Hybrid OpenFlow Switching
656 Router Configuration Guide
The OF controller(s) and router exchange OpenFlow messages using the OpenFlow protocol
(version 1.3.1) over the TCP/IPv4 control channel. Both out-of-band (default) and in-band
management is supported for connectivity to the controller. An OpenFlow message is
processed by the OpenFlow switch instance on the router that installs all supported H-OFS
traffic steering rules in a flow table for the H-OFS instance. A single table per H-OFS instance
is supported initially.
The H-OFS allows operators to:
• Steer IPv4/IPv6 unicast traffic arriving on a Layer 3 interface by programming the
7x50 L3 PBR ACL actions.
• Steer IPv4/IPv6 unicast traffic arriving on a Layer 2 interface by programing the
7x50 L2 PBF ACL actions.
• Drop traffic by programming ACL action drop.
• Forward traffic using regular processing by programming ACL action forward.
Steering actions programmed using OpenFlow are functionally equivalent to ACL actions.
Please see later sections for more details on how OpenFlow standard messages are translated
by the SR OS OpenFlow switch into SR OS ACL filter actions.
The router allows operators to control traffic using OF, as follows:
• An operator can select a subset of interfaces on the router to have OF rules enabled,
by embedding a given instance of H-OFS in filter policies used only by those
interfaces.
• For the interfaces with a given H-OFS instance enabled, an operator can:
→ Steer all traffic arriving on an interface by programming the flow table with a
“match all” entry.
→ Steer a subset of traffic arriving on an interface with this H-OFS instance enabled
by programming the flow table with match rules that select a subset of traffic
(OpenFlow match criteria are translated to ACL filter match criteria). Unless
explicitly listed as a limitation, the SR OS H-OFS supports any OpenFlow match
criteria that can be translated to ACL IPv4/IPv6 filter policy match criteria. A
default rule can be assigned for packets that do not match specific rules. These
packets can be dropped, forwarded, or sent to the OpenFlow controller.
To enable rules in a given H-OFS on an existing service router interface, an operator must:
1. Create one or more ingress line card policy
2. Assign those line card ingress filter policies to the 7x50 service/router interfaces
3. Embed H-OFS instance into those line card policies
4. Program OF rules as required
OpenFlow can be embedded in IPv4/IPv6 ACL filter policies deployed on:
To Next Page
Loading...
