ON THIS PAGE
Example: Enabling OpenFlow on MX Series Routers
OpenFlow is an open standard that allows you to control traffic paths in a network by creating, deleting, and modifying flows in each device along a path. This example shows how to configure OpenFlow support on an MX240 router running Junos OS.
Requirements
This example uses the following hardware and software components:
MX240 router running Junos OS Release 13.3 or a later release
OpenFlow software package with a software package release that matches the Junos OS release of the device on which it is installed
TCP connection between the router and an OpenFlow controller
Connection between the management interface of the router and the management network, which is reachable from the OpenFlow controller IP address
Overview
In this example, you configure support for OpenFlow on an MX240
router. The router has three interfaces that participate solely in
OpenFlow: ge-1/0/0.0, ge-1/1/0.0, and xe-0/0/0.0. You first configure
the interfaces as Layer 2 interfaces using physical link-layer encapsulation
type ethernet-bridge and protocol family bridge.
MX Series routers require a separate virtual switch routing
instance to isolate the OpenFlow traffic from the normal network traffic.
This example configures a virtual switch routing instance, rt-bd-1,
using instance type virtual-switch at the [edit routing-instances] hierarchy level. Within the routing instance, the bridge domain of-bridge includes all of the logical interfaces participating
in OpenFlow.
You configure the OpenFlow virtual switch and OpenFlow protocol
statements at the [edit protocols openflow] hierarchy level.
In this example, the virtual switch, OFswitch1, connects to the controller
over a TCP connection at IP address 172.16.1.1. The virtual switch
configuration must include all of the logical interfaces participating
in OpenFlow, and OpenFlow traffic will only enter or exit from these
interfaces.
Within the OpenFlow configuration, the default-action statement indicates the action the switch must take for packets
that do not have a matching flow entry. If you omit the default-action statement, the default action is packet-in, which indicates
that packets with no matching flow entry must be sent to the controller
for processing. This example explicitly configures the default action
for packets that do not have a matching flow entry as packet-in.
This example also configures OpenFlow traceoptions. In this
case, the flag all statement indicates that all OpenFlow
trace events should be captured and logged. Since the example does
not configure a specific filename for the log file, OpenFlow trace
messages are logged in the default OpenFlow log file /var/log/ofd.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following
commands, paste them into a text file, remove any line breaks, change
any details necessary to match your network configuration, copy and
paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set interfaces ge-1/0/0 encapsulation ethernet-bridge unit 0 family bridge set interfaces ge-1/1/0 encapsulation ethernet-bridge unit 0 family bridge set interfaces xe-0/0/0 encapsulation ethernet-bridge unit 0 family bridge set routing-instances rt-bd-1 instance-type virtual-switch set routing-instances rt-bd-1 bridge-domains of-bridge vlan-id none set routing-instances rt-bd-1 bridge-domains of-bridge interface ge-1/0/0.0 set routing-instances rt-bd-1 bridge-domains of-bridge interface ge-1/1/0.0 set routing-instances rt-bd-1 bridge-domains of-bridge interface xe-0/0/0.0 set protocols openflow switch OFswitch1 controller address 172.16.1.1 set protocols openflow switch OFswitch1 controller protocol tcp set protocols openflow switch OFswitch1 interfaces ge-1/0/0.0 set protocols openflow switch OFswitch1 interfaces ge-1/1/0.0 set protocols openflow switch OFswitch1 interfaces xe-0/0/0.0 set protocols openflow switch OFswitch1 default-action packet-in set protocols openflow traceoptions flag all
Procedure
Step-by-Step Procedure
To configure support for OpenFlow:
Configure the OpenFlow interfaces as Layer 2 interfaces.
[edit interfaces] user@host# set ge-1/0/0 encapsulation ethernet-bridge unit 0 family bridge user@host# set ge-1/1/0 encapsulation ethernet-bridge unit 0 family bridge user@host# set xe-0/0/0 encapsulation ethernet-bridge unit 0 family bridge
Configure the virtual switch routing instance.
