OpenFlow 1.0 supports IP address masking
OpenFlow supports IP subnet mask. Controllers can specify the subnet mask associated with an IP address and sent to the OpenFlow switch. The switch accepts the IP address with the subnet mask and associates any packets coming with the subnet mask with the rule.
For example, the K.15.10. OpenFlow implementation supports the ability to match on IP address and subnet mask when the OpenFlow controller programs such flows. Consider this example where the ovs-ofctl utility is used to add a flow that matches on a network source address of 1.1.1.1 with a subnet mask of /24. 10.10.10.1 here is the IP address of the switch that has an OpenFlow listen port open on port 6633.
openflow@openflow-ubuntu-08:~# ovs-ofctl add-flow tcp:10.10.0.1:6633 ip,nw_src=1.1.1.1/24,actions=output:1
To verify that this flow has been installed on the switch, we run the
ovs-ofctl
command and verify the output.
openflow@openflow-ubuntu-08:~# ovs-ofctl dump-flows tcp:10.10.0.1:6633 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=13.535s, table=0, n_packets=0, n_bytes=0, ip,nw_src=1.1.0.0/24 actions=output:1The
show openflow instance test flows
command when executed on the switch displays the following:
Example
switch(vlan-3)# show openflow instance test Configured OF Version : 1.3 only Negotiated OF Version : 1.3 Instance Name : test Data-path Description : test Administrator Status : Enabled Member List : VLAN 3 Pipeline Model : Standard Match Listen Port : 6633 Operational Status : Up Operational Status Reason : NA Datapath ID : 000340a8f09e8600 Mode : Active Flow Location : Hardware and Software No. of Hardware Flows : 0 No. of Software Flows : 0 Hardware Rate Limit : 0 kbps Software Rate Limit : 100 pps Conn. Interrupt Mode : Fail-Secure Maximum Backoff Interval : 60 seconds Probe Interval : 10 seconds Hardware Table Miss Count : NA No. of Software Flow Tables : 1 Egress Only Ports : None Table Model : Policy Engine and Software Source MAC Group Table : Disabled Destination MAC Group Table : Disabled Controller Id Connection Status Connection State Secure Role ------------- ----------------- ---------------- ------ ------ 1 Connected Active Yes Equal