Cisco OpenFlow Agent for Nexus 3000 and 9000 Series SwitchesFirst Published: 2016-10-30
Last Modified: 2018-01-31
Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITEDWARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain versionof the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDINGANYOTHERWARRANTYHEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS"WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FORA PARTICULAR PURPOSEANDNONINFRINGEMENTORARISING FROMACOURSEOFDEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnershiprelationship between Cisco and any other company. (1110R)
© 2014-2018 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
P r e f a c e Preface v
Audience v
Document Conventions v
Related Documentation for Cisco Nexus 9000 Series Switches vii
Documentation Feedback vii
Obtaining Documentation and Submitting a Service Request vii
C H A P T E R 1 Overview of the Cisco OpenFlow Agent 1
About OpenFlow 1
Cisco OpenFlow Agent Operation 2
OpenFlow Controller Operation 2
OpenFlow Multiple Sub-Switch Operation 2
Information About Cisco OpenFlow Agent 2
Prerequisites for Cisco OpenFlow Agent 2
Restrictions for Cisco OpenFlow Agent 3
Feature Support 4
C H A P T E R 2 Configuring the Cisco OpenFlow Agent 9
Enabling the Cisco OpenFlow Agent 9
Enabling the Cisco OpenFlow Agent on the Nexus 3000 Series Switch 9
Enabling the Cisco OpenFlow Agent on the Nexus 9000 Series Switch 10
Configuring Physical Device Parameters 11
Adjusting the Number of Flow Entries 11
Configuring Global Variables for Cisco OpenFlow Agent Logical Switch 15
Specifying a Route to a Controller 15
Specifying a Route to a Controller Using a Physical Interface 16
Specifying a Route to a Controller Using a Management Interface 17
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches iii
Configuring Interfaces for a Cisco OpenFlow Agent Logical Switch 18
Configuring a Physical Interface in Layer 2 mode 18
Configuring a Port-Channel Interface 20
Configuring a Cisco OpenFlow Agent Logical Switch 21
Configuring Logical Sub-Switches 25
Configuration Examples for Cisco OpenFlow Agent 28
Verifying Cisco OpenFlow Agent 31
Additional Information for Cisco OpenFlow Agent 39
Feature Information for Cisco OpenFlow Agent 40
A P P E N D I X A Supported Platforms for Cisco OpenFlow Agent 41
Supported Platforms for Cisco OpenFlow Agent 41
A P P E N D I X B Uninstalling Cisco Plug-in for OpenFlow 43
Uninstalling Cisco Plug-in for OpenFlow 43
Converting a Previous OpenFlow Configuration 43
Deactivating and Uninstalling an Application from a Virtual Services Container 44
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switchesiv
Contents
Preface
This preface includes the following sections:
• Audience, page v
• Document Conventions, page v
• Related Documentation for Cisco Nexus 9000 Series Switches, page vii
• Documentation Feedback, page vii
• Obtaining Documentation and Submitting a Service Request, page vii
AudienceThis guide is intended primarily for data center administrators with responsibilities and expertise in one ormore of the following:
• Virtual machine installation and administration
• Server administration
• Switch and network administration
Document ConventionsCommand descriptions use the following conventions:
DescriptionConvention
Bold text indicates the commands and keywords that you enter literallyas shown.
bold
Italic text indicates arguments for which the user supplies the values.Italic
Square brackets enclose an optional element (keyword or argument).[x]
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches v
DescriptionConvention
Square brackets enclosing keywords or arguments separated by a verticalbar indicate an optional choice.
[x | y]
Braces enclosing keywords or arguments separated by a vertical barindicate a required choice.
{x | y}
Nested set of square brackets or braces indicate optional or requiredchoices within optional or required elements. Braces and a vertical barwithin square brackets indicate a required choice within an optionalelement.
[x {y | z}]
Indicates a variable for which you supply values, in context where italicscannot be used.
variable
A nonquoted set of characters. Do not use quotation marks around thestring or the string will include the quotation marks.
string
Examples use the following conventions:
DescriptionConvention
Terminal sessions and information the switch displays are in screen font.screen font
Information you must enter is in boldface screen font.boldface screen font
Arguments for which you supply values are in italic screen font.italic screen font
Nonprinting characters, such as passwords, are in angle brackets.< >
Default responses to system prompts are in square brackets.[ ]
An exclamation point (!) or a pound sign (#) at the beginning of a lineof code indicates a comment line.
!, #
This document uses the following conventions:
Means reader take note. Notes contain helpful suggestions or references to material not covered in themanual.
Note
Means reader be careful. In this situation, you might do something that could result in equipment damageor loss of data.
Caution
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switchesvi
PrefaceDocument Conventions
IMPORTANT SAFETY INSTRUCTIONS
This warning symbol means danger. You are in a situation that could cause bodily injury. Before youwork on any equipment, be aware of the hazards involved with electrical circuitry and be familiar withstandard practices for preventing accidents. Use the statement number provided at the end of each warningto locate its translation in the translated safety warnings that accompanied this device.
SAVE THESE INSTRUCTIONS
Warning
Related Documentation for Cisco Nexus 9000 Series SwitchesThe entire Cisco Nexus 9000 Series switch documentation set is available at the following URL:
http://www.cisco.com/en/US/products/ps13386/tsd_products_support_series_home.html
Documentation FeedbackTo provide technical feedback on this document, or to report an error or omission, please send your commentsto [email protected]. We appreciate your feedback.
Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a servicerequest, and gathering additional information, seeWhat's New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html
Subscribe toWhat’s New in Cisco Product Documentation, which lists all new and revised Cisco technicaldocumentation as an RSS feed and delivers content directly to your desktop using a reader application. TheRSS feeds are a free service.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches vii
PrefaceRelated Documentation for Cisco Nexus 9000 Series Switches
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switchesviii
PrefaceObtaining Documentation and Submitting a Service Request
C H A P T E R 1Overview of the Cisco OpenFlow Agent
• About OpenFlow, page 1
• Information About Cisco OpenFlow Agent, page 2
About OpenFlowOpenFlow is an open standardized interface that allows a software-defined networking (SDN) controller tomanage the forwarding plane of a network.
Cisco OpenFlow Agent provides better control over networks making them more open, programmable, andapplication-aware and supports the following specifications defined by the Open Networking Foundation(ONF) standards organization:
• OpenFlow Switch Specification Version 1.0.1 (Wire Protocol 0x01) (referred to as OpenFlow 1.0)
• OpenFlow Switch Specification Version 1.3.0 (Wire Protocol 0x04), referred to as OpenFlow 1.3
These specifications are based on the concept of an Ethernet switch, with an internal flow table and standardizedinterface to allow traffic flows on a device to be added or removed. OpenFlow 1.3 defines the communicationchannel between Cisco OpenFlow Agent and controllers.
A controller can be Cisco Open SDN Controller, or any controller compliant with OpenFlow 1.3.
In an OpenFlow network, Cisco OpenFlow Agent exists on the device and controllers exist on a server thatis external to the device. Flow management and any network management are either part of a controller oraccomplished through a controller. Flowmanagement includes the addition, modification, or removal of flows,and the handling of OpenFlow error messages.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 1
The following figure gives an overview of the OpenFlow network.
Figure 1: OpenFlow Overview
Cisco OpenFlow Agent OperationCisco OpenFlow Agent creates OpenFlow–based TCP/IP connections to controllers for a Cisco OpenFlowAgent logical switch. Cisco OpenFlow Agent creates databases for a configured logical switch,OpenFlow-enabled interfaces, and flows. The logical switch database contains all the information needed toconnect to a controller. The interface database contains the list of OpenFlow-enabled interfaces associatedwith a logical switch, and the flow database contains the list of flows on a logical switch as well as for interfacethat is programmed into forwarded traffic.
OpenFlow Controller OperationOpenFlow controller (referred to as controller) controls the switch and inserts flows with a subset of OpenFlow1.3 and 1.0 match and action criteria through Cisco OpenFlow Agent logical switch. Cisco OpenFlow Agentrejects all OpenFlow messages with any other action.
OpenFlow Multiple Sub-Switch OperationFor more granular and distributed flow control, you can define multiple virtual sub-switches, each with itsown controller, its own unique VLAN range, and its own flow control configuration. The controller of asub-switch has configuration access only to the flows of that sub-switch. VLANs associated with a sub-switchcannot also be associated to another sub-switch, and VLAN ranges cannot overlap between sub-switches.
When you define one or more sub-switches, a lower priority master switch is implicitly created. A flow isevaluated for a match first on the sub-switches and lastly on the master switch if no previous match was found.There are no default flows (miss-action) for the sub-switches.
Information About Cisco OpenFlow Agent
Prerequisites for Cisco OpenFlow AgentCisco OpenFlow Agent requires the following conditions:
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches2
Overview of the Cisco OpenFlow AgentCisco OpenFlow Agent Operation
• A Cisco device that supports Cisco OpenFlow Agent.
Supported Platforms for Cisco OpenFlow Agent, on page 41 provides a table of OpenFlow support onCisco Nexus 9000 and Nexus 3000 devices.
• Cisco NX-OS software that supports Cisco OpenFlow Agent.
