2
votes

I know it is possible to add or modify single flows of OpenFlow switches to decrement the TTL(IPv4) or the hop limit (IPv6).

I tested it with the floodlight controller and the following flow entry

ovs-ofctl -O OpenFlow13 add-flow s1 "priority=1,ip,in_port=2,dl_src=<src_mac>,dl_dst=<dst-mac>,nw_src=10.0.0.1,nw_dst=10.0.0.2 actions=dec_ttl,output:1"

But how can I do this for all UDP IPv6 packets passing a switch? I can not update all flows all the time.

I want to simulate the decrementing of the ttl/hoplimit like it is done in IP routers with SDN switches. The testbed I am using is build with Mininet and Open vSwitch switches running in kernel mode.

I don't want to write a whole SDN Controller and I also don't want to implement all flows by myself. I just want the switches to decrement the ttl/hop limit of every UDP IPv6 packet passing.

1
TTL is meant to be decremented at layer-3 hops (routers), not layer-2 hops (switches). I'm not sure why you would want to do this since you will be going against the IP standards which other devices and applications depend on.Ron Maupin
I know that this should be done usally by layer 3 IP routers. But I need IPv6 unicast and multicast routing in a virtual testbed like Mininet to emulate a network with multiple hops. I tried it with IPv6 multicast routing daemons like MRD6 and XORP. But it seems not to work properly. To be precise I can't get the IPv6 multicast routing to work. IPv6 unicast works and IPv4 unicast and multicast with PIM-SD, too. The layer 2 switches just forward unicast and multicast with no problem. Because of that I am looking for a possibility to decrement ttl/hops of IP packets with OpenFlow switches.Simon Schürg
@RonMaupin Simon is asking about an OpenFlow switch and not a regular layer 2 switch. OpenFlow switches allow you to match and process packet fields from the layer 2 to the layer 4 (It also has support to ARP and some tag based protocols).ederlf
@RonMaupin OpenFlow enabled switches use the TCAM to match the fields of a flow, so it does not suffer from speed limitations (Although it suffers from limited TCAM space). The pipeline of the switch is not like the usual layer 2 switch. The problem, I think, here is the terminology. When OpenFlow emerged, the equipments were promptly called switches. Indeed, it causes confusion about its functionality. (And it reminds me of a nice post about how bridging became switching).ederlf
It will not. OpenFlow switches are aimed for Software Defined Networking (SDN), i.e the switch requires an external controller running an application on top of it, in order to do anything. The idea is to split the traditional switch/router control plane software to an external controller. It is said it enables programmability, global view of the network, automation and a lot of other market terms... and, since you can build your own apps, you do not need to rely on your vendor to update the firmware (or worst, you need to buy a new box) for a new feature.ederlf

1 Answers

3
votes

You can use a flow to match only on UDP packets as follows:

$ sudo ovs-ofctl -O OpenFlow13 add-flow s1 "priority=1,dl_type=0x86DD,nw_proto=17 actions=dec_ttl"

You can see in the output of dump-flow that it will match udp on ipv6 packets:

$ sudo ovs-ofctl  dump-flows s1 -O OpenFlow13
cookie=0x0, duration=4.103s, table=0, n_packets=0, n_bytes=0, priority=1,udp6 actions=dec_ttl