Provided by: openvswitch-controller_2.0.1+git20140120-0ubuntu2_i386 bug

NAME

       ovs-controller - simple OpenFlow controller reference implementation

SYNOPSIS

       ovs-controller [options] method [method]...

DESCRIPTION

       ovs-controller  manages  any  number  of  remote switches over OpenFlow
       protocol, causing them to function as L2 MAC-learning switches or hub.

       ovs-controller controls one or more OpenFlow switches, specified as one
       or more of the following OpenFlow connection methods:

              pssl:[port][:ip]
                     Listens  for  OpenFlow  SSL connections on port (default:
                     6633).  The --private-key, --certificate,  and  --ca-cert
                     options  are  mandatory  when  this  form  is  used.   By
                     default, connections are not bound to a particular  local
                     IP  address,  but  ip may be specified to listen only for
                     connections to the given ip.

              ptcp:[port][:ip]
                     Listens for OpenFlow TCP connections  on  port  (default:
                     6633).   By  default,  connections  are  not  bound  to a
                     particular local IP address, but ip may be  specified  to
                     listen only for connections to the given ip.

              punix:file
                     Listens  for  OpenFlow  connections  on  the  Unix domain
                     server socket named file.

              ssl:ip[:port]
                     The specified SSL port (default: 6633) on the host at the
                     given ip, which must be expressed as an IP address (not a
                     DNS  name).   The   --private-key,   --certificate,   and
                     --ca-cert options are mandatory when this form is used.

              tcp:ip[:port]
                     The specified TCP port (default: 6633) on the host at the
                     given ip, which must be expressed as an IP address (not a
                     DNS name).

              unix:file
                     The Unix domain server socket named file.

OPTIONS

       -n
       --noflow
              By  default,  ovs-controller  sets  up  a  flow in each OpenFlow
              switch whenever it receives a packet whose destination is  known
              due  through  MAC learning.  This option disables flow setup, so
              that every packet in the network passes through the controller.

              This option is most useful for debugging.  It reduces  switching
              performance, so it should not be used in production.

       --max-idle=secs|permanent
              Sets  secs  as  the  number of seconds that a flow set up by the
              controller will remain in the switch's flow  table  without  any
              matching  packets  being seen.  If permanent is specified, which
              is not recommended, flows will never expire.  The default is  60
              seconds.

              This  option  has  no  effect  when  -n  (or --noflow) is in use
              (because the controller does not set up flows in that case).

       -H
       --hub  By default, the controller acts as an  L2  MAC-learning  switch.
              This  option  changes  its behavior to that of a hub that floods
              packets on all but the incoming port.

              If -H (or --hub) and -n (or --noflow) are  used  together,  then
              the  cumulative  effect  is that every packet passes through the
              controller and every packet is flooded.

              This option is most useful for debugging.  It reduces  switching
              performance, so it should not be used in production.

       -w[wildcard_mask]
       --wildcards[=wildcard_mask]
              By  default,  ovs-controller  sets  up  exact-match flows.  This
              option allows it to set up wildcarded flows,  which  may  reduce
              flow  setup latency by causing less traffic to be sent up to the
              controller.

              The optional wildcard_mask is an OpenFlow  wildcard  bitmask  in
              hexadecimal  that  specifies  the  fields  to  wildcard.   If no
              wildcard_mask is specified, the default value 0x2820F0  is  used
              which  specifies  L2-only  switching  and  wildcards  L3  and L4
              fields.  Another interesting value is 0x2000EC, which  specifies
              L3-only switching and wildcards L2 and L4 fields.

              This  option  has  no  effect  when  -n  (or --noflow) is in use
              (because the controller does not set up flows in that case).

       -N
       --normal
              By default, ovs-controller directs packets to a particular  port
              or  floods  them.   This  option causes it to direct non-flooded
              packets to the  OpenFlow  OFPP_NORMAL  port.   This  allows  the
              switch  itself  to  make  decisions  about  packet destinations.
              Support for OFPP_NORMAL is optional in OpenFlow, so this  option
              may not well with some non-Open vSwitch switches.

