ofproto: Add support for master/slave controller coordination.

Now that Open vSwitch has support for multiple simultaneous controllers, there is some need for a degree of coordination among them. For now, the plan is for the controllers themselves to take the lead on this. This commit adds a small bit of OVS infrastructure: the ability for a controller to designate itself as a "master" or a "slave". There may be at most one master at a time; when a controller designates itself as the master, then any existing master is demoted to slave status. Slave controllers are not allowed to modify the flow table or global configuration; any attempt to do so is rejected with a "bad request" error. Feature #2495.
2025-10-21 14:49:41 +00:00 · 2010-04-20 11:00:58 -07:00
parent 76ce943239
commit 9deba63bde
2 changed files with 146 additions and 8 deletions
--- a/include/openflow/nicira-ext.h
+++ b/include/openflow/nicira-ext.h
@@ -49,6 +49,11 @@ enum nicira_type {
    /* Use the high 32 bits of the cookie field as the tunnel ID in the flow
     * match. */
    NXT_TUN_ID_FROM_COOKIE,
+
+    /* Controller role support.  The request body is struct nx_role_request.
+     * The reply echos the request. */
+    NXT_ROLE_REQUEST,
+    NXT_ROLE_REPLY
 };

 struct nicira_header {
@@ -67,6 +72,36 @@ struct nxt_tun_id_cookie {
 };
 OFP_ASSERT(sizeof(struct nxt_tun_id_cookie) == 24);

+/* Configures the "role" of the sending controller.  The default role is:
+ *
+ *    - Other (NX_ROLE_OTHER), which allows the controller access to all
+ *      OpenFlow features.
+ *
+ * The other possible roles are a related pair:
+ *
+ *    - Master (NX_ROLE_MASTER) is equivalent to Other, except that there may
+ *      be at most one Master controller at a time: when a controller
+ *      configures itself as Master, any existing Master is demoted to the
+ *      Slave role.
+ *
+ *    - Slave (NX_ROLE_SLAVE) allows the controller read-only access to
+ *      OpenFlow features.  In particular attempts to modify the flow table
+ *      will be rejected with an OFPBRC_EPERM error.
+ *
+ *      Slave controllers also do not receive asynchronous messages
+ *      (OFPT_PACKET_IN, OFPT_FLOW_REMOVED, OFPT_PORT_STATUS).
+ */
+struct nx_role_request {
+    struct nicira_header nxh;
+    uint32_t role;              /* One of NX_ROLE_*. */
+};
+
+enum nx_role {
+    NX_ROLE_OTHER,              /* Default role, full access. */
+    NX_ROLE_MASTER,             /* Full access, at most one. */
+    NX_ROLE_SLAVE               /* Read-only access. */
+};
+
 enum nx_action_subtype {
    NXAST_SNAT__OBSOLETE,           /* No longer used. */