OpenFlow Switch Configuration Use-Cases for Spectrum Switches (MLNX-OS)

Version 9

    This post discusses several use cases possible for OpenFlow using Mellanox Spectrum switches (MLNX-OS). It is a step by step configuration guide.

     

     

    References

     

    Use Case 1: Multi-table VRF

    This use case describes implementing rules on a standalone switch, simulating a single VRF environment handling the MAC / IP on separate ACL tables:

    • Table 1 handles the Destination MAC.
    • Table 2 sorts ingress packets by their VLAN parameters between Table 4 (for VLAN 1) and Table 3 (for all other VLANs)
    • Table 3 and Table 4, which match traffic according to its TCP destination port, handle the routing of packets by adding a different destination IP per table

     

    The following figure provides the rule tables which the controller implements.

     

    figure 2 Openflow.PNG

     

    Switch Configuration

    The OpenFlow configuration on the switch is as follows:

     

    1. Enable OpenFlow:

    switch (config)# protocol openflow

     

     

    2. Configure a datapath identifier for the switch with which the controller is communicating:

    switch (config) # openflow datapath-id 0x1234

     

    3. Configure the OpenFlow controller’s IP & TCP port:

    switch (config) # openflow controller-ip 10.10.10.10 tcp-port 6633

     

    4. Enable OpenFlow on the relevant ports to you:

    switch (config) # interface ethernet 1/1-1/8 openflow mode hybrid
    switch (config) # interface ethernet 1/13-1/16 openflow mode hybrid

     

    Controller Configuration

    1. Configure the rules using the OpenFlow controller (In this case, Spirent Test Center).
    The configuration below configures table 3 to do the following:

    • Match: Traffic is matched according to EtherType (IPv4 = 2048), network destination 20.20.20.0/24, and IPv4 protocol field (nw_dst) equal to 6 (identify the next level protocol), & TCP destination port equal to 20.
    • Action: Modify destination MAC and source MAC, decrement TTL, and finally send the packet to port 123.

     

    Configuration

    • table=1 dl_dst=02:02:02:02:02:02 goto_table=2
    • table=2 dl_vlan=1 goto_table=4
    • table=2 goto_table=3
    • table=3 dl_type=2048 nw_dst=20.20.20.0/24 nw_proto=6 tcp_dst=20 apply_actions=mod_dl_dst:AA:BB:CC:04:05:06,mod_dl_src:11:22:33:04:05:06,dec_ttl,output:123
    • table=4 dl_type=2048 nw_dst=50.50.50.0/24 nw_proto=6 tcp_dst=20 apply_actions=mod_dl_dst:1A:1B:1C:14:15:16,mod_dl_src:21:22:23:24:25:26,dec_ttl,output:124

     

    Add OpenFlow rules to send from the controller to the switch.


     

     

    Verification

    1. Verify the OpenFlow rules learned by the switch through the CLI in order to verify that the switch was configured correctly.

    switch (config) # show openflow flow

    OFPST_FLOW reply (OF1.3) (xid=0x2):

    cookie=0x0, duration=8861.293s, table=1, n_packets=0, n_bytes=0, send_flow_rem dl_dst=02:02:02:02:02:02 actions=goto_table:2

    cookie=0x0, duration=8861.234s, table=2, n_packets=0, n_bytes=0, send_flow_rem dl_vlan=1 actions=goto_table:4

    cookie=0x0, duration=8861.200s, table=2, n_packets=0, n_bytes=0, send_flow_rem actions=goto_table:3

    cookie=0x0, duration=8861.166s, table=3, n_packets=0, n_bytes=0, send_flow_rem tcp,nw_dst=20.20.20.0/24,tp_dst=20 actions=set_field:aa:bb:cc:04:05:06->eth_dst,set_field:11:22:33:04:05:06->eth_src,dec_ttl,output:123

    cookie=0x0, duration=8861.158s, table=4, n_packets=0, n_bytes=0, send_flow_rem tcp,nw_dst=50.50.50.0/24,tp_dst=20 actions=set_field:1a:1b:1c:14:15:16->eth_dst,set_field:21:22:23:24:25:26->eth_src,dec_ttl,output:124

     

    2. To remove flows from the controller, right click on the OpenFlow tab > Remove.

     

    To verify all rules have been removed from the switch, run:

    switch (config) # show openflow flow

    OFPST_FLOW reply (OF1.3) (xid=0x2)

     

    Use Case 2: Multicast

    The purpose of this scenario is to simulate multicast (MC) video traffic transmitted from a MC server to several clients using the following OpenFlow components: ACL tables & group “All” configuration.

