文档详细内容(约75页)
6/19/2021FlowTableEntriesMatchFieldsActionsCountersV.Packetcounter·Byte counter.DurationForwardtoportForwardtocontrollerModify fieldPush/popVLANVLANVLANIPIPDestIPEthSrcSroDestSro0cMPLSIDECNIPIPTCPMACMACDSCPTCPportTypeprioprotoAato unlbaver 2 (MAC) SwitchingLayer3 (IP)RoutingEngineering3131Flow-BasedActionsMutoan- Lod-balancing+.RedundancExamplesofActionsWaypointsMeddlebaERLA ATAnytypeofnetworkpathpossibleYOuprogramit!Aalto Universitychool of ElectricalEno323216
6/19/2021 16 31 Flow Table Entries Match Fields Actions Counters • Packet counter • Byte counter • Duration • Forward to port • Forward to controller • Modify field • Push/pop VLAN In port Src MAC Dest MAC Eth Type VLAN ID VLAN prio IP DSCP Src IP Dest IP Src TCP Dest TCP MPLS IP ECN IP proto Layer 2 (MAC) Switching Layer 3 (IP) Routing 32 Flow-Based Actions Examples of Actions Multicast Waypoints • Middleboxes: FW, LB, NAT, IDS, . 2. 4. 1. Unicast Multipath • Load-balancing • Redundancy 3. Any type of network path possible, YOU program it! 31 32
6/19/2021InstructionsEachflowentrycontainsasetof instructionsthatareexecutedwhenapacketmatchestheentryTheinstructionsresultinchangestothepacket,actionFendhighesFlow Tablelowertryprioritysetand/orpipelineprocessing.Sowertymatchingfowerteynoivinstecbor1W:Thesetof instructionscanincludeacombinationofPthefollowinginstructions:Meic Apply-Actions (actions): Apply a set of actions on theloweriryFlomatching packet.abilemissClear-actionsActlonTableow.entry-empty action setSetGoto-table+Write-actions Clear-Actions: Clears all the actions in the currentrable-id)(set of actions)action set immediately.Pipeline-meroein actoes8Apply-actionsFields(lst of actions)modify,pocker Write-Actions (actions): Merges the specified set of+apoate math feltsEandactions into the currentaction set.PacketupoatepelefeitsneadeAcion-foctotorgropfeldsSetclvnenaoke Goto-Table (next-table-id): Indicates the next table intheprocessingpipelinePacket cionesEcress·Theinstructionsofthesetareexecutedintheorderspecified bythis above list.Aalto UniversityAtricaEngineering3333Action setsEachingresspacketreceivedbytheOpenFlowswitchisassociatedwithanactionset.Findhighestow ernyFlowTablepriorityhowerrymatchindlowentryonfvinstctong.The action set is empty at the beginning ofthe ingressprocessing.MatloweyFokDATSClear-actionsActionlowertryTabl:Amatchedflowentry canmodify an (add/remove-epty actoe sstSetGoto-tableWrte-acionsactions)action setusing Clear-Actions andWrite-(rable-id)(set of actions)Actionsinstructions.Pipelinemeoenactoe.seApply-actionsFields[list of actions]modify pockerTheactionsetiscarriedbetweenflowtables*undstemotch feltsExtractPacketCeupohte ppsline feianesdeAction-foutputor grupfieldsSetdoneppackerWhentheinstructionsetofamatchedflowentrydoesnotcontain a Goto-Table instruction,pipelinePacket cones,Egessprocessingstops andtheactions intheresultingactionsetofthepacketareexecuted.Aalto Universitychool of Electrical343417
6/19/2021 17 • Each flow entry contains a set of instructions that are executed when a packet matches the entry. • The instructions result in changes to the packet, action set and/or pipeline processing. • The set of instructions can include a combination of the following instructions : ❑ Apply-Actions {actions}: Apply a set of actions on the matching packet. ❑ Clear-Actions: Clears all the actions in the current action set immediately. ❑ Write-Actions {actions}: Merges the specified set of actions into the current action set. ❑ Goto-Table {next-table-id}: Indicates the next table in the processing pipeline. • The instructions of the set are executed in the order specified by this above list. Instructions 33 • Each ingress packet received by the OpenFlow switch is associated with an action set. • The action set is empty at the beginning of the ingress processing. • A matched flow entry can modify an (add/remove actions) action set using Clear-Actions and WriteActions instructions. • The action set is carried between flow tables. • When the instruction set of a matched flow entry does not contain a Goto-Table instruction, pipeline processing stops and the actions in the resulting action set of the packet are executed. Action sets 34 33 34
