GVT-032678-001-00 1.

PF5459/QX-S5900 Series Ethernet Switches

Release Note of OpenFlow function

Software Version 7.2.23
Revision History

Revision Date Reason for Change

1.0 2017/05/31 First Revision

Copyright © NEC Corporation 2015-2017

All Rights Reserved

No part of this manual may be reproduced or transmitted in any form or by any means
without prior written consent of NEC Corporation.

Trademarks

All other trademarks that may be mentioned in this manual are the property of their
respective owners.

Notice

The information in this document is subject to change without notice. Every effort has
been made in the preparation of this document to ensure accuracy of the contents, but
all statements, information, and recommendations in this document do not constitute
the warranty of any kind, express or implied.

Precautions on Export

This product is controlled by export control laws and regulations of Japan. Transfer or
any other disposal of this product without required licenses from the government of
countries having competent jurisdiction is prohibited. This product also contains
technology which is subject to export control laws and regulation of the U.S. and
(re-)export or transfer of this product requires licenses from the U.S. government
depending on the destination and the end-user.

This document describes cautions and restrictions of OpenFlow function on

PF5459/QX-S5900 switch. Because this document includes important information of
this product, read this document in addition to following documents (manuals about
OpenFlow function).

PF5459/QX-S5900 Series Ethernet Switches Configuration Guides OpenFlow edition

PF5459/QX-S5900 Series Ethernet Switches Command References OpenFlow edition

Preface

Version

This release note corresponds after software version 7.2.23.

Documentation Set

The Documentation Set of PF5459/QX-S5900 Series Ethernet Switches includes the

following documentations.

Documentation Set Description

PF5459/QX-S5900 Series Ethernet

Switches This documentation describes the difference between the
versions of the software.
Release Note of OpenFlow function

PF5459/QX-S5900 Series Ethernet Switches

This documentation describes installation.
Installation Guide

PF5459/QX-S5900 Series Ethernet Switches

This documentation describes configuration.
Configuration Guides

PF5459/QX-S5900 Series Ethernet Switches

This documentation describes commands.
Command References

PF5459/QX-S5900 Series Ethernet Switches

This documentation describes configuration for OpenFlow.
Configuration Guides OpenFlow Edition

PF5459/QX-S5900 Series Ethernet Switches

This documentation describes commands for OpenFlow.
Command References OpenFlow Edition

Sections

This Release Note includes the following 9 sections.

 Overview
This section describes corresponding device to this document.
 Overview of OpenFlow function
This section describes supported functions about OpenFlow on this software.
 Upgrading functions and improvements
This section describes new feature and improvements supported on this software.
 Resolved problems
This section describes resolved problem on previously released software.
 Cautions
 This section describes cautions to use OpenFlow functions on this software.
 Temporary Constraint
This section describes temporary constraint planned to be resolved.
 Cautions of updating software
This section describes cautions of updating software from previously released
software.
 Description of Function
This section describes features of OpenFlow function on this software, in more detail.
 Description of difference
This section describes difference between manuals and behavior on software.

Conventions

This section describes the conventions used in this documentation set.

I. Command conventions

Convention Description

Boldface Bold text represents commands and keywords that you enter literally as shown.

Italic Italic text represents arguments that you replace with actual values.

Square brackets enclose syntax choices (keywords or arguments) that are

[]
optional.

Braces enclose a set of required syntax choices separated by vertical bars, from
{ x | y | ... }
which you select one.

Square brackets enclose a set of optional syntax choices separated by vertical

[ x | y | ... ]
bars, from which you select one or none.

Asterisk marked braces enclose a set of required syntax choices separated by

{ x | y | ... } *
vertical bars, from which you select at least one.

Asterisk marked square brackets enclose optional syntax choices separated by

[ x | y | ... ] *
vertical bars, from which you select one choice, multiple choices, or none.

The argument or keyword and argument combination before the ampersand (&)
&<1-n>
sign can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

II. GUI conventions

Convention Description

<> Button names are inside angle brackets. For example, click <OK>.

Window names, menu items, data table and field names are inside square
[]
brackets. For example, pop up the [New User] window.
 Convention Description

Multi-level menus are separated by forward slashes. For example,

/
[File/Create/Folder].

III. Keyboard Operations

Convention Description

<KEY> Push the KEY of keyboard. For example, <Enter> is push the Enter key.

Push some KEYs of keyboard. For example, <Ctrl+Alt+A> is push the Ctrl key, the
<KEY1 + KEY2>
Alt key and the A key at the same time.

Push in turn some KEYs of keyboard. For example, <Alt,A> is push the Alt key
<KEY1, KEY2>
then push the A key.

IV. Mouse Operations

Convention Description

Click Push the button of the mouse one time quickly. Usually, push the left button.

Double Click Push the left button of the mouse two times quickly.

Drag Move the mouse while holding down the left button of the mouse.

V. Symbols

Convention Description

An alert that calls attention to important information that if not understood or

WARNING followed can result in personal injury.

An alert that calls attention to important information that if not understood or

CAUTION followed can result in data loss, data corruption, or damage to hardware or
software.

IMPORTANT An alert that calls attention to essential information.

 NOTE An alert that contains additional or supplementary information.

 TIP An alert that provides helpful information.

VI. Network topology icons

Convention Description

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that

supports Layer 2 forwarding and other Layer 2 features.
VII. Configuration Example

The configuration example of this document is an example. Interface Number or the

information of the display command, etc may differ from your device.
 This Release Note includes 9 sections.

01 - Overview

02 - Overview of OpenFlow function

03 - Upgrading functions and improvements

04 - Resolved problems

05 - Cautions

06 - Temporary Constraint with OpenFlow function

07 - Cautions of updating software

08 - Description of Function

09 - Description of difference
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches Contents

Contents

1. Overview ..................................................................................................................................... 1-1

1.1 Device / Software ............................................................................................................... 1-1
2. Overview of OpenFlow function .............................................................................................. 2-1
2.1 About supported function of the switch .............................................................................. 2-1
2.2 Supported OpenFlow function ........................................................................................... 2-1
2.2.1 OpenFlow ports ....................................................................................................... 2-2
2.2.2 OpenFlow protocol .................................................................................................. 2-2
2.2.3 OpenFlow table ....................................................................................................... 2-2
2.3 Supported OpenFlow protocol message ........................................................................... 2-7
2.3.1 OpenFlow message ................................................................................................ 2-7
2.4 List of usable legacy function with OpenFlow function running ....................................... 2-11
2.4.1 Legacy Functions usable on the other port of OpenFlow ..................................... 2-11
2.4.2 Legacy Functions usable on the same port of OpenFlow ..................................... 2-12
2.4.3 The reference of legacy function with OpenFlow function running ....................... 2-13
2.5 QoS function on OpenFlow ports ..................................................................................... 2-17
2.5.1 QoS function on OpenFlow port ............................................................................ 2-17
2.5.2 The reference of QoS function .............................................................................. 2-17
2.6 OpenFlow function on IRF fabric ..................................................................................... 2-18
2.6.1 OpenFlow function on IRF fabric ........................................................................... 2-18
2.6.2 Recommended Usage: ......................................................................................... 2-18
2.6.3 OpenFlow message value of IRF fabric: ............................................................... 2-19
2.6.4 The reference of IRF ............................................................................................. 2-20
3. Upgrading functions and improvements ................................................................................ 3-1
3.1 Upgrading functions and improvements of Version 7.2.23 ................................................ 3-1
3.2 Upgrading functions and improvements of Version 7.1.14 ................................................ 3-1
3.3 Upgrading functions and improvements of Version 7.1.11 ................................................ 3-1
3.4 Upgrading functions and improvements of Version 7.1.6 .................................................. 3-2
4. Resolved problems ................................................................................................................... 4-1
4.1 Resolved problems of Version 7.2.23 ................................................................................ 4-1
4.2 Resolved problems of Version 7.1.14 ................................................................................ 4-1
4.3 Resolved problems of Version 7.1.11 ................................................................................ 4-2
4.4 Resolved problems of Version 7.1.6 .................................................................................. 4-2
5. Cautions ..................................................................................................................................... 5-1
5.1 Configuration of OpenFlow function .................................................................................. 5-1
5.2 Cautions of using OpenFlow function ................................................................................ 5-2
6. Temporary Constraint ............................................................................................................... 6-1
6.1 OpenFlow function ............................................................................................................. 6-1
6.2 Legacy function .................................................................................................................. 6-1
7. Cautions of updating software ................................................................................................. 7-1
7.1 Updating software version ................................................................................................. 7-1
7.2 Updating OpenFlow configuration ..................................................................................... 7-1
7.3 Compatibility of softwares for ISSU with OpenFlow function............................................. 7-1
8. Description of Function ............................................................................................................ 8-1
8.1 Dynamic MAC Flow table (mac-ip dynamic-mac aware) ................................................... 8-1
8.1.1 Abstract ................................................................................................................... 8-1
8.1.2 Entry of MAC-IP Flow table ..................................................................................... 8-3
8.2 OpenFlow-channel failover function .................................................................................. 8-4
8.2.1 Abstract ................................................................................................................... 8-4
8.2.2 Function example .................................................................................................... 8-4
8.3 In-band management vlan function ................................................................................... 8-6
i
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches Contents

8.3.1 Abstract ................................................................................................................... 8-6

8.3.2 In-band OpenFlow Channel connection .................................................................. 8-7
8.4 Configuration for OpenFlow port ........................................................................................ 8-7
9. Description of difference .......................................................................................................... 9-1

i
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 1. Overview

1. Overview

1.1 Device / Software

This document is described for the following device and software.