    • MC/video server is connected to Switch1
    • Switch2 is connected to three clients registered on a single MC group and perform the multicast operation using “group all” functionality

      In this case the OF controller is holding the multicast protocol knowledge base (e.g. PIM) and configure the switches accordingly.

     

    figure 5 Openflow.PNG

     

    Switch Configuration

    1. The OpenFlow configuration on the switch is as follows:

    Switch1 (config) # protocol openflow

    Switch1 (config) # openflow controller 10.10.10.10

    Switch1 (config) # openflow datapath-id 0x1234

    Switch1 (config) # interface ethernet 1/1 openflow mode hybrid

    Switch1 (config) # interface ethernet 1/5 openflow mode hybrid

     

    2. Verify the configuration on Switch1:

    Switch1 (config) # show openflow

    OpenFlow Version: OpenFlow 1.3

    Datapath ID: 12347cfe90e600c0

    Controllers Information:

    Controller                      State            Role       Changed (sec)      Last Error

    -----------                     -----            ----       -------------      ----------

    tcp:10.10.10.10:6633            ACTIVE           other          242               N/A

     

    Mapping of OpenFlow ports to their OpenFlow numbers on Switch1:

    Interface       OF-Port

    ---------       -------

    Eth1/5          OF-117

    Eth1/1          OF-125

     

    3. The OpenFlow configuration on Switch2 is as follows:

    Switch2 (config) # protocol openflow

    Switch2 (config) # openflow controller 10.10.10.10

    Switch2 (config) # openflow datapath-id 0x1234

    Switch2 (config) # interface ethernet 1/1-1/4 openflow mode hybrid

     

    4. Verifying configuration on Switch2:

    Switch2 (config) # show openflow

    OpenFlow Version: OpenFlow 1.3

    Datapath ID: 12347cfe90e600c0

    Controllers Information:

    Controller             State            Role       Changed (sec)     Last Error

    -----------            -----            ----       -------------     ----------

    tcp:10.10.10.10:6633   ACTIVE           other           242             N/A

     

    Mapping of OpenFlow ports to their OpenFlow numbers on Switch2

    Interface       OF-Port

    ---------       -------

    Eth1/3          OF-121

    Eth1/4          OF-123

    Eth1/1          OF-125

    Eth1/2          OF-127

     

    Controller Configuration

    1. The rule configuration via the OpenFlow controller on Switch1 is as follows:

    table=10 in_port=125 dl_vlan=555 apply_actions=output:117

     

    2. Group All with id 123 (which includes ports 1/2, 1/3, and 1/4) is configured via the OpenFlow controller as follows:

     

    The rule configuration via the OpenFlow controller on Switch2 is described in the following:

    table=20 in_port=125 dl_type=0x0800 nw_dst=225.1.0.0/24 apply_actions=group:123

     

    Note: The MC IP range for this case is 225.1.0.0/24.

     

    Sending OpenFlow groups from the controller to the switches:

     

     

    Sending OpenFlow rules from the controller to the switches:

     

     

    Verification

    1. Verify OpenFlow rules learned by Switch1:

    Switch1 (config)# show openflow flows

    cookie=0x0, duration=2.527s, table=10, n_packets=0, n_bytes=0, send_flow_rem in_port=125,dl_vlan=555 actions=output:117

     

    2. Verify OpenFlow groups learned by Switch1:

    Switch1 (config)# show openflow groups

    group_id=123,type=all,bucket=actions=output:127,bucket=actions=output:121,bucket=actions=output:123

     

    3. Verify OpenFlow rules learned by Switch2:

    Switch2 (config)# show openflow flows

    cookie=0x0, duration=0.577s, table=20, n_packets=0, n_bytes=0, send_flow_rem ip,in_port=125,nw_dst=225.1.0.0/24 actions=group:123

     

    Use Case 3: ONOS SDN-IP

    SDN-IP is an Open Network Operating System (ONOS) application that allows a software-defined network (SDN) to connect to external networks on the internet using the standard BGP. Externally, from a BGP perspective, the SDN appears as a single autonomous system (AS) that behaves as any traditional AS. Within the AS, SDN-IP allows an SDN network to peer and exchange traffic with adjacent external networks using the BGP routing protocol.

