16-OpenFlow Command Reference

HomeSupportSwitchesS6800 SeriesReference GuidesCommand ReferencesH3C S6800 Switch Series Command References-Release 26xx-6W10716-OpenFlow Command Reference
Table of Contents
Related Documents
01-OpenFlow commands
Title Size Download
01-OpenFlow commands 218.26 KB

OpenFlow commands

active instance

Use active instance to activate an OpenFlow instance.

Use undo active instance to deactivate an OpenFlow instance.

Syntax

active instance

undo active instance

Default

An OpenFlow instance is not activated.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

If the VLAN configuration or flow table configuration of an activated OpenFlow instance is changed, use this command to reactivate the instance. After the OpenFlow instance is reactivated, it re-establishes connections to controllers if the OpenFlow instance was connected to the controllers before the reactivation.

Examples

# Activate OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] active instance

classification

Use classification to configure the OpenFlow instance mode.

Use undo classification to restore the default.

Syntax

classification { global | vlan vlan-id [ mask vlan-mask ] [ loosen ] }

undo classification

Default

The OpenFlow instance mode is not configured.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

global: Specifies the global mode.

vlan: Specifies the VLAN mode.

vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

vlan-mask: Specifies a VLAN mask in the range of 0 to 4095. The default value is 4095.

loosen: Specifies the loosen mode. If the loosen mode is used, a port belongs to the OpenFlow instance when VLANs associated with the OpenFlow instance overlap with the port's allowed VLANs. If you do not specify the loosen mode, a port belongs to an OpenFlow instance only when VLANs associated with the OpenFlow instance are within the port's allowed VLAN list.

Usage guidelines

The VLANs to be associated are calculated by a bitwise AND operation on the specified VLAN ID and mask. The VLAN mask supports non-contiguous 1s and ignores all 0 bits. To view the associated VLANs, use the display openflow instance command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Enable the VLAN mode for OpenFlow instance 1 and associate OpenFlow instance 1 with VLANs determined by VLAN ID 255 and VLAN mask 7.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] classification vlan 255 mask 7

Related commands

display openflow instance

controller address

Use controller address to specify a controller for an OpenFlow switch and configure the main connection to the controller.

Use undo controller address to delete the main connection to the specified controller.

Syntax

controller controller-id address { ip ipv4-address | ipv6 ipv6-address } [ port port-number ] [ local address { ip local-ipv4-address | ipv6 local-ipv6-address } [ port local-port-number ] ] [ ssl ssl-policy-name ] [ vrf vrf-name ]

undo controller controller-id address

Default

An OpenFlow instance does not have a main connection to a controller.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

controller-id: Specifies a controller by its ID in the range of 0 to 63.

ip ipv4-address: Specifies the IPv4 address of the controller.

ipv6 ipv6-address: Specifies the IPv6 address of the controller.

port port-number: Sets the port number used by the controller to establish TCP connections to the OpenFlow switch. The value range for the port number is 1 to 65535. The default value is 6633.

local address: Specifies the source IP address used to establish TCP connections to the controller. When multiple routes are available between a controller and a switch, you can use this keyword to configure a source IP address for the switch. When the switch restarts or an active/standby switchover occurs, the switch can use the original route to reconnect to the controller without selecting a new route.

ip local-ipv4-address: Specifies the source IPv4 address.

ipv6 local-ipv6-address: Specifies the source IPv6 address.

port local-port-number: Specifies the source port number in the range of 1 to 65535. If you do not specify this option, the system automatically assigns a source port number for establishing the main connection to the controller.

ssl ssl-policy-name: Specifies the SSL client policy that the controller uses to authenticate the OpenFlow switch. The ssl-policy-name argument is a case-insensitive string of 1 to 31 characters. You must configure a separate SSL client policy for the main connection to each controller.

vrf vrf-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VRF name, the controller is in the public network.

Usage guidelines

You can specify multiple controllers for an OpenFlow switch. The OpenFlow channel between the OpenFlow switch and each controller can have only one main connection.

The OpenFlow switch uses the main connection to a controller to exchange control messages with the controller to perform the following operations:

·     Receive flow table entries or data from the controller.

·     Report information to the controller.

As a best practice, configure a unicast IP address for a controller. An OpenFlow switch might fail to establish a connection with the controller that does not use a unicast IP address.

As a best practice, configure a unicast source IP address that is the IP address of a port belonging to the OpenFlow instance. If the source IP address is not a unicast address of a port belonging to the OpenFlow instance, the OpenFlow switch might fail to establish a connection with the controller.

Examples

# Specify controller 1 for OpenFlow instance 1. The controller's IP address is 1.1.1.1 and the port number is 6666.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] controller 1 address ip 1.1.1.1 port 6666

controller auxiliary

Use controller auxiliary to specify a controller for an OpenFlow switch and configure an auxiliary connection to the controller.

Use undo controller auxiliary to delete the specified auxiliary connection to the specified controller.

Syntax

controller controller-id auxiliary auxiliary-id transport { tcp | udp | ssl ssl-policy-name } [ address { ip ipv4-address | ipv6 ipv6-address } ] [ port port-number ]

undo controller id auxiliary auxiliary-id

Default

An OpenFlow instance does not have auxiliary connections to a controller.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

controller-id: Specifies a controller by its ID in the range of 0 to 63.

auxiliary auxiliary-id: Specifies an auxiliary connection ID in the range of 1 to 255.

transport: Specifies the transport layer protocol.

tcp: Specifies TCP connections.

udp: Specifies UDP connections.

ssl ssl-policy-name: Specifies the SSL client policy that the controller uses to authenticate the OpenFlow switch. The ssl-policy-name argument is a case-insensitive string of 1 to 31 characters.

ip ipv4-address: Specifies the IPv4 address of the controller.

ipv6 ipv6-address: Specifies the IPv6 address of the controller.

port port-number: Sets the port number used to establish TCP connections to the controller. The value range for the port number is 1 to 65535. The default value is 6633.

