No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
OpenFlow Configuration Commands

OpenFlow Configuration Commands

NOTE:

Only the CE8860EI, CE8850EI, CE7855EI, CE7850EI, CE6880EI, CE6870EI, CE6860EI, CE6856HI, CE6855HI, CE6851HI, CE6850HI, and CE6850U-HI support OpenFlow Agent function.

authentication keychain

Function

The authentication keychain command configures keychain authentication for the OpenFlow connection between the SDN controller and switch.

The undo authentication keychain command cancels keychain authentication for the OpenFlow connection between the SDN controller and switch.

By default, keychain authentication is not configured for an OpenFlow connection.

Format

authentication keychain keychain-name

undo authentication keychain

Parameters

Parameter Description Value
keychain-name Specifies the keychain name. The value must be an existing keychain name configured on the device.

Views

OpenFlow Agent view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To improve network security and prevent access of unauthorized users, you can configure keychain authentication for the OpenFlow connection.

Precautions

A switch can set up an OpenFlow connection with a maximum of 16 SDN controllers. Either keychain authentication or SSL policy can be configured for an OpenFlow connection.

Prerequisites

Before configuring keychain authentication for the OpenFlow connection, you need to Configure a Keychain.

Example

# Configure keychain authentication for the OpenFlow connection.

<HUAWEI> system-view
[~HUAWEI] keychain kk mode absolute
[*HUAWEI-keychain-kk] quit
[*HUAWEI] sdn agent
[*HUAWEI-sdn-agent] controller-ip 10.1.1.1
[*HUAWEI-sdn-agent-ctrl-10.1.1.1] openflow agent
[*HUAWEI-sdn-agent-ctrl-10.1.1.1-openflow] authentication keychain kk

authentication ssl

Function

The authentication ssl command configures the SSL policy for the OpenFlow connection between the SDN controller and switch.

The undo authentication ssl command restores the default setting.

By default, no SSL policy is configured for an OpenFlow connection.

Format

authentication ssl ssl-policy policy-name

undo authentication ssl

Parameters

Parameter Description Value
ssl-policy policy-name Specifies the name of an SSL policy. The value must be the name of an existing SSL policy.

Views

OpenFlow Agent view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The switch and SDN controller exchange information through the OpenFlow connection. To prevent access of unauthorized users and improve network security, configure an SSL policy for the OpenFlow connection.

Precautions

A switch can set up an OpenFlow connection with a maximum of 16 SDN controllers. Either keychain authentication or SSL policy can be configured for an OpenFlow connection.

Prerequisites

The switch functions as an SSL client. The SSL policy has been configured.

Example

# Configure an SSL policy for an OpenFlow connection.

<HUAWEI> system-view
[~HUAWEI] sdn agent
[*HUAWEI-sdn-agent] controller-ip 10.1.1.1
[*HUAWEI-sdn-agent-ctrl-10.1.1.1] openflow agent
[*HUAWEI-sdn-agent-ctrl-10.1.1.1-openflow] authentication ssl ssl-policy openflow-ssl

clear openflow flows standard

Function

The clear openflow flows standard command deletes the user policy entries delivered by the controller through Flow_Mod.

Format

clear openflow flows standard { all | entry entry-id }

NOTE:

CE6880EI does not support this command.

Parameters

Parameter Description Value
all Deletes the user policy entries delivered by the controller through Flow_Mod. -
entry entry-id Delete the user policy entry with the specified ID. The value is an integer that ranges from 0 to 10239.

Views

User view

Default Level

3: Management level

Usage Guidelines

If the OpenFlow connection between a switch and controller is torn down, the switch will not actively delete the user policy entries delivered through Flow_Mod. To delete these user policy entries, run the clear openflow flows standard command.

User policy entries cannot be restored after being cleared. Exercise caution when you run the clear command.

Example

# Delete the user policy entries delivered by the controller through Flow_Mod.

<HUAWEI> clear openflow flows standard all

controller-ip

Function

The controller-ip command specifies the controller IP address used to establish an OpenFlow connection with the switch and displays the Controller-IP view.

