An OPENFLOW network includes an OPENFLOW switch, an OPENFLOW controller, and a virtual switch FlowVisor. The OPENFLOW switch performs forwarding at a data layer, the virtual switch virtualizes the OPENFLOW network, and the OPENFLOW controller performs centralized control on the OPENFLOW network. The OPENFLOW switch and the corresponding OPENFLOW controller perform message exchange through a secure channel and the virtual switch can intercept a message on the secure channel.
A specific process of performing data packet forwarding on the OPENFLOW network is as follows. The OPENFLOW switch searches for a flow entry in a stored multi-flow table when the OPENFLOW switch receives a data packet, the OPENFLOW switch forwards the data packet according to the flow entry when the data packet can match one flow entry in the table, the OPENFLOW switch creates a reporting data packet PacketIn and reports the PacketIn to the corresponding OPENFLOW controller through the secure channel when the data packet cannot match any flow entry. The OPENFLOW controller determines a forwarding action of the data packet according to the PacketIn, and delivers a new flow entry to the OPENFLOW switch using the FlowVisor. The OPENFLOW switch forwards the data packet according to the flow entry delivered by the OPENFLOW controller. The virtual switch FlowVisor, as a proxy OPENFLOW controller, may also perform segmentation on a network, that is, the virtual switch performs segmentation on the OPENFLOW switch and the OPENFLOW controller according to a configuration policy, and performs interception, modification, and forwarding operations on an OPENFLOW message according to a built-in policy. The OPENFLOW controller is allowed to control only a flow within a policy scope of the OPENFLOW controller.
In an actual application, an aging mechanism is further configured on an OPENFLOW network, that is, in an OPENFLOW switch, to save flow entry resources, the OPENFLOW switch deletes a flow entry when the flow entry is not hit by a data packet within a long time.
The prior art has at least the following problem. A secure channel is the only channel between an OPENFLOW controller and an OPENFLOW switch. When the OPENFLOW switch deletes some flow entries according to an aging mechanism, and when the secure channel between the OPENFLOW controller and the corresponding OPENFLOW switch is faulty, subsequently received data packets corresponding to these flow entries cannot be forwarded, and consequently, the OPENFLOW switch loses a data exchange function.