OpenFlowPlugin Project

New Features

  • No new feature is being introduced in Neon release.

Improvements

Neon release contains the following improvements:

  • Blueprint improvements (moving to annotations from xml, Blueprint xml cleanup).

  • Code cleanup (related to guava, jdk deprecated features).

  • Migration from md-sal deprecated APIs (Entity Ownership Service APIs).

  • Documentation improvements.

  • Multiple Bug fixes.

odl-openflowjava-protocol

  • Feature URL: JAVA Protocol

  • Feature Description: OpenFlow protocol implementation.

  • Top Level: Yes

  • User Facing: No

  • Experimental: No

  • CSIT Test: JAVA CSIT

odl-openflowplugin-app-config-pusher

  • Feature URL: Config Pusher

  • Feature Description: Pushes node configuration changes to OpenFlow device.

  • Top Level: Yes

  • User Facing: No

  • Experimental: No

  • CSIT Test: Pusher CSIT

odl-openflowplugin-app-forwardingrules-manager

  • Feature URL: Forwarding Rules Manager

  • Feature Description: Sends changes in config datastore to OpenFlow device incrementally. forwardingrules-manager can be replaced with forwardingrules-sync and vice versa.

  • Top Level: Yes

  • User Facing: No

  • Experimental: No

  • CSIT Test: FR Manager CSIT

odl-openflowplugin-app-forwardingrules-sync

  • Feature URL: Forwarding Rules Sync

  • Feature Description: Sends changes in config datastore to OpenFlow devices taking previous state in account and doing diffs between previous and new state. forwardingrules-sync can be replaced with forwardingrules-manager and vice versa.

  • Top Level: Yes

  • User Facing: No

  • Experimental: Yes

  • CSIT Test: FR Sync CSIT

odl-openflowplugin-app-table-miss-enforcer

  • Feature URL: Miss Enforcer

  • Feature Description: Sends table miss flows to OpenFlow device when it connects.

  • Top Level: Yes

  • User Facing: No

  • Experimental: No

  • CSIT Test: Enforcer CSIT

odl-openflowplugin-app-topology

  • Feature URL: App Topology

  • Feature Description: Discovers topology of connected OpenFlow devices. It a wrapper feature that loads the following features:

    • odl-openflowplugin-app-lldp-speaker

    • odl-openflowplugin-app-topology-lldp-discovery

    • odl-openflowplugin-app-topology-manager).

  • Top Level: Yes

  • User Facing: No

  • Experimental: No

  • CSIT Test: App Topology CSIT

odl-openflowplugin-app-lldp-speaker

  • Feature URL: LLDP Speaker

  • Feature Description: Send periodic LLDP packets on all the ports of all the connected OpenFlow devices.

  • Top Level: Yes

  • User Facing: No

  • Experimental: No

  • CSIT Test: LLDP Speaker CSIT

odl-openflowplugin-app-topology-lldp-discovery

  • Feature URL: LLDP Discovery

  • Feature Description: Receives the LLDP packet sent by LLDP speaker service and generate the link information and publish to the downstream services looking for link notifications.

  • Top Level: Yes

  • User Facing: No

  • Experimental: No

  • CSIT Test: LLDP Discovery CSIT

odl-openflowplugin-app-topology-manager

  • Feature URL: Topology Manager

  • Feature Description: Listen to the link added/removed notification and node connect/disconnection notification and update the link information in the OpenFlow topology.

  • Top Level: Yes

  • User Facing: No

  • Experimental: No

  • CSIT Test: Topology Manager CSIT

odl-openflowplugin-nxm-extensions

  • Feature URL: NXM Extensions

  • Feature Description: Support for OpenFlow Nicira Extensions.

  • Top Level: Yes

  • User Facing: Yes

  • Experimental: No

  • CSIT Test: NXM Extensions CSIT

odl-openflowplugin-onf-extensions

  • Feature URL: ONF Extensions

  • Feature Description: Support for Open Networking Foundation Extensions.

  • Top Level: Yes

  • User Facing: Yes

  • Experimental: Yes

  • CSIT Test: No

odl-openflowplugin-flow-services

  • Feature URL: Flow Services

  • Feature Description: Wrapper feature for standard applications.

  • Top Level: Yes

  • User Facing: Yes

  • Experimental: No

  • CSIT Test: Flow Services CSIT

odl-openflowplugin-flow-services-rest

odl-openflowplugin-flow-services-ui

  • Feature URL: Serices UI

  • Feature Description: Wrapper + REST interface + UI.

  • Top Level: Yes

  • User Facing: Yes

  • Experimental: No

  • CSIT Test: Flow Services UI CSIT

odl-openflowplugin-nsf-model

  • Feature URL: NSF Model

  • Feature Description: OpenFlowPlugin YANG models.

  • Top Level: Yes

  • User Facing: No

  • Experimental: No

  • CSIT Test: NSF CSIT

odl-openflowplugin-southbound

  • Feature URL: Southbound

  • Feature Description: Southbound API implementation.

  • Top Level: Yes

  • User Facing: No

  • Experimental: No

  • CSIT Test: Southbound CSIT

Documentation

Security Considerations

  • Do you have any external interfaces other than RESTCONF?

    • Yes, OpenFlow devices

  • Other security issues?

    • Insecure OpenFlowPlugin <–> OpenFlow device connections

    • Topology spoofing: non-authenticated LLDP packets to detect links between switches that makes it vulnerable to a number of attacks, one of which is topology spoofing. The problem is that all controllers we have tested set chassisSubtype value to the MAC address of the local port of the switch, which makes it easy for an adversary to spoof that switch since controllers use that MAC address as a unique identifier of the switch. By intercepting clear LLDP packets containing MAC addresses, a malicious switch can spoof other switches to falsify the controller’s topology graph.

    • DoS: An adversary switch could generate LLDP flood resulting in bringing down the openflow network

    • Refer to DoS attack when the switch rejects to receive packets from the controller: DoS Attacks

Quality Assurance

Migration

  • Is it possible to migrate from the previous release? If so, how?

    • Yes, API’s from Fluorine release are supported in Neon release.

Compatibility

  • Is this release compatible with the previous release? Yes

Bugs Fixed

List of bugs fixed since the previous release.

Known Issues

  • List key known issues with workarounds:

    • In case of heavy load, multiple devices (40+) are connected and user is trying to install 100K+ flows, devices sometime proactive disconnect because controller is not able to response to echo request because of the heavy load. To workaround this issue, set the echo time interval in switch to high value (30 seconds).

  • Open Bugs

End-of-life

  • List of features/APIs that were EOLed, deprecated, and/or removed from this release.

    • None

Standards

OpenFlow versions:

Release Mechanics