The undo controller-ip command deletes the controller IP address used to establish an OpenFlow connection with the switch.

By default, the controller IP address used to establish an OpenFlow connection with the switch is not specified.

Format

controller-ip [ vpn-instance vpn-instance-name ] ip-address

undo controller-ip [ vpn-instance vpn-instance-name ] ip-address

Parameters

Parameter Description Value
vpn-instance vpn-instance-name Specifies the name of the VPN instance that the controller belongs to. The value must be the name of an existing VPN instance.
ip-address Specifies the controller IP address. The value is in dotted decimal notation.

Views

SDN Agent view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To allow the switch and controller to communicate with each other through the OpenFlow connection, run the controller-ip command to specify the controller IP address used to establish an OpenFlow connection with the switch. After this command is executed, the Controller-IP view is displayed.

A switch can connect to one or two controllers through OpenFlow connections. When the switch connects to only one controller, the controller's IP address needs to be reconfigured and the OpenFlow connection must be reset up, if the controller or OpenFlow connection fails. This process requires a long time. Establishing OpenFlow connections to multiple controllers improves reliability and implements load balancing. If one controller is faulty or an OpenFlow connection fails, the switch is still connected to other controllers and works normally.

Precautions

Only 16 controller IP addresses can be configured on the switch. To configure a new controller IP address on the switch, run the undo controller-ip [ vpn-instance vpn-instance-name ] ip-address command to delete the original one first.

Example

# Set the controller IP address used to establish an OpenFlow connection with the switch to 10.1.1.1.

<HUAWEI> system-view
[~HUAWEI] sdn agent
[*HUAWEI-sdn-agent] controller-ip 10.1.1.1
[*HUAWEI-sdn-agent-ctrl-10.1.1.1]

description (SDN Agent view)

Function

The description command configures the description for an OpenFlow-compatible switch.

The undo description command deletes the description of an OpenFlow-compatible switch.

By default, an OpenFlow-compatible switch does not have description.

Format

description description-text

undo description

Parameters

Parameter Description Value
description-text Indicates the description for an OpenFlow-compatible switch. The value is a string of 1 to 63 case-sensitive characters without spaces. If the character string is quoted by double quotation marks, the character string can contain spaces.

Views

SDN Agent view

Default Level

2: Configuration level

Usage Guidelines

To facilitate memorization and management, you can configure the characteristics of an OpenFlow-compatible switch as the description.

Example

# Set the description for an OpenFlow-compatible switch to sdnagent1.

<HUAWEI> system-view
[~HUAWEI] sdn agent
[*HUAWEI-sdn-agent] description sdnagent1

display default-parameter sdn openflow

Function

The display default-parameter sdn openflow command displays the default configuration of the OpenFlow Agent.

Format

display default-parameter sdn openflow

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

To view the default configuration of OpenFlow Agent, you can run this command.

Example

# View the default configuration of OpenFlow Agent.

<HUAWEI> display default-parameter sdn openflow
  Openflow Default Configurations:
  ---------------------------------
  Echo-interval(sec): 5
Table 18-34  Description of the display default-parameter sdn openflow command output

Item

Description

Echo-interval(sec)

Heartbeat interval of the OpenFlow connection.

display openflow flows standard

Function

The display openflow flows standard command displays the user policy entries delivered by the controller through Flow_Mod.

Format

display openflow flows standard

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After a switch sets up an OpenFlow connection with a controller, you can configure a user policy table on the controller (including matching rule, priority, instructions, and action taken upon matching packet forwarding failure) and the controller delivers user policy entries to the switch through Flow_Mod. The switch matches packets based on the user policy entries and takes action on the positively matching packets. The display openflow flows standard command displays the user policy table information delivered by the controller through Flow_Mod.

