Configuring Flows Using CLI Commands

NVIDIA Onyx User Manual v3.10.4006

The on-switch commands use the Open vSwitch (OVS) syntax for OpenFlow. They are actually based on the “ovs-ofctl” command. For more details please refer to the Flow Syntax section of this man-page.

It is slightly modified as you need to explicitly input a flow reference number to modify. This flow ID may be used when performing any modification to the flow (e.g. delete).

All flow configurations also appear in the running-config and are restored after switch reload.

When configuring flows, you may assign them a high priority, and then to configure a “drop all” rule for non-matching packets with a lower priority.

For the flows (use a higher priority e.g. 10000 then the drop all rule) and input interface:

Copy
Copied!
            

switch (config) # openflow add-flows 1 ip, priority=5000, in_port=Eth1/1, nw_src=192.168.0.1/32, nw_dst=239.0.1.2/32, actions=output=Eth1/56

The above rule matches on SRC IP=192.168.0.1 and DEST IP=239.0.1.2 and the action is to output matching traffic to interface Eth1/56.

For the “drop all” rule (use a lower priority than other match rules):

Copy
Copied!
            

switch (config) # openflow add-flows 1000 priority=50,in_port=ANY,actions=DROP

To delete a flow, run the command “del-flows” along with a flow’s reference number:

Copy
Copied!
            

switch (config) # openflow del-flows 1 switch (config) # openflow del-flows 1000

Warning

OpenFlow may be configured using one method at a time, so if an OpenFlow controller is configured then switch CLI method cannot be used.

To configure MLAG interface in OpenFlow, do the following:

  1. Enable OpenFlow in the system.

    Copy
    Copied!
                

    switch (config) # protocol openflow

  2. Add MPO interfaces as OpenFlow mode hybrid port.

    Copy
    Copied!
                

    switch (config) # interface mlag-port-channel 1-3 openflow mode hybrid

  3. Add the needed OpenFlow flow with MPO usage.

    Copy
    Copied!
                

    openflow add-flows 1 table=0, priority=500, in_port=Mpo1, actions=NORMAL

  4. Observe the relevant MPO interfaces in OpenFlow using the "show openflow" command.

    Copy
    Copied!
                

    switch (config) # show openflow OpenFlow Version: OpenFlow 1.3 Datapath ID: 0000248a07cacd00   Controllers Information:   ----------------------------------------------------------------------------------------   Controller                State            Role       Changed (sec)  Last Error   ----------------------------------------------------------------------------------------     Mapping of OpenFlow ports to their OpenFlow numbers:   -----------------------   Interface       OF-Port   -----------------------   Mpo1            OF-29001   Mpo2            OF-29002   Mpo3            OF-29003

  5. Observe the OpenFlow rules with MPO interfaces with the "show openflow flows ethernet-names" command.

    Copy
    Copied!
                

    switch (config) # show openflow flows ethernet-names OFPST_FLOW reply (OF1.3) (xid=0x2):  cookie=0x0, duration=2.166s, table=0, n_packets=0, n_bytes=0, priority=500,in_port=Mpo1 actions=NORMAL

  6. Only 63 POs/MPOs interfaces are allowed if protocol OpenFlow is enabled (1 LAG is always used by OpenFlow by default).

    Copy
    Copied!
                

    switch (config) # protocol openflow switch (config) # protocol mlag switch (config) # interface mlag-port-channel 1-32 switch (config) # interface port-channel 33-64  % The one LAG is in use by OpenFlow feature, please disable OpenFlow to have a possibility use 64 POs/MPOs.

  7. It is not possible to enable OpenFlow protocol if there are already 64 POs/MPOs in use. Only 63 POs/MPOs can be used as 1 LAG is always used by OpenFlow:

    Copy
    Copied!
                

    switch (config) # protocol mlag switch (config) # interface mlag-port-channel 1-64 switch (config) # protocol openflow  % There are already 64 POs/MPOs in use. One free LAG is required to enable protocol OpenFlow.

Warning

Forwarding control traffic (LACP, LLDP, BPDU) from one MPO interface to another one is currently not supported. If the destination port is MPO and this MPO is in the DOWN state, the traffic will be redirected to IPL and cause unexpected behavior (the IPL will start flapping due to redundant packets, e.g. LACP packets).

For example, it may lead to the scenario when LACP packets will be delivered on the wrong destination port when the following OpenFlow rule will be used:
openflow add-flows 1 table=0,priority=100,in_port=Mpo1,actions=output:Mpo2

The workaround is to use separate OpenFlow rule with a higher priority and destination MAC for the LACP packets in order to forward LACP packets in the proper direction:
openflow add-flows 1 table=0,priority=200,dl_dst= 01:80:c2:00:00:02,actions=NORMAL
openflow add-flows 1 table=0,priority=100,in_port=Mpo1,actions=output:Mpo2

Warning

Proper setup of MLAG topology and MLAG failovers are under user responsibility. Openflow does not handle such situations. The OpenFlow rules are also not synchronized on the MLAG members.

© Copyright 2023, NVIDIA. Last updated on Mar 5, 2024.