[ovs-discuss] How to make Open vSwitch kernel module drop all packet by default

Ben Pfaff blp at nicira.com
Wed Nov 2 14:39:29 UTC 2011


On Wed, Nov 02, 2011 at 03:20:51PM +0100, Voravit T. wrote:
> I noticed that by default the openvswitch kernel module will forward an
> incoming packet out on all ports.

Not true.  By default it forwards incoming packets to userspace.

> I tried to overwrite this by introducing a controller that should drop
> all packets.

OK.

> But I didn't get it to work. Could anyone please let me know what I
> missed here?
> 
> Below is how I setup my openvswitch and the controller:
> 
> insmod datapath/linux/openvswitch_mod.ko
> ovsdb-tool create /usr/local/etc/openvswitch/conf.db
> vswitchd/vswitch.ovsschema
> ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock
> --remote=db:Open_vSwitch,manager_options --pidfile --detach
> ovs-vsctl --no-wait init
> ovs-vswitchd --pidfile --detach
> ovs-vsctl add-br br0
> ovs-vsctl add-port br0 eth4
> ovs-vsctl add-port br0 eth5
> touch /usr/local/var/run/openvswitch/controller.sock

This "touch" isn't useful (though it doesn't hurt anything).

> ovs-controller --noflow --pidfile --detach
> punix:/usr/local/var/run/openvswitch/controller.sock

This tells ovs-controller to listen on
/usr/local/var/run/openvswitch/controller.sock.

> ovs-vsctl set-controller br0
> punix:/usr/local/var/run/openvswitch/controller.sock

This also tells ovs-vswitchd to listen on
/usr/local/var/run/openvswitch/controller.sock.  Not good: you need it
to connect to that socket.  So that's "unix:" instead of "punix:".  (If
you'd read the ovs-vswitchd log messages you'd have seen the problem.)

Unless you're using a very new ovs-vswitchd, though, you'll have to use
a tcp connection to localhost instead.



More information about the discuss mailing list