- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-Text | 179.19 KB |
OpenFlow commands
In this chapter, an OpenFlow switch is the same as an OpenFlow instance, unless otherwise specified.
active instance
Use active instance to activate or reactivate an OpenFlow instance.
Use undo active instance to deactivate an OpenFlow instance.
Syntax
active instance
undo active instance
Default
An OpenFlow instance is not activated.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
An OpenFlow instance takes effect only after it is activated.
Reactivating an OpenFlow instance refreshes the configuration data and interrupts communication with the controllers.
You can reactivate an OpenFlow instance by using the active instance command after you deactivate the OpenFlow instance by using the undo active instance command.
Examples
# Activate OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] active instance
classification global
Use classification global to enable the global mode for an OpenFlow instance.
Use undo classification to remove the configuration.
Syntax
classification global
undo classification
Default
An OpenFlow instance is in the VLAN mode.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
If you execute the classification global and classification vlan commands multiple times, the most recent configuration takes effect.
By default, an OpenFlow instance is in the VLAN mode. When an OpenFlow instance is associated with VLANs, the flow entries take effect only on packets within those VLANs.
When the global mode is enabled for an OpenFlow instance, the flow entries take effect on packets within the network. All interfaces on the device belong to the OpenFlow instance, including VLAN interfaces, Layer 2 or Layer 3 Ethernet interfaces.
Examples
# Enable the global mode for OpenFlow instance 1.
[Sysname] openflow instance 1
[Sysname-of-inst-1] classification global
Related commands
classification vlan
classification vlan
Use classification vlan to associate VLANs with an OpenFlow instance.
Use undo classification to cancel the association.
Syntax
classification vlan vlan-id [ mask vlan-mask ] [ loosen ]
undo classification
Default
An OpenFlow instance is not associated with any VLANs.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-id: Specifies the VLAN ID in the range of 1 to 4094.
vlan-mask: Specifies a VLAN mask in the range of 0 to 4095. The default value is 4095.
loosen: Specifies the loosen mode. If the loosen mode is used, a port belongs to the OpenFlow instance when VLANs associated with the OpenFlow instance overlap with the port's allowed VLANs. Otherwise, a port belongs to an OpenFlow instance only when VLANs associated with the OpenFlow instance are within the port's allowed VLAN list.
Usage guidelines
The system calculates the VLANs to be associated according to the specified VLAN ID and mask. To view the associated VLANs, use the display openflow instance command.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Associate an OpenFlow instance with a list of VLANs determined by VLAN ID 255 and VLAN mask 7.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] classification vlan 255 mask 7
Related commands
display openflow instance
controller address
Use controller address to specify a controller for an OpenFlow switch and configure the main connection to the controller.
Use undo controller address to remove the configuration.
Syntax
controller controller-id address ip ip-address [ port port-number ] [ local address ip ip-address [ port port-number ] ] [ ssl ssl-policy-name ] [ vrf vrf-name ]
undo controller controller-id address
Default
An OpenFlow instance does not have a main connection to a controller.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
controller-id: Specifies a controller by its ID in the range of 0 to 63.
ip ip-address: Specifies the IPv4 address of the controller or the device.
local address: Specifies the IPv4 address that the device uses to establish connections with the controller.
port port-number: Specifies the port number that the device or the controller uses to establish TCP connections between them. The value range for the port number is 1 to 65535. The default value is 6633.
ssl ssl-policy-name: Specifies the SSL client policy that the controller uses to authenticate the OpenFlow switch. The policy name is a case-insensitive string of 1 to 31 characters.
vrf vrf-name: Specifies the VPN to which the controller belongs. The VRF name is the VRF instance name of MPLS L3VPN and is a case-insensitive string of 1 to 31 characters.
Usage guidelines
You can specify multiple controllers for an OpenFlow switch. The OpenFlow channel between the OpenFlow switch and each controller can have only one main connection.
The OpenFlow switch exchanges control messages with a controller through the main connection to perform the following operations:
· Receive flow table entries or data.
· Report information to the controller.
