OpenFlow, a network communication protocol, belongs to the data link layer and can control the forwarding plane of the network switch or router, thereby changing the network path of the network packet.
OpenFlow protocol background:
Forwarding and control separation is one of the essential features of SDN networks.In the SDN network architecture, the control plane is separated from the forwarding plane, the management and state of the network are logically grouped together, and the underlying network infrastructure is independent from the application, thereby enabling the network to achieve unprecedented programmable, controllable, and automated capabilities.This makes it easy for users to build highly scalable elastic networks based on business needs. To implement the transfer separation architecture of the SDN network, a communication interface standard needs to be established between the SDN controller and the data forwarding layer.
Anyone who has studied computer networks knows that OSI’s seven-layer architecture is the foundation of modern Internet communications. The SDN proposes a three-tier architecture, and an application layer (service layer), a control layer, and a forwarding layer. There are two outstanding features in this architecture, one is the separation of the control plane and the data plane, and the other is programmability.The digital separation can make the forwarding layer device play the data forwarding capability to a greater extent (and the thin AP is a reason);Programmable can make network devices become Transformers. A device can be a switch, a router, or a firewall or gateway. Device functions are defined by programs.
The Openflow protocol was born in 2006 to a funded project at Stanford University. In 2008, the paper “OpenFlow: Enableable Innovation in Campus Networks” published by Professor Nick McKeown was officially presented.The openflow protocol introduces the concept of “flow”. The controller uses the interface provided by the openflow protocol to deploy the policy to the data plane device according to the characteristics of the first data packet of the “stream” in a communication.That is, the flow table is deployed on the switch. The subsequent traffic of these communications is matched and forwarded on the hardware according to the corresponding flow table, so that the flexible change of the network device in the data forwarding plane is realized, and the function of the network device is no longer static.
The OpenFlow controller is located in the control layer of the SDN architecture and directs the forwarding of devices through the OpenFlow protocol.
NOX is the first true SDN OpenFlow controller developed by Nicira in 2008 and donated to open source organizations. NOX supports OpenFlow V1.0 with an asynchronous, time-based programming model.
The ONOS (Open Network Operating System) controller is the first open source SDN network operating system released by The Open Networking Lab using Java and Apache. It is mainly for service providers and enterprise backbones. ONOS is designed to achieve SDN controllers with high reliability, performance and flexibility.
OpenDaylight is a Linux fund collaboration project led by the open source community, using the Java language to implement an open source framework designed to drive innovation implementation and software-defined network transparency.Faced with an SDN-type network, OpenDaylight has a modular, pluggable, and extremely flexible controller at the heart of the project. It also includes a collection of modules that perform network tasks that require fast completion.
Most open source SDN controllers are based entirely on the OpenFlow protocol because most of their designs are derived from Onix (a distributed controller framework). In contrast, most commercial controllers use OpenFlow in conjunction with other protocols to perform more complex functions.
In the 1.0 version of the openflow protocol, the flow entry is mainly composed of three parts: a packet header field, a counter, and an action table.
The packet header field is the reference for the data packet matching the flow entry, similar to the MAC address of the matching data packet when the traditional switch performs Layer 2 forwarding, or the IP address of the router when the Layer 3 is forwarded.
The packet header field contains 12 network control information of OSI layer 1 to layer 4, such as source MAC, destination MAC, VLAN tag, VLAN priority, source IP, TCP port number, etc.It is because of the rich annotations provided in the header field that the controller can perform more fine-grained control over the stream.
The counter can count the number of times the stream is searched, the time to live, and so on.
The action table is the action corresponding to the corresponding flow, such as forwarding to the local network stack, transferring to the controller, discarding, and the like.
The OpenFlow entry is in the V1.0 phase. There is only a normal unicast entry, which is what we usually call the OpenFlow flow table.With the development of the OpenFlow protocol, more OpenFlow entries are added, such as a Group Table, a Meter Table, etc., to implement more forwarding features and QoS functions.
The narrow OpenFlow flow table refers to OpenFlow unicast entries, and the generalized OpenFlow flow table contains all types of OpenFlow entries.OpenFlow matches and processes messages through user-defined flow tables. All flow entries are organized in different Flow Tables, and are matched in the same Flow Table by the priority of the flow entries. An OpenFlow device can contain one or more Flow Tables.
An OpenFlow entry consists of fields such as Match Fields, Priority, Instructions, and Statistics (such as Counters).
(1) Match Fields
A flow entry matching rule can match the inbound interface, physical inbound interface, data between flow tables, Layer 2 packet header, Layer 3 packet header, and Layer 4 port number.
The priority of a flow entry, which defines the matching order between flow entries and the first match with a high priority.
The statistics of the flow entries counts how many packets and bytes are matched to the flow entry.
(4)Instructions & Actions
A set of flow instruction items (Instructions & Actions) defines the processing required to match the packets of the flow entry. When a packet matches a flow entry, the instruction set contained in each flow entry is executed.These instructions affect the message, the action set, and the pipeline flow. The switch does not need to support all instruction types, and the controller can ask for the type of instructions supported by the OpenFlow switch.
The timeout period of the flow entry, including Idle Time and Hard Time.
Idle Time: If no packet matches the flow entry after the Idle Time expires, the flow entry is deleted.
Hard Time: After the Hard Time expires, the flow entry will be deleted regardless of whether the packet matches the flow entry.
ID of the flow entry delivered by the controller
For more articles you can follow us on: