EOS Section 45.4: OpenFlow Command Descriptions

45.4 OpenFlow Command Descriptions
OpenFlow Global Configuration Mode
Openflow Configuration Commands
OpenFlow Display and Clear Commands
bind interface (OpenFlow)
When the switch is configured in interface bind mode, the ingress interface of a packet determines whether the packet is processed according to entries in the OpenFlow table or forwarded normally by the switch.
Only interfaces bound to OpenFlow are mapped to OpenFlow ports and exposed to the controller via features reply and port status messages. Output actions in flow table entries and in packet out messages can refer only to mapped ports. Use the show openflow ports command to see which interfaces the switch maps to OpenFlow ports and exposes to the controller.
In the OpenFlow configuration mode, use the bind mode interface command to select the interface bind mode.
When an interface is bound to OpenFlow, certain switch functions are disabled on the interface, including spanning tree protocol (STP). The OpenFlow controller and application must ensure that flow table entries do not allow traffic to loop in the network.
Only Ethernet and Port-Channel interfaces can be bound to OpenFlow. If an Ethernet interface is configured as a member of a LAG, attempting to bind the interface to OpenFlow has no effect. However, the Port-Channel interface of which it is a member may itself be bound to OpenFlow.
The no bind interface and default bind interface commands revert the specified list configuration to its default by removing the corresponding bind interface command from running-config.
Command Mode
OpenFlow Configuration
Command Syntax
bind interface INTF
no bind interface [INTF]
default bind interface [INTF]
Parameters
INTF     Interface that are tied to OpenFlow. Options include:
ethernet e_range     Ethernet interfaces specified by e_range.
port-channel p_range     port channel interfaces specified by p_range.
Valid e_range and p_range formats include number, range, or comma-delimited list of numbers and ranges.
Example
This command binds Ethernet 1 to OpenFlow.
switch(config)# openflow
switch(config-openflow)#bind interface ethernet 1
bind mode (OpenFlow)
The bind mode command controls the way packets are divided on ingress between OpenFlow processing and normal switch processing.
The switch can be configured to divide traffic entering the switch in the following ways:
Interface bind mode: Packets entering the switch from certain interfaces are only processed by OpenFlow according to flow table entries; packets entering from other interfaces are forwarded normally. (interface bind mode is the default).
VLAN bind mode: Only packets associated with certain VLAN IDs are processed by OpenFlow.
Monitor bind mode: All packets are forwarded normally, and are also processed by OpenFlow; a restricted set of actions are applied to packets matching a flow table entry.
Other packets are forwarded normally according to the MAC address table, filtered by ACLs, mirrored to other ports.
The switch can also be configured to apply a limited set of OpenFlow actions to any packets, regardless of ingress interface or VLAN, as well as forward the packets normally (monitor bind mode).
The no bind mode and default bind mode commands revert the specified list configuration to its default by removing the corresponding bind mode command from running-config.
Command Mode
Open flow Configuration
Command Syntax
bind mode METHOD
no bind mode
default bind mode
Parameters
METHOD      bind interfaces to OpenFlow. Options include:
interface     Only packets arriving on certain interfaces are processed by OpenFlow.
monitor     All packets are forwarded normally, and are also processed by OpenFlow.
vlan     Only packets associated with certain VLAN IDs are processed by OpenFlow.
Example
In this example, packets received without VLAN tags are assigned to the default VLAN 1 upon entering the switch and are processed by OpenFlow. All VLAN-tagged packets are dropped.
switch>enable
switch#configure
switch(config)#interface et1-48
switch(config-if-Et1-48)#switchport mode access
switch(config-if-Et1-48)#switchport access vlan 1
switch(config-if-Et1-48)#exit
switch(config)#openflow
switch(config-openflow)#controller tcp:1.2.3.4:6633
switch(config-openflow)#bind mode vlan
switch(config-openflow)#bind vlan 1
 
bind vlan (OpenFlow)
The bind vlan command adds one or more VLAN IDs to the set of VLANs that are processed by OpenFlow in VLAN bind mode. The VLANs must be created separately using the VLAN configuration mode commands.
