Openflow

openflow 1.0
被封裝在TCP中, Protocols in frame: eth:ip:tcp:of


flow處理程序
packet進入openflow switch
假如符合指定的flow格式,套用指定的actions
假如完全沒有符合,則透過secure channel傳給controller
ps:
若封包沒有符合,只會將封包的前128bit傳給controller

flow的壽命
每個flow會依據以下兩種方式被刪除
idle_timeout(該flow一直未使用則自動刪除)
hard_timeout(指定時間一到自動刪除該flow,並發出訊息)
ps:
If both idle_timeout and hard_timeout are zero, the entry is considered permanent and will never time out

flow的priority
default is the highest priority
Higher priority entries must match before lower priority ones
If multiple entries have the same priority, the switch is free to choose any ordering

………………………………………………

flow格式

flow格式
[header][counters][actions]
header
 用來比對是否為指定的flow
counters:
 用來統計flow數據
actions:
 預設action為丟棄
 若不支援則回應unspoorted flow error
 一個flow可以指定多個action

[header]
有以下欄位
ingress port(進入接口):
ether src
ether dst
ether type: 0x0806(arp), 0x0800(ip)
vlan id
vlan priority
ip src:來源ip,支援mask
ip dst:目地ip,支援mask
ip proto: 1(icmp),6(tcp),17(udp)
ip tos bits
transport src port/icmp type
transport dst port/icmp code

[counter]
依類型可分為以下欄位
per table
 active entires
 packet lookups
 packet matches
per flow
 received packets
 received bytes
 duration(seconds)
 duration(nanoseconds)
per port
 received packets
 transmitted packets
 received bytes
 transmitted bytes
 receive drops
 transmit drops
 receive errors
 transmit errors
 receive frame alignment erros
 receive overrun errors
 receive CRC errors
 collisions
per queue
 transmit packets
 transmit bytes
 transmit overrun errors

[actions]
分為required和optional

Required Actions:設備必須支援的動作
forward:有以下五種
 all 將封包送到所有port,但不包括input port
 controller 將完整封包封裝並送到controller
 local 將封包送到local switch的networking stack
 table 在flow table上執行相關動作,但只對送出的封包有作用
 in_port: 將封包送到input port
drop:若沒指定的預設動作

Optional Actions:設備可能支援的動作
forward:有以下二種
 normal:依傳統switch的方式做處理
 flood:將封包flooding,但不包含input port,及被stp關閉
enqueue:將封包轉到到某個介面的queue,可用來提供基本的qos
mudify-field:可修改以下值
 set vlan id
 set vlan priority
 strip vlan header:拿掉vlan資訊
 modify ether src addr
 modify ether dst addr
 modify ipv4 src addr
 modify ipv4 dst addr
 modify ipv4 tos bits
 modify transport src port
 modify transport dst port


………………………………………………………………

message
有以下三種類型
controller-to-switch:由controller發出
asynchronous:由switch視狀況隨時傳給controller的訊息
symmetric:用來建立及維持連線的訊息


controller-to-switch
主要有
feature:與switch建立transport layer security session,可分為兩種
 Controller->Switch:controller問switch資訊
 Switch->Controller:switch回覆controller相關資訊
configuration:設定或查詢switch
Modify-State:管理switch的flow table,主要工作為add,delete,modify flows
read-sate:管理switch的flow table和介面狀態
send-packet:用來將packet送到switch
barrier:用來確認訊息

asynchronous
主要有
packet-in:若switch發現該packet不在flow table內,則透過該訊息告知controller
flow-removed:若switch發現flow從flow table中被移除,則通知controller
port-status:若switch發現interface變化(ex:介面shutdown),則通知controller
error:若switch發現問題則通知controller

symmetric
hello:switch和controller用來建立連線,可分為兩種
 Controller->Switch:controller傳給switch
 Switch->Controller:switch回覆controller
echo:判斷controller或switch是否還在線上,兩一方均可發送echo,接收方需回復echo reply以確保目前仍保持連接
vendor:保留

………………………………


ref:
https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.0.0.pdf
OpenFlow Switching Performance: Not All TCAM Is Created Equal
http://packetpushers.net/openflow-switching-performance-not-all-tcam-is-created-equal/