VLAN stitching on the (Tunneling) NetFPGA OpenFlow Switch

This page describes how VLAN stitching can be implemented on a NetFPGA running the Tunneling OpenFlow bitfile (of1).

Topology

The NetFPGA bridges two VLANs, 5 and 3733. The connections are as follows:

• of1:nf2c1 ←—- VLAN 5 —→ sw-top:geth0/15
• of1:nf2c2 ←- VLAN 3733 —> sw-outside:geth0/34

These VLANs were stitched together by pushing flow rules to of1 from kvm-big, running the Big Switch controller.

Configurations

of1 shows up as DPID 00:00:00:23:20:08:0f:f7 on kvm-big. On of1, this is the MAC address of interface tap0.

This is done from the CLI, in config-switch mode.

kvm-big> en 
kvm-big# conf
kvm-big(config)# switch 00:00:00:23:20:08:0f:f7
kvm-big(config-switch)#

From the config-switch context, two flow entries are created for of1's DPID on kvm-big: one for switching VLAN tags from 3733 to 5 on nf2c2, and the other, from 5 to 3733 on nf2c1.

  flow-entry port-c1
    active True
    ingress-port 2
    vlan-id 5
    actions set-vlan-id=3733,output=3
  flow-entry port-c2
    active True
    ingress-port 3
    vlan-id 3733
    actions set-vlan-id=5,output=2

Setting flow entries from the config-switch context is a matter of copy/pasting each line above, and exiting between different flow entries. Key points are:

• The four ports of the NetFPGA are designated 1,2,3,4, not 0,1,2,3 as the nf2cx numbering might suggest.
• 'active True' must be specified to enable the flow policy since the default for any newly created flow is 'active False'
• at least one layer 2 or lower constraint e.g. ingress/egress port or src/dst MAC must be specified
• there should be no white-spaces between the actions list.

sanity checks

For the sake of sanity checking, IP addresses were assigned to the VLAN interfaces for 5 and 3733 on sw-top and sw-outside, respectively. If successful, pings will work between the two VLAN interfaces.