Floodlight Applications
The Floodlight Open SDN Controller is intended to be a platform for a wide variety of useful networking applications. Please review the applications docs for details on how to run and configure the various applications.
Applications are the main focus of Floodlight development, because they represent solutions to real-worlds networking problems.
Have an idea for a new app? Please send it to floodlight-dev@openflowhub.org.
OpenStack Quantum Plug-in (REST Proxy)
Floodlight can be run as network backend for OpenStack using a Quantum plugin. Quantum exposes a networking-as-a-service model via a REST API that Floodlight has implemented. There are two main components to this solution: a VirtualNetworkFilter module in Floodlight (that implements the Quantum API) and the Quantum RestProxy plugin that connects Floodlight to Quantum.
Connect Floodlight to OpenStack is a two-step process:
- Run the REST Proxy Plug-in on the Quantum server. The RestProxy plugin was designed to run as part of OpenStack’s Quantum service. If you are unfamiliar with Quantum, it is recommended you read the wiki and Administrator’s Guide to understand how to install and configure the plugin.
- Enable the Virtual Network Filter in Floodlight. This is the module that implements MAC-based layer 2 network isolation in OpenFlow networks and exposed via a REST API. This module is included in Floodlight by default and does not depend on Quantum or OpenStack to be running. The VirtualNetworkFilter can be activated via a configuration file change.
CircuitPusher
Circuit Pusher utilizes floodlight rest APIs to create a bidirectional circuit, i.e., permanent flow entry, on all switches in route between two devices based on IP addresses with specified priority.
Static Flow Pusher
Static Flow Pusher is a Floodlight module, exposed via REST API, that allows a user to manually insert flows into an OpenFlow network.
Virtual Network (Filter)
The VirtualNetworkFilter module is simple layer 2 (MAC) based network virtualization. This allows you to create multiple logical layer 2 networks in a single layer 2 domain. This module can be used standalone, or as a back-end for OpenStack Quantum.
Firewall
The Firewall application has been implemented as a Floodlight Module that enforces ACL rules (Access Control List) on OpenFlow enabled switches in the network using flows and by monitoring packet-in behavior. ACL rules here are just sets of conditions that permit or allow or deny a traffic flow at its ingress switch.
Each packet-in triggered by the first packet(s) of a traffic flow is matched against the set of existing firewall rules. Firewall rules are sorted based on assigned priorities and are matched against the PacketIn’s header fields as defined in OFMatch (as of OpenFlow Standard 1.0). The highest priority matching firewall rule determines the action (allow/deny) of the flow. Wildcards can be used as defined in OFMatch.
Forwarding
Forwarding will forward packets between two devices. Since Floodlight is designed to work in networks that contain both OpenFlow and non-OpenFlow switches Forwarding has to take this into account. The algorithm will find all OpenFlow islands that have device attachment points for both the source and destination devices. FlowMods will then be installed along the shortest path for the flow. If a PacketIn is received is received on an island and there is no attachment point for the device on that island the packet will be flooded.