OVS Configuration Guide

PicOS 2.2.0 March 2014 This document provides the configuration commands for OVS of PicOS 2.2.0

Copyright 2012-2014 Pica8, Inc. All rights reserved. Pica8, Inc. makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The information is provided as is without warranty of any kind and is subject to change without notice. OVS Configuration Guide for PicOS 2.2.0

Table of Contents PREFACE... 5 Intended Audience...5 Websites...5 Organization...5 CHAPTER 1. OVERVIEW... 6 PicOS OVS Feature List...6 CHAPTER 2. SYSTEM MANAGEMENT CONFIGURATION... 7 Overview...7 Boot Process...7 Default Login...9 Modifyint the Mode via the Configuration File...9 Modify the Pica8 Mode via an interactive Script... 10 Troubleshooting the PicOS Mode... 12 CHAPTER 3. CONFIGURATION OPEN VSWITCH... 13 Overview... 13 Creating a bridge and adding ports to the bridge... 13 Connecting to an OpenFlow controller... 14 Configuring the link speed of the port... 14 Configuring the 802.1Q and trunk port... 14 Configuring the sflow... 15 Configuring the NetFlow... 15 Configuring the Mirroring... 16 Configuring the IPv4 flows... 16 Configuring GRE tunnel... 17 Configuring the MPLS... 17 Configuring the LAG and LACP ports... 18 Configure the group table... 20 Configure the meter... 21 Configure the possibility to have egress interface to be the ingress interface... 22 Configure the pbb... 22 Configure the qos/queue... 23 Configure the ecmp... 23 Configure the qinq... 24 TCAM Match Mode Configuration... 24 QoS mapping... 25 Enable Loopback Interface... 25 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 3

Table of Contents CHAPTER 4. CONFIGURATION EXAMPLE... 26 Configure 802.1Q VLAN... 26 Configure GRE tunnel... 27 Configure one Label MPLS network... 28 Configure Multiple Virtual Bridge in System... 31 Configure ECMP... 31 CHAPTER 5. OVS WEB USER INTERFACE... 32 Login Interface... 32 Adding a Bridge... 32 Add or Edit a Controller... 33 Add a Port... 34 Edit Lag Interface... 35 Add GRE Port... 36 Add Group Table... 36 Edit Flow Tables... 37 Monitor... 37 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 4

Preface Intended Audience This guide is intended for data center administrators, system administrators and customer service staffs who are responsible for configuring the PicOS Open vswitch (OVS). Websites The PicOS documents are available at the following website: http://www.pica8.com/portal/login.php Open vswitch software documents are available at the following website: http://openvswitch.org/ Open flow documents are available at the following website: http://www.openflow.org/ Organization The configuration guide is organized as following: Chapter Chap 1, Overview. Chap 2. System update and boot Chap 3. Configuration Open vswitch. Chap 4. Configuration Example. Descriptions Overview of the PICA8 switch. How to update and boot the system How to configure OVS Give examples of various configurations. 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 5

Chapter 1. Overview This chapter provides an overview of the features of PicOS OVS. Open vswitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. PicOS OVS is the implementation of Open vswitch on PICA8 hardware. PicOS OVS Feature List PicOS OVS supports the following features: Table 1-1 PicOS OVS Feature List Supporting for NetFlow, sflow Supporting for Standard 802.1Q VLAN model with trunking Supporting for link monitoring Supporting for MPLS, GRE Supporting for multiple virtual bridges 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 6

Chapter 2. System Management Configuration Overview This chapter describes the boot process and the mode selection. Pica8 switches run in two different modes: Open vswitch mode (OVS) Layer 2 / Layer 3 mode (L2/L3) In OVS mode, the L2/L3 daemon is not running; only OVS is accessible. Boot Process You can follow the boot process via the console port. Verify that the switch is connected to the console port with the correct baud rate, data bits value, and stop bits value. The baud rate is 115200. The data bits value is 8. The stop bits value is 1. A common output for a boot-up is shown below as an example: U-Boot 1.3.0 (Mar 8 2011-16:39:03) CPU: 8541, Version: 1.1, (0x80720011) Core: E500, Version: 2.0, (0x80200020) Clock Configuration: CPU: 825 MHz, CCB: 330 MHz, DDR: 165 MHz, LBC: 41 MHz L1: D-cache 32 kb enabled I-cache 32 kb enabled I2C: ready DRAM: Initializing initdram robin1 initdram robin2 robin before CFG_READ_SPD robin after CFG_READ_SPD initdram robin3 DDR: 512 MB FLASH: 32 MB L2 cache 256KB: enabled In: serial Out: serial Err: serial Net: TSEC0, TSEC1 IDE: Bus 0: OK Device 0: Model: CF 512MB Firm: 20060911 Ser#: TSS25016070309051750 Type: Hard Disk Capacity: 495.1 MB = 0.4 GB (1014048 x 512) Hit any key to stop autoboot: 5 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 7

Note: To modify the baud rate of the switch, enter U-Boot and modify the baud rate or other parameters. Example: U-Boot 1.3.0 (Sep 8 2010-17:20:00) CPU: 8541, Version: 1.1, (0x80720011) Core: E500, Version: 2.0, (0x80200020) Clock Configuration: CPU: 825 MHz, CCB: 330 MHz, DDR: 165 MHz, LBC: 41 MHz L1: D-cache 32 kb enabled I-cache 32 kb enabled I2C: ready DRAM: Initializing DDR: 512 MB FLASH: 32 MB L2 cache 256KB: enabled Set ethaddr MAC address = c8:0a:a9:04:49:1a Set eth1addr MAC address = c8:0a:a9:04:49:1b In: serial Out: serial Err: serial Net: TSEC0, TSEC1 IDE: Bus 0: OK Device 0: Model: CF Card Firm: Ver2.35 Ser#: 7DF70707030700224009 Type: Hard Disk Capacity: 1923.9 MB = 1.8 GB (3940272 x 512) Hit any key to stop autoboot: 0 [Interrupt the Boot sequence to enter the U-boot mode.] => => => printenv flash_bootcmd=setenv bootargs root=/dev/ram console=ttys0,$baudrate; bootm ffd00000 ff000000 ffee0000 cfcard_bootcmd=setenv bootargs root=/dev/ram console=ttys0,$baudrate; ext2load ide 0:1 0x1000000 /uimage;ext2load ide 0:1 0x2000000 /uinitrd2m;ext2load ide 0:1 0x400000 /LB9A.dtb;bootm 1000000 2000000 400000 bootdelay=5 baudrate=115200 loads_echo=1 rootpath=/nfsroot netmask=255.255.255.0 hostname=lb9a_x loadaddr=4000000 ethact=tsec0 ipaddr=10.10.50.60 gatewayip=10.10.50.1 serverip=10.10.50.16 bootfile=u-boot.bin filesize=100000 fileaddr=2000000 => setenv baudrate115200 => saveenv Saving Environment to Flash... Un-Protected 1 sectors Erasing Flash.... done Erased 1 sectors Writing to Flash... done Protected 1 sectors => reset 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 8

Do not interrupt the default boot process unless you are upgrading, fixing the file system, or changing the console port settings (see documentation about upgrading or downgrading a Pica8 Switch). Default Login PicOS can run in two different modes: Open vswitch mode (OVS). In this mode the switch is completely dedicated to Open vswitch. Layer 2 / Layer 3 mode (L2/L3). The default mode used for traditional Layer 2 / Layer 3 switch/routing and for OpenFlow operation which is mostly a superset of the OVS mode with L2/L3 capacities. In OVS mode, the L2/L3 daemon is not running; only OVS is accessible. The system has two default users: root and admin. The default password for both is pica8. If you login as root, the system defaults to a Linux shell with Linux root privileges. If you login as admin, you will log into the L2/L3 Shell (also called XORP Shell). The following section describes how to change the PicOS mode of operation (From L2/L3 to OVS or OVS to L2/L3). Modifying the Mode via the Configuration File The PicOS main configuration file can be found at : /etc/picos/picos_start.conf To change the mode (OVS or L2/L3), you have to change the Option picos_start in this file (via an editor like vi) and restart the PicOS Service. With this option, the system is in OVS mode. picos_start=ovs With this option, the system is in L2/L3 mode (or XORP Plus). picos_start=xorpplus Once the configuration file is updated, you must restart the PicOS service to activate the modification (or restart the switch). To restart the PicOS service, use the command: service picos restart Now you can start the OVS. First, you should specify the configuration database file, which contains the configurations needed for OVS initialization. You only need to create it once; the created file is stored in /ovs/ovs-vswitchd.conf.db. The result should look like this: ovsdb-tool create/ovs/ovs-vswitchd.conf.db/ovs/share/openvswitch/vswitch.ovsschema Nov 13 06:55:55 00001 lockfile INFO /ovs/.ovs-vswitchd.conf.db.~lock~: lock file does not exist, creating Second, configure how to get the IP address of the management interface eth0 and its gateway. It could be either DHCP: udhcpc udhcpc (v1.13.3) started Sending discover... Sending select for 10.10.50.215... Lease of 10.10.50.215 obtained, lease time 3600 PHY: 24520:01 - Link is Up - 1000/Full 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 9

Or configure them manually: ifconfig eth0 10.10.50.215 netmask 255.255.255.0 up route add default gw 10.10.50.1 Then, start the OVS database server. The parameters that you need to enter are (1) the configuration database file and (2) the connecting way. ovsdb-server /ovs/ovs-vswitchd.conf.db --remote=ptcp:6633:10.10.50.215 & Last, start the OVS daemon. ovs-vswitchd tcp:10.10.50.215:6633 --pidfile=ovs-vswitchd.pid --overwrite-pidfile > /var/log/ovs.log 2>/dev/null & Modify the Pica8 Mode via an interactive Script Another option to modify the PicOS mode (OVS or L2/L3) is to use the built-in interactive script that will modify the PicOS configuration file automatically. If you want to change the PicOS boot mode (from L2/L3 to OVS for example), log in as root and use the command picos_boot. The switch will display the software menu as follows: XorPlus login: root Password: root@xorplus#picos_boot Please configure the default system start-up options: (Press other key if no change) [1] PicOS L2/L3 [2] PicOS Open vswitch/openflow [3] No start-up options * default Enter your choice (1,2,3): Option 1, PicOS L2/L3, is Xorplus, after a reboot PicOS will load Xorplus. Option 2, PicOS Open vswitch/openflow, is an open source project ported to PicOS (refer to PicOS OVS Configuration Guide for details). After a PicOS reboot, option 2 loads Open vswitch (OVS). This configuration guide describes the behavior of PicOS in OVS Mode (Option 2). After that, enter the OVS CLI as following: Open vswitch is selected Note: Defaultly, the OVS server is runned with static local management IP and port 6633. The default way of vswitch connecting to server is PTCP. If you do not want default configuration, choose manual start! Do you want start the OVS by manual? (yes/no) 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 10

(2) How to start the OVS manually You can choose to start the OVS either manually or automatically. For a manual start-up, type yes when prompted. The resulting screen should look like this: Do you want start the OVS by manual? (yes/no) yes You need start the OVS by manual! Now you can start the OVS. First, you should specify the configuration database file, which contains the configurations needed for OVS initialization. You only need to create it once for the created file to be stored in /ovs/ovs-vswitchd.conf.db. The result should look like this: ovsdb-tool create/ovs/ovs-vswitchd.conf.db/ovs/share/openvswitch/vswitch.ovsschema Nov 13 06:55:55 00001 lockfile INFO /ovs/.ovs-vswitchd.conf.db.~lock~: lock file does not exist, creating Second, configure how to get the IP address of the management interface eth0 and its gateway. It could be either DHCP: udhcpc udhcpc (v1.13.3) started Sending discover... Sending select for 10.10.50.215... Lease of 10.10.50.215 obtained, lease time 3600 PHY: 24520:01 - Link is Up - 1000/Full Or configure them manually: ifconfig eth0 10.10.50.215 netmask 255.255.255.0 up route add default gw 10.10.50.1 Then, start the OVS database server. The parameters that you need to enter are (1) the configuration database file and (2) the connecting way. ovsdb-server /ovs/ovs-vswitchd.conf.db --remote=ptcp:6633:10.10.50.215 & Last, start the OVS daemon. ovs-vswitchd tcp:10.10.50.215:6633 --pidfile=ovs-vswitchd.pid --overwrite-pidfile > /var/log/ovs.log 2>/dev/null & (3) How to start the OVS by system (automatic) If you choose to start the OVS software by system, follow these steps: root@xorplus#picos_boot Please configure the default system start-up options: (Press other key if no change) [1] PicOS L2/L3 [2] PicOS Open vswitch/openflow [3] No start-up options * default Enter your choice (1,2,3):2 Open vswitch is selected. Note: Defaultly, the OVS server is runned with static local management IP and port 6633. The default way of vswitch connecting to server is PTCP. 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 11

If you do not want default configuration, choose manual start! Do you want start the OVS by manual? (yes/no) no You are prompted to enter parameters at each step: Please set a static IP and netmask for the switch (e.g. 128.0.0.10/24) : 10.10.50.215/24 Please set the gateway IP (e.g 172.168.1.2):10.10.50.1 Waitting for eth0 up... Done! Adding the gateway... route: SIOCADDRT: File exists Run the ovsdb-server with 10.10.50.215 and port 6633 with ptcp... Waitting for ovsdb-server... Done! Run the ovs-vswitchd with 10.10.50.215 and port 6633 with ptcp... Waitting for ovs-vswitchd... Done! Startup finished! Troubleshooting the PicOS Mode In L2/L3 Mode (Or XORP), the XORP system is running. For example, in L2/L3: root@xorplus$ps aux grep xorp grep -v grep root 16383 0.0 1.2 18100 6596? S Jan29 5:26 xorp_policy root 16385 0.3 2.5 34980 13380? Ss Jan29 99:20 /pica/bin/xorp_rtrmgr -d -L local0.info -P /var/run/xorp_rtrmgr.pid root@xorplus$ps aux grep ovs grep -v grep In OVS Mode, only the OVS dameon is running. root@fabric-tor1#ps aux grep xorp grep -v grep root@fabric-tor1# root@fabric-tor1# root@fabric-tor1#ps aux grep ovs grep -v grep root 19982 0.1 0.6 19316 3392? S Feb14 7:45 ovsdb-server /ovs/ovs-vswitchd.conf.db -- remote=ptcp:6653:172.16.0.205 --remote=punix:/ovs/var/run/openvswitch/db.sock root 19984 5.5 2.4 28504 12772? Sl Feb14 398:02 ovs-vswitchd --pidfile=ovs-vswitchd.pid --overwritepidfile root 19997 0.0 1.2 25632 6360? S Feb14 0:00 ovs-vswitchd: worker process for pid 19984 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 12

