Configuration Example2 in Crossflow Mode

Owned by Tracy Yang
Mar 19, 2024
2 min read

In the following topology, we build a server network in a datacenter. The following requirements should be met:
● Servers should not be able to communicate with each other, which means traffic from a server can only be forwarded in the upstream direction.
●The network should be scalable, and the configuration of the switch should be simple (e.g., isolating the traffic between servers by ACLs or VLANs is too complex of a configuration).
You can configure a ToR switch manually or by a controller—it's up to you.



Figure 8-5. Crossflow network. 


Configuring theP3295-1 switch

For P3295-1, configure ports ge-1/1/1~ge-1/1/48 in crossflow mode. Create 48 flows that will make traffic from the servers be forwarded only upstream, and be sure to configure flows that will forward the downstream traffic to the corresponding server.

admin@XorPlus# set interface stm firewall-table ingress  400
admin@XorPlus# set interface stm ipv4-route 6000
admin@XorPlus# commit 
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus#
admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet ge-1/1/1 crossflow local-control false
admin@XorPlus# set interface gigabit-ethernet ge-1/1/2 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet ge-1/1/2 crossflow local-control false
admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet ge-1/1/3 crossflow local-control false
admin@XorPlus# set interface gigabit-ethernet te-1/1/49 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet te-1/1/49 crossflow local-control false
admin@XorPlus# commit 
Waiting for merging configuration.
Commit OK.
Save done.
admin@XorPlus#

Create br0 and add ports to bridge.

ovs-vsctl add-br br0
ovs-vsctl add-port br0 ge-1/1/1
ovs-vsctl add-port br0 ge-1/1/2
ovs-vsctl add-port br0 ge-1/1/3
ovs-vsctl add-port br0 te-1/1/49


Add flows.

ovs-ofctl add-flow br0 in_port=1,actions=49
ovs-ofctl add-flow br0 in_port=49,nw_dst=172.16.1.2/32,actions=1
ovs-ofctl add-flow br0 in_port=2,actions=49
ovs-ofctl add-flow br0 in_port=49,nw_dst=172.16.1.3/32,actions=2
ovs-ofctl add-flow br0 in_port=3,actions=49
ovs-ofctl add-flow br0 in_port=49,nw_dst=172.16.1.4/32,actions=3


Configuring P3295-2 and P3295-3 switches

You can configure P3295-2 and P3295-3 using the instructions for configuring P3295-1. 

Configuring the P3920 switch

For P3920, configure ports te-1/1/1~te-1/1/48 as a Layer 3 interfaces and enable the OSPF interface in xe-1/1/1. The interface xe-1/1/1 will join the OSPF network to the outside.

admin@XorPlus# set vlans vlan-id 100 l3-interface vlan100
admin@XorPlus# set vlans vlan-id 200 l3-interface vlan200
admin@XorPlus# set vlans vlan-id 300 l3-interface vlan300
admin@XorPlus# set vlans vlan-id 400 l3-interface vlan400
admin@XorPlus# set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 100
admin@XorPlus# set interface gigabit-ethernet te-1/1/2 family ethernet-switching native-vlan-id 200
admin@XorPlus# set interface gigabit-ethernet te-1/1/3 family ethernet-switching native-vlan-id 300
admin@XorPlus# set interface gigabit-ethernet xe-1/1/1 family ethernet-switching native-vlan-id 400
admin@XorPlus# commit
Commit OK.
Save done.
admin@XorPlus# set l3-interface vlan-interface vlan100 address 172.16.1.1 prefix-length 24
admin@XorPlus# set l3-interface vlan-interface vlan200 address 172.16.2.1 prefix-length 24
admin@XorPlus# set l3-interface vlan-interface vlan300 address 172.16.3.1 prefix-length 24
admin@XorPlus# set l3-interface vlan-interface vlan400 address 172.16.4.1 prefix-length 24
admin@XorPlus# commit
Commit OK.
Save done.
admin@XorPlus# set interface stm firewall-table ingress  400
admin@XorPlus# set interface stm ipv4-route 6000
admin@XorPlus# commit 
Commit OK.
Save done.
admin@XorPlus#
XorPlus# set interface gigabit-ethernet te-1/1/1 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet te-1/1/2 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet te-1/1/3 crossflow enable true
admin@XorPlus# set interface gigabit-ethernet xe-1/1/1 crossflow enable true
admin@XorPlus# commit
Commit OK.
Save done.

Be sure to configure the OSPF interface to work with the OSPF Layer 3 network. 

admin@Xorplus# set protocols ospf interface vlan400 area 0.0.0.0
admin@XorPlus# set protocols ospf router-id 1.1.1.1
admin@XorPlus# set protocols ospf redistribute connected
admin@XorPlus# commit
Commit OK.
Save done.
admin@XorPlus#

Create br0 and add ports to br0

ovs-vsctl add-br br0
ovs-vsctl add-port br0 te-1/1/1 - set interface te-1/1/1 type=crossflow
ovs-vsctl add-port br0 te-1/1/2 - set interface te-1/1/2 type=crossflow
ovs-vsctl add-port br0 te-1/1/3 - set interface te-1/1/1 type=crossflow
ovs-vsctl add-port br0 xe-1/1/1 - set interface xe-1/1/1 type=crossflow

Add flows.

ovs-ofctl add-flow br0 in_port=1,actions=set_field:22:22:22:22:22:22-\>dl_dst,49
ovs-ofctl add-flow br0 in_port=2,actions=set_field:22:22:22:22:22:22-\>dl_dst,49
ovs-ofctl add-flow br0 in_port=3,actions=set_field:22:22:22:22:22:22-\>dl_dst,49





Copyright © 2024 Pica8 Inc. All Rights Reserved.