X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=ofproto%2Ffail-open.c;h=b028493d6b94b58059f43f509d8dadae4d5ae6c5;hb=7cf8b2660f9813fe080a3f4fcc975099cb36417a;hp=48f7069452b0ac63fc64392555127fe45be4a77c;hpb=d17ee8689bff22541dccaa792b70a848641f3646;p=openvswitch

diff --git a/ofproto/fail-open.c b/ofproto/fail-open.c
index 48f70694..b028493d 100644
--- a/ofproto/fail-open.c
+++ b/ofproto/fail-open.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2009 Nicira Networks.
+ * Copyright (c) 2008, 2009, 2010 Nicira Networks.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -49,8 +49,8 @@
  * connection to the controller, and thus the whole network would go down for
  * that period of time.
  *
- * So, instead, we add some special caseswhen we are connected to a controller,
- * but not yet sure that it has admitted us:
+ * So, instead, we add some special cases when we are connected to a
+ * controller, but not yet sure that it has admitted us:
  *
  *     - We set up flows immediately ourselves, but simultaneously send out an
  *       OFPT_PACKET_IN to the controller.  We put a special bogus buffer-id in
@@ -68,19 +68,68 @@
 
 struct fail_open {
     struct ofproto *ofproto;
-    struct rconn *controller;
-    int trigger_duration;
+    struct rconn **controllers;
+    size_t n_controllers;
     int last_disconn_secs;
     struct status_category *ss_cat;
     long long int next_bogus_packet_in;
     struct rconn_packet_counter *bogus_packet_counter;
 };
 
-/* Returns true if 'fo' should be in fail-open mode, otherwise false. */
-static inline bool
-should_fail_open(const struct fail_open *fo)
+static void fail_open_recover(struct fail_open *);
+
+/* Returns the number of seconds of disconnection after which fail-open mode
+ * should activate. */
+static int
+trigger_duration(const struct fail_open *fo)
+{
+    if (!fo->n_controllers) {
+        /* Shouldn't ever arrive here, but if we do, never fail open. */
+        return INT_MAX;
+    } else {
+        /* Otherwise, every controller must have a chance to send an
+         * inactivity probe and reconnect before we fail open, so take the
+         * maximum probe interval and multiply by 3:
+         *
+         *  - The first interval is the idle time before sending an inactivity
+         *    probe.
+         *
+         *  - The second interval is the time allowed for a response to the
+         *    inactivity probe.
+         *
+         *  - The third interval is the time allowed to reconnect after no
+         *    response is received.
+         */
+        int max_probe_interval;
+        size_t i;
+
+        max_probe_interval = 0;
+        for (i = 0; i < fo->n_controllers; i++) {
+            int probe_interval = rconn_get_probe_interval(fo->controllers[i]);
+            max_probe_interval = MAX(max_probe_interval, probe_interval);
+        }
+        return max_probe_interval * 3;
+    }
+}
+
+/* Returns the number of seconds for which all controllers have been
+ * disconnected.  */
+static int
+failure_duration(const struct fail_open *fo)
 {
-    return rconn_failure_duration(fo->controller) >= fo->trigger_duration;
+    int min_failure_duration;
+    size_t i;
+
+    if (!fo->n_controllers) {
+        return 0;
+    }
+
+    min_failure_duration = INT_MAX;
+    for (i = 0; i < fo->n_controllers; i++) {
+        int failure_duration = rconn_failure_duration(fo->controllers[i]);
+        min_failure_duration = MIN(min_failure_duration, failure_duration);
+    }
+    return min_failure_duration;
 }
 
 /* Returns true if 'fo' is currently in fail-open mode, otherwise false. */
@@ -90,8 +139,39 @@ fail_open_is_active(const struct fail_open *fo)
     return fo->last_disconn_secs != 0;
 }
 
