[ovs-dev] [PATCH] vswitch.xml: Suggest secure fail-mode to avoid loops with multiple uplinks.

Rob Sherwood rob.sherwood at bigswitch.com
Tue May 15 15:30:48 UTC 2012


On Mon, May 14, 2012 at 9:23 PM, Justin Pettit <jpettit at nicira.com> wrote:
> Looks good to me.
>
> I wasn't volunteering that we'd change the default.  There was a suggestion that OpenFlow 1.0.1 forbid standalone support.  I said that we would most likely not follow that, since not only do we support that mode, it's our default.  I suggested we might be open to changing the default, but I'd check to see what other's thought.

Just fwiw, I too think it's a bad idea to forbid standalone support,
which is particularly useful for a vswitch.

Per the conversation with Ben, my concern is the default being "melt
down the network if the switch has topology loops".  There are a
number of possible solution to this including (1) make fail-secure the
default, (2) enable STP by default, or (3), the thing that I think
makes most sense, is to encourage hardware folks (who much more
commonly have networks with loops) porting OVS to consider fail-secure
as their default and leave the vswitch-targeted software (which rarely
has more than one uplink) fail-standalone.  Ben's documentation change
is IMHO a great step in that direction; I would only consider adding a
note to the effect of "if you're porting OVS to a hardware box, this
may especially apply to you".

Does that make sense?

Hope this helps,

- Rob
.



More information about the dev mailing list