If you specify a nonexistent VLAN with the bind vlan command, the binding will be stored in the running configuration but will not take effect until the VLAN is created.
A range of VLANs may be passed to the bind vlan command to add more than one at a time.
The number of VLANs that may be bound to OpenFlow depends on available hardware resources, which are shared with other features including IP routing and ACLs. On the 7050 Series switches the maximum number is 1024.
Use the show openflow command to verify which VLANs are bound to OpenFlow; this command reflects the actual hardware state rather than the configuration.
The no bind vlan and default bind vlan commands removes one or more VLANs from the set of VLANs that are processed by OpenFlow in VLAN bind mode.
Command Mode
OpenFlow Configuration
Command Syntax
bind vlan v_range
no spanning-tree vlan [v_range]
default spanning-tree vlan [v_range]
Parameters
v_range     VLAN list. VLAN numbers range from 1 to 4094.
Examples
These command bind VLANs 1 and 2 to OpenFlow.
switch(config-openflow)#bind mode vlan
switch(config-openflow)#bind vlan 1,2
clear openflow statistics
The clear openflow statistics command resets the flow statistics for OpenFlow.
Command Mode
Privileged EXEC
Command Syntax
clear openflow statistics
Example
This command resets the OpenFlow counters.
switch#clear openflow statistics
switch#
controller (OpenFlow)
The controller command adds the address of an OpenFlow controller to which the switch should connect. The parameter must take the form tcp:1.2.3.4:6633 where 1.2.3.4 is the IP address of the controller and 6633 is the TCP port number.
The controller command may be used multiple times to add multiple controllers. The switch will attempt to connect to the first controller in the list of controllers. If the connection attempt fails, or the current connection terminates, the switch will try the next controller in that list, and so on. If the switch cannot connect to the last controller in the list, it will retry with the first controller in the list.
The order in which controllers are added is the order that the switch uses to establish controller connections. This ordering can be seen in the output of the show openflow command.
The no controller command either removes the specified controller from the list of controllers if a controller address is given as a parameter, or removes all controllers from the list of controllers if no parameter is given. If there are no controllers remaining after this command is executed, the OpenFlow function is effectively disabled.
Warning Adding or removing a controller will cause the current controller connection to be dropped. The switch will then attempt to connect to the first controller in the list of controllers, then second controller, and so on.
The no controller and default controller commands delete s the controller statement from running-config.
Command Mode
OpenFlow Configuration
Command Syntax
controller tcp:ip_address:tcp_port
no controller tcp:ipaddress:tcp_port default controller tcp:ipaddress:tcp_port
Parameters
ip_address     ip address used for OpenFlow. Dotted decimal location.
tcp_port     name of the TCP port used for OpenFlow. Value ranges from 0 to 65535.
Example
These commands enable OpenFlow and sets the controller for an OpenFlow instance.
switch(config)# openflow
switch(config-OpenFlow)# controller tcp:1.2.3.4:6633
default-action (OpenFlow)
The default-action command sets the action for the default flow table entry. This entry is automatically added by the switch. It has the lowest priority, and matches packets that are not matched by any other entry.
Use default-action drop to change the default entry's action to drop packets instead of sending them to the controller. (Note: In this mode, the switch deviates from the OpenFlow specification.)
The no default-action command restores the default entry's action to send packets to the controller.
Command Mode
Openflow Configuration
Command Syntax
default-action ACTION_TYPE
no default-action
default default-action
Parameters
ACTION_TYPE     Action for the default flow table entry. Options include:
controller     Sets the default entry's action to send packets to the controller.
drop      Changes the default entry's action to drop packets instead of sending them to the controller.
