The decoupled system in SDN (and OpenFlow) can be compared to an application program and an operating system in a computing platform. In SDN, the controller (that is, the network operating system) provides a programmatic interface to the network, where applications can be written to perform the control and management of tasks and offer new functionalities. A layered view of this model is illustrated in the following diagram. This view assumes that the control is centralized and applications are written as if the network is a single system. While this simplifies policy enforcement and management tasks, the bindings must be closely maintained between the control and the network forwarding elements.

As shown in the following diagram, a controller that strives to act as a network operating system must implement at least two interfaces: a SOUTHBOUND INTERFACE (for example, OpenFlow) that allows switches to communicate with the controller and a NORTHBOUND INTERFACE that presents a programmable API to network control and high-level policy applications/services. HEADER FIELDS (match fields) are shown in the following figure. Each entry of the flow table contains a specific value, or any other value (* or wildcard, as depicted in the following diagram), which matches any value:

If the switch supports subnet masks on the IP source and/or destination fields, these can more precisely specify matches. The port field (or ingress port) numerically represents the incoming port of the switch and starts at 1. The length of this field is implementation-dependent. The ingress port field is applied to all packets. The source and destination MAC (Ethernet) addresses are applied to all packets on enabled ports of the switch, and their length is 48 bits. The Ethernet type field is 16-bits wide and is applicable to all the packets on enabled ports. An OpenFlow switch must match the type in both standard Ethernet and IEEE 802.2 with a Subnetwork Access Protocol (SNAP) header and Organizationally Unique Identifier (OUI) of 0x000000 (for more information, visit https://en.wikipedia.org/wiki/Organizationally_unique_identifier). The special value of 0x05FF is used to match all the 802.3 packets without SNAP headers. The VLAN ID is applicable to all packets with the Ethernet type of 0x8100.

The size of this field is 12 bits (that is, 4096 VLANs). The VLAN priority (or the VLAN PCP field) is 3-bits wide and is applicable to all packets of Ethernet type 0x8100. The IP source and destination address fields are 32-bit entities and are applicable to all IP and ARP packets. These fields can be masked with a subnet mask. The IP protocol field is applicable to all IP, IP over Ethernet, and ARP packets. Its length is 8 bits, and in case of ARP packets, only the lower 8 bits of the ARP opcode are used. The IP Type of Service (ToS) bits has a length of 6 bits and is applicable to all IP packets. It specifies an 8-bit value and places ToS in the upper 6 bits. The source and destination transport port addresses (or ICMP type/code) have a length of 16 bits and are applicable to all TCP, UDP, and ICMP packets. In case of the ICMP type/code, only the lower 8 bits are considered for matching.