Example

# Display the user policy entries delivered by the controller to switch through Flow Mod.

<HUAWEI> display openflow flows standard

------------------------------------------------------------
Entry ID: 0
Priority: 123
Match Information:
Protocol: 6
SIP/MASK: 10.2.2.2/255.255.255.255
DIP/MASK: 10.1.1.1/255.255.255.255
SrcPort : 8080
DstPort : 8080
DSCP : 12
Instruction Information:
Write Actions:
Set DSCP : 30
OutPort : 10GE1/0/1
NextHop : 10.136.68.210
Fail Action: forward
------------------------------------------------------------
Table 18-35  Description of the display openflow flows standard command output

Item

Description

Entry ID

User policy entry ID.

Priority

User policy entry priority. A larger value indicates a higher priority.

Match Information

User policy entry matching information.

Protocol

Protocol type.

SIP/MASK

Source IP address/mask.

DIP/MASK

Destination IP address/mask.

SrcPort

Source port number.

DstPort

Destination port number.

DSCP

DSCP priority.

Instruction Information

Action instruction set. The switch matches packets against user policy entries, and takes action on the positively matching packets.

Write Actions

Action in the action instruction set.

Set DSCP

DSCP priority. The positively matching packets are processed based on DSCP priorities.

OutPort

Outbound port number. The positively matching packets are sent out through this interface.

NextHop

Next hop address. The positively matching packets are sent to this IP address.

Fail Action

Action taken on the positively matching packets upon an execution failure of the action in the instructions, including:
  • forward: forwards the packets based on the routes in routing table.

  • discard: discards the packets.

display sdn controller

Function

The display sdn controller command displays information about the controller connected to the switch.

Format

display sdn controller

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After the OpenFlow connection parameters are configured, you can run this command to view controller information.

Example

# View controller information.

<HUAWEI> display sdn controller

                           Controller Information
Total 1 record(s) found :
--------------------------------------------------------------------------------
 Controller ID : 10.1.1.1
 State         : UP
 Up Time       : 0d10h23m59s
 Vpn-instance  : _public_
--------------------------------------------------------------------------------
Table 18-36  Description of the display sdn controller command output

Item

Description

Controller ID

Controller IP address.

State

Connection status between the switch and controller.
  • UP
  • DOWN

Up Time

How long the OpenFlow connection has gone Up.

Vpn-instance

Name of a VPN instance.

display sdn openflow session

Function

The display sdn openflow session command displays the OpenFlow connection session information.

Format

display sdn openflow session

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After an OpenFlow connection is established, you can run this command to view the OpenFlow connection information and determine whether the connection is successfully established.

Example

# View OpenFlow connection information.

<HUAWEI> display sdn openflow session

--------------------------------------------------------------------------------
Agent           Controller      UpTime       State      Role      VPN-INSTANCE
--------------------------------------------------------------------------------
10.136.17.22    10.171.74.102   0d00h07m52s  REGISTERED MASTER     _public_
--------------------------------------------------------------------------------
Table 18-37  Description of the display sdn openflow session command output

Item

Description

Agent

Switch's IP address used to set up an OpenFlow connection.

Controller

Controller's IP address used to set up an OpenFlow connection.

UpTime

How long the OpenFlow connection has gone Up.

State

OpenFlow connection status:
  • TOCREATE: The two ends are attempting to establish the OpenFlow connection.
  • CONNECTED: A TCP connection is successfully established.
  • REGISTERED: The OpenFlow connection is successfully established.
  • INIT: The OpenFlow connection is in the initialization state.

Role

Controller role:
  • EQUAL: has the highest privilege (read and write) on the switch.
  • MASTER: has the same privilege as EQUAL.
  • SLAVE: has the read-only privilege.

VPN-INSTANCE

Name of a VPN instance.

display sdn openflow statistics

Function

The display sdn openflow statistics command displays statistics about the OpenFlow connection packets.

