sdn dell lab report v2

SDN Dell Israel Lab review

Version 2

Main Editor: Oded Rotter – [email protected] Editing Team & Research: Yory Frenklakh - [email protected] [email protected]

This is a Lab report written out of curiosity for new

staff in Networking technologies - enjoy!!!

mailto:[email protected]



1. Introduction

On March the 1st 2016 I was invited by my good friend Yory Frenklakh1, to visit Dell office

at Herzelia Israel. The bad news is that there wasn’t any time for us to gossip too much.

The good news is that I saw some interesting staff. We both share enthusiasm for new

technologies but on the other hands we are seeking for practical solutions for real

problems.

Yory has a vast experience as a system engineer as well as a customer with Data Center

gear from several leading vendors and also has the hands-on expertise to demonstrate

the SDN/Openflow staff (NEC controller for just playing with Openflow and Big Switch for

NPB capabilities) that are the focus of this paper: From high level to CLI commands

throughput some comments.

First of all, We’ll cover the terms and share some useful links. (Not too many so you’ll ask

more questions…LoL).

Afterwards We’ll share the lab info and wrap it with some conclusions + CLI commands.

I hope you’ll enjoy this paper and use it for your own/company benefit.

Disclaimer: Opinions are our own and not the views of our employers.

1 (https://il.linkedin.com/in/yory-frenklakh-7462b665 , [email protected] , [email protected]

https://il.linkedin.com/in/yory-frenklakh-7462b665



2. SDN – Software defined Networking

2.1 What’s it all about?

“SDN revolves around the notion of disaggregating the control plane and data plane of a

networking device – typically a switch (Layer 2) or router (Layer 3). While disaggregation is

unknown territory for many, there are enough similarities between the x86 server market

space prior to virtualization and this new networking approach to allow for a degree of

familiarity” (Dell 2016).

What it means is that you use abstraction layer:

The controller “tells” the switch what to do with new incoming flows. Upper layers of

network services “need to know” only the controller. We should add here a remark that

Cisco’s view on SDN is slightly different (ACI) and we won’t discuss Vmware (NSX)

,Openstack , Opendaylight.

2.2 Open Flow

Openflow is basically a protocol between the controller and the “Slave” (Lan switch for that matter). OpenFlow consists of the following components: 1. Protocol messaging 2. Flows 3. Forwarding tables

There are three types of protocol messages:

1. Controller-to-Switch – This type of message is sent by the controller to: Specify, modify or delete flow definitions Request information on switch capabilities Retrieve information (such as counters) from the switch

Send a packet back to a switch for processing after a new flow is created

2. Asynchronous – This type of message is sent by the switch to: Send the controller a packet that does not match an existing flow

Inform the controller that a flow has been removed because it’s time to live

parameter or inactivity time has expired

Inform the controller of a change in port status or that an error has occurred on

the switch

3. Symmetric – This type of message is sent by both the switch and the controller to: Exchange hello messages between controller and switch on startup

Echo messages between controller and switch to confirm bi-directional

connection

3. VLT - Virtual Link Trunking It’s a technology that takes 2 switches and make them as one entity for Port channel point of view.

If you are familiar with Cisco VPC, then you get the picture.

The advantages are listed as follows:

Loop free connectivity in layer-2 domain

Faster Network convergence

High-availability and redundancy

Effective utilization of all the links

Link level resiliency

Active-Active Load sharing with VRRP.

Active-Active load sharing with Peer-routing for Layer-3 VLAN

Graceful failover of LACP during reload

Agility in VM Migration under VLT domain.

Unified access for virtualization, Web applications and Cloud computing

High performance for Big Data networks

Easier design and manageability of fabric with AFM.

4. MLAG - Multi-switch Link Aggregation Basically it’s a technology that takes 2 switches and unified them to One switch so we can

have redundancy without using STP for loop avoidance.

Wait a second, What’s the difference between VLT & MLAG?