Table 1-1 Software

No Device Summary Software

PF5459-48XP-4Q
1 PF5459-48XT-4Q PFS Basic software
PF5459-48GT-4X2Q

1-1
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

2. Overview of OpenFlow function

2.1 About supported function of the switch

The OpenFlow function must be enabled.
In addition to this document, also refer to the following document to confirm restrictions and
cautions about usage of OpenFlow function.

PF5459 Series Ethernet Switches Configuration Guide OpenFlow edition.

PF5459 Series Ethernet Switches Command References OpenFlow edition.

2.2 Supported OpenFlow function

Though this switch supports OpenFlow function that is based on OpenFlow Spec, usable
functions depend on combination to controller’s function.
Recommended controller is PFC (ProgrammableFlow Controller) of NEC product.
In case of connecting with the other controller, verify and confirm that there is no problem
individually.

Table 2-1 Support Function

Item Support
OpenFlow protocol OpenFlow Spec 1.3.1 YES
Dynamic MAC Flow table
YES
(mac-ip)
Standard Flow table
OpenFlow switch function YES
(extensibility)
Legacy switch function with OpenFlow
YES
function on the same switch
TCP connection YES
OpenFlow-channel OpenFlow-channel failover YES
Connection Interruption YES
Others Cookie mask YES

Table 2-2 Connection Interruption

Item Support Note

Use flow table for packet forwarding when
Fail Secure Mode YES
disoconnected from all controllers.
Use normal processing for packet forwarding when
Fail Standalone Mode -
disconnected from all controllers

2-1
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

Table 2-3 Number of Flow entry

Item Support Note

Dynamic MAC Flow table This hardware resource is shared with FDB for
128K
(Dynamic MAC Flow table) Layer 2 network
Standard Flow table
640 Including system entry ( see 5.1 )
(Standard Flow table)

This switch supports only supports 1 OpenFlow instance.

Table 2-4 Number of Group entry

Item Support Note

Supported Group type is “all”. Note that number of Group
Group table 1000
entries are less than that of Standard Flow entries.

2.2.1 OpenFlow ports

Following ports can be used as OpenFlow port.

 1GbE physical port
 10GbE physical port
 40GbE physical port
 10GbE physical port (split from 40GbE)
 link-aggregation port (LAG)

Following ports cannot be used as OpenFlow port.

 Management port
 The member port of link-aggregation port
 IRF port

Physical ports, LAGs can be used as In_port on Match structure.

Physical ports, LAGs, controller can be used as output port on Action Output.

2.2.2 OpenFlow protocol

PF54 only support OpenFlow protocol version 1.3.1.

2.2.3 OpenFlow table

This switch supports 2 tables

2-2
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

Table 2-5 Flow tables

Flow Table Support Remarks

Dynamic MAC Flow table YES mac-ip table on Command Line
Standard Flow table YES extensibility table on Command Line

I. Match Field

Supported Match Fields of PF54 is as below.

Table 2-6 Supported Match Fields

Dynamic
Standard
Match Field MAC Flow Remarks
Flow table
table
OXM_OF_IN_PORT - Support -
OXM_OF_IN_PHY_PORT - - -
OXM_OF_METADATA - Support -
OXM_OF_METADATA(mask) - - -
OXM_OF_ETH_DST Support Support -
OXM_OF_ETH_DST(mask) - Support Arbitrary bitmask
OXM_OF_ETH_SRC - Support -
OXM_OF_ETH_SRC(mask) - Support Arbitrary bitmask
OXM_OF_ETH_TYPE - Support -
OXM_OF_VLAN_VID Support Support -
OXM_OF_VLAN_VID(mask) - - -
OXM_OF_VLAN_PCP - Support -
OXM_OF_IP_DSCP - Support -
OXM_OF_IP_ECN - - -
OXM_OF_IP_PROTO - Support -
OXM_OF_IPV4_SRC - Support -
OXM_OF_IPV4_SRC(mask) - Support Subnet mask
OXM_OF_IPV4_DST - Support -
OXM_OF_IPV4_DST(mask) - Support Subnet mask
OXM_OF_TCP_SRC - Support -
Arbitrary bitmask but Spec1.3 doesn't
OXM_OF_TCP_SRC(mask) - Support
support the mask.
OXM_OF_TCP_DST - Support -
Arbitrary bitmask but Spec1.3 doesn't
OXM_OF_TCP_DST(mask) - Support
support the mask.
OXM_OF_UDP_SRC - Support -
Arbitrary bitmask but Spec1.3 doesn't
OXM_OF_UDP_SRC(mask) - Support
support the mask.
OXM_OF_UDP_DST - Support -
Arbitrary bitmask but Spec1.3 doesn't
OXM_OF_UDP_DST(mask) - Support
support the mask.
OXM_OF_SCTP_SRC - - -
OXM_OF_SCTP_SRC(mask) - - Spec1.3 doesn't support the mask.
OXM_OF_SCTP_DST - - -
OXM_OF_SCTP_DST(mask) - - Spec1.3 doesn't support the mask.
OXM_OF_ICMPV4_TYPE - Support -
OXM_OF_ICMPV4_CODE - Support -
OXM_OF_ARP_OP - - -
OXM_OF_ARP_SPA - Support Subnet mask
OXM_OF_ARP_SPA(mask) - Support -
OXM_OF_ARP_TPA - - -
OXM_OF_ARP_TPA(mask) - - -
OXM_OF_ARP_SHA - - -
OXM_OF_ARP_SHA(mask) - - -
OXM_OF_ARP_THA - - -

2-3
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

Dynamic
Standard
Match Field MAC Flow Remarks
Flow table
table
OXM_OF_ARP_THA(mask) - - -
OXM_OF_IPV6_SRC - - -
OXM_OF_IPV6_SRC(mask) - - -
OXM_OF_IPV6_DST - - -
OXM_OF_IPV6_DST(mask) - - -
OXM_OF_IPV6_FLABEL - - -
OXM_OF_IPV6_FLABEL(ma
- - -
sk)
OXM_OF_ICMPV6_TYPE - Support -
OXM_OF_ICMPV6_CODE - Support -
OXM_OF_IPV6_ND_TARGET - - -
OXM_OF_IPV6_ND_SLL - - -
OXM_OF_IPV6_ND_TLL - - -
OXM_OF_MPLS_LABEL - - -
OXM_OF_MPLS_TC - - -
OXM_OF_MPLS_BOS - - -
OXM_OF_PBB_ISID - - -
OXM_OF_TUNNEL_ID - - -
OXM_OF_IPV6_EXTHDR - - -

II. Table-miss

Supported Table-miss actions are as below.

Table 2-7 Table-miss actions

Dynamic
Standard
Action MAC Flow Remarks
Flow table
table
To CONTROLLER - - -
NORMAL - - -
(*1) using no instruction
DROP Support (*1) Support (*2)
(*2) using Group with no bucket
next-table Support - -
When no table-miss entry exists, no match packet is dropped in each table (default).

III. Group Table

Supported Group type actions are as below.

Table 2-8 Type of Group

Dynamic
Standard
Group type MAC Flow Remarks
Flow table
table
All - Support -
Select - - -
Indirect - - -
Fast Failover - - -

2-4
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

IV. Counter

Supported counters of PF54 are as below.