    For more information regarding ONOS and SDN-IP, please refer to the following URL: https://wiki.onosproject.org/display/ONOS/Wiki+Home.

     

    The following use case presents two switches connected to each other by LAG - Po9 (13834), BGP peers connected to ports 1, 2 and 4, and a switch with Quagga stack connected on port 17 (which must be directly L2) connected to one of switches.

    • Only ACL is made use of (current defined pipeline by ONOS)
    • There are static routes between Quagga and external BGP peers (provided as config file to Quagga)
    • There are dynamic routes by ONOS according to learned BGP advertisements (by the BGP peers)
    • Topology learning occurs as follows: BGP peers -> Quagga -> ONOS -> MLNX-OS OpenFlow switches

     

    Figure 6 – ONOS SDN-IP Use Case Topology

    figure 6 Openflow.PNG

    Switch Configuration

    The OpenFlow configuration on the switch is as follows:

    Switch1 (config) # protocol openflow

    Switch1 (config) # openflow datapath-id 0xaaaa

    Switch1 (config) # openflow controller-ip 10.130.26.8 tcp-port 6633

    Switch1 (config) # interface ethernet 1/1-1/2 openflow mode hybrid

    Switch1 (config) # interface ethernet 1/17 openflow mode hybrid

    Switch1 (config) # interface port-channel 9 openflow mode hybrid

     

    The configuration on the Switch2 is as follows:

    Switch2 (config)# protocol openflow

    Switch2 (config)# openflow datapath-id 0xbbbb

    Switch2 (config)# openflow controller-ip 10.130.26.8 tcp-port 6633

    Switch2 (config)# interface ethernet 1/4 openflow mode hybrid

    Switch2 (config)# interface port-channel 9 openflow mode hybrid

     

    ONOS Configuration

    The configuration on ONOS (version 1.7) is as follows:

    sdn@ONOS:~/Applications/config$ cat network-cfg.json

    {

        "devices" : {

            "of:aaaa7cfe90f05bc0" : {

              "basic": {

                  "driver": "ovs",

                  "name": "Switch1"

                    }

                },

            "of:bbbb7cfe90f6c840" : {

               "basic": {

                  "driver": "ovs",

                  "name": "Switch2"

                }

            }

         },

        "ports" : {

            "of:aaaa7cfe90f05bc0/125" : {

                "interfaces" : [

                    {

                        "name" : "Switch1-125",

                        "ips"  : [ "192.168.10.2/30" ],

                        "mac"  : "00:00:c0:a8:0a:02"

                    }

                ]

            },

          "of:aaaa7cfe90f05bc0/127" : {

                "interfaces" : [

                    {

                        "name" : "Switch1-127",

                        "ips"  : [ "192.168.20.2/30" ],

                        "mac"  : "00:00:c0:a8:14:02"

                    }

                ]

            },

            "of:bbbb7cfe90f6c840/123" : {

                "interfaces" : [

                    {

                        "name" : "Switch2-123",

                        "ips"  : [ "192.168.40.2/30" ],

                        "mac"  : "00:00:c0:a8:28:02"

                    }

                ]

            }

          },

           "apps" : {

            "org.onosproject.router" : {

                "bgp" : {

                    "bgpSpeakers" : [

                        {

                            "name" : "quagga",

                            "connectPoint" : "of:aaaa7cfe90f05bc0/65",

                            "peers" : [

                                "192.168.10.1",

                                "192.168.20.1",

                                "192.168.40.1"

                            ]

                        }

                    ]

                }

            }

        }

    }  

    sdn@ONOS:~/Applications/config$

     

    Quagga Switch Configuration

    The running configuration on Quagga is as follows:

    !

    hostname qh

    password sdnip

    !

