• 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 新华三人才研学中心
  • 关于我们

15-OpenFlow配置举例

目录

00-H3C_S12500_OpenFlow典型配置举例

本章节下载 00-H3C_S12500_OpenFlow典型配置举例  (1.07 MB)

00-H3C_S12500_OpenFlow典型配置举例


1 简介

本文档介绍了OpenFlow的配置举例。

OpenFlow允许控制器直接访问和操作网络设备的转发平面,将控制平面和数据平面分离。交换机依据控制器下发的流表(Flow Table)对报文进行匹配和转发,在同一个流表中按照流表项的优先级大小进行匹配。一个OpenFlow交换机可以包含一个或者多个流表。

2 配置前提

本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。本文档中所有配置举例中使用的控制器均为H3C VCF(Virtual Converged Framework,虚拟应用融合架构)控制器

本文假设您已了解OpenFlow特性。

3 OpenFlow基本功能配置举例(控制器动态下发流表项)

3.1  组网需求

图3-1所示,Host A和Host C属于VLAN 4092;Host B和Host D属于VLAN 4094;它们之间通过Switch A和Swtich B进行连接。现要求通过对Switch A和Switch B进行OpenFlow配置,使VLAN 4092和VLAN 4094内的主机基于控制器下发的流表项进行通信,即要求交换机对VLAN 4092和VLAN 4094内的数据进行OpenFlow转发。

图3-1 OpenFlow基本功能配置举例组网图

 

3.2  配置思路

·     为了使控制器可以通过LLDP学习OpenFlow网络拓扑,设备上必须全局使能LLDP功能。

·     为了使OpenFlow实例与控制器建立连接,需要配置交换机与控制器之间路由可达,本例中以VLAN接口1作为与控制器通信的接口。

·     为了保持交换机与控制器之间连接的可靠性,需要使用TCP/SSL建立连接。本例中采用TCP方式建立交换机与控制器之间的连接。如果需要更高的连接可靠性,可以选择使用SSL建立连接。

