Openflow MAC group

MAC Group Tables allows the controller to apply the same policy to a set of users, differentiated by the source MAC address, using a single rule in the policy table. This is achieved by exposing the MAC CAM as a separate table to controllers and allows controllers to create MAC groups.

OpenFlow pipeline

MAC group tables can be enabled for an OpenFlow instance in “standard match mode” or “ip control mode”. By default, both source mac group table and destination mac group tables are disabled. These tables can be enabled in the pipeline by using the commands src-mac-grp-table or dest-mac-grp-table. The figures below depict the various combinations of OpenFlow pipelines that an instance can have.

Standard match mode default pipeline

Standard match SRC enabled pipeline

Standard match DST enabled pipeline

Standard match SRC and DST enabled pipeline

IP control table pipeline

A single consolidated policy table combines “IP Match Policy Table”, “IP Miss Policy Table” and “Non-IP Policy table”. “Policy table” in IP control table mode allows the controller to match on L3 match, L3 miss and L3 ignore. OpenFlow controller must program rules into policy table with metadata to achieve functionality. Table 3 illustrates the values of metadata and metadata mask that needs to be programmed.

IP control desitnation MAC enabled pipeline

IP control source MAC enabled pipeline

IP control table default

Metadata

The controller must program rules with match on metadata to achieve functionality.

The following table illustrates the values of metadata and metadata mask with which these functionalities can be achieved.

Metadata

	Metadata	Metadata_mask
L3 match	1	1
L3 miss	0	1
L3 ignore	0	0
Non-IP

OpenFlow provides support for metadata, which is a maskable register value that is used to carry information from one table to the next.

OpenFlow metadata

For example OFPXMT_OFB_METADATA is part of oxm_ofb_match_fields and is a 64 bit field. It is used to pass information between lookups across multiple tables. This value can be arbitrarily masked. Out of 64 bits, current release is using 21 bits and the following table illustrates the interpretation of these bits.

OpenFlow metadata

SRC MAC GRP – 10 bits which identifies the Source Mac Group ID
DST MAC GRP – 10 bits which identifies the destination Mac Group ID
L3 match – 1 bit which is used to identify L3 match/miss in case of ip control table mode.

The following table shows the values of Metadata_match and metadata_write bits advertised for different table

Bits advertised

Table #	Metadata_match	Metadata_write
0	0	0
40	0	0x3FF ( Bits 0 to 19)(Bits 0 to 9 are used to writethe src GUID for MAC)
41	0	0xFFC00 ( Bits 10 to 19) (Bits 0 to 9 are used to write the dst GUID for MAC)
50	0	0x100000 (Bit 20)
100	0x01FFFFF (Bits 0 to 20)	0
200	0	0


	NOTE: Rules on the policy table must match on metadata which in turn is mapped to a MAC‐group (source/destination MAC). The policy table cannot match on a source MAC and destination MAC address separately when MAC group tables are part of the pipeline. In L3 tables, rules can be added with instructions `WRITE_METADATA/MASK` and `GOTO`. On the policy table, the L3 match, L3 miss is interpreted by the metadata, metadata_mask specified in the rule.

Command to configure source MAC group table on an instance

Syntax

From within an OpenFlow instance:

[no]openflow ins instance name src-mac-grp-table

Enable the source MAC group table in the OpenFlow pipeline.

Options

src-mac-grp-table

Enable the source MAC group table in the OpenFlow pipeline.

connection-interru

Set the type of behavior when the switch loses connection with the controller.

controller-id

Add controllers for an OpenFlow instance.

datapath-desc

Specify a description for the data path

dest-mac-grp-table

Enable the destination MAC group table in the OpenFlow pipeline.

disable

Disable the current OpenFlow instance.

enable

Enable the current OpenFlow instance.

flow-location

Specify the location of the flows that are used by this instance.

limit

Set the limit on resource usage by an OpenFlow instance.

listen-port

Specify the TCP port on which the OpenFlow agent of the switch waits (listens) for incoming connections from an OpenFlow controller.

max-backoff-interval

Specify the maximum interval between two consecutive attempts to connect to a controller.

member

Add member VLANs to this OpenFlow instance.

mode

Set the operation mode of the OpenFlow instance.

pipeline-model

Configure an OpenFlow instance pipeline model.

probe-interval

The probe interval is the time between two consecutive probes sent from an instance to the controller.

software-flow-table

Specify the number of software flow tables required per instance.

version

Specify the OpenFlow protocol version supported for the specific instance.