Usage guidelines

The OpenFlow channel might have one main connection and multiple auxiliary connections. Auxiliary connections are used to improve the communication performance between the controller and OpenFlow switches.

Make sure the configuration of an auxiliary connection does not conflict with the configuration of the main connection. Otherwise, the auxiliary connection cannot be established.

An auxiliary connection can have a different destination IP address and port number than the main connection. If no destination IP address and port number are specified, the auxiliary connection uses the destination IP address and port number configured for the main connection.

Examples

# Specify controller 1 for OpenFlow instance 1 and configure auxiliary connection 1 to the controller.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] controller 10 auxiliary 1 transport tcp

controller connect interval

Use controller connect interval to set the interval for an OpenFlow instance to reconnect to a controller.

Use undo controller connect interval to restore the default.

Syntax

controller connect interval interval

undo controller connect interval

Default

An OpenFlow instance reconnects to a controller every 60 seconds.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

interval: Specifies the reconnection interval in the range of 1 to 120 seconds.

Examples

# Configure OpenFlow instance 1 to reconnect to a controller every 10 seconds.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] controller connect interval 10

controller echo-request interval

Use controller echo-request interval to set the echo request interval for an OpenFlow switch.

Use undo controller echo-request interval to restore the default.

Syntax

controller echo-request interval interval

undo controller echo-request interval

Default

The echo request interval is 5 seconds for an OpenFlow switch.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

interval: Specifies the echo request interval in the range of 1 to 10 seconds.

Examples

# Set the echo request interval to 10 seconds for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] controller echo-request interval 10

controller mode

Use controller mode to set the controller mode for an OpenFlow instance.

Use undo controller mode to restore the default.

Syntax

controller mode { multiple | single }

undo controller mode

Default

The controller mode is multiple.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

multiple: Specifies the multiple mode.

single: Specifies the single mode.

Usage guidelines

In single mode, the OpenFlow switch connects to only one controller at a time. When communication with the current controller fails, the OpenFlow instance connects to the controller with the lowest ID among the rest controllers.

In multiple mode, the OpenFlow switch simultaneously connects to all controllers. If one or more controllers become invalid or disconnected, the OpenFlow switch continues to exchange messages with the rest of the controllers.

Examples

# Set all controllers of OpenFlow instance 1 to operate in single mode.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] controller mode single

datapath-id

Use datapath-id to set the datapath ID for an OpenFlow instance.

Use undo datapath-id to restore the default.

Syntax

datapath-id id

undo datapath-id

Default

The datapath ID of an OpenFlow instance contains the instance ID and the bridge MAC address of the device. The lower 16 bits are the instance ID and the upper 48 bits are the bridge MAC address of the device.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

id: Specifies the datapath ID for the OpenFlow instance, in the range of 1 to ffffffffffffffff in hexadecimal format.

Examples

# Set the datapath ID to 123456 for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] datapath-id 123456

default table-miss permit

Use default table-miss permit to change the default action of table-miss flow entries to forward packets to the normal pipeline.

Use undo default table-miss permit to restore the default.

Syntax

default table-miss permit

undo default table-miss permit

Default

The default action of a table-miss flow entry is to drop packets.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

With the default table-miss permit command configured for an OpenFlow instance, all table-miss flow entries of the OpenFlow instance forward packets to the normal pipeline.

When the default table-miss permit command is not configured for an OpenFlow instance, the following rules apply:

·     In versions earlier than R2612, all table-miss flow entries of the OpenFlow drop packets.

·     In R2612 and later versions, two serial extensibility flow tables are supported.

¡     The default action of the table-miss flow entry in extensibility table 1 is Goto-Table.

¡     The default action of the table-miss flow entries in the other flow tables is to drop packets.

Examples

# Configure the default action of table-miss flow entries to forward packets to the normal pipeline.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] default table-miss permit

description

Use description to configure a description for an OpenFlow instance.

Use undo description to restore the default.

Syntax

description text

undo description

Default

An OpenFlow instance does not have a description.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 255 characters.

Examples

# Configure the description as test-desc for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] description test-desc

display openflow

Use display openflow to display controller information for an OpenFlow instance.

Syntax

display openflow instance instance-id { controller [ controller-id ] | listened }

 Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

controller-id: Specifies a controller by its ID in the range of 0 to 63. If you do not specify a controller ID, this command displays information about all controllers for an OpenFlow instance.

listened: Specifies the client that connects to the server that is enabled for the OpenFlow instance.

Examples

# Display controller information for OpenFlow instance 100.

<Sysname> display openflow instance 100 controller

OpenFlow instance ID: 100

 Reconnect interval : 60 (s)

 Echo interval      : 5  (s)

 

 Controller ID           : 1

 Controller IP address   : 192.168.49.49

 Controller port         : 6633

 Local IP address        : 192.0.0.1

 Local port              : 5566

 Controller role         : Equal

 Connect type            : TCP

 Connect state           : Established

 Packets sent            : 9

 Packets received        : 9

 SSL policy              : --

 VRF name                : --

Table 1 Command output

Field

Description

Reconnect interval

Reconnection interval (in seconds) for an OpenFlow instance to reconnect to all controllers.

Echo interval

Connection detection interval (in seconds) at which an OpenFlow instance sends an echo request message to all controllers.

Controller IP address

IP address of the controller.

Controller port

TCP port number of the controller.

Local IP address

Source IP address of the controller that is connected to the OpenFlow instance.

Local port

Source TCP port number of the current controller.

Controller role

Role of the controller:

·     Equal—The controller has the same mode as other controllers that are specified for the OpenFlow instance.

·     Master—The controller is the master controller for the OpenFlow instance.

·     Slave—The controller is a subordinate controller for the OpenFlow instance.

If the controller is not configured with any role, this field displays two hyphens (--).

Connect type

Type of the connection between the OpenFlow instance and the controller: TCP or SSL.

Connect state

State of the connection between the OpenFlow instance and the controller: Idle or Established.

Packets sent

Number of packets that have been sent to the controller.

Packets received

Number of packets that have been received from the controller.

SSL policy

Name of the SSL client policy used for SSL connections.

If no SSL client policy is configured, this field displays two hyphens (--).

VRF name

Name of the MPLS L3VPN to which the controller belongs.

If no MPLS L3VPN instance is configured, this field displays two hyphens (--).

 

display openflow auxiliary

Use display openflow auxiliary to display auxiliary connection information and statistics about received and sent packets for an OpenFlow instance.

Syntax

display openflow instance instance-id auxiliary [ controller-id [ auxiliary auxiliary-id ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

controller-id: Specifies a controller by its ID in the range of 0 to 63.

auxiliary auxiliary-id: Specifies an auxiliary connection by its ID in the range of 1 to 255.

Examples

# Display auxiliary connection information for OpenFlow instance 100.

<Sysname> display openflow instance 100 auxiliary

Controller ID: 1    Auxiliary connection number: 2

 Auxiliary connection ID : 1

  Controller IP address  : 192.168.49.48

  Controller port        : 6633

  Connect type           : TCP

  Connect state          : Established

  Packets sent           : 9

  Packets received       : 9

  SSL policy             : --

 

 Auxiliary connection ID : 2

  Controller IP address  : 192.168.49.49

   Controller port       : 6633

   Connect type          : TCP

   Connect state         : Established

   Packets sent          : 9

   Packets received      : 9

   SSL policy            : --

Table 2 Command output

Field

Description

Auxiliary connection number

Total number of auxiliary connections.

Auxiliary connection ID

ID of an auxiliary connection.

Controller IP address

IP address of the controller.

Controller port

TCP port number of the controller.

Connect type

Type of the connection between the OpenFlow instance and the controller: TCP UDP, or SSL.

Connect state

State of the connection between the OpenFlow instance and the controller: Idle or Established.

Packets sent

Number of packets that have been sent to the controller.

Packets received

Number of packets that have been received from the controller.

SSL policy

Name of the SSL client policy used for SSL connections.

If no SSL client policy is configured, this field displays two hyphens (--).

 

display openflow flow-table

Use display openflow flow-table to display flow table information for an OpenFlow instance.

Syntax

display openflow instance instance-id flow-table [ table-id ]

 Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

table-id: Specifies a flow table by its ID in the range of 0 to 254. If you do not specify a flow table ID, the command displays information about all flow tables for the specified OpenFlow instance.

Examples

# Display information about all flow tables for OpenFlow instance 100.

<Sysname> display openflow instance 100 flow-table

Instance 100 flow table information:

 

Table 0 information:

 Table type: MAC-IP, flow entry count: 1, total flow entry count: 2

 

MissRule (default) flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: reset_counts

 |no_pkt_counts|no_byte_counts, byte count: --, packet count: --

Match information: any

Instruction information:

 Write actions:

  Drop

 

Flow entry rule 1 information:

 cookie: 0x0, priority: 1, hard time: 0, idle time: 0, flags: none,

 byte count: --, packet count: --

Match information:

 Ethernet destination MAC address: 0000-0000-0001

 Ethernet destination MAC address mask: ffff-ffff-ffff

 VLAN ID: 100, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: XGE1/0/4

 Write metadata/mask: 0x0000000000000001/0xffffffffffffffff

 Goto table: 1

 

Table 1 information:

 Table type: Extensibility, flow entry count: 2, total flow entry count: 2

 

MissRule (default) flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: none,

 byte count: 300, packet count: 60

Match information: any

Instruction information:

 Write actions:

  Drop

 

Flow entry rule 1 information: (Not effective)

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem

 |check_overlap, byte count: 8, packet count: 1

Match information:

 Input interface: XGE1/0/3

 Ethernet source MAC address: 0000-0000-0001

 Ethernet source MAC address mask: ffff-ffff-ffff

Instruction information:

 Set meter: 100

 Apply actions:

  Output interface: XGE1/0/4

 Write actions:

  Output interface: Controller, send length: 128 bytes

Table 3 Command output

Field

Description

Table information

Information about the flow table.

Table type

Type of the flow table: MAC-IP or Extensibility.

flow entry count

Number of flow entries deployed by the controller.

total flow entry count

Total number of flow entries in the table.

Flow entry rule information

Information about the flow entry. If the flow entry does not take effect, this field displays Not effective.

cookie

Cookie ID of the flow entry.

priority

Priority of the flow entry. The larger the value, the higher the priority.

hard time

Hard timeout of the flow entry, in seconds. The flow entry is removed when the timer times out, whether or not the flow entry matches any data stream.

If the flow entry has no hard timeout, the field displays 0.

idle time

Idle timeout of the flow entry, in seconds. The flow entry is removed if the flow entry does not match any data stream during the idle time.

If the flow entry has no idle timeout, the field displays 0.

flags

Flags that the flow entry includes:

·     flow_send_rem—Sends a flow removed message when the flow entry is removed or expires.

·     check_overlap—Checks for overlapping flow entries.

·     reset_counts—Resets flow table counters.

·     no_pkt_counts—Does not count packets.

·     no_byte_counts—Does not count bytes.

If the flow entry does not include any flags, this field displays none.

byte count

Number of bytes that have matched the flow entry.

packet count

Number of packets that have matched the flow entry.

Match information

Contents of the match field of the flow entry (see Table 4).

Instruction information

Contents of the instruction set of the flow entry:

·     Set meter—Sends the matched packet to a specific meter.

·     Goto table—Sends the matched packet to the next flow table for processing.

·     Clear actions—Immediately clears all actions in the action set.

·     Apply actions—Immediately applies specified actions in the action set.

·     Write actions—Writes specified actions into the current action set.

For more information about actions, see Table 5.

 

Table 4 Match field types

Field

Mask field

Description

Input interface

N/A

Ingress port (see Table 6).

Physical input interface

N/A

Ingress physical port.

Metadata

Metadata mask

Metadata and mask.

Ethernet destination MAC address

Ethernet destination MAC address mask

Ethernet destination MAC address and mask.

Ethernet source MAC address

Ethernet source MAC address mask

Ethernet source MAC address and mask.

Ethernet type

N/A

Ethernet type of the OpenFlow packet payload.

VLAN ID

Mask

VLAN ID and mask.

VLAN PCP

N/A

VLAN priority.

IP DSCP

N/A

Differentiated Services Code Point (DSCP) value.

IP ECN

N/A

Explicit Congestion Notification (ECN) value in the IP header.

IP protocol

N/A

IPv4 or IPv6 protocol number.

IPv4 source address

Mask

IPv4 source address and mask.

IPv4 destination address

Mask

IPv4 destination address and mask.

TCP source port

Mask

TCP source port and mask.

TCP destination port

Mask

TCP destination port and mask.

UDP source port

Mask

UDP source port and mask.

UDP destination port

Mask

UDP destination port and mask.

ICMPv4 type

N/A

ICMPv4 type.

ICMPv4 code

N/A

ICMPv4 code.

ARP source IPv4 address

Mask

Sender IPv4 address and mask in the ARP payload.

ARP source MAC address

ARP source MAC address mask

Sender MAC address and mask in the ARP payload.

IPv6 source address

IPv6 source address mask

Source IPv6 address and mask.

IPv6 destination address

IPv6 destination address mask

Destination IPv6 address and mask.

IPv6 flow label

Mask

IPv6 flow label and mask.

ICMPv6 type

N/A

ICMPv6 type.

ICMPv6 code

N/A

ICMPv6 code.

Output interface

N/A

Output port.

VRF index

N/A

VPN index.

Fragment

N/A

Fragment.

Physical output interface

N/A

Output physical port.

CVLAN ID

Mask

CVLAN ID and mask.

Experimenter

N/A

Extension matching fields. Address ID represents the unique identifier of an address.

 

Table 5 Actions

Field

Description

Drop

Drops the matched packet. This action is not defined in the OpenFlow specifications.

Output interface

Sends the packet through a specific port. For more information about ports, see Table 6.

send length

Specifies the max length of bytes to be taken from the packet and sent to the controller.

This field appears only when the reserved port of the controller type is specified as the output port.

Group

Specifies a group table to process the packet.

Set queue

Maps the flow entry to a queue specified by its ID.

Set field

Modifies a field of the packet.

 

Table 6 Ports

Port name

Ingress port

Output port

Description

Normal

Not supported.

Supported.

Processing the packet by using the normal forwarding process.

Flood

Not supported.

Supported.

Flooding the packet.

Controller

Supported.

Supported.

Sending the packet to the controller.

Local

Supported.

Supported.

Sending the packet to the local CPU.

Any

Not supported.

Not supported.

Special value used in some OpenFlow commands when you do not specify a port.

port name

Supported.

Supported.

Valid physical or logical port on the switch.

 

display openflow group

Use display openflow group to display group entry information for an OpenFlow instance.

Syntax

display openflow instance instance-id group [ group-id ]

 Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

group-id: Specifies a group by its ID in the range of 0 to 4294967040. If you do not specify a group ID, this command displays information about all group entries for an OpenFlow instance.

Examples

# Display group entry information for OpenFlow instance 100.

<Sysname> display openflow instance 100 group

Instance 100 group table information:

 Group count: 2

 

Group entry 103:

 Type: All, byte count: 55116, packet count: 401

 Bucket 1 information:

Action count 1, watch port: any, watch group: any

Byte count 55116, packet count 401

 

  Output interface: BAGG100

 Bucket 2 information:

 Action count 1, watch port: any, watch group: any

  Byte count --, packet count --

  Output interface: Controller, send length: 128 bytes

 Referenced information:

  Count: 3

  Flow table 0

  Flow entry: 1, 2, 3

 

Group entry 104:

 Type: All, byte count: 0, packet count: 0

 Bucket 1 information:

  Action count 1, watch port: any, watch group: any

  Byte count --, packet count --

  Output interface: Controller, send length: 128 bytes

 Referenced information:

  Count: 0

Table 7 Command output

Field

Description

Group count

Total number of group entries included in the OpenFlow instance.

Type

Type of the group entry:

·     All—Executes all buckets in the group. This group is used for multicast or broadcast forwarding.

·     Select—Executes one bucket in the group.

·     Indirect—Executes the one defined bucket in the group.

·     Fast failover—Executes the first live bucket.

Bucket

Buckets included in the group table.

Action count

Number of actions included in the bucket.

Byte count

Number of bytes processed by a group or by a bucket.

If this field is not supported, the field displays two hyphens (--).

packet count

Number of packets processed by a group or by a bucket.

If this field is not supported, the field displays two hyphens (--).

watch port

Port whose state affects whether this bucket is live.

watch group

Group whose state affects whether this bucket is live.

Output interface

Output interface included in the group entry.

Referenced information

Information about the group entry used by flow entries.

Count

Total number of flow entries that use the group entry.

Flow table

Flow table to which the flow entries that use the group entry belong.

Flow entry

Flow entries that use the group entry.

 

display openflow instance

Use display openflow instance to display detailed information about an OpenFlow instance.

Syntax

display openflow instance [ instance-id ]

 Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094. If you do not specify an instance ID, this command displays detailed information about all OpenFlow instances.

Examples

# Display detailed information about OpenFlow instance 100.

<Sysname> display openflow instance 100

Instance 100 information:

 

Configuration information:

 Description   : test-desc

 Active status : Active

 Inactive configuration:

  None

 Active configuration:

  Classification: VLAN, loosen mode, total VLANs(1)

   2

  In-band management VLAN, total VLANs(0)

   Empty VLAN

  Connect mode: Multiple

  MAC address learning: Disabled

  TCP DSCP value: 10

  Flow table:

   Table ID(type): 0(MAC-IP), count: 0

  Flow-entry max-limit: 65535

  Datapath ID: 0x0000001234567891

  Default table-miss: Drop

  Forbidden port: None

  Qinq Network: Disabled

  TCP connection backup: Enabled

Port information:

 Ten-GigabitEthernet1/0/3

Active channel information:

 Controller 1 IP address: 192.168.49.49  port: 6633

 Controller 2 IP address: 192.168.43.49  port: 6633

Table 8 Command output

Field

Description

Configuration information

Information about the configuration.

