Views
OpenFlow v1.1
From OpenFlow Wiki
Contents |
OpenFlow 1.1 Implementation
Jean Tourrilhes - HP-Labs
Overall goal
The goal is to validate the OpenFlow 1.1 specification by producing software prototype implementation of each feature. The hope is that the experience of such implementation can validate the specification.
Those implementation should be based on Open vSwitch. We will create a set of branches for every feature, each feature is implemented in parallel and independent of each other. No effort to integrate those features will be done at this point. We will help manage those branches. To improve visibility, we would recommend those branches to be public, or to perform weekly code drops.
Once those implementations are done, people are welcome to try them out and submit feedback.
Schedule
Implementation from 22 oct to 23 nov. Evaluation from 24 nov to 3 dec
Mailing List
For all questions and discussions regarding the prototype implementation, we will be using the openflow-dev mailing list.
The bugs are on the Bug Tracker.
Features
For each feature, we would like two switches implementations, a basic controller implementation and some tests in one of the test suite. The NoX team lead by Nick plans to take care of the controller implementation. We don't have any plans yet for FlowVisor.
Features in bold are done. Features with no name means nobody is working on them. We would appreciate contribution for the remaining work.
| Item | OVS impl 1 | OVS impl 2 | Python impl | Test |
|---|---|---|---|---|
| OVS baseline 1.1 support | Jean & Nick | Dan, Rob | Dan | |
| Multiple Tables (table selection, action set, instructions...) | Dan, Rob | see below | ||
| Table configuration (default behaviour) | Rob | see below | ||
| Apply-actions instruction | Jean & Nick | Rob | Dan, Rob | |
| Group : All | Ericsson | Ericsson | ||
| Group : Select | Ericsson | Ericsson | ||
| Group : Fast Failover | Ericsson | Ericsson | ||
| Extensible match (len + type) | N/T | |||
| Maskable DL and NW fields | NEC | Tatsuya | ||
| SCTP matching support and SCTP set tp_port | Jean | Bob | ||
| VLAN tags (multi-VLAN-tag, push/pop, ...) | Saurav | Ericsson | Rob | Tatsuya |
| MPLS tags (including TTL) | Ericsson | Tatsuya | ||
| IP TTL set/decrement | Google & Jean | Bob | ||
| Set ECN action | Jean | Ed | ||
| Cookie Enhancements | David | Dan | ||
| Set_queue action | Jean | Yiannis | ||
| Logical ports and phy-port in packet-in | N/T | |||
| Connection interruption -> already done in OVS | OVS | |||
| Port tests from OFTest 1.0 | N/A | N/A | N/A | |
| Port tests from old perl test suite | N/A | N/A | N/A |
Multiple tables
Multiple tables is a pretty complex feature. For this reason, we are trying to structure the test plan. We would appreciate contribution in writing test for multiple tables.
| Item | Tester | Notes |
|---|---|---|
| single-table | Rob | Ensure that switch can be used like a 1.0 switch by only populating the first table |
| table index support | Rob | Flow-mod and flow-stats are able to manipulate each table appropriately, flows from the correct table are inserted/dumped |
| table matching in order | Dan | Insert flows in table 0 and 1 that would match the same packet, but no goto in the table 0 flow. Ensure flow in table 0 matches, not table 1. This should work regardless of priority etc. |
| goto support | Masahiko | Ability to arbitrarily jump forward, but not backward with 3 or more tables |
| no-goto support | Masahiko | No goto in instruction set stop pipeline processing, further tables are ignored |
| metadata support | Masahiko | Setting metadata in one table, matching on metadata in a second table Ensure test masking abilities for metadata |
| action set support | Tatsuya | Actions are properly merged and ordered when using write-action in two tables |
| policy decoupling | Masahiko | Can use one table to forward, and one table for QoS action (set_queue and/or set_tos) |
| clear action support | Masahiko | Clear Action does clear the action set |
| table miss support | Masahiko | Table miss on any table sends packet to the controller (default behaviour) |
| popping VLAN between table | Tatsuya | Apply-action can remove a VLAN header between two tables, inner VLAN tag is visible in subsequent match |
| popping MPLS between table | Tatsuya | Apply-action can remove a MPLS tag between two tables, IP header becomes visible in subsequent match |
| apply instruction | Tatsuya | More general test of above two items |
| goto table + apply with send-to-port | Masahiko | Ensure packet is forwarded out port and sent to next table |
| empty instruction list | Masahiko | A flow with empty instruction list should still cause accumulated action set to be executed |
| table config | Masahiko | Ensure all table config states work (continue, controller, drop) |
Example use cases identified during development:
- QoS (routing in first table, QoS in second)
- VRF (multiple routing tables, the routing table to use is selected based upon something from tuple)
- Firewall (accept/drop based on ports)
- MPLS PHP (penultimate hop popping -- pop off MPLS tag and route on IP header)
Baseline
To help with the prototype implementation, a core group of people are working on a "baseline" version of various tools.
