In computer networking, generalised forwarding is a mechanism done by routers to forward packets at an input port to the right output port. Here, many header fields can determine the action (not just based on the destination IP address). Many other actions are possible: including dropping, copying, modifying, and logging the packet (not just forwarding).
GF uses simple packet-handling rules:
- Match: pattern values in packet header fields.
- Actions: for the matched packet, we drop, forward, modify, matched packet or send it to a controller.
- Priority: to disambiguate overlapping patterns.
- Counters: number of bytes and packets.
In general, this allows us to have a simple form of “network programmability” for per-packet processing.
Specification
GF is done via OpenFlow.
So this match + action abstraction allows us to unify many different types of devices with a single specification. For example:
- As a router, it can match on the longest destination IP prefix, and forward out a link (action).
- As a firewall, it can match on IP addresses or port numbers, and permit or deny (action).
- As a switch, it can match on a destination MAC address, and forward or flood (action).
- As a NAT, it can match on an IP address and port, and rewrite it (action).
OpenFlow controllers allow us to orchestrate a table on a single machine, and apply its behaviour network-wide.