Format

display sdn openflow statistics

display sdn openflow statistics controller [ vpn-instance vpn-instance-name ] ip-address

Parameters

Parameter Description Value
vpn-instance vpn-instance-name Specifies the name of the VPN instance that the controller belongs to. The value must be the name of an existing VPN instance.
ip-address Specifies the controller's IP address. The value is in dotted decimal notation.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

If the OpenFlow connection fails, you can check the OpenFlow packet statistics to determine whether an error occurs in OpenFlow packet sending and receiving.

Example

# View statistics about OpenFlow connection packets.

<HUAWEI> display sdn openflow statistics
Agent: 10.136.17.22, Controller: 10.171.74.102, VPN-INSTANCE: _public_
--------------------------------------------------------------------------------
Message Type          Received        Sent     Invalid    Send Failed
--------------------------------------------------------------------------------
HELLO                        1           1           0              0
ECHO_REQUEST                 1         105           0              1
ECHO_REPLY                 105           0           0              1
EXPERIMENTER                 0           1           0              1
FEATURES_REQUEST             1           0           0              0
FEATURES_REPLY               0           1           0              0
PORT_STATUS                  0         754           0              0
FLOW_MOD                     0           0           0              0
MULTIPART_REQUEST            0           0           1              0
MULTIPART_REPLY              0           0           0              0
ROLE_REQUEST                 0           0           0              0
ROLE_REPLY                   0           0           0              0
PACKET_IN                    0           0           0              0
PACKET_OUT                  15           0           0              0
UNKNOWN                      1           0           0              0
--------------------------------------------------------------------------------Agent: 192.168.70.48, Controller: 192.168.78.118, VPN-instance: _public_
--------------------------------------------------------------------------------
Message type          Received        Sent     Invalid    Send failed
--------------------------------------------------------------------------------
HELLO                        1           1           0              0
ECHO_REQUEST                 0       15665           0              0
ECHO_REPLY               15665           0           0              0
EXPERIMENTER                 0          16           0              1
FEATURES_REQUEST             1           0           0              0
FEATURES_REPLY               0           1           0              0
PORT_STATUS                  0           1           0              0
FLOW_MOD                     0           0           0              0
MULTIPART_REQUEST            1           0           1              0
MULTIPART_REPLY              0           0           0              0
ROLE_REQUEST                 1           0           0              0
ROLE_REPLY                   0           1           0              0
PACKET_IN                    0           0           0              0
PACKET_OUT                   1           0           0              0
MULTI_PATH_DETECT            0           0           0              0
L2_PATH_DETECT               0           0           0              0
L3_PATH_DETECT               0           0           0              0
UNKNOWN                      1           0           0              0
--------------------------------------------------------------------------------
Table 18-38  Description of the display sdn openflow statistics command output

Item

Description

Agent

Switch's IP address used to set up an OpenFlow connection.

Controller

Controller's IP address used to set up an OpenFlow connection.

VPN-INSTANCE

Name of a VPN instance.

Message Type

Type of the message sent or received by the switch.

Received

Number of packets received by the switch.

Sent

Number of packets sent by the switch.

Invalid

Number of invalid packets received by the switch.

Send Failed

Number of packets that failed to be sent by the switch.

echo-interval

Function

The echo-interval command sets the heartbeat interval of the OpenFlow connection.

The undo echo-interval command restores the default heartbeat interval of the OpenFlow connection.

By default, the heartbeat interval of the OpenFlow connection is 5 seconds.

Format

echo-interval interval

undo echo-interval

Parameters

Parameter Description Value
interval Specifies the heartbeat interval of the OpenFlow connection. The value is an integer that ranges from 5 to 60, in seconds.

Views

OpenFlow Agent view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The controller and switch establishing the OpenFlow connection periodically exchange heartbeat packets to detect whether the peer end is still available. You can set the heartbeat interval for the OpenFlow connection, that is, specify the frequency at which the heartbeat packets are sent between the controller and switch.

Configuration Impact

If the initiator does not receive any ECHO_REPLY packet after sending five consecutive ECHO_REQUEST packets, the initiator considers the peer device failed, and closes the OpenFlow connection. If the initiator receives a packet (except ECHO_REPLY) before closing the OpenFlow connection, the initiator restarts the counter.