MLAG is supported on N-Series campus switches, VLT is supported on S/Z/M series Data

center switches:

• Similarities

– L2 multihoming topologies

– RSTP and MSTP interoperability

– Proprietary implementation and do not interoperate with other technologies

– Similar configuration steps

› Configure a VPC/VLT domain and assign a priority

› Configure the peer port-channel

› Assign an interface to the port-channel

› Configure the partner LAGs

• Differences

– Not a common data plane.

– No routing support on MLAG

– No separate heartbeat channel

– Peer-link between switches in MLAG does not pass data traffic

› Certain IP storage deployments won’t work with MLAG

5. Big Monitoring Fabric (BMF) It’s an architecture of building a NPB (Network Packet Broker) without using purpose built

devices (Like VSS, Gigamon and IXIA etc. are doing). You just use one brain (Controller)

and utilize switches – See for yourself in the following drawing:

So you use “any switch” and specific “service node” when you need more cool staff

(Deduplication, packet slicing and, regex matching).

6. Lab Topology

Conclusion It does work.

Why don’t you play with the technology by yourself?

References

[1] Big Monitoring Fabric 5.5, Big Switch , 2016

[1] OpenFlow Technical Brief: A look at a hybrid-enabled OpenFlow deployment, Dell, 2016

[2] VxLAN and EVPN in OcNOS, IP Fusion, 2015

[3] Integrating NEC’s ProgrammableFlow and Dell to Build Software Defined network -

http://sdnspace.com/Blogs/postid/53/integrating-programmableflow-dell-to-build-sdn

[4] Using MLAG in Dell Networks, Dell , February 2015

[5] Virtual Link Trunking (VLT),Dell , 2013

http://sdnspace.com/Blogs/postid/53/integrating-programmableflow-dell-to-build-sdn

Appendix

S4810-A (VLT-A Switch) Configuration ! Version 9.9(0.0)

boot system stack-unit 0 primary system: B:

boot system stack-unit 0 secondary system: A:

!

hardware watchdog

!

hostname S4810-A

!

protocol lldp

!

redundancy auto-synchronize full

!

cam-acl l2acl 2 ipv4acl 2 ipv6acl 0 ipv4qos 0 l2qos 1 l2pt 0 ipmacacl 0 vman-qos 0 ecfmacl 0 openflow 8

!

cam-acl-vlan vlanopenflow 1 vlaniscsi 1

!

vlt domain 1

peer-link port-channel 127

back-up destination 10.0.0.3

primary-priority 1

system-mac mac-address 00:11:22:33:44:55

unit-id 0

peer-routing

!

stack-unit 0 provision S4810

!

interface TenGigabitEthernet 0/0

description Link-to-N3024-A

no ip address

mtu 9100

!

port-channel-protocol LACP

port-channel 11 mode active

no shutdown

!


description to S4820T port TE0/0

no ip address

mtu 9100

!



no shutdown

!


description Link-to-N3024-B

no ip address

mtu 9100

!



no shutdown

!


description "To MXL VLT"

no ip address

mtu 9100

!



no shutdown

!



no ip address

mtu 9100

!



no shutdown

!



no ip address

mtu 9100

!



no shutdown

!



no ip address

mtu 9100

!



no shutdown

!


description To FN-IOM-410S port TE0/9

no ip address

mtu 9100

portmode hybrid

switchport

no shutdown

!

interface fortyGigE 0/56

description VLTi

no ip address

mtu 9100

no shutdown

!


description VLTi

no ip address

mtu 9100

no shutdown

!

interface ManagementEthernet 0/0

ip address 10.0.0.2/24

no shutdown

!

interface Port-channel 1

description To S4820T

no ip address

mtu 9100

portmode hybrid

switchport

vlt-peer-lag port-channel 1

no shutdown

!


description LAG-to-N3000's

no ip address

mtu 9100

portmode hybrid

switchport

lacp long-timeout


no shutdown

!


no ip address

mtu 9100

portmode hybrid

switchport

lacp long-timeout


no shutdown

!


