Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding the Virtual Switch Connection to the OpenFlow Controller on Devices Running Junos OS

On devices running Juniper Networks Junos operating system (Junos OS), each OpenFlow virtual switch establishes an independent connection with the controller and is represented by a unique runtime datapath ID consisting of the management port MAC address and an internally assigned virtual switch ID. The controller and virtual switch connect to each other using a TCP/IP connection on the management plane. Thus, OpenFlow-enabled devices that are managed by a controller must be connected to the management network (for example, connected using the me0, fxp0, em0, or em1 management port) and must be reachable from the controller IP address.

Upon establishing a connection with the controller, the switch and the controller exchange hello messages that specify the latest OpenFlow protocol version supported by the sender. If the first packet received by the switch is not an OFPT_HELLO message, the switch terminates the connection and attempts to establish a new connection with the controller. Additionally, if the controller and the switch negotiate an OpenFlow protocol version that one of the parties does not support, the connection is terminated with an error message indicating an OFPET_HELLO_FAILED error type and an OFPHFC_INCOMPATIBLE code.

The session is established when the switch and controller successfully exchange Hello messages and negotiate the OpenFlow protocol version. After establishing the session, the controller sends the switch a feature request message requesting the capabilities supported by the switch. The switch responds with a feature reply message, which includes the local MAC address in the virtual switch datapath ID field. If the local MAC address is unavailable, the switch terminates the connection.

After establishing the session, the controller and virtual switch exchange echo request and reply messages as a keepalive mechanism. The keepalive timer is reset if the virtual switch or controller receives either an echo reply or a packet. Echo requests are sent every 10 seconds during idle windows in the absence of other messages. If the switch receives no echo reply or other message from the controller for 120 seconds, the connection is considered lost, and the switch attempts to reestablish the connection for 10 seconds. If the connection cannot be established, the switch enters emergency mode as defined in the OpenFlow v1.3 specification. In emergency mode, the switch deletes normal flow entries, and after 30 seconds, purges flow entries that are installed in hardware.

If at any point after the session is established the recipient receives an OpenFlow message that specifies the wrong OpenFlow version, the recipient responds with an error message indicating an OFPET_BAD_REQUEST type and OFPBRC_BAD_VERSION code. If the switch cannot process the version and type of an OpenFlow packet in the TCP buffer, or if the switch fails sending OpenFlow messages to the controller, the switch terminates the connection.

Modifying, deleting, or deactivating the virtual switch configuration also impacts the connection to the controller. If you modify an existing virtual switch configuration, the virtual switch terminates the existing connection to the controller and establishes a new session with the updated configuration information. If you delete or deactivate an existing virtual switch configuration, the virtual switch automatically disconnects from the controller.

To summarize, the switch disconnects from the controller under the following circumstances:

  • The first packet the switch receives from the controller is not a hello message.

  • The switch receives a hello message with an unsupported OpenFlow version.

  • The local MAC address is not available for inclusion in the feature reply message.

  • The switch receives no echo reply or other message from the controller for 120 seconds.

  • The existing virtual switch configuration is deleted or deactivated.

  • The existing virtual switch configuration is modified. In this case, after disconnecting from the controller, the switch attempts to establish a new connection and session.

  • The switch cannot process the version and type of an OpenFlow packet in the TCP buffer.

  • The switch fails to send OpenFlow messages to the controller, which is treated as a dead TCP socket connection.

Related Documentation