PicOS Support for OpenFlow 1.3
- Tracy Yang (Unlicensed)
The following table contains OpenFlow 1.3 features supported by PicOS. For clarity, the feature names in this table are identical to the feature names found in OpenFlow Switch Specification Version 1.3.0.
Table 1 OpenFlow 1.3 Features Supported by PicOS
OpenFlow V1.3 Section # | Title | Features | Additional Feature Specification | R2.0OVS | R2.0XF TCAM | R2.1OVS | R2.1XF TCAM | R2.0 Limitation |
1 | Introduction | NA |
|
|
|
|
|
|
2 | Switch Components | Flow tables |
| Y | Y | Y | Y |
|
|
| Group table |
| Y | N | Y | Y | Select & fast Fail over are not supported |
3 | Glossary |
|
|
|
|
|
|
|
4 | OpenFlow Ports | See Section 4.3 - 4.5 |
| Y | Y | Y | Y |
|
4.1 | OpenFlow Ports | See Section 4.3 - 4.5 |
| Y | Y | Y | Y |
|
4.2 | Standard Ports | See Section 4.3 - 4.5 |
| Y | Y | Y | Y |
|
4.3 | Physical Ports | Ingress | OpenFlow packets are received on an ingress port, processed by the OpenFlow pipeline. The packet ingress port is a property of the packet throughout the OpenFlow pipeline and represents the OpenFlow port on which the packet was received into the OpenFlow switch | Y | Y | Y | Y |
|
|
| Output | The OpenFlow pipeline can decide to send the packet on an output port using the output action (see 5.9), which defines how the packets goes back to the network | Y | Y | Y | Y |
|
|
| Groups |
| Y | Y | Y | Y |
|
|
| Hardware interface |
| N | N | N | N |
|
|
| Virtual slicing of hardware interface |
| Y | Y | Y | Y |
|
4.4 | Logical Ports | Logical ports are switch defined ports that don't correspond directly to a hardware interface of the switch | Logical ports are higher level abstractions that may be defined in the switch using non-OpenFlow methods |
|
|
|
|
|
|
|
| LAG | Y | N | Y | Y |
|
|
|
| Tunnels | Y | N | Y | N |
|
|
|
| Loopback interface | N | N | N | N |
|
|
| Ingress |
| Y | Y | Y | Y |
|
|
| Output |
| Y | Y | Y | Y |
|
|
| Groups |
| Y |
| Y | Y |
|
|
| Map to various physical port |
| N | N | N | N |
|
|
| PACKET_IN reports logical port and its underlying physical port (GRE & LAG) |
| N | N | N | N | only logical port |
4.5 | Local Reserved Port | Ingress |
| N | N | N | N |
|
|
| Output |
| Y | Y | Y | Y |
|
|
| Groups |
| Y | N | Y | Y |
|
|
| ALL | Only as an output port | Y | Y | Y | Y |
|
|
| CONTROLLER | Represent the control channel with the OpenFlow controller | Y | Y | Y | Y |
|
|
| TABLE | Represent the start of the OpenFlow pipeline | Y | Y | Y | Y |
|
|
| IN_PORT | Used only as an output port, send the packet out its ingress port | N | N | N | N |
|
|
| ANY | Cannot be used as an ingress port nor as an output port | Y | Y | Y | Y |
|
|
| LOCAL | Represent the switch's local networking stack. Can be used as an ingress port or as an output port | Y | Y | Y | Y | Linux networking stack |
|
|
| The local port enables remote entities to interact with the switch via the OpenFlow network, rather than via a separate control network. it can be used to implement an in-band controller connection |
|
|
|
|
|
|
| NORMAL | Non-OpenFlow pipelineused only as an output port | N | N | N | Y |
|
|
| FLOOD | Flooding using the normal pipeline of the switch, used only as an output port | Y | Y | Y | Y |
|
|
|
| Packet out all standard ports | Y | Y | Y | Y |
|
|
|
| But not to the ingress port or ports that are in OFPPS_BLOCKED state | Y | Y | Y | Y |
|
5 | OpenFlow Tables |
|
|
|
|
|
|
|
5.1 | Pipeline Processing | OpenFlow-only | All packets are processed by the OpenFlow pipeline | Y | N | Y | Y | Software Implementation for ARP match/action, multiple tables |
|
| OpenFlow-hybrid | OpenFlow operation and normal Ethernet switching operation | N | N | N | Y |
|
|
|
| VLAN tag to decide whether to process the packet using which pipeline | N | N | N | N | Port based since R2.0 |
|
|
| Input port to decide whether to process the packet using which pipeline | N | N | N | N |
|
|
|
| Allow a packet to go from the OpenFlow pipeline to the normal pipeline through the NORMAL and FLOOD reserved ports | N | Y | N | Y |
|
|
| Multiple flow tables |
| Y | N | Y | Y | Multiple flow tables are logical tables maintained by software, then mergered & installed in one physical flow table. Certain restrictions of flow rule across tables are prohibited (e.g., modify field in table 1 then matched in table 2, error should returned) |
|
| Sequentially numbered, starting at 0. |
| Y | Y | Y | Y |
|
|
| Only go forward and not backward |
| Y | Y | Y | Y |
|
|
| Last table of the pipeline can not include the Goto instruction |
| Y | N | Y | Y |
|
|
| Table miss behavior configuration | Send packets to the controller | Y | Y | Y | Y |
|
|
|
| Drop the packet | Y | Y | Y | Y |
|
|
|
| The packet is processed by the next sequentially numbered table | N | N | N | N |
|
|
|
| The packet is processed by L2/L3 pipelines | N | N | N | N |
|
5.2 | Flow Table | Flow table entry | Match fields | Y | Y | Y | Y | set vlans dot1q-tunneling egress t2 from customer-vlan 10 |
|
|
| Counters | Y | Y | Y | Y | set vlans dot1q-tunneling egress t2 from service-vlan 200 |
|
|
| Instructions | Y | Y | Y | Y | set vlans dot1q-tunneling egress t2 then action change |
|
|
|
|
|
|
|
| set vlans dot1q-tunneling egress t2 then service-vlan 100 |
5.3 | Matching | Packet headers |
| Y | Y | Y | Y |
|
|
| Ingress port |
| Y | Y | Y | Y |
|
|
| Metadata fields | Used to pass information between tables | N | N | N | N |
|
|
| State transition | Actions applied in a previous table using the Apply-Actions are reflected in the packet match field | N | N | N | N |
|
|
| Support ANY | Matches all possible values in the header | Y | Y | Y | Y |
|
|
| Support arbitrary bitmasks on specific match fields |
| Y | Y | Y | Y |
|
|
| Select highest priority flow entry |
| Y | Y | Y | Y |
|
|
| Counters associated with the selected flow entry must be updated |
| Y | Y | Y | Y |
|
|
| CHECK_OVERLAP bit on flow mod messages to avoid overlapping entries |
| Y | N | Y | Y | software check |
|
| Multiple matching flow entries with the same highest priority |
| N | N | N | N | Chip limitation |
|
| Support OFPC_FRAG_REASM flag | IP fragments must be reassembled before pipeline processing | N | N | N | N |
|
|
| Behavior when a switch receives a corrupted packet |
| N | N | N | N |
|
|
|
|
|
|
|
|
|
|
5.4 | Group Table | Group identifier | A 32 bit unsigned integer | Y | N | Y | Y |
|
|
| Group type | To determine group semantics | Y | N | Y | Y | Select, indirect, fast failover group table types are not supported |
|
| Counters | Updated when packets are processed by a group | Y | N | Y | Y |
|
|
| Action buckets | An ordered list of action buckets | Y | N | Y | Y |
|
|
|
|
|
|
|
|
|
|
5.4.1 | Group Types | All | Execute all buckets in the group for multicast or broadcast | Y | N | Y | Y |
|
|
|
| Packet clone is dropped if a bucket directs a packet explicitly out the ingress port | Y | N | Y | Y |
|
|
|
| Support output action to the OFPP_IN_PORT reserved port | Y | N | Y | Y |
|
|
| Select | Execute one bucket in the group based on a switch-computed selection algorithm | N | N | Y | Y |
|
|
| Indirect | Execute the one defined bucket in this group | Y | Y | Y | Y |
|
|
| Fast failover | Execute the first live bucket which is associated with a live port/group is selected | Y | Y | Y | Y |
|
| ECMP |
| Hashing | N | N | Y | Y | Restrcicted match & actions |
|
|
| Round robin | N | N | N | N |
|
|
|
|
|
|
|
|
|
|
5.5 | Per Table Counters | Reference count (active entries) | 32 bits | N | N | N | N |
|
|
| Packet Lookups | 64 bits | N | N | N | N |
|
|
| Packet Matches | 64 bits | N | N | N | N |
|
| Per Flow Counters | Received Packets | 64 bits | N | N | N | N |
|
|
| Received Bytes | 64 bits | Y | Y | Y | Y |
|
|
| Duration (seconds) | 32 bits | Y | Y | Y | Y |
|
|
| Duration (nanoseconds) | 32 bits | N | N | N | N |
|
| Per Port Counters | Received Packets | 64 bits | Y | Y | Y | Y |
|
|
| Transmitted Packets | 64 bits | Y | Y | Y | Y |
|
|
| Received Bytes | 64 bits | Y | Y | Y | Y |
|
|
| Transmitted Bytes | 64 bits | Y | Y | Y | Y |
|
|
| Receive Drops | 64 bits | Y | Y | Y | Y |
|
|
| Transmit Drops | 64 bits | Y | Y | Y | Y |
|
|
| Receive Errors | 64 bits | Y | Y | Y | Y |
|
|
| Transmit Errors | 64 bits | Y | Y | Y | Y |
|
|
| Receive Frame Alignment Errors | 64 bits | Y | Y | Y | Y |
|
|
| Receive Overrun Errors | 64 bits | Y | Y | Y | Y |
|
|
| Receive CRC Errors | 64 bits | Y | Y | Y | Y |
|
|
| Collisions | 64 bits | Y | Y | Y | Y |
|
| Per Queue Counters | Transmit Packets | 64 bits | N | N | N | N |
|
|
| Transmit Bytes | 64 bits | N | N | N | N |
|
|
| Transmit Overrun Errors | 64 bits | N | N | N | N |
|
| Per Group Counters | Reference Count (flow entries) | 32 bits | Y | Y | Y | Y |
|
|
| Packet Count | 64 bits | N | N | N | N |
|
|
| Byte Count | 64 bits | Y | Y | Y | Y |
|
| Per Bucket Counters | Packet Count | 64 bits | N | N | N | N |
|
|
| Byte Count | 64 bits | N | N | N | N |
|
|
|
|
|
|
|
|
|
|
5.6 | Instructions | The controller can query the switch about which of the "Optional Instruction" it supports |
| Y | Y | Y | Y |
|
|
| Apply-Actions action(s) | Applies the specific action(s) immediately, without any change to the Action Set | Y | Y | Y | Y | All of these feature are implemented by software |
|
| Clear-Actions | Clears all the actions in the action set immediately | N | N | N | N |
|
|
| Write-Actions action(s) | Merges the specified action(s) into the current action set | N | N | N | N |
|
|
| Write-Metadata metadata / mask | Writes the masked metadata value into the metadata field | N | N | N | N |
|
|
| Goto-Table next-table-id | Indicates the next table in the processing pipeline | Y | Y | Y | Y |
|
|
| Clear-Actions instruction is executed before the Write-Actions instruction |
| N | N | N | N |
|
|
| Goto-Table is executed last |
| Y | Y | Y | Y |
|
|
