[ovs-discuss] How to make Open vSwitch kernel module drop all packet by default
blp at nicira.com
Wed Nov 2 14:39:29 UTC 2011
On Wed, Nov 02, 2011 at 03:20:51PM +0100, Voravit T. wrote:
> I noticed that by default the openvswitch kernel module will forward an
> incoming packet out on all ports.
Not true. By default it forwards incoming packets to userspace.
> I tried to overwrite this by introducing a controller that should drop
> all packets.
> But I didn't get it to work. Could anyone please let me know what I
> missed here?
> Below is how I setup my openvswitch and the controller:
> insmod datapath/linux/openvswitch_mod.ko
> ovsdb-tool create /usr/local/etc/openvswitch/conf.db
> ovsdb-server --remote=punix:/usr/local/var/run/openvswitch/db.sock
> --remote=db:Open_vSwitch,manager_options --pidfile --detach
> ovs-vsctl --no-wait init
> ovs-vswitchd --pidfile --detach
> ovs-vsctl add-br br0
> ovs-vsctl add-port br0 eth4
> ovs-vsctl add-port br0 eth5
> touch /usr/local/var/run/openvswitch/controller.sock
This "touch" isn't useful (though it doesn't hurt anything).
> ovs-controller --noflow --pidfile --detach
This tells ovs-controller to listen on
> ovs-vsctl set-controller br0
This also tells ovs-vswitchd to listen on
/usr/local/var/run/openvswitch/controller.sock. Not good: you need it
to connect to that socket. So that's "unix:" instead of "punix:". (If
you'd read the ovs-vswitchd log messages you'd have seen the problem.)
Unless you're using a very new ovs-vswitchd, though, you'll have to use
a tcp connection to localhost instead.
More information about the discuss