H3C S6820 Series Command Reference Manual

Download

Page 1

H3C S6820 Switch Series

OpenFlow Command Referenc e

New H3C Technologies Co., Ltd. http://www.h3c.com.hk

Software version: Release 612x

Document version: 6W101-20170815

Page 2

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Trademarks

H3C, , H3CS, H3CIE, H3CNE, Aolynk, , H

Care, , IRF, NetPilot, Netflow , SecEngine, SecPath, SecCenter, SecBlade, Comware, ITCMM and HUASAN are trademarks of New H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners

Notice

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or impli ed.

Page 3

Preface

This command reference describes the OpenFlow configuration command s. This preface includes the following topics abo ut the documentation:

• Audience

• Conventions

• Obtaining documentation

• Technical support

• Documentation feedback

Audience

This documentation is intended for:

• Network planners.

• Field technical support and servicing engineers.

• Network administrators working with the S6820 switch series.

Conventions

The following information describes the conventi ons used in the documentation.

Command conventions

Convention

Description

Boldface Bold

text represents commands and keywor ds that you enter literally as shown.

Italic

Italic text represents arguments that you replace with actual values.

[ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... }

Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.

[ x | y | ... ]

Square brackets enclose a set of opt ional syntax choices separated by vertical bars, from which you select one or none.

{ x | y | ... } *

Asterisk marked braces enclose a s et of required syntax choices separated by vertical bars, from which you select a minimum of one.

[ x | y | ... ] *

Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple ch oices, or none.

&<1-n>

The argument or keyword and argument combination before the ampersand (&) s i gn can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions

Convention

Description

Boldface

Window names, button names, field names, and menu items are in Boldface. For example, the

New User

window opens; click OK.

Multi-level menus are separated by angle brackets. For example,

File

Create

Page 4

Convention

Description

Folder

Symbols

Convention

Description

WARNING!

An alert that calls attention to im por tant information that if not understood or followed can result in personal injury.

CAUTION:

An alert that calls attention to im por tant information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software.

IMPORTANT:

An alert that calls attention to essent ial information.

NOTE:

An alert that contains additional or s upplementary information.

TIP:

An alert that provides helpful infor m ation.

Network topology icons

Convention

Description

Represents a generic network devic e, such as a router, switch, or firewall.

Represents a routing-capable devic e, such as a router or Layer 3 switch.

Represents a generic switch, such as a L ayer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other L ayer 2 features.

Represents an access controller, a unified wired-WLAN module, or the access controller engine on a unified wired-WLAN switch.

Represents an access point.

Represents a wireless terminator unit.

Represents a wireless terminator.

Represents a mesh access point.

Represents omnidirectional signals.

Represents directional signal s . Represents a security product, such as a firewall, UTM, multiservice security

gateway, or load balancing devic e.

Represents a security module, suc h as a firewall, load balancing, NetStream, SSL VPN, IPS, or ACG module.

Page 5

Examples provided in this document

Examples in this document might use devices that differ from your device in hardware model, configuration, or software version. It is normal that the port numbers, sample output, screenshots, and other information in the examples differ from what you have on your device.

Obtaining documentation

To access the most up-to-date H3C product documentation, go to the H3C website at

http://www.h3c.com.hk

To obtain information about installation, configuration, and maintenance, click

http://www.h3c.com.hk/Technical_Documents

To obtain software version information such as release notes, click

http://www.h3c.com.hk/Software_Download

Technical support

service@h3c.com

http://www.h3c.com.hk

Documentation feedback

You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments.

Page 6

Contents

OpenFlow commands ······································································· 1

active instance ···················································································································· 1 classification ······················································································································· 1 controller address ················································································································ 2 controller auxiliary ··············································································································· 3 controller connect interval ····································································································· 4 controller echo-request interval ······························································································ 5 controller mode ··················································································································· 5 datapath-id ························································································································· 6 default table-miss permit ······································································································· 7 description ························································································································· 7 display openflow ················································································································· 8 display openflow auxiliary ······································································································ 9 display openflow flow-table ·································································································· 10 display openflow group ······································································································· 15 display openflow instance ··································································································· 16 display openflow meter ······································································································· 18 display openflow summary ·································································································· 20 fail-open mode ·················································································································· 21 flow-entry max-limit ············································································································ 22 flow-log disable ················································································································· 22 flow-table ························································································································· 23 forbidden port ··················································································································· 24 in-band management vlan ··································································································· 24 listening port ····················································································································· 25 mac-ip dynamic-mac aware ································································································· 26 mac-learning forbidden ······································································································· 26 openflow instance ·············································································································· 27 openflow lossless enable ···································································································· 27 permit-port-type member-port ······························································································ 28 precedence dynamic arp ····································································································· 29 protocol-packet filter slow ···································································································· 29 qinq-network enable ··········································································································· 30 refresh ip-flow ··················································································································· 30 reset openflow instance statistics ·························································································· 31 tcp dscp ·························································································································· 31 tcp-connection backup ········································································································ 32

Index ··························································································· 33

Page 7

OpenFlow commands

active instance

Use active instance to activate an OpenFlow instance . Use undo active instance to deactivate an OpenFlow instance.

Syntax

active instance undo active instance

Default

An OpenFlow instance is not activated.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

If the VLAN configuration or flow table confi guration of an activated OpenFlow instance is changed, use this command to reactivate the instance. After the OpenFlow instance is reactivated, it re-establishes connections to controllers if the OpenFlow instance was connected to the controllers before the reactivation.

Examples

# Activate OpenFlow instance 1.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] active instance

classification

Use classification to configure the OpenFlow instance m ode. Use undo classification to restore the default.

Syntax

classification { global | vlan vlan-id [ mask vlan-mask ] [ loosen ] } undo classification

Default

The OpenFlow instance mode is not configured.

Views

OpenFlow instance view

Predefined user roles

network-admin

Page 8

Parameters

global: Specifies the global mode. vlan: Specifies the VLAN mode.

vlan-id: Specifies a VLAN ID in the range of 1 to 4094. vlan-mask: Specifies a VLAN mask in the range of 0 to 4095. The default value is 4095.

loosen: Specifies the loosen mode. If the loosen mode is used, a port belongs to the OpenFlow instance when VLANs associated with the OpenFlow instance overlap with the port's allowed VLANs. If you do not specify the loosen mode, a port belongs to an OpenFlow instance only when VLANs associated with the OpenFlow instance are within the port's allowed VLAN list.

