Openflow is a networking communications protocol which separates the control and data planes of packet processing, enabling simpler and more efficient high speed data plane processing, and allowing the control processing of entire networks to be centralized under the control of a single software program. It is one of the enablers of Software Defined Networking. It is a stated goal of Software Defined Networking (SDN) to increase the flexibility and programmability of networks allowing users to more easily tailor networks to their needs.
Briefly, Openflow (OF) defines an Openflow switch to contain a series of associative flow tables. Each entry in a table contains ternary values (0, 1, or dont-care for each bit) for a desired selection of packet fields, such as MAC source and destination addresses, IP source and destination addresses, TCP port numbers, etc. Openflow defines a number of standardized packet header fields for matching as well as allowing users to add their own custom fields. Table entries are in prioritized order, and for each individual packet processed by the Openflow switch, the table entries are searched in order for a matching entry. Note that table entries can have ternary values (don't-care for some or all bits) to match a broad selection of packets. When the first table match is found, a set of actions associated with that table entry is executed. These may modify fields of the packet, for example, by setting the MAC destination field to a new value, they may direct the Openflow switch to output the packet to a particular switch port in a particular queue, or send it to the Openflow software controller, or drop the packet. It is generally intended that when the existing flow tables don't know how to handle a packet, it is sent to the controller, which may respond by installing rules on the switch to properly process similar packets. This accomplishes the goal of control and data plane separation by having the Openflow controller software make the decisions concerning what flow tables to install, whereas the switch simply follows the directives of the controller instead of making complex behavioral decisions on its own.
In general, Openflow is defined to be able to flexibly match against packets, and directed by the matches, perform a comprehensive set of actions to modify the packet and decide what to do with it. This is done with a number of tables which operate on the packet sequentially.
When a packet enters a network switching device, it may be considered to be in one of two categories, depending on the number of destinations it is sent to by the device. Unicast packets are sent out one port to a single destination, whereas multicast packets are sent to multiple destinations. These multiple destinations may each get differently modified copies of the packet, and may be sent out different output ports. The process of sending multicast packets to multiple destinations, potentially each with a separately modified copy of the packet, is known in the industry as multicasting.
Another feature of Openflow is Openflow groups. There are several group types, but the ALL group is one of interest. The actions taken as a result of a match can include a group. A group is a container containing a number of buckets, where each bucket in turn is a set of actions. This set of actions is similar to the actions executed by any table match, so this in general defines a recursive capability, where instead of doing just a single set of actions, there are multiple sets of actions. Groups can even be contained within groups by being in the actions of any group bucket. In the ALL group, each bucket is executed on a separately created copy of the packet. Each action in that bucket is executed on that bucket's copy of the packet. It is typically then output to a particular switch port into a specific queue, as directed by its actions. Each bucket may output to a different switch port. The end result of an ALL group is to produce a number of copies of a packet, each separately modified, and each potentially sent to a different destination port and queue.
Openflow ALL groups implement multicasting; the sending of a packet from one input port source to multiple output port destinations. Multicasting is a common and important function of switches. Multiple buckets may also send their own copies of the packet to the same output port; there is no requirement that each copy go do a different output port. So in general, as a result of ALL group processing, the packet may send multiple separately modified copies of the packet to each of several output ports.
Another group type, fast failover, chooses the first bucket of the group which is associated with a live port. If a switch has the capability to detect when links to its neighbors are inoperative, and respond by marking them as not live, then failover groups immediately respond by sending packets to an alternative destination. This improves the responsiveness of OF switches to the hardware failures which inevitably occur in large systems.
There are other OF group types. The select group chooses one of the several buckets to execute (instead of all of them in an ALL group). The choice of which bucket is outside of the definition of OF, but it is commonly done as a pseudorandom choice made by hashing on different packet header fields. So packets with different headers will randomly go to different destinations, while packets with identical headers will always go to the same destination together. In the example of a switch processing multiple video streams, each of which is its own flow with a specific set of values for its header fields, different flows would be pseudorandomly routed to different destinations, while all members of any flow would always go to the same destination. This feature is used to implement Equal Cost Multipath (ECMP), which gangs together several paths to achieve higher total bandwidth, with packets from different flows randomly assigned to each path to distribute the workload among the paths. It is desired that packets from the same flow be routed to the same destination, so that at the final destination packets arrive in order.