Example: Enabling OpenFlow on EX9200 Switches
OpenFlow is an open standard that enables you to control traffic paths in a network by creating, deleting, and modifying flows in each device, including EX9200 switches that have an OpenFlow software package installed, along a path. This example shows how to configure OpenFlow support on an EX9200 switch.
Requirements
This example uses the following hardware and software components:
An EX9200 switch running Junos OS Release 13.3 or a later release.
An OpenFlow software package is installed on the switch, and the software package release matches the Junos OS release running on the switch.
The switch has a TCP connection to an OpenFlow controller, which needs to access the data plane of the switch.
The switch is connected to the management network through the me0 interface and is reachable from the OpenFlow controller IP address.
Overview and Topology
In this example, you configure support for OpenFlow on an EX9200 switch. The switch has three interfaces that are dedicated to handling OpenFlow traffic: ge-1/0/0.0, ge-1/1/0.0, and xe-0/0/0.0.
EX9200 switches require a separate routing instance for a virtual
switch. This routing instance isolates the experimental OpenFlow traffic
from the normal network traffic. In this example, you configure a
routing instance for the virtual switch, OF-ri, by using
the instance type virtual-switch at the [edit routing-instances] hierarchy level. The routing instance OF-ri includes
all of the logical interfaces participating in OpenFlow.
The virtual switch, OFswitch1, connects to the OpenFlow
controller over a TCP connection at the IP address 198.51.100.174.
The virtual switch configuration must include all of the logical interfaces
participating in OpenFlow, and the OpenFlow traffic only either enters
or exits these interfaces.
A flow entry consists of a match condition against which packets
entering an OpenFlow interface are compared, and the action that is
applied to packets that match the condition. Each OpenFlow interface
can have one or more flow entries. The default-action statement
in the OpenFlow configuration indicates the action the switch applies
for packets that do not have a matching flow entry. If you do not
explicitly configure the default-action statement, the
default action is packet-in, which indicates that packets
that have no matching flow entry are sent to the OpenFlow controller
for processing. In this example, you explicitly configure packet-in as the default action for packets that do not have a matching flow
entry.
In this example, you configure OpenFlow traceoptions also. When
traceoptions are configured with the flag all statement,
all OpenFlow events are captured and logged. In this example, a specific
filename is not configured for the log file. Therefore, OpenFlow events
are logged in the default OpenFlow log file at /var/log/ofd.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following
commands, paste them into a text file, remove any line breaks, change
any details necessary to match your network configuration, copy and
paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set interfaces ge-1/0/0 unit 0 family ethernet-switching set interfaces ge-1/1/0 unit 0 family ethernet-switching set interfaces xe-0/0/0 unit 0 family ethernet-switching set routing-instances OF-ri instance-type virtual-switch set routing-instances OF-ri interface ge-1/0/0.0 set routing-instances OF-ri interface ge-1/1/0.0 set routing-instances OF-ri interface xe-0/0/0.0 set routing-instances OF-ri vlans of-bridge vlan-id none set protocols openflow switch OFswitch1 controller address 198.51.100.174 set protocols openflow switch OFswitch1 controller protocol tcp port 6633 set protocols openflow switch OFswitch1 interfaces ge-1/0/0.0 set protocols openflow switch OFswitch1 interfaces ge-1/1/0.0 set protocols openflow switch OFswitch1 interfaces xe-0/0/0.0 set protocols openflow switch OFswitch1 default-action packet-in set protocols openflow traceoptions flag all
Procedure
Step-by-Step Procedure
To configure support for OpenFlow:
Configure the OpenFlow interfaces as Layer 2 interfaces:
