The OpenFlow protocol is a key enabler in driving SDN solutions. OpenFlow is a standard protocol between data and control for remotely controlling the flow table of a switch or router:
Figure 9: OpenFlow block diagram.
OpenFlow enables SDN controllers to define the flow of network packets across the network of devices supporting the OpenFlow protocol. OpenFlow defines a generalized flow table with a very flexible and generalized flow abstraction, Open control API, which enables remote control of layers1-7.
OpenFlow defines APIs for defining traffic flow and a framework for describing the flow state; hence, it can be viewed as the following.
OpenFlow is an outline semantic for defining flow characteristics of traffic and actions to take on the packets matching the defined characteristics.
OpenFlow provides a framework to define flow information and RPCs for a central SDN controller to program the flow state information. The state is maintained within an OpenFlow agent running on the forwarding network device.
OpenFlow tables form a pipeline to accomplish packet header processing. The pipeline can be formed by a single flow table at the very least. Multiple flow tables form a pipeline, acting on input from previous flow tables:
Figure 10: OpenFlow tables.
Let's refer to the dump of the Open vSwitch implementing OpenFlow version 1.4 to gain insight into the OpenFlow pipeline processing.
Check for the OpenFlow version:
Packets hit table 0 ("classifier")
at the start. The classifier matches the flow table entry for packet header parameters such as tunnel header, Ethernet, VLAN, MPLS, IPv4/IPv6, ARP, TCP/UDP, and ICMP to execute the instruction set included in the flow entry:
If the instructions results in a packet header rewrite, the subsequent tables in the pipeline match the changed packet header. The significance of the match and action instructions is local to the flow table and the pipeline:
The instructions
field specifies a set of actions or modifications to the pipeline processing. The Open vSwitch instructions include meter, apply_actions
, clear_actions
, write_actions
, write_metadata
, and goto_table
.
A flow entry can modify the action set using a write_actions
instruction or a clear_actions
instruction associated with a particular match. The action set is carried between flow tables.
The goto_table
instruction setting indicates the next flow table in the pipeline. The next tables
field in the tables defines the range for the goto_table
, ensuring that the next table in the pipeline has an ID greater than its own ID. This instruction must be supported in all flow tables except the last one. The pipeline processing stops when the instruction set of a flow entry does not contain a goto_table
instruction and the actions in the action set of the packet are executed.
OpenFlow specification (OFv1.5) can be described as follows:
Name |
Description and use |
match fields |
Matches packets such as tunnel header, Ethernet, VLAN, MPLS, IPv4/IPv6, ARP, TCP/UDP, port number, and optionally information from a previous table if there is more than one. |
priority |
Matching precedence. The |
counters |
Keeps track of the number of times the flow has been matched. |
instructions |
Defines sets of |
timeouts |
Used to control how long until a flow is removed from the switch. |
cookie |
A value used by the controller to help identify a flow, for example, when filtering requests. Not used in packet processing. |
flags |
Used to manage flow entries. |
Install Wireshark in Ubuntu:
% sudo apt-get install wireshark
The following screenshot depicts a Wireshark capture of the OpenFlow packets. The packet frame shows Match
on MAC 46:1c:69:c8:b9:77
and Action
to output on Port 1
:
Figure 11: Wireshark dump of OpenFlow with Match and Action.
3.133.154.2