INSTALLATION GUIDE FOR SDN/OPENFLOW DEMONSTRATION. Jerry Lei Solutions Architect Service Provider Group

INSTALLATION GUIDE FOR SDN/OPENFLOW DEMONSTRATION Jerry Lei Solutions Architect Service Provider Group

Legal Disclaimer All or some of the products detailed in this presentation may still be under development and certain specifications, including but not limited to, release dates, prices, and product features, may change. The products may not function as intended and a production version of the products may never be released. Even if a production version is released, it may be materially different from the pre-release version discussed in this presentation. NOTHING IN THIS PRESENTATION SHALL BE DEEMED TO CREATE A WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT OF THIRD-PARTY RIGHTS WITH RESPECT TO ANY PRODUCTS AND SERVICES REFERENCED HEREIN. Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronView, NetIron, SAN Health, ServerIron, and TurboIron are registered trademarks, and Brocade Assurance, DCFM, Extraordinary Networks, and Brocade NET Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned are or may be trademarks or service marks of their respective owners. 2

Agenda Installation Guide For SDN/OpenFlow Demonstration Components of Demonstration Installations of Components Configurations of Demonstration Example of Demonstration SDN/OpenFlow Reference 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 3

Components Of Demonstration 4

Components Of Demonstration Mandatory Components SDN Application Flow Management Software, OE-SS, by Indiana University Controller Revised open source controller, NOX, for OE-SS by Indiana University, and Light-weighted passive controller, OVS-OFCTL Linux Server CentOS Linux 6.2 (free version of RH EL6), or Redhat Enterprise Linux server 6 (RH EL6) Physical server or PC OpenFlow protocol OpenFlow-enabled routers Remote Web Browser Controller Linux Server VM Existing OS Server Traffic generator Note: required installation components are in red SDN App HTTP 5 Optional

Components Of Demonstration Mandatory Components OpenFlow-enabled Router XMR/MLX/MLXe CES/CER/CER-RT Miscellaneous Traffic generator Spirent, IXIA Virtual Machine (optional) Xen, KVM, and Oracle Virtual Box for Linux Oracle Virtual Box, VMware player for Windows Web Browser Firefox OpenFlow protocol OpenFlow-enabled routers Remote Web Browser Controller Linux Server VM Existing OS Server Traffic generator Note: required installation components are in red SDN App HTTP 6 Optional

Software Components Mandatory Components Software plays a big role in the SDN solution Get familiar with everything about Linux Front-end Application Web-based API (Java, HTML5) to GUI Script-based API (Perl, Python) or C++ API to back-end Back-end application Core Program Database Controller HTTP server OpenFlow-enabled Topology OpenFlow protocol Controller Database Remote Web Browser OE-SS Core Linux Server OE-SS Front HTTP Server HTTP Note: front-end and back-end applications are required in installation 7

Installation of Components 8

Virtual Machine Optional Component Remote Web Browser HTTP OpenFlow protocol Controller OE-SS Core OE-SS Front Database HTTP Server Linux Server VM Existing OS Optional 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only 9

Virtual Machine Optional Component Network Adapter of VM should be set as bridged adapter Connect directly to the physical network without using NAT or host IP VM will get an IP address in the same subnet but different than host IP VMware Player and Oracle VirtualBox are easy to install http://www.vmware.com/products/player/ https://www.virtualbox.org/wiki/downloads VMware Player for Microsoft Windows is used for this installation guide KVM and XEN are included in Linux 10

Linux Server Remote Web Browser HTTP OpenFlow protocol Controller OE-SS Core OE-SS Front Database HTTP Server Linux Server VM Existing OS Optional 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only 11

Linux Server Why Choose CentOS 6.2 64bits OESS pre-built packages are RPMs for RedHat EL/CentOS Converting OESS rpm to deb package for Ubuntu/Debian Linux is not able to install OESS on Ubuntu/Debian CentOS is a free version of Redhat Enterprise Linux Following steps are all based on the Linux of 64-bit x86 process architecture (x86_64) A 64-bit x86 version of Linux can be installed on a multi-core x86 PC or server 32-bit Linux is not recommended because OESS packages are built in x86_64 Please do not use the latest CentOS 6.3 CentOS 6.3 just releases, it may not be compatible with all OESS dependencies 12

Linux Server Why Choose CentOS 6.2 64bits (cont ) YUM is a package update tool for CentOS 6.2 and RH EL6 YUM provides the convenience to resolve the dependencies when installing packages yum install <package-name> can automatically find all dependencies and install them along with package yum search <part of package name> can easily look up the package if the exact package name is uncertain In order to make yum works correctly and efficiently, software repositories of CentOS/RH EL are required to install accordingly 13

Linux Server Install CentOS 6.2 64bits Software Update Download CentOS 6.2 X86_64 (bin-dvd#.iso) from Centos Wiki http://mirrors.bluehost.com/centos/6.2/isos/x86_64/ Install CentOS from the ISO image or from the installation CD/DVD Burn the ISO images to bootable installation CD/DVDs Linux on VM usually can be installed directly from ISO images 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 14

Linux Server Install CentOS 6.2 64bits During the installation, the following steps are required Add root password when it prompts Add another user and the user s password when it prompts to add another user Login as root and update the software up to date (may require reboot several times) 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 15

Linux Server YUM and Software Repository Installing software in Linux always requires to resolve dependent packages and GNU Private Guard (GPG) keys Common used packages are stored in software repositories Install software repositories Login as root and open terminal Install and Configure yum priorities Install and Configure CentOS base Repository 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 16

Linux Server Install and Configure YUM and CentOS Base Software Repository Login as root Install YUM Priorities yum install yum-priorities Configure YUM Priorities Open yum priorities configuration file vim /etc/yum/pluginconf.d/priorities.conf Ensure the following lines exist in the file [main] Enabled=1 Open Centos base repo configuration file vim /etc/yum.repos.d/centos-base.repo 17

Linux Server Install and Configure YUM and CentOS Base Software Repository (cont ) Add the following text to the end of [base], [updates], and [Extras] repository entries priority = 1 Add the following text to the end of [centosplus] repository entries enabled = 1 priority = 2 18