- ovs-openflowd. Based on Open vSwitch 1.0.3, 1.1 wire compatible, only support "apply-action" instruction, userspace only (dpif-netdev.c)
- ovs-controller. Based on Open vSwitch 1.0.3, 1.1 wire compatible, only support "apply-action" instruction.
- ovs-ofctl. Based on Open vSwitch 1.0.3, 1.1 wire compatible, only support "apply-action" instruction.
- OFTest. Based on oftest-dragonfly-1.0, 1.1 wire compatible, few basic tests supported
- WireShark plugin.
The baseline OVS is available in a special git repository. To clone this repository without any permissions, run:
git clone git://openflow.org/of1.1-spec-test.git
Developers expecting to push should send their public SSH key to rob.sherwood@stanford.edu, and run this command instead:
git clone git@openflow.org:of1.1-spec-test.git
You can also browse the OVS repository with webgit
The baseline OFTest is available as a branch called oft-1.1 in the usual GIT repository :
git clone git://openflow.org/oftest.git git checkout -b oft-1.1 origin/oft-1.1
Developers w/SSH keys should run:
git clone git@openflow.org:oftest.git
You can also browse the OFtest repository with webgit
Instructions
The simplest way to run OVS baseline is to run the simple OpenFlow switch in userspace. This can be done with real interfaces (requires multiple computers) or with virtual ethernet tunnels (require a single computer).
This is how to run OVS in userspace with real interfaces
cd .../of1.1-spec-test/utilities ./ovs-openflowd netdev@br0 --ports=eth2,eth5 tcp:127.0.0.1:6633 --listen=ptcp:6634 --fail=closed --out-of-band -v ./ovs-controller -v ptcp:6633 ./ovs-ofctl show tcp:127.0.0.1:6634 ./ovs-ofctl dump-flows tcp:127.0.0.1:6634
Some features are only implemented in the kernel version of OVS (SCTP, QoS), this require compiling and loading the kernel module.
cd .../of1.1-spec-test/utilities insmod ../datapath/linux-2.6/openvswitch_mod.ko ./ovs-openflowd dp0 --ports=eth2,eth5 tcp:127.0.0.1:6633 --listen=ptcp:6634 --fail=closed --out-of-band -v ./ovs-controller -v ptcp:6633 ./ovs-ofctl show tcp:127.0.0.1:6634 ./ovs-ofctl dump-flows tcp:127.0.0.1:6634
For running OVS with virtual interfaces, you need to first create veth pairs.