Examples
# Specify controller 10 for OpenFlow instance 1. The controller's IP address is 1.1.1.1 and the port number is 6666.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] controller 10 address ip 1.1.1.1 port 6666
controller connect interval
Use controller connect interval to set the reconnection interval for an OpenFlow instance.
Use undo controller connect interval to restore the default.
Syntax
controller connect interval interval-value
undo controller connect interval
Default
The reconnection interval is 60 seconds for an OpenFlow instance.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
interval-value: Specifies the reconnection interval in the range of 10 to 120 seconds.
Usage guidelines
The OpenFlow instance waits a reconnection interval before it attempts to reconnect to a controller.
Examples
# Set the reconnection interval to 10 seconds for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] controller connect interval 10
controller echo-request interval
Use controller echo-request interval to set the connection detection interval for an OpenFlow switch.
Use undo controller echo-request interval to restore the default.
Syntax
controller echo-request interval interval-value
undo controller echo-request interval
Default
The connection detection interval is 5 seconds for an OpenFlow switch.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
interval-value: Specifies the connection detection interval in the range of 1 to 10 seconds.
Usage guidelines
The connection detection interval specifies the interval at which the OpenFlow switch sends an Echo Request message to a controller.
As a best practice to reduce the CPU load, set the connection detection interval to a large value.
Examples
# Set the connection detection interval to 10 seconds for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] controller echo-request interval 10
controller mode
Use controller mode to configure the connection mode for an OpenFlow instance to establish connections to controllers.
Use undo controller mode to restore the default.
Syntax
controller mode { multiple | single }
undo controller mode
Default
The connection mode is multiple.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
multiple: Configures the connection mode as multiple for the OpenFlow instance to establish connections to controllers.
single: Configures the connection mode as single for the OpenFlow instance to establish connections to controllers.
Usage guidelines
When the connection mode is single, an OpenFlow establishes a connection to only one controller at a time, and the other controllers back up the controller. When the connection is broken, the OpenFlow instance attempts to connect to the next controller until it successfully establishes a connection.
When the connection mode is multiple, an OpenFlow instance can establish connections to all controllers at a time. When one or more controllers fail or one or more controller connections are broken, the OpenFlow switch can operate correctly.
Examples
# Configure the connection mode as single for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] controller mode single
datapath-id
Use datapath-id to set the datapath ID for an OpenFlow instance.
Use undo datapath-id to restore the default.
Syntax
datapath-id datapath-id
undo datapath-id
Default
The datapath ID of an OpenFlow instance contains the instance ID and the bridge MAC address. The upper 16 bits are the instance ID and the lower 48 bits are the bridge MAC address.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
datapath-id: Specifies the datapath ID for an OpenFlow instance. The argument is a hexadecimal number and the value range is 1 to 0xFFFFFFFFFFFFFFFF.
Examples
# Set the datapath ID to 0x123456 for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] datapath-id 123456
description
Use description to set a description for an OpenFlow instance.
Use undo description to restore the default.
Syntax
description text
undo description
Default
An OpenFlow instance does not have a description.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
text: Specifies a description for the OpenFlow instance, which is a case-insensitive string of 1 to 255 characters and must start with an English letter.
Examples
# Set the description to test-desc for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] description test-desc
default table-miss permit
Use default table-miss permit to change the default action of table-miss flow entries to forward packets to the normal pipeline.
Use undo default table-miss permit to restore the default.
Syntax
default table-miss permit
undo default table-miss permit
Default
The default action of table-miss flow entries is to drop packets.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Examples
# Change the default action of table-miss flow entries to forward packets to the normal pipeline.
[Sysname] openflow instance 1
[Sysname-of-inst-1] default table-miss permit
display openflow controller
Use display openflow controller to display controller information for an OpenFlow instance.
Syntax
display openflow instance instance-id controller [ controller-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
controller-id: Specifies a controller by its ID in the range of 0 to 63. If no controller ID is specified, this command displays information about all controllers for an OpenFlow instance.
Usage guidelines
The controller information includes connection information and packet statistics.