·     为了使连接主机的Access类型的端口成为OpenFlow端口,配置映射VLAN 4092、VLAN 4094时,需要选择Loosen模式。

3.3  使用版本

本举例是在S12500-CMW710-R7328P02版本上进行配置和验证的。

3.4  配置步骤

3.4.1  Switch A的配置

# 配置VLAN。

<SwitchA>system-view

[SwitchA]vlan 4092

[SwitchA-vlan4092]quit

[SwitchA]vlan 4094

[SwitchA-vlan4094]quit

# 配置Switch A上的接口GigabitEthernet3/0/1、GigabitEthernet3/0/2和GigabitEthernet3/0/3。

[SwitchA]interface GigabitEthernet 3/0/1

[SwitchA-GigabitEthernet3/0/1]port access vlan 4092

[SwitchA-GigabitEthernet3/0/1]undo shutdown

[SwitchA-GigabitEthernet3/0/1]quit

[SwitchA]interface GigabitEthernet 3/0/2

[SwitchA-GigabitEthernet3/0/2]port access vlan 4094

[SwitchA-GigabitEthernet3/0/2]undo shutdown

[SwitchA-GigabitEthernet3/0/2]quit

[SwitchA]interface GigabitEthernet 3/0/3

[SwitchA-GigabitEthernet3/0/3]port link-type trunk

[SwitchA-GigabitEthernet3/0/3]port trunk permit vlan 4092 4094

[SwitchA-GigabitEthernet3/0/3]undo shutdown

[SwitchA-GigabitEthernet3/0/3]quit

# 全局使能LLDP功能。

[SwitchA] lldp global enable

# 配置VLAN接口1用于和控制器建立连接。

[SwitchA]interface Vlan-interface 1

[SwitchA-Vlan-interface1]ip address 192.168.2.125 255.255.255.0

[SwitchA-Vlan-interface1]undo shutdown

[SwitchA-Vlan-interface1]quit

# 创建OpenFlow实例1并映射VLAN 4092和VLAN 4094,同时选择映射模式为Loosen模式。

[SwitchA]openflow instance 1

[SwitchA-of-inst-1]classification vlan 4092 mask 4093 loosen

# 配置控制器0的IP地址并激活实例。

[SwitchA-of-inst-1]controller 0 address ip 192.168.2.225

[SwitchA-of-inst-1]active instance

[SwitchA-of-inst-1]quit

3.4.2  Switch B的配置

# 配置VLAN。

<SwitchB>system-view

[SwitchB]vlan 4092

[SwitchB-vlan4092]quit

[SwitchB]vlan 4094

[SwitchB-vlan4094]quit

# 配置Switch B上的接口GigabitEthernet3/0/1、GigabitEthernet3/0/2和GigabitEthernet3/0/3。

[SwitchB]interface GigabitEthernet 3/0/1

[SwitchB-GigabitEthernet3/0/1]port access vlan 4092

[SwitchB-GigabitEthernet3/0/1]undo shutdown

[SwitchB-GigabitEthernet3/0/1]quit

[SwitchB]interface GigabitEthernet 3/0/2

[SwitchB-GigabitEthernet3/0/2]port access vlan 4094

[SwitchB-GigabitEthernet3/0/2]undo shutdown

[SwitchB-GigabitEthernet3/0/2]quit

[SwitchB]interface GigabitEthernet 3/0/3

[SwitchB-GigabitEthernet3/0/3]port link-type trunk

[SwitchB-GigabitEthernet3/0/3]port trunk permit vlan 4092 4094

[SwitchB-GigabitEthernet3/0/3]undo shutdown

[SwitchB-GigabitEthernet3/0/3]quit

# 全局使能LLDP功能。

[SwitchB] lldp global enable

# 配置VLAN接口1用于和控制器建立连接。

[SwitchB]interface Vlan-interface 1

[SwitchB-Vlan-interface1]ip address 192.168.2.126 255.255.255.0

[SwitchB-Vlan-interface1]undo shutdown

[SwitchB-Vlan-interface1]quit

# 创建OpenFlow实例1并映射VLAN 4092和VLAN 4094,同时选择映射模式为Loosen模式。

[SwitchB]openflow instance 1

[SwitchB-of-inst-1]classification vlan 4092 mask 4093 loosen

# 配置控制器0的IP地址并激活实例。

[SwitchB-of-inst-1]controller 0 address ip 192.168.2.225

[SwitchB-of-inst-1]active instance

[SwitchB-of-inst-1]quit

3.5  验证配置

(1)     在Switch A上进行验证

# 查看Switch A上OpenFlow实例1的信息。

[SwitchA]display openflow instance 1

Instance 1 information:

 

Configuration information:

 Description   : --

 Active status : active

 Inactive configuration:

  none

 Active configuration:

  Classification VLAN, loosen mode, total VLANs(2)

   4092, 4094

  In-band management VLAN, total VLANs(0)

   empty VLAN

  Connect mode: multiple

  MAC address learning: Enabled

  Flow table:

   Table ID(type): 0(Extensibility), count: 1

  Flow-entry max-limit: 8192

  Datapath ID: 0x000174258a024c00

Port information:

 GigabitEthernet3/0/1

 GigabitEthernet3/0/2

 GigabitEthernet3/0/3

Active channel information:

 Controller 0 IP address: 192.168.2.225 port: 6633

以上信息表明以太接口GigabitEthernet3/0/1、GigabitEthernet3/0/2、GigabitEthernet3/0/3已配置为OpenFlow端口,即可以进行OpenFlow数据转发。

# 查看Switch A与控制器的连接信息。

<SwitchA>display openflow instance 1 controller

Instance 1 controller information:

 Reconnect interval: 60 (s)

 Echo interval     : 5  (s)

 

 Controller ID           : 0

 Controller IP address   : 192.168.2.225

 Controller port         : 6633

 Controller role         : Equal

 Connect type            : TCP

 Connect state           : Established

 Packets sent            : 132

 Packets received        : 434

 SSL policy              : --

 VRF name                : --

以上信息表明Swithc A已与控制器建立连接。

# 查看Switch A上的流表信息。

<SwitchA>display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 1, total flow entry count: 1

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: --, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

以上信息表明此时Switch A上只有一条优先级为0的TableMiss流表项,且该条流表项的动作为上送控制器。

# Host A ping Host B。

Ping 10.1.1.2 (10.1.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=4.582 ms

