[ovs-dev] [CCC 3/3] vswitchd: Don't act as learning switch in secure mode with no controllers
Justin Pettit
jpettit at nicira.com
Fri Jul 16 07:10:25 UTC 2010
Don't act as a learning switch when the fail-mode is "secure" and no
controllers are defined. This allows the bridge to come up in a state
where it won't pass any traffic until a controller has told it to do so.
Note that "secure" means that it won't add a rule to do normal
processing, but it doesn't flush any existing flows.
---
ofproto/ofproto.c | 6 ++++++
ofproto/ofproto.h | 1 +
vswitchd/bridge.c | 21 +++++++++++++--------
vswitchd/vswitch.xml | 5 +++--
4 files changed, 23 insertions(+), 10 deletions(-)
diff --git a/ofproto/ofproto.c b/ofproto/ofproto.c
index 44daabf..28c1b8d 100644
--- a/ofproto/ofproto.c
+++ b/ofproto/ofproto.c
@@ -883,6 +883,12 @@ ofproto_has_controller(const struct ofproto *ofproto)
return !hmap_is_empty(&ofproto->controllers);
}
+enum ofproto_fail_mode
+ofproto_get_fail_mode(struct ofproto *p)
+{
+ return p->fail_mode;
+}
+
void
ofproto_get_listeners(const struct ofproto *ofproto, struct svec *listeners)
{
diff --git a/ofproto/ofproto.h b/ofproto/ofproto.h
index 56c54f5..0a9164e 100644
--- a/ofproto/ofproto.h
+++ b/ofproto/ofproto.h
@@ -121,6 +121,7 @@ int ofproto_set_stp(struct ofproto *, bool enable_stp);
/* Configuration querying. */
uint64_t ofproto_get_datapath_id(const struct ofproto *);
bool ofproto_has_controller(const struct ofproto *);
+enum ofproto_fail_mode ofproto_get_fail_mode(struct ofproto *);
void ofproto_get_listeners(const struct ofproto *, struct svec *);
void ofproto_get_snoops(const struct ofproto *, struct svec *);
void ofproto_get_all_flows(struct ofproto *p, struct ds *);
diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c
index fad9b01..4116424 100644
--- a/vswitchd/bridge.c
+++ b/vswitchd/bridge.c
@@ -1553,14 +1553,19 @@ bridge_reconfigure_remotes(struct bridge *br,
/* Clear out controllers. */
ofproto_set_controllers(br->ofproto, NULL, 0);
- /* Set up a flow that matches every packet and directs them to
- * OFPP_NORMAL (which goes to us). */
- memset(&action, 0, sizeof action);
- action.type = htons(OFPAT_OUTPUT);
- action.output.len = htons(sizeof action);
- action.output.port = htons(OFPP_NORMAL);
- memset(&flow, 0, sizeof flow);
- ofproto_add_flow(br->ofproto, &flow, OVSFW_ALL, 0, &action, 1, 0);
+ /* If there are no controllers and the bridge is in standalone
+ * mode, set up a flow that matches every packet and directs
+ * them to OFPP_NORMAL (which goes to us). Otherwise, the
+ * switch is in secure mode and we won't pass any traffic until
+ * a controller has been defined and it tells us to do so. */
+ if (ofproto_get_fail_mode(br->ofproto) == OFPROTO_FAIL_STANDALONE) {
+ memset(&action, 0, sizeof action);
+ action.type = htons(OFPAT_OUTPUT);
+ action.output.len = htons(sizeof action);
+ action.output.port = htons(OFPP_NORMAL);
+ memset(&flow, 0, sizeof flow);
+ ofproto_add_flow(br->ofproto, &flow, OVSFW_ALL, 0, &action, 1, 0);
+ }
} else {
struct ofproto_controller *ocs;
size_t i;
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index f5e010b..af85477 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -151,8 +151,9 @@
standalone behavior.</dd>
<dt><code>secure</code></dt>
<dd>Open vSwitch will not set up flows on its own when the
- controller connection fails. It will continue retry
- connecting to the controller forever.</dd>
+ controller connection fails or when no controllers are
+ defined. The bridge will continue to retry connecting to
+ any defined controllers forever.</dd>
</dl>
</p>
<p>If this value is unset, the default is implementation-specific.</p>
--
1.7.1
More information about the dev
mailing list