Description of editable controller properties

Modifying properties may lead to unstable operation of the controller, so we recommend contacting Kaspersky Technical Support before managing properties.

Property

Description

controller.buffers.in

Buffer size, in bytes, for messages coming in from switches on the controller.

controller.buffers.out

Buffer size, in bytes, for messages going out to switches on the controller.

controller.listen.port

The starting port number in the range of switch ports. Ports with the next three consecutive numbers are added to the range. For example, if you enter 6553, the switch port range includes ports 6553, 6554, 6555, 6556.

controller.sockets.config.nodelay

Whether the TCP_NODELAY parameter is used for management sessions between switches and the controller. Possible values:

  • true
  • false

controller.sockets.mode.epoll

Whether the epoll system is used by the controller when managing switches. Possible values:

  • true
  • false

controller.sockets.timeouts.idle.both

Time in milliseconds after which management sessions between the switches and the controller go idle in absence of read or write operations. The countdown starts anew whenever a read or write operation is performed.

controller.sockets.timeouts.idle.read

Time in milliseconds after which management sessions between the switches and the controller go idle in absence of read operations. The countdown starts anew whenever a read operation is performed.

controller.sockets.timeouts.idle.write

Time in milliseconds after which management sessions between the switches and the controller go idle in absence of write operations. The countdown starts anew whenever a write operation is performed.

controller.threads.affinity

Netty threads preferentially run on separate CPU cores for separate switches. Possible values:

  • true
  • false

controller.threads.boss

Number of Netty threads for handling new switch connections.

controller.tls.ca.certificate.path

Path to the PEM file of the root certificate that was used to sign the OpenFlow certificate.

controller.tls.certificate.path

Path to the PEM file of the encryption certificate for OpenFlow traffic between the controller and switches.

controller.tls.private.key.path

Path to the PEM file with the private key of the OpenFlow certificate.

controller.watermark.high

When the Netty buffer of the management session between switches and the controller contains this number of bytes, the queue is used to write to the session.

controller.watermark.low

When the Netty buffer of the management session between switches and the controller contains this number of bytes, the queue is no longer used to write to the session.

This property is used when the number of bytes reaches the controller.watermark.high value.

core.catcher.meter.value.kbits

The throughput of the policer on the switches when sending traffic packets through the management session between the switches and the controller. Traffic packets are copied by interception flow rules.

core.drop.rule.idle.sec

Time, in seconds, after which flow rules automatically created by the controller when processing the first intercepted traffic packet are deleted on the switches to block subsequent packets. The countdown starts anew every time the flow rule is applied.

core.link.bonding.enable

Bonding of parallel links between two switches. Possible values:

  • true
  • false

core.link.bonding.equal.cost

Whether the equal cost algorithm is used when bonding links. Possible values:

  • true
  • false

If you specify false, the unequal cost algorithm is used.

core.link.bonding.max.links

Maximum number of links in a bonded link.

core.link.bonding.mode

Type of the bonded link group. Possible values:

  • BALANCING means traffic is balanced across links in accordance with a hash value. The hash is calculated based on the IP Proto, IP src-dst, and Port src-dst fields of traffic packets.
  • BROADCAST means traffic is duplicated through all links.

core.link.check.ports.status

Whether the controller periodically sends LLDP packets only to enabled ports to detect links between switches. Possible values:

  • true
  • false

core.link.enabled.ports.only

Whether the switches relay LLDP packets to the controller only from enabled ports when the controller attempts to discover links between the switches. Possible values:

  • true
  • false

core.link.liveness.interval

Interval in milliseconds for the controller sending LLDP packets through the switch links.

core.link.liveness.timeout

Interval in milliseconds for the receiving side of switch links to receive LLDP packets and forward the LLDP packets to the controller. If no LLDP packets arrive through the link within the specified time, the controller considers the link unavailable.

core.lldp.sendrem.enabled

Whether switches send notifications to the controller whenever flow rules that send traffic packets to the controller are deleted. Possible values:

  • true
  • false

core.switch.liveness.interval

Interval in milliseconds for checking the connection of switches to the controller.

core.switch.liveness.timeout

Time in milliseconds within which disconnected switches must reconnect to the controller.

core.tunnel.port.end

Number of the last virtual network interface (VNI) in the range of switch interfaces.

core.tunnel.port.start

Number of the first virtual network interface in the range of switch interfaces.

dampening.link.enabled

Whether link Dampening is used. Possible values:

  • true
  • false

dampening.link.maxSuppressTime.ms

Maximum time in milliseconds for which access to the link can be restricted. When the specified time elapses, all Dampening counters are reset.