The Cisco OpenFlow Agent was introduced in Cisco NX-OS Release 7.0(3)I5(1), replacing the CiscoPlug-in for OpenFlow used in previous releases. The Cisco Plug-in for OpenFlow, which runs as anapplication in a virtual services container, is no longer supported as of this release. When upgradingfrom a release earlier than Cisco NX-OS Release 7.0(3)I5(1) to Cisco NX-OS Release 7.0(3)I5(1) or alater release, you must deactivate and uninstall the Cisco Plug-in for OpenFlow application from thevirtual services container using the procedure described in Uninstalling Cisco Plug-in for OpenFlow,on page 43.
• A Cisco Nexus 3000 device must run in Cisco Nexus 9000 software mode. On the Nexus 3000 device,the Nexus 9000 mode is activated using the CLI command system switch-mode n9k.
• The OpenFlow feature is enabled on the Cisco device using the CLI command feature openflow.
• A controller is installed on a connected server.
Table 1: Controller Support
Supported ControllersOpenFlow Version
Cisco Open SDN Controller or POX controller.OpenFlow 1.0
Cisco Open SDN Controller, Ixia, OpenDaylight,or Ryu
OpenFlow 1.3
Restrictions for Cisco OpenFlow Agent• Cisco OpenFlow Agent supports only a subset of OpenFlow 1.3 and OpenFlow 1.0 functions. For moreinformation, see Feature Support, on page 4.
• You cannot configure more than one Cisco OpenFlow Agent logical switch. The logical switch ID hasa value of 1. However, you can configure up to nine logical sub-switches in addition to the master switch.
• OpenFlow hybrid model (ships-in-the-night) is supported. VLANs configured for Cisco OpenFlowAgent logical switch ports should not overlap with regular device interfaces.
• You cannot configure a bridge domain, Virtual LANs and virtual routing and forwarding (VRF) interfaceson an Cisco OpenFlow Agent logical switch. You can configure only Layer 2 physical interfaces orport-channel interfaces.
• You cannot configure more than 512 VLANs in Per-VLAN Spanning Tree+ (PVST+) mode.
• The Cisco OpenFlow Agent supports IPv4 and IPv6 flow matching, but not both simultaneously. Thechoice is configured in the TCAM configuration commands. IPv4 and IPv6 dual stack is not supported.
• For IPv6 OpenFlow, you must explicitly carve the OpenFlow–IPv6 TCAM region.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 3
Overview of the Cisco OpenFlow AgentRestrictions for Cisco OpenFlow Agent
• ISSU from the previously-supported Cisco Plug-in for OpenFlow to the Cisco OpenFlow Agent is notsupported.
• MIBs and XMLs are not supported
• Reachability to controller via Switched Virtual Interface (SVI) is not supported.
• The minimum idle timeout for flows must be (2 * statistics collection interval) + 1 second.
• LACP port-channels are not supported for OpenFlow. Remove all OpenFlow related configurationsbefore downgrading to an earlier release.
Feature SupportThe following is a subset of OpenFlow 1.3 and OpenFlow 1.0 functions that are supported by Cisco OpenFlowAgent.
Additional NotesSupported Feature
OpenFlow-hybrid models where traffic can flowbetween Cisco OpenFlow Agent ports and regularinterfaces (integrated) are not supported. Both typesof ports can transmit and receive packets.
VLANs must be configured such that theVLANs on the Cisco OpenFlow Agent donot overlap with those on the regular deviceinterfaces.
Note
The OpenFlow hybrid (ships-in-night) model issupported using the OpenFlow packet format
• Bridge domain, Virtual LANs and VirtualRouting and Forwarding (VRF) interfaces arenot supported.
• Only L2 interfaces can be Cisco OpenFlowAgent Logical switch ports.
Configuration of port-channel and physical interfacesas Cisco OpenFlow Agent logical switch ports
Total number of VLANs across all ports cannotexceed 512.
Maximum VLAN range supported is 4000. You canconfigure 8 such ports on the Cisco OpenFlowAgentdevice.
Recommended VLAN range supported is 512. Youcan configure 62 such ports on the Cisco OpenFlowAgent device.
VLAN range greater than 512 is not supported inPer-VLAN Spanning Tree+ (PVST+) mode.
Configuration of VLANs for each port of the CiscoOpenFlow Agent logical switch
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches4
Overview of the Cisco OpenFlow AgentFeature Support
Additional NotesSupported Feature
• Pipelines are mandatory for the logical switch.
• The logical switch supports the followingpipelines:
◦Pipeline 201 supports the L3 ACLforwarding table.
◦Pipeline 202 supports an L3 ACLforwarding table and an L2 MACforwarding table. Mandatory matches andactions in both tables must be specified inall configured flows.
◦Pipeline 205 supports MAC and MAC-IProute tables.
Pipelines for Cisco OpenFlow Agent Logical Switch
The following match criteria are supported:
• Ethertype
• EthernetMACdestination (Double-wide TCAMrequired)
• Ethernet MAC source (Double-wide TCAMrequired)
• VLAN ID (for IPv4 packets only)
• VLAN priority (Supported for the Ethertypevalue 0x0800 (IP) only)
• IPv4 source address (Supported for theEthertype value 0x0800 (IP) only)
• IPv4 destination address (Supported for theEthertype value 0x0800 (IP) only)
• IPv6 source address (Supported for theEthertype value 0x86DD (IP) only)
• IPv6 destination address (Supported for theEthertype value 0x86DD (IP) only)
• IP DSCP (Supported for the Ethertype values0x0800 or 0x86DD (IP) only)
• IP protocol (Supported for the Ethertype values0x0800 or 0x86DD (IP) only)
• Layer 4 source port (Supported for the Ethertypevalues 0x0800 or 0x86DD (IP) only)
• Layer 4 destination port (Supported for theEthertype values 0x0800 or 0x86DD (IP) only)
L3 ACL Forwarding Table (Match Criteria)
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 5
Overview of the Cisco OpenFlow AgentFeature Support
Additional NotesSupported Feature
The following action criteria are supported:
• Output to multiple ports
• Output to a specified interface
• Output to controller (OpenFlow Packet-Inmessage)
• Rewrite source MAC address (SMAC)
◦Supported for the Ethertype values 0x0800or 0x86DD (IP) only
• Rewrite destination MAC address (DMAC)
◦Supported for the Ethertype values 0x0800or 0x86DD (IP) only
• Rewrite VLAN ID
◦Supported for the Ethertype values 0x0800or 0x86DD (IP) only
• Strip VLAN (Supported for the Ethertype values0x0800 or 0x86DD (IP) only)
• Drop
Rewrite DMAC and Rewrite SMAC actionsmust be specified together.
Note
L3 ACL Forwarding Table (Action Criteria)
Match Criteria:
• Destination MAC address (mandatory)
• VLAN ID (mandatory)
Action Criteria:
• Output to multiple ports
• Drop
L2 MAC Forwarding Table
All packets that cannot be matched to flows aredropped by default. You can configure sendingunmatched packets to the controller.
Default Forwarding Rule
The “modify state” and “queue config”message typesare not supported. All other message types aresupported.
OpenFlow 1.3 message types
Transport Layer Security (TLS) is supported for theconnection to the controller.
Connection to up to eight controllers
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches6
Overview of the Cisco OpenFlow AgentFeature Support
Additional NotesSupported Feature
If multiple actions are associated with a flow, theyare processed in the order specified. The output actionshould be the last action in the action list. Any actionafter the output action is not supported, and can causethe flow to fail and return an error to the controller.
Flows defined on the controller must follow thefollowing guidelines :
• The flow can have only up to 16 output actions.
• The flow should have the output action at theend of all actions.
• The flow should not have multiple rewriteactions that override one another. For example,strip VLAN after set VLAN or multiple setVLANs.
• The flow should not have anoutput–to–controller action in combination withother output–to–port actions or withVLAN–rewrite actions.
• Flowswith unsupported actions will be rejected.
Multiple actions
Per Table—Active Entries, Packet Lookups, PacketMatches.
Per Flow—Received Packets.
Per Port—Received or Transmitted packets, bytes,drops and errors.
Supported counters
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 7
Overview of the Cisco OpenFlow AgentFeature Support
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches8
Overview of the Cisco OpenFlow AgentFeature Support
C H A P T E R 2Configuring the Cisco OpenFlow Agent
All tasks in this section require the fulfillment of the prerequisites listed in Prerequisites for Cisco OpenFlowAgent, on page 2.
• Enabling the Cisco OpenFlow Agent, page 9
• Configuring Physical Device Parameters, page 11
• Specifying a Route to a Controller, page 15
• Configuring Interfaces for a Cisco OpenFlow Agent Logical Switch, page 18
• Configuring a Cisco OpenFlow Agent Logical Switch , page 21
• Configuring Logical Sub-Switches, page 25
• Configuration Examples for Cisco OpenFlow Agent, page 28
• Verifying Cisco OpenFlow Agent, page 31
• Additional Information for Cisco OpenFlow Agent, page 39
• Feature Information for Cisco OpenFlow Agent, page 40
Enabling the Cisco OpenFlow Agent
Enabling the Cisco OpenFlow Agent on the Nexus 3000 Series SwitchTo run the Cisco OpenFlow Agent, a Cisco Nexus 3000 series device must run in Cisco Nexus 9000 softwaremode. This procedure activates the Nexus 9000 mode and enables the Cisco OpenFlow Agent.
Procedure
PurposeCommand or Action
Enables privileged EXEC mode.enableStep 1
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 9
PurposeCommand or Action
Example:Device> enable
• Enter your password if prompted.
