1 # This is a POSIX shell fragment -*- sh -*-
3 # To configure the OpenFlow switch, fill in the following properly and
4 # uncomment them. Afterward, the switch will come up
5 # automatically at boot time. It can be started immediately with
6 # /etc/init.d/openvswitch-switch start
7 # Alternatively, use the ovs-switch-setup program (from the
8 # openvswitch-switch-config package) to do everything automatically.
10 # NETDEVS: Which network devices should the OpenFlow switch include?
12 # List the network devices that should become part of the OpenFlow
13 # switch, separated by spaces. At least two devices must be selected
14 # for this machine to be a useful switch. Unselecting all network
15 # devices will disable the OpenFlow switch entirely.
17 # The network devices that you select should not be configured with IP
18 # or IPv6 addresses, even if the switch contacts the controller over
19 # one of the selected network devices. This is because a running
20 # Open vSwitch switch takes over network devices at a low level: they
21 # become part of the switch and cannot be used for other purposes.
24 # MODE: The OpenFlow switch has three modes that determine how it
25 # reaches the controller:
27 # * in-band with discovery: A single network is used for OpenFlow
28 # traffic and other data traffic; that is, the switch contacts the
29 # controller over one of the network devices selected as OpenFlow
30 # switch ports. The switch automatically determines the location of
31 # the controller using a DHCP request with an OpenFlow-specific
32 # vendor option. This is the most common case.
34 # * in-band: As above, but the location of the controller is manually
37 # * out-of-band: OpenFlow traffic uses a network separate from the
38 # data traffic that it controls. If this is the case, the control
39 # network must already be configured on a network device other than
40 # one of those selected as an Open vSwitch switch port in the previous
43 # Set MODE to 'discovery', 'in-band', or 'out-of-band' for these
47 # SWITCH_IP: In 'in-band' mode, the switch's IP address may be
48 # configured statically or dynamically:
50 # * For static configuration, specify the switch's IP address as a
51 # string. In this case you may also set SWITCH_NETMASK and
52 # SWITCH_GATEWAY appropriately (see below).
54 # * For dynamic configuration with DHCP (the most common case),
55 # specify "dhcp". Configuration with DHCP will only work reliably
56 # if the network topology allows the switch to contact the DHCP
57 # server before it connects to the OpenFlow controller.
59 # This setting has no effect unless MODE is set to 'in-band'.
62 # SWITCH_NETMASK: IP netmask to use in 'in-band' mode when the switch
63 # IP address is not 'dhcp'.
64 #SWITCH_NETMASK=255.255.255.0
66 # SWITCH_GATEWAY: IP gateway to use in 'in-band' mode when the switch
67 # IP address is not 'dhcp'.
68 #SWITCH_GATEWAY=192.168.1.1
70 # CONTROLLER: Location of controller.
71 # One of the following formats:
72 # tcp:IP[:PORT] via TCP to PORT (default: 6633) at IP
73 # ssl:IP[:PORT] via SSL to PORT (default: 6633) at IP
74 # The default below assumes that the controller is running locally.
75 # This setting has no effect when MODE is set to 'discovery'.
76 #CONTROLLER="tcp:127.0.0.1"
78 # PRIVKEY: Name of file containing switch's private key.
79 # Required if SSL enabled.
80 #PRIVKEY=/etc/openvswitch-switch/of0-privkey.pem
82 # CERT: Name of file containing certificate for private key.
83 # Required if SSL enabled.
84 #CERT=/etc/openvswitch-switch/of0-cert.pem
86 # CACERT: Name of file containing controller CA certificate.
87 # Required if SSL enabled.
88 #CACERT=/etc/openvswitch-switch/cacert.pem
90 # CACERT_MODE: Two modes are available:
92 # * secure: The controller CA certificate named in CACERT above must exist.
93 # (You must copy it manually from the PKI server or another trusted source.)
95 # * bootstrap: If the controller CA certificate named in CACERT above does
96 # not exist, the switch will obtain it from the controller the first time
97 # it connects and save a copy to the file named in CACERT. This is insecure,
98 # in the same way that initial connections with ssh are insecure, but
101 # Set CACERT_MODE to 'secure' or 'bootstrap' for these respective cases.
104 # MGMT_VCONNS: List of vconns (space-separated) on which ovs-openflowd
105 # should listen for management connections from ovs-ofctl, etc.
106 # openvswitch-switchui by default connects to
107 # unix:/var/run/ovs-openflowd.mgmt, so do not disable this if you want to
108 # use openvswitch-switchui.
109 MGMT_VCONNS="punix:/var/run/ovs-openflowd.mgmt"
111 # COMMANDS: Access control list for the commands that can be executed
112 # remotely over the OpenFlow protocol, as a comma-separated list of
113 # shell glob patterns. Negative patterns (beginning with !) act as a
114 # blacklist. To be executable, a command name must match one positive
115 # pattern and not match any negative patterns.
116 #COMMANDS="reboot,update"
118 # DISCONNECTED_MODE: Switch behavior when attempts to connect to the
119 # controller repeatedly fail, either 'switch', to act as an L2 switch
120 # in this case, or 'drop', to drop all packets (except those necessary
121 # to connect to the controller). If unset, the default is 'drop'.
122 #DISCONNECTED_MODE=switch
124 # STP: Enable or disabled 802.1D-1998 Spanning Tree Protocol. Set to
125 # 'yes' to enable STP, 'no' to disable it. If unset, ovs-openflowd's
126 # current default is 'no' (but this may change in the future).
129 # RATE_LIMIT: Maximum number of received frames, that do not match any
130 # existing switch flow, to forward up to the controller per second.
131 # The valid range is 100 and up. If unset, this rate will not be
135 # INACTIVITY_PROBE: The maximum number of seconds of inactivity on the
136 # controller connection before ovs-openflowd sends an inactivity probe
137 # message to the controller. The valid range is 5 and up. If unset,
138 # ovs-openflowd defaults to 15 seconds.
141 # MAX_BACKOFF: The maximum time that ovs-openflowd will wait between
142 # attempts to connect to the controller. The valid range is 1 and up.
143 # If unset, ovs-openflowd defaults to 15 seconds.
146 # DAEMON_OPTS: Additional options to pass to ovs-openflowd, e.g. "--fail=open"
149 # CORE_LIMIT: Maximum size for core dumps.
151 # Leaving this unset will use the system default. Setting it to 0
152 # will disable core dumps. Setting it to "unlimited" will dump all
153 # core files regardless of size.
154 #CORE_LIMIT=unlimited
156 # DATAPATH_ID: Identifier for this switch.
158 # By default, the switch checks if the DMI System UUID contains a Nicira
159 # mac address to use as a datapath ID. If not, then the switch generates
160 # a new, random datapath ID every time it starts up. By setting this
161 # value, the supplied datapath ID will always be used.
163 # Set DATAPATH_ID to a MAC address in the form XX:XX:XX:XX:XX:XX where each
164 # X is a hexadecimal digit (0-9 or a-f).
165 #DATAPATH_ID=XX:XX:XX:XX:XX:XX