Contents

Introduction· 1

Prerequisites· 1

Example: Configuring OpenFlow-based multicast NAT· 1

Network configuration· 1

Analysis· 2

Applicable hardware and software versions· 2

Procedures· 3

Configuring Switch A· 3

Configuring the OVS switch· 4

Verifying the configuration· 5

Configuration files· 7

 

Introduction

This document provides examples for configuring OpenFlow-based multicast NAT.

OpenFlow-based multicast NAT use OpenFlow flow entries and group entries to implement on-demand forwarding of packets from multicast sources on the public network to different receivers in private networks. Based on the flow entries and group entries, the device translates the IP address, port number, VLAN, and MAC address of the packets to those of the receivers in private networks.

Prerequisites

The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

This document assumes that you have basic knowledge of OpenFlow, NAT, and multicast.

Example: Configuring OpenFlow-based multicast NAT

Network configuration

As shown in Figure 1, Source 1 on the Internet sends video traffic. Host A in VLAN 4 and Host B in VLAN 5 request to receive the video traffic. Configure the controller to issue an OpenFlow flow entry and group entry to Switch A to implement multicast NAT:

·     Switch A performs NAT on the public packets from Source 1.

·     Switch A sends the unicast packets from Source 1 to both Host A and Host B.

In this example, the controller is an Open vSwitch (OVS) controller.

Figure 1 Network diagram

 

Table 1 Network parameters for the devices

Device name	MAC address	IP address	UDP port number
Source  1	00:02:fc:00:22:2b	11.110.5.100	6457
Host A	00:e0:4c:68:0e:d4	192.168.4.2	4488
Host B	00:50:56:c0:00:08	192.168.5.2	2356

 

Analysis

Make sure Switch A and the controller can reach each other so that the OpenFlow instance can establish an OpenFlow channel with the controller. In this example, Switch A uses the management interface to communicate with the controller.

For the receiver hosts to receive traffic from the source, deploy the controller to issue the OpenFlow group entry that meets the following requirements:

·     Switch A can use the group entry to match packets from Source 1.

·     Switch A can use the group entry to change the VLAN ID, destination IP address, destination MAC address, and destination UDP number of the matching packets to those of Host A and Host B.

·     Switch A can use the group entry to forward the matching packets out of Ten-GigabitEthernet 1/0/4 and Ten-GigabitEthernet 1/0/5.

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

 

Hardware	Software version
S9850-G switch series	Not supported
S6850-G switch series S6805-G switch series	Not supported
S6530X switch series	Not supported
S5590-HI switch series	Not supported
S5590-EI switch series S5500V3-HI switch series	Not supported
S6520X-EI-G switch series S6520XP-EI-G switch series	Release 7748 and later
S5590XP-HI-G switch series	Release 7748 and later
S5560-EI-G switch series	Not supported
S5500-D-G switch series S5100-D-G switch series	Not supported
S5130S-HI-G switch series	Not supported
S5130S-EI-G switch series (except S5130S-30C-EI-G and S5130S-54C-EI-G switches)	Not supported
S5130S-30C-EI-G  switch S5130S-54C-EI-G  switch	Not supported

 

Procedures

Configuring Switch A

# Create VLAN 4, VLAN 5, and VLAN 4081.

<SwitchA> system-view

[SwitchA] vlan 4 5 4081

# Configure Ten-GigabitEthernet 1/0/1 as a trunk port and assign the port to VLAN 4081.

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 4081

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# Configure Ten-GigabitEthernet 1/0/4 as a trunk port and assign the port to VLAN 4.

