OpenFlow configuration: HP Comware 5500 switches with the HP VAN SDN Controller

HP Comware switches have supported OpenFlow from late 2013 on HP 5900 switches running Comware7.

OpenFlow is now also supported on A5500-EI switches running Comware 5.20 release R2221 as well as A5500-HI switches running Comware 5.2 release R5501. The release date for some of this the was last few days of December 2013.

Click here to get release notes and firmware download for HP HI 5500-48G-4SFP w/2 Intf Slts Switch.

Or, Click here to get release notes and firmware download for HP 5500-48G EI Switch.

See this blog entry for the configuration of OpenFlow on HP 5900 switches.

See this blog entry for the configuration of HP ProVision (ProCurve) switches.

In this blog entry I will explain how to configure HP 5500 Comware switches to communicate with the HP VAN SDN controller.

Note: You cannot configure both OpenFlow and IRF on a switch (big restriction).

A difference between Comware and ProVision:

Comware switches do allow in band communication with the Controller whereas HP ProVision (ProCurve) switches require that a separate VLAN be used for communication with the Controller that does not have OpenFlow enabled. A separate out of band port could also be used if preferred.

Network Diagram:

This is a simple topology of one 5500 switch and one 5900 switch and two hosts. VLAN 10 will be configured as the OpenFlow VLAN and VLAN 1 as the out of band management VLAN. This VLAN is used for communication with the HP VAN SDN Controller

OpenFlow-on-HP-Comware-5500-switches

Summary:

VLAN 1 = Management VLAN (Used for communication with the Controller). This VLAN does not have OpenFlow enabled.

VLAN 10 = OpenFlow VLAN

5500-1: IP address 192.168.56.100

5500 Switch software version: Comware Software, Version 5.20.99, Release 5501

5900-1: IP address 192.168.56.101

5900 Switch software version: HP Comware Software, Version 7.1.045, Release 2307

Controller: HP VAN SDN Controller, version 2.0.0.4253

Switch Code versions:

In this topology I am using two 5900AF-48G-4XG-2QSFP+ switches with the following details:

5500-1:

[5500-1]display version
HP Comware Platform Software
Comware Software, Version 5.20.99, Release 5501
Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
HP A5500-48G-4SFP HI Switch with 2 interface Slots uptime is 0 week, 3 days, 7 hours, 18 minutes

HP A5500-48G-4SFP HI Switch with 2 interface Slots with 2 Processors
1024M   bytes SDRAM
4096K   bytes Nor Flash Memory

512M    bytes Nand Flash Memory
Hardware Version is REV.B
CPLD Version is 002
Bootrom Version is 212
[SubSlot 0] 48GE+4SFP+2SFP PLUS Hardware Version is REV.B

[5500-1]

5900-1:

[5900-1]dis version
HP Comware Software, Version 7.1.045, Release 2307
Copyright (c) 2010-2013 Hewlett-Packard Development Company, L.P.
HP 5900AF-48G-4XG-2QSFP+ Switch uptime is 0 weeks, 1 day, 23 hours, 48 minutes
Last reboot reason : User reboot

Boot image: flash:/5900_5920-cmw710-boot-r2307.bin
Boot image version: 7.1.045P08, Release 2307
  Compiled Jan 09 2014 18:02:55
System image: flash:/5900_5920-cmw710-system-r2307.bin
System image version: 7.1.045, Release 2307
  Compiled Jan 09 2014 18:03:06

Slot 1
HP 5900AF-48G-4XG-2QSFP+ Switch with 2 Processors
Last reboot reason : User reboot
2048M   bytes SDRAM
4M      bytes Nor Flash Memory
512M    bytes Nand Flash Memory
Config Register points to Nand Flash

Hardware Version is Ver.A
CPLD Version is 001
BootRom Version is 127
[SubSlot 0] 48GE+4SFP Plus+2QSFP Plus Hardware Version is Ver.A

[5900-1]

VLANs:

In this topology I have configured additional interfaces in VLAN 10 to show that the interface state is communicated via OpenFlow to the controller. See below for screenshots on the controller showing how the following interfaces are up or down:

5500-1 VLANs:

This is the display VLAN command output:

[5500-1]display vlan 10
 VLAN ID: 10
 VLAN Type: static
 Route Interface: not configured
 Description: VLAN 0010
 Name: VLAN 0010
 Tagged   Ports: none
 Untagged Ports:
     GigabitEthernet1/0/9     GigabitEthernet1/0/13

[5500-1]

5900-1 VLANs:

And again, the display VLAN command output on 5900-1 (note that some of the interfaces are down):

[5900-1]display vlan 10
 VLAN ID: 10
 VLAN type: Static
 Route interface: Configured
 IPv4 address: 10.10.10.101
 IPv4 subnet mask: 255.255.255.0
 Description: VLAN 0010
 Name: VLAN 0010
 Tagged ports:
    GigabitEthernet1/0/5     GigabitEthernet1/0/7     
    GigabitEthernet1/0/8
 Untagged ports:
    GigabitEthernet1/0/2     GigabitEthernet1/0/5
    GigabitEthernet1/0/9

[5900-1]

OpenFlow configuration:

To configure OpenFlow, in system-view, use the openflow and specify an instance. This takes you to the global OpenFlow configuration options.

