NDI Communications - Engineering & Training

Software Defined Networking (SDN)

Chapter 3 – OpenFlow Protocols

Page 2

Chapter Content

Operation

Messages

Packet Structure

Switch Protocol

Features

Page 3

Controller

OpenFlow Usage

OpenFlow Switch

OpenFlow Switch

OpenFlow Switch

Alice’s code

Decision?

OpenFlowProtocol

Alice’s Rule

Alice’s Rule Alice’s Rule

Page 4

Controller

Communication in OpenFlow Network

Flow Table:

Match Field Action

empty empty

Host 1MAC address

08-00-20-3A-00-4F

OpenFlow Switch

Src: 08-00-20-3A-00-4F

Dst: 08-00-2A-0B-FE-FD

21

Packet-in: unmatched frame with MAC 08-00-2A-0B-FE-FD

Packet-out: flood on all ports except ingress port

Host 2MAC address

08-00-2A-0B-FE-FD

MAC table:

MAC address Ingress port

08-00-20-3A-00-4F 1

Page 5

Communication in OpenFlow Network

Flow Table:

Match Field Action

Src: 08-00-2A-0B-FE-FDDst: 08-00-20-3A-00-4F

Forward on port 1

Src: 08-00-20-3A-00-4FDst: 08-00-2A-0B-FE-FD

Forward on port 2

Host 1MAC address

08-00-20-3A-00-4F

OpenFlow Switch

Controller

21

Packet-in: unmatched frame with MAC 08-00-20-3A-00-4F

Packet-out: forward on port 1

MAC table:

MAC address Ingress port

08-00-20-3A-00-4F 1

08-00-2A-0B-FE-FD 2

Host 2MAC address

08-00-2A-0B-FE-FD

Match Action

Src: 08-00-2A-0B-FE-FDDst: 08-00-20-3A-00-4F

Forward on port 1

Match Action

Src: 08-00-20-3A-00-4FDst: 08-00-2A-0B-FE-FD

Forward on port 2 Src: 08-00-2A-0B-FE-FD

Dst: 08-00-20-3A-00-4F

Flow-mod messages:

Page 6

Chapter Content

Operation

Messages

Packet Structure

Switch Protocol

Features

Page 7

Controller/Switch Messages

The OpenFlow switch protocol supports three message types:

controller-to-switch, asynchronous, and symmetric, each with

multiple sub-types.

Controller-to-switch messages are initiated by the controller and

used to directly manage or inspect the state of the switch.

Asynchronous messages are initiated by the switch and used to

update the controller of network events and changes to the switch

state.

Symmetric messages are initiated by either the switch or the

controller and sent without solicitation.

Page 8

Controller to Switch Messages

Controller to switch messages are initiated by the controller and may or may not require a

response from the switch.

Features: The controller may request the identity and the basic capabilities of a switch by sending a

features request

Configuration: The controller is able to set and query configuration parameters in the switch.

Modify-State: Modify-State messages are sent by the controller to manage state on the switches.

Read-State: Read-State messages are used by the controller to collect various information from the

switch, such as current configuration, statistics and capabilities.

Packet-out: These are used by the controller to send packets out of a specified port on the switch, and

to forward packets received via Packet-in messages.

Barrier: Barrier request/reply messages are used by the controller to ensure message dependencies have

been met or to receive notifications for completed operations.

Role-Request: Role-Request messages are used by the controller to set the role of its OpenFlow channel,

or query that role.

Asynchronous-Configuration: The Asynchronous-Configuration messages are used by the controller to set

an additional filter on the asynchronous messages that it wants to receive on its OpenFlow channel, or to

query that filter.

Page 9

Asynchronous Messages

Messages initiated by the switch, and sent to the controller:

Packet-in: Transfer the control of a packet to the controller.

Flow-Removed: Inform the controller about the removal of a flow

entry from a flow table.

Port-status: Inform the controller of a change on a port.

Error: The switch is able to notify controllers of problems using

error messages.

Page 10

Symmetric Messages

Symmetric messages are sent without solicitation, in either

direction.

Hello: Hello messages are exchanged between the switch and

controller upon connection startup.

Echo: Echo request/reply messages can be sent from either the

switch or the controller, and must return an echo reply.

Experimenter: Experimenter messages provide a standard way for

OpenFlow switches to offer additional functionality within the

OpenFlow message type space.

Page 11

OpenFlow Channel Connections

The OpenFlow channel is used to exchange OpenFlow message

between an OpenFlow switch and an OpenFlow controller.

A typical OpenFlow controller manages multiple OpenFlow

channels, each one to a different OpenFlow switch.

An OpenFlow switch may have one OpenFlow channel to a single

controller, or multiple channels for reliability, each to a

different controller.

The OpenFlow channel is usually instantiated as a single network

connection between the switch and the controller, using TLS or

plain TCP.

Page 12

Chapter Content

Operation

Messages

Packet Structure

Switch Protocol

Features

12

Page 13

Packet Example – Features Request/Reply

Message sent by the controller on session establishment

Message sent back from the switch to the controller

Page 14

Packet Example – Packet In / packet Out

Page 15

Packet Example – Port Statistics

Page 16

Packet Example – Port Modification

Page 17

Security

The switch and controller may communicate through a TLS

connection.

The TLS connection is initiated by the switch on startup to the

controller, which is listening either on a user-specified TCP port

or on the default TCP port 6653 .

The switch and controller mutually authenticate by exchanging

certificates signed by a site-specific private key.

The switch and controller may optionally communicate using plain

TCP.

Page 18

Multiple Controllers

The switch may establish communication with a single controller,

or may establish communication with multiple controllers.

Having multiple controllers improves reliability, as the switch

can continue to operate in OpenFlow mode if one controller or

controller connection fails.

The hand-over between controllers is entirely managed by the

controllers themselves, which enables fast recovery from failure

and also controller load balancing.

The controllers coordinate the management of the switch

amongst themselves via mechanisms outside the scope of the

present specification

Page 19

Summary

Yoram Orzach

yoram@ndi-com.com

Thank You!!!

Coming soon LIVE on our NEW e-Learning portal