Ben Pfaff
e10dfcf357
When secchan is configured to "fail open" after failing to connect to a controller for a period of time, it needs a heuristic for what constitutes a successful connection. Until now, that heuristic was simply that when it received an OpenFlow message from the controller (any OpenFlow message), it considered the connection successful. However, this is no longer good enough, because NOX performs admission control on connections after sending a number of OpenFlow messages, in particular after doing OpenFlow version negotiation and requesting the switch features (and receiving the reply). Thus, this commit adjusts the heuristic by only considering certain OpenFlow messages to demonstrate that admission control checks have passed and thus that the connection should be considered successful. As a fallback, any connection that persists for 30 seconds or longer is also considered successful. An alternate and complementary approach (that this commit does not implement) would be to use an OpenFlow error message to indicate why the connection is closing. Fixes bug #239.
OpenFlow Reference Release <http://openflowswitch.org>
What is OpenFlow?
-----------------
OpenFlow is a flow-based switch specification designed to enable
researchers to run experiments in live networks. OpenFlow is based on a
simple Ethernet flow switch that exposes a standardized interface for
adding and removing flow entries.
An OpenFlow switch consists of three parts: (1) A "flow table" in
which each flow entry is associated with an action telling the switch
how to process the flow, (2) a "secure channel" connecting the switch
to a remote process (a controller), allowing commands and packets to
be sent between the controller and the switch, and (3) an OpenFlow
protocol implementation, providing an open and standard way for a
controller to talk to the switch.
An OpenFlow switch can thus serve as a simple datapath element that
forwards packets between ports according to flow actions defined by
the controller using OpenFlow commands. Example actions are:
- Forward this flow's packets to the given port(s)
- Drop this flow's packets
- Encapsulate and forward this flow's packets to the controller.
The OpenFlow switch is defined in detail in the OpenFlow switch
Specification [2].
What's here?
------------
This distribution includes two different reference implementations of
an OpenFlow switch. The first implementation, which is closely tied
to Linux because it is partially implemented in the Linux kernel, has
the following components:
- A Linux kernel module that implements the flow table and
OpenFlow protocol, in the datapath directory.
- secchan, a program that implements the secure channel
component of the reference switch.
- dpctl, a tool for configuring the kernel module.
The second implementation is a single userspace program, named
"switch", that integrates all three parts of an OpenFlow switch.
This distribution includes some additional software as well:
- controller, a simple program that connects to any number of
OpenFlow switches, commanding them to act as regular MAC
learning switches.
- vlogconf, a utility that can adjust the logging levels of a
running secchan or controller.
- ofp-pki, a utility for creating and managing the public-key
infrastructure for OpenFlow switches.
- A patch to tcpdump that enables it to parse OpenFlow
messages.
For installation instructions, read INSTALL. Each userspace program
is also accompanied by a manpage.
Platform support
----------------
Other than the Linux kernel module and userspace switch
implementation, the software in the OpenFlow distribution should
compile under Unix-like environments such as Linux, FreeBSD, Mac OS X,
and Solaris. Our primary test environment is Debian GNU/Linux.
Please contact us with portability-related bug reports or patches.
The Linux kernel module is, of course, Linux-specific, and the secchan
and dpctl utilities will not be as useful without the kernel module.
The testing of the kernel module has focused on Linux 2.6.23. Linux
2.6 releases from 2.6.15 onward and Linux 2.4 releases from 2.4.20
onward should also work.
The userspace switch implementation should be easy to port to
Unix-like systems. The interface to network devices, in netdev.c, is
the only code that should need to change. So far, only Linux is
supported. We welcome ports to other platforms.
GCC is the expected compiler.
Bugs/Shortcomings
-----------------
- The flowtable does not support the "normal processing" action.
References
----------
[1] OpenFlow: Enabling Innovation in College Networks. Whitepaper.
<http://openflowswitch.org/documents/openflow-wp-latest.pdf>
[2] OpenFlow Switch Specification.
<http://openflowswitch.org/documents/openflow-spec-latest.pdf>
Contact
-------
e-mail: info@openflowswitch.org
www: http://openflowswitch.org/