2

I know it is possible to add or modify single flows of OpenFlow switches to decrement the TTL(IPv4) or the hop limit (IPv6).

I tested it with the floodlight controller and the following flow entry

ovs-ofctl -O OpenFlow13 add-flow s1 "priority=1,ip,in_port=2,dl_src=<src_mac>,dl_dst=<dst-mac>,nw_src=10.0.0.1,nw_dst=10.0.0.2 actions=dec_ttl,output:1"

But how can I do this for all UDP IPv6 packets passing a switch? I can not update all flows all the time.

I want to simulate the decrementing of the ttl/hoplimit like it is done in IP routers with SDN switches. The testbed I am using is build with Mininet and Open vSwitch switches running in kernel mode.

I don't want to write a whole SDN Controller and I also don't want to implement all flows by myself. I just want the switches to decrement the ttl/hop limit of every UDP IPv6 packet passing.

Simon Schürg
  • 2,134
  • 2
  • 20
  • 31
  • TTL is meant to be decremented at layer-3 hops (routers), not layer-2 hops (switches). I'm not sure why you would want to do this since you will be going against the IP standards which other devices and applications depend on. – Ron Maupin Feb 05 '16 at 13:38
  • I know that this should be done usally by layer 3 IP routers. But I need IPv6 unicast and multicast routing in a virtual testbed like Mininet to emulate a network with multiple hops. I tried it with IPv6 multicast routing daemons like MRD6 and XORP. But it seems not to work properly. To be precise I can't get the IPv6 multicast routing to work. IPv6 unicast works and IPv4 unicast and multicast with PIM-SD, too. The layer 2 switches just forward unicast and multicast with no problem. Because of that I am looking for a possibility to decrement ttl/hops of IP packets with OpenFlow switches. – Simon Schürg Feb 05 '16 at 16:33
  • The problem with using switches is that they only look at the layer-2 frame, but the TTL is in the layer-3 packet. Switches aren't meant to know or care about what the payload of the layer-2 frame (layer-3 packet) is since the layer-2 frames can carry any layer-3 protocol (IPX, IPv4, IPv6, etc). You are asking a switch to understand something it wasn't designed to understand. The TTL field is not located in the same place in IPv6 as in IPv4. – Ron Maupin Feb 05 '16 at 18:00
  • 1
    @RonMaupin Simon is asking about an OpenFlow switch and not a regular layer 2 switch. OpenFlow switches allow you to match and process packet fields from the layer 2 to the layer 4 (It also has support to ARP and some tag based protocols). – ederlf Feb 09 '16 at 17:04
  • Doing something like that will require the switch to understand every layer-3 protocol (IPX, IPv4, ICMP, AppleTalk, CLNP, IPv6, ICMPv6, etc.), and it will slow the switching to an unacceptable level for use in a real business environment and drive the CPU usage up since every frame will need to be software switched instead of hardware switched. – Ron Maupin Feb 09 '16 at 18:21
  • 1
    @RonMaupin OpenFlow enabled switches use the TCAM to match the fields of a flow, so it does not suffer from speed limitations (Although it suffers from limited TCAM space). The pipeline of the switch is not like the usual layer 2 switch. The problem, I think, here is the terminology. When OpenFlow emerged, the equipments were promptly called switches. Indeed, it causes confusion about its functionality. (And it reminds me of a [nice post](http://blog.ipspace.net/2011/02/how-did-we-ever-get-into-this-switching.html) about how bridging became switching). – ederlf Feb 09 '16 at 20:02
  • If I am a large telco using IS-IS as my routing protocol which uses CLNP for the layer-3 transport, your OpenFlow switch will understand that and know how to use the TCAM for CLNP packets? – Ron Maupin Feb 09 '16 at 20:06
  • 1
    It will not. OpenFlow switches are aimed for Software Defined Networking (SDN), i.e the switch requires an external controller running an application on top of it, in order to do anything. The idea is to split the traditional switch/router control plane software to an external controller. It is said it enables programmability, global view of the network, automation and a lot of other market terms... and, since you can build your own apps, you do not need to rely on your vendor to update the firmware (or worst, you need to buy a new box) for a new feature. – ederlf Feb 09 '16 at 20:35
  • ps: I am not advocating here in favor of SDN, while it is one of my research areas, there is a lot of hype and misunderstanding about it. – ederlf Feb 09 '16 at 20:35

1 Answers1

3

You can use a flow to match only on UDP packets as follows:

$ sudo ovs-ofctl -O OpenFlow13 add-flow s1 "priority=1,dl_type=0x86DD,nw_proto=17 actions=dec_ttl"

You can see in the output of dump-flow that it will match udp on ipv6 packets:

$ sudo ovs-ofctl  dump-flows s1 -O OpenFlow13
cookie=0x0, duration=4.103s, table=0, n_packets=0, n_bytes=0, priority=1,udp6 actions=dec_ttl
ederlf
  • 262
  • 1
  • 3
  • 13