description VLTi

no ip address

mtu 9100

channel-member fortyGigE 0/56,60

rate-interval 30

no shutdown

!

interface Vlan 1

!untagged Port-channel 1,11-12,127

!

interface Vlan 2 of-instance 1

description OF_management_network

no ip address

untagged TenGigabitEthernet 0/46

no shutdown

!

interface Vlan 3

ip address 192.168.3.1/24

tagged Port-channel 1,11-12,127

no shutdown

!


description OF_data_network

no ip address

tagged TenGigabitEthernet 0/46

no shutdown

!



no ip address


no shutdown

!

openflow of-instance 1

controller 1 10.0.0.95 tcp

flow-map l2 enable

flow-map l3 enable

interface-type vlan

multiple-fwd-table enable

of-version 1.3

no shutdown

!

management route 0.0.0.0/0 ManagementEthernet

!

ip ssh server enable

!

reload-type

boot-type normal-reload

config-scr-download enable

!

S4810-B (VLT-B Switch)Configuration ! Version 9.9(0.0)

boot system stack-unit 0 primary system: A:

boot system stack-unit 0 secondary system: B:

!

hardware watchdog

!

hostname S4810-B

!

protocol lldp

!


!


!


!

vlt domain 1

peer-link port-channel 127

back-up destination 10.0.0.2

primary-priority 8192

system-mac mac-address 00:11:22:33:44:55

unit-id 1

peer-routing

!

stack-unit 0 provision S4810

!


description Link-to-N3024-A

no ip address

mtu 9100

!



no shutdown

!


description to S4820T port TE0/1

no ip address

mtu 9100

!



no shutdown

!


description Link-to-N3024-B

no ip address

mtu 9100

!



no shutdown

!



no ip address

mtu 9100

!



no shutdown

!



no ip address

mtu 9100

!



no shutdown

!



no ip address

mtu 9100

!



no shutdown

!



no ip address

mtu 9100

!



no shutdown

!


description To FN-IOM-410S port TE0/10

no ip address

mtu 9100

portmode hybrid

switchport

no shutdown

!


description VLTi

no ip address

mtu 9100

no shutdown

!


description VLTi

no ip address

mtu 9100

no shutdown

!



no shutdown

!


description To S4820T

no ip address

mtu 9100

portmode hybrid

switchport


no shutdown

!


description LAG-to-N3000's

no ip address

mtu 9100

portmode hybrid

switchport

lacp long-timeout


no shutdown

!


no ip address

mtu 9100

portmode hybrid

switchport

lacp long-timeout


no shutdown

!


description VLTi

no ip address

mtu 9100

channel-member fortyGigE 0/56,60

rate-interval 30

no shutdown

!

interface Vlan 1

!untagged Port-channel 1,11-12,127

!



no ip address

untagged TenGigabitEthernet 0/46

no shutdown

!

interface Vlan 3

ip address 192.168.3.2/24

tagged Port-channel 1,11-12,127

no shutdown

!



no ip address


no shutdown

!



no ip address


no shutdown

!



flow-map l2 enable

flow-map l3 enable

interface-type vlan


of-version 1.3

no shutdown

!


!

ip ssh server enable

!

line console 0

!

reload-type



!

S4820T (Servers switch with port-mirroring) Configuration ! Version 9.9(0.0P1)



boot system stack-unit 0 default system: B:

!

hardware watchdog

!

hostname S4820T

!

protocol lldp

!


!

protocol spanning-tree rstp

no disable

hello-time milli-second 50

max-age 6

forward-delay 4

!

stack-unit 0 provision S4820T

!


description to S4810-A port Te0/1

no ip address

mtu 9100

!



no shutdown

!


description to S4810-B port Te0/1

no ip address

mtu 9100

!



no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

switchport

no shutdown

!


no ip address

mtu 9100

no shutdown

!


no ip address

mtu 9100

no shutdown

!


no ip address

mtu 9100

no shutdown

!


no ip address

no shutdown

!



no shutdown

!


description VLT link to BackBone

no ip address

mtu 9100

portmode hybrid

switchport

no shutdown

!

interface Vlan 1

!untagged Port-channel 1

!

interface Vlan 3

no ip address

tagged Port-channel 1

untagged TenGigabitEthernet 0/2-47

no shutdown

!

monitor session 1

source TenGigabitEthernet 0/1 destination fortyGigE 0/60 direction both
























!


!

reload-type



N3024-A (MLAG-A Switch) configuration

!System Description "Dell Networking N3024, 6.2.1.6, Linux 3.6.5-a5c6fee7"

!System Software Version 6.2.1.6

!

configure

hostname "N3024-A"

slot 1/0 1 ! Dell Networking N3024

stack

member 1 1 ! N3024

exit

interface out-of-band

ip address 10.0.0.5 255.255.255.0 10.0.0.138

exit

system jumbo mtu 9100

ip http secure-session hard-timeout 24

ip http secure-session soft-timeout 5

interface vlan 1 1

exit

no passwords min-length

spanning-tree max-age 6

feature bfd

!

interface Gi1/0/1

channel-group 11 mode active

description "uplink_to_S4810-A"

exit

!

interface Gi1/0/2


description "uplink_to_S4810-B"

exit

!

interface Te1/0/1


description "MLAG-Interconnect"

udld enable

udld port aggressive

exit

!

interface Te1/0/2



udld enable


exit

!

interface port-channel 11

description "uplink_LAG_to_S4810s"

switchport mode trunk

vpc 11

exit

!


description "MLAG-PEER-LAG"

spanning-tree disable


vpc peer-link

Exit

!

feature vpc

vpc domain 1

role priority 1

peer-keepalive enable

peer-keepalive destination 10.0.0.6 source 10.0.0.5

peer detection enable

exit

N3024-B (MLAG-B Switch) Configuration

!System Description "Dell Networking N3024, 6.2.1.6, Linux 3.6.5-a5c6fee7"

!System Software Version 6.2.1.6

!

configure

hostname "N3024-B"

slot 1/0 1 ! Dell Networking N3024

stack

member 1 1 ! N3024

exit

interface out-of-band

ip address 10.0.0.6 255.255.255.0 10.0.0.138

exit

system jumbo mtu 9100

ip http secure-session hard-timeout 24

ip http secure-session soft-timeout 5

interface vlan 1 1

exit

!

interface Gi1/0/1


description "uplink_to_S4810-A"

exit

!

interface Gi1/0/2


description "uplink_to_S4810-B"

exit

!

interface Te1/0/1



udld enable


exit

!

interface Te1/0/2



udld enable


exit

!


description "uplink_LAG_to_S4810s"


vpc 11

exit

!


description "MLAG-PEER-LAG"

spanning-tree disable


vpc peer-link

exit

feature vpc

vpc domain 1

role priority 2

peer-keepalive enable

peer-keepalive destination 10.0.0.5 source 10.0.0.6

peer detection enable

exit

FN-IOM (FX2 Chassis switch) Configuration

! Version 9.9(0.0)

!



boot system stack-unit 0 default system: B:

!

hostname FN410S

!

protocol lldp

!


!

password-attributes min-length 0

!


!


!

stack-unit 0 provision PE-FN-410S-IOM

!


no ip address

switchport

!

protocol lldp

no shutdown

!


no ip address

switchport

!

protocol lldp

no shutdown

!


no ip address

switchport

!

protocol lldp

no shutdown

!


no ip address

switchport

!

protocol lldp

no shutdown

!


no ip address

switchport

!

protocol lldp

no shutdown

!


no ip address

switchport

!

protocol lldp

no shutdown

!


no ip address

switchport

!

protocol lldp

no shutdown

!


no ip address

switchport

!

protocol lldp

no shutdown

!


no ip address

portmode hybrid

switchport

!

