NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

suresh_c's avatar
suresh_c
Follower
Aug 19, 2020

openflow how to set fail secure mode when connection to controller is down

Hi,

 I'm using a m4300-28G switch in openflow mode with floodlight controller. we have some static flows pushed into the switch and traffic is forwarded propely. But when the connection to controller is lost the swicth is ignoring the flows and working as a learning switch causing issues in our test setup.

I want the swicth to use the openflow flows for forwarding traffic even when connection to contorller is lost, i.e  confgure switch into "fail secure mode"  as decribed in section 6.3.2(connection interruption) of openflow spec.

https://www.opennetworking.org/wp-content/uploads/2014/10/openflow-spec-v1.3.0.pdf

 

(M4300-28G) (Config)#show openflow

Administrative Mode............................ Enable
Operational Status............................. Enabled
Disable Reason................................. None
IP Address..................................... 10.67.98.25
IP Mode........................................ ServicePort IP
Static IP Address.............................. 10.67.98.25
OpenFlow Variant............................... OpenFlow 1.3
Passive Mode................................... Enable

 

Please let me know how to achieve this.

 

thanks

Suresh

2 Replies

  • DaneA's avatar
    DaneA
    NETGEAR Employee Retired
    Sep 21, 2020

    suresh_c,

     

    Welcome to the community! :) 

     

    I inquired your post to the higher tier of NETGEAR Support.  According to them, it seems there is no way of putting the unit into hybrid mode/fail secure mode via the CLI.  It was suggested to have more than one controller so the switch can fall back to one if the primary controller fails.

     

     

    Regards,

     

    DaneA

    NETGEAR Community Team

    • DaneA's avatar
      DaneA
      NETGEAR Employee Retired
      Sep 21, 2020

      suresh_c,

       

      Just an update from the higher tier of NETGEAR Support.  According to the engineering team, when the connection to the controller is lost, packets destined to the controller will be dropped and the existing flows will function till their expiry. This is how the ‘Fail secure mode’ works and it’s supported on M4300. If you want the flows to last long, then the flows needs to be installed with a higher timeout value."

       

       

      Regards,

       

      DaneA

      NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More