On Fri, Jul 08, 2011 at 02:18:42PM +0900, Romain Lenglet wrote:
> On Thu, Jul 7, 2011 at 11:44 PM, Ben Pfaff <b...@nicira.com> wrote:
>
> > On Thu, Jul 07, 2011 at 06:36:32PM +0900, Tamura, Yoshiaki wrote:
> > > I've been playing around with OVS 1.1 and have a question regarding
> > > emergency mode specified in OpenFlow 1.0.
> >
> > OVS doesn't support that mode.
>
> Well, the problem that Yoshi is reporting is that OVS kind of supports an
> emergency mode (which should be supported per OpenFlow 1.0.0), in that it
> drops all normal flows when the controller is disconnected, but only in
> "standalone" mode, and not in "secure" mode.
> Why that difference in behavior between the "standalone" and "secure" modes?
That difference is essentially the definition of "standalone" and
"secure" modes. In "standalone" mode, the switch acts like a regular
switch when the controller is disconnected. In "secure" mode, it
retains the flow table contents.
> Since OVS doesn't support flows with the EMERG flag set, there is no way to
> configure an OVS switch to drop all traffic when the controller is
> disconnected. Could you please give us a hint on how to achieve that with
> the current OVS?
It doesn't have a mode to do that.
> Currently, the only solution we found is patching OVS to remove the "&&
> mgr->fail_mode == OFPROTO_FAIL_STANDALONE" in the test in connmgr.c.
> What you accept such a patch?
You mean, in the code quoted below? I don't see how that would
accomplish what you want. You say that you want to drop all traffic
when the controller is disconnected, but this code sets up a flow that
switches all traffic.
/* If there are no controllers and we're in standalone mode, set up a flow
* that matches every packet and directs them to OFPP_NORMAL (which goes to
* us). Otherwise, the switch is in secure mode and we won't pass any
* traffic until a controller has been defined and it tells us to do so. */
if (!connmgr_has_controllers(mgr)
&& mgr->fail_mode == OFPROTO_FAIL_STANDALONE) {
union ofp_action action;
struct cls_rule rule;
memset(&action, 0, sizeof action);
action.type = htons(OFPAT_OUTPUT);
action.output.len = htons(sizeof action);
action.output.port = htons(OFPP_NORMAL);
cls_rule_init_catchall(&rule, 0);
ofproto_add_flow(mgr->ofproto, &rule, &action, 1);
}
You could add a configuration option that specifies what happens when
a secure-mode bridge loses the connection to its controller. A patch
that adds a setting like that should be simple and I expect that we'd
accept it.
The other approach would be to implement the emergency flow cache.
This would be a much bigger job and I wouldn't recommend taking this
path. Justin had real objections to the emergency flow cache
definition in the OpenFlow spec when it was proposed. I don't recall
all the details, but I do remember that the emergency flow cache was
underspecified. We'd probably have to invent our own interpretations
in a number of places.
The emergency flow cache was deleted from OpenFlow 1.1. It was only
retained in OpenFlow 1.0, if I recall correctly, to get the spec out
the door on schedule.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