Description

Description of the OpenFlow instance.

Active status

OpenFlow instance status: Active or Inactive.

Inactive configuration

Inactive configuration for the OpenFlow instance.

Active configuration

Active configuration for the OpenFlow instance.

Classification: VLAN, total VLANs

VLANs that are associated with the OpenFlow instance and the total number of these VLANs.

loose mode

The loose mode is used.

In-band management VLAN, total VLANs

Inband management VLANs and the total number of them.

Connect mode

Connection mode of the controller:

·     Single—The OpenFlow instance connects to only one controller at a time.

·     Multiple—The OpenFlow instance can simultaneously connect to multiple controllers.

MAC address learning

Whether MAC address learning is disabled: Enabled or Disabled.

TCP DSCP value

DSCP value for OpenFlow packets.

Flow table

Flow table information for the OpenFlow instance.

Table ID(type)

Type of the flow table: MAC-IP or Extensibility.

count

Total number of flow entries included in the current flow table.

Flow-entry max-limit

Maximum number of flow entries allowed in the extensibility flow table.

Datapath ID

Datapath ID of the OpenFlow instance.

Default table-miss

Default action of the table-miss flow entry: Permit or Drop.

Forbidden port

Type of interfaces that are forbidden to be reported to the controller:

·     L3 Physical Interface—Layer 3 Ethernet interfaces and Layer 3 aggregate interfaces.

·     VLAN interface.

Qinq Network

Whether the OpenFlow instance is enabled to perform QinQ tagging for double-tagged packets passing an extensibility flow table:

·     Disabled.

·     Enabled.

TCP connection backup

Whether OpenFlow connection backup is enabled:

·     Disabled.

·     Enabled.

Port information

Ports that have been added to the OpenFlow instance.

Active channel information

Information about active channels.

IP address

IP address of the controller configured for the OpenFlow instance.

Port

TCP port number that is used to connect to the controller.

Failopen mode

Connection interruption mode for the OpenFlow instance:

·     Standalone.

·     Smart.

·     Secure.

 

display openflow meter

Use display openflow meter to display meter entry information for an OpenFlow instance.

Syntax

display openflow instance instance-id meter [ meter-id ]

 Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

meter-id: Specifies a meter by its ID in the range of 1 to 4294901760. If you do not specify a meter ID, this command displays information about all meter entries for an OpenFlow instance.

Examples

# Display meter entry information for OpenFlow instance 100.

<Sysname> display openflow instance 100 meter

Meter flags: KBPS  -- Rate value in kb/s, PKTPS -- Rate value in packet/sec

             BURST -- Do burst size,      STATS -- Collect statistics

 

Instance 100 meter table information:

 meter entry count: 2

 

Meter entry 100 information:

 Meter flags: KBPS

 Band 1 information

 Type: drop, rate: 1024, burst size: 65536

 Byte count: --, packet count: --

 Referenced information:

  Count: 3

  Flow table: 0

  Flow entry: 1, 2, 3

 

Meter entry 200 information:

 Meter flags: KBPS

 Band 1 information

 Type: drop, rate: 10240, burst size: 655360

 Byte count: --, packet count: --

 Referenced information:

  Count: 0

Table 9 Command output

Field

Description

Group entry count

Total number of meter entries that the OpenFlow instance has.

Meter flags

Flags configured for the meter:

·     KBPS—The rate value is in kbps.

·     PKTPS—The rate value is in pps.

·     BURST—The burst size field in the band is used and the length of the packet or byte burst is determined by the burst size.

·     STATS—Meter statistics are collected.

Band

Bands contained in the meter.

Type

Type of the band:

·     dropDiscard the packet.

·     dscp remarkModify the drop precedence of the DSCP field in the IP header of the packet.

Rate

Rate value above which the corresponding band applies to packets.

Burst size

Length of the packet or byte burst to consider for applying the meter.

Byte count

Number of bytes processed by a band.

If this field is not supported, the field displays two hyphens (--).

packet count

Number of packets processed by a band.

If this field is not supported, the field displays two hyphens (--).

Referenced information

Information about the meter entry used by flow entries.

Count

Total number of flow entries that use the meter entry.

Flow table

Flow table to which the flow entries that use the meter entry belong.

Flow entry

Flow entries that use the meter entry.

 

display openflow summary

Use display openflow summary to display brief OpenFlow instance information.

Syntax

display openflow summary

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display brief OpenFlow instance information.

<Sysname> display openflow summary

Fail-open mode: Se - Secure mode, Sa - Standalone mode

 

ID    Status    Datapath-ID         Channel    Table-num  Port-num  Reactivate

1     Active    0x0000000100001221  Connected  2          8         N

10    Inactive  -                   -          -          -         -

4094  Active    0x00000ffe00001221  Failed(Sa) 2          0         N

Table 10 Command output

Field

Description

ID

OpenFlow instance ID.

Status

Activation status of the OpenFlow instance:

·     Active—The OpenFlow instance has been activated.

·     Inactive—The OpenFlow instance has not been activated.

Datapath-ID

Datapath ID of the OpenFlow instance.

If the OpenFlow instance is not activated, this field displays a hyphen (-).

Channel

Status of the OpenFlow channel to the controller:

·     Connected—An OpenFlow channel has been established.

·     Failed(Se)—The OpenFlow channel is disconnected from the controller, and the OpenFlow instance uses the secure connection interruption mode.

·     Failed(Sm)—The OpenFlow channel is disconnected from the controller, and the OpenFlow instance uses the smart connection interruption mode.