Table 2-9 Supported Counters

Dynamic
Standard
Counter MAC Flow Remarks
Flow table
table
Per Flow Table
Reference count (active
- - -
entries)
Packet Lookups - - -
Packet Matches - - -
Per Flow Entry
User can't use byte/packet counter in
Received Packets - Support
same entry.
User can't use byte/packet counter in
Received Bytes - Support
same entry.
Duration (seconds) - Support -
Duration (nanoseconds) - - Fixed to All:F
Per Port
Received Packets - Support -
Transmitted Packets - Support -
Received Bytes - Support -
Transmitted Bytes - Support -
Receive Drops - - -
Transmit Drops - - -
Receive Errors - Support -
Receive Frame Alignment
- - -
Errors
Receive Overrun Errors - - -
Receive CRC Errors - Support -
Collisions - - -
Duration (seconds) - Support -
Duration (nanoseconds) - Support -
Per Queue
Transmit Packets - - -
Transmit Bytes - - -
Transmit Overrun Errors - - -
Duration (seconds) - - -
Duration (nanoseconds) - - -
Per Group
Reference Count (flow
- Support -
entries)
Packet Count - Support -
Byte Count - Support -
Duration (seconds) - Support -
Duration (nanoseconds) - Support Fixed to All:F
bucket count - Support -
Per Group Bucket - - -
Packet Count - Support The sum of each packet.
Byte Count - Support The sum of each packet.
Per Meter
Flow Count - - -
Input Packet Count - - -
Input Byte Count - - -
Duration (seconds) - - -
Duration (nanoseconds) - - Fixed to All:F
Per Meter Band
In Band Packet Count - - -
In Band Byte Count - - -

2-5
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

V. Instruction

Supported instructions of PF54 are as below

Table 2-10 Supported Instructions

Dynamic
Standard
Instruction MAC Flow Remarks
Flow table
table
Meter - - -
Apply-action is converted to Write-action
Apply-Action - Support*
on this switch.
Clear-Action - - -
Write-Action Support Support -
Write-Metadata Support - -
Goto-Table Support - -
This means “drop”.
( no instruction ) Support Support (*1) (*1) Can be used only in Flow entry with
OXM_OF_METADATA

VI. Action

Supported Actions of PF54 are as below.

Table 2-11 Supported Actions

Dynamic
Standard
Action MAC Flow Remarks
Flow table
table
OFPAT_OUTPUT Support Support -
OFPAT_COPY_TTL_OUT - - -
OFPAT_COPY_TTL_IN - - -
OFPAT_SET_MPLS_TTL - - -
OFPAT_DEC_MPLS_TTL - - -
OFPAT_PUSH_VLAN - - -
OFPAT_POP_VLAN - - -
OFPAT_PUSH_MPLS - - -
OFPAT_POP_MPLS - - -
*1: does not work in case of Output to
Support
OFPAT_SET_QUEUE - Controller
(*1)
( ignored )
*1: Only Group (All) is supported.
Support
OFPAT_GROUP - *2: Only Action-set is able to use Group
(*1),(*2)
Action.
OFPAT_SET_NW_TTL - - -
OFPAT_DEC_NW_TTL - - -
OFPAT_SET_FIELD - Support Refer to "Supported fields of set_field"
OFPAT_PUSH_PBB - - -
OFPAT_POP_PBB - - -
OFPAT_EXPERIMENTER - - -

Supported value of set_field

2-6
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

Table 2-12 Supported fields of set_field

Dynamic
Standard
Field MAC Flow Remarks
Flow table
table
ETH_DST - Support -
ETH_SRC - Support -
VLAN_VID - Support -
VLAN_PCP - Support -
IP_DSCP - Support -
IPV4_SRC - - -
IPV4_DST - - -
TCP_SRC - - -
TCP_DST - - -
UDP_SRC - - -
UDP_DST - - -
SCTP_SRC - - -
SCTP_DST - - -
IPV6_SRC - - -
IPV6_DST - - -
MPLS_LABEL - - -
MPLS_TC - - -

2.3 Supported OpenFlow protocol message

2.3.1 OpenFlow message

Supported messages on PF5459 switches are shown below.

Do not use unsupported messages including parameters, flags and so on when OpenFlow
controller sends message to a PF5459 switch.
Ignore unsupported messages including parameters, flags and so on when OpenFlow
controller receives message from a PF5459 switch.

I. Message

Supported Messages of PF54 are as below.

Table 2-13 Supported Messages

Message Support Remarks

Immutable messages
OFPT_HELLO YES -
OFPT_ERROR YES -
OFPT_ECHO_REQUEST YES -
OFPT_ECHO_REPLY YES -
OFPT_EXPERIMENTER - -
Switch configuration messages
OFPT_FEATURES_REQUEST YES -
OFPT_FEATURES_REPLY YES -
OFPT_GET_CONFIG_REQUEST YES -
OFPT_GET_CONFIG_REPLY YES -
OFPT_SET_CONFIG YES -
Asynchronous messages

2-7
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

Message Support Remarks

OFPT_PACKET_IN YES -
OFPT_FLOW_REMOVED YES -
OFPT_PORT_STATUS YES -
Controller command messages
OFPT_PACKET_OUT YES -
OFPT_FLOW_MOD YES -
OFPT_GROUP_MOD YES -
OFPT_PORT_MOD YES(*1) *1: port up&down is OK.
OFPT_TABLE_MOD - -
Multipart messages-
OFPT_MULTIPART_REQUEST YES Refer to "Message(Multipart)".
OFPT_MULTIPART_REPLY YES Refer to "Message(Multipart)".
Barrier messages
OFPT_BARRIER_REQUEST YES -
OFPT_BARRIER_REPLY YES -
Queue Configuration messages
OFPT_QUEUE_GET_CONFIG_REQ
- -
UEST
OFPT_QUEUE_GET_CONFIG_REPL
- -
Y
Controller role change request messages
OFPT_ROLE_REQUEST - -
OFPT_ROLE_REPLY - -
Asynchronous message configuration
OFPT_GET_ASYNC_REQUEST - -
OFPT_GET_ASYNC_REPLY - -
OFPT_SET_ASYNC - -
Meters and rate limiters configuration messages
OFPT_METER_MOD - -

Dynamic MAC Flow table doesn’t support sending flow_removed message when the
flow-entry is deleted. (OFPFF_SEND_FLOW_REM=0)

Table 2-14 Multipart message

Item Support
Multipart
OFPMP_DESC YES
OFPMP_FLOW YES
OFPMP_AGGREGATE -
OFPMP_TABLE -
OFPMP_PORT_STATS YES
OFPMP_QUEUE -
OFPMP_GROUP -
OFPMP_GROUP_DESC -
OFPMP_GROUP_FEATURES -
OFPMP_METER -
OFPMP_METER_CONFIG -
OFPMP_METER_FEATURES -
OFPMP_TABLE_FEATURES -
OFPMP_PORT_DESC YES
OFPMP_EXPERIMENTER(0xffff) -

2-8
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

II. Notes for individual parameters

Switch Features

Table 2-15 Values in Feature reply message (OFPT_FEATURES_REPLY message)

Field name Note

n_buffers ignore this value
n_tables ignore this value
Capabilities see below

Table 2-16 Bitmap of capabilities field in the Features Reply

Bit name Description Value Note

OFPC_FLOW_STATS Statistics (FLOW) supported Fixed 1 -
OFPC_TABLE_STATS Statistics (TABLE) supported - Ignore this value
OFPC_PORT_STATS Statistics (PORT) supported Fixed 1 -
OFPC_GROUP_STATS Statistics (GROUP) supported - Ignore this value
OFPC_IP_REASM IP reassemble supported - Ignore this value
OFPC_QUEUE_STATS Statistics (QUEUE) supported - Ignore this value
OFPC_PORT_BLOCKED LOOP port blocking supported - Ignore this value

Port Structure

Table 2-17 Values in Port Structure (ofp_phy_port structure)

Field name Description Note

Config Port configuration See below
In case of getting information (Port Status,
Multipart etc), ignore this value.
Advertised Advertised link speed / mode / function
Changing information is not supported.
0x0 should be specified. (PortMod)
Supported Supported link speed / mode / function Not supported. Ignore this value.
Peer Peer link speed / mode / function Not supported. Ignore this value.

Table 2-18 Bitmap of config field in ofp_phy_port

Bit Name Description Value Note

OFC configured.
OFPPC_PORT_DOWN Port is administratively down. Support
Default is 0.
Not Support
Drop most packets received on OFC configured.
OFPPC_NO_RECV Do not configure this
port (except STP packet). Default is 0.
value
Not Support
OFC configured.
OFPPC_NO_FWD Drop packets forwarded to port. Do not configure this
Default is 0.
value
Not Support
Do not send packet-in msgs in OFC configured.
OFPPC_NO_PACKET_IN Do not configure this
port. Default is 0.
value

Switch configuration

2-9
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

Table 2-19 Get / Set Configuration message structure

Field name Description Value Note

Not support.
Flags indicating how to handle IP fragment Fixed 0
Flags Do not config this
packets. (no handling)
value.
Length of packet added by Packet In OFC specified
miss_send_len Support
message. (128 is default)

Flow information
Dynamic MAC Flow table does not support following information.
 idle-timeout. (idle-timeout=0)
 hard-timeout. (hard-timeout=0)
 cookie. (cookie=0)

Type of flag field in Flow Mod message

Standard Flow table supports counter. But,
OFPFF_NO_PKT_COUNTS and OFPFF_NO_BYT_COUNTS cannot be used
simultaneously. Only one of these flag bits should be set to 1.
Dynamic MAC Flow table does not support these counter.

Flow Removed message structure

Duration_nsec filed is not supported. Ignore this value.
Dynamic MAC Flow table does not support this message.