Usage guidelines

The VLANs to be associated are calculated by a bitwise AND operation on the specified VLAN ID and mask. The VLAN mask supports non-contiguous 1s and ignores all 0 bits. To view the associated VLANs, use the display openflow instance command.

If you execute this command multiple times, the m ost recent configuration takes ef fect.

Examples

# Enable the VLAN mode for OpenFlow instan ce 1 and associate OpenFlow instance 1 with V LANs determined by VLAN ID 255 and VLAN mask 7.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] classification vlan 255 mask 7

Related commands

display openflow instance

controller address

Use controller address to specify a controller for an OpenFlow switch and configure the main connection to the controller.

Use undo controller address to delete the main connection to the specified controller.

Syntax

controller controller-id address { ip ipv4-address | ipv6 ipv6-address } [ port port-number ] [ local address { ip local-ipv4-address | ipv6 local-ipv6-address } [ port local-port-number ] ] [ ssl ssl-policy-name ] [ vrf vrf-name ]

undo controller controller-id address

Default

An OpenFlow instance does not have a main connection to a controller.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

controller-id: Specifies a controller by its ID in the range of 0 to 63.

ip ipv4-address: Specifies the IPv4 address of the controller. ipv6 ipv6-address: Specifies the IPv6 address of the controller.

Page 9

port port-number: Sets the port number used by the controller to establish TCP connections to the OpenFlow switch. The value range for th e port number is 1 to 65535. The default val ue i s 6633.

local address: Specifies the source IP addr ess used to establish TCP connections to the controller. When multiple routes are available between a controller and a switch, you can use this keyword to configure a source IP address for the switch. When the switch restarts or an active/standby switchover occurs, the switch can use the original route to reconnect to the controller without selecting a new route.

ip local-ipv4-address: Specifies the source IPv4 address. ipv6 local-ipv6-address: Specifies the source IPv6 address. port local-port-number: Specifies the source port number in the range of 1 to 65535. If you do not

specify this option, the system automatically assigns a source port numbe r for establishing t he main connection to the controller.

ssl ssl-policy-name: Specifies the SSL client policy that the controller uses to authenticate the OpenFlow switch. The ssl-policy-name argument is a case-insensitive string of 1 to 31 characters. You must configure a separate SSL client policy for the main connection to each controller.

vrf vrf-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VRF name, the controller is in the public network.

Usage guidelines

You can specify multiple controllers for an OpenFlow switch. The OpenFlow channel between the OpenFlow switch and each controller can have only one main connection.

The OpenFlow swit ch us es the main connection to a controller to exchange control messages with the controller to perform the following operations:

• Receive flow table entries or data from the controller.

• Report information to the controller.

As a best practice, configure a unicast IP address for a controller. An OpenFlow switch might fail to establish a connection with the controller t hat does not use a unicast IP address.

As a best practice, confi gure a unicast source IP addre ss that is the IP addres s of a port belonging to the OpenFlow instance. If the source IP address is not a unicast address of a port belonging to the OpenFlow instance, the OpenFlow switch might fail to establish a connection with the controller.

Examples

# Specify controller 1 for OpenFlow instance 1. The controller's IP address is 1.1.1.1 and the port number is 6666.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] controller 1 address ip 1.1.1.1 port 6666

controller auxiliary

Use controller auxiliary to specify a controller for an OpenFlow switch and configure an auxiliary connection to the controller.

Use undo controller auxiliary to delete t he specified auxiliary connection t o the specified controller .

Syntax

controller controller-id auxiliary auxiliary-id transport { tcp | udp | ssl ssl-policy-name } [ address { ip ipv4-address | ipv6 ipv6-address } ] [ port port-number ]

undo controller id auxiliary auxiliary-id

Page 10

Default

An OpenFlow instance does not have auxiliary connections to a controller.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

controller-id: Specifies a controller by its ID in the range of 0 to 63.

auxiliary auxiliary-id: Specifies an auxiliary connection ID in the range of 1 to 255. transport: Specifies the transport layer proto col. tcp: Specifies TCP con nections. udp: Specifies UDP connections. ssl ssl-policy-name: Specifies the SSL client policy that the controller uses to authenticate the

OpenFlow switch. The ssl-policy-name argument is a case-insensitive string of 1 to 31 characters. ip ipv4-address: Specifies the IPv4 address of the controller. ipv6 ipv6-address: Specifies the IPv6 address of the controller. port port-number: Sets the port number used to establish TCP connections to the controller. The

value range for the port number is 1 to 65535. The default value is 6633.

Usage guidelines

The OpenFlow channel might have one main connection and multiple auxiliary connections. Auxiliary connections are used to improve the communication performance between the controller and OpenFlow switches.

Make sure the configuration of an auxiliary conne ctio n doe s not co nfl ict wit h the config urat io n of t he main connection. Otherwise, the auxiliary connection cannot be established.

An auxiliary connection can have a different destination IP address and port number than the main connection. If no destination IP address and port number are specified, t he auxiliary connection uses the destination IP address and po rt number configured for the main connection.

Examples

# Specify controller 1 for OpenFl ow inst ance 1 and conf igure auxiliary connection 1 to t he controller.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] controller 10 auxiliary 1 transport tcp

controller connect interval

Use controller connect interval to set the interval for an OpenFlow instance to reconnect to a controller.

Use undo controller connect interval to restore the default.

Syntax

controller connect interval interval undo controller connect interval

Default

An OpenFlow instance reconnects to a controller every 60 seconds.

Page 11

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

interval: Specifies the reconnection interval i n the range of 10 to 120 seconds.

Examples

# Configure OpenFlow instance 1 to reconnect to a controller every 10 seconds.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] controller connect interval 10

controller echo-request interval

Use controller echo-request interval to set the echo request interv al for an OpenFlow switch. Use undo controller echo-request interval to restore the default.

Syntax

controller echo-request interval interval undo controller echo-request interval

Default

The echo request interval is 5 seconds for an OpenFlow switch.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

interval: Specifies the echo request interval in the range of 1 to 10 seconds.

Examples

# Set the echo request interval to 10 seconds f or O penFlow instance 1.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] controller echo-request interval 10

controller mode

Use controller mode to set the controller mode for an OpenFlow i nst ance. Use undo controller mode to restore the default.

Syntax

controller mode { multiple | single } undo controller mode

Page 12

Default

The controller mode is multiple.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

multiple: Specifies the multiple mode. single: Specifies the single mode.

