• 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 关于我们

13-OpenFlow配置举例

目录

01-OpenFlow典型配置举例

本章节下载 01-OpenFlow典型配置举例  (217.36 KB)

01-OpenFlow典型配置举例


1  简介

本文档介绍了OpenFlow的配置举例。

OpenFlow允许控制器直接访问和操作网络设备的转发平面,将控制平面和数据平面分离。交换机依据控制器下发的流表(Flow Table)对报文进行匹配和转发,在同一个流表中按照流表项的优先级大小进行匹配。一个OpenFlow交换机可以包含一个或者多个流表。

2  配置前提

本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。

本文假设您已了解OpenFlow特性。

3  OpenFlow基本功能配置举例

3.1  组网需求

图1所示,Host A和Host C属于VLAN 4092;Host B和Host D属于VLAN 4094;它们之间通过Switch A和Swtich B进行连接。现要求通过对Switch A和Switch B进行OpenFlow配置,使VLAN 4092和VLAN 4094内的主机基于控制器下发的流表项进行通信,即要求交换机对VLAN 4092和VLAN 4094内的数据进行OpenFlow转发。

图1 OpenFlow基本功能配置举例组网图

 

3.2  配置思路

·     为了使控制器可以通过LLDP学习OpenFlow网络拓扑,设备上必须全局使能LLDP功能。

·     为了使OpenFlow实例与控制器建立连接,需要配置交换机与控制器之间路由可达,本例中以VLAN接口1作为与控制器通信的接口。

·     为了保持交换机与控制器之间连接的可靠性,需要使用TCP/SSL建立连接。本例中采用TCP方式建立交换机与控制器之间的连接。如果需要更高的连接可靠性,可以选择使用SSL建立连接。

·     为了使连接主机的Access类型的端口成为OpenFlow端口,配置映射VLAN 4092、VLAN 4094时,需要选择Loosen模式。

3.3  适用产品及版本

表1 适用产品及版本

产品

软件版本

S6805系列

Release 6710Pxx版本,Release 6715及以上版本

S6825系列

Release 6710Pxx版本,Release 6715及以上版本

S6850系列

Release 6710Pxx版本,Release 6715及以上版本

S9850系列

Release 6710Pxx版本,Release 6715及以上版本

S9820-64H

Release 6710Pxx版本,Release 6715及以上版本

S9820-8C

Release 6710Pxx版本,Release 6715及以上版本

S6800系列

Release 6710Pxx版本,Release 6715及以上版本

S6860系列

Release 6710Pxx版本,Release 6715及以上版本

S6826系列

不支持

S9826系列

不支持

 

3.4  配置步骤

3.4.1  Switch A的配置

# 配置VLAN。

<SwitchA> system-view

[SwitchA] vlan 4092

[SwitchA-vlan4092] quit

[SwitchA] vlan 4094

[SwitchA-vlan4094] quit

# 配置Switch A上的接口Ten-GigabitEthernet1/0/1、Ten-GigabitEthernet1/0/2和Ten-GigabitEthernet1/0/3。

[SwitchA] interface Ten-GigabitEthernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port access vlan 4092

[SwitchA-Ten-GigabitEthernet1/0/1] quit

[SwitchA] interface Ten-GigabitEthernet 1/0/2

[SwitchA-Ten-GigabitEthernet1/0/2] port access vlan 4094

[SwitchA-Ten-GigabitEthernet1/0/2] quit

[SwitchA] interface Ten-GigabitEthernet 1/0/3

[SwitchA-Ten-GigabitEthernet1/0/3] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/3] port trunk permit vlan 4092 4094

[SwitchA-Ten-GigabitEthernet1/0/3] quit

# 全局使能LLDP功能。

[SwitchA] lldp global enable

# 配置VLAN接口1用于和控制器建立连接。

[SwitchA] interface Vlan-interface 1

[SwitchA-Vlan-interface1] ip address 192.168.2.125 255.255.255.0

[SwitchA-Vlan-interface1] quit

# 创建OpenFlow实例1并映射VLAN 4092和VLAN 4094,同时选择映射模式为Loosen模式。

[SwitchA] openflow instance 1

[SwitchA-of-inst-1] classification vlan 4092 mask 4093 loosen

# 配置控制器0的IP地址并激活实例。

[SwitchA-of-inst-1] controller 0 address ip 192.168.2.225

[SwitchA-of-inst-1] active instance

[SwitchA-of-inst-1] quit

3.4.2  Switch B的配置

# 配置VLAN。

<SwitchB> system-view

[SwitchB] vlan 4092

[SwitchB-vlan4092] quit

[SwitchB] vlan 4094

[SwitchB-vlan4094] quit

# 配置Switch B上的接口Ten-GigabitEthernet1/0/1、Ten-GigabitEthernet1/0/2和Ten-GigabitEthernet1/0/3。

[SwitchB] interface Ten-GigabitEthernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port access vlan 4092