Examples
# Display controller information for OpenFlow instance 100.
<Sysname> display openflow instance 100 controller
Instance 10 controller information:
Reconnect interval: 60 (s)
Echo interval : 5 (s)
Controller ID : 1
Controller IP address : 192.168.49.49
Controller port : 6633
Controller role : --
Connect type : TCP
Connect state : Idle
Packets sent : 0
Packets received : 0
SSL policy : --
VRF name : --
Table 1 Command output
Field |
Description |
Reconnection interval (in seconds) for an OpenFlow instance to reconnect to all controllers. |
|
Interval (in seconds) at which an OpenFlow instance sends an Echo Request message to all controller. |
|
IP address of the controller. |
|
TCP port number of the controller. |
|
Controller role |
Role of the controller: · Equal—The controller has the same mode as other controllers that are specified for the OpenFlow instance. · Master—The controller is the master controller for the OpenFlow instance. · Slave—The controller is a slave controller for the OpenFlow instance. If the controller is not configured with any role, this field displays two hyphens (--). |
Connect type |
Type of the connection between the OpenFlow instance and the controller: TCP or SSL. |
Connect state |
State of the connection between the OpenFlow instance and the controller: Idle or Established. |
Packets sent |
Number of packets that have been sent to the controller. |
Packets received |
Number of packets that have been received from the controller. |
SSL policy |
Name of the SSL client policy used for SSL connections. If no SSL client policy controller is configured, this field displays two hyphens (--). |
display openflow flow-table
Use display openflow flow-table to display flow table information for an OpenFlow instance.
Syntax
display openflow instance instance-id flow-table [ table-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
table-id: Specifies a flow table by its ID in the range of 0 to 254.
Usage guidelines
If you do not specify a flow table ID, the command displays information about all flow tables for the specified OpenFlow instance.
Examples
# Display information about all flow tables for OpenFlow instance 10.
<Sysname> display openflow instance 10 flow-table
Instance 10 flow table information:
Table 0 information:
Table type: MAC-IP, flow entry count: 1, total flow entry count: 2
MissRule (default) flow entry information:
cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: reset_counts
|no_pkt_counts|no_byte_counts, byte count: --, packet count: --
Match information: any
Instruction information:
Write actions:
Drop
Flow entry 1 information:
cookie: 0x0, priority: 1, hard time: 0, idle time: 0, flags: none,
byte count: --, packet count: --
Match information:
Ethernet destination MAC address: 0000-0000-0001
Ethernet destination MAC address mask: ffff-ffff-ffff
VLAN ID: 100, mask: 0xfff
Instruction information:
Write actions:
Output interface: XGE1/0/4
Write metadata/mask: 0x0000000000000001/0xffffffffffffffff
Goto table: 1
Table 1 information:
Table type: Extensibility, flow entry count: 2, total flow entry count: 2
MissRule Flow entry information:
cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: none,
byte count: --, packet count: 60
Match information: any
Instruction information:
Write actions:
Drop
Flow entry 1 information:
cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem
|check_overlap, byte count: --, packet count: 1
Match information:
Input interface: XGE1/0/3
Ethernet source MAC address: 0000-0000-0001
Ethernet source MAC address mask: ffff-ffff-ffff
Instruction information:
Set meter: 100
Apply actions:
Output interface: XGE1/0/4
Write actions:
Output interface: Controller, send length: 128 bytes
Table 2 Command output
Field |
Description |
Table type |
Type of the flow table: MAC-IP or Extensibility. |
flow entry count |
Number of flow entries deployed by controllers. |
total flow entry count |
Total number of flow entries in the table. |
cookie |
Cookie ID of the flow entry. |
priority |
Priority of the flow entry. A larger value indicates a higher priority. |
hard time |
Hard timeout of the flow entry, in seconds. The flow entry is aged out immediately after the hard timeout expires. If the flow entry has no hard timeout, the field displays 0. |
idle time |
Idle timeout of the flow entry, in seconds. The flow entry is aged out if no packet matches the entry within the idle timeout. If the flow entry has no idle timeout, the field displays 0. |
flags |