Enters global configuration mode.configure terminal
Example:Device# configure terminal
Step 2
Activates the Nexus 9000 mode on the Nexus3000 series device.
system switch-mode n9k
Example:Device(config)# system switch-moden9k
Step 3
Exits global configuration mode and entersprivileged EXEC mode.
exit
Example:Device(config)# exit
Step 4
Erases the startup configuration file.write erase
Example:Device# write erase
Step 5
Reloads the operating system of the device.reload
Example:Device# reload
Step 6
Enters global configurationmode (after reload).configure terminal
Example:Device# configure terminal
Step 7
Enables the Cisco OpenFlow Agent.feature openflow
Example:Device(config)# feature openflow
Step 8
What to Do Next
Adjust the number of flow entries.
Enabling the Cisco OpenFlow Agent on the Nexus 9000 Series SwitchThis procedure enables the Cisco OpenFlow Agent.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches10
Configuring the Cisco OpenFlow AgentEnabling the Cisco OpenFlow Agent on the Nexus 9000 Series Switch
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:Device# configure terminal
Step 1
Enables the Cisco OpenFlow Agent.feature openflow
Example:Device(config)# feature openflow
Step 2
What to Do Next
Adjust the number of flow entries.
Configuring Physical Device Parameters
Adjusting the Number of Flow EntriesYou can use this task to adjust the number of L3 flow entries.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:Device# configure terminal
Step 1
Configures the size of TCAM region for router ACLs.hardware access-list tcam region raclsize
Step 2
Example:Device(config)# hardwareaccess-list tcam region racl 0
Configures the size of TCAM region for egress routerACLs.
hardware access-list tcam region e-raclsize
Example:Device(config)# hardwareaccess-list tcam region e-racl 0
Step 3
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 11
Configuring the Cisco OpenFlow AgentConfiguring Physical Device Parameters
PurposeCommand or Action
Configures the size of TCAM region for QoS.hardware access-list tcam region l3qossize
Step 4
Example:Device(config)# hardwareaccess-list tcam region l3qos 0
Configures the size of TCAM region for SPAN.hardware access-list tcam region spansize
Step 5
Example:Device(config)# hardwareaccess-list tcam region span 0
Configures the size of TCAM region for redirects.hardware access-list tcam regionredirect size
Step 6
Example:Device(config)# hardwareaccess-list tcam region redirect0
Configures the size of TCAM region for virtual portchannel (vPC) convergence.
hardware access-list tcam regionvpc-convergence size
Example:Device(config)# hardwareaccess-list tcam regionvpc-convergence 0
Step 7
Configures the size of TCAM region for interface ACLs.For a TCAM region larger than 256, configure the sizein multiples of 512.
Enter one of the following commands:Step 8
• hardware access-list tcam regionopenflow size [double-wide]
To accommodate the additional match criteria of sourceand destination MAC addresses, the Cisco Nexus 3000• hardware access-list tcam region
openflow-ipv6 size [double-wide] and 9000 Series switches support a new TCAM region,double-wide, which is a double-wide interface ACL.
Example:Device(config)# hardwareaccess-list tcam region openflow1024
The maximum TCAM size is 3072 for single-wide and1536 for double-wide.
For more information, see the following tables formatches and actions supported for Cisco Nexus 9000Series switches.
Example:Device(config)# hardwareaccess-list tcam regionopenflow-ipv6 1024 double-wide
The openflow-ipv6 option forces the use of the IPv6stack for OpenFlow.
To activate the TCAM regions, a reload isneeded.
You can view the supported pipeline values byentering the show openflow hardwarecapabilities command.
Note
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches12
Configuring the Cisco OpenFlow AgentAdjusting the Number of Flow Entries
PurposeCommand or Action
Table 2: Matches Supported in Cisco Nexus 9000 SeriesSwitches
L2 Table202
L3 Table202
L3 Table201
PacketMatchFields
✔ (doublewide)
✔ (doublewide)
SourceMACaddress
✔✔ (doublewide)
DestinationMACaddress
✔✔Ether type
✔✔✔VLAN ID
✔✔VLAN CoS
✔✔Source IPv4Address
✔✔DestinationIPv4Address
✔✔Source IPv4UDP/TCPPort
✔✔DestinationIPv4UDP/TCPPort
✔IPv4 DSCP
✔Protocol IP
✔InputInterface
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 13
Configuring the Cisco OpenFlow AgentAdjusting the Number of Flow Entries
PurposeCommand or Action
Table 3: Action Supported in Cisco Nexus 9000 Series Switches
L2 Table202
L3 Table201
L3 Table201
Actions
✔✔✔OutputInterfaces
✔✔✔Punt toController
✔✔Copy toController
✔✔PushVLAN
✔✔POP VLAN
✔✔✔DROP
✔✔✔NormalForwarding
Exits global configuration mode and enters privilegedEXEC mode.
exit
Example:Device(config)# exit
Step 9
Saves the change persistently through reboots and restartsby copying the running configuration to the startupconfiguration.
copy running-config startup-config
Example:Device# copy running-configstartup-config
Step 10
Reloads the operating system of a device.reload
Example:Device# reload
Step 11
What to Do Next
Configure global variables for Cisco OpenFlow Agent logical switch.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches14
Configuring the Cisco OpenFlow AgentAdjusting the Number of Flow Entries
Configuring Global Variables for Cisco OpenFlow Agent Logical Switch
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:Device# configure terminal
Step 1
(Optional)spanning-tree mode mstStep 2Sets the Spanning Tree Protocol (STP) mode to MST.This step is required if you need VLANs more than 512.Example:
Device(config)# spanning-treemode mst
(Optional)vlan {vlan-id | vlan-range}Step 3Adds a VLAN or VLAN range for interfaces on the deviceand enters the VLAN configuration mode. This step isneeded only if VLAN tagging is required.
Example:Device(config)# vlan 1-512
• Total number of VLANs across all interfaces cannotexceed 32000.
• Maximum VLAN range supported is 4000 (inMultiple Spanning Tree [MST] mode).
• Recommended VLAN range is 512.
Ends global configuration mode and enters privilegedEXEC mode.
exit
Example:Device(config)# exit
Step 4
Saves the change persistently through reboots and restartsby copying the running configuration to the startupconfiguration.
copy running-config startup-config
Example:Device# copy running-configstartup-config
Step 5
What to Do Next
Configure control plane policing for packets sent to a controller.
Specifying a Route to a ControllerThe following tasks are used to specify a route from the device to a controller. This can be done using aphysical interface (Front Panel) or a management interface.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 15
Configuring the Cisco OpenFlow AgentConfiguring Global Variables for Cisco OpenFlow Agent Logical Switch
• Physical Interface . Refer to Specifying a Route to a Controller Using a Physical Interface, on page 16.
• Management Interface. Refer to Specifying a Route to a Controller Using a Management Interface, onpage 17.
The IP address of the controller is configured in the Configuring a Cisco OpenFlow Agent Logical Switch ,on page 21 section.
Specifying a Route to a Controller Using a Physical Interface
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:Device# configure terminal
Step 1
Enters the physical interface. The interface usedhere should not be a Cisco OpenFlow Agent port.
interface type number
Example:Device(config)# interface Ethernet1/1
Step 2
Configures a specified interface as a Layer 3interface and deletes any interface configurationspecific to Layer 2.
no switchport
Example:Device(config-if)# no switchport
Step 3
Configures an IP address for a specified interface.ip address ip-address mask
Example:Device(config-if)# ip address10.0.1.4 255.255.255.0
Step 4
Exits interface configuration mode and entersglobal configuration mode.
exit
Example:Device(config-if)# exit
Step 5
Configures a default route for packet addressesnot listed in the routing table. Packets are directedtoward a controller.
ip route 0.0.0.0 0.0.0.0 next-hop
Example:Device(config)# ip route 0.0.0.00.0.0.0 10.0.1.6
Step 6
Ping your controller to verify a working route.ping controller-ip-address
Example:Device(config)# ping 192.0.20.123
Step 7
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches16
Configuring the Cisco OpenFlow AgentSpecifying a Route to a Controller Using a Physical Interface
PurposeCommand or Action
Exits global configuration mode and entersprivileged EXEC mode.
exit
Example:Device(config)# exit
Step 8
Saves the changes persistently through rebootsand restarts by copying the running configurationto the startup configuration.
copy running-config startup-config
Example:Device# copy running-configstartup-config
Step 9
What to Do Next
Specify a route to a controller using a management interface.
Specifying a Route to a Controller Using a Management Interface
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:Device# configure terminal
Step 1
Enters the management interface.interfacemanagement-interface-namenumber
Example:Device(config)# interface mgmt0
Step 2
Configures an IP address for the interface.ip address ip-address mask
Example:Device(config-if)# ip address 10.0.1.4255.255.255.0
Step 3
Exits interface configuration mode and entersglobal configuration mode.
exit
Example:Device(config-if)# exit
Step 4
Configures themanagement Virtual routing andforwarding (VRF) instance.
vrf context management
Example:Device(config)# vrf context management
Step 5
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 17
Configuring the Cisco OpenFlow AgentSpecifying a Route to a Controller Using a Management Interface
PurposeCommand or Action
Configures a default route for packet addressesnot listed in the routing table. Packets aredirected toward a controller.
ip route 0.0.0.0 0.0.0.0 next-hop
Example:Device(config)# ip route 0.0.0.00.0.0.0 10.0.1.6
Step 6
Exits global configuration mode and entersprivileged EXEC mode.
exit
Example:Device(config)# exit
Step 7
Saves the change persistently through rebootsand restarts by copying the runningconfiguration to the startup configuration.
copy running-config startup-config
Example:Device# copy running-configstartup-config
Step 8
What to Do Next
Configure interfaces for the Cisco OpenFlow Agent logical switch.
