OpenFlow 1.0 supports IP address masking

OpenFlow supports IP subnet mask. Controllers can specify the subnet mask associated with an IP address and sent to the OpenFlow switch. The switch accepts the IP address with the subnet mask and associates any packets coming with the subnet mask with the rule.

For example, the K.15.10. OpenFlow implementation supports the ability to match on IP address and subnet mask when the OpenFlow controller programs such flows. Consider this example where the ovs-ofctl utility is used to add a flow that matches on a network source address of 1.1.1.1 with a subnet mask of /24. 10.10.10.1 here is the IP address of the switch that has an OpenFlow listen port open on port 6633.


openflow@openflow-ubuntu-08:~# ovs-ofctl add-flow
tcp:10.10.0.1:6633 ip,nw_src=1.1.1.1/24,actions=output:1

To verify that this flow has been installed on the switch, we run the ovs-ofctl command and verify the output.

openflow@openflow-ubuntu-08:~# ovs-ofctl dump-flows tcp:10.10.0.1:6633
NXST_FLOW reply (xid=0x4): cookie=0x0, duration=13.535s, table=0,
n_packets=0, n_bytes=0, ip,nw_src=1.1.0.0/24 actions=output:1

The show openflow instance test flows command when executed on the switch displays the following:

Example

switch(vlan-3)# show openflow instance test

 Configured OF Version         : 1.3 only
 Negotiated OF Version         : 1.3
 Instance Name                 : test
 Data-path Description         : test
 Administrator Status          : Enabled
 Member List                   : VLAN 3
 Pipeline Model                : Standard Match
 Listen Port                   : 6633
 Operational Status            : Up
 Operational Status Reason     : NA
 Datapath ID                   : 000340a8f09e8600
 Mode                          : Active
 Flow Location                 : Hardware and Software
 No. of Hardware Flows         : 0
 No. of Software Flows         : 0
 Hardware Rate Limit           : 0 kbps
 Software Rate Limit           : 100 pps
 Conn. Interrupt Mode          : Fail-Secure
 Maximum Backoff Interval      : 60 seconds
 Probe Interval                : 10 seconds
 Hardware Table Miss Count     : NA
 No. of Software Flow Tables   : 1
 Egress Only Ports             : None
 Table Model                   : Policy Engine and Software
 Source MAC Group Table        : Disabled
 Destination MAC Group Table   : Disabled

 Controller Id Connection Status Connection State Secure Role
 ------------- ----------------- ---------------- ------ ------
 1             Connected         Active           Yes     Equal