[SwitchA] interface ten-gigabitethernet 1/0/4

[SwitchA-Ten-GigabitEthernet1/0/4] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/4] port trunk permit vlan 4

[SwitchA-Ten-GigabitEthernet1/0/4] quit

# Configure Ten-GigabitEthernet 1/0/5 as a trunk port and assign the port to VLAN 5.

[SwitchA] interface ten-gigabitethernet 1/0/5

[SwitchA-Ten-GigabitEthernet1/0/5] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/5] port trunk permit vlan 5

[SwitchA-Ten-GigabitEthernet1/0/5] quit

# Configure M-GigabitEthernet 0/0/0 on Switch A for communicating with the controller.

[SwitchA] interface M-GigabitEthernet 0/0/0

[SwitchA-M-GigabitEthernet0/0/0] ip address 172.16.147.136 255.255.0.0

[SwitchA-M-GigabitEthernet0/0/0] quit

# Create OpenFlow instance 1 and configure it to operate in global mode.

[SwitchA] openflow instance 1

[SwitchA-of-inst-1] classification global

# Specify controller 0 with IP address 172.16.147.101 for OpenFlow instance 1 and activate the instance.

[SwitchA-of-inst-1] controller 0 address ip 172.16.147.101

[SwitchA-of-inst-1] active instance

[SwitchA-of-inst-1] quit

Configuring the OVS switch

# Issue group entry 1 that contains the following buckets to OpenFlow instance 1:

·     Bucket 1 that contains the following actions:

¡     Send the packets out of Ten-GigabitEthernet 1/0/4.

¡     Change the following fields in the packets: VLAN ID (4), destination MAC address (00:e0:4c:68:0e:d4), destination IP address (192.168.4.2), and destination UDP port number (4488).

·     Bucket 2 that contains the following actions:

¡     Send the packets out of Ten-GigabitEthernet 1/0/5.

¡     Change the following fields in the packets: VLAN ID (5), destination MAC address (00:50:56:c0:00:08), destination IP address (192.168.5.2), and destination UDP port number (2356).

[root@openflowvm:~/controller0]# ./ovs-appctl send_group_str 'command(add),type(

all),group_id(1),bucket(actions(output(742),set_field(vlan_vid(4+1)),set_field(eth_dst(00:e0:4c:68:0e:d4)),set_field(ipv4_dst(192.168.4.2)),set_field(udp_dst(4488)))),bucket(actions(output(743),set_field(vlan_vid(5+1)),set_field(eth_dst(00:50:56:c0:00:08)),set_field(ipv4_dst(192.168.5.2)),set_field(udp_dst(2356))))'

22:46:56|tcp:172.16.147.136:4425: sent (Success): OFPT_GROUP_MOD (xid:31, len:16

0)

22:46:56|OFPT_GROUP_MOD (xid:31)

# Group_Mod

|- command      = add

|- type         = all

|- group_id     = 1

|- bucket

   |- weight       = 0

   |- watch_port   = any

   |- watch_group  = any

   |- actions

      |- output,742 [max_len = 128]

      |- set_field,vlan_vid,4+1

      |- set_field,eth_dst,00:e0:4c:68:0e:d4

      |- set_field,ipv4_dst,192.168.4.2

      |- set_field,udp_dst,4488

|- bucket

   |- weight       = 0

   |- watch_port   = any

   |- watch_group  = any

   |- actions

      |- output,743 [max_len = 128]

      |- set_field,vlan_vid,5+1

      |- set_field,eth_dst,00:50:56:c0:00:08

      |- set_field,ipv4_dst,192.168.5.2

      |- set_field,udp_dst,2356

[root@openflowvm:~/controller0]#

# Issue flow entry 1 of table 0 to OpenFlow instance 1. The flow entry contains the following match fields: input port Ten-GigabitEthernet 1/0/1, VLAN ID 4081, source IP address 10.110.5.100, source MAC address 00:02:fc:00:22:2b, and source UDP port 6457. Group entry 1 is specified to process the matching packets.