·     Failed(Sa)—The OpenFlow channel is disconnected from the controller, and the OpenFlow instance uses the standalone connection interruption mode.

If the OpenFlow instance is not activated, this field displays a hyphen (-).

Table num

Number of flow tables that the OpenFlow instance has.

If the OpenFlow instance is not activated, this field displays a hyphen (-).

Port num

Number of ports that belong to the OpenFlow instance.

If the OpenFlow instance is not activated, this field displays a hyphen (-).

Reactivate

Whether the OpenFlow instance is required to be reactivated. N indicates the configuration is unchanged and the OpenFlow instance is not required to be reactivated.

If the OpenFlow instance is not activated, this field displays a hyphen (-).

 

fail-open mode

Use fail-open mode to set the connection interruption mode for an OpenFlow switch.

Use undo fail-open mode to restore the default.

Syntax

fail-open mode { secure | smart | standalone }

undo fail-open mode

Default

The connection interruption mode is secure, and the controller deploys the table-miss flow entry (the action is Drop) to the OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

secure: Configures the OpenFlow switch to use flow tables for traffic forwarding after it is disconnected from all controllers. If the output action in a matching flow entry is to forward traffic to a controller, the traffic is discarded.

smart: Configures the OpenFlow switch to use flow tables for traffic forwarding after it is disconnected from all controllers. If the output action in a matching flow entry is to forward traffic to a controller, the traffic is forwarded in normal process.

standalone: Configures the OpenFlow switch to use the normal forwarding process after it is disconnected from all controllers.

Examples

# Set the connection interruption mode to standalone for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] fail-open mode standalone

flow-entry max-limit

Use flow-entry max-limit to set the maximum number of entries for the extensibility flow table on an OpenFlow switch.

Use undo flow-entry max-limit to restore the default.

Syntax

flow-entry max-limit limit-value

undo flow-entry max-limit

Default

The extensibility flow table can have a maximum of 65535 flow entries.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the maximum number of flow entries. The value range for this argument is 1 to 65535.

Usage guidelines

If the number of extensibility flow table entries deployed from a controller to an OpenFlow switch exceeds the maximum, the switch sends a deployment failure notification to the controller.

Examples

# Configure OpenFlow instance 1 to have a maximum of 256 entries in the extensibility flow table.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] flow-entry max-limit 256

flow-log disable

Use flow-log disable to disable logging for successful flow table modifications.

Use undo flow-log disable to restore the default.

Syntax

flow-log disable

undo flow-log disable

Default

Logging for successful flow table modifications is enabled.

Views

OpenFlow instance view

Predefined user roles

network-admin

Examples

# Disable logging for successful flow table modifications for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] flow-log disable

flow-table

Use flow-table to create a flow table for an OpenFlow instance.

Use undo flow-table to restore the default.

Syntax

flow-table { [ ingress-vlan ingress-table-id ] [ { extensibility extensibility-table-id }&<1-2> | mac-ip mac-ip-table-id ] * [ egress-vlan egress-table-id ] }

undo flow-table

Default

An OpenFlow instance has an extensibility flow table with ID 0.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

ingress-vlan ingress-table-id: Specifies a VLAN tagging flow table by its ID in the range of 0 to 254. If you specify this option, the device tags all incoming packets matching the table.

extensibility extensibility-table-id: Specifies an extensibility flow table by its ID in the range of 0 to 254.

mac-ip mac-ip-table-id: Specifies a MAC-IP flow table by its ID in the range of 0 to 254.

egress-vlan egress-table-id: Specifies a VLAN untagging flow table by its ID in the range of 0 to 254. If you specify this option, the device untags all outgoing packets matching the table.

Usage guidelines

Only R2612 and later versions support two serial extensibility flow tables.

Create flow tables for an OpenFlow instance before you activate the OpenFlow instance.

If you execute this command multiple times, the most recent configuration takes effect.

The ID you enter for an extensibility flow table must be larger than the ID for an MAC-IP flow table.

If you specify the ingress-vlan ingress-table-id option, make sure the VLAN tagging flow table has the smallest ID among all flow tables. If you specify the egress-vlan egress-table-id option, make sure the VLAN untagging flow table has the largest ID among all flow tables. The VLAN tagging flow table and untagging flow table take effect only when the following conditions are met:

·     The OpenFlow instance is configured to perform QinQ tagging for double-tagged packets passing an extensibility flow table.

·     The OpenFlow instance uses the standalone connection interruption mode.

Examples

# Create a MAC-IP flow table with ID 0 and an extensibility flow table with ID 1 for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] flow-table mac-ip 0 extensibility 1

Related commands

qinq-network enable

forbidden packet-in arp controller

Use forbidden packet-in arp controller to configure controllers to which ARP packets are forbidden to be reported.

Use undo forbidden packet-in arp controller to restore the default.

Syntax

forbidden packet-in arp controller controller-id-list

undo forbidden packet-in arp controller [ controller-id-list ]

Default

No controllers to which ARP packets are forbidden to be reported are configured.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

controller-id-list: Specifies a space-separated list of a maximum of 10 controller items. Each item specifies a controller ID or a range of controller IDs in the form of controller-id1 to controller-id2. The value range for controller IDs is 0 to 63. The value for the controller-id2 argument must be equal to or greater than the value for the controller-id1 argument. If you do not specify the controller-id-list argument, the undo form of this command restores all configuration of this feature to the default.

Examples

# Forbid the device not to report ARP packets to controller 0.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] forbidden packet-in arp controller 0

forbidden port

Use forbidden port to forbid an OpenFlow instance from reporting ports of the specified types to controllers.

Use undo forbidden port to restore the default.

Syntax

forbidden port { l3-physical-interface | vlan-interface } *

undo forbidden port

Default

All ports that belong to an OpenFlow instance are reported to the controllers.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

l3-physical-interface: Specifies Layer 3 Ethernet interfaces and Layer 3 aggregate interfaces that belong to an OpenFlow instance.

vlan-interface: Specifies VLAN interfaces that belong to an OpenFlow instance.

