Contents

Introduction· 1

Prerequisites· 1

General restrictions and guidelines· 1

Example: Configuring OpenFlow to deploy flow entries· 1

Network configuration· 1

Applicable hardware and software versions· 2

Procedures· 4

Configuring Switch A· 4

Configuring Switch B· 5

Verifying the configuration· 5

Configuration files· 11

 

Introduction

This document provides examples for configuring OpenFlow.

OpenFlow separates the control plane and the data forwarding plane. An OpenFlow switch matches packets against one or more flow tables. A flow table contains one or more flow entries that are deployed by the controller and packets are matched based on the matching precedence of flow entries.

These examples use VLAN-interface 1.

Prerequisites

The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

This document assumes that you have basic knowledge of OpenFlow.

General restrictions and guidelines

When you configure OpenFlow, follow these restrictions and guidelines:

·     Enable LLDP globally on OpenFlow switches so that the controller can learn the OpenFlow topology through LLDP.

·     Configure each OpenFlow switch with an interface for communicating with the controller so that OpenFlow instances can establish connections with the controller.

·     Configure the Loosen mode when you associate VLAN 4092 and VLAN 4094 with an OpenFlow instance so that the access ports of switches can belong to the OpenFlow instance.

Example: Configuring OpenFlow to deploy flow entries

Network configuration

As shown in Figure 1, configure OpenFlow to meet the following requirements:

·     The controller can deploy dynamic flow entries.

·     Host A and Host C can communicate with each other based on the flow entries deployed by the controller.

·     Host B and Host D can communicate with each other based on the flow entries deployed by the controller.

Figure 1 Network diagram

 

Applicable hardware and software versions

The following matrix shows the hardware and software versions to which this configuration example is applicable:

 

Hardware	Software version
S6812 switch series S6813 switch series	Release 6615Pxx, Release 6628Pxx
S6550XE-HI switch series	Release 6008 and later, Release 8106Pxx
S6525XE-HI switch series	Release 6008 and later, Release 8106Pxx
S5850 switch series	Release 8005 and later
S5570S-EI switch series	Release 11xx
S5560X-EI switch series	Release 63xx, Release 65xx, Release 6615Pxx, Release 6628Pxx
S5560X-HI switch series	Release 63xx, Release 65xx, Release 6615Pxx, Release 6628Pxx
S5500V2-EI switch series	Release 63xx, Release 65xx, Release 6615Pxx, Release 6628Pxx
MS4520V2-30F switch	Release 63xx, Release 65xx, Release 6615Pxx, Release 6628Pxx
MS4520V2-30C switch MS4520V2-54C switch	Release 65xx, Release 6615Pxx, Release 6628Pxx
MS4520V2-28S switch MS4520V2-24TP switch	Release 63xx
S6520X-HI switch series S6520X-EI switch series	Release 63xx, Release 65xx, Release 6615Pxx, Release 6628Pxx
S6520X-SI switch series S6520-SI switch series	Release 63xx, Release 65xx, Release 6615Pxx, Release 6628Pxx
S5000-EI switch series	Release 63xx, Release 65xx, Release 6615Pxx, Release 6628Pxx
MS4600 switch series	Release 63xx, Release 65xx, Release 6615Pxx, Release 6628Pxx
ES5500 switch series	Release 63xx, Release 65xx, Release 6615Pxx, Release 6628Pxx
S5560S-EI switch series S5560S-SI switch series	Release 63xx
S5500V3-24P-SI switch S5500V3-48P-SI switch	Release 63xx
S5500V3-SI switch series (except S5500V3-24P-SI and S5500V3-48P-SI)	Release 11xx
S5170-EI switch series	Release 11xx
S5130S-HI switch series S5130S-EI switch series S5130S-SI switch series S5130S-LI switch series	Release 63xx
S5120V2-SI switch series S5120V2-LI switch series	Release 63xx
S5120V3-EI switch series	Release 11xx
S5120V3-36F-SI switch S5120V3-28P-HPWR-SI switch S5120V3-54P-PWR-SI switch	Release 11xx
S5120V3-SI switch series (except S5120V3-36F-SI, S5120V3-28P-HPWR-SI, and S5120V3-54P-PWR-SI)	Release 63xx
S5120V3-LI switch series	Release 63xx
S3600V3-EI switch series	Release 11xx
S3100V3-EI switch series S3100V3-SI switch series	Release 63xx
S5110V2 switch series	Release 63xx
S5110V2-SI switch series	Release 63xx
S5000V3-EI switch series S5000V5-EI switch series	Release 63xx
S5000E-X switch series S5000X-EI switch series	Release 63xx
E128C switch E152C switch E500C switch series E500D switch series	Release 63xx
MS4320V2 switch series MS4320V3 switch series MS4300V2 switch series MS4320 switch series MS4200 switch series	Release 63xx
WS5850-WiNet switch series	Release 63xx
WS5820-WiNet switch series WS5810-WiNet switch series	Release 63xx
WAS6000 switch series	Release 63xx
IE4300-12P-AC switch IE4300-12P-PWR switch IE4300-M switch series IE4320 switch series	Release 63xx

 

Procedures

Configuring Switch A

# Create VLAN 4092 and VLAN 4094.

<SwitchA> system-view

[SwitchA] vlan 4092

[SwitchA-vlan4092] quit

[SwitchA] vlan 4094

[SwitchA-vlan4094] quit

# Configure GigabitEthernet 3/0/1, GigabitEthernet 3/0/2, and GigabitEthernet 3/0/3.

[SwitchA] interface gigabitethernet 3/0/1

[SwitchA-GigabitEthernet3/0/1] port access vlan 4092

[SwitchA-GigabitEthernet3/0/1] quit

[SwitchA] interface gigabitethernet 3/0/2

[SwitchA-GigabitEthernet3/0/2] port access vlan 4094

[SwitchA-GigabitEthernet3/0/2] quit

[SwitchA] interface gigabitethernet 3/0/3

[SwitchA-GigabitEthernet3/0/3] port link-type trunk

[SwitchA-GigabitEthernet3/0/3] port trunk permit vlan 4092 4094

[SwitchA-GigabitEthernet3/0/3] quit

# Enable LLDP globally.

[SwitchA] lldp global enable

# Configure VLAN-interface 1 on Switch A for communicating with the controller.

[SwitchA] interface Vlan-interface 1

[SwitchA-Vlan-interface1] ip address 192.168.2.125 255.255.255.0

[SwitchA-Vlan-interface1] quit

# Create OpenFlow instance 1. Associate VLAN 4092 and VLAN 4094 with it in loosen mode.

[SwitchA] openflow instance 1

[SwitchA-of-inst-1] classification vlan 4092 mask 4093 loosen

# Specify 192.168.2.225 as the IP address of controller 0 for OpenFlow instance 1 and activate the instance..

[SwitchA-of-inst-1] controller 0 address ip 192.168.2.225

[SwitchA-of-inst-1] active instance

[SwitchA-of-inst-1] quit

Configuring Switch B

# Create VLAN 4092 and VLAN 4094.

<SwitchB> system-view

[SwitchB] vlan 4092

[SwitchB-vlan4092] quit

[SwitchB] vlan 4094

[SwitchB-vlan4094] quit

# Configure GigabitEthernet 3/0/1, GigabitEthernet 3/0/2, and GigabitEthernet 3/0/3.

[SwitchB] interface gigabitethernet 3/0/1

[SwitchB-GigabitEthernet3/0/1] port access vlan 4092

[SwitchB-GigabitEthernet3/0/1] quit

[SwitchB] interface gigabitethernet 3/0/2

[SwitchB-GigabitEthernet3/0/2] port access vlan 4094

[SwitchB-GigabitEthernet3/0/2] quit

[SwitchB] interface gigabitethernet 3/0/3

[SwitchB-GigabitEthernet3/0/3] port link-type trunk

[SwitchB-GigabitEthernet3/0/3] port trunk permit vlan 4092 4094

[SwitchB-GigabitEthernet3/0/3] quit

# Enable LLDP globally.

[SwitchB] lldp global enable

# Configure VLAN-interface 1 on Switch B for communicating with the controller.

[SwitchB] interface Vlan-interface 1

[SwitchB-Vlan-interface1] ip address 192.168.2.125 255.255.255.0

[SwitchB-Vlan-interface1] quit

# Create OpenFlow instance 1. Associate VLAN 4092 and VLAN 4094 with it in loosen mode.

[SwitchB] openflow instance 1

[SwitchB-of-inst-1] classification vlan 4092 mask 4093 loosen

# Specify 192.168.2.225 as the IP address of controller 0 for OpenFlow instance 1 and activate the instance.

[SwitchB-of-inst-1] controller 0 address ip 192.168.2.225

[SwitchB-of-inst-1] active instance

[SwitchB-of-inst-1] quit

Verifying the configuration

# Display details for OpenFlow instance 1 on devices, for example, Switch A.

[SwitchA] display openflow instance 1

Instance 1 information:

 

Configuration information:

 Description   : --

 Active status : Active

 Inactive configuration:

  None

 Active configuration:

  Classification VLAN, loosen mode, total VLANs(2)

   4092, 4094

  In-band management VLAN, total VLANs(0)

   Empty VLAN

  Connect mode: Multiple

  MAC address learning: Enabled

  Flow table:

   Table ID(type): 0(Extensibility), count: 1

  Flow-entry max-limit: 65535

  Datapath ID: 0x000174258a024c00

...

