Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Enabling OpenFlow on QFX5100 and EX4600 Switches

OpenFlow is an open standard that enables you to control traffic paths in a network by creating, deleting, and modifying flows in each device along a path. This example shows how to configure OpenFlow support on QFX5100 and EX4600 switches.

To isolate and control OpenFlow traffic on the switches, you configure a virtual switch. You also configure a Secure Sockets Layer (SSL) or TCP/IP connection between the virtual switch and a remote OpenFlow controller. Using this connection, the OpenFlow controller can access the flows in the virtual switch.

Requirements

This example uses the following hardware and software components:

  • A QFX5100 switch running Junos OS Release 14.1X53-D10 or later, or an EX4600 switch running Junos OS Release 17.1R1 or later.

  • An OpenFlow software package is installed on the switch, and the release of this package matches the Junos OS release running on the switch.

  • A TCP connection between the switch and an OpenFlow controller.

  • A connection between the management interface (em0 or em1) of the switch and the management network.

Overview

In this example, you configure support for OpenFlow on a Juniper Networks switch. The switch has three interfaces that are dedicated to handling OpenFlow traffic: xe-0/0/10.0, xe-0/0/11.0, and xe-0/0/12.0. Note that on these switches, you can configure only a single logical interface, using logical unit number 0 for each OpenFlow interface.

In an OpenFlow topology, a virtual switch is used to isolate and control OpenFlow traffic. You configure the OpenFlow virtual switch and OpenFlow protocol statements at the [edit protocols openflow] hierarchy level.

Virtual switch 100 also connects to an OpenFlow controller over a TCP connection at the IP address 10.51.100.174. The virtual switch configuration must include all of the logical interfaces participating in OpenFlow; OpenFlow traffic enters and exits only through these interfaces.

A flow entry consists of a match condition against which packets entering an OpenFlow interface are compared, and the action that is applied to packets that match the condition. Each OpenFlow interface can have one or more flow entries. The default-action statement in the OpenFlow configuration indicates the action the switch applies to packets that do not have a matching flow entry. This example uses the drop option, which specifies that packets that do not match a flow entry are dropped.

This example also configures OpenFlow traceoptions, along with the flag all statement, which captures and logs all OpenFlow events. This example does not configure a specific filename for the log file. As a result, OpenFlow events are logged in the default OpenFlow log directory /var/log/ofd.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Procedure

Step-by-Step Procedure

To configure support for OpenFlow:

  1. Configure the OpenFlow interfaces as Layer 2 interfaces.

  2. Configure an OpenFlow virtual switch named 100.

  3. Configure the OpenFlow controller IP address and the connection protocol.

  4. Configure the logical interfaces in this virtual switch that participate in OpenFlow.

  5. Configure the default action for packets that do not have a matching flow entry.

  6. Configure OpenFlow traceoptions.

  7. Commit the configuration.

Results

From operational mode, confirm your configuration by entering the show configuration interfacesand show configuration protocols openflow commands.

Verification

Confirm that the configuration is working properly.

Verifying That the OpenFlow Controller Connection Is Up

Purpose

Verify that the OpenFlow controller connection is up.

Action

Issue the show openflow controller operational mode command, and verify that the controller connection state is up. Because the virtual switch configuration has only a single controller, the virtual switch automatically initiates a connection to the controller after you commit the configuration.

Meaning

The output shows that the connection state of the OpenFlow controller is up, in addition to other information about the controller.

Verifying that the OpenFlow Interfaces Are Up

Purpose

Verify that the OpenFlow interfaces are up.

Action

Issue the show openflow interfaces operational mode command, and verify that the state of each OpenFlow interface is Up.

Meaning

The output shows that the state of each OpenFlow interface is Up, in addition to other information about the interfaces.