OpenFlowPlugin Project

New Features

  • No new feature is being introduced in Neon release.

Improvements

Neon release contains the following improvements * Blueprint improvements (moving to annotations from xml, Blueprint xml cleanup) * Code cleanup (related to guava, jdk deprecated features) * Migration from md-sal deprecated APIs (Entity Ownership Service API’s) * Documentation improvements * Multiple Bug fixes

odl-openflowjava-protocol

odl-openflowplugin-app-config-pusher

odl-openflowplugin-app-forwardingrules-manager

odl-openflowplugin-app-forwardingrules-sync

odl-openflowplugin-app-table-miss-enforcer

odl-openflowplugin-app-topology

odl-openflowplugin-app-lldp-speaker

odl-openflowplugin-app-topology-lldp-discovery

odl-openflowplugin-app-topology-manager

odl-openflowplugin-onf-extensions

odl-openflowplugin-flow-services

odl-openflowplugin-flow-services-rest

odl-openflowplugin-flow-services-ui

odl-openflowplugin-nsf-model

odl-openflowplugin-southbound

Documentation

Security Considerations

  • Do you have any external interfaces other than RESTCONF? Yes, OpenFlow devices
  • Other security issues?
    • Insecure OpenFlowPlugin <–> OpenFlow device connections
    • Topology spoofing: non authenticated LLDP packets to detect links between switches which makes it vulnerable to a number of attacks, one of which is topology spoofing The problem is that all controllers we have tested set chassisSubtype value to the MAC address of the local port of the switch, which makes it easy for an adversary to spoof that switch since controllers use that MAC address as a unique identifier of the switch. By intercepting clear LLDP packets containing MAC addresses, a malicious switch can spoof other switches to falsify the controller’s topology graph.
    • DoS: an adversary switch could generate LLDP flood resulting in bringing down the openflow network
    • DoS attack when the switch rejects to receive packets from the controller

Quality Assurance

Migration

  • Is it possible to migrate from the previous release? If so, how?

    Yes, API’s from Fluorine release are supported in Neon release.

Compatibility

  • Is this release compatible with the previous release? Yes

Known Issues

  • List key known issues with workarounds: In case of heavy load, multiple devices (40+) are connected and user is trying to install 100K+ flows, devices sometime proactive disconnect because controller is not able to response to echo request because of the heavy load. To workaround this issue, it’s recommended that user set the echo time interval in switch to high value (30 seconds).
  • Link to Open Bugs

End-of-life

  • List of features/APIs which are EOLed, deprecated, and/or removed in this release: None

Standards

OpenFlow versions:

Release Mechanics