[edit routing-instances] user@host# set rt-bd-1 instance-type virtual-switch user@host# set rt-bd-1 bridge-domains of-bridge vlan-id none user@host# set rt-bd-1 bridge-domains of-bridge interface ge-1/0/0.0 user@host# set rt-bd-1 bridge-domains of-bridge interface ge-1/1/0.0 user@host# set rt-bd-1 bridge-domains of-bridge interface xe-0/0/0.0
Configure the OpenFlow controller IP address and the connection protocol.
[edit protocols openflow switch OFswitch1] user@host# set controller address 172.16.1.1 user@host# set controller protocol tcp
Configure the logical interfaces participating in OpenFlow under this virtual switch instance.
[edit protocols openflow switch OFswitch1] user@host# set interfaces ge-1/0/0.0 user@host# set interfaces ge-1/1/0.0 user@host# set interfaces xe-0/0/0.0
Configure the default action for packets that do not have a matching flow entry.
[edit protocols openflow switch OFswitch1] user@host# set default-action packet-in
Configure OpenFlow traceoptions.
[edit protocols openflow] user@host# set traceoptions flag all
Commit the configuration.
[edit] user@host# commit
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show protocols openflow, and show routing-instances commands. If the output does
not display the intended configuration, repeat the instructions in
this example to correct the configuration.
user@host# show interfaces
ge-1/0/0 {
encapsulation ethernet-bridge;
unit 0 {
family bridge;
}
}
ge-1/1/0 {
encapsulation ethernet-bridge;
unit 0 {
family bridge;
}
}
xe-0/0/0 {
encapsulation ethernet-bridge;
unit 0 {
family bridge;
}
}
user@host# show protocols openflow
switch OFswitch1 {
default-action packet-in;
interfaces {
ge-1/0/0.0;
ge-1/1/0.0;
xe-0/0/0.0;
}
controller {
address 172.16.1.1;
protocol tcp;
}
}
traceoptions {
flag all;
}
user@host# show routing-instances
rt-bd-1 {
instance-type virtual-switch;
bridge-domains {
of-bridge {
vlan-id none;
interface ge-1/0/0.0;
interface ge-1/1/0.0;
interface xe-0/0/0.0;
}
}
}
Verification
Confirm that the configuration is working properly.
- Verifying that the OpenFlow Controller Connection is Up
- Verifying that the OpenFlow Interfaces Are Up
Verifying that the OpenFlow Controller Connection is Up
Purpose
Verify that the OpenFlow controller connection is up.
Action
Issue the show openflow controller operational
mode command, and verify that the controller connection state is up. Because the virtual switch configuration has
only a single controller, the virtual switch should automatically
initiate a connection to the controller after you commit the configuration.
user@host> show openflow controller Openflowd controller information: Controller socket: 11 Controller IP address: 172.16.1.1 Controller protocol: tcp Controller port: 6633 Controller connection state: up Number of connection attempt: 1 Controller role: equal
Meaning
The output shows that the connection state of the OpenFlow
controller is up, in addition to other
information about the controller.
Verifying that the OpenFlow Interfaces Are Up
Purpose
Verify that the OpenFlow interfaces are up.
Action
Issue the show openflow interfaces operational
mode command, and verify that the state of each OpenFlow interface
is Up.
user@host> show openflow interfaces Switch name: OFswitch1 Interface Name: ge-1/0/0.0 Interface port number: 41507 Interface Hardware Address: 00:00:5e:00:53:b1 Interface speed: 1Gb Full-duplex Interface Auto-Negotiation: Disabled Interface media type: Fiber Interface state: Up Switch name: OFswitch1 Interface Name: ge-1/1/0.0 Interface port number: 44538 Interface Hardware Address: 00:00:5e:00:53:b2 Interface speed: 1Gb Full-duplex Interface Auto-Negotiation: Disabled Interface media type: Fiber Interface state: Up Switch name: OFswitch1 Interface Name: xe-0/0/0.0 Interface port number: 45549 Interface Hardware Address: 00:00:5e:00:53:b3 Interface speed: 10Gb Full-duplex Interface Auto-Negotiation: Disabled Interface media type: Fiber Interface state: Up
Meaning
The output shows that the state of each OpenFlow interface
is Up, in addition to other information
about the interfaces.