Turn Routing into Switching: OpenFlow Tricks to Simplify Cross‑Subnet Traffic

Preface

Familiar with this Cisco device? It’s one of the oldest routers, dating back to the 1980s. While routing and switching technologies have evolved, some fundamentals still shine in noisy data‑centers, offering valuable insight for engineers.

Traditional Routing and Switching

Routing forwards packets between different subnets based on IP routes, while switching forwards frames within the same subnet using MAC addresses. The article details the perspectives of PCs, switches, and routers for both processes.

OpenFlow Emergence

When OpenFlow appeared, routers and switches became unified forwarding devices that rely on flow tables. A sample flow‑table dump from OVS is shown below.

root@ubuntu:~# ovs-ofctl dump-flows br2
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=16080.313s, table=0, n_packets=1, n_bytes=42, idle_age=15691, priority=200,arp,arp_tpa=2.2.2.0/24 actions=output:100
cookie=0x0, duration=15964.186s, table=0, n_packets=1, n_bytes=42, idle_age=15691, priority=100,arp,arp_tpa=1.1.1.0/24 actions=output:1
cookie=0x0, duration=15985.113s, table=0, n_packets=5, n_bytes=490, idle_age=15692, priority=200,icmp,nw_dst=2.2.2.0/24 actions=output:100
cookie=0x0, duration=15802.910s, table=0, n_packets=5, n_bytes=490, idle_age=15692, priority=100,icmp,nw_dst=1.1.1.0/24 actions=output:1

These flow entries replace traditional MAC and routing tables.

Implementing a Pure Switching Bridge

Configuring OVS in Secure mode yields no flow entries. Adding a few ARP/ICMP flows turns it into a functional Layer‑2 switch that can ping across subnets.

To give OVS router‑like capabilities, additional steps are required:

Provide a gateway‑like device to answer ARP requests (either the automatically created OVS device or a dedicated one).

Modify source and destination MAC addresses and decrement the IP packet TTL at each hop, because routing is hop‑by‑hop.

All‑Switch World

In an OpenFlow world every device is a forwarder. The goal is to replace cross‑subnet routing with ordinary Layer‑2 forwarding, which is achievable.

Practical Example

The first problem is eliminating the gateway ARP request. On Linux this is solved with a single command:

root@ubuntu:~# ip route add 0.0.0.0/0 dev eth0 scope link

Setting arp_ignore to 0 or 1 ensures the host can ARP directly for the destination address without involving a next‑hop gateway.

Because the link route allows ARP for the target address, the host obtains the destination MAC directly, eliminating the need to rewrite MAC addresses at the final hop.

TTL handling is simple: add dec_ttl(1) to the flow actions so each hop automatically decrements TTL.

By configuring appropriate ARP and service flows on the OVS bridges at both ends, cross‑subnet traffic can be switched as if it were on the same LAN.

Little Tips

The same technique can reverse the conversion, turning Layer‑2 traffic into routed traffic when needed, by adding specific static routes on the hosts.

Ultimately, switches should handle Layer‑2 forwarding while routing logic can be distributed elsewhere.

— END —