Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches · Cisco OpenFlow Agent for Nexus 3000...

Cisco OpenFlow Agent for Nexus 3000 and 9000 Series SwitchesFirst Published: 2016-10-30

Last Modified: 2018-01-31

Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000 800 553-NETS (6387)Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITEDWARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITHTHE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain versionof the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDINGANYOTHERWARRANTYHEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS"WITH ALL FAULTS.CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OFMERCHANTABILITY, FITNESS FORA PARTICULAR PURPOSEANDNONINFRINGEMENTORARISING FROMACOURSEOFDEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUTLIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERSHAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, networktopology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentionaland coincidental.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnershiprelationship between Cisco and any other company. (1110R)

© 2014-2018 Cisco Systems, Inc. All rights reserved.

http://www.cisco.com/go/trademarks

http://www.cisco.com/go/trademarks

C O N T E N T S

P r e f a c e Preface v

Audience v

Document Conventions v

Related Documentation for Cisco Nexus 9000 Series Switches vii

Documentation Feedback vii

Obtaining Documentation and Submitting a Service Request vii

C H A P T E R 1 Overview of the Cisco OpenFlow Agent 1

About OpenFlow 1

Cisco OpenFlow Agent Operation 2

OpenFlow Controller Operation 2

OpenFlow Multiple Sub-Switch Operation 2

Information About Cisco OpenFlow Agent 2

Prerequisites for Cisco OpenFlow Agent 2

Restrictions for Cisco OpenFlow Agent 3

Feature Support 4

C H A P T E R 2 Configuring the Cisco OpenFlow Agent 9

Enabling the Cisco OpenFlow Agent 9

Enabling the Cisco OpenFlow Agent on the Nexus 3000 Series Switch 9

Enabling the Cisco OpenFlow Agent on the Nexus 9000 Series Switch 10

Configuring Physical Device Parameters 11

Adjusting the Number of Flow Entries 11

Configuring Global Variables for Cisco OpenFlow Agent Logical Switch 15

Specifying a Route to a Controller 15

Specifying a Route to a Controller Using a Physical Interface 16

Specifying a Route to a Controller Using a Management Interface 17

Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches iii

Configuring Interfaces for a Cisco OpenFlow Agent Logical Switch 18

Configuring a Physical Interface in Layer 2 mode 18

Configuring a Port-Channel Interface 20

Configuring a Cisco OpenFlow Agent Logical Switch 21

Configuring Logical Sub-Switches 25

Configuration Examples for Cisco OpenFlow Agent 28

Verifying Cisco OpenFlow Agent 31

Additional Information for Cisco OpenFlow Agent 39

Feature Information for Cisco OpenFlow Agent 40

A P P E N D I X A Supported Platforms for Cisco OpenFlow Agent 41

Supported Platforms for Cisco OpenFlow Agent 41

A P P E N D I X B Uninstalling Cisco Plug-in for OpenFlow 43

Uninstalling Cisco Plug-in for OpenFlow 43

Converting a Previous OpenFlow Configuration 43

Deactivating and Uninstalling an Application from a Virtual Services Container 44

Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switchesiv

Contents

Preface

This preface includes the following sections:

• Audience, page v

• Document Conventions, page v

• Related Documentation for Cisco Nexus 9000 Series Switches, page vii

• Documentation Feedback, page vii

• Obtaining Documentation and Submitting a Service Request, page vii

AudienceThis guide is intended primarily for data center administrators with responsibilities and expertise in one ormore of the following:

• Virtual machine installation and administration

• Server administration

• Switch and network administration

Document ConventionsCommand descriptions use the following conventions:

DescriptionConvention

Bold text indicates the commands and keywords that you enter literallyas shown.

bold

Italic text indicates arguments for which the user supplies the values.Italic

Square brackets enclose an optional element (keyword or argument).[x]

Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches v


Square brackets enclosing keywords or arguments separated by a verticalbar indicate an optional choice.

[x | y]

Braces enclosing keywords or arguments separated by a vertical barindicate a required choice.

{x | y}

Nested set of square brackets or braces indicate optional or requiredchoices within optional or required elements. Braces and a vertical barwithin square brackets indicate a required choice within an optionalelement.

[x {y | z}]

Indicates a variable for which you supply values, in context where italicscannot be used.

variable

A nonquoted set of characters. Do not use quotation marks around thestring or the string will include the quotation marks.

string

Examples use the following conventions:


Terminal sessions and information the switch displays are in screen font.screen font

Information you must enter is in boldface screen font.boldface screen font

Arguments for which you supply values are in italic screen font.italic screen font

Nonprinting characters, such as passwords, are in angle brackets.< >

Default responses to system prompts are in square brackets.[ ]

An exclamation point (!) or a pound sign (#) at the beginning of a lineof code indicates a comment line.

!, #

This document uses the following conventions:

Means reader take note. Notes contain helpful suggestions or references to material not covered in themanual.

Note

Means reader be careful. In this situation, you might do something that could result in equipment damageor loss of data.

Caution

Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switchesvi

PrefaceDocument Conventions

IMPORTANT SAFETY INSTRUCTIONS

This warning symbol means danger. You are in a situation that could cause bodily injury. Before youwork on any equipment, be aware of the hazards involved with electrical circuitry and be familiar withstandard practices for preventing accidents. Use the statement number provided at the end of each warningto locate its translation in the translated safety warnings that accompanied this device.

SAVE THESE INSTRUCTIONS

Warning

Related Documentation for Cisco Nexus 9000 Series SwitchesThe entire Cisco Nexus 9000 Series switch documentation set is available at the following URL:

http://www.cisco.com/en/US/products/ps13386/tsd_products_support_series_home.html

Documentation FeedbackTo provide technical feedback on this document, or to report an error or omission, please send your commentsto [email protected]. We appreciate your feedback.

Obtaining Documentation and Submitting a Service RequestFor information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a servicerequest, and gathering additional information, seeWhat's New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html

Subscribe toWhat’s New in Cisco Product Documentation, which lists all new and revised Cisco technicaldocumentation as an RSS feed and delivers content directly to your desktop using a reader application. TheRSS feeds are a free service.

Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches vii

PrefaceRelated Documentation for Cisco Nexus 9000 Series Switches

http://www.cisco.com/en/US/products/ps13386/tsd_products_support_series_home.html

http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html

http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html

Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switchesviii

PrefaceObtaining Documentation and Submitting a Service Request

C H A P T E R 1Overview of the Cisco OpenFlow Agent

• About OpenFlow, page 1

• Information About Cisco OpenFlow Agent, page 2

About OpenFlowOpenFlow is an open standardized interface that allows a software-defined networking (SDN) controller tomanage the forwarding plane of a network.

Cisco OpenFlow Agent provides better control over networks making them more open, programmable, andapplication-aware and supports the following specifications defined by the Open Networking Foundation(ONF) standards organization:

• OpenFlow Switch Specification Version 1.0.1 (Wire Protocol 0x01) (referred to as OpenFlow 1.0)

• OpenFlow Switch Specification Version 1.3.0 (Wire Protocol 0x04), referred to as OpenFlow 1.3

These specifications are based on the concept of an Ethernet switch, with an internal flow table and standardizedinterface to allow traffic flows on a device to be added or removed. OpenFlow 1.3 defines the communicationchannel between Cisco OpenFlow Agent and controllers.

A controller can be Cisco Open SDN Controller, or any controller compliant with OpenFlow 1.3.

In an OpenFlow network, Cisco OpenFlow Agent exists on the device and controllers exist on a server thatis external to the device. Flow management and any network management are either part of a controller oraccomplished through a controller. Flowmanagement includes the addition, modification, or removal of flows,and the handling of OpenFlow error messages.

Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches 1

The following figure gives an overview of the OpenFlow network.

Figure 1: OpenFlow Overview

Cisco OpenFlow Agent OperationCisco OpenFlow Agent creates OpenFlow–based TCP/IP connections to controllers for a Cisco OpenFlowAgent logical switch. Cisco OpenFlow Agent creates databases for a configured logical switch,OpenFlow-enabled interfaces, and flows. The logical switch database contains all the information needed toconnect to a controller. The interface database contains the list of OpenFlow-enabled interfaces associatedwith a logical switch, and the flow database contains the list of flows on a logical switch as well as for interfacethat is programmed into forwarded traffic.

OpenFlow Controller OperationOpenFlow controller (referred to as controller) controls the switch and inserts flows with a subset of OpenFlow1.3 and 1.0 match and action criteria through Cisco OpenFlow Agent logical switch. Cisco OpenFlow Agentrejects all OpenFlow messages with any other action.

OpenFlow Multiple Sub-Switch OperationFor more granular and distributed flow control, you can define multiple virtual sub-switches, each with itsown controller, its own unique VLAN range, and its own flow control configuration. The controller of asub-switch has configuration access only to the flows of that sub-switch. VLANs associated with a sub-switchcannot also be associated to another sub-switch, and VLAN ranges cannot overlap between sub-switches.