Example
This command sets the default entry's action to drop packets instead of sending them to the controller.
switch(config)# openflow
switch(config-OpenFlow)# default-action drop
description (OpenFlow)
The description command allows overriding the switch description string (normally the switch hostname) sent to the controller.
The no description and default description commands remove the description text for the switch hostname from running-config.
Command Mode
OpenFlow Configuration
Command Syntax
description label_text
no description
default description
Parameters
label_text     character string up to 256 characters assigned to describe the switch.
Examples
These commands add the description test to the switch
switch(config-openflow)#description test
switch(config-openflow)#
keepalive (OpenFlow)
The keepalive command alters how often the switch sends an OpenFlow echo request to the currently connected controller (every 10 seconds by default). If an echo reply is not received after three successive echo requests, the switch disconnects from the controller. It then attempts to establish a new controller connection depending on the controller configuration.
The no keepalive command restores the default keepalive period by removing the keepalive command from the running-config.
Command Mode
OpenFlow Configuration
Command Syntax
keepalive keep_alive_time
no keepalive
default keepalive
Parameters
keep_alive_interval_     keepalive period, in seconds. Value ranges from 1 to 100000. Default value is 10 seconds.
Example
This command sets the keepalive time for OpenFlow to 30 seconds.
switch(config)#openflow
switch(config-openflow)#keepalive 30
switch(config-openflow)#
openflow
The openflow command places the switch in OpenFlow configuration mode.
The no openflow and default openflow commands delete the openflow configuration mode statements from running-config.
OpenFlow configuration mode is not a group change mode; running-config is changed immediately upon entering commands. Exiting OpenFlow configuration mode does not affect running-config. The exit command returns the switch to global configuration mode.
Command Mode
Global Configuration
Command Syntax
openflow
no openflow
default openflow
Commands Available in OpenFlow Configuration Mode
Example
This command places the switch in OpenFlow configuration mode:
switch(config)#openflow
switch(config-openflow)#
This command returns the switch to global management mode:
switch(config-openflow)#exit
switch(config)#
profile (OpenFlow)
The profile command sets an alternate flow table profile. Use the show openflow profiles command to see the flow table profiles supported by the switch.
The no profile and default profile commands restores the default flow table profile by removing the profile command from the from running-config.
Command Mode
OpenFlow Configuration
Command Syntax
profile FIELD_TYPE
no profile
default profile
Parameters
FIELD_TYPe     Profiles supported by the switch for the active bind mode. Options include:
full-match     Supports matching the full set of OpenFlow match fields.
l2-match     Supports matching only a subset but with a larger maximum number of flow table entries.
Example
This command advertises the table size for the full-match flow table profile.
switch#(config-openflow)# profile full-match
switch#(config-openflow)#
routing recirculation-interface (OpenFlow)
The routing recirculation-interface command designates a switch interface to recirculate routed OpenFlow traffic for a second pass of processing. Exactly one recirculation interface must be configured to use routing, regardless of the number of VLANs being routed.
Any Ethernet or Port-Channel interface can be used for OpenFlow routing recirculation.
When an interface is configured for OpenFlow routing recirculation:
The switch programs the hardware into a special MAC loopback mode, so the interface cannot be used to carry normal traffic.
The link LED turns green and the recirculation function works even if a transceiver is not present or a cable is not inserted.
The link speed is forced to the maximum.
Interface configuration commands such as switchport and shutdown are ineffective, although they are preserved in the running configuration and become effective again when the interface is no longer configured for OpenFlow routing recirculation.
The routing recirculation-interface and default routing recirculation-interface commands revert the t configuration to its default by removing the corresponding routing recirculation-interface command from running-config.
Command Mode
OpenFlow Configuration
Command Syntax
bind interface INTF
no bind interface [INTF]
default bind interface [INTF]
Parameters
INTF      Options include:
ethernet e_range     Ethernet interfaces specified by e_range.
port-channel p_range     port channel interfaces specified by p_range.
