1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
# This is a POSIX shell fragment -*- sh -*-
# To configure the secure channel, fill in the following properly and
# uncomment them. Afterward, the secure channel will come up
# automatically at boot time. It can be started immediately with
# /etc/init.d/openvswitch-switch start
# Alternatively, use the ovs-switch-setup program (from the
# openvswitch-switch-config package) to do everything automatically.
# NETDEVS: Which network devices should the OpenFlow switch include?
#
# List the network devices that should become part of the OpenFlow
# switch, separated by spaces. At least two devices must be selected
# for this machine to be a useful switch. Unselecting all network
# devices will disable the OpenFlow switch entirely.
#
# The network devices that you select should not be configured with IP
# or IPv6 addresses, even if the switch contacts the controller over
# one of the selected network devices. This is because a running
# Open vSwitch switch takes over network devices at a low level: they
# become part of the switch and cannot be used for other purposes.
#NETDEVS=""
# MODE: The OpenFlow switch has three modes that determine how it
# reaches the controller:
#
# * in-band with discovery: A single network is used for OpenFlow
# traffic and other data traffic; that is, the switch contacts the
# controller over one of the network devices selected as OpenFlow
# switch ports. The switch automatically determines the location of
# the controller using a DHCP request with an OpenFlow-specific
# vendor option. This is the most common case.
#
# * in-band: As above, but the location of the controller is manually
# configured.
#
# * out-of-band: OpenFlow traffic uses a network separate from the
# data traffic that it controls. If this is the case, the control
# network must already be configured on a network device other than
# one of those selected as an Open vSwitch switch port in the previous
# question.
#
# Set MODE to 'discovery', 'in-band', or 'out-of-band' for these
# respective cases.
MODE=discovery
# SWITCH_IP: In 'in-band' mode, the switch's IP address may be
# configured statically or dynamically:
#
# * For static configuration, specify the switch's IP address as a
# string. In this case you may also set SWITCH_NETMASK and
# SWITCH_GATEWAY appropriately (see below).
#
# * For dynamic configuration with DHCP (the most common case),
# specify "dhcp". Configuration with DHCP will only work reliably
# if the network topology allows the switch to contact the DHCP
# server before it connects to the OpenFlow controller.
#
# This setting has no effect unless MODE is set to 'in-band'.
SWITCH_IP=dhcp
# SWITCH_NETMASK: IP netmask to use in 'in-band' mode when the switch
# IP address is not 'dhcp'.
#SWITCH_NETMASK=255.255.255.0
# SWITCH_GATEWAY: IP gateway to use in 'in-band' mode when the switch
# IP address is not 'dhcp'.
#SWITCH_GATEWAY=192.168.1.1
# CONTROLLER: Location of controller.
# One of the following formats:
# tcp:HOST[:PORT] via TCP to PORT (default: 6633) on HOST
# ssl:HOST[:PORT] via SSL to PORT (default: 6633) on HOST
# The default below assumes that the controller is running locally.
# This setting has no effect when MODE is set to 'discovery'.
#CONTROLLER="tcp:127.0.0.1"
# PRIVKEY: Name of file containing switch's private key.
# Required if SSL enabled.
#PRIVKEY=/etc/openvswitch-switch/of0-privkey.pem
# CERT: Name of file containing certificate for private key.
# Required if SSL enabled.
#CERT=/etc/openvswitch-switch/of0-cert.pem
# CACERT: Name of file containing controller CA certificate.
# Required if SSL enabled.
#CACERT=/etc/openvswitch-switch/cacert.pem
# CACERT_MODE: Two modes are available:
#
# * secure: The controller CA certificate named in CACERT above must exist.
# (You must copy it manually from the PKI server or another trusted source.)
#
# * bootstrap: If the controller CA certificate named in CACERT above does
# not exist, the switch will obtain it from the controller the first time
# it connects and save a copy to the file named in CACERT. This is insecure,
# in the same way that initial connections with ssh are insecure, but
# it is convenient.
#
# Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases.
#CACERT_MODE=secure
# MGMT_VCONNS: List of vconns (space-separated) on which secchan
# should listen for management connections from ovs-ofctl, etc.
# openvswitch-switchui by default connects to
# unix:/var/run/secchan.mgmt, so do not disable this if you want to
# use openvswitch-switchui.
MGMT_VCONNS="punix:/var/run/secchan.mgmt"
# COMMANDS: Access control list for the commands that can be executed
# remotely over the OpenFlow protocol, as a comma-separated list of
# shell glob patterns. Negative patterns (beginning with !) act as a
# blacklist. To be executable, a command name must match one positive
# pattern and not match any negative patterns.
#COMMANDS="reboot,update"
# DISCONNECTED_MODE: Switch behavior when attempts to connect to the
# controller repeatedly fail, either 'switch', to act as an L2 switch
# in this case, or 'drop', to drop all packets (except those necessary
# to connect to the controller). If unset, the default is 'drop'.
#DISCONNECTED_MODE=switch
# STP: Enable or disabled 802.1D-1998 Spanning Tree Protocol. Set to
# 'yes' to enable STP, 'no' to disable it. If unset, secchan's
# current default is 'no' (but this may change in the future).
#STP=no
# RATE_LIMIT: Maximum number of received frames, that do not match any
# existing switch flow, to forward up to the controller per second.
# The valid range is 100 and up. If unset, this rate will not be
# limited.
#RATE_LIMIT=1000
# INACTIVITY_PROBE: The maximum number of seconds of inactivity on the
# controller connection before secchan sends an inactivity probe
# message to the controller. The valid range is 5 and up. If unset,
# secchan defaults to 15 seconds.
#INACTIVITY_PROBE=5
# MAX_BACKOFF: The maximum time that secchan will wait between
# attempts to connect to the controller. The valid range is 1 and up.
# If unset, secchan defaults to 15 seconds.
#MAX_BACKOFF=15
# DAEMON_OPTS: Additional options to pass to secchan, e.g. "--fail=open"
DAEMON_OPTS=""
# CORE_LIMIT: Maximum size for core dumps.
#
# Leaving this unset will use the system default. Setting it to 0
# will disable core dumps. Setting it to "unlimited" will dump all
# core files regardless of size.
#CORE_LIMIT=unlimited
# DATAPATH_ID: Identifier for this switch.
#
# By default, the switch checks if the DMI System UUID contains a Nicira
# mac address to use as a datapath ID. If not, then the switch generates
# a new, random datapath ID every time it starts up. By setting this
# value, the supplied datapath ID will always be used.
#
# Set DATAPATH_ID to a MAC address in the form XX:XX:XX:XX:XX:XX where each
# X is a hexadecimal digit (0-9 or a-f).
#DATAPATH_ID=XX:XX:XX:XX:XX:XX
|