    router bgp 65017

    bgp router-id 1.1.1.11

    timers bgp 3 9

    neighbor 10.130.26.8 remote-as 65017

    neighbor 10.130.26.8 port 2000

    neighbor 192.168.10.1 remote-as 65001

    neighbor 192.168.10.1 ebgp-multihop 255

    neighbor 192.168.10.1 advertisement-interval 1

    neighbor 192.168.10.1 timers connect 5

    neighbor 192.168.20.1 remote-as 65002

    neighbor 192.168.20.1 ebgp-multihop 255

    neighbor 192.168.20.1 advertisement-interval 1

    neighbor 192.168.20.1 timers connect 5

    neighbor 192.168.40.1 remote-as 65004

    neighbor 192.168.40.1 ebgp-multihop 255

    neighbor 192.168.40.1 advertisement-interval 1

    neighbor 192.168.40.1 timers connect 5

    !

    line vty

    !

     

    Verification

    The following outputs reveal the OpenFlow configuration on ONOS:

    onos> devices

    id=of:aaaa7cfe90f05bc0, available=true, role=MASTER, type=SWITCH, mfr=Mellanox Technologies, Inc., hw=MSN2700-CS2F, sw=X86_64 ovs_of13_dkey.021 2016-12-05 15:00:22 x86_64, serial=MT1616X11476, driver=ovs, channelId=<ip-address>:39531, managementAddress=<ip-address>, name=Switch1, protocol=OF_13

    id=of:bbbb7cfe90f6c840, available=true, role=MASTER, type=SWITCH, mfr=Mellanox Technologies, Inc., hw=MSN2700-BS2F, sw=X86_64 ovs_of13_dkey.021 2016-12-05 15:00:22 x86_64, serial=MT1625X26264, driver=ovs, channelId=<ip-address>:44531, managementAddress=<ip-address>, name=Switch2, protocol=OF_13

     

    onos> interfaces

    Switch1-125: port=of:aaaa7cfe90f05bc0/125 ips=[192.168.10.2/30] mac=00:00:C0:A8:0A:02

    Switch1-127: port=of:aaaa7cfe90f05bc0/127 ips=[192.168.20.2/30] mac=00:00:C0:A8:14:02

    Switch2-123: port=of:bbbb7cfe90f6c840/123 ips=[192.168.40.2/30] mac=00:00:C0:A8:28:02

     

    onos> bgp-speakers

    quagga: port=of:aaaa7cfe90f05bc0/65, vlan=None, peers=[192.168.20.1, 192.168.10.1, 192.168.40.1]

     

    onos> bgp-neighbors

    BGP neighbor is 1.1.1.11, remote AS 65017, local AS 65017

      Remote router ID 1.1.1.11, IP /<ip-address>:57027, BGP version 4, Hold time 9

      Remote AFI/SAFI IPv4 Unicast YES Multicast NO, IPv6 Unicast NO Multicast NO

      Local  router ID 10.130.26.8, IP /<ip-address>:2000, BGP version 4, Hold time 9

      Local  AFI/SAFI IPv4 Unicast YES Multicast NO, IPv6 Unicast NO Multicast NO

      4 Octet AS Capability: Advertised Received

     

    onos> bgp-neighbors

    BGP neighbor is 1.1.1.11, remote AS 65017, local AS 65017

      Remote router ID 1.1.1.11, IP /<ip-address>:57027, BGP version 4, Hold time 9

      Remote AFI/SAFI IPv4 Unicast YES Multicast NO, IPv6 Unicast NO Multicast NO

      Local  router ID 10.130.26.8, IP /<ip-address>:2000, BGP version 4, Hold time 9

      Local  AFI/SAFI IPv4 Unicast YES Multicast NO, IPv6 Unicast NO Multicast NO

      4 Octet AS Capability: Advertised Received

     

    onos> bgp-routes

       Network            Next Hop        Origin LocalPref       MED BGP-ID

       192.168.42.0/28    192.168.40.1     IGP       100         0 1.1.1.11     

                          AsPath 65004

       192.168.42.16/28   192.168.40.1     IGP       100         0 1.1.1.11     

                          AsPath 65004

       192.168.12.0/28    192.168.10.1     IGP       100         0 1.1.1.11     

                          AsPath 65001

       192.168.12.16/28   192.168.10.1     IGP       100         0 1.1.1.11     

                          AsPath 65001

       192.168.22.0/28    192.168.20.1     IGP       100         0 1.1.1.11     

                          AsPath 65002

       192.168.22.16/28   192.168.20.1     IGP       100         0 1.1.1.11     

                          AsPath 65002

    Total BGP IPv4 routes = 6

     

     

       Network            Next Hop        Origin LocalPref       MED BGP-ID

    Total BGP IPv6 routes = 0

     

    onos> intents -f state=INSTALLED

    id=0x9d8, state=INSTALLED, key=192.168.22.0/28, type=MultiPointToSinglePointIntent, appId=org.onosproject.sdnip

        treatment=[ETH_DST:00:00:C0:A8:14:01]

        constraints=[org.onosproject.net.intent.constraint.PartialFailureConstraint@23293596]

        ingress=[of:bbbb7cfe90f6c840/123, of:aaaa7cfe90f05bc0/125], egress=of:aaaa7cfe90f05bc0/127

    id=0x7f, state=INSTALLED, key=192.168.20.2-192.168.20.1-src, type=PointToPointIntent, appId=org.onosproject.sdnip

        selector=[ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:192.168.20.2/32, IPV4_DST:192.168.20.1/32, TCP_SRC:179]

        treatment=[NOACTION]

        ingress=of:aaaa7cfe90f05bc0/65, egress=of:aaaa7cfe90f05bc0/127

    id=0x88, state=INSTALLED, key=192.168.10.1-192.168.10.2-src, type=PointToPointIntent, appId=org.onosproject.sdnip

        selector=[ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:192.168.10.1/32, IPV4_DST:192.168.10.2/32, TCP_SRC:179]

        treatment=[NOACTION]

        ingress=of:aaaa7cfe90f05bc0/125, egress=of:aaaa7cfe90f05bc0/65

    id=0x8d, state=INSTALLED, key=192.168.40.1-192.168.40.2-dst, type=PointToPointIntent, appId=org.onosproject.sdnip

        selector=[ETH_TYPE:ipv4, IP_PROTO:6, IPV4_SRC:192.168.40.1/32 ...

     

    Verifying configuration on Switch1:

    Switch1 (config) # show openflow flows table 0 summary

    OFPST_AGGREGATE reply (OF1.3) (xid=0x2): packet_count=22155254 byte_count=2264750999 flow_count=35

     

    Switch1 (config)# show openflow flows table 0 | i tcp

    cookie=0x5600002aba0367, duration=253006.853s, table=0, n_packets=0, n_bytes=0, send_flow_rem priority=1000,tcp,in_port=127,nw_src=192.168.20.1,nw_dst=192.168.20.2,tp_dst=179 actions=output:65

    cookie=0x56000057db622a, duration=253006.801s, table=0, n_packets=78, n_bytes=6084, send_flow_rem priority=1000,tcp,in_port=125,nw_src=192.168.10.1,nw_dst=192.168.10.2,tp_dst=179 actions=output:65

    cookie=0x560000e567f1fd, duration=249600.777s, table=0, n_packets=165357, n_bytes=13150285, send_flow_rem priority=1000,tcp,in_port=65,nw_src=192.168.20.2,nw_dst=192.168.20.1,tp_dst=179 actions=output:127

    cookie=0x560000e8c700ca, duration=249600.750s, table=0, n_packets=166074, n_bytes=13202754, send_flow_rem priority=1000,tcp,in_port=65,nw_src=192.168.10.2,nw_dst=192.168.10.1,tp_dst=179 actions=output:125

    cookie=0x560000f2a6583f, duration=249070.140s, table=0, n_packets=165799,

    ...

     

    Switch1 (config) # show openflow flows table 0 | i icmp

    cookie=0x560000ed68cae6, duration=253029.405s, table=0, n_packets=8, n_bytes=816, send_flow_rem priority=1000,icmp,in_port=127,nw_src=192.168.20.1,nw_dst=192.168.20.2 actions=output:65

    cookie=0x56000018d5875d, duration=253029.380s, table=0, n_packets=5, n_bytes=510, send_flow_rem priority=1000,icmp,in_port=125,nw_src=192.168.10.1,nw_dst=192.168.10.2 actions=output:65

    cookie=0x560000c8840baf, duration=249623.353s, table=0, n_packets=5, n_bytes=510, send_flow_rem priority=1000,icmp,in_port=65,nw_src=192.168.10.2,nw_dst=192.168.10.1 actions=output:125

    ...

