OpenFlow configuration: HP ProCurve switches and the HP VAN SDN Controller

In this blog entry I’ll show you how to get a basic OpenFlow network working using HP ProVision switches (formally ProCurve and E-Series)  and the HP VAN SDN Controller.

See this blog entry for the configuration of HP Comware switches. See other blog entries for more complicated topologies.

This is a simple topology of two 3500yl switches and two hosts. VLAN 10 will be configured as the OpenFlow VLAN and VLAN 1 as the out of band management VLAN. This VLAN is used for communication with the HP VAN SDN Controller. ProVision (ProCurve) switches require that a separate VLAN be used for communication with the Controller that does not have OpenFlow enabled. A seperate out of band port could also be used if preferred.

Network Diagram:

VLAN-network-diagram
Summary:

VLAN 1 = Management VLAN (Used for communication with the Controller. This VLAN does not have OpenFlow enabled.

VLAN 10 = OpenFlow VLAN

3500yl-1: IP address 192.168.56.100

3500yl-2: IP address 192.168.56.101

Switch software version: 15.14.003

Controller: HP VAN SDN Controller, version 2.0.0.4253

Code versions:

HP ProVision switches support OpenFlow 1.3 from version 15.14. In this topology I have two 3500yl switches running 15.14:

3500yl-1# sh ver
Image stamp:
 /ws/swbuildm/K_rel_memphis_qaoff/code/build/btm(swbuildm_K_rel_memphis_qaoff_rel_memphis)
                Oct 31 2013 12:27:49
                K.15.14.0003
                1459
Boot Image:     Primary
3500yl-1#

3500yl-2# sh ver
Image stamp:
 /ws/swbuildm/K_rel_memphis_qaoff/code/build/btm(swbuildm_K_rel_memphis_qaoff_rel_memphis)
                Oct 31 2013 12:27:49
                K.15.14.0003
                1459
Boot Image:     Secondary
3500yl-2#

VLANs:

In this topology I have configured additional interfaces in VLAN 10 to show that the interface state is communicated via OpenFlow to the controller. See below for screenshots on the controller showing how the following interfaces are up or down:

This is the configuration of VLAN 10:

vlan 10
   name "VLAN10"
   untagged 1-6,10,24

This is the VLAN show command output (note that some of the interfaces are down):

3500yl-1(config)# sh vlan 10

 Status and Counters - VLAN Information - VLAN 10

  VLAN ID : 10
  Name : VLAN10
  Status : Port-based
  Voice : No
  Jumbo : No

  Port Information Mode     Unknown VLAN Status
  ---------------- -------- ------------ ----------
  1                Untagged Learn        Down
  2                Untagged Learn        Down
  3                Untagged Learn        Up
  4                Untagged Learn        Down
  5                Untagged Learn        Down
  6                Untagged Learn        Down
  10               Untagged Learn        Down
  24               Untagged Learn        Up
3500yl-1(config)#

3500yl-2 VLANs:

This is the configuration of VLAN 10 on the 3500yl-2 switch:

vlan 10
name “VLAN10”
untagged 1-6,24

And again, the VLAN show command output (note that some of the interfaces are down):

3500yl-2(config)# sh vlan 10

 Status and Counters - VLAN Information - VLAN 10

  VLAN ID : 10
  Name : VLAN10
  Status : Port-based
  Voice : No
  Jumbo : No

  Port Information Mode     Unknown VLAN Status
  ---------------- -------- ------------ ----------
  1                Untagged Learn        Down
  2                Untagged Learn        Up
  3                Untagged Learn        Up
  4                Untagged Learn        Down
  5                Untagged Learn        Down
  6                Untagged Learn        Down
  24               Untagged Learn        Up

3500yl-2(config)#

OpenFlow configuration:

To configure OpenFlow, in global configuration mode, type the command openflow. This takes you to the global OpenFlow configuration options:

3500yl-1> enable
3500yl-1# conf
3500yl-1(config)# openflow
3500yl-1(openflow)#

A controller ID and IP address needs to be specified. You could configure multiple controllers for redundancy and load balancing. In this case, only one controller is configured. The VLAN used for communication with the controller is VLAN 1:

3500yl-1(openflow)# controller-id 1 ip 192.168.56.7 controller-interface vlan 1

An OpenFlow instance needs to configured. On ProVision switches, there is a one-to-one mapping between instances and VLANs. In other words, every VLAN requires a separate OpenFlow instance. This is not true for Comware switches (multiple VLANs can be mapped to a single OpenFlow instance).