Configuring Interfaces for a Cisco OpenFlow Agent LogicalSwitch
You must configure physical or port-channel interfaces before the interfaces are added as ports of a CiscoOpenFlow Agent logical switch. These interfaces are added as ports of the Cisco OpenFlow Agent logicalswitch in the Configuring a Cisco OpenFlow Agent Logical Switch , on page 21 section.
Configuring a Physical Interface in Layer 2 modePerform the task below to add a physical interface to a Cisco OpenFlowAgent logical switch in Layer 2 mode.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:Device# configure terminal
Step 1
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches18
Configuring the Cisco OpenFlow AgentConfiguring Interfaces for a Cisco OpenFlow Agent Logical Switch
PurposeCommand or Action
Specifies the interface for the logical switch andenters interface configuration mode.
interface type number
Example:Device(config)# interfaceEthernet1/23
Step 2
(Optional)channel-group group-numberStep 3Adds the interface to a port-channel.
Example:Device(config-if)# channel-group 2
Specifies an interface as a Layer 2 port.switchport
Example:Device(config-if)# switchport
Step 4
Specifies an interface as a trunk port.switchport mode trunkStep 5
Example:Device(config-if)# switchport modetrunk
• A trunk port can carry traffic of one or moreVLANs on the same physical link. (VLANsare based on the trunk-allowed VLANs list.)By default, a trunk interface carries trafficfor all VLANs.
Sets the list of allowed VLANs that transmit trafficfrom this interface in tagged format when intrunking mode.
switchport mode trunk allowed vlan[vlan-list]
Example:Device(config-if)# switchport trunkallowed vlan 1-3
Step 6
Enables the interface.no shutdown
Example:Device(config-if)# no shutdown
Step 7
Exits interface configuration mode and entersprivileged EXEC mode.
end
Example:Device(config-if)# end
Step 8
Saves the change persistently through reboots andrestarts by copying the running configuration tothe startup configuration.
copy running-config startup-config
Example:Device# copy running-configstartup-config
Step 9
What to Do Next
Repeat these steps to configure any additional interfaces for a Cisco OpenFlow Agent logical switch.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 19
Configuring the Cisco OpenFlow AgentConfiguring a Physical Interface in Layer 2 mode
Configuring a Port-Channel InterfacePerform the task below to create a port-channel interface for a Cisco OpenFlow Agent logical switch.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:Device# configure terminal
Step 1
Specifies the interface for the logical switch and entersinterface configuration mode.
interface port-channel number
Example:Device(config)# interfaceport-channel 2
Step 2
Specifies the interface as an Ethernet trunk port. A trunkport can carry traffic in one or more VLANs on the
switchport mode trunk
Example:Device(config-if)# switchport modetrunk
Step 3
same physical link (VLANs are based on thetrunk-allowedVLANs list). By default, a trunk interfacecan carry traffic for all VLANs.
If the port-channel is specified as a trunkinterface, ensure that member interfaces arealso configured as trunk interfaces.
Note
Sets the list of allowed VLANs that transmit trafficfrom this interface in tagged format when in trunkingmode.
switchport mode trunk allowed vlan[vlan-list]
Example:Device(config-if)# switchporttrunk allowed vlan 1-3
Step 4
Ends interface configurationmode and enters privilegedEXEC mode.
end
Example:Device(config-if)# end
Step 5
Saves the change persistently through reboots andrestarts by copying the running configuration to thestartup configuration.
copy running-config startup-config
Example:Device# copy running-configstartup-config
Step 6
What to Do Next
Activate Cisco OpenFlow Agent.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches20
Configuring the Cisco OpenFlow AgentConfiguring a Port-Channel Interface
Configuring a Cisco OpenFlow Agent Logical SwitchThis task configures a Cisco OpenFlow Agent logical switch and the IP address of a controller.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:Device# configure terminal
Step 1
Enters OpenFlow configuration mode.openflow
Example:Device(config)# openflow
Step 2
Creates an OpenFlow switch with a pipeline.switch switch-id pipelinepipeline-id
Step 3
• This step is mandatory for a logical switch configuration.
Example:Device(config-ofa)# switch1 pipeline 201
• You can view the supported pipeline values using the showopenflow hardware capabilities command.
Configures an Ethernet interface or port-channel interface as aport of a Cisco OpenFlow Agent logical switch.
Enter one of the followingcommands:
Step 4
• of-port interfaceinterface-name
• Standard Cisco NX-OS interface type abbreviations aresupported.
• The interface must be designated for the Cisco OpenFlowAgent logical switch only.
• of-port interfaceport-channel-name
• Themode openflow configuration is added to an interfacewhen an interface is configured as a port of Cisco OpenFlow
Example: Agent. To add or remove an interface as a port of CiscoFor a physical interface:Device(config-ofa-switch)#of-port interfaceethernet1/1
OpenFlow Agent, ensure that the Cisco OpenFlow Agent isactivated and running to ensure the proper automatic additionand removal of themode openflow configuration. To removean interface as a port of Cisco OpenFlow Agent, use the noform of this command.
For a port-channel interface:Device(config-ofa-switch)#of-port interfaceport-channel2 • An interface configured for a port channel should not be
configured as a Cisco OpenFlow Agent logical switch port.
• Repeat this step to configure additional interfaces.
Specifies the IPv4 address, port number, and VRF of a controllerthat can manage the logical switch, port number used by the
controller ipv4 ip-address [porttcp-port] [ vrf vrf-name]security{none | tls}
Step 5
controller to connect to the logical switch and the VRF of thecontroller.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 21
Configuring the Cisco OpenFlow AgentConfiguring a Cisco OpenFlow Agent Logical Switch
PurposeCommand or Action
Example:
• If unspecified, the default VRF is used.
• Controllers use TCP port 6653 by default.Controller in default VRF:Device(config-ofa-switch)#controller ipv4 10.1.1.2security none
• You can configure up to eight controllers. Repeat this stepif you need to configure additional controllers.
• If TLS is not disabled in this step, configure TLS trustpointsusing the tls command.
• You can use the clear openflow switch 1 controller allcommand to clear controller connections. This commandcan reset a connection after Transport Layer Security (TLS)certificates and keys are updated. This is not required forTCP connections.
A connection to a controller is initiated for the logical switch.
(Optional)Specifies the local and remote TLS trustpoints to be used for thecontroller connection.
tls trust-point locallocal-trust-point remoteremote-trust-point
Step 6
Example:Device(config-ofa-switch)#tls trust-point localmylocal remote myremote
• For information on configuring trustpoints, refer to the"Configuring PKI" chapter of the Cisco Nexus 7000 SeriesNX-OS Security Configuration Guide.
(Optional)Enables logging of flow changes, including addition, deletion,and modification of flows.
logging flow-mod
Example:Device(config-ofa-switch)#logging flow-mod
Step 7
• Logging of flow changes is disabled by default.
• Flow changes are logged in syslog and can be viewed usingthe show logging command.
• Logging of flow changes is a CPU intensive activity andshould not be enabled for networks greater than 1000 flows.
(Optional)Configures the interval, in seconds, at which the controller isprobed with echo requests.
probe-interval probe-interval
Example:Device(config-ofa-switch)#probe-interval 5
Step 8
• The default value is 5.
• The range is from 5 to 65535.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches22
Configuring the Cisco OpenFlow AgentConfiguring a Cisco OpenFlow Agent Logical Switch
PurposeCommand or Action
(Optional)Configures the maximum packet rate of the connection to thecontroller and themaximum packets permitted in a burst of packetssent to the controller in a second.
rate-limit packet_incontroller-packet-rate burstmaximum-packets-to-controller
Example:Device(config-ofa-switch)#rate-limit packet_in 300burst 50
Step 9
• The default value is zero, meaning that an indefinite packetrate and packet burst are permitted.
• This rate limit is for Cisco OpenFlowAgent. It is not relatedto the rate limit of the device (data plane) configured byCOPP.
(Optional)Configures the time, in seconds, for which the device must waitbefore attempting to initiate a connection with the controller.
max-backoff backoff-timer
Example:Device(config-ofa-switch)#max-backoff 8
Step 10
• The default value is eight.
• The range is from 1 to 65535.
(Optional)id is a 64bit hex value. A valid id is in the range[0x1-0xffffffffffffffff]. This identifier allows the controller touniquely identify the device.
datapath-id id
Example:Device(config-ofa-switch)#datapath-id 0x111
Step 11
(Optional)This command forces a specific version of the controllerconnection. If you force version 1.3 and the controller supports
protocol-version [1.0 | 1.3 |negotiate]
Example:Device(config-ofa-switch)#protocol-version 1.3
Step 12
only 1.0, no session is established (or vice versa). The defaultbehavior is to negotiate a compatible version between thecontroller and device.
Supported values are:
• 1.0—Configures device to connect to 1.0 controllers only
• 1.3—Configures device to connect to 1.3 controllers only
• negotiate—(Default) Negotiates the protocol version withthe controller. The device uses version 1.3 for negotiation.