+/* Returns true if at least one controller is connected (regardless of whether
+ * those controllers are believed to have authenticated and accepted this
+ * switch), false if none of them are connected. */
+static bool
+any_controller_is_connected(const struct fail_open *fo)
+{
+    size_t i;
+
+    for (i = 0; i < fo->n_controllers; i++) {
+        if (rconn_is_connected(fo->controllers[i])) {
+            return true;
+        }
+    }
+    return false;
+}
+
+/* Returns true if at least one controller is believed to have authenticated
+ * and accepted this switch, false otherwise. */
+static bool
+any_controller_is_admitted(const struct fail_open *fo)
+{
+    size_t i;
+
+    for (i = 0; i < fo->n_controllers; i++) {
+        if (rconn_is_admitted(fo->controllers[i])) {
+            return true;
+        }
+    }
+    return false;
+}
+
 static void
-send_bogus_packet_in(struct fail_open *fo)
+send_bogus_packet_in(struct fail_open *fo, struct rconn *rconn)
 {
     uint8_t mac[ETH_ADDR_LEN];
     struct ofpbuf *opi;
@@ -99,23 +179,35 @@ send_bogus_packet_in(struct fail_open *fo)
 
     /* Compose ofp_packet_in. */
     ofpbuf_init(&b, 128);
-    eth_addr_random(mac);
+    eth_addr_nicira_random(mac);
     compose_benign_packet(&b, "Open vSwitch Controller Probe", 0xa033, mac);
     opi = make_packet_in(pktbuf_get_null(), OFPP_LOCAL, OFPR_NO_MATCH, &b, 64);
     ofpbuf_uninit(&b);
 
     /* Send. */
-    rconn_send_with_limit(fo->controller, opi, fo->bogus_packet_counter, 1);
+    rconn_send_with_limit(rconn, opi, fo->bogus_packet_counter, 1);
+}
+
+static void
+send_bogus_packet_ins(struct fail_open *fo)
+{
+    size_t i;
+
+    for (i = 0; i < fo->n_controllers; i++) {
+        if (rconn_is_connected(fo->controllers[i])) {
+            send_bogus_packet_in(fo, fo->controllers[i]);
+        }
+    }
 }
 
-/* Enter fail-open mode if we should be in it.  Handle reconnecting to a
- * controller from fail-open mode. */
+/* Enter fail-open mode if we should be in it. */
 void
 fail_open_run(struct fail_open *fo)
 {
+    int disconn_secs = failure_duration(fo);
+
     /* Enter fail-open mode if 'fo' is not in it but should be.  */
-    if (should_fail_open(fo)) {
-        int disconn_secs = rconn_failure_duration(fo->controller);
+    if (disconn_secs >= trigger_duration(fo)) {
         if (!fail_open_is_active(fo)) {
             VLOG_WARN("Could not connect to controller (or switch failed "
                       "controller's post-connection admission control "
@@ -135,10 +227,10 @@ fail_open_run(struct fail_open *fo)
 
     /* Schedule a bogus packet-in if we're connected and in fail-open. */
     if (fail_open_is_active(fo)) {
-        if (rconn_is_connected(fo->controller)) {
+        if (any_controller_is_connected(fo)) {
             bool expired = time_msec() >= fo->next_bogus_packet_in;
             if (expired) {
-                send_bogus_packet_in(fo);
+                send_bogus_packet_ins(fo);
             }
             if (expired || fo->next_bogus_packet_in == LLONG_MAX) {
                 fo->next_bogus_packet_in = time_msec() + 2000;
@@ -155,7 +247,15 @@ fail_open_run(struct fail_open *fo)
 void
 fail_open_maybe_recover(struct fail_open *fo)
 {
-    if (fail_open_is_active(fo) && rconn_is_admitted(fo->controller)) {
+    if (any_controller_is_admitted(fo)) {
+        fail_open_recover(fo);
+    }
+}
+
+static void
+fail_open_recover(struct fail_open *fo)
+{
+    if (fail_open_is_active(fo)) {
         flow_t flow;
 
         VLOG_WARN("No longer in fail-open mode");
@@ -163,7 +263,7 @@ fail_open_maybe_recover(struct fail_open *fo)
         fo->next_bogus_packet_in = LLONG_MAX;
 
         memset(&flow, 0, sizeof flow);
-        ofproto_delete_flow(fo->ofproto, &flow, OFPFW_ALL, FAIL_OPEN_PRIORITY);
+        ofproto_delete_flow(fo->ofproto, &flow, OVSFW_ALL, FAIL_OPEN_PRIORITY);
     }
 }
 
