OpenFlow configuration: HP Comware 5900 switches with the HP VAN SDN Controller

In this blog entry I’ll show you how to get a basic OpenFlow network working using HP 5900 Comware switches and the HP VAN SDN Controller. HP announced support for OpenFlow on the Comware 5900 series switches towards the end of 2013.

The 5900 switches support OpenFlow 1.3.1. These switches require Comware version 7.1 and this release code to run OpenFlow: Comware 7.10 R2307. Click  here for the release notes and firmware downloads page.

See this blog entry for the configuration of HP ProVision (ProCurve) switches. See other blog entries for more complicated topologies.

This is a simple topology of two 5900 switches and two hosts. VLAN 10 will be configured as the OpenFlow VLAN and VLAN 1 as the out of band management VLAN. This VLAN is used for communication with the HP VAN SDN Controller.

A difference between Comware and ProVision:

Comware switches do allow in band communication with the Controller whereas HP ProVision (ProCurve) switches require that a separate VLAN be used for communication with the Controller that does not have OpenFlow enabled. A separate out of band port could also be used if preferred.

Network Diagram:

HP-Comware-switches-network-diagram
Summary:

VLAN 1 = Management VLAN (Used for communication with the Controller. This VLAN does not have OpenFlow enabled.

VLAN 10 = OpenFlow VLAN

5900-1: IP address 192.168.56.101

5900-2: IP address 192.168.56.102

Switch software version: HP Comware Software, Version 7.1.045, Release 2307

Controller: HP VAN SDN Controller, version 2.0.0.4253

Switch Code versions:

In this topology I am using two 5900AF-48G-4XG-2QSFP+ switches with the following details:

Switch 1:

[5900-1]dis version
HP Comware Software, Version 7.1.045, Release 2307
Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
HP 5900AF-48G-4XG-2QSFP+ Switch uptime is 0 weeks, 1 day, 23 hours, 48 minutes
Last reboot reason : User reboot

Boot image: flash:/5900_5920-cmw710-boot-r2307.bin
Boot image version: 7.1.045P08, Release 2307
  Compiled Jan 09 2014 18:02:55
System image: flash:/5900_5920-cmw710-system-r2307.bin
System image version: 7.1.045, Release 2307
  Compiled Jan 09 2014 18:03:06

Slot 1
HP 5900AF-48G-4XG-2QSFP+ Switch with 2 Processors
Last reboot reason : User reboot
2048M   bytes SDRAM
4M      bytes Nor Flash Memory
512M    bytes Nand Flash Memory
Config Register points to Nand Flash

Hardware Version is Ver.A
CPLD Version is 001
BootRom Version is 127
[SubSlot 0] 48GE+4SFP Plus+2QSFP Plus Hardware Version is Ver.A

[5900-1]

Switch 2:

[5900-2]dis version
HP Comware Software, Version 7.1.045, Release 2307
Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
HP 5900AF-48G-4XG-2QSFP+ Switch uptime is 0 weeks, 1 day, 23 hours, 51 minutes
Last reboot reason : User reboot

Boot image: flash:/5900_5920-cmw710-boot-r2307.bin
Boot image version: 7.1.045P08, Release 2307
  Compiled Jan 09 2014 18:02:55
System image: flash:/5900_5920-cmw710-system-r2307.bin
System image version: 7.1.045, Release 2307
  Compiled Jan 09 2014 18:03:06

Slot 1
HP 5900AF-48G-4XG-2QSFP+ Switch with 2 Processors
Last reboot reason : User reboot
2048M   bytes SDRAM
4M      bytes Nor Flash Memory
512M    bytes Nand Flash Memory
Config Register points to Nand Flash

Hardware Version is Ver.A
CPLD Version is 001
BootRom Version is 127
[SubSlot 0] 48GE+4SFP Plus+2QSFP Plus Hardware Version is Ver.A

[5900-2]

5900-1 VLANs:

In this topology I have configured additional interfaces in VLAN 10 to show that the interface state is communicated via OpenFlow to the controller. See below for screenshots on the controller showing how the following interfaces are up or down:

This is the display VLAN command output (note that some of the interfaces are down):

[5900-1]display vlan 10
 VLAN ID: 10
 VLAN type: Static
 Route interface: Configured
 IPv4 address: 10.10.10.101
 IPv4 subnet mask: 255.255.255.0
 Description: VLAN 0010
 Name: VLAN 0010
 Tagged ports:
    GigabitEthernet1/0/4     GigabitEthernet1/0/5     GigabitEthernet1/0/7
    GigabitEthernet1/0/8
 Untagged ports:
    GigabitEthernet1/0/2
[5900-1]

5900-2 VLANs:

And again, the display VLAN command output on 5900-2 (note that some of the interfaces are down):

[5900-2]display vlan 10
 VLAN ID: 10
 VLAN type: Static
 Route interface: Configured
 IPv4 address: 10.10.10.102
 IPv4 subnet mask: 255.255.255.0
 Description: VLAN 0010
 Name: VLAN 0010
 Tagged ports:
    GigabitEthernet1/0/4     GigabitEthernet1/0/5     GigabitEthernet1/0/7
    GigabitEthernet1/0/8
 Untagged ports:
    GigabitEthernet1/0/2
[5900-2]

OpenFlow configuration:

To configure OpenFlow, in system-view, use the openflow and specify an instance. This takes you to the global OpenFlow configuration options.