Valid e_range and p_range formats include number, range, or comma-delimited list of numbers and ranges.
Example
This command recirculates traffic routed to and from VLAN 1 via the routed transit VLAN 401.
switch(config-openflow)#bind mode vlan
switch(config-openflow)#bind vlan 1
switch(config-openflow)#routing recirculation-interface et48
switch(config-openflow)#routing vlan 1 routed-vlan 401
switch(config-openflow)#enable
routing vlan (OpenFlow)
The routing vlan command enables IP routing of traffic processed by OpenFlow for a specific VLAN.
The no routing vlan and default routing vlan command disables IP routing of traffic processed by OpenFlow for a VLAN.
Command Mode
OpenFlow Configuration
Command Syntax
routing vlan VLAN_ID routed-vlan vlan_transit
no routing vlan VLAN_ID
default routing vlan VLAN_ID
Parameters
VLAN_ID     Options include
v_num    The full form of the command is routing vlan 123 routed-vlan 456, where 123 is the VLAN of the OpenFlow traffic to be routed, and 456 is a (non-OpenFlow-bound) VLAN configured for standard IP routing.
untagged     To route untagged OpenFlow traffic. use the command routing vlan untagged routed-vlan 456
Examples
This command associates the VLAN with an untagged VLAN 22 to match during the OpenFlow pass.
switch(config-openflow)# routing vlan untagged routed-vlan 22
shell-command allowed (OpenFlow)
The shell-command allowed command allows the controller to run shell or CLI vendor extension commands on the switch.
When this extension is enabled, the switch will execute any CLI command sent by the controller, bypassing normal access controls, so enable it only if the controller is trusted.
The no shell-command allowed and default shell-command allowed commands disables the corresponding shell-command allowed from the running-config.
Command Mode
OpenFlow Configuration
Command Syntax
shell-command allowed
no shell-command allowed
default shell-command allowed
Example
This command allows the controller to run arbitrary CLI commands on the switch.
switch(config)#openflow
switch(config-openflow)#shell-command allowed
switch(config-openflow)#
show openflow
The show openflow command shows the effective OpenFlow configuration parameters.
Command Mode
EXEC
Command Syntax
show openflow
Example
This command displays the actual hardware state of OpenFlow.
switch# show openflow
OpenFlow configuration: Enabled
DPID: 0x000000123456789a
Description: My awesome OpenFlow switch
Controllers:
  configured: tcp:1.2.3.4:6633 tcp:5.6.7.8:6633
  connected: tcp:1.2.3.4:6633
  attempted connection count: 24
  successful connection count: 1
  keepalive period: 10 sec
Flow table state: Enabled
Flow table profile: full-match
Bind mode: interface
  interfaces: Ethernet2, Ethernet4, Ethernet6, Ethernet8
IP routing state: Enabled
  recirculation interface: Ethernet44
  VLAN untagged: routed to/from VLAN 3636
Shell command execution: Disabled
Total matched: 4601 packets
switch#
show openflow flows
The show openflow flows command displays the contents of the flow table, showing each entry with its match rules, actions, packet counters, and timeouts.
The default flow table entry is automatically created by the switch. It always has the lowest priority, and matches packets that are not matched by any other entry. The default entry's action is to send the packet to the controller.
Command Mode
EXEC
Command Syntax
show openflow flows
Example
This command displays the contents of the flow table.
switch# show openflow flows
Flow flow00000000000000000002:
  priority: 0
  cookie: 0 (0x0)
  idle timeout: 60.0 sec
  match:
    ingress interface: Ethernet2
    source Ethernet address: 00:a9:87:65:43:21
    destination Ethernet address: 00:12:34:56:78:9a
    untagged/native VLAN ID
    VLAN PCP: 0
    Ethernet type: IPv4
    source IPv4 address: 10.0.1.1
    destination IPv4 address: 10.0.1.2
    IPv4 TOS: 0
    IPv4 protocol: ICMP
    source TCP/UDP port or ICMP type: 8
    destination TCP/UDP port or ICMP code: 0
  actions:
    output interfaces: OpenFlowRouter
  matched: 4 packets, 408 bytes
Flow __default__:
  priority: -1
  cookie: 0 (0x0)
  match:
  actions:
    output to controller
switch#
show openflow ports
The show openflow ports command displays the mapping between OpenFlow port number and switch interface.
In interface bind mode, all OpenFlow-bound interfaces (except routed ports and LAG members) are mapped to OpenFlow ports and exposed to the controller.
In VLAN bind mode, Ethernet and Port-Channel interfaces (except routed ports and LAG members) configured to carry traffic for one or more OpenFlow-bound VLANs are mapped to OpenFlow ports and exposed to the controller.
In monitor bind mode, all Ethernet and Port-Channel interfaces (except routed ports and LAG members) are mapped to OpenFlow ports and exposed to the controller.
Command Mode
EXEC
Command Syntax
show openflow ports
Example
This command displays which interfaces the switch maps to OpenFlow ports.
switch# show openflow ports
Port 1: Ethernet1
Port 15: Ethernet15
switch#
show openflow profiles
The show openflow profiles command displays the flow table profiles supported by the switch for the active bind mode. For each profile, it shows:
Which fields can be matched by a flow table entry and which can be wildcarded
Which actions are supported for matched packets (in monitor bind mode, only normal and mirror actions are supported)
The maximum number of entries that can be added to the flow table
The hardware resources available to OpenFlow are shared with other switch features like ACLs, so the actual maximum number of flow entries may be lower than the number shown by show openflow profiles command.
On Series 7050 switches, two profiles are available: the full-match profile supports matching the full set of OpenFlow match fields with a maximum of 750 flow table entries, while the l2-match profile supports matching only a subset but with a larger maximum number of flow table entries (1500).
Command Mode
EXEC
Command Syntax
show openflow profiles
Example
This command displays the flow table profiles.
switch#show openflow profiles
full-match:
  Match fields:
    ingress interface
    source Ethernet address
    destination Ethernet address
    VLAN ID
    VLAN PCP
    Ethernet type
    source IPv4 address
    destination IPv4 address
    IPv4 TOS
    IPv4 protocol
    source TCP/UDP port or ICMP type
    destination TCP/UDP port or ICMP code
  Wildcard fields:
    ingress interface
    source Ethernet address
    destination Ethernet address
    VLAN ID
    VLAN PCP
    Ethernet type
    source IPv4 address
    destination IPv4 address
    IPv4 TOS
    IPv4 protocol
    source TCP/UDP port or ICMP type
    destination TCP/UDP port or ICMP code
  Actions:
    copy ingress to mirror dest interfaces
    forward normally
    copy egress to mirror dest interfaces
  Table size: 750 entries max
l2-match:
  Match fields:
    ingress interface
    source Ethernet address
    destination Ethernet address
    VLAN ID
    VLAN PCP
    Ethernet type
  Wildcard fields:
    ingress interface
    source Ethernet address
    destination Ethernet address
    VLAN ID
    VLAN PCP
    Ethernet type
    source IPv4 address
    destination IPv4 address
    IPv4 TOS
    IPv4 protocol
    source TCP/UDP port or ICMP type
    destination TCP/UDP port or ICMP code
  Actions:
    copy ingress to mirror dest interfaces
    forward normally
    copy egress to mirror dest interfaces
  Table size: 1500 entries max
switch#
show openflow queues
The show openflow queues command displays the queues exposed to the OpenFlow controller for each switch interface, and packet and byte counters for each queue.
