поля заголовка протокола в OpenFlow и Open vSwitch (protocol header fields in OpenFlow and Open vSwitch)
VLAN FIELDS
Summary:
Name Bytes Mask RW? Prereqs NXM/OXM Support
──────────── ──────────────── ───── ──── ───────── ─────────────────────
dl_vlan 2 (low 12 bits) no yes Ethernet
dl_vlan_pcp 1 (low 3 bits) no yes Ethernet
vlan_vid 2 (low 12 bits) yes yes Ethernet OF 1.2+ and OVS 1.7+
vlan_pcp 1 (low 3 bits) no yes VLAN VID OF 1.2+ and OVS 1.7+
vlan_tci 2 yes yes Ethernet OVS 1.1+
The 802.1Q VLAN header causes more trouble than any other 4 bytes
in networking. OpenFlow 1.0, 1.1, and 1.2+ all treat VLANs
differently. Open vSwitch extensions add another variant to the
mix. Open vSwitch reconciles all four treatments as best it can.
VLAN Header Format
An 802.1Q VLAN header consists of two 16-bit fields:
TPID TCI
<-------> <--------->
16 3 1 12
+---------+---+---+---+
|Ethertype|PCP|CFI|VID|
+---------+---+---+---+
0x8100 0
The first 16 bits of the VLAN header, the TPID (Tag Protocol
IDentifier), is an Ethertype. When the VLAN header is inserted
just after the source and destination MAC addresses in a
Ethertype frame, the TPID serves to identify the presence of the
VLAN. The standard TPID, the only one that Open vSwitch supports,
is 0x8100. OpenFlow 1.0 explicitly supports only TPID 0x8100.
OpenFlow 1.1, but not earlier or later versions, also requires
support for TPID 0x88a8 (Open vSwitch does not support this).
OpenFlow 1.2 through 1.5 do not require support for specific
TPIDs (the ``push vlan header'' action does say that only 0x8100
and 0x88a8 should be pushed). No version of OpenFlow provides a
way to distinguish or match on the TPID.
The remaining 16 bits of the VLAN header, the TCI (Tag Control
Information), is subdivided into three subfields:
• PCP (Priority Control Point), is a 3-bit 802.1p
priority. The lowest priority is value 1, the
second-lowest is value 0, and priority increases
from 2 up to highest priority 7.
• CFI (Canonical Format Indicator), is a 1-bit field.
On an Ethernet network, its value is always 0. This
led to it later being repurposed under the name DEI
(Drop Eligibility Indicator). By either name,
OpenFlow and Open vSwitch don't provide any way to
match or set this bit.
• VID (VLAN IDentifier), is a 12-bit VLAN. If the VID
is 0, then the frame is not part of a VLAN. In that
case, the VLAN header is called a priority tag
because it is only meaningful for assigning the
frame a priority. VID 0xfff (4,095) is reserved.
See eth_type for illustrations of a complete Ethernet frame with
802.1Q tag included.
Multiple VLANs
Open vSwitch can match only a single VLAN header. If more than
one VLAN header is present, then eth_type holds the TPID of the
inner VLAN header. Open vSwitch stops parsing the packet after
the inner TPID, so matching further into the packet (e.g. on the
inner TCI or L3 fields) is not possible.
OpenFlow only directly supports matching a single VLAN header. In
OpenFlow 1.1 or later, one OpenFlow table can match on the
outermost VLAN header and pop it off, and a later OpenFlow table
can match on the next outermost header. Open vSwitch does not
support this.
VLAN Field Details
The four variants have three different levels of expressiveness:
OpenFlow 1.0 and 1.1 VLAN matching are less powerful than
OpenFlow 1.2+ VLAN matching, which is less powerful than Open
vSwitch extension VLAN matching.
OpenFlow 1.0 VLAN Fields
OpenFlow 1.0 uses two fields, called dl_vlan and dl_vlan_pcp,
each of which can be either exact-matched or wildcarded, to
specify VLAN matches:
• When both dl_vlan and dl_vlan_pcp are wildcarded,
the flow matches packets without an 802.1Q header
or with any 802.1Q header.
• The match dl_vlan=0xffff causes a flow to match
only packets without an 802.1Q header. Such a flow
should also wildcard dl_vlan_pcp, since a packet
without an 802.1Q header does not have a PCP.
OpenFlow does not specify what to do if a match on
PCP is actually present, but Open vSwitch ignores
it.
• Otherwise, the flow matches only packets with an
802.1Q header. If dl_vlan is not wildcarded, then
the flow only matches packets with the VLAN ID
specified in dl_vlan's low 12 bits. If dl_vlan_pcp
is not wildcarded, then the flow only matches
packets with the priority specified in
dl_vlan_pcp's low 3 bits.
OpenFlow does not specify how to interpret the high
4 bits of dl_vlan or the high 5 bits of
dl_vlan_pcp. Open vSwitch ignores them.