Usage guidelines

In single mode, the OpenFlow switch connects to only one controller at a time. When communication with the current controller fails, the OpenFlow instance connects to the controller with the lowest ID among the rest controllers.

In multiple mode, the OpenFlow switch simultaneously connects to all controllers. If one or more controllers become invalid or disconnected, t he Open Flow swi tc h continue s to exchange messages with the rest of the controllers.

Examples

# Set all controllers of OpenFlow instance 1 t o operate in single mode.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] controller mode single

datapath-id

Use datapath-id to set the datapath ID for an OpenFlow instance. Use undo datapath-id to restore the default.

Syntax

datapath-id id undo datapath-id

Default

The datapath ID of an OpenFlow instance contains the instance ID and the bridge MAC address of the device. The lower 16 bits are the instance ID and the upper 48 bits are t he br idge MAC ad dre ss of the device.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

id: Specifies the datapath ID for the Op enFlow instance, in the range of 1 to ffffffffffffffff in hexadecimal format.

Examples

# Set the datapath ID to 123456 for OpenFlow instance 1.

<Sysname> system-view

Page 13

[Sysname] openflow instance 1 [Sysname-of-inst-1] datapath-id 123456

default table-miss permit

Use default table-miss permit to change the default action of table-miss flow entries to forward packets to the normal pipeline.

Use undo default table-miss permit to restore the default.

Syntax

default table-miss permit undo default table-miss permit

Default

The default action of a table-miss flow entry i s t o drop packets.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

Packets that do not match the MAC-IP flow entries are matched with ARP or MAC entries before table-miss flow entries. If a match is found, the packets are forwarded in the normal forwarding process. If no match is found, the packets are dropped.

Examples

# Configure the default action of table-miss flow entries to forward packets to the normal pipeline.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] default table-miss permit

description

Use description to configure a description for an OpenFlow instance. Use undo description to restore the default.

Syntax

description text undo description

Default

An OpenFlow instance does not have a descript ion.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 255 char act ers.

Page 14

Examples

# Configure the description as test-desc for OpenFlow instance 1.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] description test-desc

display openflow

Use display openflow to display controller information for an OpenFlow instance.

Syntax

display openflow instance instance-id { controller [ controller-id ] | listened }

Views

Any view

Predefined user roles

network-admin network-operator

Parameters

instance-id: Specifies an OpenFlow instanc e by its ID in the range of 1 to 4094. controller-id: Specifies a controller by its ID in the range of 0 to 63. If you do not specify a controller

ID, this command displays information about al l cont rollers for an OpenFlow instance.

listened: Specifies the client that connects t o the server that is enabled for the OpenFlow ins tance.

Examples

# Display controller information for OpenFlow instance 100.

<Sysname> display openflow instance 100 controller OpenFlow instance ID: 100 Reconnect interval : 60 (s) Echo interval : 5 (s)

Controller ID : 1 Controller IP address : 192.168.49.49 Controller port : 6633 Local IP address : 192.0.0.1 Local port : 5566 Controller role : Equal Connect type : TCP Connect state : Established Packets sent : 9 Packets received : 9 SSL policy : - VRF name : --

Table 1 Command output

Field

Description

Reconnect interval

Reconnection interval (in seconds) for an OpenFlow instance to reconnect to all controllers.

Page 15

Field

Description

Echo interval

Connection detection interval ( i n s econds) at which an OpenFlow instance

sends an echo request message to all controllers. Controller IP address IP address of the controller. Controller port TCP port number of the controller.

Local IP address

Source IP address of the controller that is connected to the OpenFlow

instance. Local port Source TCP port number of the current controller.

Controller role

Role of the controller:

• Equal—The controller has the same mode as other controllers that are specified for the OpenFlow instance.

• Master—The controller is the mast er controller for the OpenFlow instance.

• Slave—The controller is a subordinate controller for the OpenFlow instance.

If the controller is not configured with any role, this field displays two hyph ens (--).

Connect type

Type of the connection between the OpenFlow instance and the controller :

TCP

SSL

Connect state

State of the connection between the OpenFlow instance and the controller:

Idle

Established

. Packets sent Number of packets that have been sent to the controller. Packets received Number of packets that have been received from the controller.

SSL policy

Name of the SSL client policy used for SSL connections. If no SSL client policy is configured, this field displays two hyphens (--).

VRF name

Name of the MPLS L3VPN to which the controller bel ongs. If no MPLS L3VPN instance is configured, this field displays two hyphens (--).

display openflow auxiliary

Use display openflow auxiliary to display auxiliary connection information and statistics about received and sent packets for an OpenFlow instance.

Syntax

display openflow instance instance-id auxiliary [ controller-id [ auxiliary auxiliary-id ] ]

Views

Any view

Predefined user roles

network-admin network-operator

Parameters

instance-id: Specifies an OpenFlow instanc e by its ID in the range of 1 to 4094. controller-id: Specifies a controller by its ID in the range of 0 to 63. auxiliary auxiliary-id: Specifies an auxiliary connection by its ID in the range of 1 to 255.

Page 16

Examples

# Display auxiliary connection information for OpenFlow instance 100.

<Sysname> display openflow instance 100 auxiliary Controller ID: 1 Auxiliary connection number: 2 Auxiliary connection ID : 1 Controller IP address : 192.168.49.48 Controller port : 6633 Connect type : TCP Connect state : Established Packets sent : 9 Packets received : 9 SSL policy : --

Auxiliary connection ID : 2 Controller IP address : 192.168.49.49 Controller port : 6633 Connect type : TCP Connect state : Established Packets sent : 9 Packets received : 9 SSL policy : --

Table 2 Command output

Field

Description

Auxiliary connection number

Total number of auxiliary connections.

Auxiliary connection ID ID of an auxiliary connection. Controller IP address IP address of the controller. Controller port TCP port number of the controller.

Connect type

Type of the connection between the OpenFlow instance and the controller :

TCP UDP

, or

SSL

Connect state

State of the connection between the OpenFlow instance and the control l er:

Idle

Established

. Packets sent Number of packets that have been sent to the controller. Packets received Number of packets that have been received from the controller.

SSL policy

Name of the SSL client policy used for SSL connections. If no SSL client policy is configured, this field displays two hyphens (--).

display openflow flow-table

Use display openflow flow-table to display flow table information for an OpenFlow i nstance.

Syntax

display openflow instance instance-id flow-table [ table-id ]

Views

Any view

Page 17

Predefined user roles

network-admin network-operator

Parameters

instance-id: Specifies an OpenFlow instanc e by its ID in the range of 1 to 4094. table-id: Specifies a flow table by its ID in the range of 0 to 254. If you do not specify a f low table ID,

the command displays information about all flow tables for the specified OpenFlow instanc e.

Examples

# Display information about all flow table s f or O penFlow instance 100.

<Sysname> display openflow instance 100 flow-table Instance 100 flow table information:

Table 0 information: Table type: MAC-IP, flow entry count: 1, total flow entry count: 2

MissRule (default) flow entry information: cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: reset_counts |no_pkt_counts|no_byte_counts, byte count: --, packet count: -Match information: any Instruction information: Write actions: Drop

Flow entry rule 1 information: cookie: 0x0, priority: 1, hard time: 0, idle time: 0, flags: none, byte count: --, packet count: -Match information: Ethernet destination MAC address: 0000-0000-0001 Ethernet destination MAC address mask: ffff-ffff-ffff VLAN ID: 100, mask: 0xfff Instruction information: Write actions: Output interface: HGE1/0/4 Write metadata/mask: 0x0000000000000001/0xffffffffffffffff Goto table: 1

Table 1 information: Table type: Extensibility, flow entry count: 2, total flow entry count: 2

MissRule (default) flow entry information: cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: none, byte count: 300, packet count: 60 Match information: any Instruction information: Write actions: Drop

Page 18

Flow entry rule 1 information: (Not effective) cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem |check_overlap, byte count: 8, packet count: 1 Match information: Input interface: HGE1/0/3 Ethernet source MAC address: 0000-0000-0001 Ethernet source MAC address mask: ffff-ffff-ffff Instruction information: Set meter: 100 Apply actions: Output interface: HGE1/0/4 Write actions: Output interface: Controller, send length: 128 bytes

Table 3 Command output

Field

Description

Table information Information about the flow table. Table type Type of the flow table:

MAC-IP

Extensibility

. flow entry count Number of flow entries deployed b y t he c ontroller. total flow entry count Total number of flow entries in the table.

Flow entry rule information

Information about the flow entry. If the flow entry does not take effect, this field displays

Not effective

. cookie Cookie ID of the flow entry. priority Priority of the flow entry. The larger the value, the higher the priority.

hard time

Hard timeout of the flow entry, in seconds. The flow entry is removed when the timer times out, whether or not the flow entry matches any data stream.

If the flow entry has no hard timeout, the field displays 0.

idle time

Idle timeout of the flow entry, in seconds. The flow entry is removed if the flow entry does not match any data stream during the idle time.

If the flow entry has no idle timeout, t he field displays 0.

flags

Flags that the flow entry includes:

• flow_send_rem—Sends a flow removed message when the flow entry is removed or expires.

• check_overlap—Checks for overl apping flow entries.

• reset_counts—Resets flow table counters.

• no_pkt_counts—Does not count packets.

• no_byte_counts—Does not count bytes.

If the flow entry does not include any fla gs, this field displays

none

. byte count Number of bytes that have matched the flow entry. packet count Number of packets that have matched t he flow entry. Match information Contents of the match field of the flow entry (see Table 4).

Page 19

Field

Description

Instruction information

Contents of the instruction set of the flow entry:

• Set meter—Sends the matched packet to a specific met er.

• Write metadata—Writes the value into the metadata fields of the

matched packet. Metadata is used for passing messages between flow tables.

• Write metadata mask—Specifies which bits of the metadata should be modified.

• Goto table—Sends the matched packet to the next flow table for processing.

• Clear actions—Immediately clears all actions in the action set.

• Apply actions—Immediately applies specified actions in the action set.

• Write actions—Writes specified actions into the current action set.

For more information about actions, see Table 5.

Table 4 Match field types

Field

Mask field

Description

Input interface N/A Ingress port (see Table 6). Physical input interface N/A Ingress physical port. Metadata Metadata mask Metadata and mask. Ethernet destination

MAC address

Ethernet destination MAC address mask

Ethernet destination MAC address and mask.

Ethernet source MAC address

Ethernet source MAC address mask

Ethernet source MAC address and mask.

Ethernet type N/A Ethernet type of the OpenFlow packet payload. VLAN ID Mask VLAN ID and mask. VLAN PCP N/A VLAN priority.

IP DSCP N/A

Differentiated Services Code Point (DSCP) value.

IP ECN N/A

Explicit Congestion Notification (ECN) value in

the IP header. IP protocol N/A IPv4 or IPv6 protocol number. IPv4 source address Mask IPv4 source address and mask. IPv4 destination address Mask IPv4 destination address and mask. TCP source port Mask TCP source port and mask. TCP destination port Mask TCP destination port and mask. UDP source port Mask UDP source port and mask. UDP destination port Mask UDP destination port and mask. ICMPv4 type N/A ICMPv4 type. ICMPv4 code N/A ICMPv4 code. IPv6 source address IPv6 source address mask Source IPv6 address and mask.

IPv6 destination address

IPv6 destination address mask

Destination IPv6 address and mask.

IPv6 flow label Mask IPv6 flow label and mask.

Page 20

Field

Mask field

Description

ICMPv6 type N/A ICMPv6 type. ICMPv6 code N/A ICMPv6 code. Output interface N/A Output port. VRF index N/A VPN index. Fragment N/A Fragment. Physical output interface N/A Output physical port. CVLAN ID Mask CVLAN ID and mask.

Experimenter N/A

Extension matching fields.

Address ID

represents the unique identifier of an address.

Table 5 Actions

Field

Description

Drop

Drops the matched packet. This action is not defined in the OpenFlow specifications.

Output interface

Sends the packet through a specific por t. For more information about ports, see

Table 6.

send length

Specifies the max length of byt es to be taken from the packet and sent to t he controller.

This field appears only when the reserved port of the controller type is specified as

the output port. Group Specifies a group table to process the packet. Set queue Maps the flow entry to a queue specifi ed by its ID. Set field Modifies a field of the packet.

Table 6 Ports

Port name

Ingress port

Output port

Description

In port Not supported. Supported.

Forwarding the packet out of the ingress port.

Table Not supported. Supported.

Submitting the packet to the first flow table so that the packet can be processed through the regular OpenFlow pipeline.

Normal Not supported. Supported.

Processing the packet by using the nor m al

forwarding process. Flood Not supported. Supported. Flooding the packet. All Not supported. Supported. Forwarding the packet out of all por ts. Controller Supported. Supported. Sending the packet to the controller. Local Supported. Supported. Sending the packet to the loca l C P U .

