OpenFlow Cookbook

By S Kingston Smiler.

About This Book

• Create a full-fledged, flow-based OpenFlow switch software agent from scratch
• Develop your own OpenFlow Controller that can control any OpenFlow switch available in the market
• Explore how OpenFlow works and how it provides control plane and date plane separation
• Complete, step-by-step guide divided into two separate parts to give a better view of controller and switch development

Who This Book Is For

This book is intended for network protocol developers, SDN controller application developers, and academics who would like to understand and develop their own OpenFlow switch or OpenFlow controller in any programming language. With basic understanding of OpenFlow and its components, you will be able to follow the recipes in this book.

• Language: English
• Publisher: Packt Publishing
• Release date: Apr 30, 2015
• ISBN: 9781783987955

Book preview

Table of Contents

OpenFlow Cookbook

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why Subscribe?

Free Access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Sections

Getting ready

How to do it…

How it works…

There's more…

See also

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. OpenFlow Channel Connection Establishment (Part 1)

Introduction

Connection setup on TCP and TLS

Getting started

How to do it...

TCP Procedure

TLS Procedure

There's more…

See also

Connection setup with multiple controllers

How to do it...

How it works...

There's more…

See also

Setting the role of the communication channel towards a controller

How to do it...

There's more…

See also

Establishing an auxiliary connection to the controller

Getting started

How to do it...

There's more…

See also

Handling a handshake message from the controller

Getting started

How to do it...

See also

Handling a switch configuration message from the controller

How to do it...

See also

Connection interruption procedures

How to do it...

How it works...

There's more…

1. OpenFlow Channel Connection Establishment (Part 2)

Introduction

Connection setup on TCP and TLS

Getting started

How to do it...

TCP Procedure

TLS Procedure

There's more…

See also

Multiple controllers managing a switch with different roles

How to do it...

How it works...

See also

Setting the role of a controller's communication channel

How to do it...

See also

Auxiliary connection establishment

Getting started

How to do it...

There's more…

See also

Sending a handshake message to the switch

Getting started

How to do it...

See also

Sending a switch configuration message to the switch

Getting started

How to do it...

See also

2. Symmetric Messages and Asynchronous Messages (Part 1)

Sending and processing a hello message

Getting started

How to do it...

Sending the OFPT_HELLO message

Receiving the OFPT_HELLO message

There's more…

See also

Sending and processing an echo request and a reply message

Getting started

How to do it...

Sending the OFPT_ECHO_REQUEST message

Receiving OFPT_ECHO_REQUEST

Processing OFPT_ECHO_REPLY message

There's more…

Sending and processing an error message

How to do it...

See also

Sending and processing an experimenter message

How to do it...

Handling a Set Asynchronous Configuration message

How to do it...

How it works...

See also

Handling a Get Asynchronous Configuration message from the controller

How to do it...

See also

Sending a packet-in message to the controller

How to do it...

How it works...

There's more…

See also

Sending a flow-removed message to the controller

How to do it...

See also

Sending a port-status message to the controller

How to do it...

See also

Sending a controller role-status message to the controller

How to do it...

See also

Sending a table-status message to the controller

How to do it...

See also

Sending a request-forward message to the controller

How to do it...

See also

Handling a packet-out message from the controller

How to do it...

See also

Handling a barrier message from the controller

How to do it...

See also

2. Symmetric Messages and Asynchronous Messages (Part 2)

Sending and processing a hello message

Getting started

How to do it...

Sending the OFPT_HELLO message

Receiving the OFPT_HELLO message

There's more…

See also

Sending and processing an echo request and a reply message

Getting started

How to do it...

Sending the OFPT_ECHO_REQUEST message

Receiving OFPT_ECHO_REQUEST message

Processing OFPT_ECHO_REPLY message

There's more…

Sending and processing error message

How to do it...

See also

Sending and processing experimenter message

How to do it...

Configuring the switch to send a list of asynchronous events the controller channel is interested in

How to do it...

How it works...

See also

Fetching the list of possible asynchronous events that can come from the switch to the controller channel

How to do it...

See also

Processing a packet-in asynchronous message from the switch

Getting started

How to do it...

See also

Processing a flow removed asynchronous message from the switch

Getting started

How to do it...

See also

Processing a port-status asynchronous message from the switch

Getting started

How to do it...

See also

Processing the controller role-status message from the switch

Getting started

How to do it...

See also

Processing a table status asynchronous message from the switch

Getting started

How to do it...

See also

Processing a request forward message from the switch

Getting started

How to do it...

Sending a packet-out message to the switch

How to do it...

Construct the packet and sending it for further pipeline processing in the switch

Using packet buffer in the switch

See also

Sending a barrier message to the switch

How to do it...

