Sdn dell lab report v2

SDN Dell Israel Lab
review
Version 2
Main Editor: Oded Rotter – oded1233@gmail.com
Editing Team & Research: Yory Frenklakh - yurkaf@gmail.com
yory_frenklakh@dell.com
This is a Lab report written out of curiosity for new
staff in Networking technologies - enjoy!!!

1. Introduction
On March the 1st 2016 I was invited by my good friend Yory Frenklakh1, to visit Dell office
at Herzelia Israel. The bad news is that there wasn’t any time for us to gossip too much.
The good news is that I saw some interesting staff. We both share enthusiasm for new
technologies but on the other hands we are seeking for practical solutions for real
problems.
Yory has a vast experience as a system engineer as well as a customer with Data Center
gear from several leading vendors and also has the hands-on expertise to demonstrate
the SDN/Openflow staff (NEC controller for just playing with Openflow and Big Switch for
NPB capabilities) that are the focus of this paper: From high level to CLI commands
throughput some comments.
First of all, We’ll cover the terms and share some useful links. (Not too many so you’ll ask
more questions…LoL).
Afterwards We’ll share the lab info and wrap it with some conclusions + CLI commands.
I hope you’ll enjoy this paper and use it for your own/company benefit.
Disclaimer: Opinions are our own and not the views of our employers.
1 (https://il.linkedin.com/in/yory-frenklakh-7462b665 , yurkaf@gmail.com , yory_frenklakh@dell.com

2. SDN – Software defined Networking
2.1 What’s it all about?
“SDN revolves around the notion of disaggregating the control plane and data plane of a
networking device – typically a switch (Layer 2) or router (Layer 3). While disaggregation is
unknown territory for many, there are enough similarities between the x86 server market
space prior to virtualization and this new networking approach to allow for a degree of
familiarity” (Dell 2016).
What it means is that you use abstraction layer:
The controller “tells” the switch what to do with new incoming flows. Upper layers of
network services “need to know” only the controller. We should add here a remark that
Cisco’s view on SDN is slightly different (ACI) and we won’t discuss Vmware (NSX)
,Openstack , Opendaylight.

2.2 Open Flow
Openflow is basically a protocol between the controller and the “Slave” (Lan switch for that
matter). OpenFlow consists of the following components:
1. Protocol messaging
2. Flows
3. Forwarding tables
There are three types of protocol messages:
1. Controller-to-Switch – This type of message is sent by the controller to:
Specify, modify or delete flow definitions
Request information on switch capabilities
Retrieve information (such as counters) from the switch
Send a packet back to a switch for processing after a new flow is created
2. Asynchronous – This type of message is sent by the switch to:
Send the controller a packet that does not match an existing flow
Inform the controller that a flow has been removed because it’s time to live
parameter or inactivity time has expired
Inform the controller of a change in port status or that an error has occurred on
the switch
3. Symmetric – This type of message is sent by both the switch and the controller to:
Exchange hello messages between controller and switch on startup
Echo messages between controller and switch to confirm bi-directional
connection

3. VLT - Virtual Link Trunking
It’s a technology that takes 2 switches and make them as one entity for Port channel point of view.
If you are familiar with Cisco VPC, then you get the picture.
The advantages are listed as follows:

 Loop free connectivity in layer-2 domain
 Faster Network convergence
 High-availability and redundancy
 Effective utilization of all the links
 Link level resiliency
 Active-Active Load sharing with VRRP.
 Active-Active load sharing with Peer-routing for Layer-3 VLAN
 Graceful failover of LACP during reload
 Agility in VM Migration under VLT domain.
 Unified access for virtualization, Web applications and Cloud computing
 High performance for Big Data networks
 Easier design and manageability of fabric with AFM.
4. MLAG - Multi-switch Link Aggregation
Basically it’s a technology that takes 2 switches and unified them to One switch so we can
have redundancy without using STP for loop avoidance.
Wait a second, What’s the difference between VLT & MLAG?
MLAG is supported on N-Series campus switches, VLT is supported on S/Z/M series Data
center switches:
• Similarities
– L2 multihoming topologies
– RSTP and MSTP interoperability
– Proprietary implementation and do not interoperate with other technologies
– Similar configuration steps
› Configure a VPC/VLT domain and assign a priority
› Configure the peer port-channel
› Assign an interface to the port-channel
› Configure the partner LAGs
• Differences
– Not a common data plane.
– No routing support on MLAG
– No separate heartbeat channel
– Peer-link between switches in MLAG does not pass data traffic
› Certain IP storage deployments won’t work with MLAG