       --mute Prevents  ovs-controller  from replying to any OpenFlow messages
              sent to it by switches.

              This  option  is   only   for   debugging   the   Open   vSwitch
              implementation  of  ``fail  open'' mode.  It must not be used in
              production.

       -q id
       --queue=id
              By default, ovs-controller uses the default OpenFlow  queue  for
              sending packets and setting up flows.  Use one of these options,
              supplying id as an OpenFlow queue ID as  a  decimal  number,  to
              instead use that specific queue.

              This  option  is incompatible with -N or --normal and with -H or
              --hub.  If more than one is specified  then  this  option  takes
              precedence.

              This  option  may  be useful for testing or debugging quality of
              service setups.

       -Q port-name:queue-id

       --port-queue port-name:queue-id
              Configures packets received on the port  named  port-name  (e.g.
              eth0) to be output on OpenFlow queue ID queue-id (specified as a
              decimal number).  For the specified port, this option  overrides
              the default specified on -q or --queue.

              This  option may be specified any number of times with different
              port-name arguments.

              This option is incompatible with -N or --normal and with  -H  or
              --hub.   If  more  than  one is specified then this option takes
              precedence.

              This option may be useful for testing or  debugging  quality  of
              service setups.

       --with-flows file
              When  a  switch  connects, push the flow entries as described in
              file.  Each line in file is a flow entry in the format described
              for  the  add-flows  command  in  the Flow Syntax section of the
              ovs-ofctl(8) man page.

              Use this option more than once to add flows from multiple files.

   Public Key Infrastructure Options
       -p privkey.pem
       --private-key=privkey.pem
              Specifies  a  PEM  file  containing  the  private  key  used  as
              ovs-controller's identity for outgoing SSL connections.

       -c cert.pem
       --certificate=cert.pem
              Specifies a PEM file containing a certificate that certifies the
              private key specified on -p or --private-key to be  trustworthy.
              The certificate must be signed by the certificate authority (CA)
              that the peer in SSL connections will use to verify it.

       -C cacert.pem
       --ca-cert=cacert.pem
              Specifies  a  PEM  file  containing  the  CA  certificate   that
              ovs-controller should use to verify certificates presented to it
              by SSL peers.  (This may be the same certificate that SSL  peers
              use  to verify the certificate specified on -c or --certificate,
              or it may be a different one, depending on  the  PKI  design  in
              use.)

       -C none
       --ca-cert=none
              Disables  verification  of  certificates presented by SSL peers.
              This  introduces  a  security  risk,  because  it   means   that
              certificates  cannot  be  verified  to be those of known trusted
              hosts.

       --peer-ca-cert=peer-cacert.pem
              Specifies a PEM  file  that  contains  one  or  more  additional
              certificates  to  send  to SSL peers.  peer-cacert.pem should be
              the  CA  certificate   used   to   sign   ovs-controller's   own
              certificate,  that  is,  the  certificate  specified  on  -c  or
              --certificate.  If ovs-controller's certificate is  self-signed,
              then  --certificate  and  --peer-ca-cert should specify the same
              file.

              This option is not useful in normal operation, because  the  SSL
              peer  must  already have the CA certificate for the peer to have
              any confidence  in  ovs-controller's  identity.   However,  this
              offers  a  way  for  a  new  installation  to  bootstrap  the CA
              certificate on its first SSL connection.

       --pidfile[=pidfile]
              Causes a file (by default,  ovs-controller.pid)  to  be  created
              indicating  the  PID  of  the  running  process.  If the pidfile
              argument is not specified, or if it does not begin with /,  then
              it is created in /var/run/openvswitch.

              If --pidfile is not specified, no pidfile is created.

       --overwrite-pidfile
              By  default,  when  --pidfile  is  specified  and  the specified
              pidfile already exists and  is  locked  by  a  running  process,
              ovs-controller refuses to start.  Specify --overwrite-pidfile to
              cause it to instead overwrite the pidfile.

              When --pidfile is not specified, this option has no effect.

