[ovs-dev] [PATCH 2/2] secchan: Better tolerate failing controller admission control in fail-open.
blp at nicira.com
Tue Sep 15 00:02:24 UTC 2009
Jesse Gross <jesse at nicira.com> writes:
> The code itself looks fine but I wonder if this is the best way to
> accomplish the goal. Essentially we want to ping the controller with
> a packet-in after connection to see if we passed admission control.
> This does that by forcing all flow setups to the controller and not
> removing the fail open rule until we get some kind of real response.
> Instead of doing this ping with real flow setups do you think it might
> be easier to synthesize a fake flow setup that acts purely as a ping?
That's a great idea. It would be much simpler.
Do you have an idea for a "harmless" packet to send though? I'm
concerned that we could send out a packet that either would
confuse the controller ("WTF is that? I don't know anything
about that MAC address!") or that it would just ignore and not
Here's a thought. When we're in in-band control mode we could
always synthesize a packet from the switch to the controller,
since we know that has to work properly. Maybe an ARP, or maybe
we could pick a protocol from the Nicira OUI.
I guess maybe the risk of the controller ignoring the packet
entirely is low, since that's a bad way to implement a
controller. Maybe we could then just pick a Nicira OUI protocol,
regardless of whether we're in-band, and using it as a probe
I'll work on this.
More information about the dev