     

    Switch1 (config) # show openflow flows table 0 | i ip

    cookie=0x1000095d0d23a, duration=255464.127s, table=0, n_packets=298939, n_bytes=27093144, send_flow_rem priority=5,ip actions=CONTROLLER:65535

    cookie=0x560000fdffbd79, duration=248412.984s, table=0, n_packets=0, n_bytes=0, send_flow_rem priority=240,ip,in_port=125,nw_dst=192.168.22.0/28 actions=set_field:00:00:c0:a8:14:01->eth_dst,output:127

    cookie=0x560000629ed295, duration=248412.981s, table=0, n_packets=0, n_bytes=0, send_flow_rem priority=240,ip,in_port=125,nw_dst=192.168.22.16/28 actions=set_field:00:00:c0:a8:14:01->eth_dst,output:127

    ...

     

     

    Verifying configuration on Switch2:

    Switch2 (config)# show openflow flows table 0 summary

    OFPST_AGGREGATE reply (OF1.3) (xid=0x2): packet_count=12841037 byte_count=1324365096 flow_count=16

     

    Switch2 (config)# show openflow flows table 0 | i tcp

    cookie=0x56000086daafb8, duration=249148.300s, table=0, n_packets=0, n_bytes=0, send_flow_rem priority=1000,tcp,in_port=13834,nw_src=192.168.40.2,nw_dst=192.168.40.1,tp_src=179 actions=output:123

    cookie=0x560000e8817b33, duration=248458.556s, table=0, n_packets=165207, n_bytes=13137314, send_flow_rem priority=1000,tcp,in_port=123,nw_src=192.168.40.1,nw_dst=192.168.40.2,tp_src=179 actions=output:13834

    cookie=0x5600001f9538cb, duration=249148.220s, table=0, n_packets=165849, n_bytes=13184673, send_flow_rem priority=1000,tcp,in_port=13834,nw_src=192.168.40.2,nw_dst=192.168.40.1,tp_dst=179 actions=output:123

    ...

     

    Switch2 (config)# show openflow flows table 0 | i icmp

    cookie=0x560000ee0d1c0c, duration=249154.223s, table=0, n_packets=369, n_bytes=37638, send_flow_rem priority=1000,icmp,in_port=13834,nw_src=192.168.40.2,nw_dst=192.168.40.1 actions=output:123

    cookie=0x560000c50287a1, duration=248464.512s, table=0, n_packets=33, n_bytes=3366, send_flow_rem priority=1000,icmp,in_port=123,nw_src=192.168.40.1,nw_dst=192.168.40.2 actions=output:13834

     

    Switch2 (config)# show openflow flows table 0 | i ip

    cookie=0x100002502324f, duration=255523.536s, table=0, n_packets=114772, n_bytes=9641932, send_flow_rem priority=5,ip actions=CONTROLLER:65535

    cookie=0x5600005d954d70, duration=248472.406s, table=0, n_packets=991229, n_bytes=104079045, send_flow_rem priority=240,ip,in_port=123,nw_dst=192.168.22.0/28 actions=set_field:00:00:c0:a8:14:01->eth_dst,output:13834

    cookie=0x5600005d9c370c, duration=248472.402s, table=0, n_packets=991229, n_bytes=104079045, send_flow_rem priority=240,ip,in_port=123,nw_dst=192.168.22.16/28 actions=set_field:00:00:c0:a8:14:01->eth_dst,output:13834

    ...

     

    Switch2 (config)# show openflow flows table 0 | e "ip|icmp|tcp"

    OFPST_FLOW reply (OF1.3) (xid=0x2):

    cookie=0x10000b728c1c5, duration=312090.670s, table=0, n_packets=201342, n_bytes=16711386, send_flow_rem priority=40000,dl_type=0x88cc actions=CONTROLLER:65535

    cookie=0x10000db98d24d, duration=312090.667s, table=0, n_packets=201342, n_bytes=16711386, send_flow_rem priority=40000,dl_type=0x8942 actions=CONTROLLER:65535

    cookie=0x100001589ad91, duration=312090.664s, table=0, n_packets=98540, n_bytes=6109480, send_flow_rem priority=40000,arp actions=CONTROLLER:65535

    ...

