What is OpenFlow?

What is OpenFlow?

OpenFlow is a protocol, released by the ONF that allows the remote modification of a network switch’s forwarding table.

In other words, the control plane is decoupled from the forwarding plane, enabling network controllers to define the flow of traffic between switches far greater than standard routing or forwarding protocols.

Figure 1. Control plan separation.

OpenFlow Control 3

OpenFlow Model

As previously mentioned OpenFlow works upon a model where the network controller updates the forwarding table (flow tables) on the OpenFlow switch. Each table contains a list of flow entries consisting of match fields such as IP Src, IP Dst, VLAN ID, MAC Src etc.

OpenFlow vs OF-Config

The communication method used between the OF switch and controller can either be OpenFlow or OF-Config. Below outlines the differences,

  • OpenFlow – Limited feature set compared to OF-Config. Used for testing and development.
  • OF-Config – Production grade. Supports encryption, rate-limiting, and logical ports (i.e VXLAN). Uses NETCONF/YANG.

Proactive vs Reactive Flows

There are 2 methods for flow table populations – Proactive and Reactive.

  • Proactive – The controllers adds flows to the switch before they are required.
  • Reactive – Packets that do no match a flow entry are sent to controller. The controller then creates the required flow entry and returns the packet back to the switch.

Packet Flow

When a packet enters the ingress interface the following set of operations take place.

NOTE When matching, the highest priority flow entry succeeds.

  1. The packet header fields are evaluated against table 0.
  2. If there is no match (including no table-miss entry) the packet is dropped.
  3. If there is no match and there is a table-miss entry then perform the defined table-miss action.
  4. If the is a match then,
    • Update counters.
    • Execute instructions.
    • Forwarded to a table further in the pipeline or forwarded out of an egress port.

What is a table-miss entry?

The table-miss entry defines a set of actions that are performed in the event of no match being found for a packet. Actions include,

  • Drop packet.
  • Forward packet out all interfaces.
  • Forward packet to controller. This will result in the controller creating new flows for this traffic or dropping.

Figure 3. Packet Flow.

OpenFlow Packet Flow

Group Tables

A group table allows you to represent a group of ports as a single entity for forwarding packets. Group tables also provide the ability to perform a set of actions on multiple flows, in turn meaning that a set of actions can be modified once, instead of a per flow basis.

Some use cases for this would be for random port selection for load balancing or selecting the first active port within a port range for fail-over.


Message Types

There are 3 message types that can occur between the switch and the controller. They are,

  • Controller-to-Switch – Messages are initiated by the controller, to either request the switches supported features or to update the switch’s configuration.
  • Symmetric – Messages are sent from switch to controller in order to update it to errors, flow updates or port-status changes.
  • Asynchronous – Messages are sent (and initiated) from either the controller of switch. Message examples include HELLO, used within the initial handshake or ECHO messages, used as a keep-alive and/or for confirming the health of the connection (bandwidth/latency) between the controller and switch.

Message Sequence

Figure 4. Message Sequence.

OpenFlow Msg Seq


There are 4 port types available within OpenFlow. They are,

  • Standard Ports – Can be defined as a physical, logical or LOCAL reserved port.
  • Physical Ports – OF switch ports that map directly to a physical switchport.
  • Logical Ports – OF switchports that are not mapped directly to a physical switchport, but instead a logical construct, i.e etherchannel or loopback.
  • Reserved Ports – OF switch ports that define standard OF packet forwarding behavior. Such as flooding, or forwarding packets to the hosts non-OF forwarding engine.

Table Type Patterns (TTP)

A Table Type Pattern (TTP) is an abstract switch model that describes specific switch forwarding behaviors that an OpenFlow controller can program via the OpenFlow-Switch protocol. A TTP represents the flow processing capabilities of an OpenFlow Logical Switch (OFLS).


Here are some other details, points around OpenFlow, that you may find useful.

  • OpFlex – Ciscos implementation of OpenFlow.
  • Mininet – Network simulator which creates a network of virtual hosts, switches, controllers, and links – including OpenFlow switches. You can think of this as GNS3 for OpenFlow switches.
  • FlowGen – Flow generator for OpenFlow virtual switchse (Open vSwitch) – github. It is also worth noting this is what Cisco ACI uses.
Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial