Example: Configuring OpenFlow Hybrid Interfaces on EX9200 Switches
On EX9200 switches that have the OpenFlow software package installed, you can configure physical interfaces that support multiple logical interfaces as OpenFlow hybrid interfaces. A hybrid interface concurrently supports OpenFlow logical interfaces and non-OpenFlow logical interfaces. A hybrid interface enables OpenFlow and non-OpenFlow traffic to traverse the same physical interface while keeping the traffic in separate VLANs.
Hybrid interfaces enable you to use physical interfaces more efficiently, especially in a situation where having an adequate number of physical interfaces available is important.
This example shows how to configure an OpenFlow hybrid interface on an EX9200 switch.
Requirements
This example uses the following hardware and software components:
An EX9200 switch running Junos OS Release 13.3 or a later release.
An OpenFlow software package is installed on the switch, and the software package release matches the Junos OS release running on the switch.
The switch has a TCP connection to an OpenFlow controller, which needs to access the data plane of the switch.
The switch is connected to the management network through the fxp0 interface and is reachable from the controller IP address.
Overview and Topology
In this example, you configure an EX9200 switch with:
One hybrid interface, xe-2/1/0
One non-hybrid interface, xe-2/1/1, which handles OpenFlow traffic only
One non-hybrid interface, xe-2/1/2, which handles non-OpenFlow traffic only
On the hybrid interface, logical interface xe-2/1/0.0 participates in OpenFlow, and logical interfaces xe-2/1/0.1 and xe-2/1/0.2 do not participate in OpenFlow.
When using hybrid interfaces, you use VLAN tagging to distinguish
OpenFlow traffic from non-OpenFlow traffic. Thus, you must enable
VLAN tagging on all interfaces, and traffic entering the interfaces
must be VLAN-tagged. If you do not configure a native VLAN, untagged
traffic entering a hybrid interface is dropped. In this example, you
configure the hybrid interface by using flexible-vlan-tagging, which enables VLAN tagging and supports both 802.1Q VLAN single-tag
and dual-tag frames for all traffic on the interface. You also configure
the OpenFlow interface xe-2/1/1 and the non-OpenFlow interface xe-2/1/2
by using vlan-tagging, which enables VLAN tagging and supports
only 802.1Q VLAN single-tag frames for all traffic on the interface.
You configure the hybrid interface encapsulation as flexible Ethernet services. Note that for interfaces with this type of encapsulation, all VLAN IDs are valid. VLAN IDs from 1 through 511 are no longer reserved for normal Ethernet VLANs. In this example, VLANs 100 through 200 are used for OpenFlow traffic, and VLANs 700 and 800 are used for non-OpenFlow traffic.
All logical interfaces except xe-2/1/0.2 are configured as Layer
2 trunk interfaces by using family ethernet-switching and
interface mode trunk. Logical interfaces xe-2/1/0.0 and
xe-2/1/1.0 participate in OpenFlow and receive and forward traffic
with OpenFlow VLAN IDs 100 through 200. Logical interfaces xe-2/1/0.1
and xe-2/1/2.0 do not participate in OpenFlow and receive and forward
traffic with non-OpenFlow VLAN ID 700.
Logical interface xe-2/1/0.2 is a subinterface with the IP address 198.51.100.10/24 and performs Layer 3 routing. This interface does not participate in OpenFlow and routes traffic with VLAN ID 800.
Table 1 summarizes the logical interfaces, traffic types, and associated VLAN IDs.
Logical Interface |
Traffic Type |
VLANs |
|---|---|---|
xe-2/1/0.0 |
OpenFlow |
100 through 200 |
xe-2/1/0.1 |
Non-OpenFlow |
700 |
xe-2/1/0.2 |
Non-OpenFlow |
800 |
xe-2/1/1.0 |
OpenFlow |
200 |
xe-2/1/2.0 |
Non-OpenFlow |
700 |
You configure the OpenFlow virtual switch and OpenFlow protocol
statements at the [edit protocols openflow] hierarchy level.
The virtual switch 100 connects to the OpenFlow controller over a
TCP connection at the IP address 198.51.100.174. The virtual switch
configuration must include all of the logical interfaces participating
in OpenFlow, which includes xe-2/1/0.0 and xe-2/1/1.0.
An EX9200 switch requires a separate routing instance for a
virtual switch. This routing instance isolates the OpenFlow traffic
from the non-OpenFlow traffic. When using hybrid interfaces, you configure
a virtual switch routing instance for the OpenFlow traffic and another
virtual switch routing instance for non-OpenFlow traffic. In this
example, you configure routing instance OF for the OpenFlow
traffic and routing instance NON-OF for the non-OpenFlow
traffic.
Routing instance OF includes the
interfaces participating in OpenFlow—xe-2/1/0.0 and xe-2/1/1.0.
Within this routing instance, you configure a VLAN to include OpenFlow
VLANs 100 through 200. Routing instance NON-OF includes
the Layer 2 interfaces that do not participate in OpenFlow—xe-2/1/0.1
and xe-2/1/2.0. Within this routing instance, you configure a VLAN
to include the non-OpenFlow VLAN 700.
To direct OpenFlow traffic, the OpenFlow controller must install flow entries that select the appropriate traffic and forward it to the correct OpenFlow interface.
Configuration
- CLI Quick Configuration
- Configuring the Interfaces
- Configuring OpenFlow
- Configuring the Virtual Switch Routing Instances
- Results
CLI Quick Configuration
To quickly configure this example, copy the following
commands, paste them into a text file, remove any line breaks, change
any details necessary to match your network configuration, copy and
paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set interfaces xe-2/1/0 flexible-vlan-tagging set interfaces xe-2/1/0 encapsulation flexible-ethernet-services set interfaces xe-2/1/0 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-2/1/0 unit 0 family ethernet-switching vlan members 100-200 set interfacesxe-2/1/0 unit 1 family ethernet-switching interface-mode trunk set interfaces xe-2/1/0 unit 1 family ethernet-switching vlan members 700 set interfaces xe-2/1/0 unit 2 vlan-id 800 set interfaces xe-2/1/0 unit 2 family inet address 198.51.100.10/24 set interfaces xe-2/1/1 vlan-tagging set interfaces xe-2/1/1 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-2/1/1 unit 0 family ethernet-switching vlan members 200 set interfaces xe-2/1/2 vlan-tagging set interfaces xe-2/1/2 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-2/1/2 unit 0 family ethernet-switching vlan members 700 set protocols openflow switch 100 controller address 198.51.100.174 set protocols openflow switch 100 controller protocol tcp port 6633 set protocols openflow switch 100 interfaces xe-2/1/0.0 set protocols openflow switch 100 interfaces xe-2/1/1.0 set routing-instances OF instance-type virtual-switch set routing-instances OF interface xe-2/1/0.0 set routing-instances OF interface xe-2/1/1.0 set routing-instances OF vlans OF-vlan vlan-id-list 100-200 set routing-instances NON-OF instance-type virtual-switch set routing-instances NON-OF interface xe-2/1/0.1 set routing-instances NON-OF interface xe-2/1/2.0 set routing-instances NON-OF vlans OF-vlan vlan-id-list 700
Configuring the Interfaces
Step-by-Step Procedure
To configure the interfaces:
On the hybrid physical interface, enable VLAN tagging and configure the encapsulation:
[edit interfaces xe-2/1/0] user@switch# set flexible-vlan-tagging user@switch# set encapsulation flexible-ethernet-services
Configure the OpenFlow logical interface xe-2/1/0.0 as a Layer 2 trunk that supports VLANs 100 through 200:
[edit interfaces xe-2/1/0] user@switch# set unit 0 family ethernet-switching interface-mode trunk user@switch# set unit 0 family ethernet-switching vlan members 100-200
Configure the non-OpenFlow logical interface xe-2/1/0.1 as a Layer 2 trunk that supports VLAN 700:
[edit interfaces xe-2/1/0] user@switch# set unit 1 family ethernet-switching interface-mode trunk user@switch# set unit 1 family ethernet-switching vlan members 700
Configure the non-OpenFlow logical interface xe-2/1/0.2 as a Layer 3 subinterface:
[edit interfaces xe-2/1/0] user@switch# set unit 2 vlan-id 800 user@switch# set unit 2 family inet address 198.51.100.10/24
On xe-2/1/1, enable VLAN tagging, and configure the logical interface as a Layer 2 trunk that supports VLAN 200:
[edit interfaces xe-2/1/1] user@switch# set vlan-tagging user@switch# set unit 0 family ethernet-switching interface-mode trunk user@switch# set unit 0 family ethernet-switching vlan members 200
On xe-2/1/2, enable VLAN tagging, and configure the logical interface as a Layer 2 trunk that supports VLAN 700:
[edit interfaces xe-2/1/2] user@switch# set vlan-tagging user@switch# set unit 0 family ethernet-switching interface-mode trunk user@switch# set unit 0 family ethernet-switching vlan members 700
Configuring OpenFlow
Step-by-Step Procedure
To configure OpenFlow:
Configure the OpenFlow controller IP address and the connection protocol:
[edit protocols openflow switch 100] user@switch# set controller address 198.51.100.174 user@switch# set controller protocol tcp port 6633
Specify the logical interfaces participating in OpenFlow under virtual switch 100:
[edit protocols openflow switch 100] user@switch# set interfaces xe-2/1/0.0 user@switch# set interfaces xe-2/1/1.0
Configuring the Virtual Switch Routing Instances
Step-by-Step Procedure
To configure the routing instances:
Configure the routing instance for the OpenFlow traffic.