Packet In massage

Table 2-20 Packet in message

Item Support
Cookie information in Packet-IN Message YES
Metadata information in Packet-IN Message -

2-10
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

2.4 List of usable legacy function with OpenFlow function

running
VLAN for OpenFlow and VLAN for Legacy can be configured on this switch. The ports or
LAG belonging to OpenFlow VLAN works as OpenFlow switch. Almost Legacy switch
functions except some legacy functions cannot be used on these ports. The ports or LAG
belonging to Legacy VLAN works as legacy switch. On these ports, the following legacy
functions are supported.

Ports cannot belong to both of OpenFlow VLAN and Legacy VLAN simultaneously except
some legacy function. About Legacy switch functions which can be used on the ports or
LAG belonging to OpenFlow VLAN, please refer 2.4.2 Legacy Functions usable on the
same port of OpenFlow .
About the legacy function written in this section, please refer 2.4.3 The reference of legacy
function with OpenFlow function running.

OpenFlow switch Legacy switch

PF5459 /
QX-S5900

Ports belongs to Ports belongs to

OpenFlow VLAN Legacy VLAN

OpenFlow
network RIP etc

L2/L3 L2/L3
Switch Switch

Management
OFC IP Network
SNMP Server Network
etc (legacy)

Figure 2-1 Usage of VLANs

2.4.1 Legacy Functions usable on the other port of OpenFlow

When OpenFlow function is enabled, only functions described in following table can be
used for legacy switch functions on the ports or LAG belonging to Legacy VLAN.

2-11
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

Table 2-21 Legacy Functions with OpenFlow

PF5459/QX-S5900

Category Function legacy（used the

other port of
OpenFlow）
FTP ○
Fundamentals TFTP ○
File system ○
Interface setting ○
MAC table ○
MAC information ○
L2
Link aggregation ○
Spanning Tree Protocol ○
Port-based VLAN, IEEE802.1Q tag VLAN ○
ARP ○
Gratuitous ARP ○
IP services
Proxy ARP ○
IPv4/IPv6 ○
IP routing ○
IPv4/IPv6 static routing ○
Routing RIPv1/v2/ng ○
OSPFv2/v3 ○
Policy-based routing ○
RADIUS authentication to login to this switch ○
Password ○
Security
Public Key ○
SSH ○
High Availability CFD ( IEEE 802.1ag Ether-CC) ○
Ping, tracert, and system debugging commands ○
NTP ○
Information center ○
SNMP ○
Network Management
Port mirroring ○
Traffic mirroring ○
NQA ○
sFlow ○

2.4.2 Legacy Functions usable on the same port of OpenFlow

When OpenFlow function is enabled, only functions described in following can be used for
legacy switch functions on the same port of OpenFlow.

About the legacy function written in this section, please refer “PF5459/QX-S5900 Series
Ethernet Switch Configuration Guides” for more detail.

2-12
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

I. Interface setting
1) Configuring basic settings of an Ethernet interface
2) Splitting a 40-GE interface and combining 10-GE interfaces
3) Configuring jumbo frame support
4) Configuring generic flow control on an Ethernet interface
5) Configuring storm control on an Ethernet interface
These commands for storm control function can be used the same port of OpenFlow.
 storm-constrain { broadcast | multicast | unicast } { pps | kbps | ratio }
max-pps-values min-pps-values
 storm-constrain enable log
 storm-constrain enable trap
 storm-constrain control shutdown
II. MAC table

III. Link aggregation

 Configuring a static aggregation group
 Configuring an aggregate interface
 Configuring load sharing for link aggregation groups
IV. Port-based VLAN, IEEE802.1Q tag VLAN

V. Port mirroring

Only mirroring-port of Port mirroring can be set on OpenFlow port. Monitor port cannot be
set on OpenFlow port because mirrored packets must be transmitted by legacy function not
OpenFlow function

VI. sFlow

Only flow sampling port can be set on OpenFlow port. The port which connected to a
remote sFlow collector cannot be set on OpenFlow port because sFlow packets must be
transmitted by legacy function not OpenFlow function

VII. interface vlan

The legacy VLAN set to OpenFlow port is usable only to make interface vlan for ip
connection to OpenFlow controller.

2.4.3 The reference of legacy function with OpenFlow function running

2-13
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

Table 2-22 Reference Legacy functions

Operation manual *1 Command manual *2

Category Function
Refer to Refer to
[Part]
Fundamentals
[Chapter]
Using the CLI
[Part]
Login overview
Fundamentals
Logging in through the
[Chapter]
console port for the first
CLI commands
device access
Login management
Logging in to the CLI
commands
General Accessing the device
RBAC commands
through SNMP
Software upgrade
Controlling user access
commands
Configuring RBAC
ISSU commands
Managing configuration files
Device management
Upgrading software
commands
ISSU overview
Fundamentals Performing an ISSU by
using issu series commands
Managing the device
[Part] [Part]
Fundamentals Fundamentals
FTP
[Chapter] [Chapter]
Configuring FTP FTP commands
[Part]
[Part]
Fundamentals
Fundamentals
TFTP [Chapter]
[Chapter]
TFTP configuration
Configuring TFTP
commands
[Part]
[Part]
Fundamentals
Fundamentals
File system [Chapter]
[Chapter]
File system management
Managing the file system
commands
[Part] [Part]
Layer 2 - LAN Switching Layer 2 - LAN Switching
[Chapter] [Chapter]
Interface setting Configuring Ethernet Ethernet interface
interfaces commands
Configuring loopback and Loopback and null interface
null interfaces commands
[Part] [Part]
Layer 2 - LAN Switching Layer 2 - LAN Switching
MAC table [Chapter] [Chapter]
Configuring the MAC MAC address table
L2
address table commands
[Part]
[Part]
Layer 2 - LAN Switching
Layer 2 - LAN Switching
MAC information [Chapter]
[Chapter]
Configuring MAC
MAC Information commands
Information
[Part] [Part]
Layer 2 - LAN Switching Layer 2 - LAN Switching
Link aggregation [Chapter] [Chapter]
Configuring Ethernet link Ethernet link aggregation
aggregation commands

*1 refer to document “PF5459/QX-S5900 Series Ethernet Switches Configuration Guides”

*2 refer to document “PF5459/QX-S5900 Series Ethernet Switches Command References”
2-14
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

Operation manual *1 Command manual *2

Category Function
Refer to Refer to
[Part]
[Part]
Layer 2 - LAN Switching
Layer 2 - LAN Switching
Spanning Tree Protocol [Chapter]
[Chapter]
Configuring spanning tree
Spanning tree commands
L2 protocols
[Part] [Part]
Port-based VLAN, Layer 2 - LAN Switching Layer 2 - LAN Switching
IEEE802.1Q tag VLAN [Chapter] [Chapter]
Configuring VLANs VLAN commands
[Part] [Part]
Layer 3 - IP Services Layer 3 - IP Services
ARP
[Chapter] [Chapter]
Configuring ARP ARP commands
[Part] [Part]
Layer 3 - IP Services Layer 3 - IP Services
Gratuitous ARP
[Chapter] [Chapter]
Configuring gratuitous ARP Gratuitous ARP commands
[Part] [Part]
Layer 3 - IP Services Layer 3 - IP Services
Proxy ARP
IP services [Chapter] [Chapter]
Configuring proxy ARP Proxy ARP commands
[Part] [Part]
Layer 3 - IP Services Layer 3 - IP Services
[Chapter] [Chapter]
Configuring IP addressing IP addressing commands
IPv4/IPv6 Basic IP forwarding on the Basic IP forwarding
device commands
Optimizing IP performance IP performance optimization
Configuring basic IPv6 commands
settings IPv6 basics commands
[Part] [Part]
Layer 3 - IP Routing Layer 3 - IP Routing
IP routing
[Chapter] [Chapter]
IP routing basics Basic IP routing commands
[Part]
Layer 3 - IP Routing
[Part]
[Chapter]
Layer 3 - IP Routing
Configuring static routing
[Chapter]
IPv4/IPv6 static routing Configuring a default route
Static routing commands
Configuring IPv6 static
IPv6 static routing
routing
commands
Configuring an IPv6 default
route
[Part] [Part]
Layer 3 - IP Routing Layer 3 - IP Routing
Routing
RIPv1/v2/ng [Chapter] [Chapter]
Configuring RIP RIP commands
Configuring RIPng RIPng commands
[Part] [Part]
Layer 3 - IP Routing Layer 3 - IP Routing
OSPFv2/v3 [Chapter] [Chapter]
Configuring OSPF OSPF commands
Configuring OSPFv3 OSPFv3 commands
[Part]
[Part] Layer 3 - IP Routing
Layer 3 - IP Routing [Chapter]
Policy-based routing [Chapter] Policy-based routing
Configuring PBR commands
Configuring routing policies Routing policy configuration
commands
2-15
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

*1 refer to document “PF5459/QX-S5900 Series Ethernet Switches Configuration Guides”

*2 refer to document “PF5459/QX-S5900 Series Ethernet Switches Command References”

