[ovs-discuss] How to make Open vSwitch kernel module drop all packet by default
Ben Pfaff
blp at nicira.com
Wed Nov 2 15:27:09 UTC 2011
On Wed, Nov 02, 2011 at 03:57:53PM +0100, Voravit T. wrote:
> On 11/02/2011 03:39 PM, Ben Pfaff wrote:
> > On Wed, Nov 02, 2011 at 03:20:51PM +0100, Voravit T. wrote:
> >> I noticed that by default the openvswitch kernel module will forward an
> >> incoming packet out on all ports.
> > Not true. By default it forwards incoming packets to userspace.
> Thank you for your response.
> In my case, I noticed from ovs-dpctl for the incoming packet that the
> actions is 0,2.
> Does this mean that when there is no userspace controller, it will also
> forward out to other ports then?
Yes: by default, if there is no controller, or if the controller cannot
be contacted, then OVS acts as a MAC-learning Ethernet switch.
> >> touch /usr/local/var/run/openvswitch/controller.sock
> > This "touch" isn't useful (though it doesn't hurt anything).
> In my setup, if I didn't create the socket file beforehand, it will fail
> to start ovs-controller.
What error message do you get?
> >> ovs-controller --noflow --pidfile --detach
> >> punix:/usr/local/var/run/openvswitch/controller.sock
> > This tells ovs-controller to listen on
> > /usr/local/var/run/openvswitch/controller.sock.
> >
> >> ovs-vsctl set-controller br0
> >> punix:/usr/local/var/run/openvswitch/controller.sock
> > This also tells ovs-vswitchd to listen on
> > /usr/local/var/run/openvswitch/controller.sock. Not good: you need it
> > to connect to that socket. So that's "unix:" instead of "punix:". (If
> > you'd read the ovs-vswitchd log messages you'd have seen the problem.)
> My /usr/local/var/run/openvswitch/log folder is empty. I suppose I need
> to give explicit logging options to get a log file then.
You can use --log-file to enable logging to a file. Logs are also sent
by default to syslog.
More information about the discuss
mailing list