Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Understanding OpenFlow Operation and Forwarding Actions on Devices Running Junos OS

 

This topic explains how Juniper Networks devices isolate and control OpenFlow traffic. It also summarizes the OpenFlow features and supported forwarding actions, which are actions that OpenFlow can take when a packet matches the terms of a flow entry. For detailed information about support for specific OpenFlow v1.0 messages and fields, match conditions, wildcards, flow actions, statistics, and features, see OpenFlow v1.0 Compliance Matrix for Devices Running Junos OS. For a detailed list of supported OpenFlow v1.3.1 messages and fields, port structure flags and numbering, match conditions, flow actions, multipart messages, flow instructions, and group types, see OpenFlow v1.3.1 Compliance Matrix for Devices Running Junos OS.

OpenFlow Operation and Support

To isolate and control OpenFlow traffic on devices running Junos OS, you configure virtual switches. You can configure one OpenFlow virtual switch and one active OpenFlow controller on each device running Junos OS that supports OpenFlow. You configure the OpenFlow protocol, virtual switch, and controller connection information at the [edit protocols openflow] hierarchy level.

OpenFlow traffic can either enter or exit only OpenFlow-enabled ports. If a flow modification message is sent to an ingress port that is not enabled for OpenFlow, the device sends an ofp_error_msg with an OFPET_FLOW_MOD_FAILED error type and OFPFMFC_UNKNOWN code to the controller. If a flow modification action is requested for a port that is not enabled for OpenFlow, the device sends an ofp_error_msg with an OFPET_BAD_ACTION error type and OFPBAC_BAD_OUT_PORT code to the controller.

Table 1 summarizes the general feature support on devices running Junos OS that support OpenFlow v1.0. For information about support on specific platforms, see OpenFlow Support on Juniper Networks Devices.

Table 1: OpenFlow v1.0 Support on Devices Running Junos OS

Feature

Support

OpenFlow v1.0

Supported.

OpenFlow virtual switch

One OpenFlow virtual switch.

Controller

One active OpenFlow controller per virtual switch. Tested controllers include Floodlight and OESS.

Controller connection

TCP/IP connection. Only passive connections are accepted. The controller cannot actively connect to the OpenFlow switch.

SSL connections are not supported.

Emergency mode

Not supported as defined in OpenFlow Switch Specification v1.0. If the controller connection is lost and cannot be reestablished, the switch maintains all flow states in the control and data planes.

Flow classification and mapping as a Layer 2 or Layer 3 route

Not supported.

Flow priority

Supported as per OpenFlow Switch Specification v1.3 in which there is no prioritization of exact match entries over wildcard entries.

Flow table

Single flow table.

Forwarding actions

  • Forward to an OpenFlow-enabled physical port

  • ALL, CONTROLLER, NORMAL, and FLOOD for normal flow actions

  • ALL and FLOOD for Send Packet flow actions

Note: The QFX5100 and EX4600 switches do not support NORMAL for normal flow actions.

Hybrid interfaces

Supported on some devices. OpenFlow-enabled devices that support hybrid interfaces permit a physical interface to concurrently support logical interfaces for normal traffic and logical interfaces for OpenFlow traffic.

Interfaces

You can configure Ethernet interfaces only as OpenFlow interfaces.

Multi-VLAN actions

Supported on some devices. OpenFlow-enabled devices that support multi-VLAN actions have the ability to associate a different VLAN and different VLAN action with each egress port.

Port modification

Not supported. OpenFlow-enabled devices ignore all OpenFlow controller OFPT_PORT_MOD requests.

Queues, queue messages, or enqueue actions

Not supported.

Table 2 summarizes the general feature support on devices running Junos OS that support OpenFlow v1.3.1. For information about support on specific platforms, see OpenFlow Support on Juniper Networks Devices.

Table 2: OpenFlow v1.3.1 Support on Devices Running Junos OS

Feature

Support

OpenFlow v1.3.1

Supported.

OpenFlow virtual switch

One OpenFlow virtual switch.

Controller

One active OpenFlow controller per virtual switch. Tested controllers include NEC and Ixia.