Example

# Set the heartbeat interval of the OpenFlow connection to 35 seconds.

<HUAWEI> system-view
[~HUAWEI] sdn agent
[*HUAWEI-sdn-agent] controller-ip 10.1.1.1
[*HUAWEI-sdn-agent-ctrl-10.1.1.1] openflow agent
[*HUAWEI-sdn-agent-ctrl-10.1.1.1-openflow] echo-interval 35

openflow agent

Function

The openflow agent command creates and displays an OpenFlow Agent view or displays the view of an existing OpenFlow Agent.

The undo openflow agent command deletes an OpenFlow Agent view.

By default, no OpenFlow Agent view is created.

Format

openflow agent

undo openflow agent

Parameters

None

Views

Public network instance Controller-IP view, VPN instance Controller-IP view

Default Level

2: Configuration level

Usage Guidelines

Before changing the OpenFlow heartbeat interval, configuring the IP address used to set up OpenFlow connection with the specified controller, or configuring OpenFlow authentication, run the openflow agent command to create an OpenFlow Agent view first.

Example

# Create and display an OpenFlow Agent view.

<HUAWEI> system-view
[~HUAWEI] sdn agent
[*HUAWEI-sdn-agent] controller-ip 10.1.1.1
[*HUAWEI-sdn-agent-ctrl-10.1.1.1] openflow agent 
[*HUAWEI-sdn-agent-ctrl-10.1.1.1-openflow]

reset sdn openflow session

Function

The reset sdn openflow session command resets the OpenFlow connection.

Format

reset sdn openflow session [ controller [ vpn-instance vpn-instance-name ] ip-address ]

Parameters

Parameter Description Value
controller ip-address Specifies the controller's IP address. The value is in dotted decimal notation.
vpn-instance vpn-instance-name Specifies the name of the VPN instance that the controller belongs to. The value must be the name of an existing VPN instance.

Views

User view

Default Level

3: Management level

Usage Guidelines

Precautions

Running the reset sdn openflow session command will tear down and reestablish the OpenFlow connection. This command can be used when you need to verify the OpenFlow connection establishment process. Exercise caution when you use this command to reset an OpenFlow connection.

Resetting the OpenFlow connection will tear down the OpenFlow connection between the controller and switch. Exercise caution when you use the following command.

Example

# Reset the OpenFlow connection.

<HUAWEI> reset sdn openflow session

reset sdn openflow statistics

Function

The reset sdn openflow statistics command clears statistics about the OpenFlow connection packets.

Format

reset sdn openflow statistics [ controller ip-address [ vpn-instance vpn-instance-name ] ]

Parameters

Parameter Description Value
controller ip-address Specifies the controller's IP address. The value is in dotted decimal notation.
vpn-instance vpn-instance-name Specifies the name of the VPN instance that the controller belongs to. The value must be the name of an existing VPN instance.

Views

User view

Default Level

3: Management level

Usage Guidelines

To obtain accurate statistics about OpenFlow connection packets, you can run the reset sdn openflow statistics command to clear the existing statistics first, and then run the display sdn openflow statistics command to view the latest statistics.

The cleared OpenFlow packet statistics cannot be restored. Therefore, exercise caution when you use the following command.

Example

# Clear statistics about OpenFlow connection packets.

<HUAWEI> reset sdn openflow statistics

sdn agent

Function

The sdn agent command configures the device as an OpenFlow-compatible switch.

The undo sdn agent command restores the default configuration.

By default, a device is not an OpenFlow-compatible switch.

Format

sdn agent

undo sdn agent

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

OpenFlow-compatible switch supports both OpenFlow forwarding and Layer 2/3 data forwarding. On an SDN network, you should configure the device as an OpenFlow-compatible switch first, and then perform other SDN configurations.

Configuration Impact

The undo sdn agent command will delete all OpenFlow-compatible switch configurations in the SDN Agent view.