| Reject a flow entry if it is unable to execute the instructions and return an unsupported flow error |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
5.7 | Action Set | Action set is associated with each packet |
| Y | Y | Y | Y | All of these feature are implemented by software |
|
| Set is empty by default |
| Y | Y | Y | Y |
|
|
| Action set is carried between flow tables |
| Y | Y | Y | Y |
|
|
| When the instruction set of a flow entry does not contain a Goto-Table instruction, pipeline processing stops and the actions in the action set of the packet are executed |
| Y | Y | Y | Y |
|
|
| Action set contains a maximum of one action of each type |
| Y | Y | Y | Y |
|
|
| The actions in an action set are applied in the order specified below |
| Y | Y | Y | Y |
|
|
| 1. copy TTL inwards |
| N | N | N | N |
|
|
| 2. pop |
| Y | Y | Y | Y |
|
|
| 3. push |
| Y | Y | Y | Y |
|
|
| 4. copy TTL outwards |
| N | N | N | N |
|
|
| 5. decrement TTL |
| N | N | N | N |
|
|
| 6. set |
| Y | Y | Y | Y |
|
|
| 7. qos |
| Y | N | Y | N |
|
|
| 8. group | If a group action is specified, apply the actions of the relevant group bucket(s) in the order specified by this list. | Y | N | Y | Y |
|
|
| 9. output | If no group action is specified, forward the packet on the port specified by the output action. The output action in the action set is executed last. | Y | Y | Y | Y |
|
|
|
| If both an output action and a group action are specified in an action set, the output action is ignored and the group action takes precedence. | Y | Y | Y | Y |
|
|
|
| If no output action and no group action were specified in an action set, the packet is dropped. | Y | Y | Y | Y |
|
|
|
| The execution of groups is recursive if the switch supports it; a group bucket may specify another group, in which case the execution of actions traverses all the groups specified by the group configuration. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
5.8 | Action List | Apply-Actions instruction and the Packet-out message include an action list | The actions of an action list are executed in the order specified by the list, and are applied immediately to the packet. | Y | Y | Y | Y |
|
|
|
| The effect of those actions is cumulative. | Y | Y | Y | Y |
|
|
|
| If the action list contains an output action, a copy of the packet is forwarded in its current state to the desired port. | Y | Y | Y | Y |
|
|
|
| If the list contains a group actions, a copy of the packet in its current state is processed by the relevant group buckets. | N | N | Y | Y |
|
|
|
|
|
|
|
|
|
|
5.9 | Actions | The controller can also query the switch about which of the "Optional Action" it supports |
| Y | Y | Y | Y |
|
|
| Output | Support forwarding to physical ports, switch-defined logical ports and the required reserved ports. | Y | Y | Y | Y |
|
|
| Set-Queue | The set-queue action sets the queue ID for a packet and is used to provide basic Quality-of-Service (QoS) support. | Y | Y | Y | Y |
|
|
| Drop |
| Y | Y | Y | Y |
|
|
| Group |
| Y | Y | Y | Y |
|
|
| Push-Tag/Pop-Tag | Order of header fields - Ethernet, VLAN, MPLS, ARP/IP, TCP/UDP/SCTP (IP-only). | Y | Y | Y | Y |
|
|
| Push VLAN header | Push a new VLAN header onto the packet. The Ethertype is used as the Ethertype for the tag. Only Ethertype 0x8100 and 0x88a8 should be used. | N | N | Y | N | VCAP implementation, VLAN only actions allowed |
|
| Pop VLAN header | Pop the outer-most VLAN header from the packet. | N | N | Y | N |
|
|
| Push MPLS header | Push a new MPLS shim header onto the packet. Only Ethertype 0x8847 and 0x8848 should be used. | Y | Y | Y | Y |
|
|
| Pop MPLS header | Pop the outer-most MPLS tag or shim header from the packet. | Y | Y | Y | Y |
|
|
| Set-Field |
|
|
|
|
|
|
|
| Set VLAN ID |
| Y | Y | Y | Y |
|
|
| Strip VLAN ID |
| N | N | Y | N | Use reserved VLAN ID 4095 as special VLAN for stripping, 2 VLAN tags are supported |
|
| Change-TTL | Modify the values of the IPv4 TTL, IPv6 Hop Limit or MPLS TTL in the packet. | N | N | N | N |
|
|
|
| If it is supported, applied to the outermost-possible header. | N | N | N | N |
|
|
| Set MPLS TTL | 8 bits: New MPLS TTL, Replace the existing MPLS TTL. Only applies to packets with an existing MPLS shim header. | Y | Y | Y | Y |
|
|
| Decrement MPLS TTL | Decrement the MPLS TTL. Only applies to packets withan existing MPLS shim header. | Y | Y | Y | Y |
|
|
| Set IP TTL | Replace the existing IPv4 TTL or IPv6 Hop Limit and update the IP checksum. Only applies to IPv4 and IPv6 packets. | N | N | N | N |
|
|
| Decrement IP TTL | Decrement the IPv4 TTL or IPv6 Hop Limit field and update the IP checksum. Only applies to IPv4 and IPv6 packets. | N | N | N | N |
|
|
| Copy TTL outwards | Copy the TTL from next-to-outermost to outermost header with TTL. Copy can be IP-to-IP, MPLS-to-MPLS, or IP-to-MPLS. | N | N | N | N |
|
|
| Copy TTL inwards | Copy the TTL from outermost to next-to-outermost header with TTL. Copy can be IP-to-IP, MPLS-to-MPLS, or MPLS-to-IP. | N | N | N | N |
|
|
|
|
|
|
|
|
|
|
5.9.1 | Default Values (for Fields on Push | Field values for all fields specified in Table 6 should be copied from existing outer headers to new outer headers | VLAN ID ← VLAN ID | Y | Y | Y | N |
|
|
| New fields listed in Table 6 without corresponding existing fields should be set to zero | VLAN priority ← VLAN priority | Y | Y | Y | N |
|
|
| Fields in new headers may be overridden by specifying a "set" action for the appropriate field(s) after the push operation | MPLS label ← MPLS label | Y | N | Y | N |
|
|
|
| MPLS traffic class ← MPLS traffic class | N | N | N | N |
|
|
|
| MPLS TTL ← MPLS TTL & IP TTL | N | N | N | N |
|
|
|
|
|
|
|
|
|
|
6 | OpenFlow Channel | Encrypted using TLS |
| Y | Y | Y | Y |
|
|
| Directly over TCP |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
6.1 | OpenFlow Protocol Overview | Controller-to-switch message type | Initiated by the controller and used to directly manage or inspect the state of the switch. | Y | Y | Y | Y |
|
|
| Asynchronous message type | Initiated by the switch and used to update the controller of network events and changes to the switch state. | Y | Y | Y | Y |
|
|
| Symmetric message type | Initiated by either the switch or the controller and sent without solicitation. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
6.1.1 | Controller-to-Switch | Features | Request the capabilities of a switch; the switch must respond with a features reply. | Y | Y | Y | Y |
|
|
| Configuration | Set and query configuration parameters in the switch; switch only responds to a query from the controller. | Y | Y | Y | Y |
|
|
| Modify-State | Add, delete and modify flow/group entries in the OpenFlow tables and to set switch port properties. | Y | Y | Y | Y |
|
|
| Read-State | Used by the controller to collect statistics from the switch. | Y | Y | Y | Y |
|
|
| Packet-out | Used by the controller to send packets out of a specified port on the switch, and to forward packets received via Packet-in messages. | Y | Y | Y | Y |
|
|
| Barrier | Barrier request/reply messages are used by the controller to ensure message dependencies have been met or to receive notifications for completed operations. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
6.1.2 | Asynchronous | Switches send asynchronous messages to controllers to denote a packet arrival, switch state change, or error |
|
|
|
|
|
|
|
| Packet-in | For all packets that do not have a matching flow entry, the if table configuration is configured for packets forwarded to the CONTROLLER reserved port, a packet-in event is always sent to controllers. | Y | Y | Y | Y |
|
|
|
| If the packet-in event is configured to buffer packets then the packet-in events contain some fraction of the packet header and a buffer ID to be used by a controller when it is ready for the switch to forward the packet. | Y | Y | Y | Y |
|
|
|
| If the packet is buffered, the number of bytes of the original packet to include in the packet-in can be configured. By default, it is 128 bytes. | Y | Y | Y | Y |
|
|
|
| Or table miss it can be configured in the switch configuration. | Y | Y | Y | Y |
|
|
|
| For packet forwarded to the controller it can be configured in the output action. | Y | Y | Y | Y |
|
|
| Flow-Removed | Only sent for flow with the OFPFF_SEND_FLOW_REM flag set. | Y | Y | Y | Y |
|
|
|
| Generated as the result of a controller flow delete requests or the switch flow expiry process when one of the flow timeout is exceeded. | Y | Y | Y | Y |
|
|
| Port-status | Send port-status messages to controllers as port configuration or port state changes. | Y | Y | Y | Y |
|
|
| Error | Notify controllers of problems using error messages. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
6.1.3 | Symmetric | Sent without solicitation, in either direction |
|
|
|
|
|
|
|
| Hello | Exchanged between the switch and controller upon connection startup. | Y | Y | Y | Y |
|
|
| Echo | Sent from either the switch or the controller, and must return an echo reply. | Y | Y | Y | Y |
|
|
| Experimenter | A standard way for OpenFlow switches to offer additional functionality within the OpenFlow message type space. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
6.2 | Connection Setup | Establish communication with a controller at a user-configurable (but otherwise fixed) IP address, using a user-specified port | Traffic to and from the OpenFlow channel is not run through the OpenFlow pipeline. Therefore, the switch must identify incoming traffic as local before checking it against the flow tables. | Y | Y | Y | Y |
|
|
|
| Each side of the connection must immediately send an OFPT_HELLO message with the version field set to the highest OpenFlow protocol version supported by the sender. | Y | Y | Y | Y |
|
|
|