On Ubuntu, do that with
ip link add type veth
Each time an interconnected pair of virtual interfaces will be created, one tied to root and the other which will become part of the ovs switch. Configure each virtual intf with an IP address and bring it up. For example with veth0
ifconfig veth0 192.168.10.1 netmask 255.255.255.0 ifconfig veth0 up
For ovs, follow the instructions in INSTALL.Linux and INSTALL.userspace. It is not necessary to build or install the kernel module to run ovs-openflowd in userspace.
sudo ovs-openflowd netdev@dp1 --ports=veth1,veth3,veth5,veth7 tcp:127.0.0.1
Finally, in a different terminal, you can run OFTest with
sudo ./oft --test-spec=PacketIn --platform=local --verbose --log-file=""
Note that to use ovs with OFTest you must create 4 veth pairs (or change OFTest configuration file local.py). You can change the test name from PacketIn to the test of your choice. While OFTest (branch oft-1.1) is 1.1 wire compatible, most tests and test utilities have not been ported to 1.1 yet.
Mininet support
Note: The following is probably obsolete - this web page was an internal development page from December 2010 . The userovs branch of Mininet referred to below is also obsolete, but it may be possible to find it at: https://github.com/lantz/mininet/tree/userovs
For system-level tests, the origin/lantz/userovs branch of Mininet now supports the Open vSwitch user switch and, by extension, of1.1-spec-test. To run the user-space switch along with the of1.1-spec-test controller, first make sure that of1.1-spec-test (i.e. ovs-openflowd, etc.) is installed and in your path. Then run mn, specifying --switch ovsu and --controller ovs:
# cd ~/mininet # git checkout -b userovs origin/lantz/userovs # sudo make install # mn --switch ovsu --controller ovs
Spec
Current Status: Initial Feature Implementation Phase
Implementation Status Scoreboard: list of features, implementors, and tests
Spec: The OpenFlow 1.1 process has moved from meeting discussions, to wiki proposals, to an "unimplemented" spec, to an updated spec draft influenced by implementations (the "implemented" spec).. The most up-to-date spec draft is in the spec1.1 branch on the git repo, and the latest pdf snapshot is here:
Archived Drafts:
- download latest pdf of spec draft, made at 6pm on Wed, Feb 2, no diff highlighting
- download latest pdf of spec draft, made at 6pm on Wed, Feb 2, with diff highlighting relative to draft3
- download spec draft 3, made on noon on Wed, Dec 22, no diff highlighting
- download spec draft 3, made on noon on Wed, Dec 22, with diff highlighting relative to draft2
- download pdf of final 'unimplemented' spec draft as of noon on Sat, Oct 23, no diff highlighting
- download pdf of final 'unimplemented' spec draft as of noon on Sat, Oct 23, with diff highlighting relative to draft1
- download pdf of spec draft as of midnight on Fri, Oct 15, no diff highlighting
- download pdf of spec draft as of midnight on Fri, Oct 15, with diff highlighting relative to draft0
- download pdf of spec draft as of noon on Fri, Oct 8, no diff highlighting
- download pdf of spec draft as of noon on Fri, Oct 8, with diff highlighting
The most up-to-date version of this is available on the OpenFlow git repo. To access:
git clone git://openflow.org/openflow.git git fetch git checkout -b spec1.1 origin/spec1.1
Please post change suggestions directly to the bug tracker, with milestone, version, and component default to 1.1, 1.1, and spec respectively.
Spec versions with major feature changes highlighted (but likely to be out of date - so don't send fixes for these):
- Multiple Tables: pdf of draft changes / wiki proposal
- Groups: pdf of draft changes / wiki proposal
- Tags/Tunnels: pdf of draft changes / wiki proposal
- Miscellaneous
- Remove 802.1d-specific text from spec
- Remove Emergency Flow Cache from spec
- Cookie Enhancements Proposal
- Set_queue action
- Maskable DL and NW fields
- Add TTL decrement action
- Add physical port in addition to logical port for packet in messages
Deferred to later versions or under discussion:
- Rate Limiter Proposal
- Extensible match fields
For other proposals-in-progress, see Meeting Notes.
Quick Navigation
OpenFlow White Paper
Download the OpenFlow Whitepaper (PDF)
OpenFlow Specification
Download v1.1.0 Implemented (PDF)