5. Big Monitoring Fabric (BMF)
It’s an architecture of building a NPB (Network Packet Broker) without using purpose built
devices (Like VSS, Gigamon and IXIA etc. are doing). You just use one brain (Controller)
and utilize switches – See for yourself in the following drawing:
So you use “any switch” and specific “service node” when you need more cool staff
(Deduplication, packet slicing and, regex matching).

Conclusion
It does work.
Why don’t you play with the technology by yourself?
References
[1] Big Monitoring Fabric 5.5, Big Switch , 2016
[1] OpenFlow Technical Brief: A look at a hybrid-enabled OpenFlow deployment, Dell, 2016
[2] VxLAN and EVPN in OcNOS, IP Fusion, 2015
[3] Integrating NEC’s ProgrammableFlow and Dell to Build Software Defined network -
http://sdnspace.com/Blogs/postid/53/integrating-programmableflow-dell-to-build-sdn
[4] Using MLAG in Dell Networks, Dell , February 2015
[5] Virtual Link Trunking (VLT),Dell , 2013

Appendix
S4810-A (VLT-A Switch) Configuration
! Version 9.9(0.0)
boot system stack-unit 0 primary system: B:
boot system stack-unit 0 secondary system: A:
!
hardware watchdog
!
hostname S4810-A
!
protocol lldp
!
redundancy auto-synchronize full
!
cam-acl l2acl 2 ipv4acl 2 ipv6acl 0 ipv4qos 0 l2qos 1 l2pt 0 ipmacacl 0 vman-qos 0 ecfmacl 0 openflow 8
!
cam-acl-vlan vlanopenflow 1 vlaniscsi 1
!
vlt domain 1
peer-link port-channel 127
back-up destination 10.0.0.3
primary-priority 1
system-mac mac-address 00:11:22:33:44:55
unit-id 0
peer-routing
!
stack-unit 0 provision S4810
!
interface TenGigabitEthernet 0/0
description Link-to-N3024-A
no ip address
mtu 9100
!
port-channel-protocol LACP
port-channel 11 mode active
no shutdown
!

description to S4820T port TE0/0
no ip address
mtu 9100
!
no shutdown
!
description Link-to-N3024-B
no ip address
mtu 9100
!
no shutdown
!
description "To MXL VLT"
no ip address
mtu 9100
!
no shutdown
!
no ip address
mtu 9100
!
no shutdown
!
no ip address
mtu 9100
!
no shutdown

!
no ip address
mtu 9100
!
no shutdown
!
description To FN-IOM-410S port TE0/9
no ip address
mtu 9100
portmode hybrid
switchport
no shutdown
!
interface fortyGigE 0/56
description VLTi
no ip address
mtu 9100
no shutdown
!
description VLTi
no ip address
mtu 9100
no shutdown
!
interface ManagementEthernet 0/0
ip address 10.0.0.2/24
no shutdown
!
interface Port-channel 1
description To S4820T
no ip address
mtu 9100
portmode hybrid
switchport
vlt-peer-lag port-channel 1
no shutdown

!
description LAG-to-N3000's
no ip address
mtu 9100
portmode hybrid
switchport
lacp long-timeout
no shutdown
!
no ip address
mtu 9100
portmode hybrid
switchport
lacp long-timeout
no shutdown
!
description VLTi
no ip address
mtu 9100
channel-member fortyGigE 0/56,60
rate-interval 30
no shutdown
!
interface Vlan 1
!untagged Port-channel 1,11-12,127
!
interface Vlan 2 of-instance 1
description OF_management_network
no ip address
untagged TenGigabitEthernet 0/46
no shutdown
!
interface Vlan 3
ip address 192.168.3.1/24
tagged Port-channel 1,11-12,127
no shutdown
!
description OF_data_network

no ip address
tagged TenGigabitEthernet 0/46
no shutdown
!
no ip address
no shutdown
!
openflow of-instance 1
controller 1 10.0.0.95 tcp
flow-map l2 enable
flow-map l3 enable
interface-type vlan
multiple-fwd-table enable
of-version 1.3
no shutdown
!
management route 0.0.0.0/0 ManagementEthernet
!
ip ssh server enable
!
reload-type
boot-type normal-reload
config-scr-download enable
!

S4810-B (VLT-B Switch)Configuration
! Version 9.9(0.0)
boot system stack-unit 0 primary system: A:
boot system stack-unit 0 secondary system: B:
!
hardware watchdog
!
hostname S4810-B
!
protocol lldp
!
!
!
!
vlt domain 1
peer-link port-channel 127
back-up destination 10.0.0.2
primary-priority 8192
system-mac mac-address 00:11:22:33:44:55
unit-id 1
peer-routing
!
stack-unit 0 provision S4810
!
description Link-to-N3024-A
no ip address
mtu 9100
!
no shutdown
!
description to S4820T port TE0/1
no ip address
mtu 9100
!
no shutdown

!
description Link-to-N3024-B
no ip address
mtu 9100
!
no shutdown
!
no ip address
mtu 9100
!
no shutdown
!
no ip address
mtu 9100
!
no shutdown
!
no ip address
mtu 9100
!
no shutdown
!
no ip address
mtu 9100
!

no shutdown
!
description To FN-IOM-410S port TE0/10
no ip address
mtu 9100
portmode hybrid
switchport
no shutdown
!
description VLTi
no ip address
mtu 9100
no shutdown
!
description VLTi
no ip address
mtu 9100
no shutdown
!
no shutdown
!
description To S4820T
no ip address
mtu 9100
portmode hybrid
switchport
no shutdown
!
description LAG-to-N3000's
no ip address
mtu 9100
portmode hybrid
switchport
lacp long-timeout
no shutdown

!
no ip address
mtu 9100
portmode hybrid
switchport
lacp long-timeout
no shutdown
!
description VLTi
no ip address
mtu 9100
channel-member fortyGigE 0/56,60
rate-interval 30
no shutdown
!
interface Vlan 1
!untagged Port-channel 1,11-12,127
!
no ip address
untagged TenGigabitEthernet 0/46
no shutdown
!
interface Vlan 3
ip address 192.168.3.2/24
tagged Port-channel 1,11-12,127
no shutdown
!
no ip address
no shutdown
!
no ip address
no shutdown
!

flow-map l2 enable
flow-map l3 enable
interface-type vlan
of-version 1.3
no shutdown
!
!
ip ssh server enable
!
line console 0
!
reload-type
!

S4820T (Servers switch with port-mirroring) Configuration
! Version 9.9(0.0P1)
boot system stack-unit 0 default system: B:
!
hardware watchdog
!
hostname S4820T
!
protocol lldp
!
!
protocol spanning-tree rstp
no disable
hello-time milli-second 50
max-age 6
forward-delay 4
!
stack-unit 0 provision S4820T
!
description to S4810-A port Te0/1
no ip address
mtu 9100
!
no shutdown
!
description to S4810-B port Te0/1
no ip address
mtu 9100
!
no shutdown
!
no ip address
mtu 9100
switchport

no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!

no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address

mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport

no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!

