поля заголовка протокола в OpenFlow и Open vSwitch (protocol header fields in OpenFlow and Open vSwitch)
LAYER 3: IPV4 AND IPV6 FIELDS
Summary:
Name Bytes Mask RW? Prereqs NXM/OXM Support
────────────────────── ──────────────── ───── ──── ────────── ─────────────────────
ip_src
aka nw_src
4 yes yes IPv4 OF 1.2+ and OVS 1.1+
ip_dst
aka nw_dst
4 yes yes IPv4 OF 1.2+ and OVS 1.1+
ipv6_src
16 yes yes IPv6 OF 1.2+ and OVS 1.1+
ipv6_dst
16 yes yes IPv6 OF 1.2+ and OVS 1.1+
ipv6_label
4 (low 20 bits) yes yes IPv6 OF 1.2+ and OVS 1.4+
nw_proto
aka ip_proto
1 no no IPv4/IPv6 OF 1.2+ and OVS 1.1+
nw_ttl
1 no yes IPv4/IPv6 OVS 1.4+
ip_frag
aka nw_frag
1 (low 2 bits) yes no IPv4/IPv6 OVS 1.3+
nw_tos
1 no yes IPv4/IPv6 OVS 1.1+
ip_dscp
1 (low 6 bits) no yes IPv4/IPv6 OF 1.2+ and OVS 1.7+
nw_ecn
aka ip_ecn
1 (low 2 bits) no yes IPv4/IPv6 OF 1.2+ and OVS 1.4+
IPv4 Specific Fields
These fields are applicable only to IPv4 flows, that is, flows
that match on the IPv4 Ethertype 0x0800
.
IPv4 Source Address Field
Name: ip_src
(aka nw_src
)
Width: 32 bits
Format: IPv4
Masking: arbitrary bitwise masks
Prerequisites: IPv4
Access: read/write
OpenFlow 1.0: yes (CIDR match only)
OpenFlow 1.1: yes
OXM: OXM_OF_IPV4_SRC
(11) since OpenFlow 1.2 and Open
vSwitch 1.7
NXM: NXM_OF_IP_SRC
(7) since Open vSwitch 1.1
The source address from the IPv4 header:
Ethernet IPv4
<-----------> <--------------->
48 48 16 8 32 32
+---+---+-----+ +---+-----+---+---+
|dst|src|type | |...|proto|src|dst| ...
+---+---+-----+ +---+-----+---+---+
0x800
For historical reasons, in an ARP or RARP flow, Open vSwitch
interprets matches on nw_src
as actually referring to the ARP
SPA.
IPv4 Destination Address Field
Name: ip_dst
(aka nw_dst
)
Width: 32 bits
Format: IPv4
Masking: arbitrary bitwise masks
Prerequisites: IPv4
Access: read/write
OpenFlow 1.0: yes (CIDR match only)
OpenFlow 1.1: yes
OXM: OXM_OF_IPV4_DST
(12) since OpenFlow 1.2 and Open
vSwitch 1.7
NXM: NXM_OF_IP_DST
(8) since Open vSwitch 1.1
The destination address from the IPv4 header:
Ethernet IPv4
<-----------> <--------------->
48 48 16 8 32 32
+---+---+-----+ +---+-----+---+---+
|dst|src|type | |...|proto|src|dst| ...
+---+---+-----+ +---+-----+---+---+
0x800
For historical reasons, in an ARP or RARP flow, Open vSwitch
interprets matches on nw_dst
as actually referring to the ARP
TPA.
IPv6 Specific Fields
These fields apply only to IPv6 flows, that is, flows that match
on the IPv6 Ethertype 0x86dd
.
IPv6 Source Address Field
Name: ipv6_src
Width: 128 bits
Format: IPv6
Masking: arbitrary bitwise masks
Prerequisites: IPv6
Access: read/write
OpenFlow 1.0: not supported
OpenFlow 1.1: not supported
OXM: OXM_OF_IPV6_SRC
(26) since OpenFlow 1.2 and Open
vSwitch 1.1
NXM: NXM_NX_IPV6_SRC
(19) since Open vSwitch 1.1
The source address from the IPv6 header:
Ethernet IPv6
<------------> <-------------->
48 48 16 8 128 128
+---+---+------+ +---+----+---+---+
|dst|src| type | |...|next|src|dst| ...