| The recipient may calculate the OpenFlow protocol version to be used as the smaller of the version number that it sent and the one that it received. | Y | Y | Y | Y |
|
|
|
| If the negotiated version is not supported by the recipient, the recipient must reply with an OFPT_ERROR message with a type field of OFPET_HELLO_FAILED, a code field of OFPHFC_COMPATIBLE, and then terminate the connection. | Y | Y | Y | Y |
|
|
|
| Optionally an ASCII string explaining the situation in data. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
6.3 | Multiple Controllers | Establish communication withmultiple controllers | Controller fail-over. | Y | Y | Y | Y | Active & Standby controllers |
|
|
| Controller load balancing. | N | N | N | N |
|
|
|
| Switch virtualisation. | Y | Y | Y | Y |
|
|
|
| Switch must connect to all controllers it is configured with, and try to maintain connection with all of them concurrently. | Y | Y | Y | Y |
|
|
|
| The reply or error messages related to those command must only be sent on the controller connection associated with that command. | Y | Y | Y | Y |
|
|
|
| Asynchronous messages may need to be send to multiple controllers, the message is duplicated for each eligible controller connection and each message sent when the respective controller connection allows it. | Y | Y | Y | Y |
|
|
| The default role of a controller is OFPCR_ROLE_EQUAL | Controller has full access to the switch and is equal to other controllers in the same role. | Y | Y | Y | Y |
|
|
|
| Controller receives all the switch asynchronous messages (such as packet-in, flow-removed). | Y | Y | Y | Y |
|
|
|
| The controller can send controller-to-switch commands to modify the state of the switch. | Y | Y | Y | Y |
|
|
|
| The switch does not do any arbitration or resource sharing between controllers. | Y | Y | Y | Y |
|
|
| Controller can request its role to be changed to OFPCR_ROLE_SLAVE | Controller has read-only access to the switch. | Y | Y | Y | Y |
|
|
|
| Controller does not receive switch asynchronous messages, apart from Port-status messages. | Y | Y | Y | Y |
|
|
|
| The controller is denied ability to send controller-to-switch commands that modify the state of the switch, OFPT_PACKET_OUT, OFPT_FLOW_MOD, OFPT_GROUP_MOD, OFPT_PORT_MODand OFPT_TABLE_MOD. | Y | Y | Y | Y |
|
|
|
| If the controller sends one of those commands, the switch must reply with an OFPT_ERROR message with a type field of OFPET_BAD_REQUEST, a code field of OFPBRC_IS_SLAVE. | Y | Y | Y | Y |
|
|
|
| Othercontroller-to-switch messages, such as OFPT_STATS_REQUEST and OFPT_ROLE_REQUEST, should be processed normally. | Y | Y | Y | Y |
|
|
| A controller can request its role to be changed to OFPCR_ROLE_MASTER | The switch makes sure there is only a single controller in this role. | Y | Y | Y | Y |
|
|
|
| When a controller change its role to OFPCR_ROLE_MASTER, the switch change all other controllers which role is OFPCR_ROLE_MASTER to have the role OFPCR_ROLE_SLAVE. | Y | Y | Y | Y |
|
|
|
| When the switch perform such role change, no message is generated to the controller which role is changed (in most case that controller is no longer reachable). | Y | Y | Y | Y |
|
|
| A switch may be simultaneously connected to multiple controllers in Equal state, multiple controllers in Slave state, and at most one controller in Master state | Each controller may communicate its role to the switch via a OFPT_ROLE_REQUEST message, and the switch must remember the role of each controller connection. A controller may change role at any time. | Y | Y | Y | Y |
|
|
|
| To detect out-of-order messages during a master/slave transition, the OFPT_ROLE_REQUEST message contains a 64-bit sequence number field, generation_id, that identifies a given mastership view. | Y | Y | Y | Y |
|
|
| On receiving a OFPT_ROLE_REQUEST with role equal to OFPCR_ROLE_MASTER or OFPCR_ROLE_SLAVEthe switch must compare the generation_id in the message against the largest generation id seen sofar | A message with a generation_id smaller than a previously seen generation id must be considered stale and discarded. The switch must respond to stale messages with an error message with typeOFPET_ROLE_REQUEST_FAILED and code OFPRRFC_STALE. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
6.4 | Connection Interruption | A switch loses contact with all controllers, the switch should immediately enter either "fail secure mode" or "fail standalone mode" | In "fail secure mode", the only change to switch behavior is that packets and messages destined to the controllers are dropped. | Y | Y | Y | Y |
|
|
|
| Flows should continue to expire according to their timeouts in "fail secure mode." | Y | Y | Y | Y |
|
|
|
| In "fail standalone mode," the switch processes all packets using the OFPP_NORMAL port; in other words, the switch acts as a legacy Ethernet switch or router. | Y | Y | Y | Y |
|
|
|
| Upon connecting to a controller again, the existing flow entries remain. | Y | Y | Y | Y |
|
|
|
| The controller then has the option of deleting all flow entries, if desired. | Y | Y | Y | Y |
|
|
| The first time a switch starts up, it will operate in either "fail secure mode" or "fail standalone mode" mode, until is successfully connects to a controller |
| Y | Y | Y | Y |
|
6.5 | Encryption | The switch and controller may communicate through a TLS connection | The TLS connection is initiated by the switch on startup to the controller, which is located by default on TCP port 6633 | Y | Y | Y | Y |
|
|
|
| Each switch must be user-configurable with one certificate for authenticating the controller (controller certificate) and the other for authenticating to the controller (switch certificate) | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
6.6 | Message Handling | Message Delivery | Messages are guaranteed delivery, unless the connection fails entirely. | Y | Y | Y | Y |
|
|
| Message Processing | Switches must process every message received from a controller in full, possibly generating a reply. | Y | Y | Y | Y |
|
|
|
| If a switch cannot completely process a message received from a controller, it must send back an error message. | Y | Y | Y | Y |
|
|
|
| Switches must send to the controller all asynchronous messages generated by internal state changes, such as flow-removed or packet-in messages. | Y | Y | Y | Y |
|
| Message Ordering | Ordering can be ensured through the use of barrier messages | In the absence of barrier messages, switches may arbitrarily reorder messages to maximize performance. | N | N | N | N |
|
|
|
| Messages must not be reordered across a barrier message and the barrier message must be processed only when all prior messages have been processed. | Y | Y | Y | Y |
|
|
|
| Messages before a barrier must be fully processed before the barrier, including sending any resulting replies or errors. | Y | Y | Y | Y |
|
|
|
| The barrier must then be processed and a barrier reply sent. | Y | Y | Y | Y |
|
|
|
| Messages after the barrier may then begin processing. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
6.7 | Flow Table Modification Messages | OFPFC_ADD | For add requests (OFPFC_ADD) with the OFPFF_CHECK_OVERLAP flag set, the switch must first check for any overlapping flow entries in the requested table | Y | Y | Y | Y |
|
|
|
| If an overlap conflict exists between an existing flow entry and the add request, the switch must refuse the addition and respond with an ofp_error_msg with OFPET_FLOW_MOD_FAILED type and OFPFMFC_OVERLAP code | Y | Y | Y | Y |
|
|
|
| If a flow entry with identical match fields and priority already resides in the requested table, then that entry, including its duration, must be cleared from the table, and the newflow entry added | Y | Y | Y | Y |
|
|
|
| If the OFPFF_RESET_COUNTS flag is set, the flow entry counters must be cleared, otherwise they should be copied from the replaced flow | N | N | N | N |
|
|
|
| No flow-removed message is generated for the flow entry eliminated as part of an add request; if the controller wants a flow-removed message it should explicitly send a DELETE STRICT for the old flow prior to adding the new one | Y | Y | Y | Y |
|
|
|
| If a switch cannot find any space in the requested table in which to add the incoming flow entry, the switch should send an ofp_error_msg with OFPET_FLOW_MOD_FAILED type and OFPFMFC_TABLE_FULL code. | N | N | N | N |
|
|
| OFPFC_MODIFY or OFPFC_MODIFY_STRICT | If a matching entry exists in the table, the instructions field of this entry is updated with the value from the request, whereas its cookie, idle_timeout, hard_timeout, flags, counters and duration fields are left unchanged. | Y | Y | Y | Y |
|
|
|
| If the OFPFF_RESET_COUNTS flag is set, the flow entry counters must be cleared. | N | N | N | N |
|
|
|
| If no flow currently residing in the requested table matches the request, no error is recorded, and no flow table modification occurs. | Y | Y | Y | Y |
|
|
|
| In the strict versions, the set of match fields, all match fields, including their masks, and the priority, are strictly matched against the entry, and only an identical flow is modified or removed. | Y | Y | Y | Y |
|
|
|
| If the match in a flow mod specifies an arbitrary bitmask for another field which the switch cannot support, the switch must return an ofp_error_msg with OFPET_BAD_MATCH type and OFPBMC_BAD_MASK code. | Y | Y | Y | Y |
|
|
|
| If the match in a flow mod specifies values that cannot be matched, for example, a VLAN ID greater than 4095 and not one of the reserved values, or a DSCP value with one of the two higher bits set, the switch must return an ofp_error_msg with OFPET_BAD_MATCH type and OFPBMC_BAD_VALUE code. | Y | Y | Y | Y |
|
|
|
| If the match in a flow mod message specifies a field that is unsupported in the table, the switch must return an ofp_error_msg with OFPET_BAD_MATCH type and OFPBMC_BAD_FIELD code. | Y | Y | Y | Y |
|
|
|
