README_Cisco.rst

Faucet on Cisco Switches (Beta)

Introduction

Cisco supports Openflow with FAUCET pipeline on the Catalyst 9000 Series switches.

The solution support is currently in beta on the following models:

• C9300-48P-A
• C9410R with SUP1
• C9500-48X-A

For access to the beta image and for solution support, please send an email to cat9k-openflow-triage(mailer list).

Setup

Boot up in Openflow Mode

The Catalyst 9K will be in traditional switching mode by default. The below command will enable Openflow mode on the switch.

Switch-C9300#
Switch-C9300#configure terminal
Switch-C9300(config)#boot mode ?
openflow  openflow forwarding mode

Switch-C9300(config)#boot mode openflow
Changes to the boot mode preferences have been stored,
but it cannot take effect until the next reload.
Use "show boot mode" to check the boot mode currently
active.
Switch-C9300(config)#end

Switch-C9300#show boot mode
System initialized in normal switching mode
System configured to boot in openflow forwarding mode

Reload required to boot switch in configured boot mode.

Switch-C9300#reload

Configure Openflow

** Configure the Management interface communicate with controller. **

Switch-C9300#
Switch-C9300#configure terminal
Switch-C9300(config)#interface GigabitEthernet0/0
Switch-C9300(config-if)#vrf forwarding Mgmt-vrf
Switch-C9300(config-if)#ip address 192.168.0.41 255.255.255.0
Switch-C9300(config-if)#negotiation auto
Switch-C9300(config-if)#end
Switch-C9300#

** Configure the Openflow feature and controller connectivity **

Switch-C9300#
Switch-C9300#configure terminal
Switch-C9300(config)#feature openflow
Switch-C9300(config)#openflow
Switch-C9300(config-openflow)#switch 1 pipeline 1
Switch-C9300(config-openflow-switch)#controller ipv4 192.168.0.91 port 6334 vrf Mgmt-vrf security none
Switch-C9300(config-openflow-switch)#datapath-id 0xABCDEF1234
Switch-C9300(config-openflow-switch)#end
Switch-C9300#

Faucet

On the FAUCET configuration file (/etc/faucet/faucet.yaml), add the datapath of the switch you wish to be managed by FAUCET. The device type (hardware) should be set to CiscoC9K in the configuration file.

:caption: /etc/faucet/faucet.yaml
:name: cisco/faucet.yaml

  dps:
      Cisco-C9K:
          dp_id: 0xABCDEF1234
          hardware: "CiscoC9K"
          interfaces:
              1:
                  native_vlan: 100
                  name: "port1"
              2:
                  native_vlan: 100
                  name: "port2"

Troubleshooting

Command to check overall openflow configuration

Switch-C9300#
Switch-C9300#show openflow switch 1
Logical Switch Context
  Id: 1
  Switch type: Forwarding
  Pipeline id: 1
  Data plane: secure
  Table-Miss default: drop
  Configured protocol version: Negotiate
  Config state: no-shutdown
  Working state: enabled
  Rate limit (packet per second): 0
  Burst limit: 0
  Max backoff (sec): 8
  Probe interval (sec): 5
  TLS local trustpoint name: not configured
  TLS remote trustpoint name: not configured
  Logging flow changes: Disabled
  Stats collect interval (sec): 5
  Stats collect Max flows: 9216
  Stats collect period (sec):  1
  Minimum flow idle timeout (sec):  10
  OFA Description:
     Manufacturer: Cisco Systems, Inc.
     Hardware: C9300-48P
     Software: Cisco IOS Software [Fuji], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 16.8.1GO3, RELEASE SOFTWARE (fc1)| openvswitch 2.1
     Serial Num: FCW2145L0FP
     DP Description: Faucet-C9300:sw1
  OF Features:
     DPID: 0x000000ABCDEF1234
     Number of tables: 9
     Number of buffers: 256
     Capabilities: FLOW_STATS TABLE_STATS PORT_STATS
  Controllers:
     192.168.0.91:6334, Protocol: TCP, VRF: Mgmt-vrf
  Interfaces:
     GigabitEthernet1/0/1
     GigabitEthernet1/0/2
     ....

Command to check the openflow flows installed

Switch-C9300#
Switch-C9300#show openflow switch 1 flow list
Logical Switch Id: 1
Total flows: 9

Flow: 1 Match: any Actions: drop, Priority: 0, Table: 0, Cookie: 0x0, Duration: 33812.029s, Packets: 46853, Bytes: 3636857
...

Command to check the state of the port status

Switch-C9300#
Switch-C9300#show openflow switch 1 ports
Logical Switch Id: 1
Port    Interface Name   Config-State     Link-State  Features
   1           Gi1/0/1        PORT_UP        LINK_UP  1GB-HD
   2           Gi1/0/2        PORT_UP      LINK_DOWN  1GB-HD
   3           Gi1/0/3        PORT_UP      LINK_DOWN  1GB-HD
   4           Gi1/0/4        PORT_UP      LINK_DOWN  1GB-HD

Command to check the status of the controller

Switch-C9300#
Switch-C9300#show openflow switch 1 controller
show openflow switch 1 controller
Logical Switch Id: 1
Total Controllers: 1

  Controller: 1
    192.168.0.91:6334
    Protocol: tcp
    VRF: Mgmt-vrf
    Connected: No
    Role: Master
    Negotiated Protocol Version: disconnected
    Last Alive Ping: N/A
    last_error: Unknown error 260
    state: CONNECTING
    sec_since_disconnect: 15

Command to check controller statistics

Switch-C9300#show openflow switch 1 controller stats
Logical Switch Id: 1
Total Controllers: 1

  Controller: 1
    address                         :  tcp:192.168.0.91:6334%Mgmt-vrf
    connection attempts             :  2127
    successful connection attempts  :  0
    flow adds                       :  0
    flow mods                       :  0
    flow deletes                    :  0
    flow removals                   :  0
    flow errors                     :  0
    flow unencodable errors         :  0
    total errors                    :  0
    echo requests                   :  rx: 0, tx:0
    echo reply                      :  rx: 0, tx:0
    flow stats                      :  rx: 0, tx:0
    barrier                         :  rx: 0, tx:0
    packet-in/packet-out            :  rx: 0, tx:0

References

• Catalyst 9K at-a-glance
• Catalyst 9400 SUP1
• Catalyst 9400 Linecard