An OpenFlow instance needs to configured. On ProVision switches, there is a one-to-one mapping between instances and VLANs. In other words, every VLAN requires a separate OpenFlow instance. This is not true for Comware switches (multiple VLANs can be mapped to a single OpenFlow instance).

The instance specified here will also affect the switch Data Path ID (DPID). More details below.

Unlike the 5900 switches that support 4094 instances of OpenFlow, 5500 series switches only support 8 instances:

system-view
System View: return to User View with Ctrl+Z.
[5500-1]openflow instance ?
  INTEGER  Instance ID
[5500-1]openflow instance 1

A controller ID and IP address needs to be specified. You could configure multiple controllers for redundancy and load balancing. In this case, only one controller is configured. The

[5500-1-of-inst-1]controller 1 address ip 192.168.56.7

Associate a single VLAN or multiple VLANs to the instance using the classification VLAN command:

[5500-1-of-inst-1]classification vlan 10
This command isn't effective until the active instance command is issued.
[5500-1-of-inst-1]

The last step is to activate the instance:

[5500-1-of-inst-1]active instance

That’s it. Not too difficult to configure a single basic instance of OpenFlow on the HP ProVision switches.

This is the full OpenFlow configuration on both switches:

5500-1:

openflow instance 1
 controller 1 address ip 192.168.56.7
 classification vlan 10
 active instance

5900-1:

openflow instance 1
classification vlan 10
 controller 1 address ip 192.168.56.7
active instance

HP VAN SDN Controller:

The switches will now initiate an OpenFlow connection to the HP VAN SDN Controller on port 6633 (default for 1.3). In this example, I am connecting to the controller using Chrome and navigating to the user interface, which uses the following URL:

https://<Controller_IP_Address>:8443/sdn/ui/

I am warned about the certificate not being trusted. This is because the controller uses a self signed certificate by default:

HP-Comware-switches-site-security-certificate
After clicking “Proceed anyway”, I am prompted to login.

The default credentials are:

Username: sdn

Password: skyline

HP-Comware-switches-sdn-controller-console-login
The default view after login is the Alerts view. In this view, notifications of new links are shown amongst other alerts:

OpenFlow-Topology-hp-comware-5500
Clicking the OpenFlow Topology menu item displays the topology:

As you can see, both switches have been discovered and so have the nodes (hosts):

hp-comware-5500-hp-van-sdn-controller
In case that screenshots is not clear, here is a picture of just the topology:

open-flow-on-hp-comware-5500-topology
And with port numbers showing – the 5800 port ID is not as intuitive as the 5900:

open-flow-on-hp-comware-5500-LLDP-and-BDDP
The controller has discovered the links between the switches by using LLDP and BDDP messages. The nodes or hosts have been discovered when they send traffic (ARP, DHCP etc).

The switches are identified by Data Path IDs (DPIDs). This is a 64 bit number consisting of two parts:

  • Most significant 16 bits are vendor specific. On HP Comware switches, this equals the OpenFlow instance number configured. I configured a number of 10 and 10 in decimal equates to “A” in Hexadecimal. Hence the switches are identified by 00:0a.
  • Least significant 48 bits: Switch MAC address.

To view the DPIDs of the individual switches, the following command can be used on the switches:

[5500-1]display openflow summary
Fail-open mode: Se - Secure mode, Sa - Standalone mode

ID    Status    Datapath-ID         Channel     Table-num  Port-num  Reactivate
1     Active    0x0001b8af67316bae  Connected   1          3         N

[5500-1]

And for 5900-1:
display openflow summary
Fail-open mode: Se - Secure mode, Sa - Standalone mode

ID    Status    Datapath-ID         Channel     Table-num  Port-num  Reactivate
10    Active    0x000a4431925faa3b  Connected   1          5         N

The OpenFlow Topology view can be changed to show the MAC addresses of nodes or hosts:

open-flow-on-hp-comware-5500-general-open-topology
Ports can be shown or hidden by using the Ports option on the View menu:

open-flow-on-hp-comware-5500-general-open-topology-port
To see the negotiated version of OpenFlow used with the controller, click the OpenFlow Monitor menu:

openflow-hp-comware-openflow-monitor
In the above screenshot, you can see that both switches have negotiated to use OpenFlow 1.3.0 with the controller.