| If the match in a flow mod message specifies a field more than once, the switch must return an ofp_error_msg with OFPET_BAD_MATCH type and OFPBMC_DUP_FIELD code. | Y | Y | Y | Y |
|
|
|
| If the match in a flow mod message specifies a field but fail to specify its associated prerequisites, for example specifies an IPv4 address without matching the EtherType to 0x800, the switch must return an ofp_error_msg with OFPET_BAD_MATCH type and OFPBMC_BAD_PREREQ code. | Y | Y | Y | Y |
|
|
|
| If the match in a flow mod specifies an arbitrary bitmask for either the datalink or network addresses which the switch cannot support, the switch must return an ofp_error_msg with OFPET_BAD_MATCH type and either OFPBMC_BAD_DL_ADDR_MASK or OFPBMC_BAD_NW_ADDR_MASK. | Y | Y | Y | Y |
|
|
|
| If an action in a flow mod message references a group that is not currently defined on the switch, or is a reserved group, such as OFPG_ALL, the switch must return an ofp_error_msg with OFPET_BAD_ACTION type and OFPBAC_BAD_OUT_GROUP code. | Y | Y | Y | Y |
|
|
|
| If an action in a flow mod message has a value that is invalid, for example a Set VLAN ID action with value greater than 4095, or a Push action with an invalid Ethertype, the switch should return an ofp_error_msg with OFPET_BAD_ACTION type and OFPBAC_BAD_ARGUMENT code. | Y | Y | Y | Y |
|
|
|
| If an action in a flow mod message performs an operation which is inconsistent with the match, for example, a pop VLAN action with a match specifying no VLAN, or a set IPv4 address action with a match wildcarding the Ethertype, the switch may optionally reject the flow and immediately return an ofp_error_msg with OFPET_BAD_ACTION type and OFPBAC_MATCH_INCONSISTENT code. | Y | Y | Y | Y |
|
|
|
| If any other errors occur during the processing of the flow mod message, the switch may return an ofp_error_msg with OFPET_FLOW_MOD_FAILED type and OFPFMC_UNKNOWN code. | Y | Y | Y | Y |
|
|
| OFPFC_DELETE or OFPFC_DELETE_STRICT | If a matching entry exists in the table, it must be deleted. | Y | Y | Y | Y |
|
|
|
| If the entry has the OFPFF_SEND_FLOW_REM flag set, it should generate a flow removed message. | Y | Y | Y | Y |
|
|
|
| If no flow currently residing in the requested table matches the request, no error is recorded, and no flow table modification occurs. | Y | Y | Y | Y |
|
|
|
| In the strict versions, the set of match fields, all match fields, including their masks, and the priority, are strictly matched against the entry, and only an identical flow is modified or removed. | Y | Y | Y | Y |
|
|
|
| For non-strict modify and delete commands, all flows that match the flow mod description are modified or removed. | Y | Y | Y | Y |
|
|
|
| In the non-strict versions, a match will occur when a flow entry exactly matches or is more specific than the description in the flow mod command; in the flow mod the missing match fields are wildcarded, field masks are active, and other flow mod fields such as priority are ignored. | Y | Y | Y | Y |
|
|
|
| Delete commands can be optionally filtered by destination group or output port. | N | N | N | N |
|
|
|
| If the out_port field contains a value other than OFPP_ANY, it introduces a constraint when matching. | Y | Y | Y | Y |
|
|
|
| Modify and delete commands can also be filtered by cookie value. | Y | Y | Y | Y |
|
|
|
| Delete commands can use the OFPTT_ALL value for table-id to indicate that matching flows are to be deleted from all flow tables. | Y | Y | Y | Y |
|
|
|
| If the flow modification message specifies an invalid table-id, the switch should send an ofp_error_msg with OFPET_FLOW_MOD_FAILED type and OFPFMFC_BAD_TABLE_ID code. | Y | Y | Y | Y |
|
|
|
| If the instructions requested in a flow mod message are unknown the switch must return an ofp_error_msg with OFPET_BAD_INSTRUCTION type and OFPBIC_UNKNOWN_INST code. | Y | Y | Y | Y |
|
|
|
| If the instructions requested in a flow mod message are unsupported the switch must return an ofp_error_msg with OFPET_BAD_INSTRUCTION type and OFPBIC_UNSUP_INST code. | Y | Y | Y | Y |
|
|
|
| If the instructions requested contain a Goto-Table and the next-table-id refers to an invalid table the switch must return an ofp_error_msg with OFPET_BAD_INSTRUCTION type and OFPBIC_BAD_TABLE_ID code. | Y | Y | Y | Y |
|
|
|
| If the instructions requested contain a Write-Metadata and the metadata value or metadata mask value is unsupported then the switch must return an ofp_error_msg with OFPET_BAD_INSTRUCTION type and OFPBIC_UNSUP_METADATA or OFPBIC_UNSUP_METADATA_MASK code. | Y | Y | Y | Y |
|
|
|
| If the bitmasks specified in both the datalink and network addresses are not supported then OFPBMC_BAD_DL_ADDR_MASK should be used. | Y | Y | Y | Y |
|
|
|
| If any action references a port that will never be valid on a switch, the switch must return an ofp_error_msg with OFPET_BAD_ACTION type and OFPBAC_BAD_OUT_PORT code. | Y | Y | Y | Y |
|
|
|
| If the referenced port may be valid in the future, e.g. when a linecard is added to a chassis switch, or a port is dynamically added to a software switch, the switch may either silently drop packets sent to the referenced port, or immediately return an OFPBAC_BAD_OUT_PORT error and refuse the flow mod. | Y | Y | Y | Y |
|
|
|
| If an action list contain a sequence of actions that the switch can not support in the specified order, the switch should return an ofp_error_msg with OFPET_BAD_ACTION type and OFPBAC_UNSUPPORTED_ORDER code. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
6.8 | Flow Removal | Switch flow expiry mechanism | Is run by the switch independently of the controller and is based on the state and configuration of flow entries. | Y | Y | Y | Y |
|
|
|
| A non-zero hard_timeout field causes the flow entry to be removed after the given number of seconds, regardless of how many packets it has matched. | Y | Y | Y | Y |
|
|
|
| A non-zero idle_timeout field causes the flow entry to be removed when it has matched no packets in the givennumber of seconds. | Y | Y | Y | Y |
|
|
|
| The switch must implement flow expiry and remove flow entries from the flow table when one of their timeout is exceeded. | Y | Y | Y | Y |
|
|
|
| When a flow entry is removed, the switch must check the flow entry's OFPFF_SEND_FLOW_REM flag. If this flag is set, the switch must send a flow removed message to the controller. | Y | Y | Y | Y |
|
|
|
| Each flow removed message contains a complete description of the flow entry, the reason for removal (expiry or delete), the flow entry duration at the time of removal, and the flow statistics at time of removal. | Y | Y | Y | Y |
|
6.9 | Group Table Modification Messages | OFPGC_ADD | Groups may consist of zero or more buckets. | Y | Y | Y | Y |
|
|
|
| A group may also include buckets which themselves forward to other groups if the switch supports it. | Y | Y | Y | Y |
|
|
|
| The action set for each bucket must be validated using the same rules as those for flow mods (Section 6.7), with additional group-specific checks. | Y | Y | Y | Y |
|
|
|
| If an action in one of the buckets is invalid or unsupported, the switch should return an ofp_error_msg with OFPET_BAD_ACTION type and code corresponding to the error. | Y | Y | Y | Y |
|
|
|
| If a group entry with the specified group identifier already resides in the group table, then the switch must refuse to add the group entry and must send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and OFPGMFC_GROUP_EXISTS code. | Y | Y | Y | Y |
|
|
|
| If a specified group type is invalid then the switch must refuse to add the group entry and must send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and OFPGMFC_INVALID_GROUP code. | Y | Y | Y | Y |
|
|
|
| If a switch does not support unequal load sharing with select groups (buckets with weight different than 1), it must refuse to add the group entry and must send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and OFPGMFC_WEIGHT_UNSUPPORTED code. | Y | Y | Y | Y |
|
|
|
| If a switch cannot add the incoming group entry due to lack of space, the switch must send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and OFPGMFC_OUT_OF_GROUPS code. | Y | Y | Y | Y |
|
|
|
| If a switch cannot add the incoming group entry due to restrictions (hardware or otherwise) limiting the number of group buckets, it must refuse to add the group entry and must send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and OFPGMFC_OUT_OF_BUCKETS code. | Y | Y | Y | Y |
|
|
|
| If a switch cannot add the incoming group because it does not support the proposed liveliness configuration, the switch must send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and OFPGMFC_WATCH_UNSUPPORTED code. | N | N | N | N |
|
|
| OFPGC_MODIFY | if a group entry with the specified group identifier already resides in the group table, then that entry, including its type and action buckets, must be removed, and the new group entry added. | Y | Y | Y | Y |
|
|
|
| If a group entry with the specified group identifier does not already exist then the switch must refuse the group mod and send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and OFPGMFC_UNKNOWN_GROUP code | Y | Y | Y | Y |
|
|
| OFPGC_DELETE | If no group entry with the specified group identifier currentlyexists in the group table, no error is recorded, and no group table modification occurs | Y | Y | Y | Y |
|
|
|
| To delete all groups with a single message, specify OFPG_ALL as the group value | Y | Y | Y | Y |
|
|
| Groups | Groups may be chained if the switch supports it, when at least one group forward to another group, or in more complex configuration | Y | Y | Y | Y |
|
|
|
| If a switch does not support groups of groups, it must send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and OFPGMFC_CHAINING_UNSUPPORTED code. | Y | Y | Y | Y |
|
|
|
| A switch may support checking that no loop is created while chaining groups. | Y | Y | Y | Y |
