TCP flag check

[ryota iwami]

Dear experts,

I want to serialize TCP connections (flows) passing
through an OpenFlow switch.
For example, if two TCP flows come to an OFSW,
the first one will establish a connection and proceed
to data exchange,
while the second one will be suspended to establish
a connection until the first one finishes.

To do so, when a new TCP flow (i.e. a first packet of
the flow) comes and if an old one exists,
the controller will hold the first packet in it and the packet
will be passed to OFSW after the old flow ends.
Note we don't consider TCP establishment time out
at this moment.

The problem is how the controller knows the end of
the old (preceding) TCP flow.
Can we make a flow entry in OFSW that matches
any other packet in a specified TCP flow
but does not match a FIN (or RST) packet in the flow?
If such a entry exists, when a FIN packet of the flow
comes,
the packet will be forwarded to the controller
(from OFSW) and the controller can take appropriate
actions.
If it is possible, the next question is how we can see
(check) the TCP flags of a received packet at the
controller.

Thank you for your help and suggestion in advance.

Best regards,

Ryota

[Kazuya Suzuki]

Hi,

In OpenFlow specification, match fields don't include
TCP flags(FIN, SYN, etc) unfortunately.
If you want to know the end of tcp connection,
you have no other choice than to use an idle timeout
of flow entry.
When timeout, OpenFlow switch send a flow_removed message.
You can use the flow_removed message.

Best regards.

--
Kazuya Suzuki
kaz...@ax.jp.nec.com

--Separator@kazuya@ax.jp.nec.com:

[Masayoshi Kobayashi]

Hi Ryota,

The current versions of OpenFlow protocol (v1.0, v1.1) (and probably the next v1.2) does
not have such feature, and no vendor implements it even as their proprietary feature as far as I know.
If you can modify the OpenFlow switch (e.g., using software OpenFlow switch), you can use
vendor extension (experimenter extension) to add flow_mod message for those matching.

Those two connections have to have the same TCP src & dst port numbers?
If so, how the end-hosts can distinguish those two connections in the first place? You have
to wait TCP TIME_WAIT timeout to re-use the same src & dst port number pairs (and if you are okay
to wait, you may be able to expire the previous flow entry by setting timer properly).
If either of them (src or dst port numbers) is different, you should be able to distinguish
those two connections by TCP port number. Maybe I'm missing something...

- Masa

- Masa

[ryota iwami]

Dear experts,

Thank you very much for your advice.
We will try your suggestion.

Best regards.

Ryota

2011/12/6 Kazuya Suzuki <kaz...@ax.jp.nec.com>

[ryota iwami]

Dear experts,

According to your advice, 

I'm trying to use an idle timeout of a flow entry to know

the end of a TCP connection and resume suspended

next TCP connection.

Because an OpenFlow Switch sends

a flow_removed message when a timeout occurs,

I think a controller can know the end of a TCP

connection when the controller receives

a flow_removed message.

But I cannot find how the controller receive

a flow_removed message at the controller?

Best regards.

Ryota

2011/12/6 Kazuya Suzuki <kaz...@ax.jp.nec.com>

Hi,

[HIDEyuki Shimonishi]

Hi

 

Have you used flow_removed_hander or simple_flow_removed_hander ?

If not, you can check src/examples/dumper/* to see how to use this handler. Or other examples in TremaApps.

 

Regards,

 

HIDE

[ryota iwami]

Dear experts, 

Thank you very much for your advice.

I try to use the flow_removed_handler.

Best regards,

Ryota

2011/12/11 HIDEyuki Shimonishi <h-shim...@cd.jp.nec.com>