A data center wants to block a specific category of traffic across 500 switches. In a traditional network this requires logging into each switch. In an OpenFlow network, this operation is:
AIdentical — flow tables are stored locally on each switch and must still be updated individually
BImpossible — OpenFlow switches can only forward packets, not filter them
CAccomplished by pushing updated flow entries from a single controller to all affected switches simultaneously
DHandled automatically by the routing protocols once the controller updates its routing table
The controller has a global view and communicates with all switches via the OpenFlow protocol. Pushing a new flow entry (e.g., 'drop packets matching this pattern') to 500 switches is a single operation from the controller's perspective. This contrasts sharply with traditional networks where each device makes independent decisions and must be individually reconfigured. The controller's centralization is precisely what makes network-wide policy changes fast and consistent.
Question 2 Multiple Choice
A packet arrives at an OpenFlow switch and no matching flow entry is found in the flow table. What happens next?
AThe switch drops the packet to prevent unauthorized traffic from propagating
BThe switch forwards the packet using its built-in routing table as a fallback
CThe switch sends the packet (or a summary) to the controller, which decides what to do and installs a flow entry for future matching packets
DThe switch buffers the packet indefinitely until an operator manually configures a matching rule
Table-miss behavior is one of the most important aspects of OpenFlow. When no flow entry matches, the switch escalates to the controller rather than making an autonomous decision. The controller can then install a proactive flow entry so subsequent packets of the same flow are handled locally — without controller involvement. This reactive mode allows the network to handle unforeseen traffic, while proactive rules handle known patterns efficiently.
Question 3 True / False
OpenFlow enables network-wide traffic engineering by giving the controller global visibility into all link utilization — something impossible when each switch makes independent routing decisions.
TTrue
FFalse
Answer: True
Each traditional switch only knows its own links and neighbors; it builds routing tables from distributed protocol messages but never has a complete, up-to-date picture of the entire network. An SDN controller with OpenFlow receives topology information and statistics from every switch, giving it a real-time global view. This allows it to reroute flows away from congested paths — a global optimization that distributed protocols like OSPF, which minimize per-node cost, cannot easily perform.
Question 4 True / False
Deploying OpenFlow in a network eliminates the need for any routing protocols because the controller handles most path decisions.
TTrue
FFalse
Answer: False
OpenFlow replaces the forwarding decision mechanism in switches — it does not replace the entire routing protocol stack. The controller still needs information about network topology, reachability, and sometimes external routing (e.g., BGP for inter-domain routing). OpenFlow defines how the controller programs switch flow tables; it says nothing about how the controller itself discovers topology or makes routing decisions. A controller application may use traditional routing algorithms internally or run simplified discovery protocols.
Question 5 Short Answer
What is the control plane / data plane separation, and why does it enable network behaviors that traditional distributed routing protocols cannot easily achieve?
Think about your answer, then reveal below.
Model answer: The data plane is the packet-forwarding machinery — looking up a packet in a flow table and forwarding it to a port. The control plane is the decision-making logic — determining what rules the flow table should contain. In traditional networks, both live in every switch, and each device has only a local view. Separating them allows a single controller to have global visibility and make globally optimal decisions (like traffic engineering across the whole network) rather than each switch independently optimizing locally with incomplete information.
Traditional distributed protocols like OSPF compute shortest paths per-device. They cannot easily implement non-shortest-path routing, load balancing across multiple paths, or topology-wide security policies without complex extensions. A centralized controller with global state can compute optimal paths, push different rules to different switches simultaneously, and change the network's behavior in milliseconds — behaviors that require coordinating dozens of devices in traditional networks.