|
|
|
| If a group mod is sent such that a forwarding loop would be created, the switch must reject the group mod and must send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and OFPGMFC_LOOP code. | Y | Y | Y | Y |
|
|
|
| A switch may support checking that groups forwarded to by other groups are not removed. | N | N | N | N |
|
|
|
| If a switch cannot delete a group because it is referenced by another group, it must refuse to delete the group entry and must send an ofp_error_msg with OFPET_GROUP_MOD_FAILED type and OFPGMFC_CHAINED_GROUP code. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A | Appendix A The OpenFlow Protocol |
|
|
|
|
|
|
|
A.2.1 | Port Structures | Port_no field uniquely identifies a port within a switch | Ports are numbered starting from 1. | Y | Y | Y | Y |
|
|
| Name field is a null-terminated string containing a human-readable name for the interface |
| Y | Y | Y | Y |
|
|
| Port administrative settings support the following states | The OFPPC_PORT_DOWN bit indicates that the port has been administratively brought down and should not be used by OpenFlow. | Y | Y | Y | Y |
|
|
|
| The OFPPC_NO_RECV bit indicates that packets received on that port shouldbe ignored. | Y | Y | Y | Y |
|
|
|
| The OFPPC_NO_FWD bit indicates that OpenFlow should not send packets to that port. | Y | Y | Y | Y |
|
|
|
| The OFPPC_NO_FWD bit indicates that OpenFlow should not send packets to that port. | Y | Y | Y | Y |
|
|
|
| The OFPPFL_NO_PACKET_IN bit indicates that packets on that port that generate a table miss should never trigger a packet-in message to the controller | Y | Y | Y | Y |
|
|
|
| The port config bits are set by the controller and not changed by the switch. |
|
|
|
|
|
|
|
| If the port config bits are changed by the switch through another administrative interface, the switch sends an OFPT_PORT_STATUS message to notify the controller of the change. | Y | Y | Y | Y |
|
|
| State field describes the port internal state that supports the following states | OFPPS_LINK_DOWN bit indicates the physical link is not present. | Y | Y | Y | Y |
|
|
|
| The OFPPS_BLOCKED bit indicates that a switch protocol outside of OpenFlow, such as 802.1D Spanning Tree, is preventing the use of that port with OFPP_FLOOD. | Y | Y | Y | Y |
|
|
|
| OFPPS_LIVE indicates Live for Fast Failover Group. | N | N | N | N |
|
|
|
| All port state bits are read-only and cannot be changed by the controller. | Y | Y | Y | Y |
|
|
|
| When the port flags are changed, the switch sends an OFPT_PORT_STATUS message to notify the controller of the change. | Y | Y | Y | Y |
|
|
| Curr, advertised, supported, and peer fields indicate link modes (speed and duplexity), link type (copper/fiber) and link features (auto negotiation and pause) |
| Y | Y | Y | Y |
|
|
| Curr_speed and max_speed fields indicate the current and maximum bit rate (raw transmission speed) of the link in kbps |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.2.2 | Queue Structures | QoS (DSCP & Q mapping?) | An OpenFlow switch provides limited Quality-of-Service support (QoS) through a simple queuing mechanism. One (or more) queues can attach to a port and be used to map flows on it. Flows mapped to a specific queue will be treated according to that queue's configuration. | Y | Y | Y | Y |
|
A.2.3 | Flow Match Structures | OpenFlow match is composed of a flow match header and a sequence of zero or more flow match fields | The only valid match type in this specification is OFPMT_OXM, the OpenFlow 1.1 match type OFPMT_STANDARD is deprecated. | Y | Y | Y | Y |
|
|
|
| The flow match fields are described using the OpenFlow Extensible Match (OXM) format. | Y | Y | Y | Y |
|
|
| OpenFlow specification distinguishes two types of OXM match classes | ONF member classes. |
|
|
|
|
|
|
|
| ONF reserved classes. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Flow Match Fields |
|
|
|
|
|
|
|
| OXM_OF_IN_PORT | /* Switch input port. */ | Y | Y | Y | Y |
|
|
| OXM_OF_IN_PHY_PORT | /* Switch physical input port. */ | Y | Y | Y | Y |
|
|
| OXM_OF_METADATA | /* Metadata passed between tables. */ | N | N | N | N |
|
|
| OXM_OF_ETH_DST | /* Ethernet destination address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_ETH_SRC | /* Ethernet source address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_ETH_TYPE | /* Ethernet frame type. */ | Y | Y | Y | Y |
|
|
| OXM_OF_VLAN_VID | /* VLAN id. */ | Y | Y | Y | Y |
|
|
| OXM_OF_VLAN_PCP | /* VLAN priority. */ | Y | Y | Y | Y |
|
|
| OXM_OF_IP_DSCP | /* IP DSCP (6 bits in ToS field). */ | Y | Y | Y | Y |
|
|
| OXM_OF_IP_ECN | /* IP ECN (2 bits in ToS field). */ | N | N | N | N |
|
|
| OXM_OF_IP_PROTO | /* IP protocol. */ | Y | Y | Y | Y |
|
|
| OXM_OF_IPV4_SRC | /* IPv4 source address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_IPV4_DST | /* IPv4 destination address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_TCP_SRC | /* TCP source port. */ | Y | Y | Y | Y |
|
|
| OXM_OF_TCP_DST | /* TCP destination port. */ | Y | Y | Y | Y |
|
|
| OXM_OF_UDP_SRC | /* UDP source port. */ | Y | Y | Y | Y |
|
|
| OXM_OF_UDP_DST | /* UDP destination port. */ | Y | Y | Y | Y |
|
|
| OXM_OF_SCTP_SRC | /* SCTP source port. */ | N | N | N | N |
|
|
| OXM_OF_SCTP_DST | /* SCTP destination port. */ | N | N | N | N |
|
|
| OXM_OF_ICMPV4_TYPE | /* ICMP type. */ | N | N | N | N |
|
|
| OXM_OF_ICMPV4_CODE | /* ICMP code. */ | N | N | N | N |
|
|
| OXM_OF_ARP_OP | /* ARP opcode. */ | Y | Y | Y | N | All ARP matches are supported via software |
|
| OXM_OF_ARP_SPA | /* ARP source IPv4 address. */ | Y | Y | Y | N |
|
|
| OXM_OF_ARP_TPA | /* ARP target IPv4 address. */ | Y | Y | Y | N |
|
|
| OXM_OF_ARP_SHA | /* ARP source hardware address. */ | Y | Y | Y | N |
|
|
| OXM_OF_ARP_THA | /* ARP target hardware address. */ | Y | Y | Y | N |
|
|
| OXM_OF_IPV6_SRC | /* IPv6 source address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_IPV6_DST | /* IPv6 destination address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_IPV6_FLABEL | /* IPv6 Flow Label */ | N | N | N | N |
|
|
| OXM_OF_ICMPV6_TYPE | /* ICMPv6 type. */ | N | N | N | N |
|
|
| OXM_OF_ICMPV6_CODE | /* ICMPv6 code. */ | N | N | N | N |
|
|
| OXM_OF_IPV6_ND_TARGET | /* Target address for ND. */ | N | N | N | N |
|
|
| OXM_OF_IPV6_ND_SLL | /* Source link-layer for ND. */ | N | N | N | N |
|
|
| OXM_OF_IPV6_ND_TLL | /* Target link-layer for ND. */ | N | N | N | N |
|
|
| OXM_OF_MPLS_LABEL | /* MPLS label. */ | Y | Y | Y | Y |
|
|
| OXM_OF_MPLS_TC | /* MPLS TC. */ | N | N | N | N |
|
|
|
|
|
|
|
|
|
|
|
| Required match fields |
|
|
|
|
|
|
|
| OXM_OF_IN_PORT | Ingress port. This may be a physical or switch-defined logical port. | Y | Y | Y | Y |
|
|
| OXM_OF_ETH_DST | Ethernet source address. Can use arbitrary bitmask. | Y | Y | Y | Y |
|
|
| OXM_OF_ETH_SRC | Ethernet destination address. Can use arbitrary bitmask. | Y | Y | Y | Y |
|
|
| OXM_OF_ETH_TYPE | Ethernet type of the OpenFlow packet payload, after VLAN tags. | Y | Y | Y | Y |
|
|
| OXM_OF_IP_PROTO | IPv4 or IPv6 protocol number. | Y | Y | Y | Y |
|
|
| OXM_OF_IPV4_SRC | IPv4 source address. Can use subnet mask or arbitrary bitmask. | Y | Y | Y | Y |
|
|
| OXM_OF_IPV4_DST | IPv4 destination address. Can use subnet mask or arbitrary bitmask. | Y | Y | Y | Y |
|
|
| OXM_OF_IPV6_SRC | IPv6 source address. Can use subnet mask or arbitrary bitmask. | Y | Y | Y | Y |
|
|
| OXM_OF_IPV6_DST | IPv6 destination address. Can use subnet mask or arbitrary bitmask. | Y | Y | Y | Y |
|
|
| OXM_OF_TCP_SRC | TCP source port. | Y | Y | Y | Y |
|
|
| OXM_OF_TCP_DST | TCP destination port. | Y | Y | Y | Y |
|
|
| OXM_OF_UDP_SRC | UDP source port. | Y | Y | Y | Y |
|
|
| OXM_OF_UDP_DST | UDP destination port. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.2.4 | Flow Instruction Structures | See Section 5.6 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A.2.5 | Action Structures | A number of actions may be associated with flows, groups or packets. The currently defined action types are |
|
|
|
|
|
|
|
| OFPAT_OUTPUT = 0, | /* Output to switch port. */ | Y | Y | Y | Y |
|
|
| OFPAT_COPY_TTL_OUT = 11, | /* Copy TTL "outwards" – from next-to-outermost to outermost */ | N | N | N | N |
|
|
| OFPAT_COPY_TTL_IN = 12, | /* Copy TTL "inwards" – from outermost to next-to-outermost */ | N | N | N | N |
|
|
| OFPAT_SET_MPLS_TTL = 15, | /* MPLS TTL */ | Y | Y | Y | Y |
|
|
| OFPAT_DEC_MPLS_TTL = 16, | /* Decrement MPLS TTL */ | Y | Y | Y | Y |
|
|
| OFPAT_PUSH_VLAN = 17, | /* Push a new VLAN tag */ | N | N | Y | N |
|
|
| OFPAT_POP_VLAN = 18, | /* Pop the outer VLAN tag */ | N | N | Y | N |
|
|
| OFPAT_PUSH_MPLS = 19, | /* Push a new MPLS tag */ | Y | Y | Y | Y |
|
|
| OFPAT_POP_MPLS = 20, | /* Pop the outer MPLS tag */ | Y | Y | Y | Y |
|
|
| OFPAT_SET_QUEUE = 21, | /* Set queue id when outputting to a port */ | Y | Y | Y | Y |
|
|
| OFPAT_GROUP = 22, | /* Apply group. */ | Y | Y | Y | Y |
|
|
| OFPAT_SET_NW_TTL = 23, | /* IP TTL. */ | N | N | N | N |
|
|
| OFPAT_DEC_NW_TTL = 24, | /* Decrement IP TTL. */ | N | N | N | N |
|
|
| OFPAT_SET_FIELD = 25, | /* Set a header field using OXM TLV format. */ | Y | Y | Y | Y |
|
|
| OFPAT_EXPERIMENTER = 0xffff |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
|
| The type of a set-field action can be any valid OXM header type | OXM types OFPXMT_OFB_IN_PORT and OFPXMT_OFB_METADATA are not supported, because those are not header fields. |
|
|
|
|
|
|
| OXM_OF_IN_PHY_PORT | /* Switch physical input port. */ | N | N | N | N |
|
|
| OXM_OF_ETH_DST | /* Ethernet destination address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_ETH_SRC | /* Ethernet source address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_ETH_TYPE | /* Ethernet frame type. */ | Y | Y | Y | Y |
|
|
| OXM_OF_VLAN_VID | /* VLAN id. */ | Y | Y | Y | Y |