Any Not supported. Not supported.

Special value used in some OpenFlow

commands when you do not specify a port.

port name

Supported. Supported. Valid physical or logical port on the switch.

Page 21

display openflow group

Use display openflow group to display group entry information for an Op enFl ow instance.

Syntax

display openflow instance instance-id group [ group-id ]

Views

Any view

Predefined user roles

network-admin network-operator

Parameters

instance-id: Specifies an OpenFlow instanc e by its ID in the range of 1 to 4094. group-id: Specifies a group by its ID in the rang e of 0 to 4294967040. If you do not specify a group ID,

this command displays information about all group entries for an OpenFlow instance.

Examples

# Display group entry information for OpenFlow instance 100.

<Sysname> display openflow instance 100 group Instance 100 group table information: Group count: 2

Group entry 103: Type: All, byte count: 55116, packet count: 401 Bucket 1 information: Action count 1, watch port: any, watch group: any Byte count 55116, packet count 401

Output interface: BAGG100 Bucket 2 information: Action count 1, watch port: any, watch group: any Byte count --, packet count - Output interface: Controller, send length: 128 bytes Referenced information: Count: 3 Flow table 0 Flow entry: 1, 2, 3

Group entry 104: Type: All, byte count: 0, packet count: 0 Bucket 1 information: Action count 1, watch port: any, watch group: any Byte count --, packet count - Output interface: Controller, send length: 128 bytes Referenced information: Count: 0

Page 22

Table 7 Command output

Field

Description

Group count Total number of group entries included in the OpenFlow instance.

Type

Type of the group entry:

• All—Executes all buckets in the group. This group is used for multicast or broadcast forwarding.

• Select—Executes one bucket in the group.

• Indirect—Executes the one defined bucket in the group.

• Fast failover—Executes the first live bucket.

Bucket Buckets included in the group table. Action count Number of actions included in the buc k et.

Byte count

Number of bytes processed by a group or by a bucket. If this field is not supported, the field displays two hyphens (--).

packet count

Number of packets processed by a group or by a bucket.

If this field is not supported, the field displays two hyphens (--). watch port Port whose state affects whether this bucket is live. watch group Group whose state affects whether this bucket is li v e. Output interface Output interface included in the group entry. Referenced information Information about the group entry used by flow entries. Count Total number of flow entries that use the group entry. Flo w table Flow table to which the flow entries that use the group entry belong. Flow entry Flow entries that use the group entry.

display openflow instance

Use display openflow instance to display detailed information about an OpenFlow instance.

Syntax

display openflow instance [ instance-id ]

Views

Any view

Predefined user roles

network-admin network-operator

Parameters

instance-id: Specifies an OpenFlow instance by its I D in the range of 1 to 4094. If you do not specify an instance ID, this command displays detailed information about all OpenFlow instances.

Examples

# Display detailed information about Op enF l ow instance 100.

<Sysname> display openflow instance 100 Instance 100 information:

Page 23

Configuration information: Description : test-desc Active status : Active Inactive configuration: None Active configuration: Classification: VLAN, loosen mode, total VLANs(1) 2 In-band management VLAN, total VLANs(0) Empty VLAN Connect mode: Multiple MAC address learning: Disabled TCP DSCP value: 10 Flow table: Table ID(type): 0(MAC-IP), count: 0 Flow-entry max-limit: 65535 Datapath ID: 0x0000001234567891 Default table-miss: Drop Forbidden port: None Qinq Network: Disabled TCP connection backup: Enabled Port information: HundredGigE1/0/3 Active channel information: Controller 1 IP address: 192.168.49.49 port: 6633 Controller 2 IP address: 192.168.43.49 port: 6633

Table 8 Command output

Field

Description

Configuration information Information about the configur ation. Description Description of the OpenFlow instance. Active status OpenFlow instance status:

Active

Inactive.

Inactive configuration Inactive configuration for the OpenF low instance. Active configuration Active configuration for the OpenFlow instance. Classification: VLAN, total

VLANs

VLANs that are associated with the O penFlow instance and the total

number of these VLANs. loose mode The loose mode is used. In-band management VLAN,

total VLANs

Inband management VLANs and the total number of them.

Connect mode

Connection mode of the controller:

• Single—The OpenFlow instance connects to only one controller at a time.

• Multiple—The OpenFlow instance can simultaneously connect to multiple controllers.

MAC address learning Whether MAC address learning is disabled:

Enabled

Disabled

TCP DSCP value DSCP value for OpenFlow packets.

Page 24

Field

Description

Flo w table Flow table information for the OpenFlow instance. Table ID(type) Type of the flow table:

MAC-IP

Extensibility

. count Total number of flow entries included in the current flow table. Flow-entry max-limit Maximum number of flow entries allowed in the extensibility flow table. Datapath ID Datapath ID of the OpenFlow instance. Default table-miss Default action of the table-miss flow entry:

Permit

Drop

Forbidden port

Type of interfaces that are forbidden to be reported to the controller:

• L3 Physical Interface—Layer 3 Ethernet interfaces and Layer 3 aggregate interfaces.

• VLAN interface.

• Virtual Switch Interface.

Qinq Network

Whether the OpenFlow instance is ena bled to perform QinQ tagging for double-tagged packets passing an e xtensibility flow table:

• Disabled.

• Enabled.

TCP connection backup

Whether OpenFlow connection backup is enabled:

• Disabled.

• Enabled.

Port information Ports that have been added to the OpenFlow instance. Active channel information Information about active channels. IP address IP address of the controller configur ed for the OpenFlow instance. Port TCP port number that is used to connect to the controller.

Failopen mode

Connection interruption mode for the OpenFlow instance:

• Standalone.

• Smart.

• Secure.

display openflow meter

Use display openflow meter to display meter entry information for an OpenFlo w instance.

Syntax

display openflow instance instance-id meter [ meter-id ]

Views

Any view

Predefined user roles

network-admin network-operator

Parameters

instance-id: Specifies an OpenFlow instanc e by its ID in the range of 1 to 4094. meter-id: Specifies a meter by its ID in the range of 1 to 4294901760. If you do not specify a meter ID,

this command displays information about all m eter entries for an OpenFlow instance.