OpenFlow 1.1 VLAN Fields
VLAN matching in OpenFlow 1.1 is similar to OpenFlow 1.0. The one
refinement is that when dl_vlan matches on 0xfffe (OFVPID_ANY),
the flow matches only packets with an 802.1Q header, with any
VLAN ID. If dl_vlan_pcp is wildcarded, the flow matches any
packet with an 802.1Q header, regardless of VLAN ID or priority.
If dl_vlan_pcp is not wildcarded, then the flow only matches
packets with the priority specified in dl_vlan_pcp's low 3 bits.
OpenFlow 1.1 uses the name OFPVID_NONE, instead of OFP_VLAN_NONE,
for a dl_vlan of 0xffff, but it has the same meaning.
In OpenFlow 1.1, Open vSwitch reports error OFPBMC_BAD_VALUE for
an attempt to match on dl_vlan between 4,096 and 0xfffd,
inclusive, or dl_vlan_pcp greater than 7.
OpenFlow 1.2 VLAN Fields
OpenFlow 1.2+ VLAN ID Field
Name: vlan_vid
Width: 16 bits (only the least-significant 12 bits may be nonzero)
Format: decimal
Masking: arbitrary bitwise masks
Prerequisites: Ethernet
Access: read/write
OpenFlow 1.0: yes (exact match only)
OpenFlow 1.1: yes (exact match only)
OXM: OXM_OF_VLAN_VID (6) since OpenFlow 1.2 and Open vSwitch 1.7
NXM: none
The OpenFlow standard describes this field as consisting of
``12+1'' bits. On ingress, its value is 0 if no 802.1Q header is
present, and otherwise it holds the VLAN VID in its least
significant 12 bits, with bit 12 (0x1000 aka OFPVID_PRESENT) also
set to 1. The three most significant bits are always zero:
OXM_OF_VLAN_VID
<------------->
3 1 12
+---+--+--------+
| |P |VLAN ID |
+---+--+--------+
0
As a consequence of this field's format, one may use it to match
the VLAN ID in all of the ways available with the OpenFlow 1.0
and 1.1 formats, and a few new ways:
Fully wildcarded
Matches any packet, that is, one without an 802.1Q
header or with an 802.1Q header with any TCI value.
Value 0x0000 (OFPVID_NONE), mask 0xffff (or no mask)
Matches only packets without an 802.1Q header.
Value 0x1000, mask 0x1000
Matches any packet with an 802.1Q header,
regardless of VLAN ID.
Value 0x1009, mask 0xffff (or no mask)
Match only packets with an 802.1Q header with VLAN
ID 9.
Value 0x1001, mask 0x1001
Matches only packets that have an 802.1Q header
with an odd-numbered VLAN ID. (This is just an
example; one can match on any desired VLAN ID bit
pattern.)
OpenFlow 1.2+ VLAN Priority Field
Name: vlan_pcp
Width: 8 bits (only the least-significant 3 bits may be nonzero)
Format: decimal
Masking: not maskable
Prerequisites: VLAN VID
Access: read/write
OpenFlow 1.0: yes (exact match only)
OpenFlow 1.1: yes (exact match only)
OXM: OXM_OF_VLAN_PCP (7) since OpenFlow 1.2 and Open vSwitch
1.7
NXM: none
The 3 least significant bits may be used to match the PCP bits in
an 802.1Q header. Other bits are always zero:
OXM_OF_VLAN_VID
<------------->
5 3
+--------+------+
| zero | PCP |
+--------+------+
0
This field may only be used when vlan_vid is not wildcarded and
does not exact match on 0 (which only matches when there is no
802.1Q header).
See VLAN Comparison Chart, below, for some examples.
Open vSwitch Extension VLAN Field
The vlan_tci extension can describe more kinds of VLAN matches
than the other variants. It is also simpler than the other
variants.
VLAN TCI Field
Name: vlan_tci
Width: 16 bits
Format: hexadecimal
Masking: arbitrary bitwise masks
Prerequisites: Ethernet
Access: read/write
OpenFlow 1.0: yes (exact match only)
OpenFlow 1.1: yes (exact match only)
OXM: none
NXM: NXM_OF_VLAN_TCI (4) since Open vSwitch 1.1
For a packet without an 802.1Q header, this field is zero. For a
packet with an 802.1Q header, this field is the TCI with the bit
in CFI's position (marked P for ``present'' below) forced to 1.