[edit] user@switch# set routing-instances OF instance-type virtual-switch user@switch# set routing-instances OF interface xe-2/1/0.0 user@switch# set routing-instances OF interface xe-2/1/1.0 user@switch# set routing-instances OF vlans OF-vlan vlan-id-list 100-200
Configure the routing instance for the non-OpenFlow traffic on Layer 2 interfaces:
[edit] user@switch# set routing-instances NON-OF instance-type virtual-switch user@switch# set routing-instances NON-OF interface xe-2/1/0.1 user@switch# set routing-instances NON-OF interface xe-2/1/2.0 user@switch# set routing-instances NON-OF vlans NOF-vlan vlan-id-list 700
Commit the configuration:
[edit] user@switch# commit
Results
From operational mode, confirm your configuration by
entering the show configuration interfaces, show configuration
protocols openflow, and show configuration routing-instances commands. If the output does not display the specified configuration,
repeat the configuration instructions in this example to correct the
configuration.
user@switch> show configuration interfaces
xe-2/1/0 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members 100-200;
}
}
}
unit 1 {
family ethernet-switching {
interface-mode trunk;
vlan {
members 700;
}
}
}
unit 2 {
vlan-id 800;
family inet {
address 198.51.100.10/24;
}
}
}
xe-2/1/1 {
vlan-tagging;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members 200;
}
}
}
}
xe-2/1/2 {
vlan-tagging;
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members 700;
}
}
}
}
user@switch> show configuration protocols openflow
switch 100 {
interfaces {
xe-2/1/0.0;
xe-2/1/1.0;
}
controller {
protocol tcp {
port 6633;
}
address 198.51.100.174;
}
}
user@switch> show configuration routing-instances
OF {
instance-type virtual-switch;
interface xe-2/1/0.0;
interface xe-2/1/1.0;
vlans {
OF-vlan {
vlan-id-list 100-200;
}
}
}
NON-OF {
instance-type virtual-switch;
interface xe-2/1/0.1;
interface xe-2/1/2.0;
vlans {
NOF-vlan {
vlan-id 700;
}
}
}Verification
Confirm that the configuration is working properly.
Verifying the OpenFlow Controller Connection
Purpose
Verify that the OpenFlow controller connection is up.
Action
Issue the show openflow controller operational
mode command to verify that the controller connection state is up. Because the virtual switch configuration has
only a single controller, the virtual switch automatically initiates
a connection to the controller after you commit the configuration.
user@switch> show openflow controller Openflowd controller information: Controller socket: 11 Controller IP address: 198.51.100.174 Controller protocol: tcp Controller port: 6633 Controller connection state: up Number of connection attempt: 5 Controller role: equal
Meaning
The output shows that the connection state of the OpenFlow
controller is up, in addition to other information about
the controller.
Verifying the OpenFlow Interfaces
Purpose
Verify that the OpenFlow interfaces are up.
Action
Issue the show openflow interfaces operational
mode command, and verify that the state of each OpenFlow interface
is Up.
user@switch> show openflow interfaces Switch name: 100 Interface Name: xe-2/1/0.0 Interface port number: 41500 Interface Hardware Address: 00:00:5E:00:53:cf Interface speed: 10Gb Full-duplex Interface Auto-Negotiation: Disabled Interface media type: Fiber Interface state: Up Switch name: 100 Interface Name: xe-2/1/1.0 Interface port number: 41501 Interface Hardware Address: 00:00:5E:00:53:d0 Interface speed: 10Gb Full-duplex Interface Auto-Negotiation: Disabled Interface media type: Fiber Interface state: Up
Meaning
The output shows that the state of each OpenFlow interface
is Up, in addition to other information
about the interfaces.