|
|
| OXM_OF_VLAN_PCP | /* VLAN priority. */ | Y | Y | Y | Y |
|
|
| OXM_OF_IP_DSCP | /* IP DSCP (6 bits in ToS field). */ | Y | Y | Y | Y |
|
|
| OXM_OF_IP_ECN | /* IP ECN (2 bits in ToS field). */ | N | N | N | N |
|
|
| OXM_OF_IP_PROTO | /* IP protocol. */ | N | N | N | N |
|
|
| OXM_OF_IPV4_SRC | /* IPv4 source address. */ | N | N | N | N |
|
|
| OXM_OF_IPV4_DST | /* IPv4 destination address. */ | N | N | N | N |
|
|
| OXM_OF_TCP_SRC | /* TCP source port. */ | N | N | N | N |
|
|
| OXM_OF_TCP_DST | /* TCP destination port. */ | N | N | N | N |
|
|
| OXM_OF_UDP_SRC | /* UDP source port. */ | N | N | N | N |
|
|
| OXM_OF_UDP_DST | /* UDP destination port. */ | N | N | N | N |
|
|
| OXM_OF_SCTP_SRC | /* SCTP source port. */ | N | N | N | N |
|
|
| OXM_OF_SCTP_DST | /* SCTP destination port. */ | N | N | N | N |
|
|
| OXM_OF_ICMPV4_TYPE | /* ICMP type. */ | N | N | N | N |
|
|
| OXM_OF_ICMPV4_CODE | /* ICMP code. */ | N | N | N | N |
|
|
| OXM_OF_ARP_OP | /* ARP opcode. */ | Y | Y | Y | Y |
|
|
| OXM_OF_ARP_SPA | /* ARP source IPv4 address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_ARP_TPA | /* ARP target IPv4 address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_ARP_SHA | /* ARP source hardware address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_ARP_THA | /* ARP target hardware address. */ | Y | Y | Y | Y |
|
|
| OXM_OF_IPV6_SRC | /* IPv6 source address. */ | N | N | N | N |
|
|
| OXM_OF_IPV6_DST | /* IPv6 destination address. */ | N | N | N | N |
|
|
| OXM_OF_IPV6_FLABEL | /* IPv6 Flow Label */ | N | N | N | N |
|
|
| OXM_OF_ICMPV6_TYPE | /* ICMPv6 type. */ | N | N | N | N |
|
|
| OXM_OF_ICMPV6_CODE | /* ICMPv6 code. */ | N | N | N | N |
|
|
| OXM_OF_IPV6_ND_TARGET | /* Target address for ND. */ | N | N | N | N |
|
|
| OXM_OF_IPV6_ND_SLL | /* Source link-layer for ND. */ | N | N | N | N |
|
|
| OXM_OF_IPV6_ND_TLL | /* Target link-layer for ND. */ | N | N | N | N |
|
|
| OXM_OF_MPLS_LABEL | /* MPLS label. */ | Y | Y | Y | Y |
|
|
| OXM_OF_MPLS_TC | /* MPLS TC. */ | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.3 | Controller-to-Switch Messages |
|
|
|
|
|
|
|
A.3.1 | Handshake | Datapath_id | The datapath_id field uniquely identifies a datapath. The lower 48 bits are intended for the switch MAC address, while the top 16 bits are up to the implementer. | Y | Y | Y | Y |
|
|
|
| Use datapath_id to distinguish multiple virtual switch instances on a single physical switch. | Y | Y | Y | Y |
|
|
| Capabilities supported by the datapath | OFPC_FLOW_STATS = 1 << 0, /* Flow statistics. */ | Y | Y | Y | Y |
|
|
|
| OFPC_TABLE_STATS = 1 << 1, /* Table statistics. */ | Y | Y | Y | Y |
|
|
|
| OFPC_PORT_STATS = 1 << 2, /* Port statistics. */ | Y | Y | Y | Y |
|
|
|
| OFPC_GROUP_STATS = 1 << 3, /* Group statistics. */ | Y | Y | Y | Y |
|
|
|
| OFPC_IP_REASM = 1 << 5, /* Can reassemble IP fragments. */ | N | N | N | N |
|
|
|
| OFPC_QUEUE_STATS = 1 << 6, /* Queue statistics. */ | N | N | N | N |
|
|
|
| OFPC_PORT_BLOCKED = 1 << 8 /* Switch will block looping ports. */ | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.3.2 | Switch Configuration | Controller is able to set and query configuration parameters in the switch with the OFPT_SET_CONFIG and OFPT_GET_CONFIG_REQUEST messages, respectively |
| Y | Y | Y | Y |
|
|
| OFPC_* flags | /* Handling of IP fragments. /OFPC_FRAG_NORMAL = 0, / No special handling for fragments. */ | Y | Y | Y | Y |
|
|
|
| OFPC_FRAG_DROP = 1 << 0, /* Drop fragments. */ | N | N | N | N |
|
|
|
| OFPC_FRAG_REASM = 1 << 1, /* Reassemble (only if OFPC_IP_REASM set). */ | N | N | N | N |
|
|
|
| OFPC_FRAG_MASK = 3, | N | N | N | N |
|
|
|
| /* TTL processing - applicable for IP and MPLS packets /OFPC_INVALID_TTL_TO_CONTROLLER = 1 << 2, / Send packets with invalid TTL to the controller */ | N | N | N | N |
|
|
| Miss_send_len | Defines the number of bytes of each packet sent to the controller as a result of flow table miss when configured to generate packet-in messages. | Y | Y | Y | Y |
|
|
|
| If this field equals 0, the switch must send zero bytes of the packet in the ofp_packet_in message. | Y | Y | Y | Y |
|
|
|
| If the value is set to OFPCML_NO_BUFFER the complete packet must be included in the message, and should not be buffered. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.3.3 | Flow Table Configuration | Flow tables are numbered from 0 and can take any number until OFPTT_MAX | OFPTT_MAX = 0xfe | Y | Y | Y | Y |
|
|
| Controller can configure and query table state in the switch with the OFP_TABLE_MOD and OFPST_TABLE_STATS requests, respectively | The switch responds to a table stats request with aOFPT_STATS_REPLY message. | Y | Y | Y | Y |
|
|
| OFP_TABLE_MOD | If the table_id is OFPTT_ALL, the configuration is applied to all tables in the switch. | Y | Y | Y | Y |
|
|
| Config field is a bitmap that is used to configure the default behavior of unmatched packets | OFPTC_TABLE_MISS_CONTROLLER = 0, /* Send to controller. */ | Y | Y | Y | Y |
|
|
|
| OFPTC_TABLE_MISS_CONTINUE = 1 << 0, /* Continue to the next table in the pipeline (OpenFlow 1.0 behavior). */ | Y | Y | Y | Y |
|
|
|
| OFPTC_TABLE_MISS_DROP = 1 << 1, /* Drop the packet. */ | Y | Y | Y | Y |
|
|
|
| OFPTC_TABLE_MISS_MASK = 3 | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.3.4 | Modify State Messages | Modifications to a flow table from the controller are done with the OFPT_FLOW_MOD message |
| Y | Y | Y | Y |
|
|
| Modifications to the group table from the controller are done with the OFPT_GROUP_MOD message |
| Y | Y | Y | Y |
|
|
| The controller uses the OFPT_PORT_MOD message to modify the behavior of the port |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.3.5 | Read State Messages | While the system is running, the datapath may be queried about its current state using the OFPT_STATS_REQUEST message | /* Description of this OpenFlow switch.* The request body is empty.* The reply body is struct ofp_desc_stats. /OFPST_DESC = 0, / Body of reply to OFPST_DESC request. Each entry is a NULL- terminated ASCII string. /struct ofp_desc_stats {char mfr_desc[DESC_STR_LEN]; / Manufacturer description. /char hw_desc[DESC_STR_LEN]; / Hardware description. /char sw_desc[DESC_STR_LEN]; / Software description. /char serial_num[SERIAL_NUM_LEN]; / Serial number. /char dp_desc[DESC_STR_LEN]; / Human readable description of datapath. */}; | Y | Y | Y | Y |
|
|
|
| /* Individual flow statistics. The request body is struct ofp_flow_stats_request. The reply body is an array of struct ofp_flow_stats. /OFPST_FLOW = 1, / Body of reply to OFPST_FLOW request. /struct ofp_flow_stats {uint16_t length; / Length of this entry. /uint8_t table_id; / ID of table flow came from. /uint8_t pad;uint32_t duration_sec; / Time flow has been alive in seconds. /uint32_t duration_nsec; / Time flow has been alive in nanoseconds beyondduration_sec. /uint16_t priority; / Priority of the entry. /uint16_t idle_timeout; / Number of seconds idle before expiration. /uint16_t hard_timeout; / Number of seconds before expiration. /uint8_t pad2[6]; / Align to 64-bits. /uint64_t cookie; / Opaque controller-issued identifier. /uint64_t packet_count; / Number of packets in flow. /uint64_t byte_count; / Number of bytes in flow. /struct ofp_match match; / Description of fields. Variable size. ///struct ofp_instruction instructions[0]; / Instruction set. */}; | Y | Y | Y | Y |
|
|
|
| /* Aggregate flow statistics. The request body is struct ofp_aggregate_stats_request. The reply body is struct ofp_aggregate_stats_reply. /OFPST_AGGREGATE = 2, / Body of reply to OFPST_AGGREGATE request. /struct ofp_aggregate_stats_reply {uint64_t packet_count; / Number of packets in flows. /uint64_t byte_count; / Number of bytes in flows. /uint32_t flow_count; / Number of flows. /uint8_t pad[4]; / Align to 64 bits. */}; | Y | Y | Y | Y |
|
|
|
| /* Flow table statistics. The request body is empty. The reply body is an array of struct ofp_table_stats. /OFPST_TABLE = 3, / Body of reply to OFPST_TABLE request. /struct ofp_table_stats {uint8_t table_id; / Identifier of table. Lower numbered tables are consulted first. /uint8_t pad[7]; / Align to 64-bits. /char name[OFP_MAX_TABLE_NAME_LEN];uint64_t match; / Bitmap of (1 << OFPXMT_) that indicate the fields the table can match on. */uint64_t wildcards; / Bitmap of (1 << OFPXMT_) wildcards that are supported by the table. */uint32_t write_actions; / Bitmap of OFPAT_* that are supported by the table with OFPIT_WRITE_ACTIONS. /uint32_t apply_actions; / Bitmap of OFPAT_* that are supported by the table with OFPIT_APPLY_ACTIONS. /uint64_t write_setfields;/ Bitmap of (1 << OFPXMT_) header fields that can be set with OFPIT_WRITE_ACTIONS. */uint64_t apply_setfields;/ Bitmap of (1 << OFPXMT_) header fields that can be set with OFPIT_APPLY_ACTIONS. */uint64_t metadata_match; / Bits of metadata table can match. /uint64_t metadata_write; / Bits of metadata table can write. /uint32_t instructions; / Bitmap of OFPIT_* values supported. /uint32_t config; / Bitmap of OFPTC_* values /uint32_t max_entries; / Max number of entries supported. /uint32_t active_count; / Number of active entries. /uint64_t lookup_count; / Number of packets looked up in table. /uint64_t matched_count; / Number of packets that hit table. */}; | Y | Y | Y | Y |
|
|
|