The negotiated capabilities can be viewed by clicking on Summary (in this case, for the 5900-1 switch):

openflow-hp-comware-summary-for-data-path
The ephemeral (dynamic) port used by the switch is 59542. The negotiated version of OpenFlow is 1.3.0. The IP address of the switch is 192.168.56.101 and the DPID is also shown. The number of tables (1) and number of buffers (1024) are also shown. Buffers allow packets to be buffered locally on the switch and only the headers sent to the controller for Packet_IN messages. Various switch capabilities are also shown in the output.

The ports on the switch can be viewed. Note that some of the interfaces are down as per the output on the switch as I showed you at the beginning of this blog:

openflow-hp-comware-port-data-path-id
The 4292967294 interface is the switch’s local management interface. Note the word “OFPP_LOCAL” in the picture above. The switch interface settings can also be seen such as speed, duplex etc.

The switch flow table can also be viewed on the controller:

openflow-hp-comware-openflow-data-path-apply-actions
Because this switch is using OpenFlow 1.3, the hardware tables and OpenFlow pipeline are exposed. In this case, tables 0 are hardware ASICs on the switch. The ASICs and available OpenFlow pipeline are switch and ASIC dependent.

Looking at one of the entries, the following can be seen:

openflow-hp-comware-5500-pipeline

  • Table Number: 0
  • Priority: 29999. This can be used to determine which flow entry is matched first.
  • Packets: 5875. This is accounting for packets as per the OpenFlow standard.
  • Bytes: -1. This is accounting for bytes and is not shown here.
  • Flow entry: In this case a flow is configured for Source MAC address: 00:0c:29:1c:ca:3e going to destination MAC address 00:0c:29:fe:95:ed. The ingress port is 1/0/9 and the egress port is 1/0/13.

Diagram of traffic flow:

openflow-hp-comware-5500-traffic-flow
Flows are unidirectional. The return traffic flow entry can be seen here:

openflow-hp-comware-5500-return-traffic-flow-entry
The flow entries are dynamically updating. Note how the packet counts have increased in the following screenshot:

openflow-hp-comware-5500-flow-for-data-path
This information can also be viewed on the switches:

[5500-1]display openflow instance 1 flow-table
Instance 1 flow table information:

Table 0 information:
 Table Type: Extensibility, flow entry count: 8, total flow entry count: 8

MissRule Flow entry information:
 cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: flow_send_rem,
 byte count: --, packet count: 19873
Match information: any
Instruction information:
 Write actions:
  Output interface: Controller, send length: 65509 bytes

Flow entry 2 information:
 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 60, flags:
 flow_send_rem, byte count: --, packet count: 6976
Match information:
 Input interface: GE1/0/9
 Ethernet destination MAC address: 000c-29fe-95ed
 Ethernet destination MAC address mask: ffff-ffff-ffff
 Ethernet source MAC address: 000c-291c-ca3e
 Ethernet source MAC address mask: ffff-ffff-ffff
 Ethernet type: 0x0800
Instruction information:
 Write actions:
  Output interface: GE1/0/13

And return traffic:

Flow entry 1 information:
 cookie: 0x2328, priority: 29999, hard time: 0, idle time: 60, flags:
 flow_send_rem, byte count: --, packet count: 6895
Match information:
 Input interface: GE1/0/13
 Ethernet destination MAC address: 000c-291c-ca3e
 Ethernet destination MAC address mask: ffff-ffff-ffff
 Ethernet source MAC address: 000c-29fe-95ed
 Ethernet source MAC address mask: ffff-ffff-ffff
 Ethernet type: 0x0806
Instruction information:
 Write actions:
  Output interface: GE1/0/9

The devices are able to send traffic to each other.

This is the PC with IP address 10.10.10.12 showing successful pings to 10.10.10.17:

openflow-hp-comware-5500-command-prompt-showing-successful-ping

Summary:

In this blog entry I showed you a basic configuration of an HP 5500 and HP 5900 Comware switch using OpenFlow with the HP VAN SDN Controller.



Tags: , , , , , ,


About :

These days I am involved in some exciting SDN and OpenFlow projects involving the HP VAN SDN Controller, HP ProVision and HP Comware switches. These new developments in the networking world combine my passions of networking and application development. I hope to write some interesting blog entries on these exiting topics. I am both a Cisco CCIE #11023 and HP MASE as well as a Cisco Certified Systems Instructor (CCSI #22787) and Certified HP Instructor. I have been training networking courses for well over 10 years teaching on a wide range of topics including routing and switching, VoIP, OpenFlow and SDN. I have delivered instructor led courses all over the world. I started working with Cisco Unified Communications Manager when it was still called Cisco Call Manager and have been deploying, troubleshooting and teaching Unified Communications products since version 3.0. I have developed various network utilities such as the VPN Config Generator and others to help engineers in their day to day jobs. I also develop software, training materials, EBooks, videos and other products which are used throughout the world. I have designed, implemented and managed networks ranging from single sites to those that span 50 countries.

View all posts by


No comments yet.

Leave a Reply

  • Proper format "info@pakiti.com"