Supported by the GlobalNOC at Indiana University

Most PopularMost popular assets for this branch of the site.
  1. Upgrading Code
  2. Switch Routing Engine
  3. Hybrid Mode Configuration
  4. Changing Controller
  5. Viewing Flows
Recent ChangesRecently edited assets for this branch of the site.
  1. Upgrading Code
  2. Switch Routing Engine
  3. Adding / Removing Interface
  4. Changing Controller
  5. Hybrid Mode Configuration

Junipers



Logging in

Logging into the Juniper is done through standard SSH access.  


Viewing Flows

There are 2 ways to view the flows... summary (the default) and details.  

show openflow flows [detail]

aragusa@mx960-1-re0> show openflow flows detail
Flow name: flow-65536
Table ID: 1     Flow ID: 65536
Priority: 32768   Idle timeout(in sec):0        Hard timeout(in sec): 0
Match: Input port: wildcard
       Ethernet src addr: wildcard
       Ethernet dst addr: wildcard
       Input vlan id: 65535             Input VLAN priority: wildcard
       Ether type: 0x88cc
       IP ToS: wildcard                 IP protocol: wildcard
       IP src addr: wildcard            IP dst addr: wildcard
       Source port: wildcard            Destination port: wildcard
Action: Output port 65533,

Flow name: flow-16842752
Table ID: 1     Flow ID: 16842752
Priority: 1       Idle timeout(in sec):0        Hard timeout(in sec): 0
Match: Input port: wildcard
       Ethernet src addr: wildcard
       Ethernet dst addr: wildcard
       Input vlan id: wildcard          Input VLAN priority: wildcard
       Ether type: wildcard
       IP ToS: wildcard                 IP protocol: wildcard
       IP src addr: wildcard            IP dst addr: wildcard
       Source port: wildcard            Destination port: wildcard
Action: Drop,

The entire flow is documented in the details list.  The flow ID is important for being able to get more details about a flow and should be noted.  Unfortunately there is no way to filter the flows to a specific interface on the Junipers.

* For more information on understanding openflow see the OpenFlow section of NOC DOC.  


Controller Connection Status

To check the currently openflow controller and its status run the

show openflow controller command

aragusa@mx960-1-re0> show openflow controller
Openflowd controller information:
Controller socket: 13
Controller IP address: 140.182.45.44
Controller protocol: tcp
Controller port: 6633
Controller connection state: up
Number of connection attempt: 400
Controller role: equal


Known Issues

When an interface is in hybrid mode, untagged traffic can not be matched on.  *NOTE* this affects LLDP as well


Hybrid Mode Configuration

Hybrid mode is configured on each interface.  Specifically you must specify the vlan-range to allow in hybrid mode

xe-7/0/0 {
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 0 {
        family bridge {
            interface-mode trunk;
            vlan-id-list 100-4094;
        }
    }
}

then once you have all of the sub interfaces configured you must add them to the openflow configuration Here is an example

protocols {
    lldp {
        enable;
    }
    openflow {
        switch al2s {
            default-action {
                drop;
            }
            emergency-mode;
            interfaces {
                xe-7/0/0.0;
                xe-7/0/1.0;
                xe-7/0/2.0;
                et-5/0/0.0;
            }
            controller {
                protocol {
                    tcp {
                        port 6633;
                    }
                }
                role equal;
                address 140.182.45.44;
            }
        }
    }
}
routing-instances {
    al2s_of_switch {
        instance-type virtual-switch;
        interface et-5/0/0.0;
        interface xe-7/0/0.0;
        interface xe-7/0/1.0;
        interface xe-7/0/2.0;
        bridge-domains {
            al2s {
                vlan-id-list 100-4094;
            }
        }
    }
}

Upgrading Code

* If you're upgrading the device as part of SDN device testing you'll want to consider upgrading both routing engines intially as one of the later tests depends on you switching the routing engine and verifying correct behavior.

To load new software onto the Juniper MX-960 switch you should do the following. (Note if the disk is full you may have to open a shell and clear some space. (> start shell) Then you can rm files as you would on any unix system.

There will be two packages involved. A jinstall and a jsdn package in separate .tgz files. First start by scp'ing the packages to the switch.

scp *.tgz <switch ip>:

Next log into the switch on the management ip.

Run the following commands adding the package names as needed.

 

> edit

> deactivate interfaces

> deactivate protocols openflow

> deactivate routing-instances al2s_of_switch

> commit

> exit

> request system software delete jsdn [or jsdn-i386, etc.]

