Interoperability
Effect |
Feature |
|---|---|
Feature can override OpenFlow 1 |
802.1X |
MAC Auth |
|
MAC Lockout |
|
MAC Lockdown |
|
Port Security |
|
Web Auth |
|
Feature can override OpenFlow 2 |
ACLs – Port, VLAN, Router, IDM variants |
IDM |
|
Feature can override OpenFlow 3 |
Rate Limiting |
If OpenFlow is used, the feature can be configured. |
Management VLAN
NOTE:
Management VLAN feature can be configured but it cannot be part of an OpenFlow instance. |
If OpenFlow is used, the feature cannot be configured. 4 |
Meshing |
Q-in-Q |
|
Remote Mirror Endpoint |
|
Transparent Mode |
|
OpenFlow can override this feature 5 |
DHCP Snooping |
DHCPv4 client |
|
DHCPv4 relay |
|
DHCPv6 client |
|
DNS |
|
Ping |
|
SNTP |
|
Telnet client and server |
|
TFTP |
|
TimeP |
|
Traceroute |
|
BGP |
|
OpenFlow can override this feature |
DHCPv6 relay |
Dynamic ARP Protection |
|
Dynamic IP Lockdown |
|
IGMP Proxy |
|
IGMPv2 |
|
IGMPv3 |
|
MLDv1 |
|
MLDv2 |
|
OSPFv2 |
|
OSPFv3 |
|
PIM-DM |
|
PIM-SM |
|
RIP |
|
Static Multicast Routes |
|
Static Routes |
|
Virus Throttling |
|
VRRP |
|
OpenFlow does not affect this feature |
Support existing L2, L3, security, HA, QoS functionalities |
OpenFlow does not affect this feature6 |
Distributed Trunking |
GVRP |
|
LACP |
|
Loop Protect |
|
sFlow |
|
UDLD |
|
OpenFlow does not affect this feature 7 |
STP loop guard |
BPDU guard |
|
MSTP |
|
RSTP |
|
STP |
|
PVST |
1The authentication features still function in an OpenFlow instance and ports of an OpenFlow instance. The security features take a first look at the packet before sending the packets to OpenFlow.
2Any ACL entry that sets a drop bit in hardware (TCAM) always wins over the TCAM entry to copy OpenFlow traffic to the controller. Packets on an OpenFlow instance could then get dropped in hardware due to an ACL entry. An OpenFlow controller is never able to see those packets.
3Rate Limiting may be applied to limit OpenFlow traffic as well as other traffic. OpenFlow uses a form of rate-limiter to limit the OpenFlow traffic that gets to the CPU and to the controller.
4Enabling Meshing can break the distinction between OpenFlow VLANs and non-OpenFlow VLANs.
The OpenFlow controller could set up a flow to match a protocol header and an action to drop the matching packets. This action could lead to the protocol packets never making it to the protocol handling code in the software data path, causing the protocol to break on the OpenFlow instance.
The OpenFlow controller could set up a flow to match a protocol header and a NORMAL action in software for the matching packets. In such a case, OpenFlow removes the protocol packets in the software data path. OpenFlow reintroduces the protocol packets after examining the software flow table. Though this action may not break the protocol, it introduces an additional latency before the protocol running on the switch gets the protocol packets.
6Protocol packets are not sent through the OpenFlow software data path.
7Port up or down events are sent to the controller to keep the controller aware of available ports on the switch. OpenFlow cannot override STP, RSTP, or MSTP decisions.
When OpenFlow and VxLAN are enabled together on the same VLAN, the VxLAN tunnels are not advertised as an OpenFlow port to the controller. The Controller cannot program rules with match or output as VxLAN tunnels.
When OpenFlow and VxLAN are enabled together on the switch but on different VLANs, all the packets tagged as unknown destination by the switch are not executed as per the OFPP_NORMAL action. Other OpenFlow actions such as output to a physical port or SI tap/intercept tunnels work as expected.