Deployment Guide
18
4.3.2.2 VLAN Flow Table
The VLAN Flow Table is used for IEEE 801.Q VLAN assignment and filtering to specify how VLANs are to be
handled on a particular port. All packets must have an associated VLAN id in order to be processed by
subsequent tables. Packets that do not match any entry in the VLAN table are filtered, that is, dropped by
default. Note that IEEE defined BPDUs are always received untagged.
The VLAN Flow Table can optionally assign a nonzero VRF value to the packet based on the VLAN. OF-DPA
defines VRF as a new pipeline metadata field. The VRF defaults to zero if not set.
4.3.2.2.1 Match Criteria, Instructions, Actions/Action List/Action Set, Counters, Flow Expiry
The VLAN Flow Table supports the Flow Entry Types listed in Table 10. Flow entries are differentiated based
on IN_PORT, whether or not the packet was tagged, and the VLAN id in the tag.
OpenFlow has traditionally used a 16-bit field for VLAN id. Since only the low order 12 bits are needed to
express a VLAN id, OpenFlow has defined special values to indicate tagged and untagged packets. In
particular, the VLAN id 0x0000 (OFPVID_NONE, defined in the OpenFlow specification) is used to represent an
untagged packet, and 0x1000 (OFPVID_PRESENT) for a priority tagged packet. All tagged packets are
represented by VLAN id values between 0x1001 and 0x1FFE24 (OFPVID_PRESENT | VLAN id value). This
convention must be followed in programming rules from the controller. For further explanation consult the
OpenFlow 1.3.4 specification.
Note: DNOS-OF does not support matching packets just on whether or not they have a VLAN tag as
described in Table 13 of OpenFlow 1.3.4.
Note: At most two tags are supported. Entries in the OF-DPA VLAN Flow table are mutually exclusive. Any
explicit rule priority assignments are ignored.
Table 6: VLAN Flow Table Flow Entry Types
Type
Description
VLAN Filtering
Exact match on IN_PORT and VLAN_VID parsed from the packet. For tagged packets
with a VLAN tag containing a VLAN_VID greater than zero. Cannot be masked.
VLAN_VID cannot be used in a Port VLAN Assignment rule for untagged packets. The
only instruction is Goto-Table and must specify the Termination MAC Flow Table.
Tagged packets that do not match any rule are treated as VLAN_VIDs that are not
allowed on the port and are dropped. Can optionally assign a VRF for routed packets.
Untagged Packet
Port VLAN
Assignment
Exact match on IN_PORT and VLAN id == 0 (lower 12 bits of match field) value using
a mask value of 0x0fff (masks off OFPVID_PRESENT). Action set must assign a
VLAN_VID. The VLAN_VID value cannot be used in a VLAN Filtering rule. If the packet
does not have a VLAN tag, one will be pushed if necessary at packet egress. Rule
must have a Goto-Table instruction specifying the Termination MAC Flow Table.
Untagged packets are dropped if there is no port VLAN assignment rule. Can
optionally assign a VRF for routed packets.
Allow All VLANs
Wildcard VLAN match for a specific IN_PORT. Essentially turns off VLAN filtering
and/or assignment for a physical port. Must be lower priority than any overlapping
translation, filtering, MPLS, or VLAN assignment rule. Untagged packets that match
this rule will be assigned an illegal VLAN and may be subsequently dropped. Should
also define an L2 Unfiltered Interface group entry for the port.
VLAN Translate,
Single Tag, or
Single Tag to
Double Tag
Used to either modify the VLAN id on a single tagged packet, or to optionally modify
the VLAN id and then push another tag onto a single tagged packet. Can also
optionally assign a VRF for routed packets. By OpenFlow convention, the outermost
VLAN tag is matched independent of TPID.
Note: The untagged packet rule applies to both untagged packets, which match VLAN_VID = 0x1000, and
IEEE 802.1P priority tagged packets, which match VLAN_VID = 0x0000. However the VLAN-PCP match field will