Open source SDN Controller for production networks

What is Faucet?

Faucet is an OpenFlow controller for multi-table OpenFlow 1.3 switches (including optional table features), that implements layer 2 switching, VLANs, ACLs, and layer 3 IPv4 and IPv6 routing, static and via BGP. The Openflow switch is deployed as a drop in replacement for a L2/L3 switch in the network to enable extra SDN based functionality.

Easy Installation, Upgrades

30seconds to a few minutes depending on the mode of installation: python pip install, OVF/ISO deploy or Docker. Once installed, edit the configuration file and start the controller to manage your switches.
Faster upgrades than non SDN (can upgrade controller in <1sec while network still runs and without rebooting the hardware) → Important with increasing number of zero day attacks

Network Operations

Much easier to automate and integrate configuration (YAML). Real-time time-series database integration for stats → Grafana dashboards. NoSQL database integration for flows.
"Push On Green": Built-in unit test framework for Mininet & Hardware

Control Plane Security

Switch-Controller connection on a dedicated port secured by TLS or 802.1AE MACSec. Faucet initally programs the switch with “default-deny” flows to drop all unknown traffic. Flows periodically timeout and are refreshed by the controller.Faucet implements expiry times on all flows. Forwarding will cease if no controller can be reached for a configurable period of time.
Switch can be configured for “fail-secure” (default) - keep forwarding and using currently programmed flows until they expire or “fail-standalone” - revert to being a non-programmable switch

Hardware Support

Any dataplane (Switch) supporting Openflow v1.3.x with multiple tables, group table and optional table features. Openflow pipeline is built on Faucet and pushed to switches. Vendor specific pipelines (ex. Broadcom's OFDPA) are not supported. Open vSwitch, Lagopous, HPE Aruba, Allied Telesis, Noviflow, Netronome, and Northbound Networks are some of the switch vendors supported.

SDN Configurability

Ability to configure learning (ex. Unicast flooding), Routing algorithms, ACLs, Policy Based Forwarding (PBF) based on OpenFlow matches, Stacking of switches (Fabric) and so on. This configurability is the biggest difference between a traditional switch with a SDN enabled one.

High Availability & Scalability

High Availability (HA) via Idempotency (make that same call repeatedly while producing the same result). No inter-controller configuration or communication required. 2+ Faucet instances with the same config are configured for the same switch (fabric) to enable HA.
Faucet minimizes PACKET_INs. Controller scaling is decoupled from switch scaling. Faucet controls a fabric of switches and programs intra-switch dataplane.


Get Started


$ sudo pip install faucet
$ sudo vi /etc/ryu/faucet/faucet.yaml
$ ryu-manager faucet.faucet


Documentation Blog


Faucet Workshop Tokyo - May 2018, Tokyo, Japan

Faucet Conference and Plugfest - October 2017, Berkeley, CA, USA


Faucet has been deployed in production around the world. Some of the sites include Open Networking Foundation, REANNZ, AARNet, ESNet, GEANT, GEANT HQ, Victoria University of Wellington, Allied Telesis, and WAND Group Waikato University.


Please subscrible to the appropriate mailing lists [ Announcements, Developers, Users ] to post your questions and feature requests. Use github Issue to post issues.

Get Connected