6/19/2021Actions (1/2)Anactionsetcontainacombinationofthefollowingactions:Find highesFlow TablelowertryprioritySowertymatchingfowerteyOutput(portno):TheOutputactionforwardsapacketnoivinstecbor1WtoaspecifiedOpenFlowportwhereitstartsegressMatcprocessing.loweriryFloabilemissClear-actions Group (group_id): Process the packet through theActlonTableow.entry-empty action setactions defined in the action bucket(s)of the specifiedSetGoto-table+Write-actionsgroup iD defined in the group tablerable-id)(set of actions)Pipeline-meroein acfoe9Apply-actions Set-Queuefgueue idl:The set-gueueaction setstheFields(lst of actions)queue id fora packetWhen the packet is forwarded tomodify pockera port using the output action, thequeueid determines+upoete matoh feltEandwhichqueueattachedtothisportisusedforPacket-upoate pelee feltsheaderAcionschedulingandforwardingthepacket.Forwarding-fopdorgropfeldsbehaviorisdictated bythe configurationofthequeueSetclvnenaokeandisusedtoprovidebasicQuality-of-Service(QoS)support.Packet clonesEcressAaltoUniversityEngineering3535Actions (2/2)Anactionsetcontainaacombinationofthefollowingactions:Findhighestow ernyFlowTablepriorityhowerrymatchindlowentryMeter (meter_id):Directthepackettothe specifiedAoplyinstructionsmeterforratecontrollingpurposes.MatloweyPush-Tag/Pop-Tag (ethertype):Push/Pop tagsAFlonbiemisClear-actions(headers) associated with PBB,MPLS, VLANActionlowertryTabl-epty actoe sstprotocols.SetGoto-tableWrte-acionsrable-id)(set of actions)Set-Field (fiold_type,value):Modify thevalues ofPipelinemeroenactoe.seApply-actionsrespectiveheaderfieldsinthepacket.Fields[list of actions]modify pocker*undstemotch feltsExtractCopy-Field (src_field_type,dst_field_type):UsedtoPacketExecupohte ppsline feiahesdatcopydatafromaheaderfieldtoapacketregisterAction-foutputor grupfeldspipelinefield orfromapacketregisterpipelinefieldtoSetclonepackeraheaderfield,and insomecasesfromaheaderfieldto another headerfield.Pecte donesEges Change-TTL (ttf]:Modifythevalues of theIPv4TTL,IPv6HopLimitorMPLSTTLinthepacket.PBBProviderBackboneBridgesAalto Universitychool of ElectricalMPLS Multi-Protocol Label Switching363618
6/19/2021 18 • An action set contain a combination of the following actions: ❑ Output {port_no}: The Output action forwards a packet to a specified OpenFlow port where it starts egress processing. ❑ Group {group_id}: Process the packet through the actions defined in the action bucket(s) of the specified group ID defined in the group table . ❑ Set-Queue {queue_id}: The set-queue action sets the queue id for a packet. When the packet is forwarded to a port using the output action, the queue id determines which queue attached to this port is used for scheduling and forwarding the packet. Forwarding behavior is dictated by the configuration of the queue and is used to provide basic Quality-of-Service (QoS) support. Actions (1/2) 35 • An action set contain a combination of the following actions: ❑ Meter {meter_id}: Direct the packet to the specified meter for rate controlling purposes. ❑ Push-Tag/Pop-Tag {ethertype}: Push/Pop tags (headers) associated with PBB, MPLS, VLAN protocols. ❑ Set-Field {field_type, value}: Modify the values of respective header fields in the packet. ❑ Copy-Field {src_field_type, dst_field_type}: Used to copy data from a header field to a packet register pipeline field or from a packet register pipeline field to a header field, and in some cases from a header field to another header field. ❑ Change-TTL {ttl}: Modify the values of the IPv4 TTL, IPv6 Hop Limit or MPLS TTL in the packet. Actions (2/2) 36 PBB Provider Backbone Bridges MPLS Multi-Protocol Label Switching 35 36