Flags that the flow entry includes: · flow_send_rem—Sends a flow removed message when the flow entry is removed or expires. · check_overlap—Checks for overlapping flow entries. · reset_counts—Resets flow table counters. · no_pkt_counts—Does not count packets. · no_byte_counts—Does not count bytes. If the flow entry does not include any flags, this field displays none. |
byte count |
Number of bytes that have matched the flow entry. |
packet count |
Number of packets that have matched the flow entry. |
Match information |
Contents in the Match field of the flow entry (see Table 3). |
Instruction information |
Contents in the Instruction field of the flow entry: · Set meter—Sends the matched packet to a specified meter. · Write metadata/mask—Writes the masked metadata value into the metadata fields of the matched packet. Metadata is used for passing messages between flow tables. · Write metadata mask—Mask of the metadata value to be written. · Goto table—Sends the matched packet to the next flow table for processing. · Clear actions—Immediately clears all actions in the action set of the matched packet. · Apply actions—Immediately applies specified actions in the action set of the matched packet. · Write actions—Writes specified actions into the action set of the matched packet. For more information about actions, see Table 4. |
Match field |
Match field mask |
Description |
Input interface |
N/A |
Ingress port (see Table 5). |
Physical input interface |
N/A |
Ingress physical port. |
Ethernet destination MAC address |
Mask |
Ethernet destination MAC address and mask. |
Ethernet source MAC address |
Mask |
Ethernet source MAC address and mask. |
Ethernet type |
N/A |
Ethernet type of the OpenFlow packet payload. |
VLAN ID |
Mask |
VLAN ID and mask. |
VLAN PCP |
N/A |
VLAN priority. |
IP DSCP |
N/A |
Differentiated Services Code Point (DSCP) value. |
IP ECN |
N/A |
Explicit Congestion Notification (ECN) value in the IP header. |
IP protocol |
N/A |
IPv4 protocol number. |
IPv4 source address |
Mask |
IPv4 source address and mask. |
IPv4 destination address |
Mask |
IPv4 destination address and mask. |
TCP source port |
Mask |
TCP source port and mask. |
TCP destination port |
Mask |
TCP destination port and mask. |
UDP source port |
Mask |
UDP source port and mask. |
UDP destination port |
Mask |
UDP destination port and mask. |
ICMPv4 type |
N/A |
ICMPv4 type. |
ICMPv4 code |
N/A |
ICMPv4 code. |
ARP source IPv4 address |
Mask |
Sender IPv4 address and mask in the ARP payload. |
ARP source MAC address |
Mask |
Sender MAC address and mask in the ARP payload. |
Field |
Description |
Drop |
Drops the matched packet. |
Output interface |
Sends the packet through a specified port. For more information about ports, see Table 5. |
send length |
Specifies the length of bytes to be taken from the packet and be sent to the controller. |
Group |
Specifies a group to process the packet. |
Set queue |
Maps the flow entry to a queue specified by ID. |
Set field |
Modifies a specific field of the packet. |
Port name |
Ingress port |
Output port |
Description |
Table |
Not supported. |
Supported. |
Start flow table in the OpenFlow workflow. |
Normal |
Not supported. |
Supported. |
Normal forwarding workflow of the switch. |
Flood |
Not supported. |
Supported. |
Flooding workflow. |
All |
Not supported. |
Supported. |
All ports. |
Controller |
Supported. |
Supported. |
Channel connected to the controller. |
Local |
Supported. |
Supported. |
Local CPU. |
XGE1/0/3 (port name) |
Supported. |
Supported. |
Name of a physical or logical port, such as a link aggregation port. |
display openflow group
Use display openflow group to display the group table information for an OpenFlow instance.
Syntax
display openflow instance instance-id group [ group-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
group-id: Specifies a group by its ID in the range of 0 to 4294967040. If this argument is not specified, the command displays information about all group entries of the OpenFlow instance.
Usage guidelines
The group entries are used by flow entries to make the OpenFlow device support more packet forwarding functions, for example, multicast and broadcast. Each group table contains multiple action buckets. The actions in the buckets of a group entry are performed for packets matching the group entry.
You cannot configure group entries on the OpenFlow devices. Instead, you can configure group entries on the controller and issue the group entries to the OpenFlow device.