See also

3. Flow Table and Flow Entry Modification Messages (Part 1)

Introduction

Flow table entry

Match Fields

Oxm_class

Oxm_field

Oxm_haskmask

Priority

Counter

Instructions

Action set

Action list

Action

Timeout

Cookie

Modifying a flow table with eviction enabled

How to do it...

See also

Modifying a flow table with vacancy enabled

How to do it...

There's more…

See also

Adding a new flow entry to a flow table

How to do it...

See also

Deleting a flow entry in a flow table

How to do it...

See also

Modifying a flow entry in a flow table

How to do it...

See also

Flow table synchronizations

How to do it...

3. Flow Table and Flow Entry Modification Messages (Part 2)

Introduction

Modifying a flow table with eviction enabled

How to do it...

See also

Modifying a flow table with vacancy enabled

How to do it...

See also

Adding a new flow entry to the flow table

How to do it...

See also

Deleting an entry from a flow table

How to do it...

See also

Modifying an entry in the flow table

How to do it...

See also

4. Group Table and Meter Table Modification Messages (Part 1)

Introduction

Group table

Meter table

Adding a new group entry in a group table

How to do it...

See also

Deleting a group entry in a group table

How to do it...

See also

Modifying a group entry in a group table

How to do it...

See also

Adding a new meter in a meter table

How to do it...

See also

Deleting a meter entry

How to do it...

See also

Modifying a meter entry in a meter table

How to do it...

See also

4. Group Table and Meter Table Modification Messages (Part 2)

Introduction

Adding a new group entry in a group table

How to do it...

How it works...

See also

Deleting a group entry in a group table

How to do it...

How it works...

See also

Modifying a group entry in a group table

How to do it...

How it works...

See also

Adding a new meter in a meter table

How to do it...

How it works...

See also

Deleting a meter entry

How to do it...

How it works...

See also

Modifying a meter entry in a meter table

How to do it...

How it works...

See also

5. Handling Multipart Statistics Messages (Part 1)

Introduction

Handling a multipart request message to get statistics of an individual flow table entry

How to do it...

See also

Handling a multipart request message to get statistics of a group/aggregate of flow table entry

How to do it...

See also

Handling a multipart request message to get statistics of flow table

How to do it...

See also

Handling a multipart request message to get port statistics

How to do it...

See also

Handling a multipart request message to get port queue statistics

How to do it...

See also

Handling a multipart request message to get meter statistics

How to do it...

See also

Handling a multipart request message to get group statistics

How to do it...

See also

5. Handling Multipart Statistics Messages (Part 2)

Getting statistics of an individual flow table entry using multipart messages

How to do it...

How it works...

Getting statistics of group/aggregate of flow table entries using multipart messages

How to do it...

How it works...

Getting statistics of flow table using multipart messages

How to do it...

How it works...

Getting port statistics using multipart messages

How to do it...

How it works...

Getting port queue statistics using multipart messages

How to do it...

How it works...

Getting meter statistics using multipart messages

How to do it...

How it works...

Getting group statistics using multipart messages

How to do it...

How it works...

6. Handling Multipart State Information Messages (Part 1)

Introduction

Getting information about the switch using multipart messages

How to do it...

See also

Getting group description using multipart messages

How to do it...

See also

Getting group feature using multipart messages

How to do it...

See also

Getting meter configuration using multipart messages

How to do it...

See also

Getting the meter feature using multipart messages

How to do it...

See also

Getting the table feature using multipart messages

How to do it...

See also

Getting port description using multipart messages

How to do it...

See also

Getting table description using multipart messages

How to do it...

See also

Getting queue description using multipart messages

How to do it...

See also

Configuring Flow monitor using multipart messages

How to do it...

See also

Experimenter multipart messages

How to do it...

6. Handling Multipart State Information Messages (Part 2)

Introduction

Getting information about the switch using multipart messages

How to do it...

See also

Getting the group description using multipart messages

How to do it...

See also

Getting the group feature using multipart messages

How to do it...

See also

Getting the meter configuration using multipart messages

How to do it...

See also

Getting the meter feature using multipart messages

How to do it...

See also

Getting the table feature using multipart messages

How to do it...

See also

Getting the port description using multipart messages

How to do it...

See also

Getting the table description using multipart messages

How to do it...

See also

Getting the queue description using multipart messages

How to do it...

See also

Configuring the flow monitor using multipart messages

How to do it...

See also

Experimenter multipart message

How to do it...

7. Handling Bundle Messages (Part 1)

Introduction

Creation of a bundle

How to do it...

Adding messages to a bundle

Getting started

How to do it...

Closing a bundle

Getting started

How to do it...