When you define one or more sub-switches, a lower priority master switch is implicitly created. A flow isevaluated for a match first on the sub-switches and lastly on the master switch if no previous match was found.There are no default flows (miss-action) for the sub-switches.

Information About Cisco OpenFlow Agent

Prerequisites for Cisco OpenFlow AgentCisco OpenFlow Agent requires the following conditions:

Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches2

Overview of the Cisco OpenFlow AgentCisco OpenFlow Agent Operation

• A Cisco device that supports Cisco OpenFlow Agent.

Supported Platforms for Cisco OpenFlow Agent, on page 41 provides a table of OpenFlow support onCisco Nexus 9000 and Nexus 3000 devices.

• Cisco NX-OS software that supports Cisco OpenFlow Agent.

The Cisco OpenFlow Agent was introduced in Cisco NX-OS Release 7.0(3)I5(1), replacing the CiscoPlug-in for OpenFlow used in previous releases. The Cisco Plug-in for OpenFlow, which runs as anapplication in a virtual services container, is no longer supported as of this release. When upgradingfrom a release earlier than Cisco NX-OS Release 7.0(3)I5(1) to Cisco NX-OS Release 7.0(3)I5(1) or alater release, you must deactivate and uninstall the Cisco Plug-in for OpenFlow application from thevirtual services container using the procedure described in Uninstalling Cisco Plug-in for OpenFlow,on page 43.

• A Cisco Nexus 3000 device must run in Cisco Nexus 9000 software mode. On the Nexus 3000 device,the Nexus 9000 mode is activated using the CLI command system switch-mode n9k.

• The OpenFlow feature is enabled on the Cisco device using the CLI command feature openflow.

• A controller is installed on a connected server.

Table 1: Controller Support

Supported ControllersOpenFlow Version

Cisco Open SDN Controller or POX controller.OpenFlow 1.0

Cisco Open SDN Controller, Ixia, OpenDaylight,or Ryu

OpenFlow 1.3

Restrictions for Cisco OpenFlow Agent• Cisco OpenFlow Agent supports only a subset of OpenFlow 1.3 and OpenFlow 1.0 functions. For moreinformation, see Feature Support, on page 4.

• You cannot configure more than one Cisco OpenFlow Agent logical switch. The logical switch ID hasa value of 1. However, you can configure up to nine logical sub-switches in addition to the master switch.

• OpenFlow hybrid model (ships-in-the-night) is supported. VLANs configured for Cisco OpenFlowAgent logical switch ports should not overlap with regular device interfaces.

• You cannot configure a bridge domain, Virtual LANs and virtual routing and forwarding (VRF) interfaceson an Cisco OpenFlow Agent logical switch. You can configure only Layer 2 physical interfaces orport-channel interfaces.

• You cannot configure more than 512 VLANs in Per-VLAN Spanning Tree+ (PVST+) mode.

• The Cisco OpenFlow Agent supports IPv4 and IPv6 flow matching, but not both simultaneously. Thechoice is configured in the TCAM configuration commands. IPv4 and IPv6 dual stack is not supported.

• For IPv6 OpenFlow, you must explicitly carve the OpenFlow–IPv6 TCAM region.


Overview of the Cisco OpenFlow AgentRestrictions for Cisco OpenFlow Agent

• ISSU from the previously-supported Cisco Plug-in for OpenFlow to the Cisco OpenFlow Agent is notsupported.

• MIBs and XMLs are not supported

• Reachability to controller via Switched Virtual Interface (SVI) is not supported.

• The minimum idle timeout for flows must be (2 * statistics collection interval) + 1 second.

• LACP port-channels are not supported for OpenFlow. Remove all OpenFlow related configurationsbefore downgrading to an earlier release.

Feature SupportThe following is a subset of OpenFlow 1.3 and OpenFlow 1.0 functions that are supported by Cisco OpenFlowAgent.

Additional NotesSupported Feature

OpenFlow-hybrid models where traffic can flowbetween Cisco OpenFlow Agent ports and regularinterfaces (integrated) are not supported. Both typesof ports can transmit and receive packets.

VLANs must be configured such that theVLANs on the Cisco OpenFlow Agent donot overlap with those on the regular deviceinterfaces.

Note

The OpenFlow hybrid (ships-in-night) model issupported using the OpenFlow packet format

• Bridge domain, Virtual LANs and VirtualRouting and Forwarding (VRF) interfaces arenot supported.

• Only L2 interfaces can be Cisco OpenFlowAgent Logical switch ports.

Configuration of port-channel and physical interfacesas Cisco OpenFlow Agent logical switch ports

Total number of VLANs across all ports cannotexceed 512.

Maximum VLAN range supported is 4000. You canconfigure 8 such ports on the Cisco OpenFlowAgentdevice.

Recommended VLAN range supported is 512. Youcan configure 62 such ports on the Cisco OpenFlowAgent device.

VLAN range greater than 512 is not supported inPer-VLAN Spanning Tree+ (PVST+) mode.

Configuration of VLANs for each port of the CiscoOpenFlow Agent logical switch


Overview of the Cisco OpenFlow AgentFeature Support


• Pipelines are mandatory for the logical switch.

• The logical switch supports the followingpipelines:

◦Pipeline 201 supports the L3 ACLforwarding table.

◦Pipeline 202 supports an L3 ACLforwarding table and an L2 MACforwarding table. Mandatory matches andactions in both tables must be specified inall configured flows.

◦Pipeline 205 supports MAC and MAC-IProute tables.

Pipelines for Cisco OpenFlow Agent Logical Switch

The following match criteria are supported:

• Ethertype

• EthernetMACdestination (Double-wide TCAMrequired)

• Ethernet MAC source (Double-wide TCAMrequired)

• VLAN ID (for IPv4 packets only)

• VLAN priority (Supported for the Ethertypevalue 0x0800 (IP) only)

• IPv4 source address (Supported for theEthertype value 0x0800 (IP) only)

• IPv4 destination address (Supported for theEthertype value 0x0800 (IP) only)

• IPv6 source address (Supported for theEthertype value 0x86DD (IP) only)

• IPv6 destination address (Supported for theEthertype value 0x86DD (IP) only)

• IP DSCP (Supported for the Ethertype values0x0800 or 0x86DD (IP) only)

• IP protocol (Supported for the Ethertype values0x0800 or 0x86DD (IP) only)

• Layer 4 source port (Supported for the Ethertypevalues 0x0800 or 0x86DD (IP) only)

• Layer 4 destination port (Supported for theEthertype values 0x0800 or 0x86DD (IP) only)

L3 ACL Forwarding Table (Match Criteria)




The following action criteria are supported:

• Output to multiple ports

• Output to a specified interface

• Output to controller (OpenFlow Packet-Inmessage)

• Rewrite source MAC address (SMAC)

◦Supported for the Ethertype values 0x0800or 0x86DD (IP) only

• Rewrite destination MAC address (DMAC)


• Rewrite VLAN ID


• Strip VLAN (Supported for the Ethertype values0x0800 or 0x86DD (IP) only)

• Drop

Rewrite DMAC and Rewrite SMAC actionsmust be specified together.

Note

L3 ACL Forwarding Table (Action Criteria)

Match Criteria:

• Destination MAC address (mandatory)

• VLAN ID (mandatory)

Action Criteria:

• Output to multiple ports

• Drop

L2 MAC Forwarding Table

All packets that cannot be matched to flows aredropped by default. You can configure sendingunmatched packets to the controller.

Default Forwarding Rule

The “modify state” and “queue config”message typesare not supported. All other message types aresupported.

OpenFlow 1.3 message types

Transport Layer Security (TLS) is supported for theconnection to the controller.

Connection to up to eight controllers




If multiple actions are associated with a flow, theyare processed in the order specified. The output actionshould be the last action in the action list. Any actionafter the output action is not supported, and can causethe flow to fail and return an error to the controller.

Flows defined on the controller must follow thefollowing guidelines :

• The flow can have only up to 16 output actions.

• The flow should have the output action at theend of all actions.

• The flow should not have multiple rewriteactions that override one another. For example,strip VLAN after set VLAN or multiple setVLANs.

• The flow should not have anoutput–to–controller action in combination withother output–to–port actions or withVLAN–rewrite actions.

• Flowswith unsupported actions will be rejected.

Multiple actions

Per Table—Active Entries, Packet Lookups, PacketMatches.

Per Flow—Received Packets.

Per Port—Received or Transmitted packets, bytes,drops and errors.

Supported counters



C H A P T E R 2Configuring the Cisco OpenFlow Agent

All tasks in this section require the fulfillment of the prerequisites listed in Prerequisites for Cisco OpenFlowAgent, on page 2.