56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=1.299 ms

56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.389 ms

56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=6.688 ms

56 bytes from 10.1.1.2: icmp_seq=4 ttl=255 time=1.294 ms

 

--- Ping statistics for 10.1.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.294/3.050/6.688/2.213 ms

以上信息表明Host A与Host B之间是互通的。

# 查看Switch A上的流表信息。

<SwitchA>display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 4, total flow entry count: 4

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: --, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 1

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 2 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 4

Match information:

 Input interface: GE3/0/1

 Ethernet destination MAC address: 7425-8a0f-8034

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c5

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 3 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 4

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/1

以上信息表明Host A和Host C之间ARP应答报文和ICMP请求/应答报文成功触发控制器下发流表项,且相应的数据报文基于下发的流表项进行转发。

# Host C ping Host D。

Ping 20.1.1.2 (20.1.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 20.1.1.2: icmp_seq=0 ttl=255 time=1.620 ms

56 bytes from 20.1.1.2: icmp_seq=1 ttl=255 time=6.625 ms

56 bytes from 20.1.1.2: icmp_seq=2 ttl=255 time=1.454 ms

56 bytes from 20.1.1.2: icmp_seq=3 ttl=255 time=1.134 ms

56 bytes from 20.1.1.2: icmp_seq=4 ttl=255 time=1.260 ms

 

--- Ping statistics for 20.1.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.134/2.419/6.625/2.110 ms

以上信息表明Host C与Host D之间是互通的。

# 再次查看Switch A上的流表信息。

<SwitchA>display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 7, total flow entry count: 7

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: --, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 1

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 2 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 4

Match information:

 Input interface: GE3/0/1

 Ethernet destination MAC address: 7425-8a0f-8034

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c5

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 3 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 4

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 4 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 1

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c4

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8035

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: GE3/0/2

 

Flow entry 5 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 4

Match information:

 Input interface: GE3/0/2

 Ethernet destination MAC address: 7425-8a0f-8035

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c4

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 6 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 4

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c4

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8035

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/2

以上信息表明Host B和Host D之间ARP应答报文和ICMP请求/应答报文也成功触发控制器下发流表项,且相应的数据报文基于下发的流表项进行转发。

(2)     在Switch B上进行验证

# Host A ping Host C后,查看Switch B上的流表信息。

<SwitchB>display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 4, total flow entry count: 4

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: --, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/1

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 2 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 5

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 7425-8a0f-8034

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c5

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 3 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 4

Match information:

 Input interface: GE3/0/1

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/3

以上信息表明Host A和Host C之间ARP应答报文和ICMP请求/应答报文也成功触发控制器下发流表项,且相应的数据报文基于下发的流表项进行转发。

# Host B ping Host D后,再次查看Switch B上的流表信息。

<SwitchB>display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 7, total flow entry count: 7

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: --, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/1

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 2 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 5

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 7425-8a0f-8034

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c5

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 3 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 4

Match information:

 Input interface: GE3/0/1

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 4 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/2

 Ethernet destination MAC address: 0cda-41b1-d1c4

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8035

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 5 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 5

Match information:

 Input interface: GE3/0/3

 Ethernet destination MAC address: 7425-8a0f-8035

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c4

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/2

 

Flow entry 6 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: --, packet count: 4

Match information:

 Input interface: GE3/0/2

 Ethernet destination MAC address: 0cda-41b1-d1c4

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8035

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: GE3/0/3

以上信息表明Host B和Host D之间ARP应答报文和ICMP请求/应答报文也成功触发控制器下发流表项,且相应的数据报文基于下发的流表项进行转发。

3.6  配置文件

·     Switch A:

#

lldp global enable

#

openflow instance 1

 classification vlan 4092 mask 4093 loosen

 controller 0 address ip 192.168.2.225

#

interface Vlan-interface1

 ip address 192.168.2.125 255.255.255.0

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 4092

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet3/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 4092 4094

#

·     Switch B:

#

lldp global enable

#

openflow instance 1

 classification vlan 4092 mask 4093 loosen

 controller 0 address ip 192.168.2.225

#

interface Vlan-interface1

 ip address 192.168.2.126 255.255.255.0

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 4092

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet3/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 4092 4094

#

4 OpenFlow基本功能配置举例(控制器静态下发流表项)

4.1  组网需求

图4-1所示,Host A和Host C属于VLAN 4092;Host B和Host D属于VLAN 4094;它们之间通过Switch A和Swtich B进行连接。现要求通过对Switch A和Switch B进行OpenFlow配置,使VLAN 4092和VLAN 4094内的主机基于控制器静态下发的流表项进行通信,即要求交换机对VLAN 4092和VLAN 4094内的数据进行OpenFlow转发。

图4-1 OpenFlow基本功能配置举例组网图

 

4.2  配置思路

·     为了使控制器可以通过LLDP学习OpenFlow网络拓扑,设备上必须全局使能LLDP功能。

·     为了使OpenFlow实例与控制器建立连接,需要配置交换机与控制器之间路由可达,本例中以VLAN接口1作为与控制器通信的接口。

·     为了保持交换机与控制器之间连接的可靠性,需要使用TCP/SSL建立连接。本例中采用TCP方式建立交换机与控制器之间的连接。如果需要更高的连接可靠性,可以选择使用SSL建立连接。

·     为了使连接主机的Access类型的端口成为OpenFlow端口,配置映射VLAN 4092、VLAN 4094时,需要选择Loosen模式。

4.3  使用版本

本举例是在S12500-CMW710-R7328P02版本上进行配置和验证的。

4.4  配置步骤

4.4.1  Switch A的配置

# 配置VLAN。

<SwitchA>system-view

[SwitchA]vlan 4092

[SwitchA-vlan4092]quit

[SwitchA]vlan 4094

[SwitchA-vlan4094]quit

# 配置Switch A上的接口GigabitEthernet3/0/1、GigabitEthernet3/0/2和GigabitEthernet3/0/3。

[SwitchA]interface GigabitEthernet 3/0/1

[SwitchA-GigabitEthernet3/0/1]port access vlan 4092

[SwitchA-GigabitEthernet3/0/1]undo shutdown

[SwitchA-GigabitEthernet3/0/1]quit

[SwitchA]interface GigabitEthernet 3/0/2

[SwitchA-GigabitEthernet3/0/2]port access vlan 4094

[SwitchA-GigabitEthernet3/0/2]undo shutdown

[SwitchA-GigabitEthernet3/0/2]quit

[SwitchA]interface GigabitEthernet 3/0/3

[SwitchA-GigabitEthernet3/0/3]port link-type trunk

[SwitchA-GigabitEthernet3/0/3]port trunk permit vlan 4092 4094

[SwitchA-GigabitEthernet3/0/3]undo shutdown

[SwitchA-GigabitEthernet3/0/3]quit

# 全局使能LLDP功能。

[SwitchA] lldp global enable

# 配置VLAN接口1用于和控制器建立连接。

[SwitchA]interface Vlan-interface 1

[SwitchA-Vlan-interface1]ip address 192.168.2.125 255.255.255.0

[SwitchA-Vlan-interface1]undo shutdown

[SwitchA-Vlan-interface1]quit

# 创建OpenFlow实例1并映射VLAN 4092和VLAN 4094,同时选择映射模式为Loosen模式。

[SwitchA]openflow instance 1

[SwitchA-of-inst-1]classification vlan 4092 mask 4093 loosen

# 配置控制器0的IP地址并激活实例。

[SwitchA-of-inst-1]controller 0 address ip 192.168.2.225

[SwitchA-of-inst-1]active instance

[SwitchA-of-inst-1]quit

4.4.2  Switch B的配置

# 配置VLAN。

<SwitchB>system-view

[SwitchB]vlan 4092

[SwitchB-vlan4092]quit

[SwitchB]vlan 4094

[SwitchB-vlan4094]quit

# 配置Switch B上的接口GigabitEthernet3/0/1、GigabitEthernet3/0/2和GigabitEthernet3/0/3。

[SwitchB]interface GigabitEthernet 3/0/1

[SwitchB-GigabitEthernet3/0/1]port access vlan 4092

[SwitchB-GigabitEthernet3/0/1]undo shutdown