       --detach
              Causes ovs-controller  to  detach  itself  from  the  foreground
              session and run as a background process.

       --monitor
              Creates  an  additional  process  to  monitor the ovs-controller
              daemon.  If the daemon dies due to a  signal  that  indicates  a
              programming  error  (e.g.  SIGSEGV,  SIGABRT),  then the monitor
              process starts a new copy of it.  If the daemon die or exits for
              another reason, the monitor process exits.

              This  option  is  normally  used  with  --detach,  but  it  also
              functions without it.

       --no-chdir
              By default, when --detach is specified,  ovs-controller  changes
              its  current  working  directory  to the root directory after it
              detaches.  Otherwise, invoking ovs-controller from a  carelessly
              chosen directory would prevent the administrator from unmounting
              the file system that holds that directory.

              Specifying  --no-chdir  suppresses  this  behavior,   preventing
              ovs-controller  from  changing  its  current  working directory.
              This may be useful for collecting core files, since it is common
              behavior  to write core dumps into the current working directory
              and the root directory is not a good directory to use.

              This option has no effect when --detach is not specified.

       -v[spec]
       --verbose=[spec]
              Sets logging levels.  Without any spec, sets the log  level  for
              every  module and facility to dbg.  Otherwise, spec is a list of
              words separated by spaces or commas or colons, up  to  one  from
              each category below:

              ·      A  valid  module  name,  as  displayed  by  the vlog/list
                     command on ovs-appctl(8), limits the log level change  to
                     the specified module.

              ·      syslog,  console,  or file, to limit the log level change
                     to only to the system log, to the console, or to a  file,
                     respectively.

              ·      off,  emer,  err,  warn, info, or dbg, to control the log
                     level.  Messages of the given severity or higher will  be
                     logged,  and  messages of lower severity will be filtered
                     out.  off filters out all  messages.   See  ovs-appctl(8)
                     for a definition of each log level.

              Case is not significant within spec.

              Regardless  of  the  log  levels set for file, logging to a file
              will not take place unless --log-file  is  also  specified  (see
              below).

              For compatibility with older versions of OVS, any is accepted as
              a word but has no effect.

       -v
       --verbose
              Sets  the  maximum  logging  verbosity  level,   equivalent   to
              --verbose=dbg.

       --log-file[=file]
              Enables  logging  to  a  file.  If file is specified, then it is
              used as the exact name for the log file.  The default  log  file
              name       used       if       file      is      omitted      is
              /var/log/openvswitch/ovs-controller.log.

       --unixctl=socket
              Sets the name of the  control  socket  on  which  ovs-controller
              listens  for runtime management commands (see RUNTIME MANAGEMENT
              COMMANDS, below).  If socket  does  not  begin  with  /,  it  is
              interpreted  as  relative to /var/run/openvswitch.  If --unixctl
              is   not    used    at    all,    the    default    socket    is
              /var/run/openvswitch/ovs-controller.pid.ctl,    where   pid   is
              ovs-controller's  process  ID.   Specifying  none   for   socket
              disables the control socket feature.

       -h
       --help Prints a brief help message to the console.

       -V
       --version
              Prints version information to the console.
               lib/ofp-version.man.

EXAMPLES

       To  bind  locally  to  port  6633  (the  default) and wait for incoming
       connections from OpenFlow switches:

              % ovs-controller ptcp:

BUGS

       Configuring a Citrix XenServer to connect to  a  particular  controller
       only  points the remote OVSDB management connection to that controller.
       It does not also configure OpenFlow connections, because the manager is
       expected  to  do  that over the management protocol.  ovs-controller is
       not an Open vSwitch manager and does not know how to do that.

       As a stopgap workaround, ovs-vsctl can wait for an OVSDB connection and
       set the controller, e.g.:

              % ovs-vsctl -t0 --db=pssl: --certificate=cert.pem --ca-cert=none
              --private-key=privkey.pem              --peer-ca-cert=cacert.pem
              set-controller ssl:ip

SEE ALSO

       ovs-appctl(8), ovs-ofctl(8), ovs-dpctl(8)