Linux Server Install and Configure 3 rd Party Repository All three software repositories are required Install and configure EPEL http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm Install and configure RPMforge repository http://apt.sw.be/redhat/el6/en/x86_64/dag/rpms/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm Install and configure REMI repository http://rpms.famillecollet.com/enterprise/6/remi/x86_64/remi-release-6-1.el6.remi.noarch.rpm 19

Linux Server Install and Configure 3 rd Party Repository (cont ) All three software repositories are required (cont ) Any Linux package may come out new releases time to time If the packages listed above are replaced by new ones and cannot be found, please http to the URLs up to directory x86_64 to find the new package name For example, http://apt.sw.be/redhat/el6/en/x86_64/ Replace the URL in previous slide with the name of new release package The packages are built for 64-bit x86 CPU (x86_64) Enterprise Linux 6 (CentOS 6.2) 20

Linux Server Install and Configure EPEL Repository Download the latest EPEL repository wget http://download.fedoraproject.org/pub/epel/ 6/x86_64/epel-release-6-7.noarch.rpm Install the RPM rpm Uvh epel-release-6*.rpm Configure EPEL repository Open the EPEL repository file vim /etc/yum.repos.d/epel.repo 21

Linux Server Install and Configure EPEL Repository (cont ) Add the following text to [epel] repository entries enable = 1 priority = 3 22

Linux Server Install and Configure RPMforge Repository Download the latest RPMforge repository wget http://apt.sw.be/redhat/el6/en/x86_64/dag /RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm Install DAG s GPG key rpm --import http://dag.wieers.com/rpm/packages/rpm- GPG-KEY.dag.txt Verify the downloaded RPM rpm K./rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm Install the RPM rpm ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm Configure RPMforge repository Open the RPMforge repository file vim /etc/yum.repos.d/rpmforge.repo 23

Linux Server Install and Configure RPMforge Repository (cont ) Add the following text to [rpmforge] repository entries enable = 1 priority = 3 24

Linux Server Install and Configure REMI Repository Download the latest REMI repository wget http://rpms.famillecollet.com/enterprise/6/r emi/x86_64/remi-release-6-1.el6.remi.noarch.rpm Run the RPM install command rpm Uvh remi-release-6*.rpm Configure REMI repository Open the REMI repository file vim /etc/yum.repos.d/remi.repo 25

Linux Server Install and Configure REMI Repository (cont ) Add the following text to [remi] repository entries enable = 1 priority = 3 26

Linux Server Install Servers and APIs Install LAMP LAMP is a solution stack which represents Linux, Apache HTTP server, MySQL, and PHP Disable Firewall and SElinux Security-Enhanced Linux (SElinux) is a Linux feature that provides the support of access control security policies Disabling both security features is for easy configuration OpenFlow requires port: 6633 by default Apache HTTP server requires port 443 and 80 by default Instead of disabling firewall, another option is to open the ports in firewall accordingly 27

Linux Server Install Servers and APIs (cont ) Install script languages and development tools Perl and Python Make, gcc, g++ Install RRD Tool RRD Tool is a prerequisite for SNAPP-Collector Install SNAPP-Collector SNAPP-Collector is required for installing OESS packages RRD Tool and SNAPP-Collector will collect data circuit statistics and send it to OESS front-end 28

LAMP : Linux, Apache, MySQL and PHP OpenFlow protocol Controller Remote Web Browser OE-SS Core OE-SS Front HTTP Database HTTP Server Linux Server VM Existing OS Optional 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only 29

LAMP : Linux, Apache, MySQL and PHP Install and Configure Apache Server Install Apache HTTP server yum install httpd This is typically installed but not configured with CentOS by default Set the Apache service to start on boot chkconfig levels 235 httpd on Configure Apache server Open the httpd configuration file vim /etc/httpd/conf/httpd.conf 30

LAMP : Linux, Apache, MySQL and PHP Install and Configure Apache Server (cont ) Un-comment the line containing the following text by removing # in the front NameVirutalHost *:80 31

LAMP : Linux, Apache, MySQL and PHP Install and Configure Apache Server (cont ) Restart Apache server service httpd restart Verify http port (port 80) is open netstat tulpn grep :80 32

LAMP : Linux, Apache, MySQL and PHP Install and Configure MySQL Install MySQL yum install mysql-server mysql php-mysql Php-mysql is for later PHP configuration Installing MySQL needs several dependencies. If errors occur during the resolving dependencies, the problem is usually from the installation and configuration of software repositories 33

LAMP : Linux, Apache, MySQL and PHP Install and Configure MySQL (cont ) Configure MySQL Set MySQL service to start on boot chkconfig -levels 235 mysqld on Start My SQL service service mysqld start Log in MySQL and set MySQL root password for local domains. mysql u root 34

LAMP : Linux, Apache, MySQL and PHP Install and Configure MySQL (cont ) The new-password in the following context is your MySQL root password This root password is independent to Linux root password, but it is recommended to put same password for convenience mysql>set PASSWORD FOR 'root'@'localhost' = PASSWORD('new-password'); mysql>set PASSWORD FOR 'root'@'localhost.localdomain' = PASSWORD('new-password'); mysql>set PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('newpassword'); mysql>exit * Please keep MySQL root password, you will use it several times later 35

LAMP : Linux, Apache, MySQL and PHP Disable Firewall Firewall The firewall is enabled by default Disable Firewall Disable and Apply 36

LAMP : Linux, Apache, MySQL and PHP Disable SElinux Disable SElinux Disable SElinux one time Setenforce 0 Disable permanently by open SElinux configuration file vim /etc/selinux/config Replace the context of SELINUX=enforcing to SELINUX=disabled 37

LAMP : Linux, Apache, MySQL and PHP Install and Configure PHP Install PHP yum install php Installing PHP needs several dependencies. If errors occur during the resolving dependencies, the problem is usually from the installation and configuration of software repositories 38

LAMP : Linux, Apache, MySQL and PHP Install and Configure PHP (cont ) Verify PHP step1 Open web browser and put URL below http://localhost/ The page should be shown as left picture even If doesn t shown as picture, please proceed with the verify PHP step2 39

LAMP : Linux, Apache, MySQL and PHP Install and Configure PHP (cont ) Configure PHP Create a new file vim /var/www/html/index.php with following context <?php phpinfo();?> 40

LAMP : Linux, Apache, MySQL and PHP Install and Configure PHP (cont ) Verify PHP step 2 Open web browser and put URL below again http://localhost/ The page now should be shown as left picture 41

LAMP : Linux, Apache, MySQL and PHP Install and Configure PHP (cont ) - configure phpmyadmin Install phpmyadmin yum install phpmyadmin 42

LAMP : Linux, Apache, MySQL and PHP Install and Configure PHP (cont ) - configure phpmyadmin Restart Apache HTTP server service httpd restart 43

LAMP : Linux, Apache, MySQL and PHP Install and Configure PHP (cont ) - configure phpmyadmin Verify phpmyadmin Open web browser and put URL http://localhost/phpmyadmin It will prompt for MySQL username and password. Use root and root password The page now should be shown as left picture 44

Scripts Language and Development Tools Install Perl and Python APIs in between OESS module, NOX module and other back-end programs are built by scripts language Perl and Python should be installed by default CentOS Installation If they are not installed, yum install perl and yum install python 45

Scripts Language and Development Tools Install Development Tools Development tool are used to build OVS-TOOL from source code gcc and make should be installed by default CentOS installation If they are not installed, yum install gcc and yum install make Install g++ yum install gcc-c++ Install RRD Tool yum install rrdtool 46

Controller OVS-TOOL and NOX Remote Web Browser HTTP OpenFlow protocol Controller OE-SS Core OE-SS Front Database HTTP Server Linux Server VM Existing OS Optional 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only 47

Controller OVS-TOOL Light-weighted controller uses Linux shell CLI to push flows It is part of OpenvSwitch, download openvswitch-*. tar.gz http://openvswitch.org/download/ OVS-TOOL is to fix a caveat from IU-revised NOX Use passive mode controller, ov-ofctl 48

Controller Build OVS-TOOL from Source Code Download OpenvSwitch compressed tar ball Unzip and Untar the tar ball tar zxvf openvswitch-1.2.2.tar.gz After unzip and untar it, a new directory openvswitch-1.2.2 created with source code The version may show differently depends on the version you downloaded Change working directory to openvswitch directory cd openvswitch-1.2.2 49

Controller Build OVS-TOOL from Source Code (cont ) Configure the environment for building the source code by following command./configure Pleas note there is a period before the slash in the above command Configuring the environment will take few seconds After configure is done, building the source code by follow command make Building the source code will take few seconds After building is done, install the execution images make install 50

Controller Build OVS-TOOL from Source Code (cont ) Verify ovs-tool installation cd /usr/local/bin Ls ovs-ofctl is under /usr/local/bin along with other OVS tools 51

Controller NOX First open source OpenFlow controller in the world but no CLI The NOX included in the OE-SS package is a revised version of NOX from Indiana University Download OE-SS rpm package tar.gz (oess-1.0.1-2-rpms.tar.gz) http://code.google.com/p/nddi/downloads/list Support OpenFlow Topology Discovery, but This version of NOX assumes any unmatched packet will send to controller MLXe, CES/CER drop any unmatched packet by default Use ovs-ofctl to push a flow into router to match packet with ethertype 0x88cc and send to controller 52

Controller Install NOX Unzip and Untar the oess-rpm tar ball tar zxvf oess-1.0.1-2-rpm.tar.gz After unzip and untar, 10 rpm files are generated Before install oess package, install required SNAPP-Collector yum install snappy.x86_64 53

Controller Install NOX (cont ) Install nox rpm yum install nox-0.9.2-2.el6.x86.64.rpm Use yum to install rpm instead of rpm ivh because yum will resolve all dependencies which hasn t been installed 54

SDN APPLICATION OE-SS Remote Web Browser HTTP OpenFlow protocol Controller OE-SS Core OE-SS Front Database HTTP Server Linux Server VM Existing OS Optional 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only 55

SDN APPLICATION OE-SS OE-SS is an OpenFlow based application which provides VLAN provisioning and Layer 2 data circuit management (oess-1.0.1-2-rpms.tar.gz) http://code.google.com/p/nddi/downloads/list OE-SS software includes Front-end GUI through Apache HTTP server Back-end core to access MySQL database APIs to communicate with NOX, HTTP server and database During the installation, web browser will be used to verify the installation, Firefox is recommended for web browser Sometimes IE may have problem to show the content correctly 56

SDN APPLICATION Install OE-SS Install OESS rpms in the order of yum install nddi*.rpm yum install perl-oess*.rpm yum install perl-oscar*.rpm yum install yui2*.rpm yum install oess-*.rpm Use yum install <*>.rpm instead of rpm ivh <*>.rpm because yum will resolve all dependencies which hasn t been installed 57

SDN APPLICATION Initial Configure OE-SS Start initial configuration of OESS /usr/bin/oess/setup.pl Initial configuration is semi-automated, it requires you answer several questions Answer Yes to following questions 58

SDN APPLICATION Initial Configure OE-SS (cont ) Always answer Yes to question of shall I follow them and prepend them to the queue of moduels we are processing in the initial configuration 59

SDN APPLICATION Initial Configure OE-SS (cont ) Type Enter key to show the list 60

SDN APPLICATION Initial Configure OE-SS (cont ) Answer Yes to proceed without changing the list It will start to configure them automatically with few seconds 61

SDN APPLICATION Initial Configure OE-SS (cont ) Ignore the warning messages warning (usually harmless) which may show several times 62

SDN APPLICATION Initial Configure OE-SS (cont ) Type Enter key to accept the default configuration for these three questions Host []: Port []: Admin user []: Admin Password is your mysql root password Type Enter key to accept the default configuration for these questions Answer Yes to create database oess and install schema Use mysql root password for easy configuration. You will have one unified password 63

SDN APPLICATION Initial Configure OE-SS (cont ) Answer localdomain Type Enter key to accept the default configuration for the location question Type Enter key to accept the default configurations for following location and time interval questions Answer No Create an user of OESS in addition to admin Your OESS username Your OESS user password Type the password again to confirm Recommend to use same mysql password Answer Yes to start the OESS service 64