Examples

# Forbid OpenFlow instance 1 from reporting VLAN interfaces that belong to the OpenFlow instance to controllers.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] forbidden port vlan-interface

in-band management vlan

Use in-band management vlan to configure inband management VLANs for an OpenFlow instance.

Use undo in-band management vlan to restore the default.

Syntax

in-band management vlan { vlan-id [ to vlan-id ] } &<1-10>

undo in-band management vlan

Default

No inband management VLANs are configured for an OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

Usage guidelines

By default, traffic in VLANs associated with an OpenFlow instance is forwarded in OpenFlow forwarding process. The OpenFlow instance cannot use these VLANs to connect to the controller.

You can use this command to specify inband management VLANs for an OpenFlow instance. Traffic in inband management VLANs is forwarded in the normal forwarding process instead of the OpenFlow forwarding process. Inband management VLANs are used by an OpenFlow instance to connect to controllers.

Examples

# Configure VLAN 10 as the inband management VLAN for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] in-band management vlan 10

listening port

Use listening port to enable an SSL server for an OpenFlow instance.

Use undo listening port to restore the default.

Syntax

listening port port-number ssl ssl-policy-name

undo listening port

Default

No SSL server is enabled for an OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

port-number: Specifies the SSL server port number in the range of 1 to 65535.

ssl ssl-policy-name: Specifies the SSL server policy name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

Typically, an OpenFlow instance acts as the TCP/SSL client and actively connects to the controller (SSL server).

You can configure this feature to enable an SSL server for an OpenFlow instance. After an SSL server is enabled for an OpenFlow instance, the controller acts as an SSL client and actively connects to the OpenFlow instance.

To re-configure the SSL server, first execute the undo form of the command to delete the existing SSL server configuration.

Examples

# Enable an SSL server with the port number 20000 for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] listening port 20000 ssl ssl_name

loop-protection enable

Use loop-protection enable to enable loop guard for an OpenFlow instance.

Use undo loop-protection enable to restore the default.

Syntax

loop-protection enable

undo loop-protection enable

Default

Loop guard is disabled for an OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

After an OpenFlow instance is deactivated, loops might occur in VLANs associated with the OpenFlow instance. To avoid loops, you can enable loop guard for the OpenFlow instance. This feature enables the deactivated OpenFlow instance to create a flow entry for dropping all traffic in theses VLANs.

Examples

# Enable loop guard for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] loop-protection enable

mac-ip dynamic-mac aware

Use mac-ip dynamic-mac aware to configure an OpenFlow instance to support dynamic MAC addresses.

Use undo mac-ip dynamic-mac aware to restore the default.

Syntax

mac-ip dynamic-mac aware

undo mac-ip dynamic-mac aware

Default

An OpenFlow instance does not support dynamic MAC addresses and ignores dynamic MAC address messages sent from controllers.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

This command configures an OpenFlow instance to support querying and deleting dynamic MAC addresses in only MAC-IP flow tables. The OpenFlow instance does not send change events for the dynamic MAC addresses to controllers.

Examples

# Configure OpenFlow instance 1 to support dynamic MAC addresses.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] mac-ip dynamic-mac aware

mac-learning forbidden

Use mac-learning forbidden to configure OpenFlow to forbid MAC address learning in VLANs associated with an OpenFlow instance.

Use undo mac-learning forbidden to restore the default.

Syntax

mac-learning forbidden

undo mac-learning forbidden

Default

MAC address learning is allowed for VLANs associated with an OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Examples

# Forbid MAC address learning in VLANs associated with OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] mac-learning forbidden

openflow instance

Use openflow instance to create an OpenFlow instance and enter its view, or enter the view of an existing OpenFlow instance.

Use undo openflow instance to remove an OpenFlow instance.

Syntax

openflow instance instance-id

undo openflow instance instance-id

Default

No OpenFlow instances exist.

Views

System view

Predefined user roles

network-admin

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

Examples

# Create OpenFlow instance 1 and enter OpenFlow instance view.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1]

openflow lossless enable

Use openflow lossless enable to enable packet loss prevention for OpenFlow forwarding.

Use undo openflow lossless enable to disable packet loss prevention for OpenFlow forwarding.

Syntax

openflow lossless enable

undo openflow lossless enable

Default

Packet loss prevention for OpenFlow forwarding is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

In R2612 and later versions, when packet loss prevention is enabled, the device drops a packet that meets the following conditions:

·     The output action of the packet is to forward the packet in the normal forwarding process.

·     The interface associated with the normal forwarding process is configured with an ACL to drop the packet.

Packet loss prevention ensures successful OpenFlow forwarding without packet loss. In an OpenFlow network, packet loss might occur on the switch during the flow entry deployment process. Packet loss then causes OpenFlow forwarding errors. For example, traffic is mistakenly sent to controllers and the controllers deploy faulty flow entries.

When this feature is enabled, the OpenFlow matching ability is decreased. For example, packets cannot be matched by IPv6 address.

Do not enable this feature in non-OpenFlow networks. Otherwise, the forwarding efficiency and matching ability might be decreased.

After you enable or disable packet loss prevention on a switch, save the configuration and restart the switch to make the configuration take effect.

Examples

# Enable packet loss prevention for OpenFlow forwarding.

<Sysname> system-view

[Sysname] openflow lossless enable

 Enable lossless traffic function? [Y/N]:y

 For the setting to take effect, save the configuration, and then reboot the device.

openflow normal-forward vlan

Use openflow normal-forward vlan to exclude the specified VLANs from the VLANs in which traffic is forwarded in the OpenFlow forwarding process.

Use undo openflow normal-forward vlan to restore the default.

Syntax

openflow normal-forward vlan { vlan-id [ to vlan-id ] } &<1-10>

undo openflow normal-forward vlan

Default

No VLANs are excluded from the VLANs in which traffic is forwarded in the OpenFlow forwarding process.