Examples
# Display the group table information for OpenFlow instance 10.
<Sysname> display openflow instance 10 group
Instance 10 group table information:
Group count: 1
Group entry 1:
Type: All, byte count: 55116, packet count: 401
Bucket 1 information:
Action count 1, watch port: any, watch group: any
Byte count 55116, packet count 401
Output interface: XGE1/0/11
Bucket 2 information:
Action count 1, watch port: any, watch group: any
Byte count --, packet count --
Output interface: XGE1/0/12
Referenced information:
Count: 3
Flow table 0
Flow entry: 1, 2, 3
Table 6 Output description
Field |
Description |
Group count |
Number of group entries contained in the OpenFlow instance. |
Type |
Group table type. All indicates all buckets in the group are executed. This group is used for multicast or broadcast forwarding. |
Action count |
Number of actions in the action bucket. |
Byte count |
Number of bytes processed by the action bucket. Two hyphens (--) are displayed when the field is not supported. |
packet count |
Number of packets processed by the action bucket. Two hyphens (--) are displayed when the field is not supported. |
watch port |
Ports that affect the action bucket status. |
watch group |
Group table IDs of the ports that affect the action bucket status. |
Output interface |
Output interface in the group table. |
Information about the flow entries referencing group entries. |
|
Count |
Number of flow entries that reference group entries. |
Flow table |
ID of the flow table to which the flow entries referencing the group entries belong. |
IDs of flow entries referencing group entries. |
display openflow instance
Use display openflow instance to display the detailed information for an OpenFlow instance.
Syntax
display openflow instance [ instance-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
Examples
# Display the detailed information of OpenFlow instances.
<Sysname> display openflow instance
Instance 10 information:
Configuration information:
Description : test-desc
Active status : Active
Inactive configuration:
Classification: Global
Flow table:
Table ID(type): 0(MAC-IP)
Table ID(type): 1(Extensibility)
Default table-miss: Permit
Forbidden port: VLAN interface
Active configuration:
Classification : VLAN, loosen mode, total VLANs(1)
2
In-band management VLAN, total VLANs(0)
Empty VLAN
Connect mode: Multiple
Mac address learning: Enabled
Flow table:
Table ID(type): 0(MAC-IP), count: 0
Flow-entry max-limit: 65535
Datapath ID: 0x0000001234567891
Default table-miss: Drop
Forbidden port: None
Port information:
Ten-GigabitEthernet1/0/3
Active channel information:
Controller 1 IP address: 192.168.49.49 port: 6633
Controller 2 IP address: 192.168.43.49 port: 6633
Table 7 Command output
Field |
Description |
Description |
Description of the OpenFlow instance. |
Active status |
Activation status of the OpenFlow instance. |
Inactive configuration |
Inactive OpenFlow instance configuration. |
Active configuration |
Active OpenFlow instance configuration. |
Classification VLAN, loosen mode, total VLANs |
VLANs associated with the OpenFlow instance, the total number of these VLANs. |
In-band management VLAN, total VLANs |
Inband management VLANs and the total number of inband management VLANs. empty VLAN is displayed when no inband management VLAN is configured. |
Connect mode |
Connection mode for the OpenFlow instance to establish connections to controllers: · multiple—The connection mode is multiple for the OpenFlow instance to establish connections to controllers. · single—The connection mode is single for the OpenFlow instance to establish connections to controllers. |
Mac address learning |
Whether MAC address learning is enabled in the VLANs associated with the OpenFlow instance: · Enabled—MAC address learning is enabled in the VLANs associated with the OpenFlow instance. · Disabled—MAC address learning is disabled in the VLANs associated with the OpenFlow instance. |
Flow-entry max-limit |
Maximum number of flow entries allowed in the extensibility flow table. |
Datapath ID |
Datapath ID of the OpenFlow instance. |
Default table-miss |
Default action of the table-miss flow entry: · Permit—Forward packets to the normal pipeline. · Drop—Drop packets. |
Forbidden port |
Port types forbidden to be reported to controllers: · VLAN interface. · Virtual Switch Interface. |
Port information |
Ports added to the OpenFlow instance. |
Flow table |
Flow table information of the OpenFlow instance. |
Table ID(type) |
Flow table ID (flow table type). The flow table type can be MAC-IP or Extensibility. |
count |
Total number of flow entries in the flow table. |
Active channel information |
Information about active control channels. |
Controller id IP address: port: |
Brief information of controllers which have established connections to the OpenFlow instance. This field is displayed only when the OpenFlow instance has established connections to controllers. |
Failopen mode |
Connection interruption mode when the OpenFlow instance is disconnected from all controllers (this field is displayed only when the OpenFlow instance is disconnected from all controllers): · secure—The OpenFlow switch uses flow tables for traffic forwarding after it is disconnected from all controllers. · standalone—The OpenFlow switch uses the normal forwarding process after it is disconnected from all controllers. |
display openflow meter
Use display openflow meter to display meter entry information for an OpenFlow instance.
