This document discusses OpenFlow protocols, including OpenFlow switch and controller communication. It describes the different OpenFlow message types - controller-to-switch messages which manage switch state, asynchronous messages from switch to controller about network events, and symmetric messages that can be sent in either direction. It provides packet structure examples and discusses how OpenFlow channels are used to exchange messages over TLS or TCP. The document explains that switches can communicate with a single or multiple controllers for reliability.

1. NDI Communications - Engineering & Training
Software Defined Networking (SDN)
Chapter 3 – OpenFlow Protocols

2. Page 2
Chapter Content
Operation
Messages
Packet Structure
Switch Protocol
Features

3. Page 3
Controller
OpenFlow Usage
OpenFlow
Switch
OpenFlow
Switch
OpenFlow
Switch
Alice’s code
Decision?
OpenFlow
Protocol
Alice’s Rule
Alice’s Rule Alice’s Rule

4. Page 4
Controller
Communication in OpenFlow Network
Flow Table:
Match Field Action
empty empty
Host 1
MAC address
08-00-20-3A-00-4F
OpenFlow
Switch
Src: 08-00-20-3A-00-4F
Dst: 08-00-2A-0B-FE-FD
21
Packet-in: unmatched frame
with MAC 08-00-2A-0B-FE-FD
Packet-out: flood on all ports
except ingress port
Host 2
MAC address
08-00-2A-0B-FE-FD
MAC table:
MAC address Ingress port
08-00-20-3A-00-4F 1

5. Page 5
Communication in OpenFlow Network
Flow Table:
Match Field Action
Src: 08-00-2A-0B-FE-FD
Dst: 08-00-20-3A-00-4F
Forward on
port 1
Src: 08-00-20-3A-00-4F
Dst: 08-00-2A-0B-FE-FD
Forward on
port 2
Host 1
MAC address
08-00-20-3A-00-4F
OpenFlow
Switch
Controller
21
Packet-in: unmatched frame with
MAC 08-00-20-3A-00-4F
Packet-out: forward on port 1
MAC table:
MAC address Ingress port
08-00-20-3A-00-4F 1
08-00-2A-0B-FE-FD 2
Host 2
MAC address
08-00-2A-0B-FE-FD
Match Action
Src: 08-00-2A-0B-FE-FD
Dst: 08-00-20-3A-00-4F
Forward on
port 1
Match Action
Src: 08-00-20-3A-00-4F
Dst: 08-00-2A-0B-FE-FD
Forward on
port 2 Src: 08-00-2A-0B-FE-FD
Dst: 08-00-20-3A-00-4F
Flow-mod messages:

6. Page 6
Chapter Content
Operation
Messages
Packet Structure
Switch Protocol
Features

7. Page 7
Controller/Switch Messages
The OpenFlow switch protocol supports three message types:
controller-to-switch, asynchronous, and symmetric, each with
multiple sub-types.
Controller-to-switch messages are initiated by the controller and
used to directly manage or inspect the state of the switch.
Asynchronous messages are initiated by the switch and used to
update the controller of network events and changes to the switch
state.
Symmetric messages are initiated by either the switch or the
controller and sent without solicitation.

8. Page 8
Controller to Switch Messages
Controller to switch messages are initiated by the controller and may or may not require a
response from the switch.
Features: The controller may request the identity and the basic capabilities of a switch by sending a
features request
Configuration: The controller is able to set and query configuration parameters in the switch.
Modify-State: Modify-State messages are sent by the controller to manage state on the switches.
Read-State: Read-State messages are used by the controller to collect various information from the
switch, such as current configuration, statistics and capabilities.
Packet-out: These are used by the controller to send packets out of a specified port on the switch, and
to forward packets received via Packet-in messages.
Barrier: Barrier request/reply messages are used by the controller to ensure message dependencies have
been met or to receive notifications for completed operations.
Role-Request: Role-Request messages are used by the controller to set the role of its OpenFlow channel,
or query that role.
Asynchronous-Configuration: The Asynchronous-Configuration messages are used by the controller to set
an additional filter on the asynchronous messages that it wants to receive on its OpenFlow channel, or to
query that filter.

9. Page 9
Asynchronous Messages
Messages initiated by the switch, and sent to the controller:
Packet-in: Transfer the control of a packet to the controller.
Flow-Removed: Inform the controller about the removal of a flow
entry from a flow table.
Port-status: Inform the controller of a change on a port.
Error: The switch is able to notify controllers of problems using
error messages.

10. Page 10
Symmetric Messages
Symmetric messages are sent without solicitation, in either
direction.
Hello: Hello messages are exchanged between the switch and
controller upon connection startup.
Echo: Echo request/reply messages can be sent from either the
switch or the controller, and must return an echo reply.
Experimenter: Experimenter messages provide a standard way for
OpenFlow switches to offer additional functionality within the
OpenFlow message type space.

11. Page 11
OpenFlow Channel Connections
The OpenFlow channel is used to exchange OpenFlow message
between an OpenFlow switch and an OpenFlow controller.
A typical OpenFlow controller manages multiple OpenFlow
channels, each one to a different OpenFlow switch.
An OpenFlow switch may have one OpenFlow channel to a single
controller, or multiple channels for reliability, each to a
different controller.
The OpenFlow channel is usually instantiated as a single network
connection between the switch and the controller, using TLS or
plain TCP.

12. Page 12
Chapter Content
Operation
Messages
Packet Structure
Switch Protocol
Features
12

13. Page 13
Packet Example – Features Request/Reply
Message sent by the
controller on session
establishment
Message sent back
from the switch to
the controller

14. Page 14
Packet Example – Packet In / packet Out

15. Page 15
Packet Example – Port Statistics

16. Page 16
Packet Example – Port Modification

17. Page 17
Security
The switch and controller may communicate through a TLS
connection.
The TLS connection is initiated by the switch on startup to the
controller, which is listening either on a user-specified TCP port
or on the default TCP port 6653 .
The switch and controller mutually authenticate by exchanging
certificates signed by a site-specific private key.
The switch and controller may optionally communicate using plain
TCP.

18. Page 18
Multiple Controllers
The switch may establish communication with a single controller,
or may establish communication with multiple controllers.
Having multiple controllers improves reliability, as the switch
can continue to operate in OpenFlow mode if one controller or
controller connection fails.
The hand-over between controllers is entirely managed by the
controllers themselves, which enables fast recovery from failure
and also controller load balancing.
The controllers coordinate the management of the switch
amongst themselves via mechanisms outside the scope of the
present specification

19. Page 19
Summary
Yoram Orzach
yoram@ndi-com.com
Thank You!!!
Coming soon LIVE on our NEW
e-Learning portal