<\/span><\/h2>\nOpenFlow is a protocol, released by the ONF that allows the remote modification of a network switch’s forwarding table.<\/p>\n
In other words, the control plane is decoupled from the forwarding plane, enabling network controllers to define the flow of traffic between switches far greater than standard routing or forwarding protocols.<\/p>\n
Figure 1. Control plan separation.<\/strong><\/p>\n <\/picture><\/p>\n<\/span>OpenFlow Model<\/span><\/h2>\nAs previously mentioned OpenFlow works upon a model where the network controller updates the forwarding table (flow tables) on the OpenFlow switch. Each table contains a list of flow entries consisting of match fields such as IP Src, IP Dst, VLAN ID, MAC Src etc.<\/p>\n
<\/span>OpenFlow vs OF-Config<\/span><\/h3>\nThe communication method used between the OF switch and controller can either be OpenFlow or OF-Config. Below outlines the differences,<\/p>\n
\nOpenFlow<\/strong> – Limited feature set compared to OF-Config. Used for testing and development.<\/li>\nOF-Config<\/strong> – Production grade. Supports encryption, rate-limiting, and logical ports (i.e VXLAN). Uses NETCONF\/YANG.<\/li>\n<\/ul>\n<\/span>Proactive vs Reactive Flows<\/span><\/h2>\nThere are 2 methods for flow table populations – Proactive<\/strong> and Reactive<\/strong>.<\/p>\n\nProactive<\/strong> – The controllers adds flows to the switch before they are required.<\/li>\nReactive<\/strong> – Packets that do no match a flow entry are sent to controller. The controller then creates the required flow entry and returns the packet back to the switch.<\/li>\n<\/ul>\n<\/span>Packet Flow<\/span><\/h2>\nWhen a packet enters the ingress interface the following set of operations take place.<\/p>\n
NOTE <\/span> When matching, the highest priority flow entry succeeds.<\/p>\n\nThe packet header fields are evaluated against table 0.<\/li>\n If there is no match (including no table-miss entry) the packet is dropped.<\/li>\n If there is no match and there is a table-miss entry then perform the defined table-miss action.<\/li>\n If the is a match then,\n\nUpdate counters.<\/li>\n Execute instructions.<\/li>\n Forwarded to a table further in the pipeline or forwarded out of an egress port.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<\/span>What is a table-miss entry?<\/span><\/h3>\nThe table-miss entry defines a set of actions that are performed in the event of no match being found for a packet. Actions include,<\/p>\n
\nDrop packet.<\/li>\n Forward packet out all interfaces.<\/li>\n Forward packet to controller. This will result in the controller creating new flows for this traffic or dropping.<\/li>\n<\/ul>\nFigure 3. Packet Flow.<\/strong><\/p>\n <\/picture><\/p>\n<\/span>Group Tables<\/span><\/h2>\nA group table allows you to represent a group of ports as a single entity for forwarding packets. Group tables also provide the ability to perform a set of actions on multiple flows, in turn meaning that a set of actions can be modified once, instead of a per flow basis.<\/p>\n
Some use cases for this would be for random port selection for load balancing or selecting the first active port within a port range for fail-over.<\/p>\n