[SwitchB-GigabitEthernet3/0/1]quit

[SwitchB]interface GigabitEthernet 3/0/2

[SwitchB-GigabitEthernet3/0/2]port access vlan 4094

[SwitchB-GigabitEthernet3/0/2]undo shutdown

[SwitchB-GigabitEthernet3/0/2]quit

[SwitchB]interface GigabitEthernet 3/0/3

[SwitchB-GigabitEthernet3/0/3]port link-type trunk

[SwitchB-GigabitEthernet3/0/3]port trunk permit vlan 4092 4094

[SwitchB-GigabitEthernet3/0/3]undo shutdown

[SwitchB-GigabitEthernet3/0/3]quit

# 全局使能LLDP功能。

[SwitchB] lldp global enable

# 配置VLAN接口1用于和控制器建立连接。

[SwitchB]interface Vlan-interface 1

[SwitchB-Vlan-interface1]ip address 192.168.2.126 255.255.255.0

[SwitchB-Vlan-interface1]undo shutdown

[SwitchB-Vlan-interface1]quit

# 创建OpenFlow实例1并映射VLAN 4092和VLAN 4094,同时选择映射模式为Loosen模式。

[SwitchB]openflow instance 1

[SwitchB-of-inst-1]classification vlan 4092 mask 4093 loosen

# 配置控制器0的IP地址并激活实例。

[SwitchB-of-inst-1]controller 0 address ip 192.168.2.225

[SwitchB-of-inst-1]active instance

[SwitchB-of-inst-1]quit

4.4.3  配置控制器

1. 获取OpenFlow实例的DPID及端口的端口号信息

说明

·     VCF控制器在下发流表时,将会用到OpenFlow实例的DPID(Datapath ID)和端口的端口号这两个参数。

·     DPID用来在控制器上唯一标识一个OpenFlow实例。

·     端口号是在控制器上唯一标识一个物理接口(比如二层以太网接口)或逻辑接口(比如二次聚合接口)的数值,控制器下发流表时只能通过端口号(例如:159)来识别物理端口(例如:GigabitEthernet3/0/3)。

 

(1)     在浏览器中输入H3C VCF GUI登录地址(格式为:https://vcf_ip_address:8443/sdn/ui/,本文中以https://192.168.2.225:8443/sdn/ui/为例),回车后会打开如图4-2所示登录界面。

¡     vcf_ip_address为控制器软件安装所在服务器或虚拟机的IP地址;

¡     8443为缺省端口号。

图4-2 H3C VCF GUI登录界面

 

(2)     输入用户名(缺省为sdn)和密码(缺省为skyline)后,单击<登录>按钮进入控制器GUI首页,如图4-3所示。

图4-3 H3C VCF GUI首页

 

(3)     单击界面左侧导航树中的<OpenFlow监控>菜单项,打开OpenFlow监控视图,如图4-4所示,获取实例对应的DPID。

图4-4 获取OpenFlow实例的DPID

 

(4)     如图4-5所示,选中实例(Switch A)对应的DPID,然后单击<端口>按钮,打开端口视图。

图4-5 选中实例对应的DPID

 

(5)     获取端口GigabitEthernet3/0/1对应的端口号157、GigabitEthernet3/0/2对应的端口号158和GigabitEthernet3/0/3对应的端口号159,如图4-6所示。

图4-6 OpenFlow实例对应的端口视图

 

说明

重复过程(4)(5)获取另一交换机Switch B的OpenFlow端口信息。

 

2. 登录API界面,进行认证

登录API界面后需要进行认证,认证成功后才可以进行下发流表操作,每次进入这个页面都需要进行认证。

(1)     在浏览器中输入控制器RSdoc登录地址(格式为:https://vcf_ip_address:8443/api/,本文中以https://192.168.2.225:8443/api/为例),回车后打开如图4-7所示RSdoc界面。

¡     vcf_ip_address为控制器软件安装所在服务器或虚拟机的IP地址;

¡     8443为缺省端口号。

图4-7 H3C VCF RSdoc首页

 

(2)     在/auth项中输入如下内容,然后单击<Try it out!>按钮,获取认证token,如图4-8所示。{"login":{"user":"username","password":"password","domain":"sdn"}}