Chapter 3. Configuration Open vswitch Overview This chapter describes the configuration steps of the Open vswitch, including NetFlow, sflow, 802.1Q VLAN, monitoring. Creating a bridge and adding ports to the bridge You can create one or more bridges in a PICA8 switch. Each physical port can be added to one and only one bridge. (1) Creating the bridge and adding ports to it In the following example, you can create a bridge br0 and add access ports, ge-1/1/1 and ge-1/1/2, to br0. The default vlan-id for both ports is 1. ovs-vsctl --db=tcp:10.10.50.215:6633 add-br br0 -- set bridge br0 datapath_type=pica8 device br0 entered promiscuous mode ovs-vsctl --db=tcp:10.10.50.215:6633 add-port br0 ge-1/1/1 vlan_mode=access tag=1 -- set Interface ge-1/1/1 type=pica8 ovs-vsctl --db=tcp:10.10.50.215:6633 add-port br0 ge-1/1/2 vlan_mode=access tag=1 -- set Interface ge-1/1/2 type=pica8 (2) Configuring the default vlan-id for a port In the following example, you can add the trunk port ge-1/1/3 to bridge br0 with the default vlan-id is 1000. ovs-vsctl --db=tcp:10.10.50.215:6633 add-port br0 ge-1/1/3 vlan_mode=trunk tag=1000 trunks=1000 -- set Interface ge-1/1/3 type=pica8 (3) Displaying the bridge information ovs-ofctl show br0 OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:0000e89a8f503d30 n_tables:1, n_buffers:256 features: capabilities:0x87, actions:0x3f 1(ge-1/1/1): addr:e8:9a:8f:50:3d:30 config: 0 state: LINK_DOWN current: 10MB-FD COPPER AUTO_NEG AUTO_PAUSE AUTO_PAUSE_ASYM advertised: 10MB-FD AUTO_PAUSE supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD AUTO_NEG AUTO_PAUSE AUTO_PAUSE_ASYM peer: 10MB-FD AUTO_PAUSE 2(ge-1/1/2): addr:e8:9a:8f:50:3d:30 config: 0 state: LINK_DOWN current: 10MB-FD COPPER AUTO_NEG AUTO_PAUSE AUTO_PAUSE_ASYM advertised: 10MB-FD AUTO_PAUSE supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD AUTO_NEG AUTO_PAUSE AUTO_PAUSE_ASYM peer: 10MB-FD AUTO_PAUSE 3(ge-1/1/3): addr:e8:9a:8f:50:3d:30 config: 0 state: LINK_DOWN current: 10MB-FD COPPER AUTO_NEG AUTO_PAUSE AUTO_PAUSE_ASYM advertised: 10MB-FD AUTO_PAUSE supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD AUTO_NEG AUTO_PAUSE AUTO_PAUSE_ASYM peer: 10MB-FD AUTO_PAUSE 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 13

LOCAL(br0): addr:e8:9a:8f:50:3d:30 config: PORT_DOWN state: LINK_DOWN current: 10MB-FD COPPER OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0 ovs-vsctl --db=tcp:10.10.50.215:6633 list-ports br0 ge-1/1/1 ge-1/1/2 ge-1/1/3 ovs-vsctl --db=tcp:10.10.50.215:6633 list-ifaces br0 ge-1/1/1 ge-1/1/2 ge-1/1/3 (4) Deleting the ports from the bridge, and deleting the bridge ovs-vsctl --db=tcp:10.10.50.215:6633 del-port br0 ge-1/1/1 ovs-vsctl --db=tcp:10.10.50.215:6633 del-port br0 ge-1/1/2 ovs-vsctl --db=tcp:10.10.50.215:6633 del-port br0 ge-1/1/3 ovs-vsctl --db=tcp:10.10.50.215:6633 del-br br0 Connecting to an OpenFlow controller In the following examples, the ovs-vsctl command needs the IP address and port number of the OVS database server which are 10.10.50.215 and 6633. The switch connects to an OF controller whose IP address is 10.10.53.50 and port number is 6636. ovs-vsctl --db=tcp:10.10.50.215:6633 set-controller br0 tcp:10.10.53.50:6636 Configuring the link speed of the port You can configure the link speed of each port as following: (1) Configuring the link speed of port ovs-vsctl --db=tcp:10.10.50.215:6633 add-port br0 te-1/1/49 vlan_mode=access tag=1 -- set Interface te-1/1/49 type=pica8 options:link_speed=1g Configuring the 802.1Q and trunk port Each port has its default vlan-id. By default, the default vlan-id is 1. You can configure the port to trunk mode if you want the port belonging to more than one VLAN. (1) Configuring a port as a TRUNK port for multiple VLANs You can specify the VLANs in the trunks field as following: ovs-vsctl --db=tcp:10.10.50.215:6633 add-port br0 ge-1/1/4 vlan_mode=trunk trunks=100,200,300 -- set Interface ge-1/1/4 type=pica8 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 14

(3) Configure port as a TRUNK port for all VLANs In PicOS/OVS 2.1 and after, the trunk port can carry all VLANs if you do not specify the trunks field. ovs-vsctl --db=tcp:10.10.50.215:6633 add-port br0 te-1/1/1 vlan_mode=trunk -- set Interface te-1/1/1 type=pica8 Configuring the sflow PicOS OVS supports sflow v5. you can configure the sflow as following: (1) Configuring the sflow ovs-vsctl --db=tcp:10.10.50.215:6633 -- --id=@s create sflow agent=eth0 target=\"10.10.50.207:9901\" header=128 sampling=64 polling=10 -- set Bridge br0 sflow=@s In the above CLI, the parameters are shown as following: COLLECTOR_IP=10.10.50.207 COLLECTOR_PORT=9901 AGENT_IP=eth0 HEADER_BYTES=128 SAMPLING_N=64 POLLING_SECS=10 (2) Deleting the sflow ovs-vsctl --db=tcp:10.10.50.215:6633 -- clear Bridge br0 sflow Configuring the NetFlow PicOS OVS supports NetFlow. You can configure the NetFlow by following: (1) Configuring the NetFlow ovs-vsctl --db=tcp:10.10.50.215:6633 -- set Bridge br0 netflow=@nf -- --id=@nf create NetFlow targets=\"10.10.50.207:5566\" active-timeout=30 In the above CLI, the parameters are shown as following: COLLECTOR_IP=10.10.50.207 COLLECTOR_PORT=5566 ACTIVE_TIMEOUT=30 (2) Deleting the NetFlow ovs-vsctl --db=tcp:10.10.50.215:6633 -- clear Bridge br0 netflow 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 15

Configuring the Mirroring PicOS OVS supports Mirroring. You can configure the Mirroring by following: (1) Configuring the Mirroring ovs-vsctl --db=tcp:10.10.50.215:6633 -- set bridge br0 mirrors=@m -- --id=@te-1/1/1 get Port te-1/1/1 -- --id=@te-1/1/2 get Port te-1/1/2 -- --id=@te-1/1/3 get Port te-1/1/3 -- --id=@m create Mirror name=mymirror select-dst-port=@te-1/1/1,@te-1/1/2 select-src-port=@te-1/1/1,@te-1/1/2 outputport=@te-1/1/3 The above configuration includes ports te-1/1/1, te-1/1/2 and te-1/1/3. The source port are te-1/1/1 and te-1/1/2 (including the ingress and egress), and the output port (monitor port) is te-1/1/3. The select-dst-port means some packets (in switch chip) will go-out from the specified port (egress). The select-src-port means some packets will enter the specified port (ingress). (2) Deleting the Mirroring ovs-vsctl --db=tcp:10.10.50.215:6633 destroy Mirror mymirror -- clear Bridge br0 mirrors Configuring the IPv4 flows PicOS OVS supports IPv4 flow in open flow. (1) Creating an IPv4 flow ovs-ofctl add-flow br0 dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,in_port=1,dl_type=0x0800,nw_src=128.1.1.1,nw_dst=128.1.1.2,nw_proto=6,actions=output:2,3,4 ovs-ofctl dump-flows br0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=12.758s, table=0, n_packets=0, n_bytes=0, tcp,in_port=1,dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,nw_src=128.1.1.1,nw_dst=128.1.1.2 actions=output:2,output:3,output:4 cookie=0x0, duration=2180.111s, table=0, n_packets=0, n_bytes=0, priority=0 actions=normal (2) Deleting an IPv4 flow ovs-ofctl del-flows br0 dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00 :00:00,in_port=1,dl_type=0x0800,nw_src=128.1.1.1,nw_dst=128.1.1.2,nw_proto=6 (3) Removing all flows ovs-ofctl del-flows br0 root@xorplus 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 16