Controller connection

TCP/IP connection. Only passive connections are accepted. The controller cannot actively connect to the OpenFlow switch.

SSL connections are not supported.

Flow classification and mapping as a Layer 2 or Layer 3 route

Not supported.

Flow priority

Supported as per OpenFlow Switch Specification v1.3 in which there is no prioritization of exact match entries over wildcard entries.

Flow instructions

For each flow entry, one flow instruction is supported. A flow instruction can be one of the following:

  • OFPIT_APPLY_ACTIONS

  • OFPIT_WRITE_ACTIONS

Flow table

Single flow table.

Forwarding actions

  • Forward to an OpenFlow-enabled physical port.

  • ALL, CONTROLLER, NORMAL, and FLOOD for normal flow actions

  • ALL and FLOOD for Send Packet flow actions

Note: The QFX5100 and EX4600 switches do not support NORMAL for normal flow actions.

Group action

Supported. A group can include 1 through 32 buckets, and a bucket can have a set of actions (set, pop, or output).

Group types OFPGT_ALL and OFPGT_INDIRECT are supported.

Interfaces

You can configure Ethernet interfaces only as OpenFlow interfaces.

IPv6-related match conditions

Supported on some devices. Starting with Junos OS Release 14.2R3, IPv6 source and destination addresses and subnet masks can be used as match conditions.

Note: The Junos OS implementation of OpenFlow v1.3.1 does not support arbitrary bit masks for IPv6 addresses. The Junos OS implementation supports only continuous masks for IPv6 source and destination addresses.

Multi-VLAN actions

Supported on some devices. OpenFlow-enabled devices that support multi-VLAN actions have the ability to associate a different VLAN and different VLAN action with each egress port.

Multipart messages

Supported for requesting and returning the following information:

  • Switch, group, or port descriptions

  • Single-flow, aggregate-flow, flow table, port, or group statistics

  • Group or table features

OpenFlow version negotiation

Supported for OpenFlow version negotiation between an OpenFlow controller and a device running Junos OS.

Port modification

Not supported. OpenFlow-enabled devices ignore all OpenFlow controller OFPT_PORT_MOD requests.

Queues, queue messages, or enqueue actions

Not supported.

OpenFlow Forwarding Actions

Note

The information in this section applies to both OpenFlow v1.0 and OpenFlow v1.3.1 except where noted.

OpenFlow-enabled devices running Junos OS support several flow actions for forwarding OpenFlow packets. For normal flow actions, the following forwarding actions are supported:

  • physical port—Forward unicast or multicast packets out the specified OpenFlow-enabled interfaces.

  • ALL—Flood the packet out all OpenFlow interfaces configured for that virtual switch instance except the ingress interface.

  • CONTROLLER—Send the packet to the OpenFlow controller for processing.

  • FLOOD—Flood the packet along the minimum spanning tree, which includes all OpenFlow interfaces configured for that virtual switch instance except the ingress interface and any interfaces that are disabled by the Spanning Tree Protocol (STP). Because devices running Junos OS do not support 802.1D STP capabilities for OpenFlow, the FLOOD forwarding action behaves like the ALL forwarding action.

  • NORMAL—Process the packet, using traditional Layer 2 or Layer 3 processing.

Note

The QFX5100 and EX4600 switches do not support NORMAL for normal flow actions.

The OpenFlow controller can also use a Send Packet message (OFPT_PACKET_OUT) to direct the OpenFlow virtual switch to send a packet out of a specified port. The Send Packet message includes the packet to be forwarded and the forwarding action indicating the interface out of which the packet must be forwarded. Supported forwarding actions for the Send Packet message include ALL and FLOOD.

Each OpenFlow virtual switch is a logically separate flood domain. Therefore, the OpenFlow ALL and FLOOD actions flood packets only out OpenFlow interfaces configured under that specific virtual switch excluding the ingress OpenFlow interface.

Release History Table
Release
Description
Starting with Junos OS Release 14.2R3, IPv6 source and destination addresses and subnet masks can be used as match conditions.