In this example, a name is used called “test01”. You could use a more descriptive name.

3500yl-1(openflow)# instance test01
3500yl-1(of-inst-test01)#

Map a VLAN to the instance using the member VLAN command:

3500yl-1(of-inst-test01)# member vlan 10

Associate the Controller with the instance:

3500yl-1(of-inst-test01)# controller-id 1

The default version of OpenFlow used by HP ProVision switches is 1.0. In this example I have specified version 1.3. There are multiple advantages to using OpenFlow 1.3 including multiple table support (pipeline). Please refer to the ONF’s website for the specifications. Click here for OpenFlow specifications. I will also discuss this in more detail in another blog.

3500yl-1(of-inst-test01)# version 1.3

The OpenFlow instance needs to be enabled. You could have multiple instances (VLANs) and have OpenFlow enabled on some of the VLANs and disabled on other VLANs. In this example our OpenFlow instance for VLAN 10 is enabled:

3500yl-1(of-inst-test01)# enable

OpenFlow then needs to be enabled globally on the switch:

3500yl-1(of-inst-test01)# exit
3500yl-1(openflow)# enable

That’s it. Not too difficult to configure a single basic instance of OpenFlow on the HP ProVision switches.

This is the full OpenFlow configuration on both switches:

3500yl-1:

openflow
   controller-id 1 ip 192.168.56.7 controller-interface vlan 1
   egress-only-ports
   instance "test01"
      listen-port
      member vlan 10
      controller-id 1
      version 1.3
      enable
      exit
   enable
   exit

3500yl-2:

openflow
   controller-id 1 ip 192.168.56.7 controller-interface vlan 1
   egress-only-ports
   instance "test01"
      listen-port
      member vlan 10
      controller-id 1
      version 1.3
      enable
      exit
   exit

 

HP VAN SDN Controller:

The switches will now initiate an OpenFlow connection to the HP VAN SDN Controller on port 6633 (default for 1.3). In this example, I am connecting to the controller using Chrome and navigating to the user interface, which uses the following URL:

https://<Controller_IP_Address>:8443/sdn/ui/

I am warned about the certificate not being trusted. This is because the controller uses a self signed certificate by default:

hp-sdn-ui-security-certificate
After clicking “Proceed anyway”, I am prompted to login.

The default credentials are:

Username: sdn

Password: skyline

hp-sdn-controller-console-login
The default view after login is the Alerts view. In this view, notifications of new links are shown amongst other alerts:

hp-van-sdn-controller-2-0
Clicking the OpenFlow Topology menu item displays the topology:

As you can see, both switches have been discovered and so have the nodes (hosts):

hp-van-sdn-controller-2-0-nodes-host
In case that screenshots is not clear, here is a picture of just the topology:

hp-sdn-controller-console-topology
The controller has discovered the links between the switches by using LLDP and BDDP messages. The nodes or hosts have been discovered when they send traffic (ARP, DHCP etc).

The switches are identified by Data Path IDs (DPIDs). This is a 64 bit number consisting of two parts:

  • Most significant 16 bits are vendor specific. On HP ProVision switches, this is the VLAN number. “10” in decimal equates to “A” in Hexadecimal. Hence the switches are identified by 00:0a.
  • Least significant 48 bits: Switch MAC address.