Page 25

Examples

# Display meter entry information for OpenFlow instance 100.

<Sysname> display openflow instance 100 meter Meter flags: KBPS -- Rate value in kb/s, PKTPS -- Rate value in packet/sec BURST -- Do burst size, STATS -- Collect statistics

Instance 100 meter table information: meter entry count: 2

Meter entry 100 information: Meter flags: KBPS Band 1 information Type: drop, rate: 1024, burst size: 65536 Byte count: --, packet count: - Referenced information: Count: 3 Flow table: 0 Flow entry: 1, 2, 3

Meter entry 200 information: Meter flags: KBPS Band 1 information Type: drop, rate: 10240, burst size: 655360 Byte count: --, packet count: - Referenced information: Count: 0

Table 9 Command output

Field

Description

Group entry count Total number of meter entries that the OpenFlow instance has.

Meter flags

Flags configured for the meter:

• KBPS—The rate value is in kbps.

• PKTPS—The rate value is in pps.

• BURST—The burst size field in the band is us ed and the length of the

packet or byte burst is determined b y th e burst size.

• STATS—Meter statistics are c oll ec ted.

Band Bands contained in the meter.

Type

Type of the band:

• drop—Discard the packet.

• dscp remark—Modify the drop precedence of the DSCP field in t he IP

header of the packet. Rate Rate value above which the corresponding band applies to packets. Burst size Length of the packet or byte burst to consider for applying the met er .

Byte count

Number of bytes processed by a band. If this field is not supported, the field displays two hyphens (--).

packet count

Number of packets processed by a band. If this field is not supported, the field displays two hyphens (--).

Page 26

Field

Description

Referenced information Information about the meter entry used by flow entries. Count Total number of flow entries that use the meter entry. Flow table Flow table to which the flow entries that use the meter entry belong. Flow entry Flow entries that use the meter entry.

display openflow summary

Use display openflow summary to display brief OpenFlow instance information.

Syntax

display openflow summary

Views

Any view

Predefined user roles

network-admin network-operator

Examples

# Display brief OpenFlow instance information.

<Sysname> display openflow summary Fail-open mode: Se - Secure mode, Sa - Standalone mode

ID Status Datapath-ID Channel Table-num Port-num Reactivate 1 Active 0x0000000100001221 Connected 2 8 N 10 Inactive - - - - 4094 Active 0x00000ffe00001221 Failed(Sa) 2 0 N

Table 10 Command output

Field

Description

ID OpenFlow instance ID.

Status

Activation status of the OpenFlow instance:

• Active—The OpenFlow instance has been activated.

• Inactive—The OpenFlow instance has not been activated.

Datapath-ID

Datapath ID of the OpenFlow instance. If the OpenFlow instance is not activated, this field displays a hyphen (-).

Page 27

Field

Description

Channel

Status of the OpenFlow channel to the controller:

• Connected—An OpenFlow channel has be en es tablished.

• Failed(Se)—The OpenFlow channel is disconnected from the controller,

and the OpenFlow instance uses the secure connection interruption

mode.

• Failed(Sm)—The OpenFlow channel is disconnected from the controller, and the OpenFlow instance uses the smart connection interruption mode.

• Failed(Sa)—The OpenFlow channel is dis c onnected from the controller, and the OpenFlow instance uses the standalone connection interruption mode.

If the OpenFlow instance is not activated, this field displays a hyphen (-).

Table num

Number of flow tables that the OpenFlow instance has. If the OpenFlow instance is not activated, this field displays a hyphen (-).

Port num

Number of ports that belong to the OpenFl ow instance. If the OpenFlow instance is not activated, this field displays a hyphen (-).

Reactivate

Whether the OpenFlow instance is required to be reactivated. N indicates the configuration is unchanged and the OpenFlow instance is not required to be reactivated.

If the OpenFlow instance is not activated, this field displays a hyphen (-).

fail-open mode

Use fail-open mode to set the connection interruption mode for an OpenFlow switch. Use undo fail-open mode to restore the default.

Syntax

fail-open mode { secure | smart | standalone } undo fail-open mode

Default

The connecti on interruption mode is secure, and the controller deploys the table-miss flow entry (the action is Drop) to the OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

secure: Configures the OpenFlow switch to use flow tables for traffic forwarding after it is

disconnected from all controllers. If the output action in a matching flow entry is to forward traf fic t o a controller , the traffic is discarded.

smart: Configures the OpenFlow switch to use flow tables for traffic forwarding after it is disconnected from all controllers. If the output action in a matching flow entry is to forward traf fic t o a controller , the traffic is forwarded in normal process.

standalone: Configures the OpenFlow switch to use the normal forwarding process after it is disconnected from all controllers.

Page 28

Examples

# Set the connection interruption mode to standalone for OpenFlow instance 1.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] fail-open mode standalone

flow-entry max-limit

Use flow-entry max-limit to set the maximum number of entries for an extensibility flow table on an OpenFlow switch.

Use undo flow-entry max-limit to restore the default.

Syntax

flow-entry max-limit limit-value undo flow-entry max-limit

Default

An extensibility flow table can have a maximum of 65535 flow entries.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

limit-value: Specifies the maximum number of f low entrie s. The val ue range f or thi s argume nt is 1 t o

65535.

Examples

# Configure OpenFlow instance 1 to ha v e a max imu m of 256 ent ri es in e ach ext ensibility f low table.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] flow-entry max-limit 256

flow-log disable

Use flow-log disable to disable logging for successful flow table modifications. Use undo flow-log disable to restore the default.

Syntax

flow-log disable undo flow-log disable

Default

Logging for successful flow table modifications is enabled.

Views

OpenFlow instance view

Predefined user roles

network-admin

Page 29

Examples

# Disable logging for successful flow table modifications for OpenFlow inst ance 1.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] flow-log disable

flow-table

Use flow-table to create a flow table for an OpenFlow instance. Use undo flow-table to restore the default.

Syntax

flow-table { [ ingress-vlan ingress-table-id ] [ extensibility extensibility-table-id | mac-ip mac-ip-table-id ] * [ egress-vlan egress-table-id ] }

undo flow-table

Default

An OpenFlow instance has an extensibility flow table with ID 0.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

ingress-vlan ingress-table-id: Specifies a VLAN tag ging flow t able by its ID in th e range of 0 t o 254. If you specify this option, the device tags all incoming pac kets matching the table.

extensibility extensibility-table-id: Specifies an extensibility flow table by its ID in the range of 0 to

254.

mac-ip mac-ip-table-id: Specifies a MAC-IP flow table by its ID in the range of 0 to 254. egress-vlan egress-table-id: S pecifies a VLAN untagging flow table by its ID in the range of 0 to 254.

