On Tue, May 22, 2012 at 9:16 AM, Adrian Lara <al...@cse.unl.edu> wrote:
> Hi! I´d like to use the OpenFlow controller to encrypt user data, but I > have a big confusion regarding what is exactly the content of the packet > sent from the switch to the controller when no match is found. > > Assuming that the switch receives an Ethernet frame, then this frame > contains layer 2 information as well as the IP packet and so on... > Of all this data, what is the data of the packetIn? > Normally, the entire contents of the packet are put in the packet-in message that is sent to the controller. You can configure most switches to send "the first X bytes" of the packet by setting miss_send_len in the switch config message, but this may only apply to "misses" in the flow table. > > I am aware that the packet that arrives to the controller contains ports > of layer 2 as well as mac addresses and layer 3 information. But is the > user payload there as well? > In other words, can I use the OpenFlow controller to encrypt the user > data? If this is not clear, another way to ask is... of all the bytes of > the packet data, what does each byte represent? > It is unlikely you would want to do encryption for data plane traffic at the controller without some kind of hardware acceleration, both for the encryption and for transferring the packet from the data plane to the control plane (the packet-in operation). You could certainly do it experimentally on a low bandwidth stream. You would need to evaluate the bandwidth available on the network connecting to the controller, and bear in mind that you'll be using 2x the data plane bandwidth you want to encrypt. Then make sure the added latency of doing the encryption this way won't interfere with the applications using the encrypted channel. Dan Talayco big switch networks
_______________________________________________ openflow-discuss mailing list openflow-discuss@lists.stanford.edu https://mailman.stanford.edu/mailman/listinfo/openflow-discuss