[SwitchB-Ten-GigabitEthernet1/0/1] quit

[SwitchB] interface Ten-GigabitEthernet 1/0/2

[SwitchB-Ten-GigabitEthernet1/0/2] port access vlan 4094

[SwitchB-Ten-GigabitEthernet1/0/2] quit

[SwitchB] interface Ten-GigabitEthernet 1/0/3

[SwitchB-Ten-GigabitEthernet1/0/3] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/3] port trunk permit vlan 4092 4094

[SwitchB-Ten-GigabitEthernet1/0/3] quit

# 全局使能LLDP功能。

[SwitchB] lldp global enable

# 配置VLAN接口1用于和控制器建立连接。

[SwitchB] interface Vlan-interface 1

[SwitchB-Vlan-interface1] ip address 192.168.2.126 255.255.255.0

[SwitchB-Vlan-interface1] quit

# 创建OpenFlow实例1并映射VLAN 4092和VLAN 4094,同时选择映射模式为Loosen模式。

[SwitchB] openflow instance 1

[SwitchB-of-inst-1] classification vlan 4092 mask 4093 loosen

# 配置控制器0的IP地址并激活实例。

[SwitchB-of-inst-1] controller 0 address ip 192.168.2.225

[SwitchB-of-inst-1] active instance

[SwitchB-of-inst-1] quit

3.5  验证配置

# 以Switch A为例,查看OpenFlow实例1的信息。

[SwitchA] display openflow instance 1

Instance 1 information:

 

Configuration information:

 Description   : --

 Active status : Active

 Inactive configuration:

  None

 Active configuration:

  Classification VLAN, loosen mode, total VLANs(2)

   4092, 4094

  In-band management VLAN, total VLANs(0)

   Empty VLAN

  Connect mode: Multiple

  MAC address learning: Enabled

  Flow table:

   Table ID(type): 0(Extensibility), count: 1

  Flow-entry max-limit: 65535

  Datapath ID: 0x000174258a024c00

...

Port information:

 Ten-GigabitEthernet1/0/1

 Ten-GigabitEthernet1/0/2

 Ten-GigabitEthernet1/0/3

Active channel information:

 Controller 0 IP address: 192.168.2.225 port: 6633

以上信息表明以太接口Ten-GigabitEthernet1/0/1、Ten-GigabitEthernet1/0/2、Ten-GigabitEthernet1/0/3已配置为OpenFlow端口,即可以进行OpenFlow数据转发。

# 查看Switch A与控制器的连接信息。

[SwitchA] display openflow instance 1 controller

Instance 1 controller information:

 Reconnect interval: 60 (s)

 Echo interval     : 5  (s)

 

 Controller ID           : 0

 Controller IP address   : 192.168.2.225

 Controller port         : 6633

 Controller role         : Equal

 Connect type            : TCP

 Connect state           : Established

 Packets sent            : 132

 Packets received        : 434

 SSL policy              : --

 VRF name                : --

以上信息表明Swithc A已与控制器建立连接。

# 查看Switch A上的流表信息。

[SwitchA] display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 1, total flow entry count: 1

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: 0, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

以上信息表明此时Switch A上只有一条优先级为0的TableMiss流表项,且该条流表项的动作为上送控制器(不同控制器的缺省动作可能不同,具体请参见控制器的相关资料)。

# Host A ping Host C。

Ping 10.1.1.2 (10.1.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 10.1.1.2: icmp_seq=0 ttl=255 time=4.582 ms

56 bytes from 10.1.1.2: icmp_seq=1 ttl=255 time=1.299 ms

56 bytes from 10.1.1.2: icmp_seq=2 ttl=255 time=1.389 ms

56 bytes from 10.1.1.2: icmp_seq=3 ttl=255 time=6.688 ms

56 bytes from 10.1.1.2: icmp_seq=4 ttl=255 time=1.294 ms

 