Views

System view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

Usage guidelines

The VLANs to be associated with an OpenFlow instance are calculated by a bitwise AND operation on the VLAN ID and mask. Use this command to exclude VLANs in which traffic is required to be forwarded in the normal forwarding process from the calculated VLANs. Traffic in the excluded VLANs is forwarded in the normal forwarding process instead of the OpenFlow forwarding process.

Examples

# Exclude VLAN 10 from the VLANs in which traffic is forwarded in the OpenFlow forwarding process.

<Sysname> system-view

[Sysname] openflow normal-forward vlan 10

openflow shutdown

Use openflow shutdown to shut down an interface by OpenFlow.

Use undo openflow shutdown to restore the default.

Syntax

openflow shutdown

undo openflow shutdown

Default

An interface is not shut down by OpenFlow.

Views

Layer 2 Ethernet interface view

Layer 3 Ethernet interface view

Layer 2 aggregate interface view

Predefined user roles

network-admin

Usage guidelines

Only R2612 and later versions support this command in Layer 3 Ethernet interface view and Layer 2 aggregate interface view.

After an interface is shut down by OpenFlow, the Current state field displays OFP DOWN in the display interface command output.

You can use the undo openflow shutdown command to bring up an interface shut down by OpenFlow. The interface can also be brought up by port modification messages from controllers.

Examples

# Shut down Ten-GigabitEthernet 1/0/1 by OpenFlow.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] openflow shutdown

permit-port-type member-port

Use permit-port-type member-port to allow link aggregation member ports to be in the deployed flow tables.

Use undo permit-port-type to restore the default.

Syntax

permit-port-type member-port

undo permit-port-type

Default

Link aggregation member ports cannot be in the deployed flow tables.

Views

OpenFlow instance view

Predefined user roles

network-admin

Examples

# Configure OpenFlow instance 1 to allow link aggregation member ports to be in the deployed flow tables.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] permit-port-type member-port

precedence dynamic arp

Use precedence dynamic arp to allow dynamic ARP entries to overwrite OpenFlow ARP entries.

Use undo precedence dynamic to restore the default.

Syntax

precedence dynamic arp

undo precedence dynamic arp

Default

An OpenFlow instance does not allow dynamic ARP entries to overwrite OpenFlow ARP entries.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

This command increases the precedence of dynamic ARP entries to overwrite OpenFlow ARP entries.

OpenFlow ARP entries are generated based only on the MAC-IP flow table of an OpenFlow instance.

Examples

# Configure OpenFlow instance 1 to allow dynamic ARP entries to overwrite OpenFlow ARP entries.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] precedence dynamic arp

protocol-packet filter slow

Use protocol-packet filter slow to create a highest-priority flow entry for dropping slow protocol packets.

Use undo protocol-packet filter to restore the default.

Syntax

protocol-packet filter slow

undo protocol-packet filter

Default

An OpenFlow instance does not have a highest-priority flow entry for dropping slow protocol packets.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

The flow entry created by using this command has a higher priority than the flow entries deployed by controllers.

The slow protocols include LACP, LAMP, and OAM.

Examples

# Create a highest-priority flow entry for OpenFlow instance 1 to drop slow protocol packets.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] protocol-packet filter slow

qinq-network enable

Use qinq-network enable to enable an OpenFlow instance to perform QinQ tagging for double-tagged packets passing an extensibility flow table.

Use undo qinq-network enable to restore the default.

Syntax

qinq-network enable

undo qinq-network enable

Default

A double-tagged packet becomes single-tagged after it passes an extensibility flow table.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

Execute this command to make double-tagged packets keep double-tagged after the packets pass an extensibility flow table.

Examples

# Enable OpenFlow instance 1 to perform QinQ tagging for double-tagged packets passing an extensibility flow table.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] qinq-network enable

Related commands

flow-table

refresh ip-flow

Use refresh ip-flow to refresh all Layer 3 flow entries in the MAC-IP flow tables for an OpenFlow instance.

Syntax

refresh ip-flow

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

Layer 3 flow entries in the MAC-IP flow tables might be overwritten. In such cases, you can use this command to obtain all Layer 3 flow entries in the MAC-IP flow tables from the controller again.

Examples

# Refresh all Layer 3 flow entries in the MAC-IP flow tables for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] refresh ip-flow

reset openflow instance statistics

Use reset openflow instance statistics to clear statistics on packets that a controller sends and receives for an OpenFlow instance.

Syntax

reset openflow instance instance-id { controller [ controller-id ] | listened } statistics

 Views

User view

Predefined user roles

network-admin

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

controller-id: Specifies a controller by its ID in the range of 0 to 63. If you do not specify a controller ID, this command clears statistics on packets that all controllers send and receive for an OpenFlow instance.

listened: Specifies the client that connects to the server enabled for the OpenFlow instance.

Examples

# Clear statistics on packets that all controllers send and receive for OpenFlow instance 1.

<Sysname> reset openflow instance 1 controller statistics

tcp dscp

Use tcp dscp to set a DSCP value for OpenFlow packets.

Use undo tcp dscp to restore the default.

Syntax

tcp dscp dscp-value

undo tcp dscp

Default

The DSCP value for OpenFlow packets is not set.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value for OpenFlow packets, in the range of 0 to 63.

Examples

# Set the DSCP value to 63 for OpenFlow packets.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] tcp dscp 63

tcp-connection backup

Use tcp-connection backup to enable OpenFlow connection backup.

Use undo tcp-connection backup to disable OpenFlow connection backup.

Syntax

tcp-connection backup

undo tcp-connection backup

Default

OpenFlow connection backup is enabled.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

This command enables an OpenFlow instance to back up OpenFlow connections established over TCP. This prevents connection interruption when an active/standby switchover occurs.

Examples

# Disable OpenFlow connection backup for OpenFlow instance 1.

<Sysname> system-view

[Sysname] openflow instance 1

[Sysname-of-inst-1] undo tcp-connection backup

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网