45-OpenFlow典型配置举例
本章节下载: 45-OpenFlow典型配置举例 (227.21 KB)
H3C S12500R产品 OpenFlow典型配置举例
Copyright © 2021 新华三技术有限公司 版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。
除新华三技术有限公司的商标外,本手册中出现的其它公司的商标、产品标识及商品名称,由各自权利人拥有。
本文档中的信息可能变动,恕不另行通知。
目 录
本文档介绍了OpenFlow的配置举例。
OpenFlow允许控制器直接访问和操作网络设备的转发平面,将控制平面和数据平面分离。交换机依据控制器下发的流表(Flow Table)对报文进行匹配和转发,在同一个流表中按照流表项的优先级大小进行匹配。一个OpenFlow交换机可以包含一个或者多个流表。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文假设您已了解OpenFlow特性。
如图1所示,Host A和Host C属于VLAN 4092;Host B和Host D属于VLAN 4094;它们之间通过Device A和Swtich B进行连接。现要求通过对Device A和Device B进行OpenFlow配置,使VLAN 4092和VLAN 4094内的主机基于控制器下发的流表项进行通信,即要求交换机对VLAN 4092和VLAN 4094内的数据进行OpenFlow转发。
图1 OpenFlow基本功能配置举例组网图
· 为了使控制器可以通过LLDP学习OpenFlow网络拓扑,设备上必须全局使能LLDP功能。
· 为了使OpenFlow实例与控制器建立连接,需要配置交换机与控制器之间路由可达,本例中以HGE1/0/4接口作为与控制器通信的接口。
· 为了保持交换机与控制器之间连接的可靠性,需要使用TCP/SSL建立连接。本例中采用TCP方式建立交换机与控制器之间的连接。如果需要更高的连接可靠性,可以选择使用SSL建立连接。
· 为了使连接主机的Access类型的端口成为OpenFlow端口,配置映射VLAN 4092、VLAN 4094时,需要选择Loosen模式。
本举例是在R3606版本上进行配置和验证的。
缺省情况下,本设备的接口处于ADM(Administratively Down)状态,请根据实际需要在对应接口视图下使用undo shutdown命令开启接口。
· 本举例中的物理接口需要工作在二层模式。缺省情况下,本设备的物理接口处于三层模式,请根据实际需要在对应接口视图下使用port link-mode命令切换接口的工作模式。
# 配置VLAN。
<DeviceA> system-view
[DeviceA] vlan 4092
[DeviceA-vlan4092] quit
[DeviceA] vlan 4094
[DeviceA-vlan4094] quit
# 配置Device A上的接口HundredGigE1/0/1、HundredGigE1/0/2和HundredGigE1/0/3。
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] port access vlan 4092
[DeviceA-HundredGigE1/0/1] quit
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] port access vlan 4094
[DeviceA-HundredGigE1/0/2] quit
[DeviceA] interface hundredgige 1/0/3
[DeviceA-HundredGigE1/0/3] port link-type trunk
[DeviceA-HundredGigE1/0/3] port trunk permit vlan 4092 4094
[DeviceA-HundredGigE1/0/3] quit
# 全局使能LLDP功能。
[DeviceA] lldp global enable
# 配置VLAN接口1用于和控制器建立连接。
[DeviceA] interface HundredGigE 1/0/4
[DeviceA-HundredGigE1/0/4] ip address 192.168.2.125 255.255.255.0
[DeviceA-HundredGigE1/0/4] quit
# 创建OpenFlow实例1并映射VLAN 4092和VLAN 4094,同时选择映射模式为Loosen模式。
[DeviceA] openflow instance 1
[DeviceA-of-inst-1] classification vlan 4092 mask 4093 loosen
# 配置控制器0的IP地址并激活实例。
[DeviceA-of-inst-1] controller 0 address ip 192.168.2.225
[DeviceA-of-inst-1] active instance
[DeviceA-of-inst-1] quit
# 配置VLAN。
<DeviceB> system-view
[DeviceB] vlan 4092
[DeviceB-vlan4092] quit
[DeviceB] vlan 4094
[DeviceB-vlan4094] quit
# 配置Device B上的接口HundredGigE1/0/1、HundredGigE1/0/2和HundredGigE1/0/3。
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] port access vlan 4092
[DeviceB-HundredGigE1/0/1] quit
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] port access vlan 4094
[DeviceB-HundredGigE1/0/2] quit
[DeviceB] interface hundredgige 1/0/3
[DeviceB-HundredGigE1/0/3] port link-type trunk
[DeviceB-HundredGigE1/0/3] port trunk permit vlan 4092 4094
[DeviceB-HundredGigE1/0/3] quit
# 全局使能LLDP功能。
[DeviceB] lldp global enable
# 配置VLAN接口1用于和控制器建立连接。
[DeviceB] interface hundredgige 1/0/4
[DeviceB-HundredGigE1/0/4] ip address 192.168.2.126 255.255.255.0
[DeviceB-HundredGigE1/0/4] quit
# 创建OpenFlow实例1并映射VLAN 4092和VLAN 4094,同时选择映射模式为Loosen模式。
[DeviceB] openflow instance 1
[DeviceB-of-inst-1] classification vlan 4092 mask 4093 loosen
# 配置控制器0的IP地址并激活实例。
[DeviceB-of-inst-1] controller 0 address ip 192.168.2.225
[DeviceB-of-inst-1] active instance
[DeviceB-of-inst-1] quit
# 以Device A为例,查看OpenFlow实例1的信息。
[DeviceA] display openflow instance 1
Instance 1 information:
Configuration information:
Description : --
Active status : Active
Inactive configuration:
None
Active configuration:
Classification VLAN, loosen mode, total VLANs(2)
4092, 4094
In-band management VLAN, total VLANs(0)
Empty VLAN
Connect mode: Multiple
MAC address learning: Enabled
Flow table:
Table ID(type): 0(Extensibility), count: 1
Flow-entry max-limit: 65535
Datapath ID: 0x000174258a024c00
...