Configuring GRE tunnel PicOS OVS supports IP GRE tunnel. (1) Creating a GRE tunnel ovs-vsctl --db=tcp:10.10.50.243:6633 add-port br0 gre1 -- set Interface gre1 type=pica8_gre options:remote_ip=10.10.60.10 options:local_ip=10.10.61.10 options:vlan=1 options:src_mac=00:11:11:11:11:11 options:dst_mac=00:22:22:22:22:22 options:egress_port=ge-1/1/5 If you want to create a GRE tunnel, you will need to configure a GRE tunnel along with two flows which are used for sending traffic to the GRE and sending output from the GRE respectively. ovs-ofctl add-flow br0 in_port=1,actions=output:109 ovs-ofctl add-flow br0 in_port=5,actions=mod_dl_src:00:11:11:11:11:11, mod_dl_dst:00:33:33:33:33:33,output:1 The GRE port number starts from 109, which is the port number of GRE1. The first flow in the above example is configured so that all traffic from port ge-1/1/1 will be sent to GRE tunnel whose port number is 109. The second flow is configured so that all the traffic coming out from GRE tunnel will be forwarded to port ge-1/1/1 and modify the source MAC address to switch's MAC address and the destination MAC address to the MAC address of the internal target. Configuring the MPLS PicOS supports MPLS, which is specified in openflow-1.2. The basic action of the MPLS is Push, Swap and Pop. You can add flows to modify and copy the MPLS TTL and IP TTL. In the current version, you can push 2 MPLS labels per flow. Note that every un-tagged packet will be tagged with the default VLAN-ID before Push, Pop and Swap. (1) Pushing a MPSL header for flows In the following configuration, you specify a flow, which should match: { in_port=1,dl_type=0x0800, dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,dl_vlan=1} The action is push a MPLS header whose label is 10 and forward to port te-1/1/2 Note that MPLS TTL will copy from the IP header and decrease ovs-ofctl add-flow br0 in_port=1,dl_type=0x0800,dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,dl_vlan=1,actions=push_mpls:0x8847,set_field:10-\>mpls_label,output:2 (2) Pushing two MPLS headers for flows In the following configuration, specify a flow, which should match { in_port=1,dl_type=0x0800, dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,dl_vlan=1}, the action is push two MPLS header whose label is 10 and 20 and forward to port te-1/1/2 ovs-ofctl add-flow br0 in_port=1,dl_type=0x0800,dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,dl_vlan=1,actions= push_mpls:0x8847,set_field:10-\>mpls_label, set_field:20-\>mpls_label,output:2 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 17

(3) Swapping the MPLS packet In following configuration, you specify a flow, which should match { in_port=1,dl_type=0x0800, dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,dl_vlan=1,mpls_label=10}, the action is swap and set the Label as 20, then forward to port te-1/1/2 ovs-ofctl add-flow br0 in_port=1,dl_type=0x8847,dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,dl_vlan=1,dl_type=0x8847,mpls_label=10, actions= set_field:20-\>mpls_label,output:2 (4) Popping a MPLS header of the flow In following configuration, specify a flow, which should match { in_port=1,dl_type=0x0800, dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,dl_vlan=1,mpls_label=10}, the action is pop the MPLS header and forward to port te-1/1/2 Note that MPLS TTL will be copied to IP header TTL and decremented by 1. ovs-ofctl add-flow br0 in_port=1,dl_type=0x8847,dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,dl_vlan=1,mpls_label=10,actions=pop_mpls:0x8847,output:2 (5) Popping a MPLS header for flows which have two MPLS headers In the following configuration, specify a flow that has two MPLS headers (10 and 20). The pop action is always popping the outer MPLS header. Note that you two label flow is popped only one label, the output packet is also a MPLS packet. Thus, the pop_mpls:0x8847 must be configured. ovs-ofctl add-flow br0 in_port=1,dl_type=0x8847,dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,dl_vlan=1,mpls_label=10,actions=pop_mpls:0x8847,output:2 (6) Popping two MPLS headers for flows which have two MPLS headers In following configuration, specify a flow which has two labels to pop. The output flow is IP packet. Configure two pop entries to pop the flow. ovs-ofctl add-flow br0 in_port=1,dl_type=0x8847,dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00,dl_vlan=1,actions=pop_mpls:0x0800,output:2 Configuring the LAG and LACP ports PicOS OVS supports LAG and LACP PicOS can support 48 LAG or LACP at most. Each LAG has 8 member ports at most (1) Create a static LAG In following configuration, you can create LAG ae1, and add port 2 and port 3 into this LAG ovs-vsctl --db=tcp:10.10.50.156:6633 add- port br0 ae1 vlan_mode=trunk tag=1 trunks=2000,4094 -- set Interface ae1 type=pica8_lag ovs-vsctl --db=tcp:10.10.50.156:6633 -- set Interface ae1 options:lag_type=static ovs-vsctl --db=tcp:10.10.50.156:6633 set Interface ae1 options:members=ge-1/1/2,ge-1/1/3 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 18

(2) Create a LACP port In following configuration, you create a LACP port and configure the parameter ovs-vsctl --db=tcp:10.10.50.156:6633 add-port br0 ae1 vlan_mode=trunk tag=1 trunks=2000,4094 -- set Interface ae1 type=pica8_lag ovs-vsctl --db=tcp:10.10.50.156:6633 -- set Interface ae1 options:lag_type=lacp ovs-vsctl --db=tcp:10.10.50.156:6633 set Interface ae1 options:members=ge-1/1/2,ge-1/1/3 ovs-vsctl --db=tcp:10.10.50.156:6633 -- set Interface ae1 options:lacp-systemid=00:11:11:11:11:11 ovs-vsctl --db=tcp:10.10.50.156:6633 -- set Interface ae1 options:lacp-systempriority=32768 ovs-vsctl --db=tcp:10.10.50.156:6633 -- set Interface ae1 options:lacp-time=fast ovs-vsctl --db=tcp:10.10.50.156:6633 -- set Interface ae1 options:lacp-time=slow ovs-vsctl --db=tcp:10.10.50.156:6633 -- set Interface ae1 options:lacp-mode=active ovs-vsctl --db=tcp:10.10.50.156:6633 -- set Interface ae1 options:lacp-mode=passive ovs-vsctl --db=tcp:10.10.50.156:6633 -- set Interface ge-1/1/2 options:lacp-port-id=2 ovs-vsctl --db=tcp:10.10.50.156:6633 -- set Interface ge-1/1/2 options:lacp-portpriority=32768 ovs-vsctl --db=tcp:10.10.50.156:6633 -- set Interface ge-1/1/2 options:lacp-aggregationkey=0 (3) Create static flow for LAG or LACP In following configuration, you can create static flow whose output port is LAG or LACP. ovs-ofctl add-flow br0 in_port=53,actions=output:1 ovs-ofctl add-flow br0 in_port=1,actions=output:53 ovs-ofctl add-flow br0 in_port=49,actions=output:1 ovs-ofctl add-flow br0 in_port=1,actions=output:49 (P3290/P3295/P3920) (P3780) LAG number index is shown as following: For the P-3290, P-3295, P-3920, lag number index is as follow. -------------------------------------------------- lag name ae1 ae2... ae48 -------------------------------------------------- lag number index 53 54... 100 -------------------------------------------------- For the P-3780, lag number index is as follow. ------------------------------------------------- lag name ae1 ae2... ae48 ------------------------------------------------- lag number index 49 50... 96 ----------------------------------------------------- (4) Display the information of LACP You can display the information of LACP with following CLI. ovs-appctl -t ovs-vswitchd lacp/show 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 19

