OpenFlow1.0學習筆記

Openflow 1.1到1.3 protocol， 内容從56頁擴充到106頁：

openflow 1.1 : http://archive.openflow.org/documents/openflow-spec-v1.1.0.pdf

openflow 1.3: https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.3.0.pdf

1. OpenFlow設計的目的之一是消除二層包的broadcast;

openflow有兩種類型，一種是僅僅支援openflow-only的，另外一種既支援openflow又支援現有傳統網絡協定的openflow-hybrid。

2. Flow Table 

A flow table consists of flow entries: 

Match Fields , Counters , Instructions

match fields: to match against packets. These consist of the ingress port and packet headers, and optionally metadata specified by a previous table

counters: to update for matching packets.  counter 用于更新此entry的包得數量 

instructions : to modify the action set or pipeline processing

The flow tables of an OpenFlow switch are sequentially numbered, starting at 0. Pipeline processing always starts at the first flow table: the packet is first matched against entries of flow table 0. Other flow tables may be used depending on the outcome of the match in the first table.If the packet matches a flow entry in a flow table, the corresponding instruction set is executed (see4.4). The instructions in the flow entry may explicitly direct the packet to another flow table (using theGoto Instruction, see 4.6), where the same process is repeated again. A flow entry can only direct a packet to a flow table number which is greater than its own flow table number, in other words pipeline processing can only go forward and not backward. Obviously, the flow entries of the last table of the pipeline cannot include the Goto instruction. If the matching flow entry does not direct packets to another flow table,pipeline processing stops at this table. When pipeline processing stops, the packet is processed with its associated action set and usually forwarded (see 4.7).If the packet does not match a flow entry in a flow table, this is a table miss. The behavior on table miss depends on the table configuration; the default is to send packets to the controller over the control channel via a packet-in message (see 5.1.2), another options is to drop the packet. A table can also specify that on a table miss the packet processing should continue; in this case the packet is processed by the next sequentially numbered table.

包處理流程要點： 

1. Packet進入switch首先查找的是flow table 0 , 是否進入其他級别flow table 看table處理完後給的action；

2. packet處理過程必須是從flow table 0 繼續往前，不可被rollback到已經處理過的flow table上，是以最後一級的flow table是沒有goto 語句；

3 Group table. 

group table 組成的group entries 可以讓帶有group enable 的flow以另外一種更加有效快速的方式forwarding..., group entry 包含以下四個部分：

Group Identify: 32bit 無符号整數，唯一确定某個group

Group type: 決定group執行的文法類型；

counter: 計數被執行該group的包的個數

action bucket: 一個按順序執行的bucket ；

其中， group type有四種類型：(bucket翻譯成中文真不好聽，也不通俗，直接用bucket了。)

ALL: 每個包都将執行行動集中所有的操作，這個主要用來多點傳播或者廣播。

select： 根據某一種算法，比如：round-robin,或者其他選擇算法，選擇一個bucket來執行轉發，這個的好處是當一個port link down後，交換機可以選擇group内其他port進行轉發，這樣這個包就不會因為沒有路可走而丢掉，而是回去選擇另外一個路徑把包轉發出去。Packets are sent to a single bucket in the group, based on a switch-computed selection algorithm. When a port specified in a bucket in a select group goes down, the switch may restrict bucket selection to the remaining set(those with forwarding actions to live ports) instead of dropping packets destined to that port. This behavior may reduce the disruption of a downed link or switch.

indirect: 直接執行定義好的一個bucket. 這個是最高效的方式，直接執行固定的bucket。

fast failover: 執行第一個alive的bucket.