Operation manual *1 Command manual *2

Category Function
Refer to Refer to
[Part] [Part]
RADIUS authentication to Security Security
login to this switch [Chapter] [Chapter]
Configuring AAA AAA commands
[Part] [Part]
Security Security
Password [Chapter] [Chapter]
Configuring password Password control
control commands
Security
[Part]
[Part]
Security
Security
Public Key [Chapter]
[Chapter]
Public key management
Managing public keys
commands
[Part] [Part]
Security Security
SSH
[Chapter] [Chapter]
Configuring SSH SSH commands
[Part] [Part]
CFD ( IEEE 802.1ag High Availability High Availability
High Availability
Ether-CC) [Chapter] [Chapter]
Configuring CFD CFD commands
[Part] [Part]
Network Management and Network Management and
Ping, tracert, and system Monitoring Monitoring
debugging commands [Chapter] [Chapter]
Using ping, tracert, and Ping, tracert, and system
system debugging debugging commands
[Part] [Part]
Network Management and Network Management and
NTP Monitoring Monitoring
[Chapter] [Chapter]
Configuring NTP NTP commands
[Part] [Part]
Network Management and Network Management and
Monitoring Monitoring
Information center
[Chapter] [Chapter]
Network Configuring the information Information center
Management center commands
[Part] [Part]
Network Management and Network Management and
SNMP Monitoring Monitoring
[Chapter] [Chapter]
Configuring SNMP SNMP commands
[Part] [Part]
Network Management and Network Management and
Port mirroring Monitoring Monitoring
[Chapter] [Chapter]
Configuring traffic mirroring Port mirroring commands
[Part] [Part]
Network Management and Network Management and
Traffic mirroring Monitoring Monitoring
[Chapter] [Chapter]
Configuring traffic mirroring Traffic mirroring commands

2-16
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

Operation manual *1 Command manual *2

Category Function
Refer to Refer to
[Part] [Part]
Network Management and Network Management and
NQA Monitoring Monitoring
[Chapter] [Chapter]
Configuring NQA NQA commands
[Part] [Part]
Network Management and Network Management and
sFlow Monitoring Monitoring
[Chapter] [Chapter]
Configuring sFlow sFlow commands
*1 refer to document “PF5459/QX-S5900 Series Ethernet Switches Configuration Guides”
*2 refer to document “PF5459/QX-S5900 Series Ethernet Switches Command References”

2.5 QoS function on OpenFlow ports

2.5.1 QoS function on OpenFlow port

This switch supports QoS function on OpenFlow port about congestion management
function on output port.

1) SET_QUEUE action and SET_FIELD action (VLAN_PCP) can map packets to output
queues.
2) Packets can be mapped to output queues, based on 802.1p priority field (trust dot1p
mode) and DSCP field (trust dscp mode) on input packets.

When 1) and 2) is done at the same time, 1) is prior to 2).

2.5.2 The reference of QoS function

The corresponding reference is as follows.

Table 2-23 Reference of QoS function

Operation manual *1 Command manual *2

Category Function
Refer to Refer to
[Part] [Part]
ACL and QoS ACL and QoS
[Chapter] [Chapter]
Priority mapping,
Configuring priority mapping Priority mapping commands
QoS congestion management,
Configuring congestion Congestion management
congestion avoidance
management commands
Configuring congestion Congestion avoidance
avoidance commands

2-17
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

*1 refer to document “PF5459/QX-S5900 Series Ethernet Switches Configuration Guides”

*2 refer to document “PF5459/QX-S5900 Series Ethernet Switches Command References”

2.6 OpenFlow function on IRF fabric

2.6.1 OpenFlow function on IRF fabric

This switch supports OpenFlow function with IRF technology.

OpenFlow function and IRF technology can be used simultaneously under following
conditions.
 Number of member switches in IRF fabric: up to 2 switches
 Supported MAD type : BFD MAD
(BFD MAD must be configured when you use IRF fabric with openflow)
 Number of OpenFlow ports in IRF fabric : up to 100 OpenFlow ports

OpenFlow
network

Link for MAD

PF5459 / PF5459 /
QX-S5900 QX-S5900

IRF fabric
IRF ports

This fabric
behaves as one
OpenFlow switch.

Figure 2-2 IRF fabric

A OpenFlow controller recognizes one IRF fabric as one OpenFlow switch via OpenFlow
messages.

2.6.2 Recommended Usage:

Different IP interfaces (legacy vlan) to connect to OpenFlow controller are configured on

different switches.

2-18
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

In case of failure of IRF ports and MAD, multiple IRF master switch can exist.
To avoid that management network goes into instable, IP addresses associated with each
switches should be different. And, do not use protocols which use designated id (router id
etc) on one switch. It may cause confusion of network in case of multiple masters.

Link for MAD

PF5459 / PF5459 /
QX-S5900 QX-S5900

Ports belongs to Ports belongs to

Legacy VLAN Legacy VLAN

IRF fabric VLAN A VLAN B

IRF ports

This fabric L2/L3 L2/L3

behaves as one Switch Switch
OpenFlow switch.

Management
OFC IP Network
SNMP Server Network
etc (legacy)

Figure 2-3 Recommended usage of IRF with OpenFlow

2.6.3 OpenFlow message value of IRF fabric:

I. Multipart message (type : Description) :

Values in this message are generated from master switch’s parameters (serial number etc)
except for dp_desc.
dp_desc field is configurable by a command (“description” command in OpenFlow
instance view).

II. Datapath id:

This is generated from system MAC address value.

If you want to use fixed value, you can fix the value with command “datapath-id” in
OpenFlow instance view.

Note that, datapath id of OpenFlow switch should be configured fixed value on IRF fabric by
command “datapath-id”, if the OpenFlow controller in your network system identifies a
OpenFlow switch by datapath id.

2-19
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 2. Overview of OpenFlow function

2.6.4 The reference of IRF

The corresponding reference is as follows.

Table 2-24 Reference of IRF

Operation manual *1 Command manual *2

Category Function
Refer to Refer to
[Part]
[Part]
IRF
IRF
IRF IRF [Chapter]
[Chapter]
IRF overview
IRF commands
Configuring IRF

*1 refer to document “PF5459/QX-S5900 Series Ethernet Switches Configuration Guides”

*2 refer to document “PF5459/QX-S5900 Series Ethernet Switches Command References”

2-20
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 3. Upgrading functions and improvements

3. Upgrading functions and improvements

3.1 Upgrading functions and improvements of Version 7.2.23

Following items are improved on Version 7.2.23

Table 3-1 Improvement on Version 7.2.23

No Improvement
1 The counter for group entry is supported.
2 Parameter of “controller connect-interval” is changed from 10~120 to 1~120.
3 OSPF on In-band management vlan is supported.

Following commands are changed.

Table 3-2 Changed commands on Version 7.2.23

No New command Old commands

1 protocol-packet filter slow -
2 loop-protection enable -
3 openflow shutdown -

3.2 Upgrading functions and improvements of Version 7.1.14

Following items are improved on Version 7.1.14

Table 3-3 Improvement on Version 7.1.14

No Improvement Code
1 New 40GBASE-LR4-QSFP+ is newly supported. #201501260391
A MIB of IRF domain ID below is newly supported.
2 %000000000001
necStackDomainId（.1.3.6.1.4.1.119.2.3.126.10.2.91.1.8）
Add a detail of legacy functions usable on the same port of OpenFlow. to “2.4.2
3 %000000000002
Legacy Functions usable on the same port of OpenFlow”.
Add an explanation of in-band OpenFlow to “8.3.2 in-band OpenFlow Channel
4 %000000000003
connection”.
5 The apply action issuing groups is newly supported. %000000000004

3.3 Upgrading functions and improvements of Version 7.1.11

Following items are improved on Version 7.1.11

3-1
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 3. Upgrading functions and improvements

Table 3-4 Improvement on Version 7.1.11

No Improvement
Some match conditions are added. The condition is as follows.
OXM_OF_IPV4_SRC, OXM_OF_IPV4_SRC(mask)
1
OXM_OF_IPV4_DST, OXM_OF_IPV4_DST(mask)
OXM_OF_ARP_SPA, OXM_OF_ARP_SPA(mask)
Following legacy features are supported with OpenFlow. Refer to 2.4 and 2.5.
2 RADIUS authentication is supported for login to this switch.
SSH is supported.
ISSU is available now when OpenFlow works on IRF fabric. Refer to 2.5.
( “General” includes description of ISSU.)
3
Note that Upgrading method is automatically determined by software. It depends on compatibility
between current software version and updated software version.
4 New switch PF5459-48XT-4Q is newly supported.

Following caution is improved.