Configure the group table PicOS OVS supports group table in Openflow 1.2 Because of the ASIC limitation, not all buckets in a group table will be installed to ASIC for a flow. The system will install buckets at most as possible to ASIC. (1) Create group table In following configuration, create a group table and a flow whose action is a group table 1) type=all ovs-ofctl add-group br0 group_id=2238,type=all,bucket=output:2 ovs-ofctl add-flow br0 in_port=1,dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00, dl_type=0x0800,nw_proto=6,nw_src=1.1.2.100,nw_dst=2.2.2.100,actions=group:2238 2) type=indirect ovs-ofctl add-group br0 group_id=2239,type=indirect,bucket=output:2 ovs-ofctl add-flow br0 in_port=1,dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00, dl_type=0x0800,nw_proto=6,nw_src=1.1.2.100,nw_dst=2.2.2.100,actions=group:2239 3) type=fast_failover ovs-ofctl add-group br0 group_id=2,type= all,bucket=output:2 ovs-ofctl add-group br0 group_id=3,type= all,bucket=output:3 ovs-ofctl add-group br0 group_id=4,type= fast_failover, bucket=watch_port:2,watch_group:2,output:4, watch_port:3,watch_group:3,output:5 ovs-ofctl add-flow br0 in_port=1,dl_src=22:11:11:11:11:11,dl_dst=22:00:00:00:00:00, dl_type=0x0800,nw_proto=6,nw_src=1.1.2.100,nw_dst=2.2.2.100,actions=group:4 (2) Modify bucket in a group table In following configuration, you are modifying the buckets in a group table ovs-ofctl mod-group br0 group_id=2238,type=all,bucket=output:3 ovs-ofctl mod-group br0 group_id=2238,type=all,bucket=output:2,bucket=output:3 ovs-ofctl mod-group br0 group_id=2238,type=all,bucket=mod_dl_src:22:11:11:22:22:22, mod_dl_dst:22:00:00:11:11:11,output:2,bucket=mod_dl_src:22:11:11:22:22:22,mod_dl_dst:22:00:00:11:11:11,o utput:3 (3) Delete group table In following configuration, you can delete the group table with following CLI. ovs-ofctl del-groups br0 group_id=2238 (4) Display the information of group table Use can display the information of all group table. ovs-ofctl dump-groups br0 ovs-ofctl dump-group-stats br0 group_id=2238 ovs-ofctl dump-group-stats br0 group_id=all ovs-ofctl dump-group-features br0 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 20

Configure the meter PicOS OVS supports meter in Openflow 1.3 (1) Create meter In the following configuration, you can create a meter 1) type=drop a. without burst_size 30M packets will be forward to port 2. (Support sending rate is 100M) ovs-ofctl add-flow br0 in_port=1,actions=output:2,meter:100 ovs-ofctl add-meter br0 meter=100,kbps,band=type=drop,rate=30000 b. with burst_size 30M packets will be forward to port 2. ovs-ofctl add-flow br0 in_port=1,actions=output:2,meter:100 ovs-ofctl add-meter br0 meter=2,kbps,burst,band=type=drop,rate=30000,burst_size=30000 2) type=dscp_remark a. without burst_size 70M packets s DSCP value is changed as 14. (Support sending rate is 100M) ovs-ofctl add-meter br0 meter=2,kbps,burst,band=type=dscp_remark,rate=30000, prec_level=14 b. with burst_size 70M packets s dscp value is changed as 14. (Support sending rate is 100M) ovs-ofctl add-meter br0 meter=2,kbps,burst,band=type=dscp_remark,rate=30000,prec_level=14,burst_size=30000 (2) Modify meter In following configuration, you can modify the meter ovs-ofctl mod-meter br0 meter=2,kbps,burst,band=type=dscp_remark,rate=30000, prec_level=12 ovs-ofctl mod-meter br0 meter=2,kbps,burst,band=type=drop,rate=10000,burst_size=30000 (3) Delete meter In following configuration, you delete the meter ovs-ofctl del-meters br0 ovs-ofctl del-meter br0 meter=1 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 21

(5) Display the information of meter Use can display the information of all meter ovs-ofctl meter-features br0 ovs-ofctl dump-meters br0 ovs-ofctl meter-stats br0 Configure the possibility to have egress interface to be the ingress interface By default, a packet coming on an interface cannot be sent back to the same interface via Openflow. This behavior can be changed with the following commands: # ovs-appctl loopback/enable true This is supported starting in PicOS 2.2. It should only be used for specific traffic as it can be dangerous to send broadcast traffic back on the same port on a L2 network. Configure the pbb PicOS OVS supports pbb in Openflow 1.3, only P-3920 supports this feature. (1) push 1) Push pbb_isid,eth_src,eth_dst Outer src mac is set as 00:00:00:11:11:11, and dsc mac is set as 00:00:00:22:22:22, Vlan is set as 4094, pbb isid is set as 23. ovs-ofctl add-flow br0 in_port=11,dl_type=0x0800,dl_src=22:11:11:11:11:11,dl_dst=22:22:22:22:22:22,actions=push_pbb:0x88e7,set _field:23-\>pbb_isid,set_field:00:00:00:11:11:11-\>eth_src,set_field:00:00:00:22:22:22- \>eth_dst,push_vlan:0x8100,set_field:4094-\>vlan_vid,output:12 2) Push pbb without pbb_isid,eth_src,eth_dst Outer src mac is set as 22:11:11:11:11:11, and dsc mac is set as 22:22:22:22:22:22, Vlan is set as 4094, pbb isid is set as 0. ovs-ofctl add-flow br0 in_port=11,dl_type=0x0800,dl_src=22:11:11:11:11:11,dl_dst=22:22:22:22:22:22,actions=push_pbb:0x88e7,pu sh_vlan:0x8100,set_field:4094-\>vlan_vid,output:12 3) Push pbb_isid,eth_src,eth_dst for pbb packets (2) pop Outer src mac is set as 00:00:00:11:11:11, and dsc mac is set as 00:00:00:22:22:22, Vlan is set as 4094, pbb isid is set as 21. (isid of primary pbb packet should not be 21) ovs-ofctl add-flow br0 in_port=11,dl_type=0x88e7,actions=push_pbb:0x88e7,set_field:21- \>pbb_isid,set_field:00:00:00:11:11:11-\>eth_src,set_field:00:00:00:22:22:22- \>eth_dst,push_vlan:0x8100,set_field:4094-\>vlan_vid,output:12 1) Pop pbb packets tagged with vlan 1 (Primary pbb packets should be tagged with vlan 1) Pbb packets are popped. ovs-ofctl add-flow br0 in_port=11,dl_type=0x88e7,dl_src=00:00:00:11:11:11,dl_dst=00:00:00:22:22:22,actions=pop_pbb,pop_vlan,out put:12 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 22

