Ch3 Openflow
Ch3 Openflow
4 WIN
Network-IT-zation
Chapter 3:
OpenFlow Protocol
1
Chapter Content
2
Sec 1: What is OpenFlow ?
3
Introduction
▪ OpenFlow introduced by the McKeown group at Stanford University
(2008)
4
What is OpenFlow?
▪ The OpenFlow protocol defines
▪ A standardized API and communication method between the external controller
and OpenFlow process on the networking device
▪ The use of ‘Flow-tables’ held on the networking device which are populated by
the external controller which are used for matching and forwarding packets
▪ Two components :
▪ OpenFlow controller
▪ Controls one or more switches
▪ Computes paths, maintains state, formulates flows and programs
OpenFlow Switches
▪ OpenFlow Switch
▪ Receives commands (flow entries, queries) from the OpenFlow
controller in order to populate entries in the flow-table
▪ Holds the flow-table in volatile memory
6
OpenFlow components
7
OpenFlow deployment models
8
OpenFlow deployment models (..)
Flow-Based Aggregated
• Every flow is individually set • One flow entry covers large
up by controller groups of flows
• Exact-match flow entries • Wildcard flow entries
• Flow table contains one • Flow table contains one entry
entry per flow per category of flows
• Good for fine grain control, • Good for large number of
e.g. campus networks flows, e.g. backbone
9
OpenFlow deployment models (..)
Reactive Proactive
10
Sec 2: OpenFlow components
11
OpenFlow switch
▪ It consists of one or more flow tables and a group table, which perform
packet lookups and forwarding, and one or more OpenFlow channels to an
external controller.
▪ Using the OpenFlow switch protocol, the controller can add, update, and delete
flow entries in flow tables.
▪ Matching starts at the first flow table and may
continue to additional flow tables of the pipeline.
▪ If no match is found in a flow table, the outcome
depends on configuration of the table-miss flow
entry.
12
OpenFlow controller
15
OpenFlow flow table
16
Flow entry
17
Flow entry components
▪ Match fields: to match against packets. These consist of the ingress port
and packet headers, and optionally metadata specified by a previous table.
▪ Priority : matching precedence of the flow entry.
▪ Counters: updated when packets are matched.
▪ Instructions: to modify the action set or pipeline processing.
▪ Timeouts : maximum amount of time or idle time before flow is expired by
the switch.
▪ Cookies : opaque data value chosen by the controller. May be used by the
controller to filter flow statistics, flow modification and flow deletion. Not
used when processing packets.
18
Example flow entries
Switching
* * 00:1f:.. * * * * * * * port6
Flow Switching
Firewall
* * * * * * * * * 22 drop
19
Example flow entries (..)
Routing
* * * * * * 5.6.7.8 * * * port6
VLAN Switching
20
Example of communication OpenFlow
21
Example of communication OpenFlow (..)
22
OpenFlow Group Table
▪ A group table consists of group entries. The ability for a flow entry to point to a
group enables OpenFlow to represent additional methods of forwarding
▪ Controller to Switch :
▪ Controller/switch messages are initiated by the controller and may or may
not require a response from the switch
▪ Asynchronous
▪ Asynchronous messages are sent without a controller soliciting them from
a switch. Switches send asynchronous messages to controllers to denote
a packet arrival, switch state change, or error.
▪ Symmetric
▪ Symmetric messages are sent without solicitation, in either direction
25
OF Messages: Controller to Switch
▪ Features : performed upon establishment of the OpenFlow channel
▪ Configuration : used to set and query configuration parameters in the switch
▪ Modify-state : used to add, delete and modify flow/group entries in the OpenFlow
tables and to set switch port properties
▪ Read-state : used to collect various information from the switch, such as current
configuration, statistics and capabilities.
▪ Packet-out : must contain a full packet or a buffer ID referencing a packet stored in
the switch.
▪ Barrier : used to ensure message dependencies have been met.
▪ Role-request : used to set the role of its OpenFlow channel, or query that role.
▪ Asynchronous-configuration : used to set an additional filter on the asynchronous
messages that it wants to receive on its OpenFlow channel, or to query that filter 26
OF Messages: Asynchronous
27
OF Messages: Symmetric
▪ Hello : Hello messages are exchanged between the switch and controller
upon connection startup
▪ Echo : can be sent from either the switch or the controller, and must return an
echo reply. They are mainly used to verify the liveness of a controller-switch
connection, and may as well be used to measure its latency or bandwidth
28
OF Messages (cont.)
29
Sec 4: OpenFlow Pipeline
30
Pipeline processing
31
Pipeline processing
▪ The OpenFlow pipeline of every OpenFlow switch contains multiple flow tables,
each flow table containing multiple flow entries.
▪ The OpenFlow pipeline processing defines how packets interact with those flow
tables.
32
Pipeline processing (..)
▪ Pipeline processing always starts at the first flow table
▪ The packet is first matched against flow entries of flow table 0
▪ If a flow entry is found, the instruction set included in that flow entry is executed.
▪ Instructions may direct the packet to another flow table (Goto instructions)
▪ If a packet does not match a flow entry in a flow table, this is a table miss.
▪ The behavior on a table miss depends on the table configuration :
▪ Drop
▪ Pass to another table
▪ Send to controller (packet_in message)
33
OpenFlow switch : Packet matching
34
For more details
https://www.opennetworking.org/wp-content/uploads/2014/10/openflo
-v1.3.2.pdf
35
It’s your turn !!
36
What is given ?
37
What you should do ?
38
What you should do ?
Prepare Mininet
▪ Create a linear topology with :
▪ 4 switches and 2 hosts /switch
▪ Remote controller
▪ Des switch de type : OpenVswitchs
▪ Specify the protocol : OpenFlow
▪ And attribute MAC addresses for the hosts
39
What you should do ?
40
What you should do ?
Use OpenDaylight to
▪ Scenario 1: create a blocking flow using MAC address
▪ Scenario 2: create a blocking flow using IP address
▪ Scenario 3: create a blocking flow using multiple criteria
▪ Scenario 4: create a VLAN based flow
41
42