Table 3-5 Improved caution on Version 7.1.11

No Improved caution
FlowMod(Modify) works normally now.
<problem>
When FlowMod(Modify) is done, the modified entry is invalid for a while.
1
With PF5459 switch, controller must satisfy following condition.
When one of conflicted entries is modified, the other entry which conflicts modified entry drops packets
or do the same action as modified entry.
GroupMod(Modify) works normally in this situation now.
<problem>
When one of member switch is failed and disconnected from IRF fabric, Error message to GroupMod
2 message can be replied in following condition.
- GroupMod message indicates adding output port on failed switch
- GroupMod message indicates removing output port on failed switch
At this time, group entry on the switch is updated successfully, if no other error exists.

3.4 Upgrading functions and improvements of Version 7.1.6

Following items are improved on Version 7.1.6

Table 3-6 Improvement on Version 7.1.6

No Improvement
1 OpenFlow function is supported on IRF fabric. Refer to 2.7.
2 When OpenFlow function is used on IRF stack topology, ISSU does not be supported now.
3 LAG can be specified as "inport" match condition.
hw_addr on Port Structure of LAG is not checked when PortMod is received on this switch to avoid
4 racing between change of port status of LAG on this switch and sending PortMod by OpenFlow
controller.
On previous release, when deleting the entry of mac-ip by FlowMod with using in-band management
5
vlan, the entry of the vlan (in-band management vlan) in FDB is deleted.
On this software, when deleting the entry of mac-ip by FlowMod with using in-band management vlan,
6
the entry of the vlan (in-band management vlan) in FDB is not deleted.
7 FDB is not affected by OpenFlow message.
From this software version, vlan vid and vlan pcp match condition can be used with ether type = 0x88cc
8
match condition.
9 Set Field action and Set Queue action can be used with Group action.
10 Note that Packets for Group action is mapped to 4 queues. Refer to section 5.

3-2
Release Note –OpenFlow
PF5459/QX-S5900 Series Ethernet Switches 3. Upgrading functions and improvements

Following commands are changed.

Table 3-7 Changed commands on Version 7.1.6

No New commands Old commands

1 display openflow instance xx controller display openflow [instance xx] controller
2 display openflow instance x display openflow instance x summary
3 display openflow summary -

3-3
Release Note –OpenFlow
PF5459 Series Ethernet Switches 4. Resolved problems

4. Resolved problems

4.1 Resolved problems of Version 7.2.23

Following problem is resolved. Please refer QX homepage for more information.

Table 4-1 Resolved problems of Version 7.2.23

No Resolved problems Code

If the controller does not issue flow entries for IGMP packets, IGMP packets are
reported to the controller.
1 #201604010506
<Problem>
If IPv4 header size is 0x46, device send it to controller by mistake.
A controller might receive OFPT_PORT_STATUS(OFPPR_ADD/DELETE) log
messages after certain operations are performed.

<Problem>
This symptom occurs if the following operations are performed
2 a. Configure the port link-type access command on the interface that #201605240126
connects to the controller and assign the interface to a specified VLAN.
b. Change the port link type of the interface to trunk, and assign the interface
to the specified VLANs.
c. Configure the undo port trunk permit vlan 1 command on the interface to
remove the interface from VLAN 1.
#201507310040
#201507160287
Resolved vulnerabilities. #201507200138
#TB201504140268
<Problem> #201508220480
The vulnerability(CVE-2015-3143, CVE-2015-3148, CVE-2014-8176, #201603170138
CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, #201604161225
CVE-2015-1792, CVE-2015-1799, CVE-2016-0701, CVE-2015-3197, #201604161188
CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, #201603220103
CVE-2016-0702, CVE-2016-2842, CVE-2009-3238, CVE-2016-2177, #201608290406
3
CVE-2012-0036, CVE-2016-0701, CVE-2015-3194, CVE-2015-3195, #201607290021
CVE-2015-3196, CVe-2015-1794, CVE-2016-4953, CVE-2016-4954, #201607290007
CVE-2016-4956, CVE-2015-8138, CVE-2015-7979, CVE-2015-7974, #201512280205
CVE-2015,7973, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, #201607040265
CVE-2016-1551, CVE-2016-2519, CVE-2015-7704, CVE-2016-2105, #201605090023
CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, #201605160326
CVE-2016-2176, CVE-2016-5195, CVE-2016-8858, CVE-2016-6304, #201606030317
CVE-2016-6306,) had be revised. #201611080340
#201611070389
#201610220217

4.2 Resolved problems of Version 7.1.14

Following problem is resolved. Please refer QX homepage for more information.

4-1
Release Note –OpenFlow
PF5459 Series Ethernet Switches 4. Resolved problems

Table 4-2 Resolved problems of Version 7.1.14

No Resolved problems Code

If an even port of PF5459-48XT-4Q/QX-S5948XT-4Q is connected to
Express5800 10GBASE-T interface card(N8104-136：10GBASE-T riser
1 card(2ch)[Broadcom BCM57810 NetXtreme II 10 GigE NIC]), LinkDown/UP #FPR789
may be occurred.
<problem>
The noise immunity setting of even port had not been optimal.
Resolved vulnerabilities.
<problem>
The vulnerability of OpenSSL (CVE-2014-3508, CVE-2014-3567,
#201502120368
CVE-2014-3568, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571,
#CVE20143567
2 CVE-2014-3572, CVE-2014-8275, CVE-2015-0205, CVE-2015-0206) had be
#CVE20143568
revised. When only openflow function is used on the switch, these vulnerabilities
#201508220480
would not be problem as SSL function is not used. When SSL function is used as
legacy switch, these vulnerabilities would be problem.
The vulnerability of NTP(CVE-2014-9295) is revised.
Taking over SNMP Version setting.
A following constraint is resolved.
<Problem>
3 After updating software with configuration file disabling SNMP Version 3 or #2014052603
restoring it from backup file, SNMP Version 3 will be enabled.
Countermeasure: If you don't want to use SNMP Version 3, please set "undo
snmp-agent sys-info version v3" in configuration after updating or restoring.

4.3 Resolved problems of Version 7.1.11

Following problem is resolved.

Table 4-3 Resolved problems of Version 7.1.11

項
Resolved problems
番
Table-miss is valid when PF5459 starts now.
1
<problem>
When PF5459 starts, Table miss entry (for drop) is invalid for a while.
Multipart request (Port Stats) works normally now.

2 <problem>
When Multipart request (Port Stats) for all ports (OFPP_ANY) is received on IRF fabric, this switch
reconnects to OpenFlow controller.
match condition VLAN_VID=0x0000 (untag) works normally now.
3
<problem>
match condition VLAN_VID=0x0000 (untag) can not be set.
Multipart request (Port Stats) works normally after OpenFlow channel reconnection now.

<problem>
4
When OpenFlow channel disconnection occurs during PF5459 processing Multipart request (Port Stats),
PF5459 may become not be able to processing Multipart request (Port Stats) after OpenFlow channel
reconnection.

4.4 Resolved problems of Version 7.1.6

None.
4-2
Release Note –OpenFlow
PF5459 Series Ethernet Switches 5. Cautions

5. Cautions
This section describes notes when OpenFlow is running on the switch.
Please note them.

5.1 Configuration of OpenFlow function

It is necessary for OpenFlow function to set the following configuration.
Set fail open-mode secure
Set controller mode single
Set mac-ip dynamic-mac aware
Set flow-table mac-ip 0 extensibility 1

It is necessary for OpenFlow port to be disabled legacy functions except described at “2.4.2
Legacy Functions usable on the same port of OpenFlow”

LLDP: must be enabled in global, but must be disabled in OpenFlow port.

Set the following configuration in the system view.
lldp global enable
Set the following configuration in the interface view of OpenFlow port.
undo lldp enable

Loopback detection function: must be disabled in global.

Set the following configuration in the system view.
undo loopback-detection global enable vlan all

Don’t forget to set FAN air flow direction corresponding to the FAN module.

Don’t forget to disable the function which outputs protocol packet.

It is recommended to set following configuration in the system view for fast failover of
OpenFlow-channel.
tcp timer syn-timeout 3
The default value is 75(sec) so the switch will take 75(sec) to know the next dead controller
is unusable.
5-1
Release Note –OpenFlow
PF5459 Series Ethernet Switches 5. Cautions

Please set maximum number of flow-entries in extensibility table by using "flow-entry max
limit" command as follows.
640(maximum entry) – 11(system reserve) – A(the number of in-band management vlan)
For example, if you use 4 in-band management vlans(A=4), you should configure
“flow-entry max limit 625”.
This configuration will prevent to overflow flow-entries in extensibility table and guard to be
deployed more flow-entry from OpenFlow Controller.

When set field action for VLAN PCP is not executed on the packets, use "trust dot1p"
command on ports on which OpenFlow works if you want to maintain dot1p priority (VLAN
PCP) on packets after OpenFlow actions are done.
If "trust dot1p" is not used, VLAN PCP is set to “0” automatically.

5.2 Cautions of using OpenFlow function

General
Don’t send unsupported message from OpenFlow Controller to the switch.

Reply message may include unsupported field. Ignore unsupported field by OpenFlow
controller.