+---+---+------+ +---+----+---+---+
0x86dd
Open vSwitch 1.8 added support for bitwise matching; earlier
versions supported only CIDR masks.
IPv6 Destination Address Field
Name: ipv6_dst
Width: 128 bits
Format: IPv6
Masking: arbitrary bitwise masks
Prerequisites: IPv6
Access: read/write
OpenFlow 1.0: not supported
OpenFlow 1.1: not supported
OXM: OXM_OF_IPV6_DST
(27) since OpenFlow 1.2 and Open
vSwitch 1.1
NXM: NXM_NX_IPV6_DST
(20) since Open vSwitch 1.1
The destination address from the IPv6 header:
Ethernet IPv6
<------------> <-------------->
48 48 16 8 128 128
+---+---+------+ +---+----+---+---+
|dst|src| type | |...|next|src|dst| ...
+---+---+------+ +---+----+---+---+
0x86dd
Open vSwitch 1.8 added support for bitwise matching; earlier
versions supported only CIDR masks.
IPv6 Flow Label Field
Name: ipv6_label
Width: 32 bits (only the least-significant 20 bits may be nonzero)
Format: hexadecimal
Masking: arbitrary bitwise masks
Prerequisites: IPv6
Access: read/write
OpenFlow 1.0: not supported
OpenFlow 1.1: not supported
OXM: OXM_OF_IPV6_FLABEL
(28) since OpenFlow 1.2 and Open vSwitch
1.7
NXM: NXM_NX_IPV6_LABEL
(27) since Open vSwitch 1.4
The least significant 20 bits hold the flow label field from the
IPv6 header. Other bits are zero:
OXM_OF_IPV6_FLABEL
<---------------->
12 20
+--------+---------+
| zero | label |
+--------+---------+
0
IPv4/IPv6 Fields
These fields exist with at least approximately the same meaning
in both IPv4 and IPv6, so they are treated as a single field for
matching purposes. Any flow that matches on the IPv4 Ethertype
0x0800
or the IPv6 Ethertype 0x86dd
may match on these fields.
IPv4/v6 Protocol Field
Name: nw_proto
(aka ip_proto
)
Width: 8 bits
Format: decimal
Masking: not maskable
Prerequisites: IPv4/IPv6
Access: read-only
OpenFlow 1.0: yes (exact match only)
OpenFlow 1.1: yes (exact match only)
OXM: OXM_OF_IP_PROTO
(10) since OpenFlow 1.2 and Open
vSwitch 1.7
NXM: NXM_OF_IP_PROTO
(6) since Open vSwitch 1.1
Matches the IPv4 or IPv6 protocol type.
For historical reasons, in an ARP or RARP flow, Open vSwitch
interprets matches on nw_proto
as actually referring to the ARP
opcode. The ARP opcode is a 16-bit field, so for matching
purposes ARP opcodes greater than 255 are treated as 0; this
works adequately because in practice ARP and RARP only use
opcodes 1 through 4.
IPv4/v6 TTL/Hop Limit Field
Name: nw_ttl
Width: 8 bits
Format: decimal
Masking: not maskable
Prerequisites: IPv4/IPv6
Access: read/write
OpenFlow 1.0: not supported
OpenFlow 1.1: not supported
OXM: none
NXM: NXM_NX_IP_TTL
(29) since Open vSwitch 1.4
The main reason to match on the TTL or hop limit field is to
detect whether a dec_ttl
action will fail due to a TTL exceeded
error. Another way that a controller can detect TTL exceeded is
to listen for OFPR_INVALID_TTL
``packet-in'' messages via
OpenFlow.
IPv4/v6 Fragment Bitmask Field
Name: ip_frag
(aka nw_frag
)
Width: 8 bits (only the least-significant 2 bits may be nonzero)
Format: frag
Masking: arbitrary bitwise masks
Prerequisites: IPv4/IPv6
Access: read-only
OpenFlow 1.0: not supported
OpenFlow 1.1: not supported
OXM: none
NXM: NXM_NX_IP_FRAG
(26) since Open vSwitch 1.3
Specifies what kinds of IP fragments or non-fragments to match.
