[ovs-dev] [PATCH v2 3/3] secchan: Better tolerate failing controller admission control in fail-open.
blp at nicira.com
Wed Sep 16 21:29:10 UTC 2009
Peter Balland <peter at nicira.com> writes:
> As it is currently implemented (designed?), it is my understanding
> that the controller can assume that it controls the fate of any
> packets for which a packet_in is received. This commit appears to
> change that assumption, which may lead to problems for controllers
> trying to do some "weird" things. Consider a controller that wants to
> rewrite packets in software and send them back out. During the
> admittance window, the destination host may receive two packets: the
> original forwarded by the switch, and the forged packet generated by
> the controller from the packet_in message.
> Ben Pfaff wrote:
>> + * - We also send out OFPT_PACKET_IN messages for totally bogus packets
>> + * every so often, in case no real new flows are arriving in the network.
> I am bit uncomfortable with the forging of packets to determine
> controller admittance. Controllers performing accounting, anomaly
> detection, etc, would all need to be aware of such packets. While
> this complicated to do, it's one more thing to remember whenever
> dealing with packet_ins. A new message type explicitly for admittance
> detection would be cleaner and self-documenting.
Pete, you're completely right about this. I think that we can do
better than what this commit does, if we do some work on the NOX
What I really want to do right now is, then, this:
- Push this as-is.
- File a bug describing my thoughts on how to fix it
- Fix that bug later, either just in NOX or in OpenFlow
as a whole if we can get the consortium to agree.
Does that make sense, or do you think it should be fixed all at
(This is semi-urgent, because the current implementation of
fail-open appears to sometimes causes HA failures and thus host
reboots on XenServer.)
More information about the dev