Port information:

 GigabitEthernet3/0/1

 GigabitEthernet3/0/2

 GigabitEthernet3/0/3

Active channel information:

 Controller 0 IP address: 192.168.2.225 port: 6633

The output shows that GigabitEthernet 3/0/1, GigabitEthernet 3/0/2, and GigabitEthernet 3/0/3 belong to OpenFlow instance 1 and can be used to forward packets in the OpenFlow forwarding process.

# Display controller information for OpenFlow instance 1 on devices, for example, Switch A.

[SwitchA] display openflow instance 1 controller

Instance 1 controller information:

 Reconnect interval: 60 (s)

 Echo interval     : 5  (s)

 

 Controller ID           : 0

 Controller IP address   : 192.168.2.225

 Controller port         : 6633

 Controller role         : Equal

 Connect type            : TCP

 Connect state           : Established

 Packets sent            : 132

 Packets received        : 434

 SSL policy              : --

 VRF name                : --

The output shows that Switch A has established a connection with the controller.

# Display flow table information for OpenFlow instance 1 on devices, for example, Switch A.

[SwitchA] display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 1, total flow entry count: 1

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: 0, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

The output shows that Switch A has only one table-miss flow entry with the priority of 0 and the action of outputting packets to the controller. The action in the table-miss flow entry varies by device model. For more information about the action in the table-miss flow entry, see the related documentation of the controller.

# Ping Host C from Host A.

Ping 10.1.1.2 (10.1.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=4.582 ms

56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=1.299 ms

56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.389 ms

56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=6.688 ms

56 bytes from 10.1.1.2: icmp_seq=4 ttl=255 time=1.294 ms

 

--- Ping statistics for 10.1.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.294/3.050/6.688/2.213 ms

The output shows that Host A and Host C can reach each other.

# Display flow table information for OpenFlow instance 1 again on devices, for example, Switch A.

[SwitchA] display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 4, total flow entry count: 4

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: 0, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 1

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 2 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: GE3/0/1

 Ethernet destination MAC address: 7425-8a0f-8034

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c5

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 3 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/1

The output shows the following information:

·     The ARP request/reply packets and ICMP request/replay packets between Host A and Host C successfully trigger the controller to deploy flow entries.

·     Switch A forwards packets based on the flow entries that are deployed by the controller.

# Ping Host D from Host B.

Ping 20.1.1.2 (20.1.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 20.1.1.2: icmp_seq=0 ttl=255 time=1.620 ms

56 bytes from 20.1.1.2: icmp_seq=1 ttl=255 time=6.625 ms

56 bytes from 20.1.1.2: icmp_seq=2 ttl=255 time=1.454 ms

56 bytes from 20.1.1.2: icmp_seq=3 ttl=255 time=1.134 ms

56 bytes from 20.1.1.2: icmp_seq=4 ttl=255 time=1.260 ms

 

--- Ping statistics for 20.1.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.134/2.419/6.625/2.110 ms

The output shows that Host B and Host D can reach each other.

# Display flow table information for OpenFlow instance 1 again on devices, for example, Switch A.

[SwitchA] display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 7, total flow entry count: 7

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: 0, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 1

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 2 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: GE3/0/1

 Ethernet destination MAC address: 7425-8a0f-8034

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c5

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 3 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 4 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 1

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c4

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8035

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: GE3/0/2

 

Flow entry 5 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: GE3/0/2

 Ethernet destination MAC address: 7425-8a0f-8035

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c4

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 6 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c4

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8035

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/2

The output shows the following information:

·     The ARP request/reply packets and ICMP request/replay packets between Host B and Host D successfully trigger the controller to deploy flow entries.

·     Switch A forwards packets based on the flow entries that are deployed by the controller.

Configuration files

IMPORTANT: Support for the port link-mode bridge command depends on the device model.

 

·     Switch A:

#

lldp global enable

#

vlan 4092

#

vlan 4094

#

openflow instance 1

 classification vlan 4092 mask 4093 loosen

 controller 0 address ip 192.168.2.225

 active instance

#

interface Vlan-interface1

 ip address 192.168.2.125 255.255.255.0

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 4092

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet3/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 4092 4094

#

·     Switch B:

#

lldp global enable

#

vlan 4092

#

vlan 4094

#

openflow instance 1

 classification vlan 4092 mask 4093 loosen

 controller 0 address ip 192.168.2.225

 active instance

#

interface Vlan-interface1

 ip address 192.168.2.126 255.255.255.0

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 4092

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet3/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 4092 4094

#