A stop of communication is sometimes involved by the following commands investment.

 active instance

The flow performance (add/modify/delete) falls by the following commands investment.

 display openflow flow-table
 display openflow group
 display mac-address
 display diagnostic-information

When undo active instance is performed, network loop may be occurred. Because
OpenFlow port is running on regacy function.
When loop-protection enable is set, network loop may not be occurred. Because traffic
on OpenFlow vlan and in-band management vlan is discarded.

About OpenFlow port

Changing of port status (UP/DOWN) belonging to a LAG port may change the LAG
hw_addr of OpenFlow port structure. The minimum port MAC address becomes hw_addr
of LAG port. When all ports of LAG is down, the hw_addr will be system MAC address.

5-2
Release Note –OpenFlow
PF5459 Series Ethernet Switches 5. Cautions

Though “LOCAL” cannot be used as OpenFlow port, it is displayed as OpenFlow port in

Multipart message. Don’t use “LOCAL” as Output port, Inport. Don’t send PortMod
associated with LOCAL.

Don't set VLAN interface to OpenFlow vlan (set by classification vlan excluding in-band
management vlan).
For example, If vlan X is OpenFlow vlan, don't set "interface Vlan-interface X".

When openflow shutdown is performed on OpenFlow port, Port status become down but
can be changed to up by PortMod message.
But it can not be changed when shutdown is performed.

About Modification message

When the Instruction Field of FlowMod is specified Apply action, the entry is registered as
Write action. But that action is displayed in Multipart message as apply action.

PF5459 can’t use Apply Actions instruction. If PF5459 receives flow_mod (add/modify)
message that includes Apply Actions instruction, PF5459 will treat Apply Actions instruction
as Write Actions instruction.

Delete, Modify cannot delete, modify a Table-miss entry. Use Delete strict, Modify strict.

flow_mod (modify strict) message cannot modify a default Table-miss entry which action is
DROP. Use flow_mod (add) message.

PF5459 does not support flow_mod (modify) message that all match fields are wildcarded.
Don’t use such message.

The flow entry which match field is VLAN VID which is not specified by Classification vlan
cannot be added.
Do not add flow entry whose match condition includes VLAN VID specified as in-band
management vlan

The flow entry with Idle timeout needs with counter.

Adding flow entry with “Set queue” to Output To Controller, the flow entry will be added with
“Set queue” ignored.

Buffer can’t be used except for Table-miss entry. Use No buffer in buffer id of the other entry
of table-miss entry. The table-miss entry that action is Output to controller and using buffer
is applied max-len of Flow Mod.
5-3
Release Note –OpenFlow
PF5459 Series Ethernet Switches 5. Cautions

During FlowMod messages are being processed, counter for the Flow entry is not counted
right for a while. After FlowMod is completed, packets for the entry are counted right.

Group type must be set ALL. The weight/watchport/watchgroup values of Group message
are ignored.

A supported value of match metadata is 0x1. other value is not supported. And setting
mask value for metadata is not supported. Please do not specify it on FlowMod
message.The mask value for metadata is set to the same value as metadata automatically.

GroupMod(Modify)
When output action in Group bucket is changed by using GroupMod(Modify), some
packets are lost.

PortMod
hw_addr on Port Structure of LAG is not checked when PortMod is received on this switch.

About PacketOut message

Only following actions are supported on PacketOut packet.

OUTPUT / SET_FIELD / SET_QUEUE
Each action can be applied at once. Do not use twice or more.
Note, all packets which is output from PacketOut message are treated as highest priority
regardless of queue_id on SET_QUEUE message.
Following OpenFlow ports can be used as output port on PacketOut message’s action.
physical port or LAG can be specified.

About Packet Processing

The protocol packet of LACP cannot be forwarded or Packet-in by OpenFlow action.

Receiving untag packet at access port, the switch treat the packet as having VID of
receiving port belong to. The packet hit the flow entry which has such match field.

Receiving tagged packet at access port, the switch only receive the packet having VID of
receiving port belong to. The packet hit the flow entry which has such match field.

Set Field (DSCP) does not work if the flow entry has only Set Field (DSCP). Set Field
(DSCP) can work with Set Field(VLAN_VID).
5-4
Release Note –OpenFlow
PF5459 Series Ethernet Switches 5. Cautions

About QoS function

When only Output action is used (Group action is not used), 8 queues are supported on
output port.

When Group action is used, 4 queues can be used. The values are queue 7,6,5,0.

When Group action is used,

Use ”qos trust dot1p”or “undo qos trust” for priority mapping.
Do not use "qos trust dscp".
Do not change mapping by means of “qos map-table”.
Under conditions above, for packets on which Group action executed,
Priority 7,6,5 are mapped to queue 7,6,5, respectively.
Priority 4,3,2,1,0 are mapped to queue 0.

About IRF function

When mac-ip table on IRF fabric is used, it is needed that Flow entry including Group action
to flood packets is needed for following traffic.
Ethernet broadcast traffic
Ethernet multicast traffic
Ethernet miss-hit traffic on mac-ip table
Set such entries on extensibility table from OpenFlow controller.

When a OpenFlow port which receives a packet from a source MAC address is changed to
other member switch, Flow entry on mac-ip table which includes output action to old
received port can be valid on original member switch for a while.
In this situation, packets may not be forwarded to new port.
In this situation, following event can recover communication.
 FlowMod(delete strict/delete) can invalidate both of new and old port.
 An old entry on mac-ip table is deleted when aging time expires.
 A packet sent from the MAC address is forwarded to destination through IRF port.

When IRF fabric is used, command "display openflow instance flow-table" needs time to
respond. But, switch does not stop and it is collecting information. Please wait for the
response.

SetQueue action does not work for packets which go to other member switch in IRF fabric.
5-5
Release Note –OpenFlow
PF5459 Series Ethernet Switches 5. Cautions

Others
Changing “config” by PortMod changes shutdown status. This status is saved as start-up
configuration by “save” CLI command.

The number of In-band management VLAN must be 5 or less.

During FlowMod messages are being processed, counter for the Flow entry is not counted
right for a while. After FlowMod is completed, packets for the entry is counted right.

5-6
Release Note –OpenFlow
PF5459 Series Ethernet Switches 6. Temporary Constraint

6. Temporary Constraint

6.1 OpenFlow function

No function is going to be improved in the future.

6.2 Legacy function

<After Ver7.1.14 have this constraint>
The periodically sending function of SNMP trap is supported after Ver7.1.14 and default is
disabled.
If software of the switch using SNMP is upgraded from Ver7.1.11 to Ver7.1.14 or later, this
function would be starting to send trap at one-minute interval.
If you do not want this trap, please set "snmp-agent trap periodical-interval 0".

Please refer following URL for the limitation of legacy function when using it.
http://qx.zpf.nec.co.jp/technology/limitation.htm

6-1
Release Note –OpenFlow
PF5459 Series Ethernet Switches 7. Cautions of updating software

7. Cautions of updating software

None.

7.1 Updating software version

None.

7.2 Updating OpenFlow configuration

None.

7.3 Compatibility of softwares for ISSU with OpenFlow function

Between Version 7.1.3 and Version 7.2.23
No compatibility. Do not use ISSU.

Between Version 7.1.6 and Version 7.2.23

No compatibility. Do not use ISSU.

Between Version 7.1.11 and Version 7.2.23

No compatibility. Do not use ISSU.

Between Version 7.1.14 and Version 7.2.23

No compatibility. Do not use ISSU.

Do not use other Version of software for OpenFlow function.

Notes for Incompatible ISSU:

After switchover is done, flow entry information is not copied to new master.
If OFC used in the network is PFC (ProgrammableFlow controller), it is needed that traffic is
stopped on OpenFlow channel for a while to disconnect OpenFlow channel and restart
communication. The duration that traffic is stopped depends on PFC.

7-1
Release Note –OpenFlow
PF5459 Series Ethernet Switches 7. Cautions of updating software

Notes for compatible ISSU:

After switchover is done, flow entry information is copied to new master.

7-2
Release Note –OpenFlow
PF5459 Series Ethernet Switches 8. Description of Function

8. Description of Function
The switch also has the function of described in this chapter besides the following
documents.
PF5459/QX-S5900 Series Ethernet Switches Configuration Guides OpenFlow edition
PF5459/QX-S5900 Series Ethernet Switches Command References OpenFlow edition

8.1 Dynamic MAC Flow table (mac-ip dynamic-mac aware)

8.1.1 Abstract

The switch can create flow entry automatically like mac learning of legacy switch. The flow
entry that match fields are learnt MAC address and VID, that action is output to learnt port.
The table that has above function is called Dynamic Mac Flow table (displayed mac-ip table
on CLI), and the table keep the flow entry specifying output port matching following field.
 VLAN VID
 MAC DA
The entry of this table can be deleted by OpenFlow message.

The switch also support the table called Standard Flow table（displayed extensibility table
on CLI）. The flow entry can registered on the table by OpenFlow message, described in
OpenFlow Spec.
The table id of mac-ip table must be less than the table id of extensibility table.