To view the DPIDs of the individual switches, the following command can be used on the switches:

3500yl-1# sh openflow instance test01

 Configured OF Version    : 1.3
 Negotiated OF Version    : 1.3
 Instance Name            : test01
 Admin. Status            : Enabled
 Member List              : VLAN 10
 Listen Port              : 6633
 Oper. Status             : Up
 Oper. Status Reason      : NA
 Datapath ID              : 000a78acc019bdc0
 Mode                     : Active
 Flow Location            : Hardware and Software
 No. of Hw Flows          : 2
 No. of Sw Flows          : 1
 Hw. Rate Limit           : 0 kbps
 Sw. Rate Limit           : 100 pps
 Conn. Interrupt Mode     : Fail-Secure
 Maximum Backoff Interval : 60 seconds
 Probe Interval           : 10 seconds
 Hw. Table Miss Count     : NA
 No. of Sw Flow Tables    : 1
 Egress Only Ports        : None
 Table Model              : Policy Engine and Software

 Controller Id Connection Status Connection State Secure Role
 ------------- ----------------- ---------------- ------ ------
 1             Connected         Active           No     Equal

3500yl-1#

And for switch2:

3500yl-2(openflow)# show openflow instance test01

 Configured OF Version    : 1.3
 Negotiated OF Version    : 1.3
 Instance Name            : test01
 Admin. Status            : Enabled
 Member List              : VLAN 10
 Listen Port              : 6633
 Oper. Status             : Up
 Oper. Status Reason      : NA
 Datapath ID              : 000a0017a47e3180
 Mode                     : Active
 Flow Location            : Hardware and Software
 No. of Hw Flows          : 2
 No. of Sw Flows          : 1
 Hw. Rate Limit           : 0 kbps
 Sw. Rate Limit           : 100 pps
 Conn. Interrupt Mode     : Fail-Secure
 Maximum Backoff Interval : 60 seconds
 Probe Interval           : 10 seconds
 Hw. Table Miss Count     : NA
 No. of Sw Flow Tables    : 1
 Egress Only Ports        : None
 Table Model              : Policy Engine and Software

 Controller Id Connection Status Connection State Secure Role
 ------------- ----------------- ---------------- ------ ------
 1             Connected         Active           No     Equal

3500yl-2(openflow)#

The OpenFlow Topology view can be changed to show the MAC addresses of nodes or hosts:

hp-sdn-general-openflow-topology
Ports can be shown or hidden by using the Ports option on the View menu:

hp-sdn-general-openflow-topology-port
To see the negotiated version of OpenFlow used with the controller, click the OpenFlow Monitor menu:

hp-sdn-OpenFlow-Monitor
In this example, both switches have negotiated to use OpenFlow 1.3.0 with the controller:

hp-sdn-controller-summary-for-data-path
The negotiated capabilities can be viewed by clicking on Summary (in this case, for the 3500yl-2 switch). The ephemeral (dynamic) port used by the switch is 49248. The negotiated version of OpenFlow is 1.3.0. The IP address of the switch is 192.168.56.101 and the DPID is also shown. The number of tables (3) and number of buffers (0) are also shown. Buffers allow packets to be buffered locally on the switch and only the headers sent to the controller for Packet_IN messages. Various switch capabilities are also shown in the output.

The ports on the switch can be viewed. Note that some of the interfaces are down as per the output on the switch as I showed you at the beginning of this blog:

hp-sdn-controller-port-data-path
The 4292967294 interface is the switch’s local management interface. Note the word “local” in the picture above. The switch interface settings can also be seen such as speed, duplex etc.

The switch flow table can also be viewed on the controller:

hp-sdn-flow-for-data-path
Because this switch is using OpenFlow 1.3, the hardware tables and OpenFlow pipeline are exposed. In this case, tables 0 and 100 are hardware ASICs on the switch. Table 200 is a software table. The ASICs and available OpenFlow pipeline are switch and ASIC dependent. Please refer to the HP Switch Software OpenFlow Administrators Guide for more detail on the ASICs on HP ProCurve switches. I will also explain these in more detail in another blog.

