OpenFlow is a Software-Defined Networking (SDN) protocol used for southbound communications from an SDN controller to and from a network device. OpenFlow is the protocol used to inform the topology of network switches on which flows should be added to their flow tables and advise switches how they should handle traffic flows that are not in the current flow tables. Initially, OpenFlow did not have any definition for handling IPv6 communications. Now, newer OpenFlow versions have IPv6 capabilities and more vendors are deploying products that use the newer OpenFlow versions. This article goes over the IPv6 functions within the OpenFlow protocol and describes how these are being used.
OpenFlow History and Lineage:
OpenFlow started out as a Stanford University research project in 2008 just as the concept of SDN and control-plane separation was being developed. In 2011, the Open Networking Foundation (ONF) was formed as an SDN industry organization to standardize OpenFlow and help speed innovation and coordination between its member companies.
In 2009, the first editions of OpenFlow were focused on IPv4 and did not have any IPv6 flow support. Then in early 2011 the ONF published its first OpenFlow Switch Specification 1.1.0 but it failed to have any provisions for defining IPv6 flows. Then, in mid-2011, there was work being done to consider how to extend the functionality of OpenFlow to include IPv6. The problem is that many early implementations of OpenFlow support these earlier versions and thus lacked any IPv6 forwarding capabilities.
On the heels of OpenFlow version 1.1, the ONF started to consider proposals for the next version and how IPv6 flows could be accommodated. In late 2011, the ONF published their OpenFlow Switch Specification for version 1.2. This was the first version that supported IPv6 packet matching. An OpenFlow 1.2 compliant switch could match on IP protocol number (Ethernet type 0x86dd = IPv6), IPv6 source/destination address, traffic class, flow label, and ICMPv6 types/codes. This was at least a start at allowing IPv6 unicast and multicast traffic to match and OpenFlow table in a switch.
When the ONF published the OpenFlow 1.3 specification in March 2012 there were a few more IPv6 functions added. OpenFlow 1.3 added the ability to rewrite packet headers via flexible match support. OpenFlow 1.3 had the same ability to match on IPv6 header fields such as source/destination address, protocol number (next header, extension header), hop-limit, traffic class, flow label, and ICMPv6 type/code (e.g. Neighbor Discovery Protocol (NDP)). Researchers in Brazil and Hungary released a paper titled “On IPv6 support in OpenFlow via Flexible Match Structures” which leverages these new features in OpenFlow 1.3.
The good news is that version 1.3 of OpenFlow was a target release and is getting wider adoption in deployments. An example of an OpenFlow 1.3 compliant software switch is the Infoblox FlowForwarding Erlang-Solutions LINC implementation. Plugfests and other tests are showing that there is growing adoption of OpenFlow 1.3 and there is hope for interoperability. When the ONF release OpenFlow version 1.4 in June 2013 nothing changed regarding IPv6 support. Now work has begun on OpenFlow 1.5 but it is unlikely there will be any change in the IPv6 features.
Other IPv6 and OpenFlow Examples:
There are starting to be more discussion of how to use OpenFlow for IPv6 traffic flows and more examples of IPv6 implemented into OpenFlow products.
In 2012 at the Asia-Pacific Advanced Network (APAN) meeting in Chiang Mai, Thailand, Jun Bi from Tsinghua University, China gave a presentation on OpenFlow+ for IPv6 Source Address Validation. The IETF Source Address Validation Improvements (SAVI) working group is working on how to use first-hop security techniques to help secure IPv6. Related to this, Ivan Pepelnjak wrote a blog on “IPv6 First-Hop Security: Ideal OpenFlow Use Case”. This article covers the concept of how OpenFlow can be used to help secure the IPv6 Neighbor Discovery Protocol (NDP) because it suffers from many of the same vulnerabilities as IPv4 ARP.
In March 2013, William Stallings wrote an article in The Internet Protocol Journal, Volume 16, No. 1, titled “Software-Defined Networks and OpenFlow” where he wrote about the various elements of an OpenFlow table that includes the IPv6 header fields that can be matched.
At last year’s gogoNET LIVE! 4 IPv6 conference in November, 2013 in Sunnyvale, Curt Beckmann gave a talk on “SDN meets IPv6”.
Earlier this year, David R. Newman published a paper titled “Technology Validation Experiment: IPv6 and Multicast Support on OpenFlow”. This paper goes through the installation steps required to set up a dual-protocol network using mininet with OpenFlow 1.3 and LINC.
Pica8’s Open vSwitch (OVS) supports IPv6 flows via OpenFlow.
Huawei also has a video on their “SDN IPv6 Use Cases” and how they are tying together a mobile application with an SDN network using IPv6 in IPv4 tunneled flows.
Criterion Network Labs (CNLabs) is an interoperability testing facility for IPv6 and SDN implementations. Similarly, the University of New Hampshire (UNH) InterOperabilty Laboratory (IOL) does testing of IPv6 Ready products and OpenFlow product conformance testing.
A great place to learn more about OpenFlow is at the Open Networking Summit. This year’s event was in March 2014 and next year’s event is June 15-18, 2015 in Santa Clara, CA, USA. However, if your organization is not a member of the Open Networking Foundation (ONF), then you might not have access.
Network World also puts on their Open Network Exchange (ONX) Conference. This year’s event was in May in Chicago. Hopefully there is another event like this next year.
If you want to learn more about IPv6 and how it is used with OpenFlow, SDN, cloud systems, security, the Internet of Things (IoT), then you should consider attending the 7th annual 2014 North American IPv6 Summit. This premier IPv6 event is being held in Denver, CO, USA September 23-25. This even is put on by the Rocky Mountain IPv6 Task Force (RMv6TF) and the other IPv6 task forces in North America. More information on this year’s conference and past materials on IPv6 is available for free at http://www.rmv6tf.org/.