¡     username为用户名(缺省为sdn);

¡     password为用户密码(缺省为skyline)。

图4-8 获取认证token

 

(3)     将获取的认证token复制并粘贴到RSdoc首页右上角的空白框中,然后单击<Explore>按钮,如图4-9所示。之后只要认证token正确且在有效期内,RSdoc对控制器进行的请求即可获得认证。

图4-9 RSdoc认证

 

3. 下发流表项配置

(1)     单击API界面的/datapaths项,打开如图4-10所示的datapaths菜单界面。

图4-10 打开/datapahts菜单界面

 

(2)     单击/datapaths项下的POST /of/datapaths/{dpid}/flows,将打开如图4-11所示页面。

图4-11 下发流表信息视图

 

(3)     如图4-12所示,在dpid参数后面的Value框中输入DPID并在flowJson参数后面的Value框中输入如下即将下发的flowJson结构的静态流表项内容。

{

     "version": "1.3.0",

     "flow": {

         "table_id": 0,

         "priority": 30010,

         "idle_timeout": 0,

         "hard_timeout": 0,

         "flow_mod_cmd": "add",

         "cookie": "0x1234",

         "cookie_mask": "0xffff",

         "out_port": 159,

          "flow_mod_flags": [

             "send_flow_rem"

              ],

                  "match": [

             {"in_port": "157"},

             {"vlan_vid": "4092" } ] ,

         "instructions": [

             {

                 "write_actions": [

                     {

                         "output":159

                     }

                 ]

              }

         ]

     }

 }

说明

通过POST /of/datapaths/{dpid}/flows创建流表项时,如果flowJson中的priority字段和match字段都与已经下发的某条流表项相同,则仅更新该流表项的其它参数,并不会创建新的流表项。

 

表4-1 flowJson结构的流表项信息描述表

字段

描述

version

OpenFlow协议的版本

Table_id

流表ID

priority

流表项的优先级,数值越大,优先级越高

idle_timeout

流表项的idle time超时时间,单位为秒,0代表永不超时。如果idle time超时时间内没有数据流匹配到该流表项,该流表项被清除

hard_timeout

流表项的hard time超时时间,单位为秒,0代表永不超时。hard time超时后不论有没有数据流匹配到该流表项,该流表项都将被清除

flow_mod_cmd

控制对流表项的操作类型:

add:创建或修改流表项

modify:修改流表项的指令集

modify_strict:严格修改流表项的指令集

delete:删除流表项

delete_strict:严格删除流表项

cookie

流表项cookie

cookie_mask

流表项的cookie掩码,与cookie进行“与运算”

out_port

报文的出端口。删除流表项时out_port字段和cookie字段、match字段三者唯一标识一条流表项

flow_mod_flags

流表项的标志位:

send_flow_rem_:发送流表项删除消息

no_packet_counts:不统计报文计数

no_byte_counts:不统计字节计数

none:无标志位

match

匹配规则信息:

In_port:匹配指定入端口的报文

vlan_vid:匹配指定VLAN内的报文

各匹配项之间是“与”的关系

instructions

动作指令集信息:

meter:应用指定的Meter表

write_actions:更改动作集中的动作

clear_actions:清除动作集中的所有动作

apply_actions:立即执行动作集中的动作

output

从指定端口发送报文。关于如何获取对应的端口号,请参见“1. 获取OpenFlow实例的DPID及端口的端口号信息

 

图4-12 下发流表视图

 

(4)     点击<Try it out!>按钮下发流表项配置,如图4-13所示,响应码为2xx即表示成功下发流表项配置。

图4-13 下发流表项

 

下发流表项配置成功后,Switch A上打印如下提示信息:

%Jun 28 11:55:05:227 2024 SwitchA OFP/5/OFP_FLOW_ADD: -MDC=1; Openflow instance

 1 controller 0: add flow entry 1, xid 0x79, cookie 0x1234, table id 0.