2) Pop pbb packets tagged with vlan 2000 (Primary pbb packets should be tagged with vlan 2000) Pbb packets are popped. ovs-ofctl add-flow br0 in_port=11,dl_type=0x88e7,dl_src=00:00:00:11:11:11,dl_dst=00:00:00:22:22:22,actions=pop_pbb,pop_vlan, output:12 Attention: a) Push pbb should be done with push_vlan, b) When do push pbb, primary src mac, and dst mac will be used if no config of eth_src, eth_dst c) Do push pbb for pbb packet, primary pbb isid should be not same as the push pb isid. d) When do pop pbb, primary packets should include vlan, and actions should include pop_vlan. Configure the qos/queue PicOS OVS supports qos/queue Flow (dl_src is 22:11:11:11:11:11) will be forward to queue 0 of port 3 Flow (dl_src is 22:11:11:11:11:12) will be forward to queue 7 of port 3. Min and max rate of queue 0 and queue 7 is set as 10M ovs-ofctl del-flows br0 ovs-ofctl add-flow br0 in_port=1,dl_src=22:11:11:11:11:11,actions=set_queue:0,output=3 ovs-ofctl add-flow br0 in_port=2,dl_src=22:11:11:11:11:12,actions=set_queue:7,output=3 ovs-vsctl --db=tcp:10.10.50.145:6633 -- set port ge-1/1/3 qos=@newqos -- --id=@newqos create qos type=pronto_strict queues:0=@newqueue queues:7=@newqueue1 -- --id=@newqueue create queue other-config:min-rate=10000000 other-config:max-rate=10000000 other-config:priority=1 -- -- id=@newqueue1 create queue other-config:min-rate=10000000 other-config:max-rate=10000000 otherconfig:priority=1 Result: Port 3 receive all packets from port 2, and a little from port 1. Receive rate of port 3 is about 10Mbps+10Mbps. Configure the ecmp PicOS OVS supports ecmp (nw_src, nw_dst) Ip packets (nw_src=192.168.1.0/255.255.255.1) will forward to port 2. Ip packets (nw_src=192.168.1.1/255.255.255.1) will forward to port 3. ovs-ofctl add-group br0 group_id=1,type=select,bucket=output:2,bucket=output:3 ovs-ofctl add-flow br0 dl_type=0x0800,nw_src=192.168.1.0/24,actions=group:1 If port 2 is down, all packets will forward to port 3. 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 23

Configure the qinq PicOS OVS supports qinq. (3290,3295 do not support set inner pcp) (1) Push tag 1) Push <tag:2000> ovs-ofctl add-flow br0 in_port=1,actions=push_vlan:0x8100,set_field:2000-\>vlan_vid,output:2 2) Push <tag:2000 pcp:3> ovs-ofctl add-flow br0 in_port=1,actions=push_vlan:0x8100,set_field:2000-\>vlan_vid,set_field:3- \>vlan_pcp,output:2 3) Push <tag:3000 tag:4094> ovs-ofctl add-flow br0 in_port=1,actions=push_vlan:0x8100,set_field:3000- \>vlan_vid,push_vlan:0x8100,set_field:4094-\>vlan_vid,output:2 4) Push <tag:3000 tag:4094 pcp:3> ovs-ofctl add-flow br0 in_port=1,actions=push_vlan:0x8100,set_field:3000- \>vlan_vid,push_vlan:0x8100,set_field:4094-\>vlan_vid,set_field:3-\>vlan_pcp,output:2 5) Push <tag:3000 pcp:3 tag:4094 pcp:7> ovs-ofctl add-flow br0 in_port=1,actions=push_vlan:0x8100,set_field:3000-\>vlan_vid,set_field:3- \>vlan_pcp,push_vlan:0x8100,set_field:4094-\>vlan_vid,set_field:7-\>vlan_pcp,output:2 (2) Pop tag 1) Pop one header ovs-ofctl add-flow br0 in_port=1,actions=pop_vlan,output:2 2) Pop two header ovs-ofctl add-flow br0 in_port=1,actions=pop_vlan,pop_vlan,output:2 You can also use the strip_vlan to achieve pop VLAN tagged, for example: ovs-ofctl add-flow in_port=1,priority=100,actions=strip_vlan,output:2 In hardware ASIC, the implementation of strip_vlan is: change the packet s tag to 4095 and strip the vlan tag of 4095 in the egress. Thus, above flow will be split two flows in ingress and egress respectively as following: Ingress in_pot=1, priority=100, action=set_field:2000-\>vlan_vid Egress in_pot=1, priority=100,action=strip_vlan,output:2 In this case, maybe other traffic which match the egress flow will be stripped vlan and forwarded to port-3. You can install other flow with higher priority to avoid this problem. TCAM Match Mode Configuration By default, 2 TCAM entries are used to support all matching tuples for all flows even the flow does not use all matching tuples. To optimize the TCAM usage, R2.1 allows you to configure the switch in short flow TCAM match mode, in which, each flow will only consume 1 TCAM entry. To use this feature, the flow must use the exact fields described below and cannot mix fields from various modes. mac mode: "in_port, dl_src, dl_dst, vlan_vid, dl_type" ip mode: "in_port, nw_proto, nw_src, nw_dst, dl_type=0x0800" arp_tpa mode: "in_port, arp_tpa, dl_type=0x0806" 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 24

For example, if mac mode is enabled, all the flows must only use one or more fields defined in the mac mode. If mac and ip modes are enabled, then you can configure either mac flows or ip flows based on the fields described above. However, you cannot mixed the fields from mac and ip (that is, dl_src and nw_src). Each mode is configured with a priority range that determines the flow priority. The flow priority must be specified when you configure the flow through ovs commands or controller. An example of the command is provided below: ovs-vsctl set-match-mode mac=10-1000,ip=2000-20000,arp_tpa=30000-60000 You can display this configuration with the following command: ovs-vsctl show-match-mode You can remove this configuration with the following command: ovs-vsctl set-match-mode default Once the mode is reconfigured to the default mode or another mode, the current flow table is flushed and start clean. QoS mapping In PicOS-2.1, if you enable the cos-mapping, the packet mapped to a physical queues (0-7). With DSCP (0-7), it maps to queue-0 and with DSCP (8-16), it maps to queue-1 and so on. Queue-7 has the highest priority. Enable the CoS Mapping as following: ovs-vsctl set-cos-map true Display the configuration by following: ovs-vsctl show-cos-map If you want to configures a flow, use the following command: ovs-ofctl add-flow br0 in_port=1,dl_src=22:11:11:11:11:11,actions=set_queue:7,output=3 The action of set-queue:7 will take the place of the default CoS mapping Enable Loopback Interface After PicOS-2.1, PicOS supports Loopback interface in hardware. By default, you cannot configure a flow whose output port is the in_port. For example, the following flow will not work in hardware by default: ovs-ofctl add-flow br0 in_port=1,actions=output:1 Enable these kind of loopback interface by following CLI: ovs-appctl loopback/enable true With the above configuration, the flow output port is the same as in_port will work in hardware. You can disable the loopback interface with the following command: ovs-appctl loopback/enable false You should know the limitation of the loopback interface in hardware. In the Openflow Specification, there are some actions ( Flood, Group table, for example) that are for broadcasting. The packet should not be forwarded back to the in_port port. Be cautious using the enable loopback interface so that the packet is not forwarded back to the in_port port. 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 25

Chapter 4. Configuration example This chapter gives some configuration example for 802.1Q. Configure 802.1Q VLAN In following topology, we need configure 2 VLANs in switch A and B. Figure 4-1. 802.1Q network configuration Vlan.2 Vlan.2 Vlan.2 Vlan.2 ge-1/1/1 ge-1/1/2 ge-1/1/1 ge-1/1/2 Switch A Te-1/1/49 Te-1/1/49 Switch B ge-1/1/3 ge-1/1/4 ge-1/1/3 ge-1/1/4 Vlan.3 Vlan.3 Vlan.3 Vlan.3 (1) Configure Switch-A In switch-a, you need configure ge-1/1/1~ ge-1/1/4 as access port while te-1/1/49 as trunk port, because the 10Gbit link will trunk the traffic of VLAN-2 and VLAN-3 ovs-vsctl --db=tcp:10.10.50.100:6633 add-port br0 te-1/1/1 vlan_mode=access tag=2 -- set Interface te-1/1/1 type=pica8 ovs-vsctl --db=tcp:10.10.50.100:6633 add-port br0 te-1/1/2 vlan_mode=access tag=2 -- set Interface te-1/1/2 type=pica8 ovs-vsctl --db=tcp:10.10.50.100:6633 add-port br0 te-1/1/3 vlan_mode=access tag=3 -- set Interface te-1/1/3 type=pica8 ovs-vsctl --db=tcp:10.10.50.100:6633 add-port br0 te-1/1/4 vlan_mode=access tag=3 -- set Interface te-1/1/4 type=pica8 ovs-vsctl --db=tcp:10.10.50.100:6633 add-port br0 te-1/1/49 vlan_mode=trunk trunk=2,3 -- set Interface te-1/1/49 type=pica8 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 26

