From a42226f0a5a08d78bb756954d191a7ab2ea75af4 Mon Sep 17 00:00:00 2001
From: Ben Pfaff <blp@nicira.com>
Date: Tue, 5 May 2015 17:19:48 -0700
Subject: ovs-architecture: Recommend disable-in-band=true for integration
 bridge.

Also implement in ovs-sandbox.

Signed-off-by: Ben Pfaff <blp@nicira.com>
Acked-by: Justin Pettit <jpettit@nicira.com>
---
 ovn/ovn-architecture.7.xml | 27 +++++++++++++++++++++++----
 tutorial/ovs-sandbox       |  3 ++-
 2 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/ovn/ovn-architecture.7.xml b/ovn/ovn-architecture.7.xml
index f0921410b..36732590e 100644
--- a/ovn/ovn-architecture.7.xml
+++ b/ovn/ovn-architecture.7.xml
@@ -243,12 +243,31 @@
   </p>
 
   <p>
-    The integration bridge must be configured with failure mode ``secure'' to
-    avoid switching packets between isolated logical networks before
-    <code>ovn-controller</code> starts up.  See <code>Controller Failure
-    Settings</code> in <code>ovs-vsctl</code>(8) for more information.
+    The integration bridge should be configured as described below.
+    The effect of each of these settings is documented in
+    <code>ovs-vswitchd.conf.db</code>(5):
   </p>
 
+  <dl>
+    <dt><code>fail-mode=secure</code></dt>
+    <dd>
+      Avoids switching packets between isolated logical networks before
+      <code>ovn-controller</code> starts up.  See <code>Controller Failure
+      Settings</code> in <code>ovs-vsctl</code>(8) for more information.
+    </dd>
+
+    <dt><code>other-config:disable-in-band=true</code></dt>
+    <dd>
+      Suppresses in-band control flows for the integration bridge.  It would be
+      unusual for such flows to show up anyway, because OVN uses a local
+      controller (over a Unix domain socket) instead of a remote controller.
+      It's possible, however, for some other bridge in the same system to have
+      an in-band remote controller, and in that case this suppresses the flows
+      that in-band control would ordinarily set up.  See <code>In-Band
+      Control</code> in <code>DESIGN.md</code> for more information.
+    </dd>
+  </dl>
+
   <p>
     The customary name for the integration bridge is <code>br-int</code>, but
     another name may be used.
diff --git a/tutorial/ovs-sandbox b/tutorial/ovs-sandbox
index f2ec0d5dc..e8339f264 100755
--- a/tutorial/ovs-sandbox
+++ b/tutorial/ovs-sandbox
@@ -291,7 +291,8 @@ if $ovn; then
     ovs-vsctl set open . external-ids:ovn-remote=unix:"$sandbox"/db.sock
     ovs-vsctl set open . external-ids:ovn-encap-type=geneve
     ovs-vsctl set open . external-ids:ovn-encap-ip=127.0.0.1
-    ovs-vsctl add-br br-int -- set bridge br-int fail-mode=secure
+    ovs-vsctl add-br br-int \
+        -- set bridge br-int fail-mode=secure other-config:disable-in-band=true
 
     rungdb $gdb_ovn_northd ovn-northd --detach --no-chdir --pidfile -vconsole:off --log-file
     rungdb $gdb_ovn_controller ovn-controller --detach --no-chdir --pidfile -vconsole:off --log-file
-- 
cgit v1.2.1