SDN APPLICATION Verify OE-SS Installation Verify OESS step1 Open the web browser (Firefox) on the server and put URL, URL starts with https instead of http https://localhost/oess/admin/admin_ind ex.cgi OESS username and password will be prompted Type in OESS username and password you just created (not admin) in the initial configuration, and accept browser to remember the username and password The browser page shows warning of the untrusted connection Click on I Understand the Risks and Add Exception Click Confirm Security Exception when It prompt to Get Certificate 65

SDN APPLICATION Verify OE-SS Installation (cont ) Verify OESS step1 The OS3E page should be shown as left picture with no network record found 66

SDN APPLICATION Verify OE-SS Installation (cont ) Verify OESS step2 Type ifconfig to get IP address of the Linux server (usually it s interface eth0) Eth0 means first ethernet interface of your PC/server. Make sure you get the IP address of the correct interface 67

SDN APPLICATION Verify OE-SS Installation (cont ) Verify OESS step2 Open a remote web browser which is on another PC/server and put URL, URL starts with https https://<linux-serveripaddress>/oess/admin/admin_index.cgi Take same username, password, and certificate process 68

SDN APPLICATION Verify OE-SS Installation (cont ) The Installation of Linux Server, Controllers, and OE-SS is completed Next step is to configure the demonstration 69

SDN APPLICATION Verify OE-SS Installation (cont ) Sometimes not all oess services are started after initial configuration Verify the service status by service --status-all grep oess Pleas note there are two hyphen before status and one hyphen before all in the above command If some oess services are not running, restart oess service service oess restart Make sure all service are starting ok before next section Configuration of Demonstration 70

Configurations of Demonstration MLXe, CES/CER and OE-SS 71

OpenFlow Support Remote Web Browser HTTP OpenFlow protocol Controller OE-SS Core OE-SS Front Database HTTP Server Linux Server VM Existing OS Optional 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only 72

MLX OpenFlow Configuration Steps Step 1: Number of Flows Number of Flows MLX support ZERO flow entries by default User must configure the desired number flows upfront A reboot will be required to change the number of supported flows Changing the number of supported flows MLX(config)# system-max openflow-flow-entries <the number of flow entries> Any change in system-max commands requires system reboot Encrypted using SSL (optional) MLX OpenFlow Controller OpenFlow protocol OpenFlow system maximum Configuration: MLXe(config)# system-max openflow-flow-entries 4000 The default system configuration of supports zero flows. Configure system-max for OpenFlow and reboot the MLX is required. 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 73

MLX OpenFlow Configuration Steps Step 2: Enable OpenFlow on MLX Enabling OpenFlow v1.0 Enable OpenFlow Version 1.0.0 in Global Level MLX(config)# [no] openflow enable ofv100 Encrypted using SSL (optional) MLX OpenFlow Controller OpenFlow protocol OpenFlow Global Configuration: Enable openflow with specified version MLXe(config)# openflow enable ofv100 Enable OpenFlow v1.0.0 capabilities in global level. Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 74

MLX OpenFlow Configuration Steps Step 3: Connecting to a Controller Configure Connection Mode, Encryption Type, TCP port Encrypted using SSL (optional) MLX OpenFlow Controller OpenFlow protocol Active Mode MLX(config)# [no] openflow controller ip-address <controller-ip-address> [nossl] [port <port>] Most controllers requires active mode CLI command Supports the option of disabling SSL encryption. SSL is enabled by default Default TCP port for OpenFlow connection is 6633. TCP port number is user configurable. OpenFlow Global Configuration: Connection mode MLXe(config)# openflow controller ip-address 10.18.225.151 no-ssl Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only MLX supports up to 3 concurrent connections. Active mode requires configuration of IP address of Controller. SSL encryption is enabled by default. For easy configuration of demonstration, ssl is disabled. June 2012 75

MLX OpenFlow Configuration Steps Step 3: Connecting to a Controller (cont.) Passive Mode Passive mode is commonly used for debugging purpose. MLX(config)# [no] openflow controller passive [no-ssl] [controller-ip-address <IP>] [port <port>] Supports the option of disabling SSL encryption. SSL is enabled by default. Default TCP port for OpenFlow connection is 6633. Port number is user configurable. Encrypted using SSL (optional) MLX OpenFlow Controller OpenFlow protocol OpenFlow Global Configuration: Connection mode MLXe(config)# openflow controller passive no-ssl Passive mode does not require IP address of controller. SSL encryption is enabled by default. For easy configuration of demonstration, ssl is disabled. Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 76

MLX OpenFlow Configuration Steps Step 4: Enable OpenFlow on desired ports OpenFlow is enabled on a per-port basis MLX# (config-if-e10000-1/1)# [no] openflow enable <layer2 layer3> A port supports either layer2 (default) or layer3 matching mode Enable OpenFlow on multiple ports MLX# (config)# int e 1/1 to 1/4 MLX# (config-mif-1/1-1/4)# [no] openflow enable <layer2 layer3> Encrypted using SSL (optional) MLX OpenFlow Controller OpenFlow protocol OpenFlow Interface Configuration: MLXe(config)# int e 1/4 MLXe(config-if-e1/4)# openflow enable layer3 MLXe(config)#int e 1/1 to 1/3 MLXe(config-mif-1/1-1/3)# openflow enable MLXe(config-mif-1/1-1/4)# enable Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only Enables port e1/4 with OpenFlow Layer 3 mode Enables ports e1/1 to e1/3 in OpenFlow Layer 2 mode For this demonstration, configure ports in Layer 2 mode June 2012 77

MLX OpenFlow Configuration Steps Step 5: Show OpenFlow Configuration MLXe# show openflow Administrative Status: Enabled Controller Type: OFV 100 Number of Controllers: 2 Controller 1: Connection Mode: active Listening Address: 10.18.225.151 Connection Port: 6633 Controller 2: Connection Mode: passive Listening Address: 0.0.0.0 Connection Port: 6633 Match Capabilty: L2: Port, Source MAC, Destination MAC, Ether type, Vlan, Vlan PCP L3: Port, Vlan, Vlan PCP, Source IP, Destination IP, IP Protocol, IP TOS, IP Src Port, IP Dst Port Openflow Enabled Ports: e1/1 e1/2 e1/3 e1/4 Maximum number of flows allowed: 1000 Encrypted using SSL (optional) It shows the configuration of two controller connections One uses active mode to IP address 10.18.225.151 without SSL Another one uses passive mode without SSL Passive mode does not require an IP address (0.0.0.0) Both connectins use the deafult TCP port 6633 Matching fields supported by MLX Ports enabled with OpenFlow MLX OpenFlow Controller OpenFlow is enabled using version 1.0 (ofv100) OpenFlow protocol Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only Configured maximum number of flows June 2012 78