PF5459 Switch
Packet
Port C Dest Src
Flow VID
MAC MAC
Table
=A =B

Match : Dest MAC = A / VID = B

Instruction
Write metadata = 1
Write action Output C
Go to Table : Next table

Go To table

Dynamic Standard
MAC Flow table Flow table
(mac-ip table) (extensibility table)

Figure 8-1 Dynamic MAC Flow talbe

8-1
Release Note –OpenFlow
PF5459 Series Ethernet Switches 8. Description of Function

On the entry of Dynamic MAC Flow table except Table-miss entry, Write metadata
instruction and Go to Standard Flow table instruction is set automatically.
On the entry of Standard Flow table can match metadata to forward to the port which is
specified Write action of Mac Flow table. This function enables the switch to forward packet
without specifying by OpenFlow Controller. It can reduce processing load of OpenFlow
controller and control network efficiently.

Match : metadata = 1
Instruction
None (empty)

Go To table

Dynamic Standard
MAC Flow table Flow table
(mac-ip table) (extensibility table)

Figure 8-2 metadata match condition

metadata = 1 means hit on the Dynamic MAC Flow table.

The default action of entry that is for no hit is Drop on both of Dynamic MAC Flow table and
Standard Flow table.

L2 entry is deleted by Controller’s FlowMod (Delete/Detete_Strict) Message.

Delete pattern depends on Match fields.
There are the patterns of
 per table” (Match=any)
 per vlan” (Match=vlan)
 per DstMAC” (Match=DstMAC)
 per vlan&DstMAC
 per priority ( 0 (indicating Table-miss) or non-zero value (entry except for Table-miss) )
Other patterns are not supported

After a Dynamic MAC Flow entry is deleted, it remains for a while on displaying data
including multipart message.

PFC(OpenFlow Controller of NEC product) support MAC Forwarding function by using the
above function.

8-2
Release Note –OpenFlow
PF5459 Series Ethernet Switches 8. Description of Function

8.1.2 Entry of MAC-IP Flow table

The following describe the detail entry of Dynamic MAC Flow table.

I. New learnt MAC address (Add)

L2 entry is added automatically when PF54 receives new packet.

new packet. (ex :SrcMAC=A, VID=B, Input port =C)
 Match: DstMAC,VID (ex: DstMAC=A, VID=B)
 Priority: 65535
 Instruction-Write-Action: Output (single-output) (ex:Output=C)
 Instruction-Write-Metadata: 1
 Instruction-Goto Table: Extensibility-Table
 idle-timeout:0
 hard-timeout:0
 flag : {
OFPFF_SEND_FLOW_REM=0, OFPFF_CHECK_OVERLAP=0,
OFPFF_RESET_COUNTERS=0, OFPFF_NO_PKT_COUNTS=1,
OFPFF_NO_BYT_COUNTS=1}
 cookie:0

II. changing port of existing MAC address (Modify)

L2 entry is modified automatically when PF5459/QX-S5900 receives known packet from

other input port.
Packet from other input port. (ex :SrcMAC=A, VID=B, Input port =D)
 Match: DstMAC,VID (ex: DstMAC=X, VID=Y)
 Priority: 65535
 Instruction-Write-Action: Output (single-output) (ex:Output=D)
 Instruction-Write-Metadata: 1
 Instruction-Goto Table: Extensibility-Table
 idle-timeout:0
 hard-timeout:0
 flag :{
OFPFF_SEND_FLOW_REM=0, OFPFF_CHECK_OVERLAP=0,
OFPFF_RESET_COUNTERS=0, OFPFF_NO_PKT_COUNTS=1,
OFPFF_NO_BYT_COUNTS=1}
 cookie:0

8-3
Release Note –OpenFlow
PF5459 Series Ethernet Switches 8. Description of Function

8.2 OpenFlow-channel failover function

8.2.1 Abstract

The switch doesn’t OpenFlow spec failover function but support original failover function.
Set controller mode single on CLI.
The switch can connect 1 OFC simultaneously. When the switch is disconnected the OFC,
the switch tries reconnecting the other OFC.

The switch send echo request and receive the reply message during connecting with OFC
and maintain the connection. The switch also maintains the connection receiving
OpenFlow message except Echo request. That make the connection of OpenFlow channel
stable even OpenFlow Controller is busy and sending Echo reply become low priority,

In case of no receiving reply to Echo request during 3 times of Echo request interval the
switch take it the disconnect.
After the switch become disconnect the switch tries to connect from lower id except the
disconnected controller id immediately.

8.2.2 Function example

In case of the switch cannot all controller id, the switch tries to connect from the lowest id
after waiting controller connect interval.

controller id =1,2,3 is configured

when PF54 is connecting to controller id = 2 and this controller become failed
PF5459/QX-S5900 is reconnect to 1 -> 3 (from smallest id except for old id)

8-4
Release Note –OpenFlow
PF5459 Series Ethernet Switches 8. Description of Function

Switch OFC1 OFC2 OFC3

echo
3 times as
Echo request
interval

Handshake
OpenFlow-channel
disconnected Handshake

Controller
Connect
interval
Handshake
Connection
Established

Figure 8-3 Failover function of OpenFlow-channel

8-5
Release Note –OpenFlow
PF5459 Series Ethernet Switches 8. Description of Function

8.3 In-band management vlan function

8.3.1 Abstract

The switch can specify VLAN for legacy. This function enables using all 4094VLAN VID for
OpenFlow except VLAN for legacy.
The switch treats the packet with VLAN VID that is for OpenFlow as OpenFlow.
The port for connecting to OFC can belong to legacy VLAN by using this function.

PF5459 /
QX-S5900 Ports which belong to
Ports which belong to Inband management vlan
OpenFlow vlan

OpenFlow RIP etc

network

L2/L3 L2/L3
switch switch

Management vlan
OFC IP
SNMP Server Network
etc (legacy)

Figure 8-4 Inband management VLANs

The switch can configure VLAN for OpenFlow and VLAN for Legacy. The ports or LAG
belonging to OpenFlow VLAN are worked as OpenFlow switch. About the usable legacy
function on these ports with OpenFlow function running, please refer “2.4.2 Legacy
Functions usable on the same port of OpenFlow"
The ports or LAG belonging to Legacy VLAN are worked as legacy switch. These ports can
use the following legacy functions. About the usable legacy function on the port belonging
to legacy vlan with OpenFlow function running, please refer “2.4.1 Legacy Functions
usable on the other port of OpenFlow”

1) VLAN for legacy

The following command enables specified VLAN VID to be used for legacy.
in-band management vlan
The port belongs to VLAN specified as above can use legacy function.
The VLAN VID specified as above is displayed on in-band management vlan of “display
openflow instance summary”.
2) VLAN for OpenFlow
8-6
Release Note –OpenFlow
PF5459 Series Ethernet Switches 8. Description of Function

The VLAN VID specified the following command excepting the above VLAN for legacy can
be used as VLAN for OpenFlow. This command takes the form of VID/mask and the VID of
matching mask bit 1is masked.
classification vlan [loosen]
The port belongs to VLAN specified as above can use OpenFlow function.
The VLAN VID specified as above is displayed on active vlan of “display openflow
instance summary”. Though all the VLAN VID specified above command is displayed,
VLAN for OpenFlow doesn’t include in-band management vlan.
The VLAN that isn’t specified by this command can be used as VLAN for legacy.

When connecting the switch to OpenFlow controller by Out-of-band, please use the port
belonging to legacy vlan.

8.3.2 In-band OpenFlow Channel connection

By using in-band OpenFlow channel, OpenFlow channel can be established through

OpenFlow network. Please notice below restrictions and cautions.

1) Using this switch as PF core in core domain, enable mac-learning of vlan using
In-band OpenFlow channel.
2) The pass design of In-band OpenFlow channel is same as PF5200.
3) It is recommended to configure QoS to make high priority to OpenFlow channel traffic
than normal traffic.

8.4 Configuration for OpenFlow port

The switch treats the packet with VLAN VID for OpenFlow as for OpenFlow Switch
processing. (Consider the packet as entering OpenFlow pipeline)
The switch treats the other packets as for legacy switch. (Consider the packet as entering
normal pipeline)
Don’t set the port VLAN belong to VLAN for OpenFlow and VLAN for legacy at the same
time except described in “2.4.2 Legacy Functions usable on the same port of OpenFlow”

Using classification vlan loosen option, the port belongs to at least one VLAN for
OpenFlow treat the packet with that VID as OpenFlow. The port is advertised by OpenFlow
message.

Only the Packet with VLAN VID output port belongs to can be outputted from that port.

This function enables constraining VID of output packet with saving the number of flow
entry. (But OpenFlow message cannot control)

8-7
Release Note –OpenFlow
PF5459 Series Ethernet Switches 9. Description of difference

9. Description of difference
none.

9-1