OpenFlow flow table
An OpenFlow switch matches packets against one or more user-defined flow tables. A flow table contains flow entries, and packets are matched based on the matching precedence of flow entries.
OpenFlow flow tables include the following types:
MAC-IP—Combines the MAC address table and FIB table.
A MAC-IP flow table provides the following match fields:
Destination MAC address.
VLAN.
Destination IP address.
A MAC-IP flow table provides the following actions:
Modifying the destination MAC address.
Modifying the source MAC address.
Modifying the VLAN.
Specifying the output port.
Extensibility—Combines Ternary Content Addressable Memory (TCAM) tables and tables programmed by software. An extensibility table provides more match fields and actions than a MAC-IP flow table, such as destination MAC address, destination IP address, VLAN priority, TCP source port, and TCP destination port.
VLAN tagging—Tags all incoming packets matching the table.
VLAN untagging—Untags all outgoing packets matching the table.
Flow entry
Figure 2: Flow entry components
A flow entry contains the following fields:
Match fields—Matching rules of the flow entry. These contain the ingress port, packet headers, and metadata specified by the previous table.
Priority—Matching precedence of the flow entry. When a packet is matched against the flow table, only the highest priority flow entry that matches the packet is selected.
Counters—Counts of the packets that match the flow entry.
Instructions—To modify the action set or pipeline processing. These include the following types:
Meter—Directs the packets to the specified meter to rate-limit the packets.
Apply-Actions—Applies the specified actions in the action list immediately.
Clear-Actions—Clears all actions in the action set immediately.
Write-Actions—Modifies all actions in the action set immediately.
Write-Metadata—Modifies packets between two flow tables if there are multiple flow tables.
Goto-Table—Indicates the next flow table in the processing pipeline.
Actions are executed in one of the following ways:
Action Set—When the instruction set of a flow entry does not contain a Goto-Table instruction, pipeline processing stops and the actions in the action set are executed. An action set contains a maximum of one action of each type.
Action List—The actions in the action list are executed immediately in the order specified by the action list. The effect of those actions is cumulative.
Actions include the following types:
(Required.) Output—The Output action forwards a packet to the specified OpenFlow port. OpenFlow switches must support forwarding packets to physical ports, logical ports, and reserved ports.
(Required.) Drop—There is no explicit action to represent drops. Packets whose action sets have no output actions are dropped. Typically, packets are dropped due to empty instruction sets, empty action sets, or the executing a Clear-Actions instruction.
(Required.) Group—Processes the packet through the specified group. The exact interpretation depends on group type.
(Optional.) Set-Queue—The Set-Queue action sets the queue ID for a packet. When the packet is forwarded to a port by using the output action, the queue ID determines which queue attached to this port is used for scheduling and forwarding the packet. The forwarding behavior is dictated by the configuration of the queue and is used to provide basic QoS support.
(Optional.) Push-Tag/Pop-Tag—Pushes or pops tags, such as VLAN tags, MPLS tags, and PBB tags.
(Optional.) Set-Field—The Set-Field actions are identified by their field type and modify the values of corresponding header fields in the packet. Set-Field actions are always applied to the outermost header. For example, a Set VLAN ID action always sets the ID of the outermost VLAN tag.
Timeouts—Maximum amount of idle time or hard time for the flow entry.
idle time—The flow entry is removed when it has matched no packets during the idle time.
hard time—The flow entry is removed when the hard time timeout is exceeded, whether or not it has matched packets.
Cookie—Flow entry identifier specified by the controller.
Table-miss flow entry
Every flow table must support a table-miss flow entry to process table misses. The table-miss flow entry specifies how to process packets that were not matched by other flow entries in the flow table.
The table-miss flow entry wildcards all match fields (all fields omitted) and has the lowest priority 0.
The table-miss flow entry behaves in most ways like any other flow entry.
OpenFlow pipeline
The OpenFlow pipeline processing defines how packets interact with flow tables contained by a switch.
The flow tables of an OpenFlow switch are sequentially numbered, starting at 0. The packet is first matched against flow entries of the first flow table, which is flow table 0. A flow entry can only direct a packet to a flow table number that is greater than its own flow table number.
When a packet matches a flow entry, the OpenFlow switch updates the action set for the packet and passes the packet to the next flow table. In the last flow table, the OpenFlow switch executes all actions to modify packet contents and specify the output port for packet forwarding. If the instruction set of one of the flow tables contains an action list, the OpenFlow switch executes the actions to modify a copy of the packet immediately in this table.
Figure 3: OpenFlow forwarding workflow