Openflow 1.1到1.3 protocol, 内容从56页扩展到106页:
openflow 1.1 : http://archive.openflow.org/documents/openflow-spec-v1.1.0.pdf
openflow 1.3: https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.3.0.pdf
1. OpenFlow设计的目的之一是消除二层包的broadcast;
openflow有两种类型,一种是仅仅支持openflow-only的,另外一种既支持openflow又支持现有传统网络协议的openflow-hybrid。
2. Flow Table
A flow table consists of flow entries:
Match Fields , Counters , Instructions
match fields: to match against packets. These consist of the ingress port and packet headers, and optionally metadata specified by a previous table
counters: to update for matching packets. counter 用于更新此entry的包得数量
instructions : to modify the action set or pipeline processing
The flow tables of an OpenFlow switch are sequentially numbered, starting at 0. Pipeline processing always starts at the first flow table: the packet is first matched against entries of flow table 0. Other flow tables may be used depending on the outcome of the match in the first table.If the packet matches a flow entry in a flow table, the corresponding instruction set is executed (see4.4). The instructions in the flow entry may explicitly direct the packet to another flow table (using theGoto Instruction, see 4.6), where the same process is repeated again. A flow entry can only direct a packet to a flow table number which is greater than its own flow table number, in other words pipeline processing can only go forward and not backward. Obviously, the flow entries of the last table of the pipeline cannot include the Goto instruction. If the matching flow entry does not direct packets to another flow table,pipeline processing stops at this table. When pipeline processing stops, the packet is processed with its associated action set and usually forwarded (see 4.7).If the packet does not match a flow entry in a flow table, this is a table miss. The behavior on table miss depends on the table configuration; the default is to send packets to the controller over the control channel via a packet-in message (see 5.1.2), another options is to drop the packet. A table can also specify that on a table miss the packet processing should continue; in this case the packet is processed by the next sequentially numbered table.
包处理流程要点:
1. Packet进入switch首先查找的是flow table 0 , 是否进入其他级别flow table 看table处理完后给的action;
2. packet处理过程必须是从flow table 0 继续往前,不可被rollback到已经处理过的flow table上,所以最后一级的flow table是没有goto 语句;
3 Group table.
group table 组成的group entries 可以让带有group enable 的flow以另外一种更加有效快速的方式forwarding..., group entry 包含以下四个部分:
Group Identify: 32bit 无符号整数,唯一确定某个group
Group type: 决定group执行的语法类型;
counter: 计数被执行该group的包的个数
action bucket: 一个按顺序执行的bucket ;
其中, group type有四种类型:(bucket翻译成中文真不好听,也不通俗,直接用bucket了。)
ALL: 每个包都将执行行动集中所有的操作,这个主要用来组播或者广播。
select: 根据某一种算法,比如:round-robin,或者其他选择算法,选择一个bucket来执行转发,这个的好处是当一个port link down后,交换机可以选择group内其他port进行转发,这样这个包就不会因为没有路可走而丢掉,而是回去选择另外一个路径把包转发出去。Packets are sent to a single bucket in the group, based on a switch-computed selection algorithm. When a port specified in a bucket in a select group goes down, the switch may restrict bucket selection to the remaining set(those with forwarding actions to live ports) instead of dropping packets destined to that port. This behavior may reduce the disruption of a downed link or switch.
indirect: 直接执行定义好的一个bucket. 这个是最高效的方式,直接执行固定的bucket。
fast failover: 执行第一个alive的bucket.