protocol lldp

no shutdown

!


no ip address

portmode hybrid

switchport

!

protocol lldp

no shutdown

!


no ip address

portmode hybrid

switchport

!

protocol lldp

no shutdown

!


no ip address

portmode hybrid

switchport

!

protocol lldp

no shutdown

!


ip address 10.0.0.11/24

no shutdown

!


no ip address

no shutdown

!

interface Vlan 1

ip address dhcp

shutdown

!



no ip address


no shutdown

!



no ip address

tagged TenGigabitEthernet 0/9-12


no shutdown

!



no ip address

tagged TenGigabitEthernet 0/9-12


no shutdown

!



flow-map l2 enable

flow-map l3 enable

interface-type vlan


of-version 1.3

no shutdown

!


!

service-class dynamic dot1p

!

snmp-server community public ro

snmp-server enable traps snmp linkdown linkup

snmp-server enable traps stack

ip ssh server version 2

!

dcb-map FLEXIO_DCB_MAP_PFC_OFF

no pfc mode on

!

uplink-state-group 1

!

reload-type


!

end

Big tap configuration

! Big Tap Controller 5.5.0 (2015.12.16.1938-m.bsc.bigdb)

! Current Time: 2016-03-17.03:34:23

!

version 1.0

! ntp

ntp server 0.bigswitch.pool.ntp.org

! bigtap

bigtap crc

bigtap inport-mask

bigtap match-mode l3-l4-offset-match

bigtap overlap

bigtap pcap-retention-days 7

no bigtap auto-delivery-interface-strip-vlan

no bigtap auto-filter-interface-vlan-rewrite

no bigtap tunneling

! user

user admin

full-name 'Default admin'

hashed-password method=<<removed>>

! group

group admin

associate rbac-permission admin-view

associate user admin

group read-only

! controller-node

controller-node 0936d3ad-c268-45be-97e5-9f061fb50347

clock timezone Israel

controller-alias DemoController

ip default-gateway 10.0.0.138

ip domain name delllab.local

ip name-server 10.0.0.101

interface Ethernet 0

firewall allow ssl

firewall allow tcp 8443

firewall allow web

ip address 10.0.0.100 255.255.255.0

! switch

switch 00:00:00:01:e8:d8:a5:ea

switch-alias BT-SW-1

interface ethernet1

bigtap role delivery interface-name Sniffer

interface ethernet10

bigtap role filter interface-name test


bigtap role service interface-name test_service_in


bigtap role service interface-name Test_service_out


bigtap role filter interface-name Filter1

! rbac-permission

rbac-permission admin-view bigtap

! bigchain

bigchain user-defined-offset

! bigtap

bigtap analytics

track arp

track dhcp

track dns

track icmp

bigtap sflow

bigtap user-defined-offset

bigtap filter-interface-group test_GR

filter-interface Filter1

filter-interface test

bigtap managed-service Test_123

service-action pattern-match $demo*

service-interface switch 00:00:00:01:e8:d8:a5:ea ethernet12

bigtap service Test

post-service Test_service_out

pre-service test_service_in

bigtap service packet-truncation

post-service sw-1-from-service

pre-service sw-1-to-service

bigtap service test

post-service post

pre-service test

bigtap policy Test_policy rbac-permission admin-view owner admin

action inactive

delivery-interface Sniffer

filter-group test_GR


priority 100

start 1458204610 duration 0

use-service Test sequence 1

1 match ip 137 vlan-id-range 10 20 src-ip-range 192.168.3.10 192.168.3.20 dst-ip 192.168.10.0

255.255.255.0

bigtap policy Test_servers_monitor rbac-permission admin-view owner admin

action forward

delivery-interface Sniffer


priority 100

start 1458199860 duration 0

use-service packet-truncation sequence 1

1 match icmp src-ip 192.168.3.0 255.255.255.0 dst-ip 192.168.10.0 255.255.255.0

2 match any

sdn dell lab report v2

Internet