     

     

    Use Case 4: ACL & FDB/Router Tables

    In the following scenario, Switch1 (ACL table 100 in our case) is configured to forward VLAN 10 and 20 traffic through port 2.

    Switch2 is configured as follows:

    • Forwards VLAN 10 packets to the FDB, which then forwards traffic through ports 2 and 3 depending on its destination MAC
    • Forwards VLAN 20 packets to the Router, which forwards traffic through ports 4 (to subnet 30) and 5 (to subnet 50) depending on its destination IP

     

    figure 7 Openflow.PNG

    Switch1 Configuration

    Run the following on Switch1:

    Switch1 (config) # protocol openflow

    Switch1 (config) # openflow controller 10.10.10.10

    Switch1 (config) # openflow datapath-id 0x1234

    Switch1 (config) # interface ethernet 1/1-1/2 openflow mode hybrid

    Switch2 Configuration

    Run the following on Switch2:

    Switch2 (config) # protocol openflow

    Switch2 (config) # openflow controller 10.10.10.10

    Switch2 (config) # openflow datapath-id 0x1234

    Switch2 (config) # interface ethernet 1/1-1/5 openflow mode hybrid

     

    Rule Configuration via Switch1 OpenFlow Controller

    Configure the following through the OpenFlow controller on Switch1:

    table=100 in_port=125 apply_actions=output: 127

     

    Rule Configuration via Switch2 OpenFlow Controller

    Configure the following rules through the OpenFlow controller on Switch2:

    table=100 in_port=125 dl_vlan=20 dl_type=0x0800 goto_table=250

    table=100 in_port=125 dl_vlan=10 dl_type=0x0800 goto_table=251

    table=250 in_port=125 dl_dst=aa:01:01:01:01:01 apply_actions=output:127

    table=250 in_port=125 dl_dst=aa:02:02:02:02:02 apply_actions=output:121

    table=251 dl_type=0x0800 nw_dst=30.30.0.0/24 apply_actions=output:123,dec_ttl,mod_dl_dst:22:01:02:03:01:23

    table=251 dl_type=0x0800 nw_dst=40.40.0.0/24 apply_actions=output:117,dec_ttl,mod_dl_dst:22:01:02:03:01:17

     

    Sending OpenFlow Rules

    Send OpenFlow rules from the controller to the switch:

     

     

    Verification

    1. Verify OpenFlow rules learned by Switch1:

    Switch1 (config) # show openflow flows

    cookie=0x0, duration=3.110s, table=100, n_packets=0, n_bytes=0, send_flow_rem in_port=125 actions=output:127

     

    2. Verify OpenFlow rules learned by Switch2:

    Switch2 (config) # show openflow flows

    cookie=0x0, duration=31.115s, table=100, n_packets=0, n_bytes=0, send_flow_rem ip,in_port=125,dl_vlan=20 actions=goto_table:250

    cookie=0x0, duration=31.110s, table=100, n_packets=0, n_bytes=0, send_flow_rem ip,in_port=125,dl_vlan=10 actions=goto_table:251

    cookie=0x0, duration=31.102s, table=250, n_packets=0, n_bytes=0, send_flow_rem dl_vlan=20,dl_dst=aa:01:01:01:01:01 actions=output:127

    cookie=0x0, duration=31.101s, table=250, n_packets=0, n_bytes=0, send_flow_rem dl_vlan=20,dl_dst=aa:02:02:02:02:02 actions=output:121

    cookie=0x0, duration=31.100s, table=251, n_packets=0, n_bytes=0, send_flow_rem ip,nw_dst=30.30.0.0/24 actions=output:123,dec_ttl,set_field:22:01:02:03:01:23->eth_dst

    cookie=0x0, duration=31.097s, table=251, n_packets=0, n_bytes=0, send_flow_rem ip,nw_dst=40.40.0.0/24 actions=output:117,dec_ttl,set_field:22:01:02:03:01:17->eth_dst

    Use Case 5: Router/Send-to-Controller

    In this use case we demonstrate the ACL, router & send-to-controller functionalities over a small network of two switches & controller.