[edit interfaces] user@switch# set ge-1/0/0 unit 0 family ethernet-switching user@switch# set ge-1/1/0 unit 0 family ethernet-switching user@switch# set xe-0/0/0 unit 0 family ethernet-switching
Configure the virtual switch routing instance:
[edit routing-instances] user@switch# set OF-ri instance-type virtual-switch user@switch# set OF-ri interface ge-1/0/0.0 user@switch# set OF-ri interface ge-1/1/0.0 user@switch# set OF-ri interface xe-0/0/0.0 user@switch# set OF-ri vlans of-bridge vlan-id none
Configure the OpenFlow controller IP address and the connection protocol:
[edit protocols openflow switch OFswitch1] user@switch# set controller address 198.51.100.174 user@switch# set controller protocol tcp port 6633
Configure the logical interfaces participating in OpenFlow under this virtual switch instance:
[edit protocols openflow switch OFswitch1] user@switch# set interfaces ge-1/0/0.0 user@switch# set interfaces ge-1/1/0.0 user@switch# set interfaces xe-0/0/0.0
Configure the default action for packets that do not have a matching flow entry:
[edit protocols openflow switch OFswitch1] user@switch# set default-action packet-in
Configure OpenFlow traceoptions:
[edit protocols openflow] user@switch# set traceoptions flag all
Commit the configuration:
[edit] user@switch# commit
Results
From operational mode, display the results of your
configuration by entering the show configuration interfaces, show configuration protocols openflow, and show
configuration routing-instances commands. If the output does
not display the specified configuration, repeat the instructions in
this example to correct the configuration.
user@switch> show configuration interfaces
ge-1/0/0 {
unit 0 {
family ethernet-switching;
}
}
ge-1/1/0 {
unit 0 {
family ethernet-switching;
}
}
xe-0/0/0 {
unit 0 {
family ethernet-switching;
}
}
user@switch> show configuration protocols openflow
switch OFswitch1 {
default-action {
packet-in;
}
interfaces {
ge-1/0/0.0;
ge-1/1/0.0;
xe-0/0/0.0;
}
controller {
address 198.51.100.174;
protocol tcp {
port 6633;
}
}
traceoptions {
flag all;
}
user@switch> show configuration routing-instances
OF-ri {
instance-type virtual-switch;
interface ge-1/0/0.0;
interface ge-1/1/0.0;
interface xe-0/0/0.0;
vlans {
of-bridge {
vlan-id none;
}
}
}
Verification
Confirm that the configuration is working properly.
Verifying the OpenFlow Controller Connection
Purpose
Verify that the OpenFlow controller connection is up.
Action
Issue the show openflow controller operational
mode command to verify that the controller connection state is up. Because the virtual switch configuration has
only a single controller, the virtual switch automatically initiates
a connection to the controller after you commit the configuration.
user@switch> show openflow controller Openflowd controller information: Controller socket: 11 Controller IP address: 198.51.100.174 Controller protocol: tcp Controller port: 6633 Controller connection state: up Number of connection attempt: 5 Controller role: equal
Meaning
The output shows that the connection state of the OpenFlow
controller is up, in addition to other
information about the controller.
Verifying the OpenFlow Interfaces
Purpose
Verify that the OpenFlow interfaces are up.
Action
Issue the show openflow interfaces operational
mode command, and verify that the state of each OpenFlow interface
is Up.
user@switch> show openflow interfaces Switch name: OFswitch1 Interface Name: ge-1/0/0.0 Interface port number: 41507 Interface Hardware Address: 00:00:5E:00:53:b1 Interface speed: 1Gb Full-duplex Interface Auto-Negotiation: Disabled Interface media type: Fiber Interface state: Up Switch name: OFswitch1 Interface Name: ge-1/1/0.0 Interface port number: 44538 Interface Hardware Address: 00:00:5E:00:53:b2 Interface speed: 1Gb Full-duplex Interface Auto-Negotiation: Disabled Interface media type: Fiber Interface state: Up Switch name: OFswitch1 Interface Name: xe-0/0/0.0 Interface port number: 45549 Interface Hardware Address: 00:00:5E:00:53:b3 Interface speed: 10Gb Full-duplex Interface Auto-Negotiation: Disabled Interface media type: Fiber Interface state: Up
Meaning
The output shows that the state of each OpenFlow interface
is Up, in addition to other information
about the interfaces.