Understand the OpenFlow on Catalyst 9000 Series Switches
Available Languages
Contents
Introduction
This document describes Software Defined Networking (SDN) as a new approach to networking, complementing traditional network architectures. The original definition of SDN is tied to OpenFlow.
OpenFlow SDN Goals
Here are the key goals for OpenFlow SDN.
- Increased network scalability.
- Reduced network complexity.
- Allow greater application control.
- Enable the feature independence.
- Achieved by separating the control and data planes, and standardizing the data plane. The control plane is implemented as omniscient, sophisticated, distributed software running on high-performance multi-core servers.
- OpenFlow is a specification from the Open Networking Foundation (ONF) that defines a flow-based forwarding infrastructure (switch model) and a standardized application programmatic interface (protocol definition).
- OpenFlow allows a controller to direct the forwarding functions of a switch through a secure channel. Local device configuration is out of the scope of the OpenFlow protocol.
Feature Summary
This is the Faucet OpenFlow controller:
- OpenFlow 1.3 switches (including TFM- Table Feature Message)
- Layer 2 switching, VLANs, ACLs, Layer 3 IPv4 and IPv6 routing, static and via BGP
- Deployed as a drop-in replacement for an L2/L3 switch in the network to enable extra SDN-based functionality.
- OpenFlow is a completely different forwarding paradigm, it uses the identical Catalyst 9000 hardware and software.
- The mode can be toggled between OPENFLOW and NORMAL, a reboot is required.
OpenFlow is the protocol between the controller (control plane) and the ethernet switch (data plane). The switch has flow tables arranged into a pipeline and the flows are rules to examine the packets.
A flow specifies:
- Match criteria
- Priority
- Actions to do on the packet
- Timeouts
Sample Pipeline:
Cisco Implementation (OpenFlow Mode on Cat9k)
The same image for normal and OpenFlow operation is used.
The switch should be in OpenFlow mode.
ott-of-c9k-210#show boot mode
System initialized in openflow forwarding mode
System configured to boot in openflow forwarding mode
All the front panel ports are openflow ports (no hybrid mode)
Changing the boot mode (reload mandatory)
ott-of-c9k-210(config)#boot mode openflow
Reload the switch.
Verify that the switch is in Openflow mode.
of-switch# show boot mode
System initialized in openflow forwarding mode
System configured to boot in openflow forwarding mode
“no boot mode openflow” followed by reboot reverts to normal mode.
CAT9300#show run openflow
feature openflow
openflow
switch 1 pipeline 1
controller ipv4 10.104.99.42 port 6653 vrf Mgmt-vrf security none
controller ipv4 10.104.99.42 port 6633 vrf Mgmt-vrf security tls
controller ipv4 10.104.99.42 port 6637 vrf Mgmt-vrf security tls local-trustpoint tp-blue
There are a total of 8 controllers supported today!
IPV6 controller configuration and operation are also supported.
| command options under OpenFlow | Purpose |
| switch 1 pipeline 1 | Switch 1 and pipeline 1 is the only choice on C9ks |
| controller ipv4 10.104.99.42 port 6653 vrf Mgmt-vrf security none | controller without security |
| controller ipv4 10.104.99.42 port 6633 vrf Mgmt-vrf security tls | controller with tls, uses global tls trustpoint configuration |
| controller ipv4 10.104.99.42 port 6637 vrf Mgmt-vrf security tls local-trustpoint tp-blue | controller with tls, uses local tlstrustpoint configuration, but remote from global tlstrustpoint |
| max-backoff 10 | Max time to retry OpenFlow connection when the controller connection goes down, the default value is 8 sec |
| probe-interval 10 | Time interval to probe OpenFlow connection with the connection becomes idle, the default value is 5 sec. |
| rate-limit packet_in 2000 burst 3000 | packet rate limit to controller, default values are 0 |
| statistics collection-interval 6 | frequency to collect flow stats, the default value is 5sec |
| datapath-id 0x1 | switch datapath unique-id, if unconfigured default value is ((1<<48) | system-mac-addr) |
| default-miss controller | packet not matching any flow can be punted to the controller. default is to drop |
| logging flow-modify | dumps the flow-mod information as a log in show logging, not enabled by default |
| tls trustpoint local tp-local remote tp-remote | global tls trustpoint for a secure controller connection# |
Troubleshooting/Debugging
Controller-side debugging is out of the scope of this document.
Not all of your usual platform CLIs are supported on the Openflow switch. Choose and use only allowed CLIs for your debugging scenario.
Please refer to this config-guide for any other commands and references: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/prog/configuration/174/b_174_programmability_cg/openflow.html#id_76495
Show Commands - IOS®
|
Command |
Purpose |
|
show running-config openflow |
Displays the OpenFlow running configuration information. |
|
show openflow switch number controllers |
Displays information about the OpenFlow agent connectivity to the controller. |
|
show openflow switch number flows list |
Displays information about the OpenFlow flows installed. |
|
show openflow switch number ports |
Displays information about the OpenFlow agent port status. |
|
show openflow hardware capabilities |
Displays the hardware capabilities such as the number of tables, table size, supported match/action/miss. |
|
show openflow switch number groups |
Displays information about Openflow groups. |
|
show openflow switch number stats |
Displays OpenFlow interface (rx/tx) stats, OpenFlow table stats (max flows per table, active flows per table, no. of lookups and matches). |
|
show openflow switch number controller stats |
Displays openflow controller(s) stats information. |
Show commands - hardware:
|
Command |
Purpose |
|
show platform software fed switch active openflow status |
Displays statistics on how many messages installed/successful/deleted. |
|
show platform software fed switch active openflow flow id |
Displays information in a particular flow. |
|
show platform software fed switch active openflow group |
Displays hardware information about flow groups. |
|
show platform hardware fed switch active fwd-asic resource tcam utilization |
Displays hardware information about TCAM usage. |
|
show platform software fed <switch> active openflow error [brief | event | detail] |
List all of the OpenFlow errors if any recorded. |
|
show platform software fed <switch> active openflow table [<table-id> | mappiing] |
This command can provide the table id to feature capability/match capabilities and the sizes of the table. |
|
show platform software fed switch active openflow event |
Displays the list of the events on each table with the time taken on any action with respect to flow (addition, deletion, update). |
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
24-Jun-2021 |
Initial Release |
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)