[ovs-dev] [ovs-discuss] [ACLv2 02/19] ofproto: Add ofproto_get_flow_stats functions.
Ben Pfaff
blp at nicira.com
Fri Sep 4 22:12:33 UTC 2009
Jesse Gross <jesse at nicira.com> writes:
> Ben Pfaff wrote:
>> By the way, although this is something that I could find out for
>> myself, what happens when a switch that has a configured
>> controller goes into fail-open mode? Do any configured ACLs go
>> into effect at that point? Would it make sense for them to do
>> so?
>>
>
> Currently, if a bridge has a controller configured it will disable
> ACL's, independent of the state of that controller. It probably makes
> sense to turn them on if fail open goes into effect. It would give
> administrators much finer grained control beyond just fail-open and
> fail-secure.
>
> I don't think that it would be too confusing to have ACL's suddenly
> spring in to effect in this situation.
I guess what I had in mind was that the controller would
configure the ACLs to be similar to the access-control policy
that the controller itself is enforcing, giving continuity over
the access-control policy should the controller become
inaccessible.
I hope it wouldn't be confusing.
More information about the dev
mailing list