Faucet on Cisco Switches
Introduction
Cisco supports Openflow with faucet pipeline on the Catalyst 9000 Series switches.
Cisco IOS XE first introduced faucet support in version 16.9.1, however since faucet support is being continually improved on Cisco platforms we recommend running the latest stable release. Currently we would recommend running 16.12.1c or later.
For official Cisco documentation on OpenFlow and faucet support see the following configuration guide:
Setup
Boot up in Openflow Mode
The Catalyst 9K will be in traditional switching mode by default. The below command will enable Openflow mode on the switch.
Switch-C9300#
Switch-C9300#configure terminal
Switch-C9300(config)#boot mode ?
openflow openflow forwarding mode
Switch-C9300(config)#boot mode openflow
Changes to the boot mode preferences have been stored,
but it cannot take effect until the next reload.
Use "show boot mode" to check the boot mode currently
active.
Switch-C9300(config)#end
Switch-C9300#show boot mode
System initialized in normal switching mode
System configured to boot in openflow forwarding mode
Reload required to boot switch in configured boot mode.
Switch-C9300#reload
Configure Openflow
** Configure the Management interface communicate with controller. **
Switch-C9300#
Switch-C9300#configure terminal
Switch-C9300(config)#interface GigabitEthernet0/0
Switch-C9300(config-if)#vrf forwarding Mgmt-vrf
Switch-C9300(config-if)#ip address 192.168.0.41 255.255.255.0
Switch-C9300(config-if)#negotiation auto
Switch-C9300(config-if)#end
Switch-C9300#
** Configure the Openflow feature and controller connectivity. **
Switch-C9300#
Switch-C9300#configure terminal
Switch-C9300(config)#feature openflow
Switch-C9300(config)#openflow
Switch-C9300(config-openflow)#switch 1 pipeline 1
Switch-C9300(config-openflow-switch)#controller ipv4 192.168.0.91 port 6653 vrf Mgmt-vrf security none
Switch-C9300(config-openflow-switch)#controller ipv4 192.168.0.91 port 6654 vrf Mgmt-vrf security none
Switch-C9300(config-openflow-switch)#datapath-id 0xABCDEF1234
Switch-C9300(config-openflow-switch)#end
Switch-C9300#
** Disable DTP/keepalive on OpenFlow ports which may interfere with FAUCET. **
The following example will disable DTP and keepalives for TenGigabitEthernet1/0/1-24; adjust the range as necessary.
Switch-C9300(config)#interface range TenGigabitEthernet1/0/1-24
Switch-C9300(config-if-range)#switchport mode trunk
Switch-C9300(config-if-range)#switchport nonegotiate
Switch-C9300(config-if-range)#spanning-tree bpdufilter enable
Switch-C9300(config-if-range)#no keepalive
Switch-C9300(config-if-range)#exit
** Configure TCP window. **
Configure a larger than default TCP window, so that the switch can output OpenFlow messages to controllers more efficiently.
Switch-C9300#configure terminal
Switch-C9300(config)#ip tcp window-size 65535
Switch-C9300(config)#exit
Switch-C9300#
Faucet
On the FAUCET configuration file (/etc/faucet/faucet.yaml
), add the datapath of the switch you wish to be managed by FAUCET. The device type (hardware) should be set to CiscoC9K
in the configuration file.
dps:
Cisco-C9K:
dp_id: 0xABCDEF1234
hardware: "CiscoC9K"
interfaces:
1:
native_vlan: 100
name: "port1"
2:
native_vlan: 100
name: "port2"
Troubleshooting
Command to check overall openflow configuration
Switch-C9300#
Switch-C9300#show openflow switch 1
Logical Switch Context
Id: 1
Switch type: Forwarding
Pipeline id: 1
Data plane: secure
Table-Miss default: drop
Configured protocol version: Negotiate
Config state: no-shutdown
Working state: enabled
Rate limit (packet per second): 0
Burst limit: 0
Max backoff (sec): 8
Probe interval (sec): 5
TLS local trustpoint name: not configured
TLS remote trustpoint name: not configured
Logging flow changes: Disabled
Stats collect interval (sec): 5
Stats collect Max flows: 9216
Stats collect period (sec): 1
Minimum flow idle timeout (sec): 10
OFA Description:
Manufacturer: Cisco Systems, Inc.