If you specify this option, the device untags all outgoi ng packets matching the table.

Usage guidelines

Create flow tables for an OpenFlow instance b efore y ou activate the OpenFl ow instance. If you execute this command multiple times, the m ost recent configuration takes ef fect. The ID you enter for an extensibility flow table mu st be larger than the ID for an MAC-IP flow table. If you specify the ingress-vlan ingress-table-id option, make sure the VLAN tagging flow table has

the smallest ID among all flow tables. If you specify the egress-vlan egress-table-id option, make sure the VLAN untagging flow table has the largest ID among all flow tables. The V LAN tagging flow table and untagging flow table take effect only when the following conditions are met:

• The OpenFlow instance is configured to perfo rm Qi nQ tagging for double-tagged packets passing an extensibility flow table.

• The OpenFlow instance uses the standalone connect i on interruption mode.

Examples

# Create a MAC-IP flow table with ID 0 and an extensibility flow table with ID 1 for OpenFlow in stance

<Sysname> system-view [Sysname] openflow instance 1

Page 30

[Sysname-of-inst-1] flow-table mac-ip 0 extensibility 1

Related commands

qinq-network enable

forbidden port

Use forbidden port to forbid an OpenFlow instance from reporting ports of the specified types to controllers.

Use undo forbidden port to restore the default.

Syntax

forbidden port { l3-physical-interface | vlan-interface | vsi-interface } * undo forbidden port

Default

All ports that belong to an OpenFlow instance are reported to the controllers.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

l3-physical-interface: Specifies Layer 3 Ethernet interfaces and Layer 3 aggregate interfaces that belong to an OpenFlow instance.

vlan-interface: Specifies VLAN interfaces that belong to an OpenFlow instance. vsi-interface: Specifies virtual switch instance (VSI) interfaces that belong to an OpenFlow

instance.

Examples

# Forbid OpenFlow instanc e 1 from reporting VLAN int erfaces that belong to the OpenFl ow instance to controllers.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] forbidden port vlan-interface

in-band management vlan

Use in-band management vlan to configure inband management VLANs for an OpenFlow instance.

Use undo in-band management vlan to restore the default.

Syntax

in-band management vlan { vlan-id [ to vlan-id ] } &<1-10> undo in-band management vlan

Default

No inband management VLANs are configured for an OpenFlow instance.

Page 31

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

vlan-id: Specifies a VLAN ID in the range of 1 to 4094.

Usage guidelines

By default, traffic in VLANs associated with an OpenFlow instance is forwarded in OpenFlow forwarding process. The OpenFlow instance cannot use these VLANs to connect to the controller.

Y ou can use t his command t o specify inband management VLANs for an OpenFl ow instance. T raf fic in inband management VLANs is forwarded in the normal forwarding process instead of the OpenFlow forwarding process. Inband management VLANs are used by an OpenFlow instance to connect to controllers.

Examples

# Configure VLAN 10 as the inband management V LAN for OpenFlow instance 1.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] in-band management vlan 10

listening port

Use listening port to enable an SSL server for an OpenFlow instance. Use undo listening port to restore the default.

Syntax

listening port port-number ssl ssl-policy-name undo listening port

Default

No SSL server is enabled for an OpenFlow instance.

Views

OpenFlow instance view

Predefined user roles

network-admin

Parameters

port-number: Specifies the SSL server port number in the range of 1 to 65535.

ssl ssl-policy-name: Specifies the SSL server policy name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

Typically, an OpenFlow instance acts as the TCP/SSL client and actively connects to the controller (SSL server).

You can configure this feature to enable an SSL server for an OpenFlow instance. After an SSL server is enabled for an OpenFlow instance, the controller acts as an SSL client and actively connects to the OpenFlow instance.

Page 32

To re-configure the SSL server, first execute the undo form of the command to delete the existing SSL server configuration.

Examples

# Enable an SSL server with the port number 20000 for OpenFlow instance 1.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] listening port 20000 ssl ssl_name

mac-ip dynamic-mac aware

Use mac-ip dynamic-mac aware to configure an OpenFlow instance to support dynamic MAC addresses.

Use undo mac-ip dynamic-mac aware to restore the default.

Syntax

mac-ip dynamic-mac aware undo mac-ip dynamic-mac aware

Default

An OpenFlow instance does not support dynamic MAC addresses and ignores dynamic MAC address messages sent from controllers.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

This command configures an OpenFlow instance to support querying and deleting dynamic MAC addresses in only MAC-IP flow t ables. The OpenFlow instance does not send change events for the dynamic MAC addresses to controllers.

Examples

# Configure OpenFlow instance 1 to support dynamic MAC addresses.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] mac-ip dynamic-mac aware

mac-learning forbidden

Use mac-learning forbidden to configure OpenFlow to forbid MAC address learning in VLANs associated with an OpenFlow instance.

Use undo mac-learning forbidden to restore the default.

Syntax

mac-learning forbidden undo mac-learning forbidden

Default

MAC address learning is allowed for VLANs associated with an OpenFlow instance.

Page 33

Views

OpenFlow instance view

Predefined user roles

network-admin

Examples

# Forbid MAC address learning in VLANs associated with OpenFlow instance 1.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] mac-learning forbidden

openflow instance

Use openflow instance to create an OpenFlow instance and enter its view, or enter the view of an existing OpenFlow instance.

Use undo openflow instance to remove an OpenFlow instance.

Syntax

openflow instance instance-id undo openflow instance instance-id

Default

No OpenFlow instances exist.

Views

System view

Predefined user roles

network-admin

Parameters

instance-id: Specifies an OpenFlow instance by its ID in the range of 1 to 4094.

Examples

# Create OpenFlow instance 1 and enter OpenFlow i nstance view.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1]

openflow lossless enable

Use openflow lossless enable to enable packet loss prevention for OpenFlow forwarding. Use undo openflow lossless enable to disable packet loss prevention for OpenFlow forwarding.

Syntax

openflow lossless enable undo openflow lossless enable

Default

Packet loss prevention for OpenFlow forwardi ng is disabled.

Page 34

Views

System view

Predefined user roles

network-admin

Usage guidelines

Packet loss prevention ensures successful OpenFlow forwarding without packet loss. In an OpenFlow network, packet los s might occur on the switch during the flow entry deploy ment process. Packet loss then causes OpenFlow forwarding errors. For example, traffic is mistakenly sent to controllers and the controllers deploy fa ul ty flow entries.

