Ch 03 --- the OpenFlow protocols
0 likes507 views
This document discusses OpenFlow protocols, including OpenFlow switch and controller communication. It describes the different OpenFlow message types - controller-to-switch messages which manage switch state, asynchronous messages from switch to controller about network events, and symmetric messages that can be sent in either direction. It provides packet structure examples and discusses how OpenFlow channels are used to exchange messages over TLS or TCP. The document explains that switches can communicate with a single or multiple controllers for reliability.
Ch 03 --- the OpenFlow protocols
- 1. NDI Communications - Engineering & Training Software Defined Networking (SDN) Chapter 3 – OpenFlow Protocols
- 2. Page 2 Chapter Content Operation Messages Packet Structure Switch Protocol Features
- 3. Page 3 Controller OpenFlow Usage OpenFlow Switch OpenFlow Switch OpenFlow Switch Alice’s code Decision? OpenFlow Protocol Alice’s Rule Alice’s Rule Alice’s Rule
- 4. Page 4 Controller Communication in OpenFlow Network Flow Table: Match Field Action empty empty Host 1 MAC address 08-00-20-3A-00-4F OpenFlow Switch Src: 08-00-20-3A-00-4F Dst: 08-00-2A-0B-FE-FD 21 Packet-in: unmatched frame with MAC 08-00-2A-0B-FE-FD Packet-out: flood on all ports except ingress port Host 2 MAC address 08-00-2A-0B-FE-FD MAC table: MAC address Ingress port 08-00-20-3A-00-4F 1
- 5. Page 5 Communication in OpenFlow Network Flow Table: Match Field Action Src: 08-00-2A-0B-FE-FD Dst: 08-00-20-3A-00-4F Forward on port 1 Src: 08-00-20-3A-00-4F Dst: 08-00-2A-0B-FE-FD Forward on port 2 Host 1 MAC address 08-00-20-3A-00-4F OpenFlow Switch Controller 21 Packet-in: unmatched frame with MAC 08-00-20-3A-00-4F Packet-out: forward on port 1 MAC table: MAC address Ingress port 08-00-20-3A-00-4F 1 08-00-2A-0B-FE-FD 2 Host 2 MAC address 08-00-2A-0B-FE-FD Match Action Src: 08-00-2A-0B-FE-FD Dst: 08-00-20-3A-00-4F Forward on port 1 Match Action Src: 08-00-20-3A-00-4F Dst: 08-00-2A-0B-FE-FD Forward on port 2 Src: 08-00-2A-0B-FE-FD Dst: 08-00-20-3A-00-4F Flow-mod messages:
- 6. Page 6 Chapter Content Operation Messages Packet Structure Switch Protocol Features
- 7. Page 7 Controller/Switch Messages The OpenFlow switch protocol supports three message types: controller-to-switch, asynchronous, and symmetric, each with multiple sub-types. Controller-to-switch messages are initiated by the controller and used to directly manage or inspect the state of the switch. Asynchronous messages are initiated by the switch and used to update the controller of network events and changes to the switch state. Symmetric messages are initiated by either the switch or the controller and sent without solicitation.
- 8. Page 8 Controller to Switch Messages Controller to switch messages are initiated by the controller and may or may not require a response from the switch. Features: The controller may request the identity and the basic capabilities of a switch by sending a features request Configuration: The controller is able to set and query configuration parameters in the switch. Modify-State: Modify-State messages are sent by the controller to manage state on the switches. Read-State: Read-State messages are used by the controller to collect various information from the switch, such as current configuration, statistics and capabilities. Packet-out: These are used by the controller to send packets out of a specified port on the switch, and to forward packets received via Packet-in messages. Barrier: Barrier request/reply messages are used by the controller to ensure message dependencies have been met or to receive notifications for completed operations. Role-Request: Role-Request messages are used by the controller to set the role of its OpenFlow channel, or query that role. Asynchronous-Configuration: The Asynchronous-Configuration messages are used by the controller to set an additional filter on the asynchronous messages that it wants to receive on its OpenFlow channel, or to query that filter.
- 9. Page 9 Asynchronous Messages Messages initiated by the switch, and sent to the controller: Packet-in: Transfer the control of a packet to the controller. Flow-Removed: Inform the controller about the removal of a flow entry from a flow table. Port-status: Inform the controller of a change on a port. Error: The switch is able to notify controllers of problems using error messages.
- 10. Page 10 Symmetric Messages Symmetric messages are sent without solicitation, in either direction. Hello: Hello messages are exchanged between the switch and controller upon connection startup. Echo: Echo request/reply messages can be sent from either the switch or the controller, and must return an echo reply. Experimenter: Experimenter messages provide a standard way for OpenFlow switches to offer additional functionality within the OpenFlow message type space.
- 11. Page 11 OpenFlow Channel Connections The OpenFlow channel is used to exchange OpenFlow message between an OpenFlow switch and an OpenFlow controller. A typical OpenFlow controller manages multiple OpenFlow channels, each one to a different OpenFlow switch. An OpenFlow switch may have one OpenFlow channel to a single controller, or multiple channels for reliability, each to a different controller. The OpenFlow channel is usually instantiated as a single network connection between the switch and the controller, using TLS or plain TCP.
- 12. Page 12 Chapter Content Operation Messages Packet Structure Switch Protocol Features 12
- 13. Page 13 Packet Example – Features Request/Reply Message sent by the controller on session establishment Message sent back from the switch to the controller
- 14. Page 14 Packet Example – Packet In / packet Out
- 15. Page 15 Packet Example – Port Statistics
- 16. Page 16 Packet Example – Port Modification
- 17. Page 17 Security The switch and controller may communicate through a TLS connection. The TLS connection is initiated by the switch on startup to the controller, which is listening either on a user-specified TCP port or on the default TCP port 6653 . The switch and controller mutually authenticate by exchanging certificates signed by a site-specific private key. The switch and controller may optionally communicate using plain TCP.
- 18. Page 18 Multiple Controllers The switch may establish communication with a single controller, or may establish communication with multiple controllers. Having multiple controllers improves reliability, as the switch can continue to operate in OpenFlow mode if one controller or controller connection fails. The hand-over between controllers is entirely managed by the controllers themselves, which enables fast recovery from failure and also controller load balancing. The controllers coordinate the management of the switch amongst themselves via mechanisms outside the scope of the present specification
- 19. Page 19 Summary Yoram Orzach yoram@ndi-com.com Thank You!!! Coming soon LIVE on our NEW e-Learning portal