[ovs-dev] [ovs-discuss] [ACLv2 02/19] ofproto: Add ofproto_get_flow_stats functions.
Jesse Gross
jesse at nicira.com
Fri Sep 4 22:26:11 UTC 2009
Ben Pfaff wrote:
> Jesse Gross <jesse at nicira.com> writes:
>
>
>> Ben Pfaff wrote:
>>
>>> By the way, although this is something that I could find out for
>>> myself, what happens when a switch that has a configured
>>> controller goes into fail-open mode? Do any configured ACLs go
>>> into effect at that point? Would it make sense for them to do
>>> so?
>>>
>>>
>> Currently, if a bridge has a controller configured it will disable
>> ACL's, independent of the state of that controller. It probably makes
>> sense to turn them on if fail open goes into effect. It would give
>> administrators much finer grained control beyond just fail-open and
>> fail-secure.
>>
>> I don't think that it would be too confusing to have ACL's suddenly
>> spring in to effect in this situation.
>>
>
> I guess what I had in mind was that the controller would
> configure the ACLs to be similar to the access-control policy
> that the controller itself is enforcing, giving continuity over
> the access-control policy should the controller become
> inaccessible.
>
> I hope it wouldn't be confusing.
>
Sure, that makes sense. As an aside, a couple people have been asking
about pushing down ACL's in normal operation of the controller due to
the additional power that they provide.
More information about the dev
mailing list