An OpenFlow network implements separation between a data forwarding layer and a control layer, and includes a controller at the control layer and a switch at the forwarding layer, where the controller controls the switch by using the OpenFlow protocol, so as to implement centralized control of the entire network. Specifically, the controller sends a flow entry to the switch by using the OpenFlow protocol, where the sent flow entry includes a match field value and an action value, where the match field value may be a destination MAC address, an Ethernet type, and the like, and the action value may be information used to indicate that a data packet is forwarded through a specified port; the switch adds the received flow entry to a hardware flow table, so as to search, when receiving a data packet later, the hardware flow table for a flow entry that matches the data packet, and to process the data packet according to an action value in the found flow entry.
In the prior art, the hardware flow table is configured by using the following method:
The switch stores a one-to-one correspondence between an OpenFlow flow table (for example, table T0, table T1, and table T2) and the hardware flow table (for example, access control list (ACL) 1 and ACL 2) of the switch, to generate a flow table structure, where the generated flow table structure includes a flow table type of each OpenFlow flow table and a match field and an action that are supported by each OpenFlow flow table; the switch reports the generated flow table structure to the controller, where the match field and the action that are supported by each OpenFlow flow table include a match field and an action of a corresponding hardware flow table.
The flow entry sent by the controller is generated according to processing logic of the controller and the flow table structure reported by the switch, where the processing logic of the controller is: generating a flow entry of a specific table for a specific service. For example, flow entries of table T0 and table T1 are generated for service A, and a flow entry of table T2 is generated for service B.
When receiving a flow entry, sent by the controller, of a flow table or some flow tables, the switch stores, according to the correspondence, the flow entry in the hardware flow table corresponding to the OpenFlow flow table. For example, when the flow entry of table T0 is received, the flow entry is stored in list ACL 1, so as to implement a service supported by the hardware flow table.
For example, match fields in_port (ingress port), eth_type (Ethernet type), src_mac (source MAC address), and dst_mac (destination MAC address), and an action output (forwarding through a port) are required to implement service A. List ACL 1 includes the first three match fields, and list ACL 2 includes the last two match fields and the output action, which indicate that list ACL 1 and list ACL 2 support service A. The switch stores a correspondence between table T0 and list ACL 1 and a correspondence between table T1 and list ACL 2; correspondingly, generated match fields of table T0 also include the first three match fields, generated table T1 includes the last two match fields and the output action, and then table T0 and table T1 support service A. The processing logic of the controller is generating the flow entries of table T0 and table T1 for service A; therefore, a flow entry used for processing a packet of service A is delivered to the switch.
Generally, different types of switches have different hardware forwarding chips, and hardware flow tables used by different hardware forwarding chips to support a same service are also different. For example, in ASIC chip 1, service A is supported by ACL 1 and ACL 2; in ASIC chip 2, service A is supported by ACL 3. However, when the controller generates a flow entry, if table T0 and table T1 reported by the switch based on ASIC chip 1 include a match field and an action needed by service A, the controller sends the flow entries of table T0 and table T1 to the switch; if table T2 that is corresponding to ACL 3 and reported by the switch based on ASIC chip 2 meets the foregoing condition, but reported table T0 and table T1 cannot meet the foregoing condition, the controller cannot send, to the switch, a flow entry used for processing a packet of service A.
Apparently, if a switch based on ASIC chip 1 uses table T0 and table T1 to implement service A, a switch based on ASIC chip 2 uses table T2 to implement service A, and processing logic of a controller is generating flow entries of table T0 and table T1 for service A, the controller cannot generate or send a flow entry corresponding to service A when being connected to the switch based on ASIC chip 2; naturally, the switch based on ASIC chip 2 cannot configure a flow entry that processes service A, which causes that service A cannot be processed.
Processing logic of controllers manufactured by manufacturers is usually different, and hardware forwarding chips on which switches manufactured by manufacturers are based are also usually different; therefore, some service cannot be processed when a switch and a controller are connected, thereby causing a relatively high probability of failure in service processing.