[ovs-dev] OpenFlow 1.0 emergency mode supported?

Ben Pfaff blp at nicira.com
Fri Jul 8 17:17:26 UTC 2011 

On Fri, Jul 08, 2011 at 02:18:42PM +0900, Romain Lenglet wrote:
> On Thu, Jul 7, 2011 at 11:44 PM, Ben Pfaff <blp at nicira.com> wrote:
> 
> > On Thu, Jul 07, 2011 at 06:36:32PM +0900, Tamura, Yoshiaki wrote:
> > > I've been playing around with OVS 1.1 and have a question regarding
> > > emergency mode specified in OpenFlow 1.0.
> >
> > OVS doesn't support that mode.
> 
> Well, the problem that Yoshi is reporting is that OVS kind of supports an
> emergency mode (which should be supported per OpenFlow 1.0.0), in that it
> drops all normal flows when the controller is disconnected, but only in
> "standalone" mode, and not in "secure" mode.
> Why that difference in behavior between the "standalone" and "secure" modes?

That difference is essentially the definition of "standalone" and
"secure" modes.  In "standalone" mode, the switch acts like a regular
switch when the controller is disconnected.  In "secure" mode, it
retains the flow table contents.

> Since OVS doesn't support flows with the EMERG flag set, there is no way to
> configure an OVS switch to drop all traffic when the controller is
> disconnected. Could you please give us a hint on how to achieve that with
> the current OVS?

It doesn't have a mode to do that.

> Currently, the only solution we found is patching OVS to remove the "&&
> mgr->fail_mode == OFPROTO_FAIL_STANDALONE" in the test in connmgr.c.
> What you accept such a patch?

You mean, in the code quoted below?  I don't see how that would
accomplish what you want.  You say that you want to drop all traffic
when the controller is disconnected, but this code sets up a flow that
switches all traffic.

    /* If there are no controllers and we're in standalone mode, set up a flow
     * that matches every packet and directs them to OFPP_NORMAL (which goes to
     * us).  Otherwise, the switch is in secure mode and we won't pass any
     * traffic until a controller has been defined and it tells us to do so. */
    if (!connmgr_has_controllers(mgr)
        && mgr->fail_mode == OFPROTO_FAIL_STANDALONE) {
        union ofp_action action;
        struct cls_rule rule;

        memset(&action, 0, sizeof action);
        action.type = htons(OFPAT_OUTPUT);
        action.output.len = htons(sizeof action);
        action.output.port = htons(OFPP_NORMAL);
        cls_rule_init_catchall(&rule, 0);
        ofproto_add_flow(mgr->ofproto, &rule, &action, 1);
    }

You could add a configuration option that specifies what happens when
a secure-mode bridge loses the connection to its controller.  A patch
that adds a setting like that should be simple and I expect that we'd
accept it.

The other approach would be to implement the emergency flow cache.
This would be a much bigger job and I wouldn't recommend taking this
path.  Justin had real objections to the emergency flow cache
definition in the OpenFlow spec when it was proposed.  I don't recall
all the details, but I do remember that the emergency flow cache was
underspecified.  We'd probably have to invent our own interpretations
in a number of places.

The emergency flow cache was deleted from OpenFlow 1.1.  It was only
retained in OpenFlow 1.0, if I recall correctly, to get the spec out
the door on schedule.

More information about the dev mailing list