\fBovs\-controller\fR controls one or more OpenFlow switches, specified as
one or more of the following OpenFlow connection methods:
-.TP
-\fBpssl:\fR[\fIport\fR][\fB:\fIip\fR]
-Listens for SSL connections from remote OpenFlow switches on
-\fIport\fR (default: 6633). The \fB--private-key\fR,
-\fB--certificate\fR, and \fB--ca-cert\fR options are mandatory when
-this form is used.
-By default, \fB\*(PN\fR listens for connections to any local IP
-address, but \fIip\fR may be specified to listen only for connections
-to the given \fIip\fR.
-
-.TP
-\fBptcp:\fR[\fIport\fR][\fB:\fIip\fR]
-Listens for TCP connections from remote OpenFlow switches on
-\fIport\fR (default: 6633).
-By default, \fB\*(PN\fR listens for connections to any local IP
-address, but \fIip\fR may be specified to listen only for connections
-to the given \fIip\fR.
-
-.TP
-\fBpunix:\fIfile\fR
-Listens for connections from OpenFlow switches on the Unix domain
-server socket named \fIfile\fR.
-
-.TP
-\fBssl:\fIhost\fR[\fB:\fIport\fR]
-The specified SSL \fIport\fR (default: 6633) on the given remote
-\fIhost\fR. The \fB--private-key\fR, \fB--certificate\fR, and
-\fB--ca-cert\fR options are mandatory when this form is used.
-
-.TP
-\fBtcp:\fIhost\fR[\fB:\fIport\fR]
-The specified TCP \fIport\fR (default: 6633) on the given remote
-\fIhost\fR.
-
-.TP
-\fBunix:\fIfile\fR
-The Unix domain server socket named \fIfile\fR.
+.RS
+.so lib/vconn-passive.man
+.so lib/vconn-active.man
+.RE
.SH OPTIONS
-.TP
-\fB-p\fR, \fB--private-key=\fIprivkey.pem\fR
-Specifies a PEM file containing the private key used as the switch's
-identity for SSL connections to the controller.
-
-.TP
-\fB-c\fR, \fB--certificate=\fIcert.pem\fR
-Specifies a PEM file containing a certificate, signed by the
-controller's certificate authority (CA), that certifies the switch's
-private key to identify a trustworthy switch.
-
-.TP
-\fB-C\fR, \fB--ca-cert=\fIswitch-cacert.pem\fR
-Specifies a PEM file containing the CA certificate used to verify that
-the switch is connected to a trustworthy controller.
-
-.TP
-\fB--peer-ca-cert=\fIcontroller-cacert.pem\fR
-Specifies a PEM file that contains one or more additional certificates
-to send to switches. \fIcontroller-cacert.pem\fR should be the CA
-certificate used to sign the controller's own certificate (the
-certificate specified on \fB-c\fR or \fB--certificate\fR).
-
-This option is not useful in normal operation, because the switch must
-already have the controller CA certificate for it to have any
-confidence in the controller's identity. However, this option allows
-a newly installed switch to obtain the controller CA certificate on
-first boot using, e.g., the \fB--bootstrap-ca-cert\fR option to
-\fBsecchan\fR(8).
-
.IP "\fB-n\fR, \fB--noflow\fR"
By default, \fBovs\-controller\fR sets up a flow in each OpenFlow switch
whenever it receives a packet whose destination is known due through
This option affects only flows set up by the OpenFlow controller. In
some configurations, the switch can set up some flows
on its own. To set the idle time for those flows, pass
-\fB--max-idle\fR to \fBsecchan\fR (on the switch).
+\fB--max-idle\fR to \fBovs\-openflowd\fR (on the switch).
This option has no effect when \fB-n\fR (or \fB--noflow\fR) is in use
(because the controller does not set up flows in that case).
This option is most useful for debugging. It reduces switching
performance, so it should not be used in production.
-
+.
+.IP "\fB-w\fR, \fB--wildcard\fR"
+By default, \fBovs\-controller\fR sets up exact-match flows. This
+option allows it to set up wildcarded flows, which may reduce
+flow-setup latency by causing less traffic to be sent up to the
+controller.
+.IP
+This option has no effect when \fB-n\fR (or \fB--noflow\fR) is in use
+(because the controller does not set up flows in that case).
+.
+.IP "\fB-N\fR, \fB--normal\fR"
+By default, \fBovs\-controller\fR directs packets to a particular port
+or floods them. This option causes it to direct non-flooded packets
+to the OpenFlow \fBOFPP_NORMAL\fR port. This allows the switch itself
+to make decisions about packet destinations. Support for
+\fBOFPP_NORMAL\fR is optional in OpenFlow, so this option may not well
+with some non-Open vSwitch switches.
+.
+.IP "\fB--mute\fR"
+Prevents ovs\-controller from replying to any OpenFlow messages sent
+to it by switches.
+.IP
+This option is only for debugging the Open vSwitch implementation of
+``fail open'' mode. It must not be used in production.
+
+.so lib/ssl.man
+.so lib/ssl-peer-ca-cert.man
.so lib/daemon.man
.so lib/vlog.man
.so lib/common.man
.SH "SEE ALSO"
-.BR secchan (8),
+.BR ovs\-openflowd (8),
.BR ovs\-appctl (8),
.BR ovs\-dpctl (8)
projects / openvswitch / blobdiff