• Enabling the Cisco OpenFlow Agent, page 9

• Configuring Physical Device Parameters, page 11

• Specifying a Route to a Controller, page 15

• Configuring Interfaces for a Cisco OpenFlow Agent Logical Switch, page 18

• Configuring a Cisco OpenFlow Agent Logical Switch , page 21

• Configuring Logical Sub-Switches, page 25

• Configuration Examples for Cisco OpenFlow Agent, page 28

• Verifying Cisco OpenFlow Agent, page 31

• Additional Information for Cisco OpenFlow Agent, page 39

• Feature Information for Cisco OpenFlow Agent, page 40

Enabling the Cisco OpenFlow Agent

Enabling the Cisco OpenFlow Agent on the Nexus 3000 Series SwitchTo run the Cisco OpenFlow Agent, a Cisco Nexus 3000 series device must run in Cisco Nexus 9000 softwaremode. This procedure activates the Nexus 9000 mode and enables the Cisco OpenFlow Agent.

Procedure

PurposeCommand or Action

Enables privileged EXEC mode.enableStep 1



Example:Device> enable

• Enter your password if prompted.

Enters global configuration mode.configure terminal

Example:Device# configure terminal

Step 2

Activates the Nexus 9000 mode on the Nexus3000 series device.

system switch-mode n9k

Example:Device(config)# system switch-moden9k

Step 3

Exits global configuration mode and entersprivileged EXEC mode.

exit

Example:Device(config)# exit

Step 4

Erases the startup configuration file.write erase

Example:Device# write erase

Step 5

Reloads the operating system of the device.reload

Example:Device# reload

Step 6

Enters global configurationmode (after reload).configure terminal


Step 7

Enables the Cisco OpenFlow Agent.feature openflow

Example:Device(config)# feature openflow

Step 8

What to Do Next

Adjust the number of flow entries.

Enabling the Cisco OpenFlow Agent on the Nexus 9000 Series SwitchThis procedure enables the Cisco OpenFlow Agent.


Configuring the Cisco OpenFlow AgentEnabling the Cisco OpenFlow Agent on the Nexus 9000 Series Switch

Procedure




Step 1

Enables the Cisco OpenFlow Agent.feature openflow

Example:Device(config)# feature openflow

Step 2

What to Do Next

Adjust the number of flow entries.

Configuring Physical Device Parameters

Adjusting the Number of Flow EntriesYou can use this task to adjust the number of L3 flow entries.

Procedure




Step 1

Configures the size of TCAM region for router ACLs.hardware access-list tcam region raclsize

Step 2

Example:Device(config)# hardwareaccess-list tcam region racl 0

Configures the size of TCAM region for egress routerACLs.

hardware access-list tcam region e-raclsize

Example:Device(config)# hardwareaccess-list tcam region e-racl 0

Step 3


Configuring the Cisco OpenFlow AgentConfiguring Physical Device Parameters


Configures the size of TCAM region for QoS.hardware access-list tcam region l3qossize

Step 4

Example:Device(config)# hardwareaccess-list tcam region l3qos 0

Configures the size of TCAM region for SPAN.hardware access-list tcam region spansize

Step 5

Example:Device(config)# hardwareaccess-list tcam region span 0

Configures the size of TCAM region for redirects.hardware access-list tcam regionredirect size

Step 6

Example:Device(config)# hardwareaccess-list tcam region redirect0

Configures the size of TCAM region for virtual portchannel (vPC) convergence.

hardware access-list tcam regionvpc-convergence size

Example:Device(config)# hardwareaccess-list tcam regionvpc-convergence 0

Step 7

Configures the size of TCAM region for interface ACLs.For a TCAM region larger than 256, configure the sizein multiples of 512.

Enter one of the following commands:Step 8

• hardware access-list tcam regionopenflow size [double-wide]

To accommodate the additional match criteria of sourceand destination MAC addresses, the Cisco Nexus 3000• hardware access-list tcam region

openflow-ipv6 size [double-wide] and 9000 Series switches support a new TCAM region,double-wide, which is a double-wide interface ACL.

Example:Device(config)# hardwareaccess-list tcam region openflow1024

The maximum TCAM size is 3072 for single-wide and1536 for double-wide.

For more information, see the following tables formatches and actions supported for Cisco Nexus 9000Series switches.

Example:Device(config)# hardwareaccess-list tcam regionopenflow-ipv6 1024 double-wide

The openflow-ipv6 option forces the use of the IPv6stack for OpenFlow.

To activate the TCAM regions, a reload isneeded.

You can view the supported pipeline values byentering the show openflow hardwarecapabilities command.

Note


Configuring the Cisco OpenFlow AgentAdjusting the Number of Flow Entries


Table 2: Matches Supported in Cisco Nexus 9000 SeriesSwitches

L2 Table202

L3 Table202

L3 Table201

PacketMatchFields

✔ (doublewide)

✔ (doublewide)

SourceMACaddress

✔✔ (doublewide)

DestinationMACaddress

✔✔Ether type

✔✔✔VLAN ID

✔✔VLAN CoS

✔✔Source IPv4Address

✔✔DestinationIPv4Address

✔✔Source IPv4UDP/TCPPort

✔✔DestinationIPv4UDP/TCPPort

✔IPv4 DSCP

✔Protocol IP

✔InputInterface




Table 3: Action Supported in Cisco Nexus 9000 Series Switches

L2 Table202

L3 Table201

L3 Table201

Actions

✔✔✔OutputInterfaces

✔✔✔Punt toController

✔✔Copy toController

✔✔PushVLAN

✔✔POP VLAN

✔✔✔DROP

✔✔✔NormalForwarding

Exits global configuration mode and enters privilegedEXEC mode.

exit


Step 9

Saves the change persistently through reboots and restartsby copying the running configuration to the startupconfiguration.

copy running-config startup-config

Example:Device# copy running-configstartup-config

Step 10

Reloads the operating system of a device.reload

Example:Device# reload

Step 11

What to Do Next

Configure global variables for Cisco OpenFlow Agent logical switch.



Configuring Global Variables for Cisco OpenFlow Agent Logical Switch

Procedure




Step 1

(Optional)spanning-tree mode mstStep 2Sets the Spanning Tree Protocol (STP) mode to MST.This step is required if you need VLANs more than 512.Example:

Device(config)# spanning-treemode mst

(Optional)vlan {vlan-id | vlan-range}Step 3Adds a VLAN or VLAN range for interfaces on the deviceand enters the VLAN configuration mode. This step isneeded only if VLAN tagging is required.

Example:Device(config)# vlan 1-512

• Total number of VLANs across all interfaces cannotexceed 32000.

• Maximum VLAN range supported is 4000 (inMultiple Spanning Tree [MST] mode).

• Recommended VLAN range is 512.

Ends global configuration mode and enters privilegedEXEC mode.

exit


Step 4

Saves the change persistently through reboots and restartsby copying the running configuration to the startupconfiguration.



Step 5

What to Do Next

Configure control plane policing for packets sent to a controller.

Specifying a Route to a ControllerThe following tasks are used to specify a route from the device to a controller. This can be done using aphysical interface (Front Panel) or a management interface.


Configuring the Cisco OpenFlow AgentConfiguring Global Variables for Cisco OpenFlow Agent Logical Switch

• Physical Interface . Refer to Specifying a Route to a Controller Using a Physical Interface, on page 16.

• Management Interface. Refer to Specifying a Route to a Controller Using a Management Interface, onpage 17.

The IP address of the controller is configured in the Configuring a Cisco OpenFlow Agent Logical Switch ,on page 21 section.

Specifying a Route to a Controller Using a Physical Interface

Procedure




Step 1

Enters the physical interface. The interface usedhere should not be a Cisco OpenFlow Agent port.

interface type number

Example:Device(config)# interface Ethernet1/1

Step 2

Configures a specified interface as a Layer 3interface and deletes any interface configurationspecific to Layer 2.

no switchport

Example:Device(config-if)# no switchport

Step 3

Configures an IP address for a specified interface.ip address ip-address mask

Example:Device(config-if)# ip address10.0.1.4 255.255.255.0

Step 4

Exits interface configuration mode and entersglobal configuration mode.

exit

Example:Device(config-if)# exit

Step 5

Configures a default route for packet addressesnot listed in the routing table. Packets are directedtoward a controller.

ip route 0.0.0.0 0.0.0.0 next-hop

Example:Device(config)# ip route 0.0.0.00.0.0.0 10.0.1.6

Step 6

Ping your controller to verify a working route.ping controller-ip-address

Example:Device(config)# ping 192.0.20.123

Step 7


Configuring the Cisco OpenFlow AgentSpecifying a Route to a Controller Using a Physical Interface



exit


Step 8

Saves the changes persistently through rebootsand restarts by copying the running configurationto the startup configuration.



Step 9

What to Do Next

Specify a route to a controller using a management interface.