Command Mode
EXEC
Command Syntax
show openflow queues
Example
This command displays the packet and byte counters for each queue on the active OpenFlow interfaces.
switch#show openflow queues
Port 1 (Ethernet1):
  Queue 0: 0 packets (0 bytes) transmitted, 0 dropped
  Queue 1: 0 packets (0 bytes) transmitted, 0 dropped
  Queue 2: 0 packets (0 bytes) transmitted, 0 dropped
  Queue 3: 0 packets (0 bytes) transmitted, 0 dropped
Port 15 (Ethernet15):
  Queue 0: 0 packets (0 bytes) transmitted, 0 dropped
  Queue 1: 0 packets (0 bytes) transmitted, 0 dropped
  Queue 2: 0 packets (0 bytes) transmitted, 0 dropped
  Queue 3: 0 packets (0 bytes) transmitted, 0 dropped
switch#
show openflow statistics
The show openflow statistics command displays statistics sampled every 5 seconds over the past 5 minutes:
Number of entries in the flow table
Number of flow_mod, packet_out and packet_in messages processed in the 5-second interval
Number of packet_out messages dropped in the 5-second interval (the OpenFlow agent starts dropping packet_out messages when the transmit queue of the controller TCP connection exceeds 50% of capacity)
Command Mode
EXEC
Command Syntax
show openflow statistics
Example
This command displays statistics sampled every 5 seconds.
switch# show openflow statistics
                       table       messages processed last 5 sec     dropped
                     entries   (flow_mod)(packet_out) (packet_in) last 5 sec
2013-08-16 14:48:06        4           0           0           0           0
2013-08-16 14:48:01        4           2           2           2           0
2013-08-16 14:47:56        0           0           2           2           0
2013-08-16 14:47:51        4           0           0           0           0
2013-08-16 14:47:46        4           0           0           0           0
2013-08-16 14:47:41        4           0           0           0           0
2013-08-16 14:47:36        4           0           0           0           0
2013-08-16 14:47:31        4           2           2           2           0
2013-08-16 14:47:26        0           0           0           0           0
2013-08-16 14:47:21        4           0           0           0           0
2013-08-16 14:47:16        4           0           0           0           0
2013-08-16 14:47:11        4           0           0           0           0
2013-08-16 14:47:06        4           0           0           0           0
2013-08-16 14:47:01        4           2           2           2           0
2013-08-16 14:46:56        4           2           2           2           0
2013-08-16 14:46:51        4           0           0           0           0
2013-08-16 14:46:46        0           0           0           0           0
2013-08-16 14:46:41        4           0           2           2           0
2013-08-16 14:46:36        4           0           2           2           0
2013-08-16 14:46:31        4           0           0           0           0
2013-08-16 14:46:26        4           0           0           0           0
2013-08-16 14:46:21        4           2           2           2           0
2013-08-16 14:46:16        4           2           2           2           0
2013-08-16 14:46:11        4           0           2           2           0
2013-08-16 14:46:06        0           0           0           0           0
2013-08-16 14:46:01        0           0           0           0           0
2013-08-16 14:45:56        0           0           0           0           0
2013-08-16 14:45:51        0           0           0           0           0
2013-08-16 14:45:46        0           0           0           0           0
2013-08-16 14:45:41        0           0           0           0           0
2013-08-16 14:45:36        0           0           0           0           0
2013-08-16 14:45:31        0           0           0           0           0
2013-08-16 14:45:26        0           0           0           0           0
2013-08-16 14:45:21        4           0           0           0           0
switch#
shutdown (Openflow)
The shutdown command, in OpenFlow mode, disables OpenFlow on the switch. OpenFlow is disabled by default.
The no shutdown and default shutdown commands re-enable OpenFlow by removing the shutdown command from running-config.
Command Mode
Openflow Configuration
Command Syntax
shutdown
no shutdown
default shutdown
Example
These commands enable OpenFlow on the switch.
switch(config)#openflow
switch(config-openflow)#no shutdown
switch(config-openflow)#
This command disables OpenFlow.
switch(config-openflow)#shutdown