Port information:
HundredGigE1/0/1
HundredGigE1/0/2
HundredGigE1/0/3
Active channel information:
Controller 0 IP address: 192.168.2.225 port: 6633
以上信息表明以太接口HundredGigE1/0/1、HundredGigE1/0/2、HundredGigE1/0/3已配置为OpenFlow端口,即可以进行OpenFlow数据转发。
# 查看Device A与控制器的连接信息。
[DeviceA] display openflow instance 1 controller
Instance 1 controller information:
Reconnect interval: 60 (s)
Echo interval : 5 (s)
Controller ID : 0
Controller IP address : 192.168.2.225
Controller port : 6633
Controller role : Equal
Connect type : TCP
Connect state : Established
Packets sent : 132
Packets received : 434
SSL policy : --
VRF name : --
以上信息表明Swithc A已与控制器建立连接。
# 查看Device A上的流表信息。
[DeviceA] display openflow instance 1 flow-table
Instance 1 flow table information:
Table 0 information:
Table type: Extensibility, flow entry count: 1, total flow entry count: 1
MissRule flow entry information:
cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,
byte count: 0, packet count: 0
Match information: any
Instruction information:
Write actions:
Output interface: Controller, send length: 65509 bytes
以上信息表明此时Device A上只有一条优先级为0的TableMiss流表项,且该条流表项的动作为上送控制器(不同控制器的缺省动作可能不同,具体请参见控制器的相关资料)。
# Host A ping Host C。
Ping 10.1.1.2 (10.1.1.2): 56 data bytes, press CTRL_C to break
56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=4.582 ms
56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=1.299 ms
56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.389 ms
56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=6.688 ms
56 bytes from 10.1.1.2: icmp_seq=4 ttl=255 time=1.294 ms
--- Ping statistics for 10.1.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.294/3.050/6.688/2.213 ms
以上信息表明Host A与Host C之间是互通的。
# 查看Device A上的流表信息。
[DeviceA] display openflow instance 1 flow-table
Instance 1 flow table information:
Table 0 information:
Table type: Extensibility, flow entry count: 4, total flow entry count: 4
MissRule flow entry information:
cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,
byte count: 0, packet count: 0
Match information: any
Instruction information:
Write actions:
Output interface: Controller, send length: 65509 bytes
Flow entry 1 information:
cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:
flow_send_rem, byte count: 1, packet count: 1
Match information:
Input interface: HGE1/0/3
Ethernet destination MAC address: 0cda-41b1-d1c5
Ethernet destination MAC address mask: ffff-ffff-ffff
Ethernet source MAC address: 7425-8a0f-8034
Ethernet source MAC address mask: ffff-ffff-ffff
Ethernet type: 0x0806
Instruction information:
Write actions:
Output interface: HGE1/0/1
Flow entry 2 information:
cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:
flow_send_rem, byte count: 1, packet count: 4
Match information:
Input interface: HGE1/0/1
Ethernet destination MAC address: 7425-8a0f-8034
Ethernet destination MAC address mask: ffff-ffff-ffff
Ethernet source MAC address: 0cda-41b1-d1c5
Ethernet source MAC address mask: ffff-ffff-ffff
Ethernet type: 0x0800
Instruction information:
Write actions:
Output interface: HGE1/0/3
Flow entry 3 information:
cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:
flow_send_rem, byte count: 1, packet count: 4
Match information:
Input interface: HGE1/0/3
Ethernet destination MAC address: 0cda-41b1-d1c5
Ethernet destination MAC address mask: ffff-ffff-ffff
Ethernet source MAC address: 7425-8a0f-8034
Ethernet source MAC address mask: ffff-ffff-ffff
Ethernet type: 0x0800
Instruction information:
Write actions:
Output interface: HGE1/0/1
以上信息表明Host A和Host C之间ARP应答报文和ICMP请求/应答报文成功触发控制器下发流表项,且相应的数据报文基于下发的流表项进行转发。
# Host B ping Host D。
Ping 20.1.1.2 (20.1.1.2): 56 data bytes, press CTRL_C to break
56 bytes from 20.1.1.2: icmp_seq=0 ttl=255 time=1.620 ms
56 bytes from 20.1.1.2: icmp_seq=1 ttl=255 time=6.625 ms
56 bytes from 20.1.1.2: icmp_seq=2 ttl=255 time=1.454 ms
56 bytes from 20.1.1.2: icmp_seq=3 ttl=255 time=1.134 ms
56 bytes from 20.1.1.2: icmp_seq=4 ttl=255 time=1.260 ms
--- Ping statistics for 20.1.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.134/2.419/6.625/2.110 ms
以上信息表明Host B与Host D之间是互通的。
# 再次查看Device A上的流表信息。
[DeviceA] display openflow instance 1 flow-table