| /* Port statistics. The request body is struct ofp_port_stats_request. The reply body is an array of struct ofp_port_stats. /OFPST_PORT = 4, / Body of reply to OFPST_PORT request. If a counter is unsupported, set the field to all ones. /struct ofp_port_stats {uint32_t port_no;uint8_t pad[4]; / Align to 64-bits. /uint64_t rx_packets; / Number of received packets. /uint64_t tx_packets; / Number of transmitted packets. /uint64_t rx_bytes; / Number of received bytes. /uint64_t tx_bytes; / Number of transmitted bytes. /uint64_t rx_dropped; / Number of packets dropped by RX. /uint64_t tx_dropped; / Number of packets dropped by TX. /uint64_t rx_errors; / Number of receive errors. This is a super-set of more specific receive errors and should be greater than or equal to the sum of all rx_err values. */uint64_t tx_errors; / Number of transmit errors. This is a super-set of more specific transmit errors and should be greater than or equal to the sum of all tx_err values (none currently defined.) */uint64_t rx_frame_err; / Number of frame alignment errors. /uint64_t rx_over_err; / Number of packets with RX overrun. /uint64_t rx_crc_err; / Number of CRC errors. /uint64_t collisions; / Number of collisions. */}; | Y | Y | Y | Y |
|
|
|
| /* Queue statistics for a port The request body is struct ofp_queue_stats_request. The reply body is an array of struct ofp_queue_stats /OFPST_QUEUE = 5, The body of the reply consists of an array of the following structure:struct ofp_queue_stats {uint32_t port_no;uint32_t queue_id; / Queue i.d /uint64_t tx_bytes; / Number of transmitted bytes. /uint64_t tx_packets; / Number of transmitted packets. /uint64_t tx_errors; / Number of packets dropped due to overrun. */}; | N | N | N | N |
|
|
|
| /* Group features. The request body is empty. The reply body is struct ofp_group_features_stats. /OFPST_GROUP_FEATURES = 8, / Body of reply to OFPST_GROUP_FEATURES request. Group features. /struct ofp_group_features_stats {uint32_t types; / Bitmap of OFPGT_* values supported. /uint32_t capabilities; / Bitmap of OFPGFC_* capability supported. /uint32_t max_groups[4]; / Maximum number of groups for each type. /uint32_t actions[4]; / Bitmaps of OFPAT_* that are supported. */}; | Y | Y | Y | Y |
|
|
|
| /* Experimenter extension. The request and reply bodies begin with* struct ofp_experimenter_stats_header. The request and reply bodies are otherwise experimenter-defined. /OFPST_EXPERIMENTER = 0xffff / Body for ofp_stats_request/reply of type OFPST_EXPERIMENTER. /struct ofp_experimenter_stats_header {uint32_t experimenter; / Experimenter ID which takes the same form as in struct ofp_experimenter_header. /uint32_t exp_type; / Experimenter defined. // Experimenter-defined arbitrary additional data. */}; | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.3.6 | Queue Configuration Messages | Queue configuration takes place outside the OpenFlow protocol, either through a command line tool | CLI support | Y | Y | Y | Y |
|
|
| The switch replies back with an ofp_queue_get_config_reply command, containing a list of configured queues | /* Queue configuration for a given port. /struct ofp_queue_get_config_reply {struct ofp_header header;uint32_t port;uint8_t pad[4];struct ofp_packet_queue queues[0]; / List of configured queues. */}; | N | N | Y | N |
|
|
|
|
|
|
|
|
|
|
A.3.7 | Packet-Out Message | When the controller wishes to send a packet out through the datapath, it uses the OFPT_PACKET_OUT message |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.3.8 | Barrier Message | When the controller wants to ensure message dependencies have been met or wants to receive notifications for completed operations, it may use an OFPT_BARRIER_REQUEST message | Upon receipt, the switch must finish processing all previously-received messages, including sending corresponding reply or error messages, before executing any messages beyond the Barrier RequestRequest. When such processing is complete, the switch must send an OFPT_BARRIER_REPLY message with the xid of the original request. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.3.9 | Role Request Message | When the controller wants to change its role, it uses the OFPT_ROLE_REQUEST message and can have the following values | OFPCR_ROLE_NOCHANGE = 0, /* Don't change current role. */ | Y | Y | Y | Y |
|
|
|
| OFPCR_ROLE_EQUAL = 1, /* Default role, full access. */ | Y | Y | Y | Y |
|
|
|
| OFPCR_ROLE_MASTER = 2, /* Full access, at most one master. */ | Y | Y | Y | Y |
|
|
|
| OFPCR_ROLE_SLAVE = 3, /* Read-only access. * | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.4 | Asynchronous Messages |
|
|
|
|
|
|
|
A.4.1 | Packet-In Message | Switches that implement buffering are expected to expose, through documentation, both the amount of available buffering, and the length of time before buffers may be reused | A switch should prevent a buffer from being reused until it has been handled by the controller, or some amount of time (indicated in documentation) has passed. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.4.2 | Flow Removed Message | If the controller has requested to be notified when flows time out or are deleted from tables, the datapath does this with the OFPT_FLOW_REMOVED message | The reason field is one of the following:OFPRR_IDLE_TIMEOUT = 0, /* Flow idle time exceeded idle_timeout. /OFPRR_HARD_TIMEOUT = 1, / Time exceeded hard_timeout. /OFPRR_DELETE = 2, / Evicted by a DELETE flow mod. /OFPRR_GROUP_DELETE = 3, / Group was removed. */ | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.4.3 | Port Status Message | As ports are added, modified, and removed from the datapath, the controller needs to be informed with the OFPT_PORT_STATUS message | The status can be one of the following values:OFPPR_ADD = 0, /* The port was added. /OFPPR_DELETE = 1, / The port was removed. /OFPPR_MODIFY = 2, / Some attribute of the port has changed. */ | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.4.4 | Error Message | There are times that the switch needs to notify the controller of a problem. This is done with the OFPT_ERROR_MSG message | Currently defined error types are:OFPET_HELLO_FAILED = 0, /* Hello protocol failed. /OFPET_BAD_REQUEST = 1, / Request was not understood. /OFPET_BAD_ACTION = 2, / Error in action description. /OFPET_BAD_INSTRUCTION = 3, / Error in instruction list. /OFPET_BAD_MATCH = 4, / Error in match. /OFPET_FLOW_MOD_FAILED = 5, / Problem modifying flow entry. /OFPET_GROUP_MOD_FAILED = 6, / Problem modifying group entry. /OFPET_PORT_MOD_FAILED = 7, / Port mod request failed. /OFPET_TABLE_MOD_FAILED = 8, / Table mod request failed. /OFPET_QUEUE_OP_FAILED = 9, / Queue operation failed. /OFPET_SWITCH_CONFIG_FAILED = 10, / Switch config request failed. /OFPET_ROLE_REQUEST_FAILED = 11, / Controller Role request failed. /OFPET_EXPERIMENTER = 0xffff / Experimenter error messages. */ | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
A.5 | Symmetric Messages | See Section 6.1.3 |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
B | Appendix B Release Notes |
|
|
|
|
|
|
|
B.6.6 | Vendor Extensions | Vendors are now able to add their own extensions, while still being OpenFlow compliant. The primary way to do this is with the new OFPT_VENDOR message type |
| N | N | N | N |
|
|
|
|
|
|
|
|
|
|
B.6.8 | 802.1D Spanning Tree | A switch that implements STP must set the new OFPC_STP bit in the 'capabilities' field of its OFPT_FEATURES_REPLY message. | A switch that implements STP at all must make it available on all of its physical ports, but it need not implement it on virtual ports (e.g. OFPP_LOCAL) | Y | Y | Y | Y |
|
|
|
| The complete set of port configuration flags are:OFPPC_PORT_DOWN = 1 << 0, /* Port is administratively down. /OFPPC_NO_STP = 1 << 1, / Disable 802.1D spanning tree on port. /OFPPC_NO_RECV = 1 << 2, / Drop most packets received on port. /OFPPC_NO_RECV_STP = 1 << 3, / Drop received 802.1D STP packets. /OFPPC_NO_FLOOD = 1 << 4, / Do not include this port when flooding. /OFPPC_NO_FWD = 1 << 5, / Drop packets forwarded to port. /OFPPC_NO_PACKET_IN = 1 << 6 / Do not send packet-in msgs for port. */ | Y | Y | Y | Y |
|
|
| Packets received on ports that are disabled by spanning tree must follow the normal flow table processing path |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
B.6.21 | Behavior Defined When Controller Connection Lost | In the case that the switch loses contact with the controller, the default behavior must be to do nothing - to let flows timeout naturally. Other behaviors can be implemented via vendor-specific command line interface or vendor extension OpenFlow messages | Default behavior supported. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
B.7.1 | Failover | Switch can be configured with a list of controllers. If the first controller fails, it will automatically switch over to the second controller on the list |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
B.7.2 | Emergency Flow Cache | The protocol and reference implementation have been extended to allow insertion and management of emergency flow entries. Emergency-specific flow entries are inactive until a switch loses connectivity from the controller | The switch invalidates all normal flow table entries and copies all emergency flows into the normal flow table. Upon connecting to a controller again, all entries in the flow cache stay active. The controller then has the option of resetting the flow cache if needed. | N | N | N | N |
|
|
|
|
|
|
|
|
|
|
B.7.9 | Rewrite DSCP in IP ToS header | Added Flow action to rewrite the DiffServ CodePoint bits part of the IP ToS field in the IP header. | This enables basic support for basic QoS with OpenFlow in in some switches. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
B.8.1 | Slicing | OpenFlow now supports multiple queues per output port. Queues support the ability to provide minimum bandwidth guarantees | The bandwidth allocated to each queue is configurable. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
B.9 | OpenFlow version 1.1 |
|
|
|
|
|
|
|
B.9.1 | Multiple Tables | The switch now expose a pipeline with multiple tables. |
| Y | Y | Y | Y |
|
|
| Flow entry have instruction to control pipeline processing |
| Y | Y | Y | Y |
|
|
| Controller can choose packet traversal of tables via goto instruction |
| Y | Y | Y | Y |
|
|
| Metadata field (64 bits) can be set and match in tables |
| N | N | N | N |
|
|
| Packet actions can be merged in packet action set |
| N | N | N | N |
|
|
| Packet action set is executed at the end of pipeline |
| Y | Y | Y | Y |
|
|
| Packet actions can be applied between table stages |
| N | N | N | N |
|
|
| Table miss can send to controller, continue to next table or drop | To controller only. | N | N | N | N |
|
|
| Rudimentary table capability and configuration |
| N | N | N | N |
|
|
|
|
|
|
|
|
|
|
B.9.2 | Groups | Group indirection to represent a set of ports |
| Y | Y | Y | Y |
|
|
| Group table with 4 types of groups : | All - used for multicast and flooding. | Y | Y | Y | Y |
|
|
|
| Select - used for multipath. | N | N | Y | Y |
|
|
|
| Indirect - simple indirection. | Y | Y | Y | Y |
|
|
|
| Fast Failover - use first live port. | N | N | Y | Y |
|
|
| Group action to direct a flow to a group |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
B.9.3 | Tags: MPLS & VLAN | Support for VLAN and QinQ, adding, modifying and removing VLAN headers |
| N | N | Y | N |
|
|
| Support for MPLS, adding, modifying and removing MPLS shim headers |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
B.9.4 | Virtual ports | Make port number 32 bits, enable larger number of ports | GRE & LAG | Y | Y | Y | Y | LOCAL, GRE,ALL,FLOOD only |
|
| Enable switch to provide virtual port as OpenFlow ports |
| Y | Y | Y | Y |
|
|
| Augment packet-in to report both virtual and physical ports |
| N | N | Y | N |
|
|
|
|
|
|
|
|
|
|
B.9.5 | Other changes | Remove 802.1d-specific text from spec |
| N | N | N | N |
|
|
| Remove Emergency Flow Cache from spec |
| N | N | N | N |
|
|
| Cookie Enhancements Proposal |
| N | N | N | N |
|
|
| Set queue action (unbundled from output port) |
| N | N | N | N |
|
|
| Maskable DL and NW address match fields |
| Y | Y | Y | Y |
|
|
| Add TTL decrement, set and copy actions for IPv4 and MPLS |
| N | N | N | N |
|
|
| SCTP header matching and rewriting support |
| N | N | N | N |
|
|
| Set ECN action |
| N | N | N | N |
|
|
| Connection interruption trigger fail secure or fail standalone mode |
| Y | Y | Y | Y |
|
|
| Define message handling : no loss, may reorder if no barrier |
| N | N | N | N |
|
|
| Rename VENDOR APIs to EXPERIMENTER APIs |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
B.10 | OpenFlow version 1.2 |
|
|
|
|
|
|
|
B.10.1 | Extensible match support | The Extensible set_field action reuses the OXM encoding defined for matches, and enables to rewrite any header field in a single action (EXT-13) | Deprecate most header rewrite actions. | N | N | N | N |
|
|
|
| Introduce generic set-field action (EXT-13). | N | N | N | N |
|
|
|
| Reuse match TLV structure (OXM) in set-field action. | N | N | N | N |
|
|
|
|
|
|
|
|
|
|
B.10.2 | Extensible 'set field' packet rewriting support | Rather than introduce a hard coded field in the packet-in message, the flexible OXM encoding is used to carry packet context | Reuse match TLV structure (OXM) to describe metadata in packet-in (EXT-6). | N | N | N | N | Layer-2 field supported |
|
|
| Include the 'metadata' field in packet-in. | N | N | N | N |
|
|
|
| Move ingress port and physical port from static field to OXM encoding. | N | N | N | N |
|
|
|
| Allow to optionally include packet header fields in TLV structure. | N | N | N | N |
|
|
|
|
|
|
|
|
|
|
B.10.3 | Extensible context expression in 'packet-in' | Rather than introduce a hard coded field in the packet-in message, the flexible OXM encoding is used to carry packet context | Reuse match TLV structure (OXM) to describe metadata in packet-in (EXT-6). | Y | Y | Y | Y |
|
|
|
| Include the 'metadata' field in packet-in. | Y | Y | Y | Y |
|
|
|
| Move ingress port and physical port from static field to OXM encoding. | Y | Y | Y | Y |
|
|
|
| Allow to optionally include packet header fields in TLV structure. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
B.10.4 | Extensible Error messages via experimenter error type | An experimenter error code has been added, enabling experimenter functionality to generate custom error messages (EXT-2). The format is identical to other experimenter APIs |
| N | N | N | N |
|
|
|
|
|
|
|
|
|
|
B.10.5 | IPv6 support added | Basic support for IPv6 match and header rewrite has been added | Added support for matching on IPv6 source address, destination address, protocol number, traffic class, ICMPv6 type, ICMPv6 code and IPv6 neighbor discovery header fields (EXT-1). | Y | Y | Y | Y | IPv6_SIP + IPv6_DIP; IPv6_SIP + MAC DA + MAC SA; IPv6_DIP + MAC DA + MAC SA; 512 flow for P-3780 & P-3920 |
|
|
| Added support for matching on IPv6 flow label (EXT-36). | N | N | N | N |
|
|
|
|
|
|
|
|
|
|
B.10.6 | Simplified behaviour of flow-mod request | The behaviour of flow-mod request has been simplified (EXT-30) | MODIFY and MODIFY STRICT commands never insert new flows in the table. | N | N | N | N |
|
|
|
| New flag OFPFF RESET COUNTS to control counter reset. | N | N | N | N |
|
|
|
| Remove quirky behaviour for cookie field. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
B.10.7 | Removed packet parsing specification | The match fields are only defined logically | OpenFlow does not mandate how to parse packets. | N | N | N | N |
|
|
|
| Parsing consistency achieved via OXM pre-requisite. | N | N | N | N |
|
|
|
|
|
|
|
|
|
|
B.10.8 | Controller role change mechanism | The controller role change mechanism is a simple mechanism to support multiple controllers for failover (EXT-39) | The switch only need to remember the role of each controller to help the controller election mechanism. | N | N | N | N |
|
|
|
| Simple mechanism to support multiple controllers for failover. | Y | Y | Y | Y |
|
|
|
| Switches may now connect to multiple controllers in parallel. | Y | Y | Y | Y |
|
|
|
| Enable each controller to change its roles to equal, master or slave. | Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
B.10.9 | Other changes | Per-table metadata bitmask capabilities (EXT-34) |
| Y | Y | Y | Y |
|
|
| Rudimentary group capabilities (EXT-61) |
| N | N | N | N |
|
|
| Add hard timeout info in flow-removed messages (OFP-283) |
| Y | Y | Y | Y |
|
|
| Add ability for controller to detect STP support(OFP-285) |
| Y | Y | Y | Y |
|
|
| Turn off packet buffering with OFPCML NO BUFFER (EXT-45) |
| Y | Y | Y | Y |
|
|
| Added ability to query all queues (EXT-15) |
| N | N | N | N |
|
|
| Added experimenter queue property (EXT-16) |
| Y | Y | Y | Y |
|
|
| Added max-rate queue property (EXT-21) |
| Y | Y | Y | Y |
|
|
| Enable deleting flow in all tables (EXT-10) |
| Y | Y | Y | Y |
|
|
| Enable switch to check chaining when deleting groups (EXT-12) |
| N | N | N | N |
|
|
| Enable controller to disable buffering (EXT-45) |
| Y | Y | Y | Y |
|
|
| Virtual ports renamed logical ports (EXT-78) |
| N | N | N | N |
|
|
| New error messages (EXT-1, EXT-2, EXT-12, EXT-13, EXT-39, EXT-74 and EXT-82) |
| Y | Y | Y | Y |
|
|
| Include release notes into the specification document |
| Y | Y | Y | Y |
|
|
| Many other bug fixes, rewording and clarifications |
| Y | Y | Y | Y |
|
|
|
|
|
|
|
|
|
|
| OpenFlow 1.3 |
|
|
|
|
|
|
|
| Per flow meters | Flexible meter framework based on per-flow meters and meter bands. |
|
|
|
|
|
|
|
| Meter statistics, including per band statistics. | 1 band per meter | Y | Y | Y | Y |
|
|
| Enable to attach meters flexibly to flow entries. |
| Y | Y | Y | Y |
|
|
| Simple rate-limiter support (drop packets |
| Y | Y | Y | Y |
|
| Per connection event filtering | Add asynchronous message filter for each controller connection |
| Y | Y | Y | Y |
|
| Per connection event filtering | Add asynchronous message filter for each controller connection |
|
|
|
|
|
|
|
| Set default lter value to match OpenFlow 1.2 behaviour |
| Y | Y | Y | Y |
|
|
| Remove OFPC_INVALID_TTL_TO_CONTROLLER config flag |
|
|
|
|
|
|
| Auxiliary connections | Auxiliary connections are mostly useful to carry packet-in and packet-out messages |
| N | N | N | N |
|
| MPLS BoS matching | match the Bottom of Stack bit (BoS) from the MPLS header (EXT-85). The BoS bit indicates if other MPLS shim header are in the payload of the present MPLS packet, and matching this bit can help to disambiguate case where the MPLS label is present MPLS packet, and matching this bit can help to disambiguate case where the MPLS label is reused across levels of MPLS encapsulation |
| N | N | N | N |
|
| Provider Backbone Bridging tagging | Push and Pop operation to add PBB header as a tag. |
| Y | Y | Y | Y |
|
|
| New OXM field to match I-SID for the PBB header | PBB-MPLS-VLAN order | N | N | N | N |
|
| Rework tag order | the nal order of tags in a packet is dictated by the order of the taggingoperations, each tagging operation adds its tag in the outermost position | Remove defined order of tags in packet from the specification. | N | N | N | N |
|
|
|
| Tags are now always added in the outermost possible position. | Y | Y | Y | Y |
|
|
|
| Action-list can add tags in arbitrary order. | N | N | N | N |
|
|
|
| Tag order is predened for tagging in the action-set. | Y | Y | Y | Y |
|
| Tunnel-ID metadata | A new OXM field that expose to the OpenFlow pipeline metadata associated with the logical port, most commonly the demultiplexing eld from the encapsulation header | If the logical port perform GRE encapsulation, the tunnel-id eld would map to the GRE key field from the GRE header. be able to match the GRE key in the tunnel-id match eld. | N | N | N | N |
|
| Cookies in packet-in |
|
|
|
|
|
|
|
| Duration for stats | Duration field was added to most statistics, including port statistics, group statistics, queue statistics and meter statistics |
| Y | Y | Y | Y |
|
| On demand flow counters | New flow-mod flags have been added to disable packet and byte counters on a per-flow basis |
| N | N | N | N |
|
Copyright © 2024 Pica8 Inc. All Rights Reserved.