[root@openflowvm:~/controller0]# ./ovs-appctl send_flow_str 'command(add),table_

id(0),priority(1),match(in_port(739),vlan_vid(4081+1),eth_src(00:02:fc:00:22:2b),eth_type(0x800),ipv4_src(10.110.5.100),ip_proto(17),udp_src(6457)),instruction(write_actions(group(1)))'

23:08:24|tcp:172.16.147.136:4425: sent (Success): OFPT_FLOW_MOD (xid:35, len:120

)

23:08:24|OFPT_FLOW_MOD (xid:35)

# Flow_Mod (48)

|- cookie       = 0x0000000000000000

|- cookie_mask  = 0x0000000000000000

|- table_id     = 0

|- command      = add

|- idle_timeout = 0

|- hard_timeout = 0

|- priority     = 1

|- buffer_id    = no_buffer

|- out_port     = any

|- out_group    = any

|- flags        = 0

|- match

   |- in_port,739

   |- vlan_vid,4081+1

   |- eth_src,00:02:fc:00:22:2b

   |- eth_type,0x0800

   |- ipv4_src,10.110.5.100

   |- ip_proto,17

   |- udp_src,6457

|- instructions

   |- write_actions

      |- group,1

[root@openflowvm:~/controller0]#

Verifying the configuration

# Display group entry information for OpenFlow instance 1.

[SwitchA] display openflow instance 1 group

Instance 1 group table information:

 Group count: 1

 

Group entry 1:

 Type: All, byte count: 0, packet count: 0

 Bucket 1 information:

  Action count 2, watch port: any, watch group: any

  Byte count 0, packet count 0

  Set field:

   Ethernet destination MAC address: 00e0-4c68-0ed4

   VLAN ID: 4

   IPv4 destination address: 192.168.4.2

   UDP destination port: 4488

  Output interface: XGE1/0/4

 Bucket 2 information:

  Action count 2, watch port: any, watch group: any

  Byte count 0, packet count 0

  Set field:

   Ethernet destination MAC address: 0050-56c0-0008

   VLAN ID: 5

   IPv4 destination address: 192.168.5.2

   UDP destination port: 2356

  Output interface: XGE1/0/5

 

 Referenced information:

  Count: 1

  Flow table: 0

  Flow entry: 1

The output shows that OpenFlow instance 1 has created the group entry issued by the OVS controller. Group entry 1 is to set the specified fields in matching packets and send the modified packets out of Ten-GigabitEthernet 1/0/4 and Ten-GigabitEthernet 1/0/5.

# Display information about all flow tables for OpenFlow instance 1.

[SwitchA] display openflow instance 1 flow

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 1, total flow entry count: 2

 

MissRule (default) flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: reset_counts,

 byte count: 383689, packet count: 3330

 Create time:19:07:20 01/06/2019,  Last modified time:19:07:20 01/06/2019

Match information: any

Instruction information:

 Write actions:

  Drop

 

Flow entry 1 information:

 cookie: 0x0, priority: 1, hard time: 0, idle time: 0, flags: none,

 byte count: 0, packet count: 0

 Create time:19:30:33 01/06/2019,  Last modified time:19:30:33 01/06/2019

Match information:

 Input interface: XGE1/0/1

 Ethernet source MAC address: 0002-fc00-222b

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

 VLAN ID: 4081, mask: 0xfff

 IP protocol: 17

 IPv4 source address: 10.110.5.100, mask: 255.255.255.255

 UDP source port: 6457, mask: 0xffff

Instruction information:

 Write actions:

  Group: 1

The output shows that OpenFlow instance 1 has created the flow entry issued by the OVS controller in table 0. The instance will use the flow entry to match packets from Source 1 and use group entry 1 to process the matching packets.

Configuration files

·     Switch A:

#

interface M-GigabitEthernet0/0/0

 ip address 172.16.147.136 255.255.0.0

#

openflow instance 1

 classification global

 controller 0 address ip 172.16.147.101

 active instance

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 4081

#

interface Ten-GigabitEthernet1/0/4

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 4

#

interface Ten-GigabitEthernet1/0/5

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 5

#