(Optional)This disables the OpenFlow switch without having to remove allthe other configuration.
shutdown
Example:Device(config-ofa-switch)#shutdown
Step 13
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 23
Configuring the Cisco OpenFlow AgentConfiguring a Cisco OpenFlow Agent Logical Switch
PurposeCommand or Action
The default-miss command sets the behavior when a packet doesnot match a flow in the flow table. The controller flows mayoverride default-miss flows.
default-miss value
Example:Device(config-ofa-switch)#default-miss continue-normal
Step 14
Not every action is supported on everyplatform.
Note
continue-drop: a miss in a flow table will cascade to perform amatch in the next table (if applicable). A miss in the terminal tablein the pipeline will result in the packet being dropped.
continue-normal: a miss in a flow table will cascade to performa match in the next table (if applicable). A miss in the terminaltable in the pipeline will result in the packet being sent to theswitch's normal hardware processing.
continue-controller: a miss in a flow table will cascade to performa match in the next table (if applicable). A miss in the terminaltable in the pipeline will result in the packet being sent to thecontroller.
drop: a miss in the first flow table of the pipeline will not cascadeto any other table. Instead the packet will be dropped.
normal: a miss in the first flow table of the pipeline will notcascade to any other table. Instead the packet will be sent to theswitch's normal hardware forwarding.
controller: a miss in the first flow table of the pipeline will notcascade to any other table. Instead the packet will be sent to thecontroller.
(Optional)A setting of zero disables statistics collection. If collection isenabled, the interval must be a minimum of seven seconds. The
statistics collection-intervalseconds
Example:Device(config-ofa-switch)#statistics collection 10
Step 15
interval setting can be used to reduce the CPU load from periodicstatistics polling. For example, if you have 1000 flows and choosea statistics collection interval of 10 seconds, 1000flows/10s = 100flows per second poll rate.
Each flow table has a prescribed maximumflows-per-second poll rate supported by hardware asdisplayed in the show openflow hardware capabilitiescommand. If you choose a statistics collection intervalthat is too small, the maximum rate supported by thehardware is used, effectively throttling the statisticscollection.
Note
Exits logical switch configuration mode and enters privilegedEXEC mode.
end
Example:Device(config-ofa-switch)#end
Step 16
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches24
Configuring the Cisco OpenFlow AgentConfiguring a Cisco OpenFlow Agent Logical Switch
PurposeCommand or Action
Saves the change persistently through reboots and restarts bycopying the running configuration to the startup configuration.
copy running-configstartup-config
Example:Device# copy running-configstartup-config
Step 17
What to Do Next
Configure logical sub-switches.
Configuring Logical Sub-SwitchesThis task configures a logical sub-switch for OpenFlow control by a controller other than the master controller.
Before You Begin
Configure an OpenFlow logical switch.
Procedure
PurposeCommand or Action
Enters global configuration mode.configure terminal
Example:Device# configure terminal
Step 1
Enters OpenFlow configuration mode.openflow
Example:Device(config)# openflow
Step 2
Selects the existing OpenFlow switch under which thesub-switch will be created. This is the master switch,which has the ID of 1.
switch switch-id pipeline pipeline-id
Example:Device(config-ofa)# switch 1pipeline 201
Step 3
Creates an OpenFlow logical sub-switch for the specifiedVLAN or VLAN range.
sub-switch sub-switch-id vlan vlan-range
Example:Device(config-ofa-switch)#sub-switch 2 vlan 301-305
Step 4
• The sub-switch-id is a unique ID for thissub-switch. It is an integer between 2 and 10. Themaster switch has the ID of 1.
• VLANs associated with this sub-switch cannot alsobe associated to another sub-switch, and VLANranges cannot overlap between sub-switches.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 25
Configuring the Cisco OpenFlow AgentConfiguring Logical Sub-Switches
PurposeCommand or Action
To return to the configuration of this sub-switch later,you must repeat the exact command, including thesub-switch ID and the VLAN range.
Specifies the IPv4 address, port number, and VRF of acontroller that can manage the logical switch, port
controller ipv4 ip-address [port tcp-port][ vrf vrf-name] security{none | tls}
Step 5
number used by the controller to connect to the logicalswitch and the VRF of the controller.Example:
Controller in default VRF:Device(config-ofa-switch-subswitch)#controller ipv4 10.1.1.2 securitynone
• If unspecified, the default VRF is used.
• Controllers use TCP port 6653 by default, but theport is configurable to a different port number usingthe CLI.
• You can configure up to eight controllers. Repeatthis step if you need to configure additionalcontrollers.
• If TLS is not disabled in this step, configure TLStrustpoints using the tls command.
• You can use the clear openflow switch 1controller all command to clear controllerconnections. This command can reset a connectionafter Transport Layer Security (TLS) certificatesand keys are updated. This is not required for TCPconnections.
A connection to a controller is initiated for the logicalswitch.
This command forces a specific version of the controllerconnection. If you force version 1.3 and the controller
protocol-version version-info
Example:Device(config-ofa-switch-subswitch)#protocol-version 1.3
Step 6
supports only 1.0, no session is established (or viceversa). The default behavior is to negotiate a compatibleversion between the controller and device.
Supported values are:
• 1.0—Configures device to connect to 1.0controllers only
• 1.3—Configures device to connect to 1.3controllers only
• negotiate—(Default) Negotiates the protocolversion with the controller. Device uses 1.3 fornegotiation.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches26
Configuring the Cisco OpenFlow AgentConfiguring Logical Sub-Switches
PurposeCommand or Action
(Optional)Specifies the local and remote TLS trustpoints to be usedfor the controller connection.
tls trust-point local local-trust-pointremote remote-trust-point
Example:Device(config-ofa-switch-subswitch)#tls trust-point local mylocalremote myremote
Step 7
• For information on configuring trustpoints, referto the "Configuring PKI" chapter of the CiscoNexus 7000 Series NX-OS Security ConfigurationGuide.
(Optional)Configures the interval, in seconds, at which thecontroller is probed with echo requests.
probe-interval probe-interval
Example:Device(config-ofa-switch-subswitch)#probe-interval 5
Step 8
• The default value is 5.
• The range is from 5 to 65535.
(Optional)Configures the maximum packet rate of the connectionto the controller and the maximum packets permitted ina burst of packets sent to the controller in a second.
rate-limit packet_in controller-packet-rateburst maximum-packets-to-controller
Example:Device(config-ofa-switch-subswitch)#rate-limit packet_in 300 burst 50
Step 9
• The default value is zero, meaning that an indefinitepacket rate and packet burst are permitted.
• This rate limit is for Cisco OpenFlow Agent. It isnot related to the rate limit of the device (dataplane) configured by COPP.
(Optional)Configures the time, in seconds, for which the devicemust wait before attempting to retry the connection withthe controller.
max-backoff backoff-timer
Example:Device(config-ofa-switch-subswitch)#max-backoff 8
Step 10
• The default value is eight.
• The range is from 1 to 65535 seconds.
(Optional)Identifier of the sub-switch, which allows the controllerto uniquely identify the device. This command overwrites
datapath-id id
Example:Device(config-ofa-switch-subswitch)#datapath-id 0x111
Step 11
the default value, which is based on the MAC addressof the switch and the ID of the sub-switch.. A valid id isa 64-bit hex value in the range [0x1-0xffffffffffffffff].
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 27
Configuring the Cisco OpenFlow AgentConfiguring Logical Sub-Switches
Configuration Examples for Cisco OpenFlow AgentExample: Enabling Cisco OpenFlow Agent in the Nexus 3000 series device
Device> enableDevice# configure terminalDevice(config)# system switch-mode n9kDevice# exitDevice# write eraseDevice# reloadThis command will reboot the system. (y/n)? [n] y...[log in after reboot]Device# configure terminalDevice(config)# feature openflowDevice(config)# show feature | inc openflowopenflow 1 enabled
Example: Enabling Cisco OpenFlow Agent in the Nexus 9000 series device
Device# configure terminalDevice(config)# feature openflowDevice(config)# show feature | inc openflowopenflow 1 enabled
Example: Adjusting the Number of Flow Entries
Device# configure terminalDevice(config)# hardware access-list tcam region racl 0Device(config)# hardware access-list tcam region e-racl 0Device(config)# hardware access-list tcam region l3qos 0Device(config)# hardware access-list tcam region span 0Device(config)# hardware access-list tcam region redirect 0Device(config)# hardware access-list tcam region vpc-convergence 0Device(config)# hardware access-list tcam region openflow 1024Device(config)# exitDevice# copy running-config startup-configDevice# reload
Example: Configuring Global Variables for a Cisco OpenFlow Agent Logical SwitchDevice# configure terminalDevice(config)# mac-learn disableDevice(config)# spanning-tree mode mstDevice(config)# vlan 2Device(config-vlan)# end
Example: Configuring Control Plane Policing for Packets Sent to a ControllerDevice# configure terminalDevice# setup
---- Basic System Configuration Dialog ----
This setup utility will guide you through the basic configuration ofthe system. Setup configures only enough connectivity for managementof the system.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches28
Configuring the Cisco OpenFlow AgentConfiguration Examples for Cisco OpenFlow Agent
*Note: setup is mainly used for configuring the system initially,when no configuration is present. So setup always assumes systemdefaults and not the current system configuration values.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytimeto skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): yes
Create another login account (yes/no) [n]:
Configure read-only SNMP community string (yes/no) [n]:
Configure read-write SNMP community string (yes/no) [n]:
Enter the switch name : QI32
Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]: n
Configure the default gateway? (yes/no) [y]: n
Enable the telnet service? (yes/no) [n]: y
Enable the ssh service? (yes/no) [y]: n
Configure the ntp server? (yes/no) [n]:
Configure default interface layer (L3/L2) [L2]:
Configure default switchport interface state (shut/noshut) [noshut]:Configure CoPP System Policy Profile ( default / l2 / l3 ) [default]:
The following configuration will be applied:switchname QI32telnet server enableno ssh server enablesystem default switchportno system default switchport shutdownpolicy-map type control-plane copp-system-policy ( default )
Would you like to edit the configuration? (yes/no) [n]:
Use this configuration and save it? (yes/no) [y]:
[########################################] 100%Copy complete, now saving to disk (please wait)...
