SR OS supports two modes of operation for an H-OFS instance: GRT-only and multi-service. The modes of operation are operator-controlled per H-OFS instance by enabling or disabling the switch-defined-cookie option (config>open-flow>of-switch>flowtable 0). For backward compatibility, GRT-only mode of operation is default but, because multi-service mode is a functional superset, Nokia recommends operating in multi-service mode whenever possible. The operator can change the mode in which an H-OFS instance operates but a shutdown is required first. This purges all the rules forcing the OF controller to reprogram the switch instance after it is re-enabled in a new mode. SR OS supports both H-OFS modes of operation concurrently for different switch instances.
Multi-service modes of operation uses part of the FlowTable cookie field (higher-order 32 bits) to provide the enhanced functionality; the lower-order FlowTable cookie bits are fully controlled by the OF controller. Table: Multi-service mode — higher-order bit flow table cookie encoding depicts higher-order bit Flow Table cookie encoding used when operating in the multi-service mode of operation.
| sros-cookie Name | sros-cookie Type (Bits 63...60) |
sros-cookie Value (Bits 59...32) |
FlowTable Entry Interpretation Based on the sros-cookie |
|---|---|---|---|
grt |
0000 |
0 |
FlowTable rule is applicable to GRT instance (IES and router interfaces) |
system |
1000 |
0 |
FlowTable rule is applicable to system filters |
service |
1100 |
service-id for existing VPLS or VPRN service |
FlowTable rule is applicable to an existing VPRN or VPLS service specified by the sros-cookie value |
To enable multi-service mode of operation, an operator must embed the OF switch in an ACL filter policy, and, because multi-service H-OFS supports a mix of VPRN/VPLS/GRT/System rules, an additional scope of embedding must be selected (embed open-flow service, embed open-flow system - grt scope used by default). After embedding H-OFS instance, an ACL policy contains rules specific to a VPRN or VPLS service instance or to a GRT or to a System Filter Policy. Therefore, the ACL filter policy can only be used in the scope defined by H-OFS embedding.
Rules programmed by an OF controller with grt, system, and service cookies specified are accepted even if the H-OFS instance is not embedded by a filter activated in a specific context. Rules programmed by an OF controller with a service cookie specified, when the service ID is not one of the supported service types, or when the service with the specified ID does not exist, are rejected with an error returned back to the controller. If an H-OFS is embedded into a line card policy with a specific service context, the embedding must be removed before that service is deleted.
Table: Differences between GRT mode and multi-service mode summarizes the main differences between the two modes of operation.
| Function | GRT Mode (no switch-defined-cookie) |
Multi-service Mode (switch-defined-cookie) |
|---|---|---|
Support OF on IES access interfaces |
Yes |
Yes |
Support OF on router interfaces in GRT instance |
Yes |
Yes |
Support OF on VPRN access and network interfaces |
No (lack of native OF service virtualization) |
Yes |
Support OF on VPLS access and network interfaces |
No (lack of native OF service virtualization) |
Yes |
Support port and VLAN in flowtable match (see the following section) |
No |
Yes |
Support OF control of System ACL policies |
No |
Yes |
Traffic steering actions |
Forward, drop, redirect to LSP, Layer 3 PBR actions only |
All |
Scale |
Up to ingress ACL filter policy entry scale |
Up to OF system scale limit per H-OFS instance, and up to 64 534 entries per unique sros-cookie value |
Restrictions:
See the SR OS R22.x.Rx Software Release Notes for a full list of GRT/IES/VPRN/VPLS interfaces that support OF control for multi-service mode.
The 7450 ESS, 7750 SR, 7950 XRS, and VSR H-OFS always requires an sros-cookie to be provided for FlowTable operations and fails any operation without the cookie when the switch-defined-cookie command is enabled.
OF no-match-action is not programmed in hardware for system filters, because system filters are chained to other filter policies and no-match-action would break the chaining.
An H-OFS instance does not support overlapping of priorities (flow_priority value) within a single sros-cookie (type plus value). The supported values for priority differ based on a value for switch-define-cookie:
H-OFS with the switch-defined-cookie command disabled
Valid flow_priority_range 1 to max-size – 1
flow_priority_value 0 is reserved (no match action)
H-OFS with the switch-defined-cookie command enabled
Valid flow_priority_range 1 to 65534
flow_priority_value 0 is reserved (no match action)
flow_priority must map to a valid filter ID. The following items show how flow_priority is mapped to a filter policy entry ID:
H-OFS with switch-define-cookie disabled
filter entry ID = max-size – flow_priority + embedding offset
H-OFS with switch-define-cookie enabled
filter entry ID = 65535 – flow_priority + embedding offset
When multiple H-OFS instances are embedded into a single ACL filter, no two H-OFS instances can program the same filter entry ID.