Example

# Configure the device as an OpenFlow-compatible switch.

<HUAWEI> system-view
[~HUAWEI] sdn agent

sdn copy-to-controller lltd enable

Function

The sdn copy-to-controller lltd enable command enables the device to handle Link Layer Topology Discovery (LLTD) packets delivered by the controller.

The undo sdn copy-to-controller lltd enable command disables the device from handling LLTD packets delivered by the controller.

By default, the device does not handle the LLTD packets delivered by the controller.

Format

sdn copy-to-controller lltd enable

undo sdn copy-to-controller lltd enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The LLTD protocol can automatically discover LLTD-compatible devices on networks to obtain network topology. If the controller needs to obtain the positions of Microsoft servers in a network topology, the controller delivers a Packet-out carrying LLTD information to the device. If the sdn copy-to-controller lltd enable command has been executed on the device, the device extracts the LLTD packet from the Packet-out, and broadcasts the LLTD packet on the network. When a Microsoft server receives the LLTD packet, it replies with another LLTD packet carrying its own host name, IP address, and MAC address to the device. The device encapsulates the LLTD packet into a Packet-in, and sends the Packet-in to the controller.

Figure 18-1  LLTD packet processing flow

Example

# Enable the device to handle the LLTD packets delivered by the controller.

<HUAWEI> system-view
[~HUAWEI] sdn copy-to-controller lltd enable

source-ip

Function

The source-ip command configures the global IP address used to establish an OpenFlow connection with the controller.

The undo source-ip command deletes the global IP address used to establish an OpenFlow connection with the controller.

By default, the global IP address used to establish an OpenFlow connection with the controller is not configured.

Format

source-ip ip-address

undo source-ip [ ip-address ]

Parameters

Parameter Description Value
ip-address Specifies a global IP address. The value is in dotted decimal notation. The IP address of a loopback interface is recommended.

Views

SDN Agent view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

An OpenFlow-compatible switch and controller uses OpenFlow connection for communication. You can run the source-ip command to configure the global IP address used to set up OpenFlow connection with the controller. By default, this IP address sets up OpenFlow connections with all controllers' IP addresses specified in controller-ip.

Precautions

  • The switch supports only one global IP address used to establish an OpenFlow connection with the controller. To change this IP address, run the undo source-ip command to delete the original one first.

  • If the source-ip command has been run to configure a global IP address and the transport-address command has been run to configure a connector-specific IP address, the IP address specified in transport-address sets up an OpenFlow connection with the specified controller.

Example

# Set the global IP address used to establish an OpenFlow connection with the controller to 10.10.10.10.

<HUAWEI> system-view
[~HUAWEI] sdn agent
[*HUAWEI-sdn-agent] source-ip 10.10.10.10

transport-address

Function

The transport-address command configures the IP address used to establish an OpenFlow connection with the specified controller.

The undo transport-address command deletes the IP address used to establish an OpenFlow connection with the specified controller.

By default, no IP address is configured to establish an OpenFlow connection with the specified controller.

Format

transport-address ip-address

undo transport-address

Parameters

Parameter Description Value
ip-address Specifies the IP address. The value is in dotted decimal notation. The IP address of a loopback interface is recommended.

Views

OpenFlow Agent view

Default Level

2: Configuration level

Usage Guidelines

After you run the source-ip command, the switch uses this global IP address to set up connection with controllers by default. If you want to connect the switch to a specified controller using the specified IP address, run the transport-address command.

Example

# Set the IP address used to set up an OpenFlow connection with the specified controller to 10.10.10.10.

<HUAWEI> system-view
[~HUAWEI] sdn agent
[*HUAWEI-sdn-agent] controller-ip 10.1.1.1
[*HUAWEI-sdn-agent-ctrl-10.1.1.1] openflow agent 
[*HUAWEI-sdn-agent-ctrl-10.1.1.1-openflow] transport-address 10.10.10.10
Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166501

Views: 52089

Downloads: 339

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next