An OpenFlow instance needs to configured. On ProVision switches, there is a one-to-one mapping between instances and VLANs. In other words, every VLAN requires a separate OpenFlow instance. This is not true for Comware switches (multiple VLANs can be mapped to a single OpenFlow instance).

The instance specified here will also affect the switch Data Path ID (DPID). More details below.

system-view
System View: return to User View with Ctrl+Z.
[5900-1]openflow instance 10

A controller ID and IP address needs to be specified. You could configure multiple controllers for redundancy and load balancing. In this case, only one controller is configured. The

[5900-1-of-inst-10]controller 1 address ip 192.168.56.7

Associate a single VLAN or multiple VLANs to the instance using the classification VLAN command:

[5900-1-of-inst-10]classification vlan 10
This command isn't effective until the active instance command is issued.
[5900-1-of-inst-10]

The last step is to activate the instance:

[5900-1-of-inst-10]active instance

That’s it. Not too difficult to configure a single basic instance of OpenFlow on the HP Comware switches.

This is the full OpenFlow configuration on both switches:

5900-1:

openflow instance 10
 description vlan10
 classification vlan 10
 controller 1 address ip 192.168.56.7
 active instance

5900-2:

openflow instance 10
 description vlan10
 classification vlan 10
 controller 1 address ip 192.168.56.7
 active instance

 

HP VAN SDN Controller:

The switches will now initiate an OpenFlow connection to the HP VAN SDN Controller on port 6633 (default for 1.3). In this example, I am connecting to the controller using Chrome and navigating to the user interface, which uses the following URL:

https://<Controller_IP_Address>:8443/sdn/ui/

I am warned about the certificate not being trusted. This is because the controller uses a self signed certificate by default:

HP-Comware-switches-site-security-certificate
After clicking “Proceed anyway”, I am prompted to login.

The default credentials are:

Username: sdn

Password: skyline

HP-Comware-switches-sdn-controller-console-login
The default view after login is the Alerts view. In this view, notifications of new links are shown amongst other alerts:

HP-Comware-switches-hp-van-sdn-controller
Clicking the OpenFlow Topology menu item displays the topology:

As you can see, both switches have been discovered and so have the nodes (hosts):

HP-Comware-switches-open-flow-topology
In case that screenshot is not clear, here is a picture of just the topology:

HP-Comware-switches-hp-van-topology
The controller has discovered the links between the switches by using LLDP and BDDP messages. The nodes or hosts have been discovered when they send traffic (ARP, DHCP etc).

The switches are identified by Data Path IDs (DPIDs). This is a 64 bit number consisting of two parts:

  • Most significant 16 bits are vendor specific. On HP Comware switches, this equals the OpenFlow instance number configured. I configured a number of 10 and 10 in decimal equates to “A” in Hexadecimal. Hence the switches are identified by 00:0a.
  • Least significant 48 bits: Switch MAC address.

To view the DPIDs of the individual switches, the following command can be used on the switches:

display openflow summary
Fail-open mode: Se - Secure mode, Sa - Standalone mode

ID    Status    Datapath-ID         Channel     Table-num  Port-num  Reactivate
10    Active    0x000a4431925faa3b  Connected   1          5         N

And for switch2:

display openflow summary
Fail-open mode: Se - Secure mode, Sa - Standalone mode

ID    Status    Datapath-ID         Channel     Table-num  Port-num  Reactivate
10    Active    0x000a44319261869e  Connected   1          5         N

The OpenFlow Topology view can be changed to show the MAC addresses of nodes or hosts:

HP-Comware-switches-open-flow-topology-switch-mac
Ports can be shown or hidden by using the Ports option on the View menu:

HP-Comware-switches-open-flow-topology-port
To see the negotiated version of OpenFlow used with the controller, click the OpenFlow Monitor menu:

HP-Comware-switches-open-flow-monitor
In this example, both switches have negotiated to use OpenFlow 1.3.0 with the controller:

HP-Comware-switches-summary-for-data
The negotiated capabilities can be viewed by clicking on Summary (in this case, for the 5900-1 switch). The ephemeral (dynamic) port used by the switch is 59542. The negotiated version of OpenFlow is 1.3.0. The IP address of the switch is 192.168.56.101 and the DPID is also shown. The number of tables (1) and number of buffers (1024) are also shown. Buffers allow packets to be buffered locally on the switch and only the headers sent to the controller for Packet_IN messages. Various switch capabilities are also shown in the output.

