IP address 172.16.147.101 for OpenFlow instance 1 and activate the instance.
[SwitchA-of-inst-1] controller 0 address ip 172.16.147.101
[SwitchA-of-inst-1] active instance
[SwitchA-of-inst-1] quit
Configuring the OVS switch
# Issue group entry 1 that contains the following buckets to OpenFlow instance 1:
· Bucket 1 that contains the following actions:
¡ Send the packets out of Ten-GigabitEthernet 1/0/4.
¡ Change the following fields in the packets: VLAN ID (4), destination MAC address (00:e0:4c:68:0e:d4), destination IP address (192.168.4.2), and destination UDP port number (4488).
· Bucket 2 that contains the following actions:
¡ Send the packets out of Ten-GigabitEthernet 1/0/5.
¡ Change the following fields in the packets: VLAN ID (5), destination MAC address (00:50:56:c0:00:08), destination IP address (192.168.5.2), and destination UDP port number (2356).
[root@openflowvm:~/controller0]# ./ovs-appctl send_group_str 'command(add),type(
all),group_id(1),bucket(actions(output(742),set_field(vlan_vid(4+1)),set_field(eth_dst(00:e0:4c:68:0e:d4)),set_field(ipv4_dst(192.168.4.2)),set_field(udp_dst(4488)))),bucket(actions(output(743),set_field(vlan_vid(5+1)),set_field(eth_dst(00:50:56:c0:00:08)),set_field(ipv4_dst(192.168.5.2)),set_field(udp_dst(2356))))'
22:46:56|tcp:172.16.147.136:4425: sent (Success): OFPT_GROUP_MOD (xid:31, len:16
0)
22:46:56|OFPT_GROUP_MOD (xid:31)
# Group_Mod
|- command = add
|- type = all
|- group_id = 1
|- bucket
|- weight = 0
|- watch_port = any
|- watch_group = any
|- actions
|- output,742 [max_len = 128]
|- set_field,vlan_vid,4+1
|- set_field,eth_dst,00:e0:4c:68:0e:d4
|- set_field,ipv4_dst,192.168.4.2
|- set_field,udp_dst,4488
|- bucket
|- weight = 0
|- watch_port = any
|- watch_group = any
|- actions
|- output,743 [max_len = 128]
|- set_field,vlan_vid,5+1
|- set_field,eth_dst,00:50:56:c0:00:08
|- set_field,ipv4_dst,192.168.5.2
|- set_field,udp_dst,2356
[root@openflowvm:~/controller0]#
# Issue flow entry 1 of table 0 to OpenFlow instance 1. The flow entry contains the following match fields: input port Ten-GigabitEthernet 1/0/1, VLAN ID 4081, source IP address 10.110.5.100, source MAC address 00:02:fc:00:22:2b, and source UDP port 6457. Group entry 1 is specified to process the matching packets.
[root@openflowvm:~/controller0]# ./ovs-appctl send_flow_str 'command(add),table_
id(0),priority(1),match(in_port(739),vlan_vid(4081+1),eth_src(00:02:fc:00:22:2b),eth_type(0x800),ipv4_src(10.110.5.100),ip_proto(17),udp_src(6457)),instruction(write_actions(group(1)))'
23:08:24|tcp:172.16.147.136:4425: sent (Success): OFPT_FLOW_MOD (xid:35, len:120
)
23:08:24|OFPT_FLOW_MOD (xid:35)
# Flow_Mod (48)
|- cookie = 0x0000000000000000
|- cookie_mask = 0x0000000000000000
|- table_id = 0
|- command = add
|- idle_timeout = 0
|- hard_timeout = 0
|- priority = 1
|- buffer_id = no_buffer
|- out_port = any
|- out_group = any
|- flags = 0
|- match
|- in_port,739
|- vlan_vid,4081+1
|- eth_src,00:02:fc:00:22:2b
|- eth_type,0x0800
|- ipv4_src,10.110.5.100
|- ip_proto,17
|- udp_src,6457
|- instructions
|- write_actions
|- group,1
[root@openflowvm:~/controller0]#
Verifying the configuration
# Display group entry information for OpenFlow instance 1.
[SwitchA] display openflow instance 1 group
Instance 1 group table information:
Group count: 1
Group entry 1:
Type: All, byte count: 0, packet count: 0
Bucket 1 information:
Action count 2, watch port: any, watch group: any
Byte count 0, packet count 0
Set field:
Ethernet destination MAC address: 00e0-4c68-0ed4
VLAN ID: 4
IPv4 destination address: 192.168.4.2
UDP destination port: 4488
Output interface: XGE1/0/4
Bucket 2 information:
Action count 2, watch port: any, watch group: any
Byte count 0, packet count 0
Set field:
Ethernet destination MAC address: 0050-56c0-0008
VLAN ID: 5
IPv4 destination address: 192.168.5.2
UDP destination port: 2356
Output interface: XGE1/0/5
Referenced information:
Count: 1
Flow table: 0
Flow entry: 1
The output shows that OpenFlow instance 1 has created the group entry issued by the OVS controller. Group entry 1 is to set the specified fields in matching packets and send the modified packets out of Ten-GigabitEthernet 1/0/4 and Ten-GigabitEthernet 1/0/5.
# Display information about all flow tables for OpenFlow instance 1.
[SwitchA] display openflow instance 1 flow
Instance 1 flow table information:
Table 0 information:
Table type: Extensibility, flow entry count: 1, total flow entry count: 2
MissRule (default) flow entry information:
cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: reset_counts,
byte count: 383689, packet count: 3330
Create time:19:07:20 01/06/2019, Last modified time:19:07:20 01/06/2019
Match information: any
Instruction information:
Write actions:
Drop
Flow entry 1 information:
cookie: 0x0, priority: 1, hard time: 0, idle time: 0, flags: none,
byte count: 0, packet count: 0
Create time:19:30:33 01/06/2019, Last modified time:19:30:33 01/06/2019
Match information:
Input interface: XGE1/0/1
Ethernet source MAC address: 0002-fc00-222b
Ethernet source MAC address mask: ffff-ffff-ffff
Ethernet type: 0x0800
VLAN ID: 4081, mask: 0xfff
IP protocol: 17
IPv4 source address: 10.110.5.100, mask: 255.255.255.255
UDP source port: 6457, mask: 0xffff
Instruction information:
Write actions:
Group: 1
The output shows that OpenFlow instance 1 has created the flow entry issued by the OVS controller in table 0. The instance will use the flow entry to match packets from Source 1 and use group entry 1 to process the matching packets.
Configuration files
· Switch A:
#
interface M-GigabitEthernet0/0/0
ip address 172.16.147.136 255.255.0.0
#
openflow instance 1
classification global
controller 0 address ip 172.16.147.101
active instance
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 4081
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 4
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 5
#
Related documentation
· H3C S10500X Switch Series OpenFlow Configuration Guide-R759X
· H3C S10500X Switch Series OpenFlow Command Reference-R759X
