Arbitrary packet matching in OpenFlow

OpenFlow has emerged as the de facto control protocol to implement Software-Defined Networking (SDN). In its current form, the protocol specifies a set of fields on which it matches packets to perform actions, such as forwarding, discarding or modifying specific protocol header fields at a switch. The number of match fields has increased with every version of the protocol to extend matching capabilities, however, it is still not flexible enough to match on arbitrary packet fields which limits innovation and new protocol development with OpenFlow. In this paper, we argue that a fully flexible match structure is superior to continuously extending the number of fields to match upon. We use Berkeley Packet Filters (BPF) for packet classification to provide a protocol-independent, flexible alternative to today's OpenFlow fixed match fields. We have implemented a prototype system and evaluated the performance of the proposed match scheme, with a focus on the time it takes to execute and the memory required to store different match filter specifications. Our prototype implementation demonstrates that line-rate arbitrary packet classification can be achieved with complex BPF programs.

[1]  Angelos D. Keromytis,et al.  xPF: packet filtering for low-cost network monitoring , 2002, Workshop on High Performance Switching and Routing, Merging Optical and IP Technologie.

[2]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[3]  Steven McCanne,et al.  BPF+: exploiting global data-flow optimization in a generalized packet filter architecture , 1999, SIGCOMM '99.

[4]  Zhenyu Wu,et al.  Swift: A Fast Dynamic Packet Filter , 2008, NSDI.

[5]  Anja Feldmann,et al.  Building a time machine for efficient recording and retrieval of high-volume network traffic , 2005, IMC '05.

[6]  Christian Esteve Rothenberg,et al.  On IPv6 support in OpenFlow via Flexible Match Structures , 2011 .

[7]  Hwee Pink Tan,et al.  Sensor OpenFlow: Enabling Software-Defined Wireless Sensor Networks , 2012, IEEE Communications Letters.

[8]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[9]  Guido Appenzeller,et al.  Implementing an OpenFlow switch on the NetFPGA platform , 2008, ANCS '08.

[10]  Steven McCanne,et al.  The BSD Packet Filter: A New Architecture for User-level Packet Capture , 1993, USENIX Winter.

[11]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[12]  Viktor K. Prasanna,et al.  Beyond TCAMs: An SRAM-Based Parallel Multi-Pipeline Architecture for Terabit IP Lookup , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[13]  Fulvio Risso,et al.  NetPDL: An extensible XML-based language for packet header description , 2006, Comput. Networks.

[14]  Craig Partridge,et al.  FIRE: flexible intra-AS routing environment , 2001, IEEE J. Sel. Areas Commun..