Configuring Flows Using CLI Commands
The on-switch commands use the Open vSwitch (OVS) syntax for OpenFlow. They are actually based on the “ovs-ofctl” command. For more details please refer to the Flow Syntax section of this man-page.
It is slightly modified as you need to explicitly input a flow reference number to modify. This flow ID may be used when performing any modification to the flow (e.g. delete).
All flow configurations also appear in the running-config and are restored after switch reload.
When configuring flows, you may assign them a high priority, and then to configure a “drop all” rule for non-matching packets with a lower priority.
For the flows (use a higher priority e.g. 10000 then the drop all rule) and input interface:
switch
(config) # openflow add-flows 1
ip, priority=5000
, in_port=Eth1/1
, nw_src=192.168
.0.1
/32
, nw_dst=239.0
.1.2
/32
, actions=output=Eth1/56
The above rule matches on SRC IP=192.168.0.1 and DEST IP=239.0.1.2 and the action is to output matching traffic to interface Eth1/56.
For the “drop all” rule (use a lower priority than other match rules):
switch
(config) # openflow add-flows 1000
priority=50
,in_port=ANY,actions=DROP
To delete a flow, run the command “del-flows” along with a flow’s reference number:
switch
(config) # openflow del-flows 1
switch
(config) # openflow del-flows 1000
OpenFlow may be configured using one method at a time, so if an OpenFlow controller is configured then switch CLI method cannot be used.
To configure MLAG interface in OpenFlow, do the following:
Enable OpenFlow in the system.
switch
(config) # protocol openflowAdd MPO interfaces as OpenFlow mode hybrid port.
switch
(config) #interface
mlag-port-channel1
-3
openflow mode hybridAdd the needed OpenFlow flow with MPO usage.
openflow add-flows
1
table=0
, priority=500
, in_port=Mpo1, actions=NORMALObserve the relevant MPO interfaces in OpenFlow using the "show openflow" command.
switch
(config) # show openflow OpenFlow Version: OpenFlow1.3
Datapath ID: 0000248a07cacd00 Controllers Information: ---------------------------------------------------------------------------------------- Controller State Role Changed (sec) Last Error ---------------------------------------------------------------------------------------- Mapping of OpenFlow ports to their OpenFlow numbers: ----------------------- Interface OF-Port ----------------------- Mpo1 OF-29001
Mpo2 OF-29002
Mpo3 OF-29003
Observe the OpenFlow rules with MPO interfaces with the "show openflow flows ethernet-names" command.
switch
(config) # show openflow flows ethernet-names OFPST_FLOW reply (OF1.3
) (xid=0x2
): cookie=0x0
, duration=2
.166s, table=0
, n_packets=0
, n_bytes=0
, priority=500
,in_port=Mpo1 actions=NORMALOnly 63 POs/MPOs interfaces are allowed if protocol OpenFlow is enabled (1 LAG is always used by OpenFlow by default).
switch
(config) # protocol openflowswitch
(config) # protocol mlagswitch
(config) #interface
mlag-port-channel1
-32
switch
(config) #interface
port-channel33
-64
% The one LAG is in use by OpenFlow feature, please disable OpenFlow to have a possibility use64
POs/MPOs.It is not possible to enable OpenFlow protocol if there are already 64 POs/MPOs in use. Only 63 POs/MPOs can be used as 1 LAG is always used by OpenFlow:
switch
(config) # protocol mlagswitch
(config) #interface
mlag-port-channel1
-64
switch
(config) # protocol openflow % There are already64
POs/MPOs in use. One free LAG is required to enable protocol OpenFlow.
Forwarding control traffic (LACP, LLDP, BPDU) from one MPO interface to another one is currently not supported. If the destination port is MPO and this MPO is in the DOWN state, the traffic will be redirected to IPL and cause unexpected behavior (the IPL will start flapping due to redundant packets, e.g. LACP packets).
For example, it may lead to the scenario when LACP packets will be delivered on the wrong destination port when the following OpenFlow rule will be used:
openflow add-flows 1 table=0,priority=100,in_port=Mpo1,actions=output:Mpo2
The workaround is to use separate OpenFlow rule with a higher priority and destination MAC for the LACP packets in order to forward LACP packets in the proper direction:
openflow add-flows 1 table=0,priority=200,dl_dst= 01:80:c2:00:00:02,actions=NORMAL
openflow add-flows 1 table=0,priority=100,in_port=Mpo1,actions=output:Mpo2
Proper setup of MLAG topology and MLAG failovers are under user responsibility. Openflow does not handle such situations. The OpenFlow rules are also not synchronized on the MLAG members.