Syntax
display openflow instance instance-id meter [ meter-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
meter-id: Specifies a meter by its ID in the range of 0 to 4294901760. If no meter ID is specified, this command displays information about all meter entries for an OpenFlow instance.
Examples
# Display meter entry information for OpenFlow instance 10.
<Sysname> display openflow instance 10 meter
Meter flags: KBPS -- Rate value in kb/s, PKTPS -- Rate value in packet/sec
BURST -- Do burst size, STATS -- Collect statistics
Instance 10 meter table information:
meter entry count: 2
Meter entry 100 information:
Meter flags: KBPS
Band 1 information
Type: drop, rate: 1024, burst size: 65536
Byte count: --, packet count: 0
Referencedinformation:
Count: 3
Flow table: 0
Flow entry: 1, 2, 3
Meter entry 200 information:
Meter flags: KBPS
Band 1 information
Type: drop, rate: 10240, burst size: 655360
Byte count: --, packet count: --
Referenced information:
Count: 0
Table 8 Command output
Field |
Description |
Group entry count |
Total number of meter entries included in the OpenFlow instance. |
Meter flags |
Flags configured for the meter: · KBPS—The rate value is in kbps. · PKTPS—The rate value is in pps. · BURST—The burst size field in the band is used and the length of the packet or byte burst is determined by the burst size. · STATS—Meter statistics are collected. |
Band |
Bands included in the meter. |
Type |
Type of the band: · drop—Discard the packet. · dscp remark—Modify the drop precedence of the DSCP field in the IP header of the packet. |
Rate |
Rate value above which the corresponding band may apply to packets. |
Burst size |
Length of the packet or byte burst to consider for applying the meter. |
Byte count |
Number of bytes processed by a band. If this field is not supported, the field displays two hyphens (--). |
packet count |
Number of packets processed by a band. If this field is not supported, the field displays two hyphens (--). |
Referenced information |
Information about the meter entry referenced by flow entries. |
Count |
Total number of flow entries that reference the meter entry. |
Flow table |
Flow table to which the flow entries that reference the meter entry belong. |
Flow entry |
Flow entries that reference the meter entry. |
display openflow summary
Use display openflow summary to display summary OpenFlow instance information, including OpenFlow instance ID, activation status, and datapath ID.
Syntax
display openflow instance summary
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display summary information about OpenFlow instances.