4 比對過程matching

A packet matches a flow table entry if the values in the match fields used for the lookup (as defined in Figure 4) match those defined in the flow table. If a flow table field has a value of ANY, it matches all possible values in the header.To handle the various Ethernet framing types, matching the Ethernet type is handled based on the packet frame content. In general, the Ethernet type matched by OpenFlow is the one describing what is considered by OpenFlow as the payload of the packet. If the packet has VLAN tags, the Ethernet type matched is the one found after all the VLAN tags. An exception to that rule is packets with MPLS tags where OpenFlow can not determine the Ethernet type of the MPLS payload of the packet.If the packet is an Ethernet II frame, the Ethernet type of the Ethernet header (after all VLAN tags) is matched against the flow’s Ethernet type. If the packet is an 802.3 frame with a 802.2 LLC header, a SNAP header and Organizationally Unique Identifier (OUI) of 0x000000, the SNAP protocol id is matched against the flow’s Ethernet type. A flow entry that specifies an Ethernet type of 0x05FF, matches all 802.3 frames without a SNAP header and those with SNAP headers that do not have an OUI of 0x000000.

packet 是否比對一個table entry ，要看packet用于比對的字段是否與flow table比對。 如果flow table 字段都是ANY，那麼所有的包都比對，執行這個flow table 的action. 各種各樣的網絡資料包的處理将基于資料包的内容。通常來說，網絡類型字段，在openflow的處理流程中，其實已經是Payload, 因為openflow header裡面不定義包的類型。如果包有Vlan, 網絡類型比對就是所有VLAN後面的字段。還有一個特例，就是當包包含該MPLS tags時，Openflow不能決定這種包的網絡類型。 如果是一個二層包，那麼標頭裡面的網絡類型就是這個flow的類型。 如果是一個802.3的包，且包含802.2LLC、SNAP、OUI， 那麼，這個SNAP的protocol ID 就是這個flow 的網絡類型。

交換機遵循的原則是，隻有最進階别的flow entry 比對進來的Packet的時候，才可以去設定、更新相應的counter.如果對于一個包，有多個同一級别的table入口，且是最進階，那這個包就無法知道去哪裡了。

如果交換機配置包含OFPC_FRAG_REASM, IP段必須要在流水處理之前重組。

5. instruction

如果包比對到某一個flow table 的入口，将會有一系列指令執行。這些指令可能改變包的内容、或者包的下一個執行操作集，或者是下一個執行過程。

具體的指令包括一下幾個：

Apply-Actions XXX: 直接執行指定XXX actions, 不改變action set. 這個指令用來改變在兩個table之間傳遞的包，或者對某同類型包執行多個actions.

Clear-Actions: 直接清除所有actions 

Write-Actions XXX: 合并指定XXX action到目前的action set. 如果已經存在，則覆寫它，如果沒有，就加上；

Goto-Table xx-id: 指定下一個table 入口。Table ID 必須比目前的Table ID 大。

6 Action Set 

Action set 初始值是空的，如果一個指令集中沒有包含 Goto Table指令， 查表操作就結束了，這些所有的actions 将會被立即執行。

不管action加入action set的先後順序，在Actions set中，都需要遵循以下執行順序：

copy TTL inwards: 

pop： 

push:

copy TTL outwards:

decrement TTL :

set: all set-field actions to the packet

qos: 

group: 執行相應的group actions,裡面的執行順序也和這裡規定的順序一緻。

output：如果沒有指定group actions， 轉發packet到相應的output actions.

output 操作是整個action set中最後執行的。如果既有group 又有 output action, 那麼output 将會被忽略。如果既沒有group action ,有沒有output action, packet 将會被drop；

Action List

action list 包含該packet所有有需要執行的action, 執行的時候，從第一個開始順序執行，執行結果是累加。執行性apply-actions中的action後,packet的action set還是不會發生改變。

OpenFlow Protocol Overview

The OpenFlow protocol supports three message types: 

    controller-to-switch, 由controller 單向發給switch

    asynchronous, 由switch單向發給controller

    symmetric: 雙向互發 echo , hello, experimenter.

each with multiple sub-types. Controller-to-switch messages are initiated by the controller and used to directly manage or inspect the state of the switch. Asynchronous messages are initiated by the switch and used to update the controller of network events and changes to the switch state. Symmetric messages are initiated by either the switch or the controller and sent without solicitation. The message types used byOpenFlow are described below.