[ovs-discuss] "local" flow match rules + a controller

Justin Pettit jpettit at nicira.com
Wed Oct 6 07:54:27 UTC 2010


Hi, Dave.  You are correct that the controller "owns" all the rules on the switch.  (Technically, there are exceptions to this, but that's a road I wouldn't recommend going down.)  It is up to the controller/application to decide how to handle existing flows, but all the ones I know of wipe the existing flows on OpenFlow connection establishment.  (It's kind of a nightmare to debug a controller app otherwise.)

Would a proxy, generic port forwarding application, or IP tables rules work for you?  I would think any of those would do the job you want and not interfere with any OpenFlow controllers.  (Unless, of course, it's specifically dropping those flows, which is probably a configuration problem anyway.)

We should be able to come up with a solution that works for you, so let me know if none of those suggestions seems appropriate.

--Justin

(I don't know how this became such a parenthetical message.)


On Oct 5, 2010, at 7:31 AM, Dave Scott wrote:

> Hi,
> 
> I'm currently exploring ways of moving parts of XenServer/XCP's domain0 into helper domains and I think the openvswitch may be able to help. FYI here's the kind of thing I'm thinking of:
> 
> * Client sends HTTP request to domain0's management IP (call this M)
> * xapi binds a random local port on the management IP (call this P)
> * xapi boots up a helper domain, tells it to listen on M:P
> * xapi uses openflow (or ovs-ofctl) to program the local openvswitch to redirect TCP traffic to M:P to the helper domain's switch port, while translating the MACs using mod_dl_{src,dst}
> * xapi issues an HTTP 302 redirect to M:P
> 
> Although sharing the management IP between two domains is a bit hacky :) it's nice not to require the admin to configure a means for xapi to allocate IP addresses for all its non-domain0 children.
> 
> Apart from comments on the general (in)sanity (which I'm also interested in), I'm curious about how connecting a controller would affect this scheme. My understanding is that the controller "owns" all the rules in the lower switches: would a controller always wipe out these "local" rules I've added, or does that just depend on the controller? Is there any general way to prevent a controller doing that, for some small subset of the rules?
> 
> Any comments appreciated.
> 
> Cheers,
> Dave
> 
> 
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss_openvswitch.org





More information about the discuss mailing list