Specifying a Route to a Controller Using a Management Interface

Procedure




Step 1

Enters the management interface.interfacemanagement-interface-namenumber

Example:Device(config)# interface mgmt0

Step 2

Configures an IP address for the interface.ip address ip-address mask

Example:Device(config-if)# ip address 10.0.1.4255.255.255.0

Step 3

Exits interface configuration mode and entersglobal configuration mode.

exit

Example:Device(config-if)# exit

Step 4

Configures themanagement Virtual routing andforwarding (VRF) instance.

vrf context management

Example:Device(config)# vrf context management

Step 5


Configuring the Cisco OpenFlow AgentSpecifying a Route to a Controller Using a Management Interface


Configures a default route for packet addressesnot listed in the routing table. Packets aredirected toward a controller.

ip route 0.0.0.0 0.0.0.0 next-hop

Example:Device(config)# ip route 0.0.0.00.0.0.0 10.0.1.6

Step 6


exit


Step 7

Saves the change persistently through rebootsand restarts by copying the runningconfiguration to the startup configuration.



Step 8

What to Do Next

Configure interfaces for the Cisco OpenFlow Agent logical switch.

Configuring Interfaces for a Cisco OpenFlow Agent LogicalSwitch

You must configure physical or port-channel interfaces before the interfaces are added as ports of a CiscoOpenFlow Agent logical switch. These interfaces are added as ports of the Cisco OpenFlow Agent logicalswitch in the Configuring a Cisco OpenFlow Agent Logical Switch , on page 21 section.

Configuring a Physical Interface in Layer 2 modePerform the task below to add a physical interface to a Cisco OpenFlowAgent logical switch in Layer 2 mode.

Procedure




Step 1


Configuring the Cisco OpenFlow AgentConfiguring Interfaces for a Cisco OpenFlow Agent Logical Switch


Specifies the interface for the logical switch andenters interface configuration mode.

interface type number

Example:Device(config)# interfaceEthernet1/23

Step 2

(Optional)channel-group group-numberStep 3Adds the interface to a port-channel.

Example:Device(config-if)# channel-group 2

Specifies an interface as a Layer 2 port.switchport

Example:Device(config-if)# switchport

Step 4

Specifies an interface as a trunk port.switchport mode trunkStep 5

Example:Device(config-if)# switchport modetrunk

• A trunk port can carry traffic of one or moreVLANs on the same physical link. (VLANsare based on the trunk-allowed VLANs list.)By default, a trunk interface carries trafficfor all VLANs.

Sets the list of allowed VLANs that transmit trafficfrom this interface in tagged format when intrunking mode.

switchport mode trunk allowed vlan[vlan-list]

Example:Device(config-if)# switchport trunkallowed vlan 1-3

Step 6

Enables the interface.no shutdown

Example:Device(config-if)# no shutdown

Step 7

Exits interface configuration mode and entersprivileged EXEC mode.

end

Example:Device(config-if)# end

Step 8

Saves the change persistently through reboots andrestarts by copying the running configuration tothe startup configuration.



Step 9

What to Do Next

Repeat these steps to configure any additional interfaces for a Cisco OpenFlow Agent logical switch.


Configuring the Cisco OpenFlow AgentConfiguring a Physical Interface in Layer 2 mode

Configuring a Port-Channel InterfacePerform the task below to create a port-channel interface for a Cisco OpenFlow Agent logical switch.

Procedure




Step 1

Specifies the interface for the logical switch and entersinterface configuration mode.

interface port-channel number

Example:Device(config)# interfaceport-channel 2

Step 2

Specifies the interface as an Ethernet trunk port. A trunkport can carry traffic in one or more VLANs on the

switchport mode trunk

Example:Device(config-if)# switchport modetrunk

Step 3

same physical link (VLANs are based on thetrunk-allowedVLANs list). By default, a trunk interfacecan carry traffic for all VLANs.

If the port-channel is specified as a trunkinterface, ensure that member interfaces arealso configured as trunk interfaces.

Note

Sets the list of allowed VLANs that transmit trafficfrom this interface in tagged format when in trunkingmode.

switchport mode trunk allowed vlan[vlan-list]

Example:Device(config-if)# switchporttrunk allowed vlan 1-3

Step 4

Ends interface configurationmode and enters privilegedEXEC mode.

end

Example:Device(config-if)# end

Step 5

Saves the change persistently through reboots andrestarts by copying the running configuration to thestartup configuration.



Step 6

What to Do Next

Activate Cisco OpenFlow Agent.


Configuring the Cisco OpenFlow AgentConfiguring a Port-Channel Interface

Configuring a Cisco OpenFlow Agent Logical SwitchThis task configures a Cisco OpenFlow Agent logical switch and the IP address of a controller.

Procedure




Step 1

Enters OpenFlow configuration mode.openflow

Example:Device(config)# openflow

Step 2

Creates an OpenFlow switch with a pipeline.switch switch-id pipelinepipeline-id

Step 3

• This step is mandatory for a logical switch configuration.

Example:Device(config-ofa)# switch1 pipeline 201

• You can view the supported pipeline values using the showopenflow hardware capabilities command.

Configures an Ethernet interface or port-channel interface as aport of a Cisco OpenFlow Agent logical switch.

Enter one of the followingcommands:

Step 4

• of-port interfaceinterface-name

• Standard Cisco NX-OS interface type abbreviations aresupported.

• The interface must be designated for the Cisco OpenFlowAgent logical switch only.

• of-port interfaceport-channel-name

• Themode openflow configuration is added to an interfacewhen an interface is configured as a port of Cisco OpenFlow

Example: Agent. To add or remove an interface as a port of CiscoFor a physical interface:Device(config-ofa-switch)#of-port interfaceethernet1/1

OpenFlow Agent, ensure that the Cisco OpenFlow Agent isactivated and running to ensure the proper automatic additionand removal of themode openflow configuration. To removean interface as a port of Cisco OpenFlow Agent, use the noform of this command.

For a port-channel interface:Device(config-ofa-switch)#of-port interfaceport-channel2 • An interface configured for a port channel should not be

configured as a Cisco OpenFlow Agent logical switch port.

• Repeat this step to configure additional interfaces.

Specifies the IPv4 address, port number, and VRF of a controllerthat can manage the logical switch, port number used by the

controller ipv4 ip-address [porttcp-port] [ vrf vrf-name]security{none | tls}

Step 5

controller to connect to the logical switch and the VRF of thecontroller.


Configuring the Cisco OpenFlow AgentConfiguring a Cisco OpenFlow Agent Logical Switch


Example:

• If unspecified, the default VRF is used.

• Controllers use TCP port 6653 by default.Controller in default VRF:Device(config-ofa-switch)#controller ipv4 10.1.1.2security none

• You can configure up to eight controllers. Repeat this stepif you need to configure additional controllers.

• If TLS is not disabled in this step, configure TLS trustpointsusing the tls command.

• You can use the clear openflow switch 1 controller allcommand to clear controller connections. This commandcan reset a connection after Transport Layer Security (TLS)certificates and keys are updated. This is not required forTCP connections.

A connection to a controller is initiated for the logical switch.

(Optional)Specifies the local and remote TLS trustpoints to be used for thecontroller connection.

tls trust-point locallocal-trust-point remoteremote-trust-point

Step 6

Example:Device(config-ofa-switch)#tls trust-point localmylocal remote myremote

• For information on configuring trustpoints, refer to the"Configuring PKI" chapter of the Cisco Nexus 7000 SeriesNX-OS Security Configuration Guide.

(Optional)Enables logging of flow changes, including addition, deletion,and modification of flows.

logging flow-mod

Example:Device(config-ofa-switch)#logging flow-mod

Step 7

• Logging of flow changes is disabled by default.

• Flow changes are logged in syslog and can be viewed usingthe show logging command.

• Logging of flow changes is a CPU intensive activity andshould not be enabled for networks greater than 1000 flows.

(Optional)Configures the interval, in seconds, at which the controller isprobed with echo requests.

probe-interval probe-interval

Example:Device(config-ofa-switch)#probe-interval 5

Step 8

• The default value is 5.

• The range is from 5 to 65535.




(Optional)Configures the maximum packet rate of the connection to thecontroller and themaximum packets permitted in a burst of packetssent to the controller in a second.

rate-limit packet_incontroller-packet-rate burstmaximum-packets-to-controller

Example:Device(config-ofa-switch)#rate-limit packet_in 300burst 50

Step 9

• The default value is zero, meaning that an indefinite packetrate and packet burst are permitted.

• This rate limit is for Cisco OpenFlowAgent. It is not relatedto the rate limit of the device (data plane) configured byCOPP.

(Optional)Configures the time, in seconds, for which the device must waitbefore attempting to initiate a connection with the controller.

max-backoff backoff-timer

Example:Device(config-ofa-switch)#max-backoff 8

Step 10

• The default value is eight.


(Optional)id is a 64bit hex value. A valid id is in the range[0x1-0xffffffffffffffff]. This identifier allows the controller touniquely identify the device.

datapath-id id

Example:Device(config-ofa-switch)#datapath-id 0x111

Step 11

(Optional)This command forces a specific version of the controllerconnection. If you force version 1.3 and the controller supports

protocol-version [1.0 | 1.3 |negotiate]

Example:Device(config-ofa-switch)#protocol-version 1.3

Step 12

only 1.0, no session is established (or vice versa). The defaultbehavior is to negotiate a compatible version between thecontroller and device.

Supported values are:

• 1.0—Configures device to connect to 1.0 controllers only

• 1.3—Configures device to connect to 1.3 controllers only

• negotiate—(Default) Negotiates the protocol version withthe controller. The device uses version 1.3 for negotiation.

(Optional)This disables the OpenFlow switch without having to remove allthe other configuration.

shutdown

Example:Device(config-ofa-switch)#shutdown

Step 13




The default-miss command sets the behavior when a packet doesnot match a flow in the flow table. The controller flows mayoverride default-miss flows.

default-miss value

Example:Device(config-ofa-switch)#default-miss continue-normal

Step 14

Not every action is supported on everyplatform.

Note

continue-drop: a miss in a flow table will cascade to perform amatch in the next table (if applicable). A miss in the terminal tablein the pipeline will result in the packet being dropped.

continue-normal: a miss in a flow table will cascade to performa match in the next table (if applicable). A miss in the terminaltable in the pipeline will result in the packet being sent to theswitch's normal hardware processing.

continue-controller: a miss in a flow table will cascade to performa match in the next table (if applicable). A miss in the terminaltable in the pipeline will result in the packet being sent to thecontroller.

drop: a miss in the first flow table of the pipeline will not cascadeto any other table. Instead the packet will be dropped.

normal: a miss in the first flow table of the pipeline will notcascade to any other table. Instead the packet will be sent to theswitch's normal hardware forwarding.

controller: a miss in the first flow table of the pipeline will notcascade to any other table. Instead the packet will be sent to thecontroller.

(Optional)A setting of zero disables statistics collection. If collection isenabled, the interval must be a minimum of seven seconds. The

statistics collection-intervalseconds

Example:Device(config-ofa-switch)#statistics collection 10

Step 15

interval setting can be used to reduce the CPU load from periodicstatistics polling. For example, if you have 1000 flows and choosea statistics collection interval of 10 seconds, 1000flows/10s = 100flows per second poll rate.

Each flow table has a prescribed maximumflows-per-second poll rate supported by hardware asdisplayed in the show openflow hardware capabilitiescommand. If you choose a statistics collection intervalthat is too small, the maximum rate supported by thehardware is used, effectively throttling the statisticscollection.

Note

Exits logical switch configuration mode and enters privilegedEXEC mode.

end

Example:Device(config-ofa-switch)#end

Step 16




Saves the change persistently through reboots and restarts bycopying the running configuration to the startup configuration.

copy running-configstartup-config


Step 17

What to Do Next

Configure logical sub-switches.

Configuring Logical Sub-SwitchesThis task configures a logical sub-switch for OpenFlow control by a controller other than the master controller.

Before You Begin

Configure an OpenFlow logical switch.

Procedure




Step 1

Enters OpenFlow configuration mode.openflow

Example:Device(config)# openflow

Step 2

Selects the existing OpenFlow switch under which thesub-switch will be created. This is the master switch,which has the ID of 1.

switch switch-id pipeline pipeline-id

Example:Device(config-ofa)# switch 1pipeline 201

Step 3

Creates an OpenFlow logical sub-switch for the specifiedVLAN or VLAN range.

sub-switch sub-switch-id vlan vlan-range

Example:Device(config-ofa-switch)#sub-switch 2 vlan 301-305

Step 4

• The sub-switch-id is a unique ID for thissub-switch. It is an integer between 2 and 10. Themaster switch has the ID of 1.

• VLANs associated with this sub-switch cannot alsobe associated to another sub-switch, and VLANranges cannot overlap between sub-switches.


Configuring the Cisco OpenFlow AgentConfiguring Logical Sub-Switches


To return to the configuration of this sub-switch later,you must repeat the exact command, including thesub-switch ID and the VLAN range.

Specifies the IPv4 address, port number, and VRF of acontroller that can manage the logical switch, port

controller ipv4 ip-address [port tcp-port][ vrf vrf-name] security{none | tls}

Step 5

number used by the controller to connect to the logicalswitch and the VRF of the controller.Example:

Controller in default VRF:Device(config-ofa-switch-subswitch)#controller ipv4 10.1.1.2 securitynone

• If unspecified, the default VRF is used.

• Controllers use TCP port 6653 by default, but theport is configurable to a different port number usingthe CLI.

• You can configure up to eight controllers. Repeatthis step if you need to configure additionalcontrollers.

• If TLS is not disabled in this step, configure TLStrustpoints using the tls command.

• You can use the clear openflow switch 1controller all command to clear controllerconnections. This command can reset a connectionafter Transport Layer Security (TLS) certificatesand keys are updated. This is not required for TCPconnections.

A connection to a controller is initiated for the logicalswitch.

This command forces a specific version of the controllerconnection. If you force version 1.3 and the controller

protocol-version version-info

Example:Device(config-ofa-switch-subswitch)#protocol-version 1.3

Step 6

supports only 1.0, no session is established (or viceversa). The default behavior is to negotiate a compatibleversion between the controller and device.

Supported values are:

• 1.0—Configures device to connect to 1.0controllers only

• 1.3—Configures device to connect to 1.3controllers only

• negotiate—(Default) Negotiates the protocolversion with the controller. Device uses 1.3 fornegotiation.




(Optional)Specifies the local and remote TLS trustpoints to be usedfor the controller connection.

tls trust-point local local-trust-pointremote remote-trust-point

Example:Device(config-ofa-switch-subswitch)#tls trust-point local mylocalremote myremote

Step 7

• For information on configuring trustpoints, referto the "Configuring PKI" chapter of the CiscoNexus 7000 Series NX-OS Security ConfigurationGuide.

(Optional)Configures the interval, in seconds, at which thecontroller is probed with echo requests.

probe-interval probe-interval

Example:Device(config-ofa-switch-subswitch)#probe-interval 5

Step 8

• The default value is 5.


(Optional)Configures the maximum packet rate of the connectionto the controller and the maximum packets permitted ina burst of packets sent to the controller in a second.

rate-limit packet_in controller-packet-rateburst maximum-packets-to-controller

Example:Device(config-ofa-switch-subswitch)#rate-limit packet_in 300 burst 50

Step 9

• The default value is zero, meaning that an indefinitepacket rate and packet burst are permitted.

• This rate limit is for Cisco OpenFlow Agent. It isnot related to the rate limit of the device (dataplane) configured by COPP.

(Optional)Configures the time, in seconds, for which the devicemust wait before attempting to retry the connection withthe controller.

max-backoff backoff-timer

Example:Device(config-ofa-switch-subswitch)#max-backoff 8

Step 10

• The default value is eight.

• The range is from 1 to 65535 seconds.

(Optional)Identifier of the sub-switch, which allows the controllerto uniquely identify the device. This command overwrites

datapath-id id

Example:Device(config-ofa-switch-subswitch)#datapath-id 0x111

Step 11

the default value, which is based on the MAC addressof the switch and the ID of the sub-switch.. A valid id isa 64-bit hex value in the range [0x1-0xffffffffffffffff].



Configuration Examples for Cisco OpenFlow AgentExample: Enabling Cisco OpenFlow Agent in the Nexus 3000 series device

Device> enableDevice# configure terminalDevice(config)# system switch-mode n9kDevice# exitDevice# write eraseDevice# reloadThis command will reboot the system. (y/n)? [n] y...[log in after reboot]Device# configure terminalDevice(config)# feature openflowDevice(config)# show feature | inc openflowopenflow 1 enabled

Example: Enabling Cisco OpenFlow Agent in the Nexus 9000 series device

Device# configure terminalDevice(config)# feature openflowDevice(config)# show feature | inc openflowopenflow 1 enabled

Example: Adjusting the Number of Flow Entries

Device# configure terminalDevice(config)# hardware access-list tcam region racl 0Device(config)# hardware access-list tcam region e-racl 0Device(config)# hardware access-list tcam region l3qos 0Device(config)# hardware access-list tcam region span 0Device(config)# hardware access-list tcam region redirect 0Device(config)# hardware access-list tcam region vpc-convergence 0Device(config)# hardware access-list tcam region openflow 1024Device(config)# exitDevice# copy running-config startup-configDevice# reload

Example: Configuring Global Variables for a Cisco OpenFlow Agent Logical SwitchDevice# configure terminalDevice(config)# mac-learn disableDevice(config)# spanning-tree mode mstDevice(config)# vlan 2Device(config-vlan)# end

Example: Configuring Control Plane Policing for Packets Sent to a ControllerDevice# configure terminalDevice# setup

---- Basic System Configuration Dialog ----

This setup utility will guide you through the basic configuration ofthe system. Setup configures only enough connectivity for managementof the system.


Configuring the Cisco OpenFlow AgentConfiguration Examples for Cisco OpenFlow Agent

*Note: setup is mainly used for configuring the system initially,when no configuration is present. So setup always assumes systemdefaults and not the current system configuration values.

Press Enter at anytime to skip a dialog. Use ctrl-c at anytimeto skip the remaining dialogs.