@@ -171,15 +271,15 @@ void
 fail_open_wait(struct fail_open *fo)
 {
     if (fo->next_bogus_packet_in != LLONG_MAX) {
-        poll_timer_wait(fo->next_bogus_packet_in - time_msec());
+        poll_timer_wait_until(fo->next_bogus_packet_in);
     }
 }
 
 void
 fail_open_flushed(struct fail_open *fo)
 {
-    int disconn_secs = rconn_failure_duration(fo->controller);
-    bool open = disconn_secs >= fo->trigger_duration;
+    int disconn_secs = failure_duration(fo);
+    bool open = disconn_secs >= trigger_duration(fo);
     if (open) {
         union ofp_action action;
         flow_t flow;
@@ -191,7 +291,7 @@ fail_open_flushed(struct fail_open *fo)
         action.output.len = htons(sizeof action);
         action.output.port = htons(OFPP_NORMAL);
         memset(&flow, 0, sizeof flow);
-        ofproto_add_flow(fo->ofproto, &flow, OFPFW_ALL, FAIL_OPEN_PRIORITY,
+        ofproto_add_flow(fo->ofproto, &flow, OVSFW_ALL, FAIL_OPEN_PRIORITY,
                          &action, 1, 0);
     }
 }
@@ -200,23 +300,28 @@ static void
 fail_open_status_cb(struct status_reply *sr, void *fo_)
 {
     struct fail_open *fo = fo_;
-    int cur_duration = rconn_failure_duration(fo->controller);
+    int cur_duration = failure_duration(fo);
+    int trigger = trigger_duration(fo);
 
-    status_reply_put(sr, "trigger-duration=%d", fo->trigger_duration);
+    status_reply_put(sr, "trigger-duration=%d", trigger);
     status_reply_put(sr, "current-duration=%d", cur_duration);
     status_reply_put(sr, "triggered=%s",
-                     cur_duration >= fo->trigger_duration ? "true" : "false");
+                     cur_duration >= trigger ? "true" : "false");
 }
 
+/* Creates and returns a new struct fail_open for 'ofproto', registering switch
+ * status with 'switch_status'.
+ *
+ * The caller should register its set of controllers with
+ * fail_open_set_controllers().  (There should be at least one controller,
+ * otherwise there isn't any point in having the struct fail_open around.) */
 struct fail_open *
-fail_open_create(struct ofproto *ofproto,
-                 int trigger_duration, struct switch_status *switch_status,
-                 struct rconn *controller)
+fail_open_create(struct ofproto *ofproto, struct switch_status *switch_status)
 {
     struct fail_open *fo = xmalloc(sizeof *fo);
     fo->ofproto = ofproto;
-    fo->controller = controller;
-    fo->trigger_duration = trigger_duration;
+    fo->controllers = NULL;
+    fo->n_controllers = 0;
     fo->last_disconn_secs = 0;
     fo->ss_cat = switch_status_register(switch_status, "fail-open",
                                         fail_open_status_cb, fo);
@@ -225,17 +330,29 @@ fail_open_create(struct ofproto *ofproto,
     return fo;
 }
 
+/* Registers the 'n' rconns in 'rconns' as connections to the controller for
+ * 'fo'.  The caller must ensure that all of the rconns remain valid until 'fo'
+ * is destroyed or a new set is registered in a subsequent call.
+ *
+ * Takes ownership of the 'rconns' array, but not of the rconns that it points
+ * to (of which the caller retains ownership). */
 void
-fail_open_set_trigger_duration(struct fail_open *fo, int trigger_duration)
+fail_open_set_controllers(struct fail_open *fo,
+                          struct rconn **rconns, size_t n)
 {
-    fo->trigger_duration = trigger_duration;
+    free(fo->controllers);
+    fo->controllers = rconns;
+    fo->n_controllers = n;
 }
 
+/* Destroys 'fo'. */
 void
 fail_open_destroy(struct fail_open *fo)
 {
     if (fo) {
-        /* We don't own fo->controller. */
+        fail_open_recover(fo);
+        free(fo->controllers);
+        /* We don't own the rconns behind fo->controllers. */
         switch_status_unregister(fo->ss_cat);
         rconn_packet_counter_destroy(fo->bogus_packet_counter);
         free(fo);