(2) Configure Switch-B In switch-b, you need configure ge-1/1/1~ ge-1/1/4 as access port while te-1/1/49 as trunk port, because the 10Gbit link will trunk the traffic of VLAN-2 and VLAN-3 ovs-vsctl --db=tcp:10.10.50.200:6633 add-port br0 te-1/1/1 vlan_mode=access tag=2 -- set Interface te-1/1/1 type=pica8 ovs-vsctl --db=tcp:10.10.50.200:6633 add-port br0 te-1/1/2 vlan_mode=access tag=2 -- set Interface te-1/1/2 type=pica8 ovs-vsctl --db=tcp:10.10.50.200:6633 add-port br0 te-1/1/3 vlan_mode=access tag=3 -- set Interface te-1/1/3 type=pica8 ovs-vsctl --db=tcp:10.10.50.200:6633 add-port br0 te-1/1/4 vlan_mode=access tag=3 -- set Interface te-1/1/4 type=pica8 ovs-vsctl --db=tcp:10.10.50.200:6633 add-port br0 te-1/1/49 vlan_mode=trunk trunk=2,3 -- set Interface te-1/1/49 type=pica8 Configure GRE tunnel In following topology, we need configure a GRE tunnel between switch A and B. The IP address of the GRE tunnel is 10.10.61.10/24 and 10.10.60.10/24. Figure 4-2. GRE tunnel configuration 10.10.61.10/24 GRE1 10.10.60.10/24 Host A ge-1/1/1 Switch A ge-1/1/5 ge-1/1/5 Switch B ge-1/1/1 Host B (1) Configure Switch-A In switch-a, you need configure a GRE tunnel and two flows as following: ovs-vsctl --db=tcp:10.10.50.243:6633 add-br br0 -- set bridge br0 datapath_type=pica8 ovs-vsctl --db=tcp:10.10.50.243:6633 add-port br0 ge-1/1/1 vlan_mode=trunk tag=1 -- set Interface ge-1/1/1 type=pica8 ovs-vsctl --db=tcp:10.10.50.243:6633 add-port br0 ge-1/1/5 vlan_mode=trunk tag=1 -- set Interface ge-1/1/5 type=pica8 ovs-vsctl --db=tcp:10.10.50.243:6633 add-port br0 gre1 -- set Interface gre1 type=pica8_gre options:remote_ip=10.10.60.10 options:local_ip=10.10.61.10 options:vlan=1 options:src_mac=00:11:11:11:11:11 options:dst_mac=00:22:22:22:22:22 options:egress_port=ge-1/1/5 ovs-ofctl add-flow br0 in_port=1,actions=output:109 ovs-ofctl add-flow br0 in_port=5,actions=mod_dl_src:00:11:11:11:11:11,mod_dl_dst:00:33:33:33:33:33,output:1 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 27

(2) Configure Switch-B In switch-a, you also need configure a GRE tunnel and two flows as following: ovs-vsctl --db=tcp:10.10.50.200:6633 add-br br0 -- set bridge br0 datapath_type=pica8 ovs-vsctl --db=tcp:10.10.50.200:6633 add-port br0 ge-1/1/1 vlan_mode=trunk tag=1 -- set Interface ge-1/1/1 type=pica8 ovs-vsctl --db=tcp:10.10.50.200:6633 add-port br0 ge-1/1/5 vlan_mode=trunk tag=1 -- set Interface ge-1/1/5 type=pica8 ovs-vsctl --db=tcp:10.10.50.200:6633 add-port br0 gre1 -- set Interface gre1 type=pica8_gre options:remote_ip=10.10.61.10 options:local_ip=10.10.60.10 options:vlan=1 options:src_mac=00:22:22:22:22:22 options:dst_mac=00:11:11:11:11:11 options:egress_port=ge-1/1/5 ovs-ofctl add-flow br0 in_port=1,actions=output:91 ovs-ofctl add-flow br0 in_port=5,actions=mod_dl_src:00:22:22:22:22:22,mod_dl_dst:00:66:66:66:66:66,output:1 Configure one Label MPLS network In following topology, we configure a simple MPLS network. Traffic (Red) from host-a to host-b will forward by MPLS network with Label 10. The traffic (Blue) from host-c to host-d will forward by MPLS network with Label 20. All the flow will only push ONE MPLS header. Figure 4-2. MPLS network configuration Host C Source Host D Destination 10.10.3.100/24 10.10.4.100/24 Switch B te-1/1/2 10.10.3.1/24 te-1/1/3 te-1/1/1 te-1/1/2 te-1/1/3 te-1/1/2 10.10.4.1/24 Switch A Switch D te-1/1/1 10.10.1.1/24 te-1/1/4 Switch C te-1/1/4 te-1/1/1 10.10.2.1/24 te-1/1/1 te-1/1/2 10.10.1.100/24 10.10.2.100/24 Host A Source MPLS Network Host B Destination 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 28

(3) Configure Switch-A In switch-a, you need configure two flow which will push the MPLS Label 10 and 20 for traffic RED and BLUE respectively. ovs-vsctl --db=tcp:10.10.50.10:6633 add-br br0 -- set bridge br0 datapath_type=pica8 device br0 entered promiscuous mode ovs-vsctl --db=tcp:10.10.50.10:6633 add-port br0 te-1/1/1 vlan_mode=access tag=1 -- set Interface te-1/1/1 type=pica8 ovs-vsctl --db=tcp:10.10.50.10:6633 add-port br0 te-1/1/2 vlan_mode=access tag=1 -- set Interface te-1/1/2 type=pica8 ovs-vsctl --db=tcp:10.10.50.10:6633 add-port br0 te-1/1/3 vlan_mode=access tag=1 -- set Interface te-1/1/3 type=pica8 ovs-vsctl --db=tcp:10.10.50.10:6633 add-port br0 te-1/1/4 vlan_mode=access tag=1 -- set Interface te-1/1/4 type=pica8 ovs-ofctl add-flow br0 in_port=1,dl_type=0x0800,nw_src=10.10.1.100, nw_dst=10.10.2.100,dl_vlan=1,actions= push_mpls:0x8847,set_field:10-\>mpls_label,output:4 ovs-ofctl add-flow br0 in_port=2,dl_type=0x0800,nw_src=10.10.3.100,nw _dst=10.10.4.100,dl_vlan=1,actions=push_mpls:0x8847, set_field:20-\>mpls_label,output:3 The received packet format in port te-1/1/1 and te-1/1/2 is shown as following (ingress): Ethernet IP Header The transmitted packet format to port te-1/1/3 and te-1/1/4 is shown as following (egress): Ethernet MPLS label 10 IP Header Ethernet MPLS label 20 IP Header (4) Configure Switch-B In switch-b, you need configure one flow which will SWAP the MPLS Label 20 to 200 for traffic BLUE. ovs-vsctl --db=tcp:10.10.50.20:6633 add-br br0 -- set bridge br0 datapath_type=pica8 device br0 entered promiscuous mode ovs-vsctl --db=tcp:10.10.50.20:6633 add-port br0 te-1/1/1 vlan_mode=access tag=1 -- set Interface te-1/1/1 type=pica8 ovs-vsctl --db=tcp:10.10.50.20:6633 add-port br0 te-1/1/2 vlan_mode=access tag=1 -- set Interface te-1/1/2 type=pica8 ovs-ofctl add-flow br0 in_port=1,dl_type=0x08847,nw_src=10.10.3.100,nw _dst=10.10.4.100,dl_vlan=1,mpls_label=20,actions= set_field:200-\>mpls_label,output:2 The transmitted packet format to port te-1/1/2 is shown as following (egress): Ethernet MPLS label 200 IP Header 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 29