    In the scenario below:

    • Switch1 :
      • Forwards VLAN 10 traffic to Switch2 through port 5
      • Modifies VLAN 20 traffic to VLAN 15 and forwards it through port 6
      • Forwards VLAN 30 traffic to the OpenFlow controller
      • Drops all other traffic

     

    • Switch 2 forwards traffic (using ACL table 251, the router table) to its destination according to its IP address:
      • Subnet 10 through port 2
      • Subnet 50 through port 3
      • All other traffic through port 4

    figure 8 Openflow.PNG

    OpenFlow Switch1 Configuration

    Run the following on Switch1:

    Switch1 (config) # protocol openflow

    Switch1 (config) # openflow controller 10.10.10.10

    Switch1 (config) # openflow datapath-id 0x1234

    Switch1 (config) # interface ethernet 1/1 openflow mode hybrid

    Switch1 (config) # interface ethernet 1/5-1/7 openflow mode hybrid

     

    OpenFlow Switch2 Configuration

    Run the following on Switch2:

    Switch2 (config)# protocol openflow

    Switch2 (config)# openflow controller 10.10.10.10

    Switch2 (config)# openflow datapath-id 0x1234

    Switch2 (config)# interface ethernet 1/1-1/4 openflow mode hybrid

     

    Rule Configuration via Switch1 OpenFlow Controller

    table=10 in_port=125 dl_vlan=10 dl_type=0x0800 apply_actions=output:117

    table=10 in_port=125 dl_vlan=20 apply_actions=mod_vlan_vid:15,output:119

    table=10 in_port=125 dl_vlan=30 apply_actions=controller

    table=10 in_port=125 apply_actions=drop

     

    Rule Configuration via Switch2 OpenFlow Controller

    table=0 in_port=125 dl_type=0x0800 goto_table=251

    table=251 dl_type=0x0800 nw_dst=10.10.0.0/24 apply_actions=output:127,dec_ttl,mod_dl_dst:22:01:02:03:04:37

    table=251 dl_type=0x0800 nw_dst=50.50.0.0/24 apply_actions=output:121,dec_ttl,mod_dl_dst:22:01:02:03:04:31

    table=251 dl_type=0x0800 nw_dst=0.0.0.0/0 apply_actions=output:123,dec_ttl,mod_dl_dst:22:01:02:03:04:33

     

    Sending OpenFlow Rules

    Send OpenFlow rules from the controller to the switch:

    Verification

    1. Verify OpenFlow rules learned by Switch1:

    Switch1 (config) # show openflow flows

    cookie=0x0, duration=1.895s, table=10, n_packets=0, n_bytes=0, send_flow_rem ip,in_port=125,dl_vlan=10 actions=output:117

    cookie=0x0, duration=1.888s, table=10, n_packets=0, n_bytes=0, send_flow_rem in_port=125,dl_vlan=20 actions=set_field:4111->vlan_vid,output:119

    cookie=0x0, duration=1.880s, table=10, n_packets=0, n_bytes=0, send_flow_rem in_port=125,dl_vlan=30 actions=CONTROLLER:0

    cookie=0x0, duration=1.874s, table=10, n_packets=0, n_bytes=0, send_flow_rem in_port=125 actions=drop

     

    2. Verify OpenFlow rules learned by Switch2:

    Switch2 (config) # show openflow flows

    cookie=0x0, duration=9.815s, table=0, n_packets=0, n_bytes=0, send_flow_rem ip,in_port=125 actions=goto_table:251

    cookie=0x0, duration=1.248s, table=251, n_packets=0, n_bytes=0, send_flow_rem ip,nw_dst=10.10.0.0/24 actions=output:127,dec_ttl,set_field:22:01:02:03:04:37->eth_dst

    cookie=0x0, duration=1.246s, table=251, n_packets=0, n_bytes=0, send_flow_rem ip,nw_dst=50.50.0.0/24 actions=output:121,dec_ttl,set_field:22:01:02:03:04:31->eth_dst

    cookie=0x0, duration=1.244s, table=251, n_packets=0, n_bytes=0, send_flow_rem ip,nw_dst=0.0.0.0 actions=output:123,dec_ttl,set_field:22:01:02:03:04:33->eth_dst