Join David Bombal for an in-depth discussion in this video Wireshark openflow_v4 display filters, part of Practical Software-Defined Networking: 6 The OpenFlow Protocol.
- [Instructor] So here's my Windows VM running Wireshark, and what's nice is that fairly recently, Wireshark have started sporting OpenFlow natively. So I can specify OpenFlow v4 as a display filter, and that's actually gonna capture OpenFlow 1.3. So Wireshark has the option for OpenFlow 1.0, 1.3, and 1.4. In this example, I'm gonna specify OpenFlow 1.3 because I'm using an OpenDaylight controller which supports OpenFlow 1.3, not 1.4 at the time of this recording.
So let's start a capture, apply the filter. In Mininet, I'm gonna start a topology, and Mininet is configured to talk to ODL. In this case, I'll make this a single switch with two hosts connected using OpenFlow 1.3 so that we can see the captures. I'm also specifying easy to read MAC addresses for the hosts. So as you saw there, Wireshark is starting to capture packets from the switch.
And what I'll do now is I'll just do a ping from host one to host two and stop that ping. So let's stop the capture so we can see what's going on. So the first thing to note is that the switch contacted the controller. The OpenFlow switch used the OpenFlow protocol to contact the controller, which in this case is the ODL controller. In the OpenFlow specification document, there is a section called OpenFlow Channel, section six, and it says the OpenFlow channel is the interface that connects each OpenFlow switch to a controller.
Through this interface, the controller configures and manages the switch, receives events from the switch, and sends packets out to the switch. Between the datapath and the datapath is an OpenFlow device, which could be a switch, a router, or a load balancer, but I'm gonna use the term switch. And the OpenFlow channel, the interface implementation is specific. However, all OpenFlow channel messages must be formatted according to the OpenFlow protocol.
They say here that it's usually encrypted using TLS, even though in a lot of real-world implementations, that's not necessarily true, but can run directly over TCP. So in this example, the switch with IP address 192.168.56.55, that's the IP address of the Mininet VM, has contacted 192.168.56.92, which is the ODL controller, and the message type is a hello message. So there's our source IP address and destination IP address.
Notice the source port is an ephemeral port or random port number, if you prefer, and the destination port is the OpenFlow port 6633. Now, in later releases of OpenFlow, the port number was changed to 6653, an IANA or Internet Assigned Numbers Authority port number, but in this version, OpenFlow 1.3.2, the port number is 6633. So the switch contacted the controller and said hello.
- OpenFlow theory
- OpenFlow messages
- Wireshark OpenFlow capture on Windows
- Benefits of multiple tables and TTPs
- Wireshark capture multipart request
- What happens when the SDN controller fails?