Sunday, April 30, 2017

FAUCET conference 10/18 to 10/20 2017 survey

We are looking at planning the first FAUCET conference, focusing on building and running FAUCET enterprise networks. If you're interested in attending, please let us know!

Tuesday, April 25, 2017

design pattern - labels as metadata

FAUCET now allows you to push, via the ACL language, multiple VLAN headers.

    - rule:
        dl_dst: "01:02:03:04:05:06"
                dl_dst: "06:06:06:06:06:06"
                vlan_vids: [123, 456]
                port: acloutport
See for caveats.

Why is this useful? Apart from being a tunneling mechanism, it also allows you add metadata to a packet for a downstream NFV application. For example, you might push an additional VLAN header onto a packet, based on an ACL entry that identifies a particular user or application known to match the ACL conditions.

In particular, you could also push a VLAN representing the input port number, on top of another header that tells you the input VLAN. For example, an ACL could tag a packet on untagged VLAN 100, on port 2, with VLAN 100, then VLAN 2 (so that a "mirroring" application can know what VLAN and port the packet came from).

In the future, FAUCET will make more use of this design pattern as an alternative to packet in. It will be able to alternatively use PBB or MPLS labels in a similar way.

Testing the CPN (and TLS support)

Unit testing the dataplane is important, but so is testing control plane connectivity.

FAUCET now supports, when testing hardware, that TLS can be used by FAUCET to secure the OpenFlow connection to the switch.

To configure FAUCET for TLS, follow the Ryu instructions at

To test that it works with your hardware, see the the new TLS fields in

There will be additional control plane testing added to the FAUCET test suite over time.