Device# configure terminalDevice(config)# policy-map type control-plane copp-system-policyDevice(config-pmap)# class copp-s-dpssDevice(config-pmap-c)# police pps 1000Device(config-pmap-c)# endDevice# show run copp
Example: Specifying a Route to a Controller Using a Physical InterfaceDevice# configure terminalDevice(config)# interface ethernet1/1Device(config-if)# no switchportDevice(config-if)# ip address 10.0.1.4 255.255.255.255Device(config-if)# exitDevice(config)# ip route 0.0.0.0 0.0.0.0 10.0.1.6Device# copy running-config startup-configDevice(config)# exit
Example: Specifying a Route to a Controller Using a Management InterfaceDevice# configure terminalDevice(config)# interface mgmt0
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 29
Configuring the Cisco OpenFlow AgentConfiguration Examples for Cisco OpenFlow Agent
Device(config-if)# no switchportDevice(config-if)# ip address 10.0.1.4 255.255.255.255Device(config-if)# exitDevice(config)# vrf context managementDevice(config)# ip route 0.0.0.0 0.0.0.0 10.0.1.6Device# copy running-config startup-configDevice(config)# exit
Example: Configuring an Interface for a Cisco OpenFlow Agent Logical Switch in L2 modeDevice# configure terminal
Device(config)# interface ethernet1/1Device(config-if)# switchport mode trunkDevice(config-if)# no shutdownDevice(config-if)# exit
Device(config)# interface ethernet1/2! Adding the interface to a port channel.Device(config-if)# channel-group 2Device(config-if)# switchport mode trunkDevice(config-if)# no shutdownDevice(config-if)# endDevice# copy running-config startup-config
Example: Configuring a Port-Channel InterfaceDevice# configure terminalDevice(config)# interface port-channel 2Device(config-if)# switchport mode trunkDevice(config-if)# endDevice# copy running-config startup-config
Example: Cisco OpenFlow Agent Logical Switch Configuration (Default VRF)Device# configure terminalDevice(config)# openflowDevice(config-ofa)# switch 1 pipeline 201! Specifies the pipeline that enables the IP Forwarding Table.Device(config-ofa-switch)# logging flow-modDevice(config-ofa-switch)# max-backoff 5Device(config-ofa-switch)# probe-interval 5Device(config-ofa-switch)# rate-limit packet-in 300 burst 50Device(config-ofa-switch)# controller ipv4 10.0.1.6 security none! Adding an interface to the Cisco OpenFlow Agent logical switch.Device(config-ofa-switch)# of-port interface ethernet1/1Device(config-ofa-switch)# of-port interface ethernet1/2! Adding a port channel to the Cisco OpenFlow Agent switch.Device(config-ofa-switch)# of-port interface port-channel 2Device(config-ofa-switch)# endDevice# copy running-config startup-config
Example: Configuring a Cisco OpenFlow Agent Logical Switch (Management VRF)Device# configure terminalDevice(config)# openflowDevice(config-ofa)# switch 1 pipeline 201! Specifying a controller that is part of a VRF.Device(config-ofa-switch)# controller ipv4 10.0.1.6 vrf management security none! Adding an interface to the Cisco OpenFlow Agent logical switch.
Device(config-ofa-switch)# of-port interface ethernet1/1Device(config-ofa-switch)# of-port interface ethernet1/2! Adding a port channel to the Cisco OpenFlow Agent switch.Device(config-ofa-switch)# of-port interface port-channel 2Device(config-ofa-switch)# endDevice# copy running-config startup-config
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches30
Configuring the Cisco OpenFlow AgentConfiguration Examples for Cisco OpenFlow Agent
Example: Creating a Sub-SwitchDevice# configure terminalDevice(config)# openflowDevice(config-ofa)# switch 1 pipeline 201Device(config-ofa-switch)# controller ipv4 5.30.199.200 port 6645 vrf management securitynoneDevice(config-ofa-switch)# of-port interface port-channel1000Device(config-ofa-switch)# of-port interface Ethernet1/1Device(config-ofa-switch)# of-port interface Ethernet1/37Device(config-ofa-switch)# of-port interface Ethernet1/39Device(config-ofa-switch)# logging flow-modDevice(config-ofa-switch)# sub-switch 2 vlan 100Device(config-ofa-switch-subswitch)# controller ipv4 5.30.19.239 port 6653 vrf managementsecurity none
Verifying Cisco OpenFlow AgentProcedure
Step 1 showopenflow switch switch-idDisplays information related to Cisco OpenFlow Agent logical switch.
Example:Device# show openflow switch 1
Logical Switch ContextId: 1Switch type: ForwardingPipeline id: 201VLAN restrictions: noneData plane: secureTable-Miss default: controllerConfigured protocol version: NegotiateConfig state: no-shutdownWorking state: enabledRate limit (packet per second): 300Burst limit: 50Max backoff (sec): 8Probe interval (sec): 5TLS local trustpoint name: not configuredTLS remote trustpoint name: not configuredLogging flow changes: EnabledStats collect interval (sec): 7Stats collect Max flows: 3001Minimum flow idle timeout (sec): 14OFA Description:Manufacturer: Cisco Systems, Inc.Hardware: N9K-C9372PX 2.1Software: 7.0(3)I5(0.51)| of_agent 0.1Serial Num: SAL1944RZQNDP Description: switch:sw1
OF Features:DPID: 0x0000000000009000Number of tables:1Number of buffers:256Capabilities: FLOW_STATS TABLE_STATS PORT_STATS
Controllers:5.30.19.236:6653, Protocol: TCP, VRF: management
Interfaces:Ethernet1/1
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 31
Configuring the Cisco OpenFlow AgentVerifying Cisco OpenFlow Agent
Ethernet1/2
Step 2 show openflow switch switch-id controllers [stats]Displays information related to the connection status between a Cisco OpenFlow Agent logical switch andconnected controllers.
Example:
Device# show openflow switch 1 controllers
Logical Switch Id: 1Total Controllers: 1Controller: 15.30.19.236:6653Protocol: tcpVRF: managementConnected: YesRole: MasterNegotiated Protocol Version: OpenFlow 1.3Last Alive Ping: 09/27/2016 00:04:53last_error:Connection timed outstate:ACTIVEsec_since_connect:103334sec_since_disconnect:103345Current Role Since: 09/25/2016 19:22:41
The above sample output is displayed when the controller is connected (state:ACTIVE).Device# show openflow switch 1 controllers stats
Logical Switch Id: 1Total Controllers: 1Controller: 1address : tcp:5.30.19.236:6653%managementconnection attempts : 19successful connection attempts : 2flow adds : 2flow mods : 0flow deletes : 0flow removals : 0flow errors : 0flow unencodable errors : 0total errors : 0echo requests : rx: 0, tx: 7echo reply : rx: 6, tx: 0flow stats : rx: 33763, tx: 33763barrier : rx: 2, tx: 2packet-in/packet-out : rx: 0, tx: 23033Topology Monitor : rx: 0, tx: 0Topology State : rx: 0
Step 3 show running-config interface ethernet interface-idIn the interface configuration, verifymode openflow.
Example:Device# show running-config interface ethernet 1/2
!Command: show running-config interface Ethernet1/2!Time: Thu Sep 29 00:08:18 2016
version 7.0(3)I5(1)
interface Ethernet1/7no lldp transmitspanning-tree bpdufilter enable
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches32
Configuring the Cisco OpenFlow AgentVerifying Cisco OpenFlow Agent
mode openflow
Step 4 show openflow switch switch-id portsDisplays the mapping between physical device interfaces and ports of a Cisco OpenFlowAgent logical switch.
Example:Device# show openflow switch 1 ports
Logical Switch Id: 1Port Interface Name Config-State Link-State Features
2 Ethernet1/2 PORT_UP LINK_UP 10MB-FD3 Ethernet1/3 PORT_UP LINK_DOWN 100MB-HD AUTO_NEG4 Ethernet1/4 PORT_UP LINK_UP 10MB-FD
Step 5 show openflow switch switch-id flows [configured | controller | default | fixed | pending | pending-del] [brief | summary]Displays flows defined for the device by controllers.
Example:Device# show openflow switch 1 flows
Logical Switch Id: 1Total flows: 2
Flow: 1Match: anyActions: CONTROLLER:0Priority: 0Table: 0Cookie: 0x0Duration: 104160.376sNumber of packets: 0Number of bytes: 0
Flow: 2Match: in_port=2,dl_vlan=100Actions: dropPriority: 100Table: 0Cookie: 0x0Duration: 103753.162sNumber of packets: 0Number of bytes: 0
The following example show flows installed by the OpenFlow agent:Device# show openflow switch 1 flows configured
Logical Switch Id: 1Total flows: 1
Flow: 1Match: anyActions: CONTROLLER:0Priority: 0Table: 0Cookie: 0x0Duration: 104180.584sNumber of packets: 0Number of bytes: 0
The following example show flows installed from the controller:Device# show openflow switch 1 flows controller
Logical Switch Id: 1
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 33
Configuring the Cisco OpenFlow AgentVerifying Cisco OpenFlow Agent
Total flows: 1Flow: 1Match: in_port=2,dl_vlan=100Actions: dropPriority: 100Table: 0Cookie: 0x0Duration: 103753.162sNumber of packets: 0Number of bytes: 0
Step 6 show openflow switch switch-id flow statsDisplays send and receive statistics for each port defined for a Cisco OpenFlow Agent logical switch.
Example:Device# show openflow switch 1 flow stats
Logical Switch Id: 1
Total ports: 2Port 1: rx pkts=96932, bytes=10911299, drop=0, errs=0,
tx pkts=209683, bytes=19045035, drop=0, errs=0,Port 2: rx pkts=350485253, bytes=23834112937, drop=0, errs=0,
tx pkts=191127, bytes=16001929, drop=0, errs=0,Total tables: 1Table 0: NXOS PLCMGR IPV6 - PIPE 201Wildcards = 0x300033Max entries = 3001Active entries = 2Number of lookups = 0Number of matches = 0
Flow statistics are available for pipeline 201 and table 0. For pipeline 202, flow statistics are not available fortable 1.
Step 7 show logging last number-of-linesDisplays logging information of flow changes, including addition, deletion or modification of flows.
Example:Device# show logging last 10
2016 Oct 5 09:52:27 switch of_agent: <{of_agent}> libpolicyshim:policy_shim_parse_plcmgr_policy_stats 6515 cmd_attr 3522561182016 Oct 5 09:52:27 switch of_agent: <{of_agent}> libpolicyshim:policy_shim_parse_plcmgr_policy_stats 6543 ppf_id 870320892016 Oct 5 09:52:27 switch of_agent: <{of_agent}> libpolicyshim:policy_shim_parse_plcmgr_policy_stats 6515 cmd_attr 3522562002016 Oct 5 09:52:27 switch of_agent: <{of_agent}> libpolicyshim:policy_shim_parse_plcmgr_policy_stats 6536 pkts 0x9d3b bytes 0x02016 Oct 5 09:52:27 switch of_agent: <{of_agent}>|-|00353|plif_xos_util|DBG|cstatclassified.pkts = 40251
2016 Oct 5 09:52:27 switch of_agent: <{of_agent}>|-|00354|plif_xos_util|DBG|cstatclassified.bytes = 02016 Oct 5 09:52:27 switch of_agent: <{of_agent}>|-|00355|plif_xos_util|DBG|cstat drop.pkts= 02016 Oct 5 09:52:27 switch of_agent: <{of_agent}>|-|00356|plif_xos_util|DBG|cstat drop.bytes= 02016 Oct 5 09:52:27 switch of_agent: <{of_agent}>|-|00357|plif_xos|DBG|PXOS lookup switchby ls_id: switch ls_id is 1, passed in ls_id is 12016 Oct 5 09:52:28 switch of_agent: <{of_agent}>|-|1841673|poll_loop|DBG|wakeup due to
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches34
Configuring the Cisco OpenFlow AgentVerifying Cisco OpenFlow Agent
999-ms timeout at../feature/sdn/openflow/cmn/ovs/cof_ovs_ofproto_plif.c:815 (0% CPU usage)
Step 8 show running-config openflowDisplays configurations made for Cisco OpenFlow Agent.
Example:Device# show running-config openflow
!Command: show running-config openflow!Time: Tue Sep 27 00:19:00 2016
version 7.0(3)I5(1)feature openflow
openflowswitch 1 pipeline 201rate-limit packet_in 300 burst 50probe-interval 5statistics collection-interval 7datapath-id 0x9000controller ipv4 5.30.19.236 port 6653 vrf management security noneof-port interface Ethernet1/1of-port interface Ethernet1/2default-miss controllerlogging flow-mod
Step 9 show openflow hardware capabilitiesDisplays hardware capabilities for OpenFlow.
Example:Device# show openflow hardware capabilities
Max Interfaces: 1000Aggregated Statistics: NO
Pipeline ID: 201Pipeline Max Flows: 3001Max Flow Batch Size: 300Statistics Max Polling Rate (flows/sec): 1024Pipeline Default Statistics Collect Interval: 7
Flow table ID: 0
Max Flow Batch Size: 300Max Flows: 3001Bind Subintfs: FALSEPrimary Table: TRUETable Programmable: TRUEMiss Programmable: TRUENumber of goto tables: 0goto table id:Stats collection time for full table (sec): 3
Match Capabilities Match Types------------------ -----------ethernet type optionalVLAN ID optionalVLAN priority code point optionalIP DSCP optionalIP protocol optionalipv6 source addresss lengthmaskipv6 destination address lengthmasksource port optionaldestination port optionalin port (virtual or physical) optionalwildcard all matches optional
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 35
Configuring the Cisco OpenFlow AgentVerifying Cisco OpenFlow Agent
Actions Count Limit Orderspecified interface 64 20controller 1 20divert a copy of pkt to application 1 20
set eth source mac 1 10set eth destination mac 1 10set vlan id 1 10
pop vlan tag 1 10
drop packet 1 20
Miss actions Count Limit Orderuse normal forwarding 1 0controller 1 20
drop packet 1 20
Max Interfaces: 1000Aggregated Statistics: NO
Pipeline ID: 202Pipeline Max Flows: 3001Max Flow Batch Size: 300Statistics Max Polling Rate (flows/sec): 1024Pipeline Default Statistics Collect Interval: 7
Flow table ID: 0
Max Flow Batch Size: 300Max Flows: 3001Bind Subintfs: FALSEPrimary Table: TRUETable Programmable: TRUEMiss Programmable: TRUENumber of goto tables: 1goto table id: 1Stats collection time for full table (sec): 3
Match Capabilities Match Types------------------ -----------ethernet type optionalVLAN ID optionalVLAN priority code point optionalIP DSCP optionalIP protocol optionalipv6 source addresss lengthmaskipv6 destination address lengthmasksource port optionaldestination port optionalin port (virtual or physical) optionalwildcard all matches optional
Actions Count Limit Orderspecified interface 64 20controller 1 20divert a copy of pkt to application 1 20
set eth source mac 1 10set eth destination mac 1 10set vlan id 1 10
pop vlan tag 1 10
drop packet 1 20
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches36
Configuring the Cisco OpenFlow AgentVerifying Cisco OpenFlow Agent
Miss actions Count Limit Orderuse normal forwarding 1 0controller 1 20perform another lookup in the specified table 1 20
drop packet 1 20
Flow table ID: 1
Max Flow Batch Size: 300Max Flows: 32001Bind Subintfs: FALSEPrimary Table: FALSETable Programmable: TRUEMiss Programmable: TRUENumber of goto tables: 0goto table id:Stats collection: Not Supported
Match Capabilities Match Types------------------ -----------ethernet mac destination mandatoryVLAN ID mandatorywildcard all matches mandatory
Actions Count Limit Orderspecified interface 64 20
drop packet 1 20
Miss actions Count Limit Orderuse normal forwarding 1 0controller 1 20
drop packet 1 20
Step 10 show openflow switch 2Displays configuration of OpenFlow sub-switch.
Example:
Device# show openflow switch 2
Logical Switch ContextId: 2Switch type: ForwardingPipeline id: 201VLAN restrictions: 100Data plane: secureTable-Miss default: dropConfigured protocol version: NegotiateConfig state: no-shutdownWorking state: enabledRate limit (packet per second): 0Burst limit: 0Max backoff (sec): 8Probe interval (sec): 180TLS local trustpoint name: not configuredTLS remote trustpoint name: not configuredLogging flow changes: DisabledStats collect interval (sec): 7Stats collect Max flows: 3001Minimum flow idle timeout (sec): 14OFA Description:
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 37
Configuring the Cisco OpenFlow AgentVerifying Cisco OpenFlow Agent
Manufacturer: Cisco Systems, Inc.Hardware: N9K-C9372PX 2.1Software: 7.0(3)I5(0.51)| of_agent 0.1Serial Num: SAL1944RZQNDP Description: switch:sw2
OF Features:DPID: 0x000258ac786b5457Number of tables:1Number of buffers:256Capabilities: FLOW_STATS TABLE_STATS PORT_STATS
Controllers:5.30.19.239:6653, Protocol: TCP, VRF: management
Interfaces:port-channel1000Ethernet1/1Ethernet1/37Ethernet1/39
Step 11 show openflow switch 2 controllers statsDisplays information related to the controller statistics for a logical sub-switch.
