[ovs-dev] [ovs-discuss] [ACLv2 02/19] ofproto: Add ofproto_get_flow_stats functions.

Ben Pfaff blp at nicira.com
Fri Sep 4 22:12:33 UTC 2009

Jesse Gross <jesse at nicira.com> writes:

> Ben Pfaff wrote:
>> By the way, although this is something that I could find out for
>> myself, what happens when a switch that has a configured
>> controller goes into fail-open mode?  Do any configured ACLs go
>> into effect at that point?  Would it make sense for them to do
>> so?
> Currently, if a bridge has a controller configured it will disable
> ACL's, independent of the state of that controller.  It probably makes
> sense to turn them on if fail open goes into effect.  It would give
> administrators much finer grained control beyond just fail-open and
> fail-secure.
> I don't think that it would be too confusing to have ACL's suddenly
> spring in to effect in this situation.

I guess what I had in mind was that the controller would
configure the ACLs to be similar to the access-control policy
that the controller itself is enforcing, giving continuity over
the access-control policy should the controller become

I hope it wouldn't be confusing.

More information about the dev mailing list