When this feature is enabled, the OpenFlow matching ability is decreased. For example, packets cannot be matched by IPv6 address.

Do not enable this feature in non-OpenFlow networks. Otherwise, the forwarding efficiency and matching ability might be decreased.

After you enable or disable packet loss preventi on on a switch, save the configurat ion and restart the switch to make the configuration t ake effect.

Examples

# Enable packet loss prevention for OpenFlow forwarding.

<Sysname> system-view [Sysname] openflow lossless enable Enable lossless traffic function? [Y/N]:y For the setting to take effect, save the configuration, and then reboot the device.

permit-port-type member-port

Use permit-port-type member-port to allow link aggregation member ports to be in the deployed flow tables.

Use undo permit-port-type to restore the default.

Syntax

permit-port-type member-port undo permit-port-type

Default

Link aggregation member ports cannot be in the deployed flow tables.

Views

OpenFlow instance view

Predefined user roles

network-admin

Examples

# Configure OpenFlow instance 1 to allow lin k aggre gati on mem b er port s to b e in t he deploy ed f low tables.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] permit-port-type member-port

Page 35

precedence dynamic arp

Use precedence dynamic arp to allow dynamic ARP entries to overwrite OpenFlow ARP entries. Use undo precedence dynamic to restore the default.

Syntax

precedence dynamic arp undo precedence dynamic arp

Default

An OpenFlow instance does not allow dynamic ARP entries to overwrite OpenFlow ARP entries.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

This command increases the precedence of dynamic ARP entries to overwrite OpenFlow ARP entries.

OpenFlow ARP entries are generated based only on the MAC-IP flow table of an OpenFlow instance.

Examples

# Configure OpenFlow instance 1 to allow dynamic ARP entries to overwrite OpenFlow ARP entries.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] precedence dynamic arp

protocol-packet filter slow

Use protocol-packet filter slow to create a highest-priority flow entry for dropping slow protocol packets.

Use undo protocol-packet filter to restore the default.

Syntax

protocol-packet filter slow undo protocol-packet filter

Default

An OpenFlo w instance does not have a highest-priority flow entry for dropping slow protocol p ackets.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

The flow entry created by using this command has a higher priority t han the flow entrie s deployed by controllers.

Page 36

The slow protocols include LACP, LAMP, and OAM.

Examples

# Create a highest-priority flow entry for OpenFlow instance 1 to drop slow protocol packets.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] protocol-packet filter slow

qinq-network enable

Use qinq-network enable to enable an OpenFlow instance to perform QinQ tagging for double-tagged packets passing an extensibility flow table.

Use undo qinq-network enable to restore the default.

Syntax

qinq-network enable undo qinq-network enable

Default

A double-tagged packet becomes single-tagged after it passes an extensibility flow table.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

Execute this command to make double-tagged packets keep double-tagged after the packets pass an extensibility flow table.

Examples

# Enable OpenFlow instance 1 to perform QinQ tagging for double-tagged packets passing an extensibility flow table.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] qinq-network enable

Related commands

flow-table

refresh ip-flow

Use refresh ip-flow to refresh all Layer 3 flow entries in the MAC-IP flow tables for an OpenFlow instance.

Syntax

refresh ip-flow

Views

OpenFlow instance view

Predefined user roles

network-admin

Page 37

Usage guidelines

Layer 3 flow entries in the MAC-IP fl ow tables mi ght be ov erwrit ten. I n such case s, y ou can u se t his command to obtain all Layer 3 flow entries in t he M AC-IP flow tables from the controller again.

Examples

# Refresh all Layer 3 flow entries in the MAC-IP flow tables for OpenFlow instance 1.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] refresh ip-flow

reset openflow instance statistics

Use reset openflow instance statistics to clear statistics on packets that a controller sends and receives for an OpenFlow instance.

Syntax

reset openflow instance instance-id { controller [ controller-id ] | listened } statistics

Views

User view

Predefined user roles

network-admin

Parameters

instance-id: Specifies an OpenFlow instanc e by its ID in the range of 1 to 4094. controller-id: Specifies a controller by its ID in the range of 0 to 63. If you do not specify a controller

ID, this command clears statistics on packets that all controllers send and receive for an OpenFlow instance.

listened: Specifies the client that connects to the server enabled for the OpenFlow instance.

Examples

# Clear statistics on packets that all controll ers send and receive for OpenFlow instance 1.

<Sysname> reset openflow instance 1 controller statistics

tcp dscp

Use tcp dscp to set a DSCP value for OpenFlow packets. Use undo tcp dscp to restore the default.

Syntax

tcp dscp dscp-value undo tcp dscp

Default

The DSCP value for OpenFlow pac ket s is not set.

Views

OpenFlow instance view

Predefined user roles

network-admin

Page 38

Parameters

dscp-value: Specifies a DSCP value for OpenFlow packets, in the range of 0 to 63.

Examples

# Set the DSCP value to 63 for OpenFlo w packets.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] tcp dscp 63

tcp-connection backup

Use tcp-connection backup to enable OpenFlow connection backup. Use undo tcp-connection backup to disable OpenFlow connection back up.

Syntax

tcp-connection backup undo tcp-connection backup

Default

OpenFlow connection backup is enabled.

Views

OpenFlow instance view

Predefined user roles

network-admin

Usage guidelines

This command enables an OpenFlow instance to back up OpenFlow connections established over TCP. This prevents connection interrupti on when an active/standby switchover occurs.

Examples

# Disable OpenFlow connection backup for Ope nF l ow instance 1.

<Sysname> system-view [Sysname] openflow instance 1 [Sysname-of-inst-1] undo tcp-connection backup

Page 39

Index

A C D F I L M O P Q R T

active instance,1

classification,1 controller address,2 controller auxiliary,3 controller connect interval,4 controller echo-request interval,5 controller mode,5

datapath-id,6 default table-miss permit,7 description,7 display openflow,8 display openflow auxiliary,9 display openflow flow-table,10 display openflow group,15 display openflow instance,16 display openflow meter,18 display openflow summary,20

fail-open mode,21 flow-entry max-limit,22 flow-log disable,22 flow-table,23 forbidden port,24

in-band management vlan,24

listening port,25

mac-ip dynamic-mac aware,26 mac-learning forbidden,26

openflow instance,27 openflow lossless enable,27

permit-port-type member-port,28 precedence dynamic arp,29 protocol-packet filter slow,29

qinq-network enable,30

refresh ip-flow,30 reset openflow instance statistics,31

tcp dscp,31 tcp-connection backup,32