Supported Platforms
Related Documentation
Understanding OpenFlow Operation and Forwarding Actions on Devices Running Junos OS
This topic summarizes the OpenFlow features and forwarding actions supported on devices running Junos OS. For detailed information about support for specific OpenFlow v1.0 messages and fields, match conditions, wildcards, flow actions, statistics, and features, see OpenFlow v1.0 Compliance Matrix for Devices Running Junos OS.
OpenFlow Operation and Support
To isolate and control OpenFlow traffic on devices running Junos OS, you configure virtual switches. You can configure one OpenFlow virtual switch and one active OpenFlow controller on each device running Junos OS that supports OpenFlow. You configure the OpenFlow protocol, virtual switch, and controller connection information at the [edit protocols openflow] hierarchy level.
OpenFlow traffic can only enter or exit from OpenFlow-enabled ports. If a flow modification message is sent to an ingress port that is not enabled for OpenFlow, the device sends an ofp_error_msg with an OFPET_FLOW_MOD_FAILED error type and OFPFMFC_UNSUPPORTED code to the controller. If a flow modification action is requested for a port that is not enabled for OpenFlow, the device sends an ofp_error_msg with an OFPET_BAD_ACTION error type and OFPBAC_BAD_OUT_PORT code to the controller.
Table 1 summarizes the general features supported on devices running Junos OS that support OpenFlow. For information about support on specific platforms, see OpenFlow Support on Devices Running Junos OS.
Table 1: OpenFlow Support on Devices Running Junos OS
Feature | Support |
|---|---|
OpenFlow v1.0 | Supported. |
OpenFlow virtual switch | 1 OpenFlow virtual switch. |
Controller | 1 active OpenFlow controller per virtual switch. Tested controllers include Floodlight and OESS. |
Controller connection | TCP/IP connection. Only passive connections are accepted. The controller cannot actively connect to the OpenFlow switch. SSL connections are not supported. |
Emergency mode | Not supported as defined in OpenFlow Switch Specification v1.0. If the controller connection is lost and cannot be reestablished, the switch deletes normal flow entries, and after 30 seconds, purges flow entries that are installed in hardware. |
Flow classification and mapping as a Layer 2 or Layer 3 route | Not supported. |
Flow priority | Supported as per OpenFlow Switch Specification v1.3 in which there is no prioritization of exact match entries over wildcard entries. |
Flow table | Single flow table. |
Forwarding actions |
|
Hybrid interfaces | Supported on some devices. OpenFlow-enabled devices that support hybrid interfaces permit a physical interface to concurrently support logical interfaces for normal traffic and logical interfaces for OpenFlow traffic. |
Interfaces | You can only configure Ethernet interfaces as OpenFlow interfaces. |
Multi-VLAN actions | Supported on some devices. OpenFlow-enabled devices that support multi-VLAN actions have the ability to associate a different VLAN and different VLAN action with each egress port. |
Port modification | Not supported. OpenFlow-enabled devices ignore all OpenFlow controller OFPT_PORT_MOD requests. |
Queues, queue messages, or enqueue actions | Not supported. |
OpenFlow Forwarding Actions
OpenFlow-enabled devices running Junos OS support several flow actions for forwarding OpenFlow packets. For normal flow actions, the following forwarding actions are supported:
- physical port—Forward unicast or multicast packets out the specified OpenFlow-enabled interfaces.
- ALL—Flood the packet out all OpenFlow interfaces configured for that virtual switch instance except the ingress interface.
- CONTROLLER—Send the packet to the OpenFlow controller for processing.
- FLOOD—Flood the packet along the minimum spanning tree, which includes all OpenFlow interfaces configured for that virtual switch instance except the ingress interface and any interfaces that are disabled by the Spanning Tree Protocol (STP). Because devices running Junos OS do not support 802.1D STP capabilities for OpenFlow, the FLOOD forwarding action behaves like the ALL forwarding action.
- NORMAL—Process the packet using traditional Layer 2 or Layer 3 processing.
The OpenFlow controller can also use a Send Packet message (OFPT_PACKET_OUT) to direct the OpenFlow virtual switch to send a packet out of a specified port. The Send Packet message includes the packet to be forwarded and the forwarding action indicating the interface out of which the packet must be forwarded. Supported forwarding actions for the Send Packet message include ALL and FLOOD.
Each OpenFlow virtual switch is a logically separate flood domain. Therefore, the OpenFlow ALL and FLOOD actions only flood packets out OpenFlow interfaces configured under that specific virtual switch excluding the ingress OpenFlow interface.