MLX OpenFlow Configuration Steps Step 5: Show OpenFlow Configuration(cont.) Display interface OpenFlow information: MLXe#show openflow interface Port Link Port-State Speed Tag MAC OF-portid Name Mode 1/1 Up Forward 1G Yes 0024.3888.0901 1 OF-PortA Layer2 1/2 Up Forward 1G Yes 0024.3888.0902 2 OF-PortB Layer2 1/3 Up Forward 1G Yes 0024.3888.0903 3 OF-PortC Layer2 1/4 Up Forward 1G Yes 0024.3888.0904 4 OF-PortD Layer3 Display Unique ID of OpenFlow-enabled Router: MLXe# show openflow datapath-id 0000002438880900 Encrypted using SSL (optional) MLX Port mode, i.e., either Layer 2 or Layer 3 OpenFlow Controller OpenFlow protocol OpenFlow does not have the notion of slots on a modular system. OpenFlow defines port numbers (OF-portid) sequentially from 1. On the MLX, 48 OpenFlow ports are reserved per slot. Slot 1 has OpenFlow ports 1-48, slot 2 has OpenFlow ports 49-96, and so on. If an interface is not enabled for OpenFlow, the respective OF-portid will not be used. Unique ID of the OpenFlow-enabled router. Some Controllers require Datapath ID to Identify routers Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 79

MLX Connections to Controller Step 6: Check Controller Connections Check IP TCP connections : MLXe# show ip tcp connections Total 3 TCP connections LISTEN: 2; SYN-SENT: 0; SYN-RECEIVED 0; ESTABLISHED: 1; FIN-WAIT-1: 0 FIN-WAIT-2: 0; CLOSE-WAIT: 0; LAST-ACK 0; CLOSING: 0; TIME-WAIT: 0 Local IP address:port <-> Remote IP address:port TCP state RcvQue RxBuffe SendQue TxBuffe 10.18.225.122 8817 10.18.225.151 6633 ESTABLISHED 5 320 5 320 Encrypted using SSL (optional) MLX OpenFlow Controller OpenFlow protocol Router: mgmt IP address 10.18.225.122 TCP 8817 Controller: IP address 10.18.225.151 TCP 6633 Connection State: Established This is the operational state of the connection between the Controller and the router. DO NOT confuse with Connection Mode in slide 78. Active/Passive Connection Mode is a configuration instead of the operational state. Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 80

MLX Display OpenFlow Flow Entries Step 7: Show OpenFlow Flows Display OpenFlow flows: MLXe#show openflow flows Total Number of Flows: 2 Encrypted using SSL (optional) MLX OpenFlow Controller OpenFlow protocol Flow ID: 1 Priority: 32768 Status: Active Rule: In Port: e1/1 In Vlan: Tagged[20] Source Mac: 0000.0000.0000 Destination MAC: 0000.0000.0000 Action: FORWARD Out Port: e1/2 Out VLAN: Tagged[20] Out Port: e1/3 Out VLAN: Tagged[30] Statistics: Total Packets:302450 Total Bytes: 38713600 Flow 1 Priority of Flow: 32768 Matching rule Port e1/1, VLAN ID 20 Actions Forward to port 1/2, VLAN ID 20 (keep as 20) Forward to port 1/3, VLAN 30 Flow 1 statistics 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 81

MLX OpenFlow Configuration Steps Optional Steps: Enable Optional Feature Enabling Sending unmatched packets to Controller MLX(config)# [no] openflow default send-to-ctrlr Encrypted using SSL (optional) MLX OpenFlow Controller OpenFlow protocol OpenFlow Global Configuration: Enable optional feature of sending unmatched packets to controller MLXe(config)# openflow default send-to-ctrlr This optional feature is strongly not recommend, but it can help a scenario mentioned in slide 96 if ovs-tool doesn t work Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 82

CES/CER OpenFlow Configuration Steps Step 1: Enable OpenFlow on CES/CER Scaling CES/CER supports up to 4000 flow entries by default NO configuration of system-max command Enabling OpenFlow v1.0 CES-CER(config)# [no] openflow enable ofv100 [src-mac] CES/CER supports matching fields with either destination MAC address along with other fields in Ethernet header or source MAC address along with the other fields because of the hardware limitation. Matching destination MAC address is by default. Option src-mac provides the option of matching source MAC address. OpenFlow Global Configuration: Enable openflow with specified version CER(config)# openflow enable ofv100 Encrypted using SSL (optional) CES/CER OpenFlow Controller Enabled OpenFlow version 1.0 (ofv100) with default Layer 2 mode (maching on DST MAC) OpenFlow protocol Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 83

CES/CER OpenFlow Configuration Steps Step 2: Connecting to a Controller Configure Connection Mode, Encryption Type, TCP port (Active mode including Controller IP address) Active Mode CES-CER(config)# [no] openflow controller ip-address <controller-ipaddress> [no-ssl] [port <port>] Supports the option of disabling SSL encryption, SSL by default. Default SSL/TCP port for OpenFlow connection is 6633. Port number is user configurable OpenFlow Global Configuration: Connection mode CER(config)# openflow controller ip-address 10.18.225.148 no-ssl Encrypted using SSL (optional) CES/CER OpenFlow Controller OpenFlow protocol CES/CER supports up to 3 concurrent connections. Active mode requires configuration of IP address of Controller. SSL encryption is enabled by default For easy configuration of demonstration, ssl is disabled Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 84