Thus, for a packet in VLAN 9 with priority 7, it has the value
0xf009:
NXM_VLAN_TCI
<---------->
3 1 12
+----+--+----+
|PCP |P |VID |
+----+--+----+
7 1 9
Usage examples:
vlan_tci=0
Match packets without an 802.1Q header.
vlan_tci=0x1000/0x1000
Match packets with an 802.1Q header, regardless of
VLAN and priority values.
vlan_tci=0xf123
Match packets tagged with priority 7 in VLAN 0x123.
vlan_tci=0x1123/0x1fff
Match packets tagged with VLAN 0x123 (and any
priority).
vlan_tci=0x5000/0xf000
Match packets tagged with priority 2 (in any VLAN).
vlan_tci=0/0xfff
Match packets with no 802.1Q header or tagged with
VLAN 0 (and any priority).
vlan_tci=0x5000/0xe000
Match packets with no 802.1Q header or tagged with
priority 2 (in any VLAN).
vlan_tci=0/0xefff
Match packets with no 802.1Q header or tagged with
VLAN 0 and priority 0.
See VLAN Comparison Chart, below, for more examples.
VLAN Comparison Chart
The following table describes each of several possible matching
criteria on 802.1Q header may be expressed with each variation of
the VLAN matching fields:
Criteria OpenFlow 1.0 OpenFlow 1.1 OpenFlow 1.2+ NXM
_ _ _ _ _
[1] ????/1,??/? ????/1,??/? 0000/0000,-- 0000/0000
[2] ffff/0,??/? ffff/0,??/? 0000/ffff,-- 0000/ffff
[3] 0xxx/0,??/1 0xxx/0,??/1 1xxx/ffff,-- 1xxx/1fff
[4] ????/1,0y/0 fffe/0,0y/0 1000/1000,0y z000/f000
[5] 0xxx/0,0y/0 0xxx/0,0y/0 1xxx/ffff,0y zxxx/ffff
[6] (none) (none) 1001/1001,-- 1001/1001
[7] (none) (none) (none) 3000/3000
[8] (none) (none) (none) 0000/0fff
[9] (none) (none) (none) 0000/f000
[10] (none) (none) (none) 0000/efff
All numbers in the table are expressed in hexadecimal. The
columns in the table are interpreted as follows:
Criteria
See the list below.
OpenFlow 1.0
OpenFlow 1.1
wwww/x,yy/z means VLAN ID match value wwww with
wildcard bit x and VLAN PCP match value yy with
wildcard bit z. ? means that the given bits are
ignored (and conventionally 0 for wwww or yy,
conventionally 1 for x or z). ``(none)'' means that
OpenFlow 1.0 (or 1.1) cannot match with these
criteria.
OpenFlow 1.2+
xxxx/yyyy,zz means vlan_vid with value xxxx and mask
yyyy, and vlan_pcp (which is not maskable) with value
zz. -- means that vlan_pcp is omitted. ``(none)''
means that OpenFlow 1.2 cannot match with these
criteria.
NXM xxxx/yyyy means vlan_tci with value xxxx and mask
yyyy.
The matching criteria described by the table are:
[1] Matches any packet, that is, one without an 802.1Q
header or with an 802.1Q header with any TCI value.
[2] Matches only packets without an 802.1Q header.
OpenFlow 1.0 doesn't define the behavior if dl_vlan
is set to 0xffff and dl_vlan_pcp is not wildcarded.
(Open vSwitch always ignores dl_vlan_pcp when
dl_vlan is set to 0xffff.)
OpenFlow 1.1 says explicitly to ignore dl_vlan_pcp
when dl_vlan is set to 0xffff.
OpenFlow 1.2 doesn't say how to interpret a match
with vlan_vid value 0 and a mask with
OFPVID_PRESENT (0x1000) set to 1 and some other
bits in the mask set to 1 also. Open vSwitch
interprets it the same way as a mask of 0x1000.
Any NXM match with vlan_tci value 0 and the CFI bit
set to 1 in the mask is equivalent to the one
listed in the table.
[3] Matches only packets that have an 802.1Q header
with VID xxx (and any PCP).
[4] Matches only packets that have an 802.1Q header
with PCP y (and any VID).
OpenFlow 1.0 doesn't clearly define the behavior
for this case. Open vSwitch implements it this way.
In the NXM value, z equals (y << 1) | 1.
[5] Matches only packets that have an 802.1Q header
with VID xxx and PCP y.
In the NXM value, z equals (y << 1) | 1.
[6] Matches only packets that have an 802.1Q header
with an odd-numbered VID (and any PCP). Only
possible with OpenFlow 1.2 and NXM. (This is just
an example; one can match on any desired VID bit
pattern.)
[7] Matches only packets that have an 802.1Q header
with an odd-numbered PCP (and any VID). Only
possible with NXM. (This is just an example; one
can match on any desired VID bit pattern.)
[8] Matches packets with no 802.1Q header or with an
802.1Q header with a VID of 0. Only possible with
NXM.
[9] Matches packets with no 802.1Q header or with an
802.1Q header with a PCP of 0. Only possible with
NXM.
[10] Matches packets with no 802.1Q header or with an
802.1Q header with both VID and PCP of 0. Only
possible with NXM.