<Sysname> display openflow summary
Fail Open mode: Se -- secure mode, Sa -- standalone mode
Reactive flags: Y -- Need active instance,
N -- Needn't active instance
ID Status Datapath-ID Channel Table-num Port-num Reactivate
1 active 0x0000000100001221 Connected 2 8 Y
10 deactive - - - - -
4094 active 0x00000ffe00001221 Failed(Sa) 2 0 N
Table 9 Command output
Field |
Description |
ID |
OpenFlow instance ID. |
Status |
Activation status of the OpenFlow instance: · active—The OpenFlow instance is active. · deactive—The OpenFlow instance is inactive. |
Datapath-ID |
Datapath ID of the OpenFlow instance. A hyphen (-) is displayed when the OpenFlow instance is inactive. |
Channel |
Status of the secure channel between the OpenFlow instance and the controller: · connected—The secure channel between the OpenFlow instance and the controller has been established. · Failed(Se)—The secure channel between the OpenFlow instance and the controller has been disconnected, and the OpenFlow instance is operating in secure mode. · Failed(Sa)—The channel between the OpenFlow instance and the controller has been disconnected, and the OpenFlow instance is operating in standalone mode. A hyphen (-) is displayed when the OpenFlow instance is inactive. |
Table-num |
Number of flow tables in the OpenFlow instance. A hyphen (-) is displayed when the OpenFlow instance is inactive. |
Port-num |
Number of ports belonging to the OpenFlow instance. A hyphen (-) is displayed when the OpenFlow instance is inactive. |
Reactivate |
Indicates whether the OpenFlow instance needs to be reactivated: · Y—The OpenFlow instance needs to be reactivated. · N—The OpenFlow instance does not need to be reactivated. A hyphen (-) is displayed when the OpenFlow instance is inactive. |
fail-open mode
Use fail-open mode to set the connection interruption mode for an OpenFlow switch.
Use undo fail-open mode to restore the default.
Syntax
fail-open mode { secure | standalone }
undo fail-open mode
Default
The connection interruption mode is secure, and the controller deploys the table-miss flow entry (the action is Drop) to the OpenFlow instance.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
secure: Configures the OpenFlow switch to use flow tables for traffic forwarding after it is disconnected from all controllers.
standalone: Configures the OpenFlow switch to use the normal forwarding process after it is disconnected from all controllers.
Examples
# Set the connection interruption mode to standalone for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] fail-open mode standalone
flow-entry max-limit
Use flow-entry max-limit to set the maximum number of entries for each extensibility flow table.
Use undo flow-entry max-limit to restore the default.
Syntax
flow-entry max-limit limit-value
undo flow-entry max-limit
Default
An extensibility flow table has a maximum of 65535 flow entries.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
limit-value: Specifies the maximum number of flow entries, in the range of 1 to 65535.
Examples
# Configure OpenFlow instance 1 to have a maximum of 256 entries in each extensibility flow table.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] flow-entry max-limit 256
flow-log disable
Use flow-log disable to disable logging for successful flow table modifications.
Use undo flow-log disable to restore the default.
Syntax
flow-log disable
undo flow-log disable
Default
Logging for successful flow table modifications is enabled.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command is available in Release 1138P01 and later versions.
Examples
# Disable logging for successful flow table modifications for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] flow-log disable
flow-table
Use flow-table to configure a flow table for an OpenFlow instance.
Use undo flow-table to restore the default.
Syntax
flow-table { extensibility extensibility-table-id | mac-ip mac-ip-table-id }*
undo flow-table
Default
An OpenFlow instance has an extensibility flow table whose ID is 0.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
extensibility extensibility-table-id: Specifies an extensibility flow table by its ID in the range of 0 to 254.
mac-ip mac-ip-table-id: Specifies a MAC-IP flow table by its ID in the range of 0 to 254.
Usage guidelines
You can specify only one MAC-IP flow table and one extensibility flow table for an OpenFlow instance. For an OpenFlow instance, the MAC-IP flow table ID must be smaller than the extensibility flow table ID.
Configure flow tables before you activate an OpenFlow instance.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure a MAC-IP flow table with ID 0 and an extensibility flow table with ID 1 for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] flow-table mac-ip 0 extensibility 1
forbidden port
Use forbidden port to forbid an OpenFlow instance to report ports of the specified types to controllers.
Use undo forbidden port to restore the default.
Syntax
forbidden port { vlan-interface | vsi-interface } *
undo forbidden port
Default
All ports that belong to an OpenFlow instance are reported to the controllers.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-interface: Forbids reporting VLAN interfaces that belong to an OpenFlow instance to controllers.
vsi-interface: Forbids reporting VSI interfaces that belong to an OpenFlow instance to controllers.
Examples
# Forbid OpenFlow instance 1 to report VLAN interfaces that belong to the OpenFlow instance to controllers.
[Sysname] openflow instance 1
[Sysname-of-inst-1] forbidden port vlan-interface
in-band management vlan
Use in-band management vlan to configure inband management VLANs.