(5) Configure Switch-C In switch-c, you need configure one flow which will SWAP the MPLS Label 10 to 100 for traffic RED. ovs-vsctl --db=tcp:10.10.50.30:6633 add-br br0 -- set bridge br0 datapath_type=pica8 device br0 entered promiscuous mode ovs-vsctl --db=tcp:10.10.50.30:6633 add-port br0 te-1/1/1 vlan_mode=access tag=1 -- set Interface te-1/1/1 type=pica8 ovs-vsctl --db=tcp:10.10.50.30:6633 add-port br0 te-1/1/2 vlan_mode=access tag=1 -- set Interface te-1/1/2 type=pica8 ovs-ofctl add-flow br0 in_port=1,dl_type=0x08847,nw_src=10.10.1.100,nw _dst=10.10.2.100,dl_vlan=1,mpls_label=10,actions= set_field:100-\>mpls_label,output:2 The transmitted packet format to port te-1/1/2 is shown as following (egress): Ethernet MPLS label 100 IP Header (6) Configure Switch-D In switch-d, you need configure two flow which will POP the MPLS Label 100 and 200 for traffic RED and BLUE respectively. ovs-vsctl --db=tcp:10.10.50.40:6633 add-br br0 -- set bridge br0 datapath_type=pica8 device br0 entered promiscuous mode ovs-vsctl --db=tcp:10.10.50.40:6633 add-port br0 te-1/1/1 vlan_mode=access tag=1 -- set Interface te-1/1/1 type=pica8 ovs-vsctl --db=tcp:10.10.50.40:6633 add-port br0 te-1/1/2 vlan_mode=access tag=1 -- set Interface te-1/1/2 type=pica8 ovs-vsctl --db=tcp:10.10.50.40:6633 add-port br0 te-1/1/3 vlan_mode=access tag=1 -- set Interface te-1/1/3 type=pica8 ovs-vsctl --db=tcp:10.10.50.40:6633 add-port br0 te-1/1/4 vlan_mode=access tag=1 -- set Interface te-1/1/4 type=pica8 ovs-ofctl add-flow br0 in_port=4,dl_type=0x08847,nw_src=10.10.1.100,nw _dst=10.10.2.100,dl_vlan=1,actions=pop_mpls:0x8847,output:1 ovs-ofctl add-flow br0 in_port=3,dl_type=0x08847,nw_src=10.10.3.100,nw _dst=10.10.4.100,dl_vlan=1,actions=pop_mpls:0x8847,output:2 The transmitted packet format to port te-1/1/1 and te-1/1/2 is shown as following (egress): Ethernet IP Header 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 30

Configure Multiple Virtual Bridge in System In PicOS OVS, you can create multiple virtual bridges that are independent to each other. One physical port is able to add into only one virtual bridge. Each virtual bridge can be configured a controller respectively. ovs-vsctl --db=tcp:10.10.50.30:6633 add-br br0 -- set bridge br0 datapath_type=pica8 other-config=datapath-id=0000d80aa99aaaaa device br0 entered promiscuous mode ovs-vsctl --db=tcp:10.10.50.30:6633 add-port br0 te-1/1/1 vlan_mode=access tag=1 -- set Interface te-1/1/1 type=pica8 ovs-vsctl --db=tcp:10.10.50.30:6633 add-port br0 te-1/1/2 vlan_mode=access tag=1 -- set Interface te-1/1/2 type=pica8 ovs-vsctl --db=tcp:10.10.50.30:6633 set-controller br0 tcp:10.10.50.1:6633 ovs-vsctl --db=tcp:10.10.50.30:6633 add-br br1 -- set bridge br1 datapath_type=pica8 other-config=datapath-id=0000d80bb99bbbbb device br0 entered promiscuous mode ovs-vsctl --db=tcp:10.10.50.30:6633 add-port br1 te-1/1/3 vlan_mode=access tag=1 -- set Interface te-1/1/3 type=pica8 ovs-vsctl --db=tcp:10.10.50.30:6633 add-port br1 te-1/1/4 vlan_mode=access tag=1 -- set Interface te-1/1/4 type=pica8 ovs-vsctl --db=tcp:10.10.50.30:6633 set-controller br1 tcp:10.10.50.2:6633 Configure ECMP ovs-vsctl --db=tcp:10.10.50.145:6633 del-br br0 ovs-vsctl --db=tcp:10.10.50.145:6633 add-br br0 -- set bridge br0 datapath_type=pica8 ovs-vsctl --db=tcp:10.10.50.145:6633 add-port br0 ge-1/1/1 vlan_mode=trunk tag=1 trunks=1000,2000,3000,4094 -- set Interface ge-1/1/1 type=pica8 ovs-vsctl --db=tcp:10.10.50.145:6633 add-port br0 ge-1/1/2 vlan_mode=trunk tag=1 trunks=1000,2000,3000,4094 -- set Interface ge-1/1/2 type=pica8 ovs-vsctl --db=tcp:10.10.50.145:6633 add-port br0 ge-1/1/3 vlan_mode=trunk tag=1 trunks=1000,2000,3000,4094 -- set Interface ge-1/1/3 type=pica8 ovs-vsctl --db=tcp:10.10.50.145:6633 add-port br0 ge-1/1/4 vlan_mode=trunk tag=1 trunks=1000,2000,3000,4094 -- set Interface ge-1/1/4 type=pica8 ovs-ofctl del-flows br0 ovs-ofctl add-group br0 group_id=1,type=select,bucket=output:2,bucket=output:3,bucket=output:4 ovs-ofctl add-flow br0 dl_type=0x0800,nw_dst=192.168.2.0/24,actions=group:1 send packets (nw_dst incr number is 200)to port 1, packets whose nw_dst= 192.168.2.0/255.255.255.3 will forward to port 2. packets whose nw_dst= 192.168.2.1/255.255.255.3 will forward to port 3. packets whose nw_dst= 192.168.2.2/255.255.255.3 will forward to port 4. packets whose nw_dst= 192.168.2.3/255.255.255.3 will forward to port 2. 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 31

Chapter 5. OVS Web User Interface Login Interface If the switch is running PicOS Version 2.2, enter the switch IP address to launch OVS Web User Interface. Adding a Bridge Once you have successfully launched the user interface, the Configuration tab reveals the Switch Resource section that provides basic switch information. To create a bridge, click on the create a new bridge icon. 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 32

Once you have created a new bridge (in the example below br0), you can delete the bridge or edit the bridge s properties. The menu on the left (in the graphic below) allows you to view, edit and change any of the modules listed in the menu. Add or Edit a Controller 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 33

Add a Port Click on Ports to add a new port. Fill in the port number, VLAN mode, Tag, and Trunks and click Add. 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 34

Edit Lag Interface 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 35

Add GRE Port Select Tunnels from the menu to view the bridge s tunnel type or to add or edit a tunnel. Add Group Table 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 36

Edit Flow Tables You can view the flow table attached to the bridge and delete, edit, download, and add to the flow table. Monitor The Monitor tab allows you to check information on the switch. You can also adjust the Auto refresh or manually refresh from the monitor tab view. 2014 Pica8 Inc. All Rights Reserved. Configuration Guide Page 37