CES/CER OpenFlow Configuration Steps Step 2: Connecting to a Controller(cont.) Passive Mode Passive mode is commonly used for debugging by engineering In common practice, no need to configure passive mode in customers setup CES-CER(config)# [no] openflow controller passive [no-ssl] [ip-address <controller-ip-address>] [port <port>] Encryption type supports either SSL (default) or no encryption Default TCP port for OpenFlow connection is 6633. TCP port number can be user-configured with this CLI. Controller needs to make the change respectively OpenFlow Global Configuration: Connection mode CER(config)# openflow controller passive no-ssl Encrypted using SSL (optional) CES/CER OpenFlow Controller OpenFlow protocol Passive mode does not require IP address of controller SSL encryption is enabled by default For easy configuration of demonstration, ssl is disabled Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 85

CES/CER OpenFlow Configuration Steps Step 3: Enable OpenFlow on desired ports OpenFlow is enabled on a per-port basis CES-CER# (config-if-e10000-1/1)# [no] openflow enable A port supports layer2 mode only. A layer3 mode similar to MLX is in planning for a future release. Enable OpenFlow on multiple ports CES-CER# (config)# int e 1/1 to 1/4 CES-CER# (config-mif-1/1-1/4)# [no] openflow enable Encrypted using SSL (optional) CES/CER OpenFlow Controller OpenFlow protocol OpenFlow Interface Configuration: CER(config)#int e 1/1 to 1/4 CER(config-mif-1/1-1/4)# openflow enable CER(config-mif-1/1-1/4)# enable Enables openflow ports e1/1 to e1/4 in Layer 2 mode Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 86

CES/CER OpenFlow Configuration Steps Step 4: Show OpenFlow Configuration Display General OpenFlow configuration: CER# show openflow Administrative Status: Enabled Controller Type: OFV 100 Number of Controllers: 2 Controller 1: Connection Mode: active Listening Address: 10.18.225.148 Connection Port: 6633 Controller 2: Connection Mode: passive Listening Address: 0.0.0.0 Connection Port: 6633 Match Capabilty: Port, Destination MAC, Ether type, Vlan, Vlan PCP Openflow Enabled Ports: e1/1 e1/2 e1/3 e1/4 Encrypted using SSL (optional) OpenFlow is enabled using version 1.0 (ofv100) It shows the configuration of two controller connections One uses active mode to IP address 10.18.225.148 without SSL another one uses passive mode without SSL Passive mode does not require an IP address (0.0.0.0) Both connectins use the deafult TCP port 6633 Matching fields supported by CES/CER Interfaces Ports enabled with with OpenFlow enabled. CES/CER OpenFlow Controller OpenFlow protocol Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 87

CES/CER OpenFlow Configuration Steps Step 4: Show OpenFlow Configuration(cont.) Display interface OpenFlow information: CER#show openflow interface Port Link Port-State Speed Tag MAC OF-portid Name Mode 1/1 Up Forward 1G Yes 001b.eda4.1cc1 1 OF-PortA Layer2 1/2 Up Forward 1G Yes 001b.eda4.1cc2 2 OF-PortB Layer2 1/3 Up Forward 1G Yes 001b.eda4.1cc3 3 OF-PortC Layer2 1/4 Up Forward 1G Yes 001b.eda4.1cc4 4 OF-PortD Layer2 Display Unique ID of OpenFlow-enabled Router: CER# show openflow datapath-id "0000001beda41cc0 Encrypted using SSL (optional) Port mode, Layer 2 mode only CES/CER OpenFlow Controller OpenFlow protocol OpenFlow does not have the notion of slots on a modular system. OpenFlow defines port numbers sequentially from 1. Port 0 is the controller itself. 10G ports of CES/CER are on slot 2. On the CES/CER, 48 OpenFlow ports are reserved for 1G ports. Slot 1 has OpenFlow ports 1-48, slot 2 has OpenFlow ports 49-50. If an interface is not enabled for OpenFlow, the respective OF-portid will not be used. Unique ID of the OpenFlow-enabled router. Some Controllers require Datapath ID to Identify routers Note: Display is subjected to change 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 88

CES/CER OpenFlow Configuration Steps Step 5, 6, and optional feature The CLI commands of checking controller connection, displaying OpenFlow flow entries and enabling optional feature are same as MLX Please refer to MLX slides Encrypted using SSL (optional) CES/CER OpenFlow Controller OpenFlow protocol 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 89

OE-SS Demo Configuration Remote Web Browser HTTP OpenFlow protocol Controller OE-SS Core OE-SS Front Database HTTP Server Linux Server VM Existing OS Optional 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only 90

Demonstration Configuration Steps Example Topology for OE-SS Configuration Mgmt network Controller/OE-SS server 10.25.129.111 MLXe1 10.25.129.112 10G CER1 10.25.129.114 10G CER2 10.25.129.115 1/1 San Jose Indianapolis 1/3 New York 100G MLXe2 10.25.129.113 10G Traffic generator Dallas 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 91

Demonstration Configuration Steps Example Topology for OE-SS Configuration Mgmt network Controller/OE-SS server 1/1 MLXe1 10.25.129.112 CER2 10.25.129.115 10G CER1 10.25.129.114 10G 1/3 1/1 1/2 1/1 San Jose 1/2 1/2 Indianapolis VLAN 700 VLAN 800 100G MLXe2 10.25.129.113 10G New York 1/3 Traffic generator 1/1 1/2 Dallas 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 92

Demonstration Configuration Steps Preparation: Collect Information from the Topology Prepare a table from topology Chassis Mgmt IP Address Datapath ID* * Datapath ID of each router can be found by CLI show openflow datapath-id Ports connect to other chassis MLXe1 10.25.129.112 <mlxe1-dp-id> 1/2 MLXe2 1/1 1/3 CER1 MLXe2 10.25.129.113 <mlxe2-dp-id> 1/1 MLXe1 N/A 1/2 CER2 CER1 10.25.129.114 <cer1-dp-id> 1/1 MLXe1 N/A 1/2 CER2 CER2 10.25.129.114 <cer2-dp-id> 1/1 CER1 1/3 1/2 MLXe2 Ports to traffic generator 93

