.TH secchan 8 "March 2008" "OpenFlow" "OpenFlow Manual" .SH NAME switch \- userspace implementation of OpenFlow switch .SH SYNOPSIS .B switch [\fIoptions\fR] \fB-i\fR \fInetdev\fR[\fB,\fInetdev\fR]... \fIcontroller\fR .SH DESCRIPTION The \fBswitch\fR is a userspace implementation of an OpenFlow switch. It implements all three parts of the OpenFlow switch specification: a ``flow table'' in which each flow entry is associated with an action telling the switch how to process the flow; a ``secure channel'' connecting the switch to a remote process (a controller), allowing commands and packets to be sent between the controller and the switch; and an OpenFlow protocol implementation. \fBswitch\fR monitors one or more network device interfaces, forwarding packets between them according to the entries in the flow table. It also maintains a connection to an OpenFlow controller over a TCP or SSL connection, relaying packets that do not match a flow table entry to the controller and executing commands sent by the controller. For access to network devices, the switch program must normally run as root. The mandatory \fIcontroller\fR argument specifies how to connect to the OpenFlow controller. It takes one of the following forms: .TP \fBtcp:\fIhost\fR[\fB:\fIport\fR] The specified TCP \fIport\fR (default: 975) on the given remote \fIhost\fR. .TP \fBssl:\fIhost\fR[\fB:\fIport\fR] The specified SSL \fIport\fR (default: 976) on the given remote \fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when this form is used. .SH OPTIONS .TP \fB-i\fR, \fB--interfaces=\fR\fInetdev\fR[\fB,\fInetdev\fR]... Specifies each \fInetdev\fR (e.g., \fBeth0\fR) as a switch port. The specified network devices should not have any configured IP addresses. This option may be given any number of times to specify additional network devices. .TP \fB-d\fR, \fB--datapath-id=\fIdpid\fR Specifies the OpenFlow switch ID (a 48-bit number that uniquely identifies a controller) as \fIdpid\fR, which consist of exactly 12 hex digits. Without this option, \fBswitch\fR picks an ID randomly. .TP \fB-p\fR, \fB--private-key=\fIprivkey.pem\fR Specifies a PEM file containing the private key used as the switch's identity for SSL connections to the controller. .TP \fB-c\fR, \fB--certificate=\fIcert.pem\fR Specifies a PEM file containing a certificate, signed by the controller's certificate authority (CA), that certifies the switch's private key to identify a trustworthy switch. .TP \fB-C\fR, \fB--ca-cert=\fIcacert.pem\fR Specifies a PEM file containing the CA certificate used to verify that the switch is connected to a trustworthy controller. .TP .BR \-h ", " \-\^\-help Prints a brief help message to the console. .TP .BR \-u ", " \-\^\-unreliable Do not attempt to reconnect the channel if a connection drops. By default, \fBsecchan\fR attempts to reconnect. .TP .BR \-v ", " \-\^\-verbose Prints debug messages to the console. .TP .BR \-V ", " \-\^\-version Prints version information to the console. .SH "SEE ALSO" .BR dpctl (8), .BR controller (8) .BR vlogconf (8) .SH BUGS Currently \fBsecchan\fR does not support SSL