In an SDN controller, when a new packet arrived to an OpenFlow-based router or switch and does not find a match flow entry in the OpenFlow flow tables, what does the SDN controller do? Does it just forward that packet to the destination and install its corresponding flow entry in the flow table? If so, why not just drop it for security reasons?
How SDN Controllers Handle Unknown Packets
ciscoopenflowrouterroutingsdn
Related Solutions
Short version: it doesn't.
Longer version: Openflow is just a protocol for communicating between the 'forwarding units' and a controller. It is the controller itself that determines what to do with packets, and it can do this in any way it likes. You can implement most of the current routing protocols in an OpenFlow controller, see for instance RouteFlow.
So the OpenFlow protocol is not used to determine which paths to take, it is just a means of installing the flows in the flow tables. In this sense you can see it as analogous to SNMP and friends (although somewhat more powerful).
I think you've mostly got it.
There are a few points I would make though.
The path
P_0, fromRtoC_1, is often (but not always) implemented 'out-of-band', as a separate network.Only one, or a handful, of packets for each network flow should reach
C_1. As soon as the flows are inserted by the AmyOSPF controller, they are simply forwarded according to that routing logic. This is what the second quote says.No. AmyOSPF computes the best path
P_1fromRto the destination of the packets, wherever that may be. It can do this without talking to the switches.
The flow entries that make up the path P_1 is then sent to the routers on P_1, so that all traffic coming from Amy's machine to a particular destination are sent along that path, without having to go to the controller. In the case of R, this new flow entry must have higher priority than the one that says to send all traffic from that port to the controller.
It's not really a multicast, the controller has a separate connection to each switch/router. The flow entries may be slightly different for each router too.
The point is that it doesn't matter what 'view' the router has, as all of the routing is done in the controller. But
C_0does have a global view.
This will have to be repeated for each new network flow originating from Amy's machine. It wouldn't make sense to create a path from R to X and then send packets destined for Y along it. Having said that, flow entries can be aggregated.
Best Answer
When a packet is received at an SDN switch that doesn't have a rule associated with it, it gets forwarded to the controller. Now, the controller may choose to drop it, or do something special (like log it and then forward). This behavior is key to implementing many Openflow features, like learning switches.
https://github.com/mininet/openflow-tutorial/wiki/Create-a-Learning-Switch