no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address

mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
switchport

no shutdown
!
no ip address
mtu 9100
switchport
no shutdown
!
no ip address
mtu 9100
no shutdown
!
no ip address
mtu 9100
no shutdown
!
no ip address
mtu 9100
no shutdown
!
no ip address
no shutdown
!
no shutdown
!
description VLT link to BackBone
no ip address
mtu 9100
portmode hybrid
switchport
no shutdown
!
interface Vlan 1
!untagged Port-channel 1
!
interface Vlan 3
no ip address

tagged Port-channel 1
untagged TenGigabitEthernet 0/2-47
no shutdown
!
monitor session 1
source TenGigabitEthernet 0/1 destination fortyGigE 0/60 direction both
!
!
reload-type

N3024-A (MLAG-A Switch) configuration
!System Description "Dell Networking N3024, 6.2.1.6, Linux 3.6.5-a5c6fee7"
!System Software Version 6.2.1.6
!
configure
hostname "N3024-A"
slot 1/0 1 ! Dell Networking N3024
stack
member 1 1 ! N3024
exit
interface out-of-band
ip address 10.0.0.5 255.255.255.0 10.0.0.138
exit
system jumbo mtu 9100
ip http secure-session hard-timeout 24
ip http secure-session soft-timeout 5
interface vlan 1 1
exit
no passwords min-length
spanning-tree max-age 6
feature bfd
!
interface Gi1/0/1
channel-group 11 mode active
description "uplink_to_S4810-A"
exit
!
interface Gi1/0/2
description "uplink_to_S4810-B"
exit
!
interface Te1/0/1
description "MLAG-Interconnect"
udld enable
udld port aggressive
exit
!
interface Te1/0/2
udld enable

exit
!
interface port-channel 11
description "uplink_LAG_to_S4810s"
switchport mode trunk
vpc 11
exit
!
description "MLAG-PEER-LAG"
spanning-tree disable
vpc peer-link
Exit
!
feature vpc
vpc domain 1
role priority 1
peer-keepalive enable
peer-keepalive destination 10.0.0.6 source 10.0.0.5
peer detection enable
exit

N3024-B (MLAG-B Switch) Configuration
!System Description "Dell Networking N3024, 6.2.1.6, Linux 3.6.5-a5c6fee7"
!System Software Version 6.2.1.6
!
configure
hostname "N3024-B"
slot 1/0 1 ! Dell Networking N3024
stack
member 1 1 ! N3024
exit
interface out-of-band
ip address 10.0.0.6 255.255.255.0 10.0.0.138
exit
system jumbo mtu 9100
ip http secure-session hard-timeout 24
ip http secure-session soft-timeout 5
interface vlan 1 1
exit
!
interface Gi1/0/1
description "uplink_to_S4810-A"
exit
!
interface Gi1/0/2
description "uplink_to_S4810-B"
exit
!
interface Te1/0/1
udld enable
exit
!
interface Te1/0/2
udld enable
exit

!
description "uplink_LAG_to_S4810s"
vpc 11
exit
!
description "MLAG-PEER-LAG"
spanning-tree disable
vpc peer-link
exit
feature vpc
vpc domain 1
role priority 2
peer-keepalive enable
peer-keepalive destination 10.0.0.5 source 10.0.0.6
peer detection enable
exit

FN-IOM (FX2 Chassis switch) Configuration
! Version 9.9(0.0)
!
boot system stack-unit 0 default system: B:
!
hostname FN410S
!
protocol lldp
!
!
password-attributes min-length 0
!
!
!
stack-unit 0 provision PE-FN-410S-IOM
!
no ip address
switchport
!
protocol lldp
no shutdown
!
no ip address
switchport
!
protocol lldp
no shutdown
!
no ip address
switchport
!
protocol lldp
no shutdown
!