dampening.link.penalty

The number by which Penalty is incremented when the link changes state.

dampening.link.suppressLevel

The Penalty value at which access to the link is restricted.

dampening.link.updateInterval.ms

Time in milliseconds within which the Penalty must reach the dampening.link.suppressLevel value for access to the link to be restricted.

eth.s.type

The IEEE 802.1Q TPID value that is specified as the inner tag for traffic packets with Q-in-Q traffic classification.

eth.t.type

The IEEE 802.1Q TPID value that is specified as the outer tag for traffic packets with Q-in-Q traffic classification.

inband.statistics.enabled

Getting statistics on switches. Statistics contain information about network devices to which the switch is connected, as well as the ports being used. Possible values:

  • true
  • false

inband.swos.cookie

Value of the cookie field in the message for requesting statistics from the switches. Possible values:

  • true
  • false

This property must be specified if for inband.statistics.enabled, you specified true.

network.control.queue.id

ID of the LLDP packet queue on the switches.

notification.all.queue.max.size

Maximum size of the push notification queue on the switches. If this size is exceeded, the first push notification in the queue is deleted.

openflow.fail2ban.banTimeSec

Duration in seconds for which IP addresses and ports of switches are blocked after an attempt to connect to the controller with an invalid TLS certificate.

openflow.fail2ban.enabled

Whether IP addresses and ports of switches are blocked after an attempt to connect to the controller with an invalid TLS certificate. Possible values:

  • true
  • false

openflow.fail2ban.findTimeSec

Time in seconds within which the switches must make the number of attempts (specified in the openflow.fail2ban.maxRetry property) to connect to the controller with an invalid TLS certificate, which causes the IP addresses and ports of these switches to be blocked.

openflow.fail2ban.maxRetry

The number of attempts of switches to connect to the controller with an invalid TLS certificate, after which the IP addresses and ports of the switches are blocked.

openflow.io.cpe.rate.limiter.read.byteps

This property is no longer used.

openflow.io.cpe.rate.limiter.write.byteps

This property is no longer used.

openflow.io.ovs.meters.enabled

Whether flow rules send traffic packets to the controller. Possible values:

  • true
  • false

openflow.io.rate.limiter.switch.type-to-rate

This property is no longer used.

openflow.io.switch.latency.monitoring.delay.ms

Interval in milliseconds for checking the latency between the controller and the switches.

openflow.io.switch.latency.monitoring.enabled

Whether latency is checked between the controller and switches. Possible values:

  • true
  • false

openflow.io.switch.latency.sma.initial.drop.size

Number of leading traffic packets on the switches, which is not counted towards statistics.

openflow.io.switch.latency.sma.window.size

Number of trailing traffic packets on the switches, which is not counted towards statistics.

openflow.io.switch.messages.chunk.bytes

Size, in bytes, of chunks of serialized OpenFlow messages that the controller sends to the switches.

openflow.io.switch.messages.window.size

Maximum number of blocks of serialized OpenFlow messages in the controller queue.

openflow.io.switch.rate.limiter.read.byteps

This property is no longer used.

openflow.io.switch.rate.limiter.write.byteps

This property is no longer used.

openflow.io.vtep.rate.limiter.read.byteps

This property is no longer used.

openflow.io.vtep.rate.limiter.write.byteps

This property is no longer used.

segment.path.num.max

Maximum number of paths in a segment.

segment.path.spf.num.max

Maximum number of SPF paths for automatic balancing.

table-miss.mode

Action that switches perform with traffic packets that are not in any of the OpenFlow tables. Possible values:

  • DROP to drop the traffic packets.
  • TO_CTL to send the traffic packets to the controller.

topology.cfm.enabled

Whether Connectivity Fault Management (CFM) is used on links. Possible values:

  • true
  • false

topology.debug.enabled

Whether controller debug routines are used involving the gRPC protocol. Possible values:

  • true
  • false

topology.intervtep.links.enabled

Establishing links between VTEPs. Possible values:

  • true
  • false

topology.link.charged

Using all links as a last resort when routing traffic, regardless of the link quality. Possible values:

  • true
  • false

topology.link.discovery.groups.enabled

Link discovery by groups. Possible values:

  • true
  • false

topology.link.encryption.enabled

Traffic encryption on links. Possible values:

  • true
  • false

topology.link.encryption.key.update.interval.minutes

Interval in minutes for updating the decryption key on links.

topology.link.error.monitoring.enabled

Monitoring of errors on links. Possible values:

  • true
  • false

topology.link.error.threshold.eps

Threshold value of the number of errors per second on links.