Use undo in-band management vlan to restore the default.
Syntax
in-band management vlan vlan-list
undo in-band management vlan
Default
No inband management VLAN is configured for an OpenFlow instance.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan-list: Specifies a space-separated list of up to 10 VLAN items. Each item specifies a VLAN ID or a range of VLAN IDs in the form of vlan-id1 to vlan-id2. The value range for VLAN IDs is 1 to 4094. The value for the vlan-id2 argument must be equal to or greater than the value for the vlan-id1 argument.
Usage guidelines
The inband management VLANs must be a subset of the VLANs associated with the OpenFlow instance.
This command is applicable only to OpenFlow instances in VLAN mode.
Examples
# Configure VLAN 10 as an inband management VLAN in OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] in-band management vlan 10
mac-ip dynamic-mac aware
Use mac-ip dynamic-mac aware to configure OpenFlow to support dynamic MAC addresses.
Use undo mac-ip dynamic-mac aware to restore the default.
Syntax
mac-ip dynamic-mac aware
undo mac-ip dynamic-mac aware
Default
An OpenFlow instance ignores dynamic MAC address messages sent from controllers.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
When a MAC-IP flow table is configured for an OpenFlow switch, you can configure OpenFlow to support querying and deleting dynamic MAC addresses in the table.
When this command is configured, the OpenFlow switch does not send change events for the dynamic MAC addresses to controllers.
This command is applicable only to OpenFlow instances in VLAN mode.
Examples
# Configure OpenFlow instance 1 to support dynamic MAC addresses.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] mac-ip dynamic-mac aware
openflow instance
Use openflow instance to create an OpenFlow instance and enter OpenFlow instance view.
Use undo openflow instance to remove an OpenFlow instance.
Syntax
openflow instance instance-id
undo openflow instance instance-id
Default
No OpenFlow instance exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
Examples
# Create OpenFlow instance 1, and enter the OpenFlow instance view.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1]
permit-port-type member-port
Use permit-port-type member-port to allow link aggregation member ports to be in the deployed flow tables.
Use undo permit-port-type to remove the configuration.
Syntax
Default
Link aggregation member ports cannot be in the deployed flow tables.
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command is available in Release 1138P01 and later versions.
Examples
# Configure OpenFlow instance 1 to allow link aggregation member ports to be in the deployed flow tables.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] permit-port-type member-port
refresh ip-flow
Use refresh ip-flow to refresh all Layer 3 flow entries in the MAC-IP flow table for an OpenFlow instance.
Syntax
refresh ip-flow
Views
OpenFlow instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command is available in Release 1138P01 and later versions.
Examples
# Refresh all Layer 3 flow entries in the MAC-IP flow table for OpenFlow instance 1.
<Sysname> system-view
[Sysname] openflow instance 1
[Sysname-of-inst-1] refresh ip-flow
reset openflow instance controller statistics
Use reset openflow instance controller statistics to clear statistics about packets that a controller sends and receives for an OpenFlow instance.
Syntax
reset openflow instance instance-id controller [ controller-id ] statistics
Views
User view
Predefined user roles
network-admin
mdc-admin
mdc-operator
Parameters
instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.
controller-id: Specifies a controller by its ID in the range of 0 to 63. If you do not specify this argument, the command clears statistics about packets that all controllers send and receive for an OpenFlow instance.
Examples
# Clear statistics about packets that all controllers send and receive for OpenFlow instance 1.
active instance,1
classification global,1
classification vlan,2
controller address,3
controller connect interval,4
controller echo-request interval,4
controller mode,5
datapath-id,6
default table-miss permit,7
description,6
display openflow controller,8
display openflow flow-table,9
display openflow group,13
display openflow instance,14
display openflow meter,16
display openflow summary,18
fail-open mode,19
flow-entry max-limit,20
flow-log disable,20
flow-table,21
forbidden port,22
in-band management vlan,22
mac-ip dynamic-mac aware,23
openflow instance,24
permit-port-type member-port,24
refresh ip-flow,25
reset openflow instance controller statistics,25