OpenFlow is a

communications protocol A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any variation of a physical quantity. The protocol defines the rules, syntax, semantics (computer science), sem ...

that gives access to the

forwarding plane In routing, the data plane, sometimes called the forwarding plane or user plane, defines the part of the router architecture that decides what to do with packets arriving on an inbound interface. Most commonly, it refers to a table in which the ...

of a

network switch A network switch (also called switching hub, bridging hub, Ethernet switch, and, by the IEEE, MAC bridge) is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destinat ...

or router over the network.

Description

OpenFlow enables network controllers to determine the path of network packets across a network of switches. The controllers are distinct from the switches. This separation of the control from the forwarding allows for more sophisticated traffic management than is feasible using

access control list In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object or facility). An ACL specifies which users or system processes are granted access to resources, as well as what operations are ...

s (ACLs) and routing protocols. Also, OpenFlow allows switches from different vendors — often each with their own proprietary interfaces and scripting languages — to be managed remotely using a single, open protocol. The protocol's inventors consider OpenFlow an enabler of

software-defined networking Software-defined networking (SDN) is an approach to network management that uses abstraction to enable dynamic and programmatically efficient network configuration to create grouping and segmentation while improving network performance and monit ...

(SDN). OpenFlow allows remote administration of a

layer 3 In the seven-layer OSI model of computer networking, the network layer is layer 3. The network layer is responsible for packet forwarding including routing through intermediate routers. Functions The network layer provides the means of transf ...

switch's packet forwarding tables, by adding, modifying and removing packet matching rules and actions. This way, routing decisions can be made periodically or ''ad hoc'' by the controller and translated into rules and actions with a configurable lifespan, which are then deployed to a switch's flow table, leaving the actual forwarding of matched packets to the switch at wire speed for the duration of those rules. Packets which are unmatched by the switch can be forwarded to the controller. The controller can then decide to modify existing flow table rules on one or more switches or to deploy new rules, to prevent a structural flow of traffic between switch and controller. It could even decide to forward the traffic itself, provided that it has told the switch to forward entire packets instead of just their header. The OpenFlow protocol is layered on top of the

Transmission Control Protocol The Transmission Control Protocol (TCP) is one of the main communications protocol, protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, th ...

(TCP) and prescribes the use of

Transport Layer Security Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over ...

(TLS). Controllers should listen on TCP port 6653 for switches that want to set up a connection. Earlier versions of the OpenFlow protocol unofficially used port 6633. Some network

control plane In network routing, the control plane is the part of the router architecture that is concerned with establishing the network topology, or the information in a routing table that defines what to do with incoming packets. Control plane functions, ...

implementations use the protocol to manage the network forwarding elements. OpenFlow is mainly used between the switch and controller on a secure channel.

History

The Open Networking Foundation (ONF), a user-led organization dedicated to promotion and adoption of

(SDN), manages the OpenFlow standard. ONF defines OpenFlow as the first standard communications interface defined between the control and forwarding layers of an SDN architecture. OpenFlow allows direct access to and manipulation of the forwarding plane of network devices such as switches and routers, both physical and virtual (hypervisor-based). It is the absence of an open interface to the forwarding plane that has led to the characterization of today's networking devices as monolithic, closed, and mainframe-like. A protocol like OpenFlow is needed to move network control out of proprietary network switches and into control software that's open source and locally managed. A number of network switch and router vendors announced intent to support or are shipping supported switches for OpenFlow, including

Alcatel-Lucent Alcatel-Lucent S.A. () was a multinational telecommunications equipment company, headquartered in Boulogne-Billancourt, Paris, France. The company focused on Fixed line telephone, fixed, Mobile phone, mobile and telecommunications convergence, ...

, Big Switch Networks, Brocade Communications, and Radisys.

Development

Version 1.1 of the OpenFlow protocol was released on 28 February 2011, and new development of the standard was managed by the ONF. In December 2011, the ONF board approved OpenFlow version 1.2 and published it in February 2012. The current version of OpenFlow is 1.5.1. However, version 1.6 has been available since September 2016, but accessible only to ONF's members. In May 2011, Marvell and Larch Networks announced the availability of an OpenFlow-enabled, fully featured switching solution based on Marvell's networking control stack and the Prestera family of packet processors.

Indiana University Indiana University (IU) is a state university system, system of Public university, public universities in the U.S. state of Indiana. The system has two core campuses, five regional campuses, and two regional centers under the administration o ...

in May 2011 launched a SDN Interoperability Lab in conjunction with the ONF to test how well different vendors' software-defined networking and OpenFlow products work together. In June 2012, Infoblox released LINC, an open-source OpenFlow version 1.2 and 1.3 compliant software switch. In February 2012, Big Switch Networks released Project Floodlight, an Apache-licensed

open-source software Open-source software (OSS) is Software, computer software that is released under a Open-source license, license in which the copyright holder grants users the rights to use, study, change, and Software distribution, distribute the software an ...

OpenFlow Controller, and announced its OpenFlow-based SDN Suite in November of that year, which contains a commercial controller, and virtual switching and tap monitoring applications. In February 2012, HP said it is supporting the standard on 16 of its Ethernet switch products. In April 2012,

Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...

Urs Hölzle Urs Hölzle (; born 1964) is a Swiss-American software engineer and technology executive. As Google's eighth employee and its first VP of Engineering, he has shaped much of Google's development processes and infrastructure, as well as its enginee ...

described how the company's internal network had been completely re-designed over the previous two years to run under OpenFlow with substantial efficiency improvement. In January 2013,

NEC is a Japanese multinational information technology and electronics corporation, headquartered at the NEC Supertower in Minato, Tokyo, Japan. It provides IT and network solutions, including cloud computing, artificial intelligence (AI), Inte ...

unveiled a virtual switch for

Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...

Windows Server 2012 Windows Server 2012, codenamed "Windows Server 8", is the ninth major version of the Windows NT operating system produced by Microsoft to be released under the Windows Server brand name. It is the server version of Windows based on Windows ...

Hyper-V Hyper-V is a native hypervisor developed by Microsoft; it can create virtual machines on x86-64 systems running Windows. It is included in Pro and Enterprise editions of Windows (since Windows 8) as an optional feature to be manually enabled. A ...

hypervisor A hypervisor, also known as a virtual machine monitor (VMM) or virtualizer, is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called ...

, which is designed to bring OpenFlow-based software-defined networking and network virtualisation to those Microsoft environments.

Security concerns

* Covert communications *

Denial of service In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host co ...

* Man-in-the middle attack * Potential single point of attack and failure * Programming and Communication Channel Issues (w.r.t. security) - OpenFlow Deployment Experience

References

External links

* {{official website, https://www.opennetworking.org/sdn-resources/openflow/ Network protocols