Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree
Skip to end of metadata
Go to start of metadata

In the following topology, we build a server network in a datacenter. The following requirements should be met:
● Servers should not be able to communicate with each other, which means traffic from a server can only be forwarded in the upstream direction.
●The network should be scalable, and the configuration of the switch should be simple (e.g., isolating the traffic between servers by ACLs or VLANs is too complex of a configuration).
You can configure a ToR switch manually or by a controller—it's up to you.



Figure 8-5. Crossflow network. 


Configuring theP3295-1 switch

For P3295-1, configure ports ge-1/1/1~ge-1/1/48 in crossflow mode. Create 48 flows that will make traffic from the servers be forwarded only upstream, and be sure to configure flows that will forward the downstream traffic to the corresponding server.

admin@XorPlus# set interface stm firewall-table ingress  400
admin@XorPlus# set interface stm ipv4-route 6000
admin@XorPlus# commit 
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus#
admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 crossflow local-control false
admin@XorPlus# set interface gigabit-ethernet ge-1/1/2 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet ge-1/1/2 crossflow local-control false
admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 crossflow local-control false
admin@XorPlus# set interface gigabit-ethernet te-1/1/49 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet te-1/1/49 crossflow local-control false
admin@XorPlus# commit 
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus# 

Create br0 and add ports to bridge.

ovs-vsctl add-br br0
ovs-vsctl add-port br0 ge-1/1/1
ovs-vsctl add-port br0 ge-1/1/2
ovs-vsctl add-port br0 ge-1/1/3
ovs-vsctl add-port br0 te-1/1/49

 

Add flows.

ovs-ofctl add-flow br0 in_port=1,actions=49
ovs-ofctl add-flow br0 in_port=49,nw_dst=172.16.1.2/32,actions=1
ovs-ofctl add-flow br0 in_port=2,actions=49
ovs-ofctl add-flow br0 in_port=49,nw_dst=172.16.1.3/32,actions=2
ovs-ofctl add-flow br0 in_port=3,actions=49
ovs-ofctl add-flow br0 in_port=49,nw_dst=172.16.1.4/32,actions=3


Configuring P3295-2 and P3295-3 switches

You can configure P3295-2 and P3295-3 using the instructions for configuring P3295-1. 

Configuring the P3920 switch

For P3920, configure ports te-1/1/1~te-1/1/48 as a Layer 3 interfaces and enable the OSPF interface in qe-1/1/49. The interface qe-1/1/49 will join the OSPF network to the outside.

admin@XorPlus# set vlans vlan-id 100 l3-interface vlan100
admin@XorPlus# set vlans vlan-id 200 l3-interface vlan200
admin@XorPlus# set vlans vlan-id 300 l3-interface vlan300
admin@XorPlus# set vlans vlan-id 400 l3-interface vlan400
admin@XorPlus# set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 100
admin@XorPlus# set interface gigabit-ethernet te-1/1/2 family ethernet-switching native-vlan-id 200
admin@XorPlus# set interface gigabit-ethernet te-1/1/3 family ethernet-switching native-vlan-id 300
admin@XorPlus# set interface gigabit-ethernet qe-1/1/49 family ethernet-switching native-vlan-id 400
admin@XorPlus# commit
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus# set vlan-interface interface vlan100 vif vlan100 address 172.16.1.1 prefix-length 24
admin@XorPlus# set vlan-interface interface vlan200 vif vlan200 address 172.16.2.1 prefix-length 24
admin@XorPlus# set vlan-interface interface vlan300 vif vlan300 address 172.16.3.1 prefix-length 24
admin@XorPlus# set vlan-interface interface vlan400 vif vlan400 address 172.16.4.1 prefix-length 24
admin@XorPlus# commit
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus# set interface stm firewall-table ingress  400
admin@XorPlus# set interface stm ipv4-route 6000
XorPlus# commit 
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus#
XorPlus# set interface gigabit-ethernet te-1/1/1 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet te-1/1/2 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet te-1/1/3 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet qe-1/1/49 crossflow enable true
admin@XorPlus# commit
Waiting for merging configuration.
Commit OK.
Save done.

Be sure to configure the OSPF interface to work with the OSPF Layer 3 network. 

admin@XorPlus# set protocols ospf4 area 0.0.0.0 interface vlan400 vif vlan400 address 172.16.4.1
admin@XorPlus# set protocols ospf4 router-id 1.1.1.1
admin@XorPlus# set policy policy-statement static-to-ospf term t1 from protocol connected
admin@XorPlus# set protocols ospf4 export static-to-ospf
admin@XorPlus# commit Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus#

Create br0 and add ports to br0

ovs-vsctl add-br br0
ovs-vsctl add-port br0 te-1/1/1 - set interface te-1/1/1 type=crossflow
ovs-vsctl add-port br0 te-1/1/2 - set interface te-1/1/2 type=crossflow
ovs-vsctl add-port br0 te-1/1/3 - set interface te-1/1/1 type=crossflow
ovs-vsctl add-port br0 qe-1/1/49 - set interface qe-1/1/49 type=crossflow

Add flows.

ovs-ofctl add-flow br0 in_port=1,actions=set_field:22:22:22:22:22:22-\>dl_dst,49
ovs-ofctl add-flow br0 in_port=2,actions=set_field:22:22:22:22:22:22-\>dl_dst,49
ovs-ofctl add-flow br0 in_port=3,actions=set_field:22:22:22:22:22:22-\>dl_dst,49

 

 

 

 

  • No labels