Would you like to enter the basic configuration dialog (yes/no): yes

Create another login account (yes/no) [n]:

Configure read-only SNMP community string (yes/no) [n]:

Configure read-write SNMP community string (yes/no) [n]:

Enter the switch name : QI32

Continue with Out-of-band (mgmt0) management configuration? (yes/no) [y]: n

Configure the default gateway? (yes/no) [y]: n

Enable the telnet service? (yes/no) [n]: y

Enable the ssh service? (yes/no) [y]: n

Configure the ntp server? (yes/no) [n]:

Configure default interface layer (L3/L2) [L2]:

Configure default switchport interface state (shut/noshut) [noshut]:Configure CoPP System Policy Profile ( default / l2 / l3 ) [default]:

The following configuration will be applied:switchname QI32telnet server enableno ssh server enablesystem default switchportno system default switchport shutdownpolicy-map type control-plane copp-system-policy ( default )

Would you like to edit the configuration? (yes/no) [n]:

Use this configuration and save it? (yes/no) [y]:

[########################################] 100%Copy complete, now saving to disk (please wait)...

Device# configure terminalDevice(config)# policy-map type control-plane copp-system-policyDevice(config-pmap)# class copp-s-dpssDevice(config-pmap-c)# police pps 1000Device(config-pmap-c)# endDevice# show run copp

Example: Specifying a Route to a Controller Using a Physical InterfaceDevice# configure terminalDevice(config)# interface ethernet1/1Device(config-if)# no switchportDevice(config-if)# ip address 10.0.1.4 255.255.255.255Device(config-if)# exitDevice(config)# ip route 0.0.0.0 0.0.0.0 10.0.1.6Device# copy running-config startup-configDevice(config)# exit

Example: Specifying a Route to a Controller Using a Management InterfaceDevice# configure terminalDevice(config)# interface mgmt0



Device(config-if)# no switchportDevice(config-if)# ip address 10.0.1.4 255.255.255.255Device(config-if)# exitDevice(config)# vrf context managementDevice(config)# ip route 0.0.0.0 0.0.0.0 10.0.1.6Device# copy running-config startup-configDevice(config)# exit

Example: Configuring an Interface for a Cisco OpenFlow Agent Logical Switch in L2 modeDevice# configure terminal

Device(config)# interface ethernet1/1Device(config-if)# switchport mode trunkDevice(config-if)# no shutdownDevice(config-if)# exit

Device(config)# interface ethernet1/2! Adding the interface to a port channel.Device(config-if)# channel-group 2Device(config-if)# switchport mode trunkDevice(config-if)# no shutdownDevice(config-if)# endDevice# copy running-config startup-config

Example: Configuring a Port-Channel InterfaceDevice# configure terminalDevice(config)# interface port-channel 2Device(config-if)# switchport mode trunkDevice(config-if)# endDevice# copy running-config startup-config

Example: Cisco OpenFlow Agent Logical Switch Configuration (Default VRF)Device# configure terminalDevice(config)# openflowDevice(config-ofa)# switch 1 pipeline 201! Specifies the pipeline that enables the IP Forwarding Table.Device(config-ofa-switch)# logging flow-modDevice(config-ofa-switch)# max-backoff 5Device(config-ofa-switch)# probe-interval 5Device(config-ofa-switch)# rate-limit packet-in 300 burst 50Device(config-ofa-switch)# controller ipv4 10.0.1.6 security none! Adding an interface to the Cisco OpenFlow Agent logical switch.Device(config-ofa-switch)# of-port interface ethernet1/1Device(config-ofa-switch)# of-port interface ethernet1/2! Adding a port channel to the Cisco OpenFlow Agent switch.Device(config-ofa-switch)# of-port interface port-channel 2Device(config-ofa-switch)# endDevice# copy running-config startup-config

Example: Configuring a Cisco OpenFlow Agent Logical Switch (Management VRF)Device# configure terminalDevice(config)# openflowDevice(config-ofa)# switch 1 pipeline 201! Specifying a controller that is part of a VRF.Device(config-ofa-switch)# controller ipv4 10.0.1.6 vrf management security none! Adding an interface to the Cisco OpenFlow Agent logical switch.

Device(config-ofa-switch)# of-port interface ethernet1/1Device(config-ofa-switch)# of-port interface ethernet1/2! Adding a port channel to the Cisco OpenFlow Agent switch.Device(config-ofa-switch)# of-port interface port-channel 2Device(config-ofa-switch)# endDevice# copy running-config startup-config



Example: Creating a Sub-SwitchDevice# configure terminalDevice(config)# openflowDevice(config-ofa)# switch 1 pipeline 201Device(config-ofa-switch)# controller ipv4 5.30.199.200 port 6645 vrf management securitynoneDevice(config-ofa-switch)# of-port interface port-channel1000Device(config-ofa-switch)# of-port interface Ethernet1/1Device(config-ofa-switch)# of-port interface Ethernet1/37Device(config-ofa-switch)# of-port interface Ethernet1/39Device(config-ofa-switch)# logging flow-modDevice(config-ofa-switch)# sub-switch 2 vlan 100Device(config-ofa-switch-subswitch)# controller ipv4 5.30.19.239 port 6653 vrf managementsecurity none

Verifying Cisco OpenFlow AgentProcedure

Step 1 showopenflow switch switch-idDisplays information related to Cisco OpenFlow Agent logical switch.

Example:Device# show openflow switch 1

Logical Switch ContextId: 1Switch type: ForwardingPipeline id: 201VLAN restrictions: noneData plane: secureTable-Miss default: controllerConfigured protocol version: NegotiateConfig state: no-shutdownWorking state: enabledRate limit (packet per second): 300Burst limit: 50Max backoff (sec): 8Probe interval (sec): 5TLS local trustpoint name: not configuredTLS remote trustpoint name: not configuredLogging flow changes: EnabledStats collect interval (sec): 7Stats collect Max flows: 3001Minimum flow idle timeout (sec): 14OFA Description:Manufacturer: Cisco Systems, Inc.Hardware: N9K-C9372PX 2.1Software: 7.0(3)I5(0.51)| of_agent 0.1Serial Num: SAL1944RZQNDP Description: switch:sw1

OF Features:DPID: 0x0000000000009000Number of tables:1Number of buffers:256Capabilities: FLOW_STATS TABLE_STATS PORT_STATS

Controllers:5.30.19.236:6653, Protocol: TCP, VRF: management

Interfaces:Ethernet1/1


Configuring the Cisco OpenFlow AgentVerifying Cisco OpenFlow Agent

Ethernet1/2

Step 2 show openflow switch switch-id controllers [stats]Displays information related to the connection status between a Cisco OpenFlow Agent logical switch andconnected controllers.

Example:

Device# show openflow switch 1 controllers

Logical Switch Id: 1Total Controllers: 1Controller: 15.30.19.236:6653Protocol: tcpVRF: managementConnected: YesRole: MasterNegotiated Protocol Version: OpenFlow 1.3Last Alive Ping: 09/27/2016 00:04:53last_error:Connection timed outstate:ACTIVEsec_since_connect:103334sec_since_disconnect:103345Current Role Since: 09/25/2016 19:22:41

The above sample output is displayed when the controller is connected (state:ACTIVE).Device# show openflow switch 1 controllers stats

Logical Switch Id: 1Total Controllers: 1Controller: 1address : tcp:5.30.19.236:6653%managementconnection attempts : 19successful connection attempts : 2flow adds : 2flow mods : 0flow deletes : 0flow removals : 0flow errors : 0flow unencodable errors : 0total errors : 0echo requests : rx: 0, tx: 7echo reply : rx: 6, tx: 0flow stats : rx: 33763, tx: 33763barrier : rx: 2, tx: 2packet-in/packet-out : rx: 0, tx: 23033Topology Monitor : rx: 0, tx: 0Topology State : rx: 0

Step 3 show running-config interface ethernet interface-idIn the interface configuration, verifymode openflow.

Example:Device# show running-config interface ethernet 1/2

!Command: show running-config interface Ethernet1/2!Time: Thu Sep 29 00:08:18 2016

version 7.0(3)I5(1)

interface Ethernet1/7no lldp transmitspanning-tree bpdufilter enable



mode openflow

Step 4 show openflow switch switch-id portsDisplays the mapping between physical device interfaces and ports of a Cisco OpenFlowAgent logical switch.

Example:Device# show openflow switch 1 ports

Logical Switch Id: 1Port Interface Name Config-State Link-State Features

2 Ethernet1/2 PORT_UP LINK_UP 10MB-FD3 Ethernet1/3 PORT_UP LINK_DOWN 100MB-HD AUTO_NEG4 Ethernet1/4 PORT_UP LINK_UP 10MB-FD

Step 5 show openflow switch switch-id flows [configured | controller | default | fixed | pending | pending-del] [brief | summary]Displays flows defined for the device by controllers.