Instance 1 flow table information:
Table 0 information:
Table type: Extensibility, flow entry count: 7, total flow entry count: 7
MissRule flow entry information:
cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,
byte count: 0, packet count: 0
Match information: any
Instruction information:
Write actions:
Output interface: Controller, send length: 65509 bytes
Flow entry 1 information:
cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:
flow_send_rem, byte count: 1, packet count: 1
Match information:
Input interface: HGE1/0/3
Ethernet destination MAC address: 0cda-41b1-d1c5
Ethernet destination MAC address mask: ffff-ffff-ffff
Ethernet source MAC address: 7425-8a0f-8034
Ethernet source MAC address mask: ffff-ffff-ffff
Ethernet type: 0x0806
Instruction information:
Write actions:
Output interface: HGE1/0/1
Flow entry 2 information:
cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:
flow_send_rem, byte count: 1, packet count: 4
Match information:
Input interface: HGE1/0/1
Ethernet destination MAC address: 7425-8a0f-8034
Ethernet destination MAC address mask: ffff-ffff-ffff
Ethernet source MAC address: 0cda-41b1-d1c5
Ethernet source MAC address mask: ffff-ffff-ffff
Ethernet type: 0x0800
Instruction information:
Write actions:
Output interface: HGE1/0/3
Flow entry 3 information:
cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:
flow_send_rem, byte count: 1, packet count: 4
Match information:
Input interface: HGE1/0/3
Ethernet destination MAC address: 0cda-41b1-d1c5
Ethernet destination MAC address mask: ffff-ffff-ffff
Ethernet source MAC address: 7425-8a0f-8034
Ethernet source MAC address mask: ffff-ffff-ffff
Ethernet type: 0x0800
Instruction information:
Write actions:
Output interface: HGE1/0/1
Flow entry 4 information:
cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:
flow_send_rem, byte count: 1, packet count: 1
Match information:
Input interface: HGE1/0/3
Ethernet destination MAC address: 0cda-41b1-d1c4
Ethernet destination MAC address mask: ffff-ffff-ffff
Ethernet source MAC address: 7425-8a0f-8035
Ethernet source MAC address mask: ffff-ffff-ffff
Ethernet type: 0x0806
Instruction information:
Write actions:
Output interface: HGE1/0/2
Flow entry 5 information:
cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:
flow_send_rem, byte count: 1, packet count: 4
Match information:
Input interface: HGE1/0/2
Ethernet destination MAC address: 7425-8a0f-8035
Ethernet destination MAC address mask: ffff-ffff-ffff
Ethernet source MAC address: 0cda-41b1-d1c4
Ethernet source MAC address mask: ffff-ffff-ffff
Ethernet type: 0x0800
Instruction information:
Write actions:
Output interface: HGE1/0/3
Flow entry 6 information:
cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:
flow_send_rem, byte count: 1, packet count: 4
Match information:
Input interface: HGE1/0/3
Ethernet destination MAC address: 0cda-41b1-d1c4
Ethernet destination MAC address mask: ffff-ffff-ffff
Ethernet source MAC address: 7425-8a0f-8035
Ethernet source MAC address mask: ffff-ffff-ffff
Ethernet type: 0x0800
Instruction information:
Write actions:
Output interface: HGE1/0/2
以上信息表明Host B和Host D之间ARP应答报文和ICMP请求/应答报文也成功触发控制器下发流表项,且相应的数据报文基于下发的流表项进行转发。
· Device A:
#
lldp global enable
#
vlan 4092
#
vlan 4094
#
openflow instance 1
classification vlan 4092 mask 4093 loosen
controller 0 address ip 192.168.2.225
active instance
#
interface HundredGigE1/0/4
ip address 192.168.2.125 255.255.255.0
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 4092
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 4094
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 4092 4094
#
· Device B:
#
lldp global enable
#
vlan 4092
#
vlan 4094
#
openflow instance 1
classification vlan 4092 mask 4093 loosen
controller 0 address ip 192.168.2.225
active instance
#
interface HundredGigE1/0/4
ip address 192.168.2.126 255.255.255.0
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 4092
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 4094
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 4092 4094
#
· H3C S12500R系列交换路由器 OpenFlow配置指导-R3606
· H3C S12500R系列交换路由器OpenFlow命令参考-R3606
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!