Example:
Device# show openflow switch 2 controllers stats
Logical Switch Id: 2Total Controllers: 1Controller: 1address : tcp:5.30.19.239:6653%managementconnection attempts : 5successful connection attempts : 0flow adds : 0flow mods : 0flow deletes : 0flow removals : 0flow errors : 0flow unencodable errors : 0total errors : 0echo requests : rx: 0, tx: 0echo reply : rx: 0, tx: 0flow stats : rx: 0, tx: 0barrier : rx: 0, tx: 0packet-in/packet-out : rx: 0, tx: 0Topology Monitor : rx: 0, tx: 0Topology State : rx: 0
Step 12 show run openflowDisplays configurations made for Cisco OpenFlow Agent when a sub-switch is configured.
Example:
Device# show run openflow
!Command: show running-config openflow!Time: Thu Sep 29 00:09:21 2016
version 7.0(3)I5(1)feature openflow
openflowswitch 1 pipeline 201controller ipv4 5.30.199.200 port 6645 vrf management security noneof-port interface port-channel1000of-port interface Ethernet1/1of-port interface Ethernet1/37of-port interface Ethernet1/39
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches38
Configuring the Cisco OpenFlow AgentVerifying Cisco OpenFlow Agent
logging flow-modsub-switch 2 vlan 100controller ipv4 5.30.19.239 port 6653 vrf management security none
Additional Information for Cisco OpenFlow AgentRelated Documents
Document TitleRelated Topic
Cisco Nexus 3000 Series SwitchesCommand References
Cisco Nexus 9000 Series SwitchesCommand References
Cisco command references
Standards and RFCs
TitleStandard/RFC
OpenFlow Switch Specification Version 1.3.0 (WireProtocol 0x04).
OpenFlow 1.3
OpenFlow Switch Specification Version 1.0.1 (WireProtocol 0x01).
OpenFlow 1.0
Technical Assistance
LinkDescription
http://www.cisco.com/cisco/web/support/index.htmlThe Cisco Support and Documentation websiteprovides online resources to download documentationand tools. Use these resources to troubleshoot andresolve technical issues with Cisco products andtechnologies. Access to most tools on the CiscoSupport and Documentation website requires aCisco.com user ID and password.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 39
Configuring the Cisco OpenFlow AgentAdditional Information for Cisco OpenFlow Agent
Feature Information for Cisco OpenFlow AgentThe following table provides release information about the feature or features described in this module. Thistable lists only the software release that introduced support for a given feature in a given software releasetrain. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 4: Feature Information for Cisco OpenFlow Agent
Feature InformationReleasesFeature Name
Cisco OpenFlow Agent isintroduced, replacing the CiscoPlug-in for OpenFlow used inprevious NX-OS releases.
7.0(3)I5(1)Cisco OpenFlow Agent
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches40
Configuring the Cisco OpenFlow AgentFeature Information for Cisco OpenFlow Agent
A P P E N D I X ASupported Platforms for Cisco OpenFlow Agent
• Supported Platforms for Cisco OpenFlow Agent, page 41
Supported Platforms for Cisco OpenFlow AgentNexus 3000 Series
OpenFlow Support (Pipeline Number)Platform
201/202Cisco Nexus 30* Switch
201/202Cisco Nexus 3132/3172* Switch
201/202Cisco Nexus 3132QV Switch
201/202Cisco Nexus 31108PCV Switch
201/202Cisco Nexus 31108TCV Switch
201/202Cisco Nexus 31128PQ-10GE Switch
201/202Cisco Nexus 3232C Switch
201/202Cisco Nexus 3264Q Switch
NoCisco Nexus3000 C3164PQ Chassis
203Cisco Nexus 3548 switch
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 41
Nexus 9000 Series
OpenFlow Support (Pipeline Number)Platform
201/202Cisco Nexus 9332PQ Switch
201/202Cisco Nexus 9372PX Switch
201/202Cisco Nexus 9372TX Switch
201/202 201/202Cisco Nexus 9396PX Switch
201/202Cisco Nexus 9396TX Switch
201/202Cisco Nexus 93120TX Switch
201/202Cisco Nexus 93128TX Switch
205 (see note)Cisco Nexus 9504 Switch
205 (see note)Cisco Nexus 9508 Switch
205 (see note)Cisco Nexus 9516 Switch
OpenFlow pipeline 205 is supported on Cisco Nexus 95XX switches only when the switch contains theApplication Spine Engine 2 (ASE2), Application Spine Engine 3 (ASE3), or Leaf Spine Engine (LSE).If any fabric board other than these is present, the OpenFlow feature cannot be enabled.
Note
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches42
Supported Platforms for Cisco OpenFlow AgentSupported Platforms for Cisco OpenFlow Agent
A P P E N D I X BUninstalling Cisco Plug-in for OpenFlow
• Uninstalling Cisco Plug-in for OpenFlow, page 43
• Converting a Previous OpenFlow Configuration, page 43
• Deactivating and Uninstalling an Application from a Virtual Services Container, page 44
Uninstalling Cisco Plug-in for OpenFlowThe Cisco OpenFlow Agent was introduced in Cisco NX-OS Release 7.0(3)I5(1), replacing the Cisco Plug-infor OpenFlow used in previous releases. The Cisco Plug-in for OpenFlow, which runs as an application in avirtual services container, is no longer supported as of this release. When upgrading from a release earlierthan Cisco NX-OS Release 7.0(3)I5(1) to Cisco NX-OS Release 7.0(3)I5(1) or a later release, you mustdeactivate and uninstall the Cisco Plug-in for OpenFlow application from the virtual services container usingthe procedure described in this section.
Cisco OpenFlowAgent support for the Cisco Nexus 3548 was introduced in Cisco NX-OS Release 7.0(3)I7(2)replacing the Cisco Plug-in for OpenFlow used from Cisco NX-OS Release 6.0(2)A8(1). When upgradingform a release earlier than Cisco NX-OS Release 7.0(3)I7(2) to Cisco NX-OS Release 7.0(3)I7(2) or a laterrelease, you must deactivate and uninstall the Cisco Plug-in for OpenFlow application from the virtual servicescontainer using the procedure described in this section.
Converting a Previous OpenFlow ConfigurationWhen you upgrade to a release that requires you to uninstall the Cisco Plug-in for OpenFlow, you can saveyour existing OpenFlow configuration and modify it for use with the Cisco OpenFlow Agent. Perform thefollowing procedure before uninstalling the Cisco Plug-in for OpenFlow.
Procedure
Step 1 Capture the current OpenFlow configuration.Enter the CLI command show run | section openflow to display the current OpenFlow configuration, asshown in this example.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 43
Example:
Switch# show run | section openflowhardware access-list tcam region openflow 512 double-widemode openflowmode openflowmode openflowmode openflowmode openflow
openflow <----------- Copy this section to your text editor.switch 1pipeline 201controller ipv4 5.1.1.237 port 6653 vrf management security noneof-port interface Ethernet1/11-15
Step 2 Copy the configuration and paste it into your text editor.Step 3 Make the changes described below.
• Add the feature openflow command to enable the Cisco OpenFlow Agent.
• Combine the switch and pipeline commands into one command.
• Expand any interface ranges.
Example:
feature openflow <------------------------- Add this comment to enable openflow agent
openflowswitch 1 pipeline 201 <------------------ Create switch command is in this formatcontroller ipv4 192.168.1.36 port 6653of-port interface Ethernet1/11 <------- Change Ethernet1/11-15 to this formatof-port interface Ethernet1/12of-port interface Ethernet1/13of-port interface Ethernet1/14of-port interface Ethernet1/15
What to Do Next
After uninstalling the Cisco Plug-in for OpenFlow, uninstalling the virtual service container (if necessary),and upgrading the switch, follow the instructions in this guide to enable the Cisco OpenFlow Agent. Thenload the modified configuration into the switch.
Deactivating and Uninstalling an Application from a VirtualServices Container
(Optional) Perform this task to uninstall and deactivate an application fromwithin a virtual services container.
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches44
Uninstalling Cisco Plug-in for OpenFlowDeactivating and Uninstalling an Application from a Virtual Services Container
Procedure
PurposeCommand or Action
Enables privileged EXEC mode.enableStep 1
Example:Device> enable
• Enter your password if prompted.
Enters global configuration mode.configure terminal
Example:Device# configure terminal
Step 2
Enters virtual services configuration mode toconfigure a specified application.
virtual-service virtual-services-name
Example:Device(config)# virtual-serviceopenflow_agent
Step 3
• Use the virtual-services-name defined duringinstallation of the application.
Disables the application.no activate
Example:Device(config-virt-serv)# noactivate
Step 4
Unprovisions the application.no virtual-service virtual-services-nameStep 5
Example:Device(config)# no virtual-serviceopenflow_agent
• Use the virtual-services-name defined duringinstallation of the application.
• This command is optional for all devicesrunning Cisco IOS-XE.
Exits virtual services configuration mode and entersprivileged EXEC mode.
end
Example:Device(config-virt-serv)# end
Step 6
Uninstalls the application.virtual-service uninstall namevirtual-services-name
Step 7
• Use the virtual-services-name defined duringinstallation of the application.
Example:Device# virtual-service uninstallname openflow_agent
• Run this command only after receiving asuccessful deactivation response from thedevice.
Saves the change persistently through reboots andrestarts by copying the running configuration to thestartup configuration.
copy running-config startup-config
Example:Device# copy running-configstartup-config
Step 8
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 45
Uninstalling Cisco Plug-in for OpenFlowDeactivating and Uninstalling an Application from a Virtual Services Container
Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches46
Uninstalling Cisco Plug-in for OpenFlowDeactivating and Uninstalling an Application from a Virtual Services Container
Top Related