Hardware: C9300-48P
Software: Cisco IOS Software [Fuji], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 16.8.1GO3, RELEASE SOFTWARE (fc1)| openvswitch 2.1
Serial Num: FCW2145L0FP
DP Description: Faucet-C9300:sw1
OF Features:
DPID: 0x000000ABCDEF1234
Number of tables: 9
Number of buffers: 256
Capabilities: FLOW_STATS TABLE_STATS PORT_STATS
Controllers:
192.168.0.91:6653, Protocol: TCP, VRF: Mgmt-vrf
192.168.0.91:6654, Protocol: TCP, VRF: Mgmt-vrf
Interfaces:
GigabitEthernet1/0/1
GigabitEthernet1/0/2
....
Command to check the openflow flows installed
Switch-C9300#
Switch-C9300#show openflow switch 1 flow list
Logical Switch Id: 1
Total flows: 9
Flow: 1 Match: any Actions: drop, Priority: 0, Table: 0, Cookie: 0x0, Duration: 33812.029s, Packets: 46853, Bytes: 3636857
...
Command to check the state of the port status
Switch-C9300#
Switch-C9300#show openflow switch 1 ports
Logical Switch Id: 1
Port Interface Name Config-State Link-State Features
1 Gi1/0/1 PORT_UP LINK_UP 1GB-HD
2 Gi1/0/2 PORT_UP LINK_DOWN 1GB-HD
3 Gi1/0/3 PORT_UP LINK_DOWN 1GB-HD
4 Gi1/0/4 PORT_UP LINK_DOWN 1GB-HD
Command to check the status of the controller
Switch-C9300#
Switch-C9300#show openflow switch 1 controller
Logical Switch Id: 1
Total Controllers: 2
Controller: 1
192.168.0.91:6653
Protocol: tcp
VRF: Mgmt-vrf
Connected: Yes
Role: Equal
Negotiated Protocol Version: OpenFlow 1.3
Last Alive Ping: 2018-10-03 18:43:07 NZST
state: ACTIVE
sec_since_connect: 13150
Controller: 2
192.16.0.91:6654
Protocol: tcp
VRF: Mgmt-vrf
Connected: Yes
Role: Equal
Negotiated Protocol Version: OpenFlow 1.3
Last Alive Ping: 2018-10-03 18:43:07 NZST
state: ACTIVE
sec_since_connect: 12960
Command to check controller statistics
Switch-C9300#
Switch-C9300#show openflow switch 1 controller stats
Logical Switch Id: 1
Total Controllers: 2
Controller: 1
address : tcp:192.168.0.91:6653%Mgmt-vrf
connection attempts : 165
successful connection attempts : 61
flow adds : 1286700
flow mods : 645
flow deletes : 909564
flow removals : 0
flow errors : 45499
flow unencodable errors : 0
total errors : 45499
echo requests : rx: 842945, tx:205
echo reply : rx: 140, tx:842945
flow stats : rx: 0, tx:0
barrier : rx: 8324752, tx:8324737
packet-in/packet-out : rx: 29931732, tx:8772758
Controller: 2
address : tcp:192.168.0.91:6654%Mgmt-vrf
connection attempts : 11004
successful connection attempts : 3668
flow adds : 0
flow mods : 0
flow deletes : 0
flow removals : 0
flow errors : 0
flow unencodable errors : 0
total errors : 0
echo requests : rx: 946257, tx:1420
echo reply : rx: 1420, tx:946257
flow stats : rx: 47330, tx:57870
barrier : rx: 0, tx:0
packet-in/packet-out : rx: 377, tx:0