6/19/2021FlowTableEntryExamples1SwitchingEthVLANreDestIPInSrcDestSrcDestActionsMACIDTCPMACTypeprotoTCPport:..*..00:1f...."Forward to port 5IPEthVLANProDestSrcDest1SrcDestActionsIPMACIDTCPTCPMACTypeprotoport654330800121.2.3.4 2.3.4.58000.2e....00.1f....Forward to port 7EthVLANrDestIPInSrcDestSrcDestActionsIPMACMACIDTCPTCPTypeprotoport.*.*.6220800DropAalto UnlversltyrEngineering3737FlowTableEntryExamples2EthVLANrCDestIPSCPDestInSrcDestActionsTMACIDIPTCPMACTypeprotoport.:...08002.3.4.5*Forward to port 44VLANDestIPSrcEthSrSrcDestInDestActionsTCPMACMACIDIPTCPTypeprotoport...:.12*00:1....*Forward to ports 2,3,6IPEthVLANSreDestPCPDestinSrcDestActionsMACTCPMACIDIPTypeprotoport.*.608001.2.3.45432Rewrite src IP to9.9.9.9RewritesrcTCPto2345Aalto UniversityForward to port 23chool of Electricaln38@TarikTALEB20203819
6/19/2021 19 37 Flow Table Entry Examples 1 In port Src MAC Dest MAC Eth Type VLAN ID Src IP Dest IP Src TCP Dest TCP IP proto Actions Switching * * 00:1f:. * * * * * * * Forward to port 5 In port Src MAC Dest MAC Eth Type VLAN ID Src IP Dest IP Src TCP Dest TCP IP proto Actions Flow Switching 3 00:2e:.00:1f:. 0800 12 1.2.3.4 2.3.4.5 6 543 80 Forward to port 7 In port Src MAC Dest MAC Eth Type VLAN ID Src IP Dest IP Src TCP Dest TCP IP proto Actions Firewalling * * * 0800 * * * 6 * 22 Drop 38 Flow Table Entry Examples 2 In port Src MAC Dest MAC Eth Type VLAN ID Src IP Dest IP Src TCP Dest TCP IP proto Actions Routing * * * 0800 * * 2.3.4.5 * * * Forward to port 44 In port Src MAC Dest MAC Eth Type VLAN ID Src IP Dest IP Src TCP Dest TCP IP proto Actions VLAN Switching * * 00:1f:. * 12 * * * * * Forward to ports 2,3,6 In port Src MAC Dest MAC Eth Type VLAN ID Src IP Dest IP Src TCP Dest TCP IP proto Actions NAT * * * 0800 * 1.2.3.4 * 6 5432 * Rewrite src IP to 9.9.9.9 Rewrite src TCP to 2345 Forward to port 23 © Tarik TALEB 2020 37 38
6/19/2021HowDoesitWork?AnExampleController (lntelligence)6.7.IlovethisThe video stream follows the set-up pathvideo !!without bothering the controller any moreThisway please4.Oops,anewflow.Which pathshould it take?2Requeststreaming6.the videoStreamingthevideNetworkwithOpenFlowswitchesContent StoreAalto UniversityEngineering4141AcloserlookatinteractionwithcontrollerFlow-MODMatch&MaskPacket-INPacket-OUTBuffer ID =250BufferID=250Buffer ID=250IdleTimeout=20orSYN(port80)SYN (port 80)Hard Timeout=60Action=Forwardport4Action=Forwardport4Priority =5000SYN80)2(port80)SYN(portFAalto Universitychool of ElectricalSource:https://ww-youtube.com/watch?v=l25Ukkmk6Sk424220
6/19/2021 20 41 How Does it Work? An Example Network with OpenFlow switches Content Store I wanna see this great video 1. Controller (Intelligence) Start streaming the video 3. Request streaming the video 2. Oops, a new flow. Which path should it take? 4. This way please 5. Streaming the video 6. The video stream follows the set-up path without bothering the controller any more 6. I love this video !! 7. A closer look at interaction with controller 42 Source: https://www.youtube.com/watch?v=l25Ukkmk6Sk Packet-IN Buffer ID = 250 SYN (port 80) Packet-OUT Buffer ID = 250 SYN (port 80) Action = Forward port 4 or Flow-MOD Match &Mask Buffer ID = 250 Idle Timeout = 20 Hard Timeout = 60 Action = Forward port 4 Priority = 5000 41 42