The value for this field is most conveniently specified as one of
the following:
no
Match only non-fragmented packets.
yes
Matches all fragments.
first
Matches only fragments with offset 0.
later
Matches only fragments with nonzero offset.
not_later
Matches non-fragmented packets and fragments with
zero offset.
The field is internally formatted as 2 bits: bit 0 is 1 for an IP
fragment with any offset (and otherwise 0), and bit 1 is 1 for an
IP fragment with nonzero offset (and otherwise 0), like so:
NXM_NX_IP_FRAG
<------------>
6 1 1
+----+-----+---+
|zero|later|any|
+----+-----+---+
0
Even though 2 bits have 4 possible values, this field only uses 3
of them:
• A packet that is not an IP fragment has value 0.
• A packet that is an IP fragment with offset 0 (the
first fragment) has bit 0 set and thus value 1.
• A packet that is an IP fragment with nonzero offset
has bits 0 and 1 set and thus value 3.
The switch may reject matches against values that can never
appear.
It is important to understand how this field interacts with the
OpenFlow fragment handling mode:
• In OFPC_FRAG_DROP
mode, the OpenFlow switch drops
all IP fragments before they reach the flow table,
so every packet that is available for matching will
have value 0 in this field.
• Open vSwitch does not implement OFPC_FRAG_REASM
mode, but if it did then IP fragments would be
reassembled before they reached the flow table and
again every packet available for matching would
always have value 0.
• In OFPC_FRAG_NORMAL
mode, all three values are
possible, but OpenFlow 1.0 says that fragments'
transport ports are always 0, even for the first
fragment, so this does not provide much extra
information.
• In OFPC_FRAG_NX_MATCH
mode, all three values are
possible. For fragments with offset 0, Open vSwitch
makes L4 header information available.
Thus, this field is likely to be most useful for an Open vSwitch
switch configured in OFPC_FRAG_NX_MATCH
mode. See the description
of the set-frags
command in ovs-ofctl(8), for more details.
IPv4/IPv6 TOS Fields
IPv4 and IPv6 contain a one-byte ``type of service'' or TOS field
that has the following format:
type of service
<------------->
6 2
+--------+------+
| DSCP | ECN |
+--------+------+
IPv4/v6 DSCP (Bits 2-7) Field
Name: nw_tos
Width: 8 bits
Format: decimal
Masking: not maskable
Prerequisites: IPv4/IPv6
Access: read/write
OpenFlow 1.0: yes (exact match only)
OpenFlow 1.1: yes (exact match only)
OXM: none
NXM: NXM_OF_IP_TOS
(5) since Open vSwitch 1.1
This field is the TOS byte with the two ECN bits cleared to 0:
NXM_OF_IP_TOS
<----------->
6 2
+------+------+
| DSCP | zero |
+------+------+
0
IPv4/v6 DSCP (Bits 0-5) Field
Name: ip_dscp
Width: 8 bits (only the least-significant 6 bits may be nonzero)
Format: decimal
Masking: not maskable
Prerequisites: IPv4/IPv6
Access: read/write
OpenFlow 1.0: yes (exact match only)
OpenFlow 1.1: yes (exact match only)
OXM: OXM_OF_IP_DSCP
(8) since OpenFlow 1.2 and Open vSwitch
1.7
NXM: none
This field is the TOS byte shifted right to put the DSCP bits in
the 6 least-significant bits:
OXM_OF_IP_DSCP
<------------>
2 6
+-------+------+
| zero | DSCP |
+-------+------+
0
IPv4/v6 ECN Field
Name: nw_ecn
(aka ip_ecn
)
Width: 8 bits (only the least-significant 2 bits may be nonzero)
Format: decimal
Masking: not maskable
Prerequisites: IPv4/IPv6
Access: read/write
OpenFlow 1.0: not supported
OpenFlow 1.1: yes (exact match only)
OXM: OXM_OF_IP_ECN
(9) since OpenFlow 1.2 and Open vSwitch 1.7
NXM: NXM_NX_IP_ECN
(28) since Open vSwitch 1.4
This field is the TOS byte with the DSCP bits cleared to 0:
OXM_OF_IP_ECN
<----------->
6 2
+-------+-----+
| zero | ECN |
+-------+-----+
0