Committing or executing all the operations inside a bundle

Getting started

How to do it...

Discarding a bundle

Getting started

How to do it...

7. Handling Bundle Messages (Part 2)

Introduction

Creation of a bundle

How to do it...

Adding messages to a bundle

Getting started

How to do it...

Closing a bundle

Getting started

How to do it...

Committing or executing all the operations inside a bundle

Getting started

How to do it...

Discarding a bundle

Getting started

How to do it...

A. Common OpenFlow Headers, Structures, and Error Code

Common OpenFlow headers

OpenFlow Header

Common OpenFlow structures

Port structures

Table structures

Common OpenFlow error codes

Common OpenFlow multipart message types

Index

OpenFlow Cookbook

---

OpenFlow Cookbook

Copyright © 2015 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: April 2015

Production reference: 1280415

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-78398-794-8

www.packtpub.com

Credits

Author

Kingston Smiler. S

Reviewers

Renato Aguiar

Icaro Camelo

Praveen Darshanam

Commissioning Editor

Usha Iyer

Acquisition Editor

Subho Gupta

Content Development Editor

Susmita Sabat

Technical Editors

Madhunikita S. Chindarkar

Naveenkumar Jain

Vivek Pala

Copy Editors

Trishya Hajare

Vikrant Phadke

Aarti Saldanha

Project Coordinator

Milton Dsouza

Proofreaders

Safis Editing

Lesley Harrison

Paul Hindle

Kevin McGowan

Elinor Perry-Smith

Graphics

Sheetal Aute

Indexer

Priya Sane

Production Coordinator

Nitesh Thakur

Cover Work

Nitesh Thakur

About the Author

Kingston Smiler. S is a seasoned professional with 11 years of experience in software development and pre-sales, encompassing a wide range of skill sets, roles, and industry verticals. He has solid expertise in data communication networking, software-based switching and routing solutions, and virtualization platforms such as OpenStack, OpenDaylight Controller, Docker containers, CoreOS, and so on. He is currently working as an advisor and technical consultant for networking companies in the development of Layer 2 and Layer 3 IP protocols. Kingston also works on various technologies such as MVC-based web and Windows applications, e-commerce frameworks, open source IoT frameworks, single-board computers such as Raspberry Pi and Intel Galileo, and so on. He is active in various networking standard bodies such as IETF, IEEE, and ONF. He has proposed a couple of drafts in the MPLS working group of IETF. With the current surge in SDN, virtualization, and NFV, his primary focus is in these areas. Kingston completed a BE in computer science from Madras University.

First and foremost, I would like to thank the Lord for giving me the immense confidence and energy to start and complete this book successfully. I want to thank my kids, mother, brother, sister, and all my family members for their support. I would also like to thank all of my friends who supported me in writing, and encouraged me to strive towards my goal. Thanks to Subho and Susmita for their reviews and helping me to finish this book during my busy schedule. Finally, special thanks to my wife for her patience and support in writing this book, as most of this book was written during weekends, nights, vacations, and so on.

About the Reviewers

Renato Aguiar has more than 8 years of experience in software development, with a solid background in computer programming, algorithms, network protocols, and GNU/Linux. He has been working for the last 5 years mostly with software-defined networking (SDN), developing proof-of-concept software for HP's cutting-edge research and participating in academic publications. He is also interested in operations research, operating systems, functional programming, and computer security.

Icaro Camelo is an experienced software developer and has a master's degree in computer science (in the field of networking). He is trilingual (Portuguese, English, and French) and a problem solver, with more than 8 years of experience in IT as a system administrator and software developer.

Icaro is fond of cloud and software architecture, network programming, and software development best practices.

I would like to thank my wife, Anndreza Camelo, for supporting and inspiring me all the time.

Praveen Darshanam has approximately 8 years of experience in information security and telecoms as a security researcher, developer, and QA engineer. He has worked for companies such as Versa, Cisco, McAfee, and iPolicy Networks. His core expertise and passions are malware analysis, forensics, and application security, among others. Praveen has identified and disclosed vulnerabilities in enterprise-grade products and ICS software. He pursued his bachelor's and master's degrees in engineering from one of the premier institutes in India. He holds a number of industry certifications, such as CHFI, ECSA, and CEH. He is a well-known ethical hacking trainer in India and posts blogs at http://blog.disects.com.

I would like to thank my parents, sister, brother, wife, son, and friends for their everlasting love, encouragement, and support.

www.PacktPub.com

Support files, eBooks, discount offers, and more

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why Subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Free Access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.

