Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Understanding OpenFlow Flow Entry Timers on Devices Running Junos OS

OpenFlow Flow Entry Timer Overview

For each logical interface participating in OpenFlow on a device running Junos OS, a single filter is created and applied to the logical interface in the input direction. OpenFlow flows are mapped to the filter as filter terms. Each flow has a number of timers associated with it, some of which are configured through the OpenFlow controller while others are configured through the Junos OS CLI. OpenFlow flow entry timers include the idle timeout, the hard timeout, and the purge flow timer. Table 1 summarizes the various OpenFlow flow timers. EX4550 switches do not support idle timeout.

Table 1: OpenFlow Flow Entry Timers

Timer

Configured Through

Range (Seconds)

Idle timeout

Controller

0, 11 through 65,535

Hard timeout

Controller

0 through 65,535

Purge flow timer

Junos OS CLI by using the purge-flow-timer configuration statement

0 through 300

Idle Timeout and Hard Timeout

Each flow entry has an idle timeout and a hard timeout associated with it, both of which are configured through the OpenFlow controller. The idle timeout is the number of seconds after which a flow entry is removed from the flow table and the hardware provided because no packets match it. The hard timeout is the number of seconds after which the flow entry is removed from the flow table and the hardware whether or not packets match it.

If a flow entry has both an idle timer and a hard timer associated with it, the first timer to expire causes the flow entry to be removed. If the idle timer expires first, the flow entry is removed at that point only if there are no matching packets. Otherwise, the flow entry is removed when the hard timer expires.

When the controller sends a flow entry modification message (OFPT_FLOW_MOD) to the switch, it specifies the idle timeout and hard timeout for that flow entry. On devices running Junos OS, the idle timeout value can be 0, or it can range from 11 through 65,535 seconds. If the controller sets the idle timeout to 0, the flow entry does not experience an idle time out. The hard timeout value can range from 0 through 65,535 seconds. If the controller sets the hard timeout to 0, the flow entry does not experience a hard time out. If the controller requests an invalid timeout value, the switch rejects the flow modification message and sends an error message back to the controller.

Purge Flow Timer

On devices running Junos OS, you can configure a purge flow timer, which is the number of seconds after which an invalid OpenFlow flow entry is deleted from the flow table. The purge-flow-timer statement is configured through the Junos OS CLI at the [edit protocols openflow switch switch-name] hierarchy level. The purge-flow-timer value is specific to the OpenFlow virtual switch under which it is configured, and it is the same for all flow entries associated with that virtual switch.

If you do not configure the purge-flow-timer statement, the device purges invalid flow entries from hardware, but indefinitely retains the corresponding flow entries in the flow table on the Routing Engine. If you configure the purge-flow-timer statement, the device purges invalid flow entries from hardware, and after the specified number of seconds, deletes the invalid flow entries from the flow table. Configuring a value of 0 causes the device to immediately delete invalid flow entries from the flow table.

For example, consider the case of an OpenFlow logical interface that becomes temporarily unavailable. When the interface becomes unavailable, flow entries that have the logical interface as the matching ingress interface or as the only active egress interface in their action set (for OpenFlow v1.0) or flow instruction (for OpenFlow v1.3.1) are marked as invalid. Although the logical interface is not available, the flow entries could still be valid. The purge-flow-timer configuration statement determines how to handle the flow entries.

In this example, if you do not configure the purge-flow-timer statement, then when the logical interface becomes unavailable, the device removes the invalid flow entries from the hardware but indefinitely retains the flow entries in the flow table. If the logical interface later becomes available, the flow entries are reinstalled in the hardware without any controller intervention.

On the other hand, if you configure the purge-flow-timer statement, then when the logical interface becomes unavailable, the device removes the flow entries from the hardware, and retains the flow entries in the flow table for the configured number of purge-flow-timer seconds. If the interface does not become available and the timer expires, the device deletes the flow entries from the flow table. After the interface comes back up, the OpenFlow controller must send new flow entry modification messages to the OpenFlow switch in order to restore the flow entries to the flow table and to the hardware.

Note:

By default, if you remove an active OpenFlow logical interface from an existing OpenFlow configuration, flow entries that match on this logical interface as the ingress interface and flow entries that include this logical interface as the only active egress interface in their action list or flow instruction are invalid and are automatically purged from the flow table and from the hardware regardless of whether you configure the purge-flow-timer statement.

Related Documentation