Validation rules

Validation	Error/Warning/Prompt
Source MAC group table can be enabled on only one instance.	The source MAC group table cannot be enabled on multiple instances.
Source MAC group table is supported only in standard match mode/ip-control-table mode.	The source MAC group table is not supported on custom-pipeline mode.
In ip-control-table mode, both source MAC groups and destination MAC groups cannot be configured.	The source MAC group table cannot be enabled when the destination MAC group table is enabled in IP control pipeline mode.
When enabling the mac group table, the oper statuses of all other instances have to be down.	All the instances must be disabled before enabling the source MAC group table.
Flow table number modification needs to be blocked when MAC group table is enabled.	Flow table number modification is not allowed when a MAC group table is enabled.
MAC group feature is not available in V1 compatibility mode.	The source MAC group table is not supported when the switch is in V1 module compatible mode.
If an instance is standard-match mode source and destination tables can be enabled. When both are enabled pipeline-model cannot be changed to ip-control.	Pipeline-model cannot be changed to ip-control if both source and destination MAC group tables are enabled.
Source and destination MAC group tables cannot be enabled when table-numbers are customized by user MAC group tables cannot be enabled.	The source MAC group table cannot be enabled. The flow table numbers need to be reset to their default values.
When MAC group tables are configured instance pipeline-model cannot be changed to custom.	Pipeline-model cannot be changed to custom when a MAC group table is enabled.

Destination MAC group table on an instance

Syntax

[no]openflow instance instance name dest-mac-grp-table

Enable the destination MAC group table in the OpenFlow pipeline.

connection-interru

Set the type of behavior when the switch loses connection with the controller.

controller-id

Add controllers for an OpenFlow instance.

datapath-desc

Specify a description for the data path.

dest-mac-grp-table

Enable the destination MAC group table in the OpenFlow pipeline.

disable

Disable the current OpenFlow instance.

enable

Enable the current OpenFlow instance.

flow-location

Specify the location of the flows that are used by this instance.

limit

Set the limit on resource usage by an OpenFlow instance.

listen-port

Specify the TCP port on which the OpenFlow agent of the switch waits (listens) for incoming connections from an OpenFlow controller.

max-backoff-interval

Specify the maximum interval between two consecutive attempts to connect to a controller.

member

Add member VLANs to this OpenFlow instance.

mode

Set the operation mode of the OpenFlow instance.

pipeline-model

Configure an OpenFlow instance pipeline model.

probe-interval

The probe interval is the time between two consecutive probes sent from an instance to the controller.

software-flow-table

Specify the number of software flow tables required per instance.

src-mac-grp-table

Enable the source MAC group table in the OpenFlow pipeline.

version

Specify the OpenFlow protocol version supported for the specific instance.

Validation rules

Validation	Error/Warning/Prompt
Destination MAC group table can be enabled on only one instance.	The destination MAC group table cannot be enabled on multiple instances.
MAC group table is supported only in standard match mode/ip-control-table mode.	The destination MAC group table is not supported in custom-pipeline mode.
In ip-control-table mode, both source MAC groups and destination MAC groups cannot be configured.	The destination MAC group table cannot be enabled when the source MAC group table is enabled in IP control pipeline mode.
When enabling the mac group table, the operational statuses of all other instances have to be down.	All the instances must be disabled before enabling the destination MAC group table.
Flow table number modification needs to be blocked when MAC group table is enabled.	Flow table number modification is not allowed when MAC group table is enabled.
MAC group feature is not available in V1 compatibility mode.	The destination MAC group table is not supported when the switch is in V1 module compatible mode.
If an instance is standard-match mode source and destination tables can be enabled. When both are enabled pipeline-model cannot be changed to ip-control.	Pipeline-model cannot be changed to ip-control if both source and destination MAC group tables are enabled.
Source and destination MAC group tables cannot be enabled when table-numbers are customized by user MAC group tables cannot be enabled.	The destination MAC group table cannot be enabled. The flow table numbers need to be reset to their default values.
When MAC group tables are configured instance pipeline-model cannot be changed to custom.	Pipeline-model cannot be changed to custom when a MAC group table is enabled.

prev	up	next
Pipeline configuration commands	home	Human readable data-path description

`src-mac-grp-table`	Enable the source MAC group table in the OpenFlow pipeline.
`connection-interru`	Set the type of behavior when the switch loses connection with the controller.
`controller-id`	Add controllers for an OpenFlow instance.
`datapath-desc`	Specify a description for the data path
`dest-mac-grp-table`	Enable the destination MAC group table in the OpenFlow pipeline.
`disable`	Disable the current OpenFlow instance.
`enable`	Enable the current OpenFlow instance.
`flow-location`	Specify the location of the flows that are used by this instance.
`limit`	Set the limit on resource usage by an OpenFlow instance.
`listen-port`	Specify the TCP port on which the OpenFlow agent of the switch waits (listens) for incoming connections from an OpenFlow controller.
`max-backoff-interval`	Specify the maximum interval between two consecutive attempts to connect to a controller.
`member`	Add member VLANs to this OpenFlow instance.
`mode`	Set the operation mode of the OpenFlow instance.
`pipeline-model`	Configure an OpenFlow instance pipeline model.
`probe-interval`	The probe interval is the time between two consecutive probes sent from an instance to the controller.
`software-flow-table`	Specify the number of software flow tables required per instance.
`version`	Specify the OpenFlow protocol version supported for the specific instance.