At this point, we've seen the following error message:

"Database header sequence numbers mismatch for file '/var/run/db/juniper.data'. If a package has just been added or deleted, please verify and commit the configuration."

The solution is to continue with the upgrade.

> request system software add no-validate <new jinstall package filename>

> request system reboot

Wait for the RE to reboot, then log back in:

> request system software add <new jsdn package filename>

> edit

> activate interfaces

> edit protocols openflow switch al2s

> set controller address 140.182.45.44 [or other controller ip, as appropriate]

> set controller protocol tcp port 6633 <or other controller port>

> commit

> exit

> activate protocols openflow

> activate routing-instances al2s_of_switch

> commit

> exit

Now that you've activated the openflow protocol you will have to add some openflow interfaces and set emergency mode.

> edit

> edit protocols openflow switch al2s interfaces

For testing purposes we just set all of the *.0 interfaces

> set et-5/0/0.0

> set xe-7/0/0.0

> set xe-7/0/1.0

> set xe-7/0/2.0

> commit

> exit

Now set emergency-mode. (note this command will not tab complete... for reasons)

> edit protocols openflow switch al2s

> set emergency-mode

> commit

Note that the switch has two Routing Engines denoted by the prompt when you log in. For instance 

thompsbp@mx960-2-re0> shows that Routing Engine 0 is currently in use. Each routing engine has its own copy of the code the switch uses. For recovery purposes you should only upgrade one routing engine on each switch so that if there is an issue you can fail back to the other routing engine. Once the switch reboots as part of the install there is no guarantee it will come back up with the same routing engine you just upgraded. If that is the case you will need to have the switch change to the routing engine you have just upgraded with the following command. 

> request chassis routing-engine master switch

 


Viewing FlowStats

Viewing FlowStats is useful for debugging what is happening in OESS and on the devices.  On the Junipers the openflow statistics are not included in the show openflow flows command.  Instead you must run show openflow statistics flows

show openflow statistics flows

aragusa@mx960-1-re0> show openflow statistics flows
Switch Name: al2s
Table ID: 1     Flow ID: 65536
Duration(in sec): 67834          Duration(in nsec): 89247000
Priority: 32768   Idle timeout(in sec):0        Hard timeout(in sec): 0
Number of packets: 0
Number of bytes:   0
Match: DL_VLAN, DL_TYPE,
Action: OUTPUT,

Switch Name: al2s
Table ID: 1     Flow ID: 16842752
Duration(in sec): 67834          Duration(in nsec): 4201524296
Priority: 1       Idle timeout(in sec):0        Hard timeout(in sec): 0
Number of packets: 0
Number of bytes:   0
Action: Drop,

If you are interested in a specific flows flowstats you can get the FlowID from the show openflow flows command and then pass it to the show openflow statistics command like

aragusa@mx960-1-re0> show openflow statistics flows 16842752
Switch Name: al2s
Table ID: 1     Flow ID: 16842752
Duration(in sec): 75860          Duration(in nsec): 3821360296
Priority: 1       Idle timeout(in sec):0        Hard timeout(in sec): 0
Number of packets: 0
Number of bytes:   0
Action: Drop,

Changing Controller

To change the openflow controller complete the following steps

1.) enter edit mode

"SSH@mx960-2-re0> edit"

2.) edit the openflow protocol

"SSH@mx960-2-re0# edit protocols openflow"

3.) edit the particular context, for example

"SSH@mx960-2-re0# edit switch al2s"

4.) If you need to see where it is currently pointing run the follwing

"SSH@mx960-2-re0# show"

which will return output like

"default-action {

    drop;

}

emergency-mode;

interfaces {

    xe-7/0/0.0;

    xe-7/0/1.0;

    xe-7/0/2.0;

    et-5/0/0.0;

}

controller {

    protocol {

        tcp {

            port 1111;

        }

    }

    role equal;

    address 1.2.3.4;

}"

and you can see that it is currently pointing at address 1.2.3.4 on port 1111

5.) to change the controller ip address

"SSH@mx960-2-re0# set controller address <NEW_IP_ADDRESS"

6.) commit your changes

"SSH@mx960-2-re0# commit"


Adding / Removing Interface

1.) Enter configuration mode

> configure

2.) Edit the relevant routing instance

> edit routing-instances al2s_of_switch

3.) Delete an interface

> delete interface xe-7/0/2.0

4.) Commit to apply the changes

> commit

5.) Add an interface

> set al2s_of_switch interface xe-7/0/2.0

6.) Commit to apply the changes


Switch Routing Engine

Simply type the following command. Your ssh session will be terminated.

> request chassis routing-engine master switch


Your request has been completed.