Demonstration Configuration Steps Preparation: Collect Information from the Topology (cont ) Convert the topology table in previous slide to circuit table Provision Circuits* Circuit 1: 1G data circuit Paths In The Circuit Links Per Path In The Circuit Endpoints Of The Circuit (Edge VLAN Ports) Primary path MLXe1_1/2 to MLXe2_1/1 MLXe1_1/1 VLAN 700 MLXe2_1/2 to CER2_1/2 CER2_1/3 VLAN 800 Backup path MLXe1_1/3 to CER1_1/1 MLXe1_1/1 VLAN 700 CER1_1/2 to CER2_1/1 CER2_1/3 VLAN 800 These two tables are useful references when configuring OE-SS * More circuits can be planned in the same topology. Plan new circuits by following this table. The example of demonstration from slide 114 to 123 configures two circuits. 94

Demonstration Configuration Steps Step 1: Configure OpenFlow on MLXe and CER Configure OpenFlow on MLXe and CER according to slides 73-89 Both active and passive connections are required NOX uses active connection to push flows Ovs-ofctl uses passive connection to push flows In the configuration of active connection, controller-ip-address is Linux server IP address No need to configure controller-ip-address in passive connection Configure OpenFlow ports in Layer 2 mode 95

Demonstration Configuration Steps Step 2: Push Topology Discovery Flow by OVS-OFCTL Push Topology Discovery flow to every NetIron router in the demonstration Open Terminal in Linux and type following CLI ovs-ofctl add-flow tcp:<router-mgmt-ip-address> dl_type=0x88cc actions=output:65533 The flow matches packets with Ethertype 0x88cc and forwards the matched packets to controller Verify the addition of the flow by show openflow flows in every router If it doesn t work for some reason, configure send-to-ctrlr option in NetIron routers Send-to-ctrlr option will send every unmatched packets to controller 96

Demonstration Configuration Steps Step 2: Push Topology Discovery Flow by OVS-OFCTL (cont ) Verify topology discovery flows: NetIron#show openflow flows Total Number of Flows: 1 Flow ID: 1 Priority: 32768 Status: Init Rule: Ether type: 0x88cc Action: FORWARD Out Port: send to controller Statistics: Total Bytes: 0 Matching rule Ether type is 0x88cc Action Forward to controller 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 97

Demonstration Configuration Steps Step 3: Configure Routers And Links in OE-SS Go to the remote web browser (Firefox) to connect to OESS as described in slide 65 Please note that Microsoft Internet Explorer sometimes not shows content correctly Click on Discover tab on the left panel Routers discovered by NOX will show on this page MLXe1, MLXe2, CER1 and CER 2 in slide 91 should be shown with random names here. Datapath ID is the key to Identify them Your reference table in the preparation step can help you with identification of each router Click on each device to input the correct name 98

Demonstration Configuration Steps Step 3: Configure Routers And Links in OE-SS (cont ) Once the routers are discovered, the links between them are discovered The blue bulk links in slide 91 should be shown in here Click on each link (endpoint A to enpoint Z) to give a name. For example, CER1 (1/2) to CER- 11-3(1/8) CER1_1_2_to_CER2_1_8 99

Demonstration Configuration Steps Step 4: Configure User in OE-SS Create an admin user Create admin admin account in oess and assign root of Linux to this account. Create an user in OE-SS besides admin if the user already has user account in Linux (created in the Linux installation), then assign the user name in Linux to this account 100

Demonstration Configuration Steps Step 4: Configure User in OE-SS (cont ) Create an OESS user besides admin that the user account was not created during Linux installation. Back to Terminal, create a Linux user first useradd <new-linux-user-name> Add password for the new user passwd <new-linux-user-name> Add password for the new user for httpd htpasswd n <new-linux-user-name> Keep the output of htpasswd (copy) 101

Demonstration Configuration Steps Step 4: Configure User in OE-SS (cont ) Save the username and password in oess frontend service vim /usr/share/oessfrontend/www/.htpasswd Paste the previous output behind the existing user accounts Please note that there is a period before htpasswd in the above command The purpose of this process is to synchronize the user account in Linux to MySQL and OE- SS, so OE-SS can recognize the user in database. Otherwise, the user added in OE-SS can t access the workgroup and data circuit information in the database Follow 2 nd half of slide 100 to add newly created Linux user in OE-SS 102

Demonstration Configuration Steps Step 5: Configure Workgroup in OE-SS Click on Workgroup tab on the left panel to go to Workgroup page Create a new Workgroup Add a user in workgroup that user account is created in OESS already. Add Edge Ports will open the world map. Click on a node in the map, the edge ports of that node are listed. Choose one the listed edge ports to add them in the workgroup Edge ports are the green ports in slide 91 103

Demonstration Configuration Steps Step 6: Configure Data Circuit in OE-SS Enter the workgroup page Workgroup tab from the admin page (or https://<controller-ipaddress>/oess/index.cgi) with Username and password of root just added as admin or Username and password of the newly created user 104

Demonstration Configuration Steps Step 6: Configure Data Circuit in OE-SS (cont ) If login as admin earlier, prefer to login as the different user Clear the cache (username and password saved along with the URL) of the web browser In Firefox, click on Tools -> Clear recent history -> Clear Now Enter the workgroup page Workgroup tab from the admin page (or https://<controller-ipaddress>/oess/index.cgi) again with the username and password of the preferred user 105

Demonstration Configuration Steps Step 6: Configure Data Circuit in OE-SS (cont ) Click on New Circuit Input the circuit name. Reserved bandwidth doesn t have any function, enter the maximum bandwidth of that link. For example, 10G = 10000) You may need to explain to customers in demo why bandwidth is 0 if you don t change it OpenFlow v1.0 doesn t support QinQ, choose point to point tagging After above steps are done, click on Proceed to Step2: Endpoints 106

Demonstration Configuration Steps Step 6: Configure Data Circuit in OESS (cont ) Click on any node on the map. A list of edge ports which are previously set appears on the Interface window. Configure endpoints of data circuits Choose e1/1 of MLXe1 and e1/3 of CER2 configuring with different VLAN tags (VLAN700 and VLAN 800) It means the data circuit ingress e1/1 of MLXe1 with VLAN 700 tag and egress e1/3 of CER2 with VLAN 800 tag, vice versa After above steps are done, click on Proceed to Step3: Primary Path on the top right corner 107