Example:Device# show openflow switch 1 flows

Logical Switch Id: 1Total flows: 2

Flow: 1Match: anyActions: CONTROLLER:0Priority: 0Table: 0Cookie: 0x0Duration: 104160.376sNumber of packets: 0Number of bytes: 0

Flow: 2Match: in_port=2,dl_vlan=100Actions: dropPriority: 100Table: 0Cookie: 0x0Duration: 103753.162sNumber of packets: 0Number of bytes: 0

The following example show flows installed by the OpenFlow agent:Device# show openflow switch 1 flows configured

Logical Switch Id: 1Total flows: 1

Flow: 1Match: anyActions: CONTROLLER:0Priority: 0Table: 0Cookie: 0x0Duration: 104180.584sNumber of packets: 0Number of bytes: 0

The following example show flows installed from the controller:Device# show openflow switch 1 flows controller

Logical Switch Id: 1



Total flows: 1Flow: 1Match: in_port=2,dl_vlan=100Actions: dropPriority: 100Table: 0Cookie: 0x0Duration: 103753.162sNumber of packets: 0Number of bytes: 0

Step 6 show openflow switch switch-id flow statsDisplays send and receive statistics for each port defined for a Cisco OpenFlow Agent logical switch.

Example:Device# show openflow switch 1 flow stats

Logical Switch Id: 1

Total ports: 2Port 1: rx pkts=96932, bytes=10911299, drop=0, errs=0,

tx pkts=209683, bytes=19045035, drop=0, errs=0,Port 2: rx pkts=350485253, bytes=23834112937, drop=0, errs=0,

tx pkts=191127, bytes=16001929, drop=0, errs=0,Total tables: 1Table 0: NXOS PLCMGR IPV6 - PIPE 201Wildcards = 0x300033Max entries = 3001Active entries = 2Number of lookups = 0Number of matches = 0

Flow statistics are available for pipeline 201 and table 0. For pipeline 202, flow statistics are not available fortable 1.

Step 7 show logging last number-of-linesDisplays logging information of flow changes, including addition, deletion or modification of flows.

Example:Device# show logging last 10

2016 Oct 5 09:52:27 switch of_agent: <{of_agent}> libpolicyshim:policy_shim_parse_plcmgr_policy_stats 6515 cmd_attr 3522561182016 Oct 5 09:52:27 switch of_agent: <{of_agent}> libpolicyshim:policy_shim_parse_plcmgr_policy_stats 6543 ppf_id 870320892016 Oct 5 09:52:27 switch of_agent: <{of_agent}> libpolicyshim:policy_shim_parse_plcmgr_policy_stats 6515 cmd_attr 3522562002016 Oct 5 09:52:27 switch of_agent: <{of_agent}> libpolicyshim:policy_shim_parse_plcmgr_policy_stats 6536 pkts 0x9d3b bytes 0x02016 Oct 5 09:52:27 switch of_agent: <{of_agent}>|-|00353|plif_xos_util|DBG|cstatclassified.pkts = 40251

2016 Oct 5 09:52:27 switch of_agent: <{of_agent}>|-|00354|plif_xos_util|DBG|cstatclassified.bytes = 02016 Oct 5 09:52:27 switch of_agent: <{of_agent}>|-|00355|plif_xos_util|DBG|cstat drop.pkts= 02016 Oct 5 09:52:27 switch of_agent: <{of_agent}>|-|00356|plif_xos_util|DBG|cstat drop.bytes= 02016 Oct 5 09:52:27 switch of_agent: <{of_agent}>|-|00357|plif_xos|DBG|PXOS lookup switchby ls_id: switch ls_id is 1, passed in ls_id is 12016 Oct 5 09:52:28 switch of_agent: <{of_agent}>|-|1841673|poll_loop|DBG|wakeup due to



999-ms timeout at../feature/sdn/openflow/cmn/ovs/cof_ovs_ofproto_plif.c:815 (0% CPU usage)

Step 8 show running-config openflowDisplays configurations made for Cisco OpenFlow Agent.

Example:Device# show running-config openflow

!Command: show running-config openflow!Time: Tue Sep 27 00:19:00 2016

version 7.0(3)I5(1)feature openflow

openflowswitch 1 pipeline 201rate-limit packet_in 300 burst 50probe-interval 5statistics collection-interval 7datapath-id 0x9000controller ipv4 5.30.19.236 port 6653 vrf management security noneof-port interface Ethernet1/1of-port interface Ethernet1/2default-miss controllerlogging flow-mod

Step 9 show openflow hardware capabilitiesDisplays hardware capabilities for OpenFlow.

Example:Device# show openflow hardware capabilities

Max Interfaces: 1000Aggregated Statistics: NO

Pipeline ID: 201Pipeline Max Flows: 3001Max Flow Batch Size: 300Statistics Max Polling Rate (flows/sec): 1024Pipeline Default Statistics Collect Interval: 7

Flow table ID: 0

Max Flow Batch Size: 300Max Flows: 3001Bind Subintfs: FALSEPrimary Table: TRUETable Programmable: TRUEMiss Programmable: TRUENumber of goto tables: 0goto table id:Stats collection time for full table (sec): 3

Match Capabilities Match Types------------------ -----------ethernet type optionalVLAN ID optionalVLAN priority code point optionalIP DSCP optionalIP protocol optionalipv6 source addresss lengthmaskipv6 destination address lengthmasksource port optionaldestination port optionalin port (virtual or physical) optionalwildcard all matches optional



Actions Count Limit Orderspecified interface 64 20controller 1 20divert a copy of pkt to application 1 20

set eth source mac 1 10set eth destination mac 1 10set vlan id 1 10

pop vlan tag 1 10

drop packet 1 20

Miss actions Count Limit Orderuse normal forwarding 1 0controller 1 20

drop packet 1 20

Max Interfaces: 1000Aggregated Statistics: NO

Pipeline ID: 202Pipeline Max Flows: 3001Max Flow Batch Size: 300Statistics Max Polling Rate (flows/sec): 1024Pipeline Default Statistics Collect Interval: 7

Flow table ID: 0

Max Flow Batch Size: 300Max Flows: 3001Bind Subintfs: FALSEPrimary Table: TRUETable Programmable: TRUEMiss Programmable: TRUENumber of goto tables: 1goto table id: 1Stats collection time for full table (sec): 3

Match Capabilities Match Types------------------ -----------ethernet type optionalVLAN ID optionalVLAN priority code point optionalIP DSCP optionalIP protocol optionalipv6 source addresss lengthmaskipv6 destination address lengthmasksource port optionaldestination port optionalin port (virtual or physical) optionalwildcard all matches optional

Actions Count Limit Orderspecified interface 64 20controller 1 20divert a copy of pkt to application 1 20

set eth source mac 1 10set eth destination mac 1 10set vlan id 1 10

pop vlan tag 1 10

drop packet 1 20



Miss actions Count Limit Orderuse normal forwarding 1 0controller 1 20perform another lookup in the specified table 1 20

drop packet 1 20

Flow table ID: 1

Max Flow Batch Size: 300Max Flows: 32001Bind Subintfs: FALSEPrimary Table: FALSETable Programmable: TRUEMiss Programmable: TRUENumber of goto tables: 0goto table id:Stats collection: Not Supported

Match Capabilities Match Types------------------ -----------ethernet mac destination mandatoryVLAN ID mandatorywildcard all matches mandatory

Actions Count Limit Orderspecified interface 64 20

drop packet 1 20

Miss actions Count Limit Orderuse normal forwarding 1 0controller 1 20

drop packet 1 20

Step 10 show openflow switch 2Displays configuration of OpenFlow sub-switch.

Example:

Device# show openflow switch 2

Logical Switch ContextId: 2Switch type: ForwardingPipeline id: 201VLAN restrictions: 100Data plane: secureTable-Miss default: dropConfigured protocol version: NegotiateConfig state: no-shutdownWorking state: enabledRate limit (packet per second): 0Burst limit: 0Max backoff (sec): 8Probe interval (sec): 180TLS local trustpoint name: not configuredTLS remote trustpoint name: not configuredLogging flow changes: DisabledStats collect interval (sec): 7Stats collect Max flows: 3001Minimum flow idle timeout (sec): 14OFA Description:



Manufacturer: Cisco Systems, Inc.Hardware: N9K-C9372PX 2.1Software: 7.0(3)I5(0.51)| of_agent 0.1Serial Num: SAL1944RZQNDP Description: switch:sw2

OF Features:DPID: 0x000258ac786b5457Number of tables:1Number of buffers:256Capabilities: FLOW_STATS TABLE_STATS PORT_STATS

Controllers:5.30.19.239:6653, Protocol: TCP, VRF: management

Interfaces:port-channel1000Ethernet1/1Ethernet1/37Ethernet1/39

Step 11 show openflow switch 2 controllers statsDisplays information related to the controller statistics for a logical sub-switch.