Looking at one of the entries, the following can be seen:

HP Switch-Software-OpenFlow-Administrators-Guide

  • Table Number: 200
  • Priority: 29999. This can be used to determine which flow entry is matched first.
  • Packets: 681. This is accounting for packets as per the OpenFlow standard.
  • Bytes: 50394. This is accounting for bytes as per the OpenFlow standard.
  • Flow entry: In this case a flow is configured for Source MAC address: 00:01:04:11:1f:36 going to destination MAC address b8:27:eb:e3:fe:0d. The ingress port is 2 and the egress port is 24.

Diagram of traffic flow:

hp-sdn-diagram-traffic-flow
Flows are unidirectional. The return traffic flow entry can be seen here:

hp-mininet-return-traffic-flow-entry
The flow entries are dynamically updating. Note how the packets and Bytes counts have increased in the following screenshot:

hp-sdn-entries-dynamically-updating
This information can also be viewed on the switches:

3500yl-2# show openflow instance test01 flows
Flow 4
 Match
  Incoming Port : 2                     Ethernet Type    : IP
  Source MAC    : 000104-111f36         Destination MAC  : b827eb-e3fe0d
  VLAN ID       : Any                   VLAN priority    : Any
  Source Protocol Address : Any
  Target Protocol Address : Any
  IP Protocol   : Any
  IP ECN        : Any                   IP DSCP          : Any
  Source Port   : Any                   Destination Port : Any
 Attributes
  Priority      : 29999                 Duration         : 1962 seconds
  Hard Timeout  : 0 seconds             Idle Timeout     : 60 seconds
  Byte Count    : 145410                Packet Count     : 1965
  Flow Table ID : 200                   Controller ID    : 1
  Activity Count: NA                    Cookie           : 0x2328
  Hardware Index     : NA
 Instructions
   Apply Actions
     Output                      : 24

And return traffic:

Flow 7
 Match
  Incoming Port : 24                    Ethernet Type    : IP
  Source MAC    : b827eb-e3fe0d         Destination MAC  : 000104-111f36
  VLAN ID       : Any                   VLAN priority    : Any
  Source Protocol Address : Any
  Target Protocol Address : Any
  IP Protocol   : Any
  IP ECN        : Any                   IP DSCP          : Any
  Source Port   : Any                   Destination Port : Any
 Attributes
  Priority      : 29999                 Duration         : 1954 seconds
  Hard Timeout  : 0 seconds             Idle Timeout     : 60 seconds
  Byte Count    : 144818                Packet Count     : 1957
  Flow Table ID : 200                   Controller ID    : 1
  Activity Count: NA                    Cookie           : 0x2328
  Hardware Index     : NA
 Instructions
   Apply Actions
     Output                      : 2

The devices are able to send traffic to each other. Here is the output of the ping from 10.10.10.15 to 10.10.10.74:

hp-command-prompt
In this blog I showed you a basic configuration of HP ProVision (ProCurve) switches with the HP VAN SDN Controller.



Tags: , , , ,


About :

These days I am involved in some exciting SDN and OpenFlow projects involving the HP VAN SDN Controller, HP ProVision and HP Comware switches. These new developments in the networking world combine my passions of networking and application development. I hope to write some interesting blog entries on these exiting topics. I am both a Cisco CCIE #11023 and HP MASE as well as a Cisco Certified Systems Instructor (CCSI #22787) and Certified HP Instructor. I have been training networking courses for well over 10 years teaching on a wide range of topics including routing and switching, VoIP, OpenFlow and SDN. I have delivered instructor led courses all over the world. I started working with Cisco Unified Communications Manager when it was still called Cisco Call Manager and have been deploying, troubleshooting and teaching Unified Communications products since version 3.0. I have developed various network utilities such as the VPN Config Generator and others to help engineers in their day to day jobs. I also develop software, training materials, EBooks, videos and other products which are used throughout the world. I have designed, implemented and managed networks ranging from single sites to those that span 50 countries.

View all posts by


4 Responses to “OpenFlow configuration: HP ProCurve switches and the HP VAN SDN Controller”

  • Vandewilly, April 14, 2014 at 1:42 pm #

    Hi David,

    Do you know if the number of tables (3) is a hardware limitation or could be increased through the HP VAN Controller?

    Reply

Leave a Reply

  • Proper format "info@pakiti.com"