OE-SS Configuration Steps Step 7: Configure Primary Path and Backup Path in OE-SS Choose the primary path between the endpoints by clicking the intermediate links on the graph. They will appear on the Primary Path window. After above steps are done, click on Proceed to Step4: Backup Path on the top right corner Similar to above step, choose the backup path 108

OE-SS Configuration Steps Step 7: Configure Primary Path and Backup Path in OE-SS (cont ) After above steps are done, click on Proceed to Step5: Scheduling on the top right corner 109

OE-SS Configuration Steps Step 7: Configure Primary Path and Backup Path in OE-SS (cont ) Choose Now in the question of when provision this circuit Choose Never in the question of when remove this circuit After above steps are done, click on Proceed to Step6: Provisioning on the top right corner 110

OE-SS Configuration Steps Step 8: Verify Configurations Verify the information of Primary Path (yellow) and Backup Path (dark green) After verify everything is correct, then click Submit Circuit Request Then the information is stored in database. After submit, the configuration is completed Send traffic between endpoints to verify configuration of routers and OE-SS. Statistics chart on the OE-SS page may show in incorrect scale with pre-beta NetIron images 111

Demonstration Configuration Steps Optional Step1: Restart OE-SS Service For the first time configuration, OE-SS service started by initial configuration If the server later is shut down after demonstration, Apache server and MySQL server are configured to restart along with CentOS reboot In case they do not restart, service httpd start and service mysqld start But OE-SS service need to restart manually Open Terminal in CentOS and input service oess start The circuit configuration is saved in the database, In case the OE-SS service malfunction for some reason in the future use, restart OESS service by service oess restart 112

Integration of NOX, OE-SS, and MLXe/CES/CER Example of Demonstration 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 113

Demonstration of Integration Test Dynamically Provisioning the Data Circuit Mgmt network Controller/OE-SS server San Jose 10G 100G Indianapolis 10G 10G New York Traffic generator Dallas 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 114

Demonstration of Integration Test Dynamically Provisioning the 1G Data Circuit Mgmt network Controller/OE-SS server 10G 10G San Jose VLAN 100 100G Indianapolis 10G VLAN 200 New York Traffic generator Dallas 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 115

Demonstration of Integration Test Dynamically Provisioning the 10G Data Circuit Mgmt network Controller/OE-SS server San Jose VLAN 300 10G 100G Indianapolis 10G 10G VLAN 400 New York Traffic generator Dallas 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 116

Primary 1G Circuit: SJ DALLAS NY 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 117

Secondary 1G Circuit: SJ INDIANAPOLIS NY 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 118

Primary 10G Circuit: SJ DALLAS 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 119

Secondary 10G Circuit: SJ INDIANAPOLIS NY DALLAS 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 120

Seamless Network Management Traffic Monitoring by BNA : Showing Traffic Failover in San Jose Node You can use MIB objects used to monitor Port Utilization via graphs Input EtherPortUtilization 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only 121

Summary Key Takeaways from The Demonstration Integration of SDN application, OpenFlow Controller, and NetIron platforms Flow management in WAN by VLAN provisioning and VLAN translation Interoperate with any OpenFlow Controller which supports OpenFlow v1.0 NetIron platforms support OpenFlow from 1GbE to 100GbE in full wire speed Wire speed performance by hardware implementation of OpenFlow forwarding plane Accessible by software upgrade without extra licensing Supported on existing 1GbE to 100GbE interface modules 122

Summary Key Takeaways from The Demonstration (cont ) Hybrid Switch Mode Both classical switching/routing features and OpenFlow coexist in one platform Separation of classical switching/routing network and OpenFlow network 123

SDN/OpenFlow and Linux References 2012 Brocade Communications Systems, Inc. PROPRIETARY AND CONFIDENTIAL For Internal Use Only June 2012 124

Reference External Reference CentOS wiki http://wiki.centos.org/ Deployment guide of Redhat Linux http://docs.redhat.com/docs/en- US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/ OpenFlow wiki http://www.openflow.org/wk/index.php/openflow_wiki OE-SS wiki http://code.google.com/p/nddi/ 125

Reference External Reference (cont ) Google, Bing, Yahoo and etc SDN, OpenFlow, Controller, Linux are all Open Source, many information is in the Internet Post questions in the OpenFlow and Linux forums to get help from experts all over the world In Linux, man <linux CLI command> Manual of ovs-xxx describes how to use ovs-tools 126

Reference External Reference (cont ) Why do we need ovs-tool if send-to-ctrlr is configurable in NetIron routers (note : send-to-ctrlr will send all unmatched packets on the router to the controller) It is not recommended to send all unmatched packets to controller, it may render the controller busy by overwhelming it with unmatched packets NOX controller needs to receive topology discovery packets only from routers in this demonstration Ovs-ofctl (passive) and ovs-controller (active) are useful light-weight controllers for quick testing and easy debugging by pushing any type of flows Ovs-tool is not only for this demonstration, but can also be used for future use when working with customers. 127

Reference Internal Reference FlightDeck SDN Launch Page From Business-focused materials to technical arsenals https://www.gosavo.com/brocade/post/post.aspx?id=22121658&view= FlightDeck SDN-OpenFlow A Path to Programmable Networks https://www.gosavo.com/brocade/document/document.aspx?id=10804065&view=&srlid=13201589&srisprm=f alse&sritidx=1&srpgidx=1&srpgsz=50 OpenFlow SE Webcast https://www.gosavo.com/brocade/post/post.aspx?id=15303045&view=&srlid=13201609&srisprm=false&sritidx =0&srpgidx=1&srpgsz=50 MLXe, CES/CER OpenFlow DeepDive Will roll out soon 128

Reference Internal Reference (cont ) This demonstration has been done in Internet2 Spring Member Meeting in Arlington, VA, April 22 25, 2012. Many thanks to Internet2 account team for their efforts to make this demonstration happen at Internet2 Spring Member Meeting, 2012 Sales SEs : Katrine Helgeson, Doug Patterson : Doug Hampton, David Paliga 129

Thank You 2012 Brocade Communications Systems, Inc. CONFIDENTIAL For Internal Use Only 130