Example:

Device# show openflow switch 2 controllers stats

Logical Switch Id: 2Total Controllers: 1Controller: 1address : tcp:5.30.19.239:6653%managementconnection attempts : 5successful connection attempts : 0flow adds : 0flow mods : 0flow deletes : 0flow removals : 0flow errors : 0flow unencodable errors : 0total errors : 0echo requests : rx: 0, tx: 0echo reply : rx: 0, tx: 0flow stats : rx: 0, tx: 0barrier : rx: 0, tx: 0packet-in/packet-out : rx: 0, tx: 0Topology Monitor : rx: 0, tx: 0Topology State : rx: 0

Step 12 show run openflowDisplays configurations made for Cisco OpenFlow Agent when a sub-switch is configured.

Example:

Device# show run openflow

!Command: show running-config openflow!Time: Thu Sep 29 00:09:21 2016

version 7.0(3)I5(1)feature openflow

openflowswitch 1 pipeline 201controller ipv4 5.30.199.200 port 6645 vrf management security noneof-port interface port-channel1000of-port interface Ethernet1/1of-port interface Ethernet1/37of-port interface Ethernet1/39



logging flow-modsub-switch 2 vlan 100controller ipv4 5.30.19.239 port 6653 vrf management security none

Additional Information for Cisco OpenFlow AgentRelated Documents

Document TitleRelated Topic

Cisco Nexus 3000 Series SwitchesCommand References

Cisco Nexus 9000 Series SwitchesCommand References

Cisco command references

Standards and RFCs

TitleStandard/RFC

OpenFlow Switch Specification Version 1.3.0 (WireProtocol 0x04).

OpenFlow 1.3

OpenFlow Switch Specification Version 1.0.1 (WireProtocol 0x01).

OpenFlow 1.0

Technical Assistance

LinkDescription

http://www.cisco.com/cisco/web/support/index.htmlThe Cisco Support and Documentation websiteprovides online resources to download documentationand tools. Use these resources to troubleshoot andresolve technical issues with Cisco products andtechnologies. Access to most tools on the CiscoSupport and Documentation website requires aCisco.com user ID and password.


Configuring the Cisco OpenFlow AgentAdditional Information for Cisco OpenFlow Agent

http://www.cisco.com/en/US/products/ps11541/prod_command_reference_list.html

http://www.cisco.com/en/US/products/ps11541/prod_command_reference_list.html

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

http://www.cisco.com/cisco/web/support/index.html

Feature Information for Cisco OpenFlow AgentThe following table provides release information about the feature or features described in this module. Thistable lists only the software release that introduced support for a given feature in a given software releasetrain. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support.To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 4: Feature Information for Cisco OpenFlow Agent

Feature InformationReleasesFeature Name

Cisco OpenFlow Agent isintroduced, replacing the CiscoPlug-in for OpenFlow used inprevious NX-OS releases.

7.0(3)I5(1)Cisco OpenFlow Agent


Configuring the Cisco OpenFlow AgentFeature Information for Cisco OpenFlow Agent

http://www.cisco.com/go/cfn

A P P E N D I X ASupported Platforms for Cisco OpenFlow Agent

• Supported Platforms for Cisco OpenFlow Agent, page 41

Supported Platforms for Cisco OpenFlow AgentNexus 3000 Series

OpenFlow Support (Pipeline Number)Platform

201/202Cisco Nexus 30* Switch

201/202Cisco Nexus 3132/3172* Switch

201/202Cisco Nexus 3132QV Switch

201/202Cisco Nexus 31108PCV Switch

201/202Cisco Nexus 31108TCV Switch

201/202Cisco Nexus 31128PQ-10GE Switch

201/202Cisco Nexus 3232C Switch

201/202Cisco Nexus 3264Q Switch

NoCisco Nexus3000 C3164PQ Chassis

203Cisco Nexus 3548 switch


Nexus 9000 Series

OpenFlow Support (Pipeline Number)Platform

201/202Cisco Nexus 9332PQ Switch

201/202Cisco Nexus 9372PX Switch

201/202Cisco Nexus 9372TX Switch

201/202 201/202Cisco Nexus 9396PX Switch




205 (see note)Cisco Nexus 9504 Switch



OpenFlow pipeline 205 is supported on Cisco Nexus 95XX switches only when the switch contains theApplication Spine Engine 2 (ASE2), Application Spine Engine 3 (ASE3), or Leaf Spine Engine (LSE).If any fabric board other than these is present, the OpenFlow feature cannot be enabled.

Note


Supported Platforms for Cisco OpenFlow AgentSupported Platforms for Cisco OpenFlow Agent

A P P E N D I X BUninstalling Cisco Plug-in for OpenFlow

• Uninstalling Cisco Plug-in for OpenFlow, page 43

• Converting a Previous OpenFlow Configuration, page 43

• Deactivating and Uninstalling an Application from a Virtual Services Container, page 44

Uninstalling Cisco Plug-in for OpenFlowThe Cisco OpenFlow Agent was introduced in Cisco NX-OS Release 7.0(3)I5(1), replacing the Cisco Plug-infor OpenFlow used in previous releases. The Cisco Plug-in for OpenFlow, which runs as an application in avirtual services container, is no longer supported as of this release. When upgrading from a release earlierthan Cisco NX-OS Release 7.0(3)I5(1) to Cisco NX-OS Release 7.0(3)I5(1) or a later release, you mustdeactivate and uninstall the Cisco Plug-in for OpenFlow application from the virtual services container usingthe procedure described in this section.

Cisco OpenFlowAgent support for the Cisco Nexus 3548 was introduced in Cisco NX-OS Release 7.0(3)I7(2)replacing the Cisco Plug-in for OpenFlow used from Cisco NX-OS Release 6.0(2)A8(1). When upgradingform a release earlier than Cisco NX-OS Release 7.0(3)I7(2) to Cisco NX-OS Release 7.0(3)I7(2) or a laterrelease, you must deactivate and uninstall the Cisco Plug-in for OpenFlow application from the virtual servicescontainer using the procedure described in this section.

Converting a Previous OpenFlow ConfigurationWhen you upgrade to a release that requires you to uninstall the Cisco Plug-in for OpenFlow, you can saveyour existing OpenFlow configuration and modify it for use with the Cisco OpenFlow Agent. Perform thefollowing procedure before uninstalling the Cisco Plug-in for OpenFlow.

Procedure

Step 1 Capture the current OpenFlow configuration.Enter the CLI command show run | section openflow to display the current OpenFlow configuration, asshown in this example.


Example:

Switch# show run | section openflowhardware access-list tcam region openflow 512 double-widemode openflowmode openflowmode openflowmode openflowmode openflow

openflow <----------- Copy this section to your text editor.switch 1pipeline 201controller ipv4 5.1.1.237 port 6653 vrf management security noneof-port interface Ethernet1/11-15

Step 2 Copy the configuration and paste it into your text editor.Step 3 Make the changes described below.

• Add the feature openflow command to enable the Cisco OpenFlow Agent.

• Combine the switch and pipeline commands into one command.

• Expand any interface ranges.

Example:

feature openflow <------------------------- Add this comment to enable openflow agent

openflowswitch 1 pipeline 201 <------------------ Create switch command is in this formatcontroller ipv4 192.168.1.36 port 6653of-port interface Ethernet1/11 <------- Change Ethernet1/11-15 to this formatof-port interface Ethernet1/12of-port interface Ethernet1/13of-port interface Ethernet1/14of-port interface Ethernet1/15

What to Do Next

After uninstalling the Cisco Plug-in for OpenFlow, uninstalling the virtual service container (if necessary),and upgrading the switch, follow the instructions in this guide to enable the Cisco OpenFlow Agent. Thenload the modified configuration into the switch.

Deactivating and Uninstalling an Application from a VirtualServices Container

(Optional) Perform this task to uninstall and deactivate an application fromwithin a virtual services container.


Uninstalling Cisco Plug-in for OpenFlowDeactivating and Uninstalling an Application from a Virtual Services Container

Procedure


Enables privileged EXEC mode.enableStep 1

Example:Device> enable

• Enter your password if prompted.



Step 2

Enters virtual services configuration mode toconfigure a specified application.

virtual-service virtual-services-name

Example:Device(config)# virtual-serviceopenflow_agent

Step 3

• Use the virtual-services-name defined duringinstallation of the application.

Disables the application.no activate

Example:Device(config-virt-serv)# noactivate

Step 4

Unprovisions the application.no virtual-service virtual-services-nameStep 5

Example:Device(config)# no virtual-serviceopenflow_agent


• This command is optional for all devicesrunning Cisco IOS-XE.

Exits virtual services configuration mode and entersprivileged EXEC mode.

end

Example:Device(config-virt-serv)# end

Step 6

Uninstalls the application.virtual-service uninstall namevirtual-services-name

Step 7


Example:Device# virtual-service uninstallname openflow_agent

• Run this command only after receiving asuccessful deactivation response from thedevice.

Saves the change persistently through reboots andrestarts by copying the running configuration to thestartup configuration.



Step 8



Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches · Cisco OpenFlow Agent for Nexus 3000...

Documents

Transcript of Cisco OpenFlow Agent for Nexus 3000 and 9000 Series Switches · Cisco OpenFlow Agent for Nexus 3000...