The ports on the switch can be viewed. Note that some of the interfaces are down as per the output on the switch as I showed you at the beginning of this blog:

HP-Comware-switches-portsfordata
The 4292967294 interface is the switch’s local management interface. Note the word “OFPP_LOCAL” in the picture above. The switch interface settings can also be seen such as speed, duplex etc.

The switch flow table can also be viewed on the controller:

HP-Comware-switches-flow-fordatapath
Because this switch is using OpenFlow 1.3, the hardware tables and OpenFlow pipeline are exposed. In this case, tables 0 are hardware ASICs on the switch. The ASICs and available OpenFlow pipeline are switch and ASIC dependent.

Looking at one of the entries, the following can be seen:

HP-Comware-switches-applyactions

  • Table Number: 0
  • Priority: 29999. This can be used to determine which flow entry is matched first.
  • Packets: 77710. This is accounting for packets as per the OpenFlow standard.
  • Bytes: -1. This is accounting for bytes and is not shown here.
  • Flow entry: In this case a flow is configured for Source MAC address: 00:0c:29:1c:ca:3e going to destination MAC address 00:0c:29:0b:4a:33. The ingress port is 2 and the egress port is (4).

Diagram of traffic flow:

HP-Comware-switches-out-port-direction-traffic
Flows are unidirectional. The return traffic flow entry can be seen here:

HP-Comware-switches-apply-action-inport
The flow entries are dynamically updating. Note how the packets and Bytes counts have increased in the following screenshot:

HP-Comware-switches-flowpath
This information can also be viewed on the switches:

[5900-1]display openflow instance 10 flow-table
Instance 10 flow table information:

Table 0 information:
 Table type: Extensibility, flow entry count: 5, total flow entry count: 5

MissRule flow entry information:
 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,
 byte count: --, packet count: 185825
Match information: any
Instruction information:
 Write actions:
  Output interface: Controller, send length: 65509 bytes

Flow entry 3 information:
 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 60, flags:
 flow_send_rem, byte count: --, packet count: 79135
Match information:
 Input interface: GE1/0/2
 Ethernet destination MAC address: 000c-290b-4a33
 Ethernet destination MAC address mask: ffff-ffff-ffff
 Ethernet source MAC address: 000c-291c-ca3e
 Ethernet source MAC address mask: ffff-ffff-ffff
 Ethernet type: 0x0800
Instruction information:
 Write actions:
  Output interface: GE1/0/4

And return traffic:

Flow entry 4 information:
 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 60, flags:
 flow_send_rem, byte count: --, packet count: 79121
Match information:
 Input interface: GE1/0/4
 Ethernet destination MAC address: 000c-291c-ca3e
 Ethernet destination MAC address mask: ffff-ffff-ffff
 Ethernet source MAC address: 000c-290b-4a33
 Ethernet source MAC address mask: ffff-ffff-ffff
 Ethernet type: 0x0806
Instruction information:
 Write actions:
  Output interface: GE1/0/2

The devices are able to send traffic to each other.

This is the PC with IP address 10.10.10.12 showing successful pings to 10.10.10.13:

HP-Comware-switches-command-prompt
Summary:

In this blog entry I showed you a basic configuration of HP Comware switches with the HP VAN SDN Controller.



Tags: , , , , ,


About :

These days I am involved in some exciting SDN and OpenFlow projects involving the HP VAN SDN Controller, HP ProVision and HP Comware switches. These new developments in the networking world combine my passions of networking and application development. I hope to write some interesting blog entries on these exiting topics. I am both a Cisco CCIE #11023 and HP MASE as well as a Cisco Certified Systems Instructor (CCSI #22787) and Certified HP Instructor. I have been training networking courses for well over 10 years teaching on a wide range of topics including routing and switching, VoIP, OpenFlow and SDN. I have delivered instructor led courses all over the world. I started working with Cisco Unified Communications Manager when it was still called Cisco Call Manager and have been deploying, troubleshooting and teaching Unified Communications products since version 3.0. I have developed various network utilities such as the VPN Config Generator and others to help engineers in their day to day jobs. I also develop software, training materials, EBooks, videos and other products which are used throughout the world. I have designed, implemented and managed networks ranging from single sites to those that span 50 countries.

View all posts by


No comments yet.

Leave a Reply

  • Proper format "info@pakiti.com"