[ovs-discuss] Secure mode

Aaron Rosen arosen at clemson.edu
Thu Aug 9 14:48:09 UTC 2012


man 5 ovs-vswitchd.conf.db

       fail_mode: optional string, either secure or standalone
              When a controller is configured, it is, ordinarily,
 responsible
              for setting up all flows on the switch.  Thus, if the
connection
              to the controller fails, no new network connections can  be
 set
              up.  If the connection to the controller stays down long
enough,
              no packets can pass through the switch  at  all.   This
 setting
              determines the switch's response to such a situation.  It may
be
              set to one of the following:

              standalone
                     If no message is received from the controller  for
 three
                     times   the   inactivity  probe  interval  (see
 inactiv-
                     ity_probe), then Open vSwitch will take over
responsibil-
                     ity  for  setting  up  flows.  In this mode, Open
vSwitch
                     causes the bridge to act like  an  ordinary
 MAC-learning
                     switch.   Open  vSwitch will continue to retry
connecting
                     to the controller in the background and, when the
connec-
                     tion  succeeds, it will discontinue its standalone
behav-
                     ior.

              *secure* Open vSwitch will not set up flows on its  own  when
 the
                     controller  connection  fails  or when no controllers
are
                     defined.  The bridge will continue to retry connecting
to
                     any defined controllers forever.

              If this value is unset, the default is
implementation-specific.

              When  more  than one controller is configured, fail_mode is
con-
              sidered only when none of the configured controllers can be
con-
              tacted.

              Changing  fail_mode  when  no primary controllers are
configured
              clears the flow table.


Aaron

On Thu, Aug 9, 2012 at 6:58 AM, <mvpbl_c at iol.pt> wrote:

> **
>
> Hello,
>
> Can someone explain me what "set-fail-mode secure"  does exactly. I think
> maybe is related to mac broadcast, but I'm not sure.
>
> Thanks in advanced,
> Regards,
> Marco
>
> _______________________________________________
> discuss mailing list
> discuss at openvswitch.org
> http://openvswitch.org/mailman/listinfo/discuss
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20120809/2c6d8e5c/attachment.html>


More information about the discuss mailing list