wiki:Internal/OpenFlow/Firmware

Version 8 (modified by seskar, 15 years ago) ( diff )

Name changed from Documentation/OpenFlow/Firmware to Internal/OpenFlow/Firmware

Flashing NEC Switches

NEC provides two models of switch that supports OpenFlow, the IP8800/S3640-24T2XW and the IP8800/S3640-48T2XW.
The switches must be manually flashed with OpenFlow capable firmware to make them OpenFlow capable. NEC provides instructions on flashing the switch, but there are a few things that are useful to know that they don't mention. This article is a summary of the instructions, with those unmentioned caveats thrown in.

Materials Needed

The SD card must contain the following for the switch to be able to boot off of it:

  • OpenFlow capable firmware (k.img)
  • Software license for OpenFlow capable firmware (license.dat)
  • Configuration file for OpenFlow specific features (openflow.conf)

In order to use SSL for the secure channel between the switch and the controller, the following three should also be on the card:

  • CA certificate (ca_cert.pem)
  • Certificate for the switch (sw_cert.pem)
  • secret key for switch (sw_key.pem)

General steps

These are the general steps required to get the switch up and running as an OpenFlow device:

  1. Log into switch (this assumes you have already configured everything so you can talk to your switch)
  2. Disable Spanning Tree Protocol (command spanning-tree disable under configuration prompt)
  3. Create VLANs
  4. Create openflow.conf
  5. Save k.img, license.dat, openflow.conf, and if using SSL, the .pem files, onto SD card
  6. Cold boot switch off of SD card (the manual says a reboot is sufficient, but this was not the case)
  7. Enjoy

The Caveats

The SD card

NEC provides a certified SD card with the switch. They recommend that you only use this card.

The License

Each license is specific to a certain switch; a switch will not boot properly if the license is missing, misnamed, or if the license for the wrong switch is used. The license must always be named "license.dat" for the switch to boot properly.

When you get more than one license, each license will be named by the serial number of the switch you're supposed to use the license on instead of being named "license.dat." In that case, the serial number can be found on a silver sticker on the front of the switch, or by typing show version at the terminal: 

# show ver
Date 2000/01/09 01:20:34 UTC
Model: AX3640S-48T2XW
S/W: OS-L3L Ver. 10.7 
H/W: Main board
       AX-3640-48T2XW-L [WA03CL48T2XWS0E0693K007:80330300:111:1B514-1B512]    
     Module slot1 PS-M(AC)
       AX-F2430-PSA01 [WA0PSA010000C110093D006]
     Module slot2 FAN-M
       AX-F2430-FAN01 [WA1FAN010000C140093D004]

In this case, "WA03CL48T2XWS0E0693K007" (in the first entry under "H/W: Main board) is the serial number and matches the name of the correct license for this specific switch.

openflow.conf

openflow.conf is a text file that contains configurations specific to virtual switching. The details about the commands that can be used in the file are on pages 12-13 of the NEC manual. Following are a few notes about the commands.

no-save

Specifying this parameter in openflow.conf will prevent you from configuring virtual switches through the CLI (i.e, create new virtual switches). Because the firmware does not include text editors, once you have this parameter on your .conf file you will have to edit your file on a PC if you want to change anything. Basically, if you are planning to change things around after the switch has been booted into OpenFlow, it is better not to specify this command.

double-wide-mode

When specified, all ten OpenFlow specific header fields will be matched.

setvsi

Creates an instance of a virtual switch on a VLAN.

setvsi is followed by several parameters:

setvsi <vlan id> <list of ports> <tcp|ssl> <controller ip address[:port]> [<cacert> <my cert> <my private key>] [dpid <datapath id>] [hwlimit <max entrynum>] [max-backoff <backoff time>] [echo-interval <interval time>]

not all parameters need to be used with setvsi. The following are the minimal parameters you need to get a virtual switch going:

setvsi <vlan id> <list of ports> <tcp|ssl> <controller ip address[:port]> [dpid <datapath id>]

when booted, openflow.conf lives in /mnt/. This is the first functional openflow.conf file that was used on the switch: 

setvsi 1 1,3,5,7,9,11,13,15,2.1 tcp 172.16.4.224 dpid 0x0123456789ab
setvsi 2 17,19,21,23,25,27,29,31,2.2 tcp 172.16.4.180 dpid 0x012345678abc
setvsi 3 33,35,37,39,41,43,45,47,2.3 tcp 172.16.4.64 dpid 0x01234567abcd

In this case, the three virtual switches each take up the top row of a block of ports, and share a trunk port (port 2), as denoted by the 2.1, 2.2, and 2.3 at the end of the lists of ports. the syntax is

<port number of trunk>.<VLAN>

The VLAN assignments were made to match up with the port assignments of the virtual switches. The virtual switch can overlay across a portion of the ports of any given VLAN, but not overlay across ports belonging to different VLANS.

editing openflow.conf from the CLI versus editing it from a computer

Once the switch is booted from the card, the two CLI commands you can use to manipulate openflow.conf are:

  • setvsi - adds virtual switches using the exact same syntax as in openflow.conf
  • deletevsi - removes virtual switches

Even though the switch will boot without anything written in openflow.conf, and you can add the virtual switches later, you can't add any of the other choices i.e. no-save or double-wide-mode from the command line. In order to add the other parameters to openflow.conf, you will have to edit the file on a text editor.

The details of configuring VLANs and virtual switches on an OpenFlow capable switch are here:
wiki:Documentation/OpenFlow/VirtualSwitch

SSL stuff

The page refrenced to create the .pem files: http://www.debian-administration.org/article/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian



Return to the OpenFlow index

Note: See TracWiki for help on using the wiki.