# 查看Switch A上已下发的流表信息

<SwitchA>display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 2, total flow entry count: 2

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: --, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/1

VLAN ID: 4092, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/3

以上信息表明第一条流表项已下发成功

4. 下发其余所需流表项

# 其余流表项的下发方式,请参见“3. 下发流表项配置”。

4.5  验证配置

(1)     所有流表项均下发完成后,查看Switch A上的流表项信息。

<SwitchA>display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 5, total flow entry count: 5

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: --, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/1

VLAN ID: 4092, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 2 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/3

VLAN ID: 4092, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 3 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/2

VLAN ID: 4094, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 4 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/3

VLAN ID: 4094, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/2

(2)     所有流表项均下发完成后,查看Switch B上的流表项信息。

<SwitchB>display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 5, total flow entry count: 5

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: --, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/1

VLAN ID: 4092, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 2 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/3

VLAN ID: 4092, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 3 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/2

VLAN ID: 4094, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 4 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/3

VLAN ID: 4094, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/2

(3)     在Switch A上进行Ping操作验证

# Host A ping Host B。

Ping 10.1.1.2 (10.1.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=4.582 ms

56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=1.299 ms

56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.389 ms

56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=6.688 ms

56 bytes from 10.1.1.2: icmp_seq=4 ttl=255 time=1.294 ms

 

--- Ping statistics for 10.1.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.294/3.050/6.688/2.213 ms

以上信息表明Host A与Host B之间是互通的。

#查看Switch A上的流表信息。

<SwitchA>display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 5, total flow entry count: 5

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: --, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 6

Match information:

 Input interface: GE3/0/1

 VLAN ID: 4092, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 2 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 6

Match information:

 Input interface: GE3/0/3

 VLAN ID: 4092, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 3 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/2

 VLAN ID: 4094, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 4 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 0

Match information:

 Input interface: GE3/0/3

 VLAN ID: 4094, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/2

以上信息表示Host A与Host B之间的数据已匹配流表项1和2进行转发。

# Host C ping Host D。

Ping 20.1.1.2 (20.1.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 20.1.1.2: icmp_seq=0 ttl=255 time=1.620 ms

56 bytes from 20.1.1.2: icmp_seq=1 ttl=255 time=6.625 ms

56 bytes from 20.1.1.2: icmp_seq=2 ttl=255 time=1.454 ms

56 bytes from 20.1.1.2: icmp_seq=3 ttl=255 time=1.134 ms

56 bytes from 20.1.1.2: icmp_seq=4 ttl=255 time=1.260 ms

 

--- Ping statistics for 20.1.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.134/2.419/6.625/2.110 ms

以上信息表明Host C与Host D之间是互通的。

# 再次查看Switch A上的流表信息。

<SwitchA>display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 5, total flow entry count: 5

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: --, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 6

Match information:

 Input interface: GE3/0/1

 VLAN ID: 4092, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 2 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 6

Match information:

 Input interface: GE3/0/3

 VLAN ID: 4092, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/1

 

Flow entry 3 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 6

Match information:

 Input interface: GE3/0/2

 VLAN ID: 4094, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/3

 

Flow entry 4 information:

 cookie: 0x1234, priority: 30010, hard time: 0, idle time: 0, flags:

 flow_send_rem, byte count: --, packet count: 6

Match information:

 Input interface: GE3/0/3

 VLAN ID: 4094, mask: 0xfff

Instruction information:

 Write actions:

  Output interface: GE3/0/2

以上信息表示Host C与Host D之间的数据已匹配流表项3和4进行转发。

(4)     在Switch B上进行Ping操作验证

Switch B上的流表信息与Switch A上的流表信息相同,略。

4.6  配置文件

·     Switch A:

#

lldp global enable

#

openflow instance 1

 classification vlan 4092 mask 4093 loosen

 controller 0 address ip 192.168.2.225

#

interface Vlan-interface1

 ip address 192.168.2.125 255.255.255.0

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 4092

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet3/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 4092 4094

#

·     Switch B:

#

lldp global enable

#

openflow instance 1

 classification vlan 4092 mask 4093 loosen

 controller 0 address ip 192.168.2.225

#

interface Vlan-interface1

 ip address 192.168.2.126 255.255.255.0

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 4092

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet3/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 4092 4094

#

5 相关资料

·     H3C S12500系列路由交换机 OpenFlow配置指导-Release 7328

·     H3C S12500系列路由交换 OpenFlow命令参考-Release 7328

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!

新华三官网
联系我们