--- Ping statistics for 10.1.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.294/3.050/6.688/2.213 ms

以上信息表明Host A与Host C之间是互通的。

# 查看Switch A上的流表信息。

[SwitchA] display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 4, total flow entry count: 4

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: 0, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 1

Match information:

 Input interface: XGE1/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: XGE1/0/1

 

Flow entry 2 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: XGE1/0/1

 Ethernet destination MAC address: 7425-8a0f-8034

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c5

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: XGE1/0/3

 

Flow entry 3 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: XGE1/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: XGE1/0/1

以上信息表明Host A和Host C之间ARP应答报文和ICMP请求/应答报文成功触发控制器下发流表项,且相应的数据报文基于下发的流表项进行转发。

# Host B ping Host D。

Ping 20.1.1.2 (20.1.1.2): 56 data bytes, press CTRL_C to break

56 bytes from 20.1.1.2: icmp_seq=0 ttl=255 time=1.620 ms

56 bytes from 20.1.1.2: icmp_seq=1 ttl=255 time=6.625 ms

56 bytes from 20.1.1.2: icmp_seq=2 ttl=255 time=1.454 ms

56 bytes from 20.1.1.2: icmp_seq=3 ttl=255 time=1.134 ms

56 bytes from 20.1.1.2: icmp_seq=4 ttl=255 time=1.260 ms

 

--- Ping statistics for 20.1.1.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.134/2.419/6.625/2.110 ms

以上信息表明Host B与Host D之间是互通的。

# 再次查看Switch A上的流表信息。

[SwitchA] display openflow instance 1 flow-table

Instance 1 flow table information:

 

Table 0 information:

 Table type: Extensibility, flow entry count: 7, total flow entry count: 7

 

MissRule flow entry information:

 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,

 byte count: 0, packet count: 0

Match information: any

Instruction information:

 Write actions:

  Output interface: Controller, send length: 65509 bytes

 

Flow entry 1 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 1

Match information:

 Input interface: XGE1/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: XGE1/0/1

 

Flow entry 2 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: XGE1/0/1

 Ethernet destination MAC address: 7425-8a0f-8034

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c5

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: XGE1/0/3

 

Flow entry 3 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: XGE1/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c5

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8034

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: XGE1/0/1

 

Flow entry 4 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 1

Match information:

 Input interface: XGE1/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c4

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8035

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0806

Instruction information:

 Write actions:

  Output interface: XGE1/0/2

 

Flow entry 5 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: XGE1/0/2

 Ethernet destination MAC address: 7425-8a0f-8035

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 0cda-41b1-d1c4

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: XGE1/0/3

 

Flow entry 6 information:

 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 300, flags:

 flow_send_rem, byte count: 1, packet count: 4

Match information:

 Input interface: XGE1/0/3

 Ethernet destination MAC address: 0cda-41b1-d1c4

 Ethernet destination MAC address mask: ffff-ffff-ffff

 Ethernet source MAC address: 7425-8a0f-8035

 Ethernet source MAC address mask: ffff-ffff-ffff

 Ethernet type: 0x0800

Instruction information:

 Write actions:

  Output interface: XGE1/0/2

以上信息表明Host B和Host D之间ARP应答报文和ICMP请求/应答报文也成功触发控制器下发流表项,且相应的数据报文基于下发的流表项进行转发。

3.6  配置文件

·     Switch A:

#

lldp global enable

#

vlan 4092

#

vlan 4094

#

openflow instance 1

 classification vlan 4092 mask 4093 loosen

 controller 0 address ip 192.168.2.225

 active instance

#

interface Vlan-interface1

 ip address 192.168.2.125 255.255.255.0

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 4092

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 4094

#

interface Ten-GigabitEthernet1/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 4092 4094

#

·     Switch B:

#

lldp global enable

#

vlan 4092

#

vlan 4094

#

openflow instance 1

 classification vlan 4092 mask 4093 loosen

 controller 0 address ip 192.168.2.225

 active instance

#

interface Vlan-interface1

 ip address 192.168.2.126 255.255.255.0

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 4092

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 4094

#

interface Ten-GigabitEthernet1/0/3

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 4092 4094

#

4  相关资料

请参考对应产品和版本的如下手册:

·     OpenFlow配置指导

·     OpenFlow命令参考

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!

新华三官网
联系我们