4 匹配过程matching
A packet matches a flow table entry if the values in the match fields used for the lookup (as defined in Figure 4) match those defined in the flow table. If a flow table field has a value of ANY, it matches all possible values in the header.To handle the various Ethernet framing types, matching the Ethernet type is handled based on the packet frame content. In general, the Ethernet type matched by OpenFlow is the one describing what is considered by OpenFlow as the payload of the packet. If the packet has VLAN tags, the Ethernet type matched is the one found after all the VLAN tags. An exception to that rule is packets with MPLS tags where OpenFlow can not determine the Ethernet type of the MPLS payload of the packet.If the packet is an Ethernet II frame, the Ethernet type of the Ethernet header (after all VLAN tags) is matched against the flow’s Ethernet type. If the packet is an 802.3 frame with a 802.2 LLC header, a SNAP header and Organizationally Unique Identifier (OUI) of 0x000000, the SNAP protocol id is matched against the flow’s Ethernet type. A flow entry that specifies an Ethernet type of 0x05FF, matches all 802.3 frames without a SNAP header and those with SNAP headers that do not have an OUI of 0x000000.
packet 是否匹配一个table entry ,要看packet用于匹配的字段是否与flow table匹配。 如果flow table 字段都是ANY,那么所有的包都匹配,执行这个flow table 的action. 各种各样的网络数据包的处理将基于数据包的内容。通常来说,网络类型字段,在openflow的处理流程中,其实已经是Payload, 因为openflow header里面不定义包的类型。如果包有Vlan, 网络类型匹配就是所有VLAN后面的字段。还有一个特例,就是当包包含该MPLS tags时,Openflow不能决定这种包的网络类型。 如果是一个二层包,那么包头里面的网络类型就是这个flow的类型。 如果是一个802.3的包,且包含802.2LLC、SNAP、OUI, 那么,这个SNAP的protocol ID 就是这个flow 的网络类型。
交换机遵循的原则是,只有最高级别的flow entry 匹配进来的Packet的时候,才可以去设置、更新相应的counter.如果对于一个包,有多个同一级别的table入口,且是最高级,那这个包就无法知道去哪里了。
如果交换机配置包含OFPC_FRAG_REASM, IP段必须要在流水处理之前重组。
5. instruction
如果包匹配到某一个flow table 的入口,将会有一系列指令执行。这些指令可能改变包的内容、或者包的下一个执行操作集,或者是下一个执行过程。
具体的指令包括一下几个:
Apply-Actions XXX: 直接执行指定XXX actions, 不改变action set. 这个指令用来改变在两个table之间传递的包,或者对某同类型包执行多个actions.
Clear-Actions: 直接清除所有actions
Write-Actions XXX: 合并指定XXX action到当前的action set. 如果已经存在,则覆盖它,如果没有,就加上;
Goto-Table xx-id: 指定下一个table 入口。Table ID 必须比当前的Table ID 大。
6 Action Set
Action set 初始值是空的,如果一个指令集中没有包含 Goto Table指令, 查表操作就结束了,这些所有的actions 将会被立即执行。
不管action加入action set的先后顺序,在Actions set中,都需要遵循以下执行顺序:
copy TTL inwards:
pop:
push:
copy TTL outwards:
decrement TTL :
set: all set-field actions to the packet
qos:
group: 执行相应的group actions,里面的执行顺序也和这里规定的顺序一致。
output:如果没有指定group actions, 转发packet到相应的output actions.
output 操作是整个action set中最后执行的。如果既有group 又有 output action, 那么output 将会被忽略。如果既没有group action ,有没有output action, packet 将会被drop;
Action List
action list 包含该packet所有有需要执行的action, 执行的时候,从第一个开始顺序执行,执行结果是累加。执行性apply-actions中的action后,packet的action set还是不会发生改变。
OpenFlow Protocol Overview
The OpenFlow protocol supports three message types:
controller-to-switch, 由controller 单向发给switch
asynchronous, 由switch单向发给controller
symmetric: 双向互发 echo , hello, experimenter.
each with multiple sub-types. Controller-to-switch messages are initiated by the controller and used to directly manage or inspect the state of the switch. Asynchronous messages are initiated by the switch and used to update the controller of network events and changes to the switch state. Symmetric messages are initiated by either the switch or the controller and sent without solicitation. The message types used byOpenFlow are described below.
496
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