Preface

With the tremendous growth in data traffic due to the increase in the number of devices connected to networks, and more and more applications moving into the cloud, service providers are moving towards virtualizing their infrastructure. With storage and computing virtualization, there is a clear necessity to provide virtualization in networks and a standardized way of programming network devices. With large data centers, there is also a clear necessity to change the traditional control plane and data plane paradigm to move towards flow-based switching, which is more generic and can be adapted for different avenues. Today's networks have evolved into complex proprietary systems, with little chance of offering any possibility to carry out experiments on new ideas or protocols. The Open Network Foundation (ONF) has come up with a specification to meet these requirements and has called it OpenFlow. The latest version of this specification is OpenFlow 1.4.

OpenFlow paves the way for the traditional network to be a programmable network, with standard interfaces between the controller (traditionally called a control plane) and the actual packet forwarding entity (traditionally called a data plane). OpenFlow was started as a means to try experimental ideas/protocols on large-scale networks by providing a standard, flow-based table called an OpenFlow table and separating the control plane from the data plane. This offers the possibility to program the forwarding decisions of those network devices supporting the OpenFlow specification in a flexible manner. There are two main components of the OpenFlow specification, the switch and the controller. This book describes in brief both the OpenFlow switch and controller, their operations, and so on.

An OpenFlow switch consists of one or more flow tables and group tables that perform packet lookups and forwarding. Each flow table in the switch contains a set of flow entries. Each flow entry consists of match fields, counters, and a set of instructions to apply to matching packets. The switch communicates with the controller and the controller manages the switch via the OpenFlow channel, using the OpenFlow protocol.

The OpenFlow controller is a software application that manages the switch using the OpenFlow protocol. The controller can add, update, and delete flow entries in flow tables, both reactively (in response to packets) and proactively.

This Cookbook provides an easy, more user-friendly and step-by-step approach to develop and understand OpenFlow switch and controller. Organized into two parts, part 1 explains OpenFlow from the switch point of view and part 2 explains it from the controller’s point of view. You will see a 1:1 mapping between part I and part 2 chapters and recipes to provide a clear demarcation of the operations and responsibilities of the switch and controller.

What this book covers

Chapter 1, OpenFlow Channel Connection Establishment

Part 1 describes the various steps and mechanisms involved in establishing an OpenFlow channel from the switch. An OpenFlow channel is used to exchange an OpenFlow message between the switch and the controller.

Part 2 shows the various steps and mechanisms involved for the controller to establish a channel to the switch. An OpenFlow channel is used to exchange OpenFlow messages between the switch and the controller.

Chapter 2, Symmetric Messages and Asynchronous Messages

Part 1 covers the list of symmetric and asynchronous messages sent and received by the OpenFlow switch, along with the procedure for handling these messages.

Part 2 contains the list of symmetric and asynchronous messages sent and received by the controller and the procedure for handling these messages.

Chapter 3, Flow Table and Flow Entry Modification Messages

Part 1 describes in detail the flow table, flow table entries, and procedures for handling flow table messages and flow entry messages, such as adding a new flow, deleting an existing flow, modifying a flow, and so on.

Part 2 demonstrates the procedure to modify the flow table; add, delete, and modify a flow entry in the flow table; and handle the response message from the switch.

Chapter 4, Group Table and Meter Table Modification Messages

Part 1 explains the group table and its entries, the meter table and its entries, and the procedure for handling group and meter modification messages, such as add, delete, modify, and so on.

Part 2 explains the procedure to add, delete, and modify the group and a meter entry, along with the procedure to handle response messages from the switch after sending these messages.

Chapter 5, Handling Multipart Statistics Messages

Part 1 covers multipart messages, in particular multipart statistic messages to get flow statistics, port statistics, group statistics, meter statistics, and so on. This chapter also contains the procedure required for handling multipart statistics messages.

Part 2 shows the procedure to get statistical information, such as flow statistics, port statistics, group statistics, meter statistics, and so on from the switch using multipart statistics messages, along with the procedure for handling response messages from the switch after sending these messages.

Chapter 6, Handling Multipart State Information Messages

Part 1 illustrates multipart messages, in particular multipart state information messages used to get the port description, table description, queue description, and so on, and the procedure for handling multipart state information messages in the switch.

Part 2 describes in detail the procedure for getting state information, such as the port description, table description, queue description, and so on from the switch using multipart state information messages. This chapter also covers the procedure for handling response messages from the switch after sending these messages.

Chapter 7, Handling Bundle Messages

Part 1 describes in detail bundle messages and the procedure required for handling them in switch, such as creating a bundle, opening a bundle, adding a message to a bundle, and so on.

Part 2 illustrates the controller procedure for creating a bundle, opening a bundle, adding a message to a bundle, and so on, along with the procedure for handling the response messages from the switch after sending the bundle messages.

Appendix, Common OpenFlow Headers, Structures, and Error Code, talks