no ip address
switchport
!
protocol lldp
no shutdown
!
no ip address
switchport
!
protocol lldp
no shutdown
!
no ip address
switchport
!
protocol lldp
no shutdown
!
no ip address
switchport
!
protocol lldp
no shutdown
!
no ip address
switchport
!
protocol lldp
no shutdown
!
no ip address
portmode hybrid
switchport
!
protocol lldp
no shutdown
!
no ip address

portmode hybrid
switchport
!
protocol lldp
no shutdown
!
no ip address
portmode hybrid
switchport
!
protocol lldp
no shutdown
!
no ip address
portmode hybrid
switchport
!
protocol lldp
no shutdown
!
ip address 10.0.0.11/24
no shutdown
!
no ip address
no shutdown
!
interface Vlan 1
ip address dhcp
shutdown
!
no ip address
no shutdown
!
no ip address
tagged TenGigabitEthernet 0/9-12

no shutdown
!
no ip address
tagged TenGigabitEthernet 0/9-12
no shutdown
!
flow-map l2 enable
flow-map l3 enable
interface-type vlan
of-version 1.3
no shutdown
!
!
service-class dynamic dot1p
!
snmp-server community public ro
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps stack
ip ssh server version 2
!
dcb-map FLEXIO_DCB_MAP_PFC_OFF
no pfc mode on
!
uplink-state-group 1
!
reload-type
!
end

Big tap configuration
! Big Tap Controller 5.5.0 (2015.12.16.1938-m.bsc.bigdb)
! Current Time: 2016-03-17.03:34:23
!
version 1.0
! ntp
ntp server 0.bigswitch.pool.ntp.org
! bigtap
bigtap crc
bigtap inport-mask
bigtap match-mode l3-l4-offset-match
bigtap overlap
bigtap pcap-retention-days 7
no bigtap auto-delivery-interface-strip-vlan
no bigtap auto-filter-interface-vlan-rewrite
no bigtap tunneling
! user
user admin
full-name 'Default admin'
hashed-password method=<<removed>>
! group
group admin
associate rbac-permission admin-view
associate user admin
group read-only
! controller-node
controller-node 0936d3ad-c268-45be-97e5-9f061fb50347
clock timezone Israel
controller-alias DemoController
ip default-gateway 10.0.0.138

ip domain name delllab.local
ip name-server 10.0.0.101
interface Ethernet 0
firewall allow ssl
firewall allow tcp 8443
firewall allow web
ip address 10.0.0.100 255.255.255.0
! switch
switch 00:00:00:01:e8:d8:a5:ea
switch-alias BT-SW-1
interface ethernet1
bigtap role delivery interface-name Sniffer
interface ethernet10
bigtap role filter interface-name test
bigtap role service interface-name test_service_in
bigtap role service interface-name Test_service_out
bigtap role filter interface-name Filter1
! rbac-permission
rbac-permission admin-view bigtap
! bigchain
bigchain user-defined-offset
! bigtap
bigtap analytics
track arp
track dhcp
track dns
track icmp
bigtap sflow
bigtap user-defined-offset
bigtap filter-interface-group test_GR
filter-interface Filter1
filter-interface test
bigtap managed-service Test_123

service-action pattern-match $demo*
service-interface switch 00:00:00:01:e8:d8:a5:ea ethernet12
bigtap service Test
post-service Test_service_out
pre-service test_service_in
bigtap service packet-truncation
post-service sw-1-from-service
pre-service sw-1-to-service
bigtap service test
post-service post
pre-service test
bigtap policy Test_policy rbac-permission admin-view owner admin
action inactive
delivery-interface Sniffer
filter-group test_GR
priority 100
start 1458204610 duration 0
use-service Test sequence 1
1 match ip 137 vlan-id-range 10 20 src-ip-range 192.168.3.10 192.168.3.20 dst-ip 192.168.10.0
255.255.255.0
bigtap policy Test_servers_monitor rbac-permission admin-view owner admin
action forward
delivery-interface Sniffer
priority 100
start 1458199860 duration 0
use-service packet-truncation sequence 1
1 match icmp src-ip 192.168.3.0 255.255.255.0 dst-ip 192.168.10.0 255.255.255.0
2 match any

Sdn dell lab report v2

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to Sdn dell lab report v2

Similar to Sdn dell lab report v2 (20)

More from Oded Rotter

More from Oded Rotter (20)

Recently uploaded

Recently uploaded (20)

Sdn dell lab report v2