Understanding OpenFlow Operation and Forwarding Actions on Devices Running Junos OS
This topic explains how Juniper Networks devices isolate and control OpenFlow traffic. It also summarizes the OpenFlow features and supported forwarding actions, which are actions that OpenFlow can take when a packet matches the terms of a flow entry. For detailed information about support for specific OpenFlow v1.0 messages and fields, match conditions, wildcards, flow actions, statistics, and features, see OpenFlow v1.0 Compliance Matrix for Devices Running Junos OS. For a detailed list of supported OpenFlow v1.3.1 messages and fields, port structure flags and numbering, match conditions, flow actions, multipart messages, flow instructions, and group types, see OpenFlow v1.3.1 Compliance Matrix for Devices Running Junos OS.
OpenFlow Operation and Support
To isolate and control OpenFlow traffic on devices running Junos
OS, you configure virtual switches. You can configure one OpenFlow
virtual switch and one active OpenFlow controller on each device running
Junos OS that supports OpenFlow. You configure the OpenFlow protocol,
virtual switch, and controller connection information at the [edit protocols openflow] hierarchy level.
OpenFlow traffic can either enter or exit only OpenFlow-enabled ports. If a flow modification message is sent to an ingress port that is not enabled for OpenFlow, the device sends an ofp_error_msg with an OFPET_FLOW_MOD_FAILED error type and OFPFMFC_UNKNOWN code to the controller. If a flow modification action is requested for a port that is not enabled for OpenFlow, the device sends an ofp_error_msg with an OFPET_BAD_ACTION error type and OFPBAC_BAD_OUT_PORT code to the controller.
Table 1 summarizes the general feature support on devices running Junos OS that support OpenFlow v1.0. For information about support on specific platforms, see OpenFlow Support on Juniper Networks Devices.
Feature |
Support |
|---|---|
OpenFlow v1.0 |
Supported. |
OpenFlow virtual switch |
One OpenFlow virtual switch. |
Controller |
One active OpenFlow controller per virtual switch. Tested controllers include Floodlight and OESS. |
Controller connection |
TCP/IP connection. Only passive connections are accepted. The controller cannot actively connect to the OpenFlow switch. SSL connections are not supported. |
Emergency mode |
Not supported as defined in OpenFlow Switch Specification v1.0. If the controller connection is lost and cannot be reestablished, the switch maintains all flow states in the control and data planes. |
Flow classification and mapping as a Layer 2 or Layer 3 route |
Not supported. |
Flow priority |
Supported as per OpenFlow Switch Specification v1.3 in which there is no prioritization of exact match entries over wildcard entries. |
Flow table |
Single flow table. |
Forwarding actions |
Note:
The QFX5100 and EX4600 switches do not support NORMAL for normal flow actions. |
Hybrid interfaces |
Supported on some devices. OpenFlow-enabled devices that support hybrid interfaces permit a physical interface to concurrently support logical interfaces for normal traffic and logical interfaces for OpenFlow traffic. |
Interfaces |
You can configure Ethernet interfaces only as OpenFlow interfaces. |
Multi-VLAN actions |
Supported on some devices. OpenFlow-enabled devices that support multi-VLAN actions have the ability to associate a different VLAN and different VLAN action with each egress port. |
Port modification |
Not supported. OpenFlow-enabled devices ignore all OpenFlow controller OFPT_PORT_MOD requests. |
Queues, queue messages, or enqueue actions |
Not supported. |
Table 2 summarizes the general feature support on devices running Junos OS that support OpenFlow v1.3.1. For information about support on specific platforms, see OpenFlow Support on Juniper Networks Devices.
Feature |
Support |
|---|---|
OpenFlow v1.3.1 |
Supported. |
OpenFlow virtual switch |
One OpenFlow virtual switch. |
Controller |
One active OpenFlow controller per virtual switch. Tested controllers include NEC and Ixia. |
Controller connection |
TCP/IP connection. Only passive connections are accepted. The controller cannot actively connect to the OpenFlow switch. SSL connections are not supported. |
Flow classification and mapping as a Layer 2 or Layer 3 route |
Not supported. |
Flow priority |
Supported as per OpenFlow Switch Specification v1.3 in which there is no prioritization of exact match entries over wildcard entries. |
Flow instructions |
For each flow entry, one flow instruction is supported. A flow instruction can be one of the following:
|
Flow table |
Single flow table. |
Forwarding actions |
Note:
The QFX5100 and EX4600 switches do not support NORMAL for normal flow actions. |
Group action |
Supported. A group can include 1 through 32 buckets, and a bucket can have a set of actions (set, pop, or output). Group types OFPGT_ALL and OFPGT_INDIRECT are supported. |
Interfaces |
You can configure Ethernet interfaces only as OpenFlow interfaces. |
IPv6-related match conditions |
Supported on some devices. Starting with Junos OS Release 14.2R3, IPv6 source and destination addresses and subnet masks can be used as match conditions. Note:
The Junos OS implementation of OpenFlow v1.3.1 does not support arbitrary bit masks for IPv6 addresses. The Junos OS implementation supports only continuous masks for IPv6 source and destination addresses. |
Multi-VLAN actions |
Supported on some devices. OpenFlow-enabled devices that support multi-VLAN actions have the ability to associate a different VLAN and different VLAN action with each egress port. |
Multipart messages |
Supported for requesting and returning the following information:
|
OpenFlow version negotiation |
Supported for OpenFlow version negotiation between an OpenFlow controller and a device running Junos OS. |
Port modification |
Not supported. OpenFlow-enabled devices ignore all OpenFlow controller OFPT_PORT_MOD requests. |
Queues, queue messages, or enqueue actions |
Not supported. |
OpenFlow Forwarding Actions
The information in this section applies to both OpenFlow v1.0 and OpenFlow v1.3.1 except where noted.
OpenFlow-enabled devices running Junos OS support several flow actions for forwarding OpenFlow packets. For normal flow actions, the following forwarding actions are supported:
physical port—Forward unicast or multicast packets out the specified OpenFlow-enabled interfaces.
ALL—Flood the packet out all OpenFlow interfaces configured for that virtual switch instance except the ingress interface.
CONTROLLER—Send the packet to the OpenFlow controller for processing.
FLOOD—Flood the packet along the minimum spanning tree, which includes all OpenFlow interfaces configured for that virtual switch instance except the ingress interface and any interfaces that are disabled by the Spanning Tree Protocol (STP). Because devices running Junos OS do not support 802.1D STP capabilities for OpenFlow, the FLOOD forwarding action behaves like the ALL forwarding action.
NORMAL—Process the packet, using traditional Layer 2 or Layer 3 processing.
The QFX5100 and EX4600 switches do not support NORMAL for normal flow actions.
The OpenFlow controller can also use a Send Packet message (OFPT_PACKET_OUT) to direct the OpenFlow virtual switch to send a packet out of a specified port. The Send Packet message includes the packet to be forwarded and the forwarding action indicating the interface out of which the packet must be forwarded. Supported forwarding actions for the Send Packet message include ALL and FLOOD.
Each OpenFlow virtual switch is a logically separate flood domain. Therefore, the OpenFlow ALL and FLOOD actions flood packets only out OpenFlow interfaces configured under that specific virtual switch excluding the ingress OpenFlow interface.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.