[ovs-dev] [PATCH] vswitch.xml: Suggest secure fail-mode to avoid loops with multiple uplinks.

Ben Pfaff blp at nicira.com
Wed May 16 19:44:51 UTC 2012


On Tue, May 15, 2012 at 08:30:48AM -0700, Rob Sherwood wrote:
> On Mon, May 14, 2012 at 9:23 PM, Justin Pettit <jpettit at nicira.com> wrote:
> > Looks good to me.
> >
> > I wasn't volunteering that we'd change the default.  There was a suggestion that OpenFlow 1.0.1 forbid standalone support.  I said that we would most likely not follow that, since not only do we support that mode, it's our default.  I suggested we might be open to changing the default, but I'd check to see what other's thought.
> 
> Just fwiw, I too think it's a bad idea to forbid standalone support,
> which is particularly useful for a vswitch.
> 
> Per the conversation with Ben, my concern is the default being "melt
> down the network if the switch has topology loops".  There are a
> number of possible solution to this including (1) make fail-secure the
> default, (2) enable STP by default, or (3), the thing that I think
> makes most sense, is to encourage hardware folks (who much more
> commonly have networks with loops) porting OVS to consider fail-secure
> as their default and leave the vswitch-targeted software (which rarely
> has more than one uplink) fail-standalone.  Ben's documentation change
> is IMHO a great step in that direction; I would only consider adding a
> note to the effect of "if you're porting OVS to a hardware box, this
> may especially apply to you".
> 
> Does that make sense?

It makes sense.  I sent out a patch.  Please review it, if you have a
few minutes.



More information about the dev mailing list