topology.link.eu.monitoring.delay.sec

Interval in seconds for measuring the number of errors on links and link utilization.

topology.link.fec.enable

Whether Forward Error Correction (FEC) is used on links. Possible values:

  • true
  • false

topology.link.fec.ratio

Ratio of original traffic packets to additional packets with redundant code. Enter a value in the <number of original packets>:<number of additional packets> format.

topology.link.fec.timeout

The maximum time, in milliseconds, during which a traffic packet can stay in the queue for FEC to apply.

topology.link.jitter.monitoring.enabled

Monitoring of jitter on links. Possible values:

  • true
  • false

topology.link.jitter.threshold.ms

Time threshold of jitter on links, in milliseconds.

topology.link.latency.monitoring.enabled

Monitoring of latency on links. Possible values:

  • true
  • false

topology.link.latency.threshold.ms

Latency threshold on links, in milliseconds.

topology.link.ljp.monitoring.delay.sec

Interval in seconds for comparing the received monitoring figures with the specified thresholds of latency, jitter, and packet loss on links.

topology.link.ljp.stats.collecting.enabled

Monitoring of latency, jitter, and traffic packet loss on links. Possible values:

  • true
  • false

You can specify the monitoring protocol using the topology.link.ljp.stats.collecting.method property.

topology.link.ljp.stats.collecting.lldp.window

Size in bytes of the additional buffer in each LLDP packet for latency, jitter, and packet loss monitoring figures.

This property must be specified if for topology.link.ljp.stats.collecting.method, you specified GENEVE.

topology.link.ljp.stats.collecting.method

Protocol for monitoring of latency, jitter, and traffic packet loss on links. Possible values:

  • LLDP
  • GENEVE

topology.link.ljp.stats.collecting.multiplicity

The multiplier that the controller applies to delay, jitter, and packet loss monitoring figures.

This property must be specified if for topology.link.ljp.stats.collecting.method, you specified GENEVE.

topology.link.packet.loss.monitoring.enabled

Monitoring of traffic packet loss on links. Possible values:

  • true
  • false

topology.link.packet.loss.threshold.percents

Threshold value of the traffic packet loss percentage on links.

topology.link.pmtud.scheduler.interval.sec

Interval in seconds for automatic detection of the MTU figure on links.

topology.link.pmtud.wait.time.ms

How long the controller waits for a PMTUD LLDP packet, in milliseconds. If the controller does not receive a PMTUD LLDP packet within this time, the controller concludes that a packet of this size cannot be transmitted over the link.

topology.link.threshold.monitoring.delay.sec

Interval in seconds for monitoring of link thresholds.

topology.link.threshold.monitoring.enabled

Threshold monitoring on links. Possible values:

  • true
  • false

topology.link.threshold.monitoring.unban.periods

Number of successful checks in a row for a link to be unblocked. A check is performed once per second.

topology.link.util.monitoring.enabled

Monitoring of link utilization (bandwidth usage). Possible values:

  • true
  • false

topology.link.util.threshold.percents

Threshold value of link utilization as a percentage of the bandwidth of service interfaces.

topology.overlay.lldp.sender.concurrent

Concurrent sending of LLDP packets by the controller for link discovery. Possible values:

  • true
  • false

topology.overlay.lldp.sender.core.pool.size

Minimum number of streams for concurrent sending of LLDP packets by the controller.

This property must be specified if for topology.overlay.lldp.sender.concurrent, you specified true.

topology.overlay.lldp.sender.max.pool.size

Maximum number of streams for concurrent sending of LLDP packets by the controller.

This property must be specified if for topology.overlay.lldp.sender.concurrent, you specified true.

topology.overlay.lldp.sender.max.queue.capacity

Maximum queue size when the controller is sending LLDP packets concurrently.

This property must be specified if for topology.overlay.lldp.sender.concurrent, you specified true.

topology.reserve.si.auto.revert.enabled

The reserve service interface becomes reserve again if the old service interface becomes operational again. Possible values:

  • true
  • false

topology.throttler.timeout.hard.enabled

Accumulation of physical operations on the controller, such as connecting a switch or a port, to perform the operations when the specified time elapses. Possible values:

  • true
  • false

You can specify the time using the topology.throttler.timeout.hard.ms and topology.throttler.timeout.idle.ms properties.

topology.throttler.timeout.hard.ms

Time in seconds after which the physical operations accumulated on the controller are carried out.

This property must be specified if for topology.throttler.timeout.hard.enabled, you specified true.

topology.throttler.timeout.idle.ms

Time in seconds after which the physical operations accumulated on the controller are carried out. The countdown starts anew whenever a physical operation appears.

This property can be specified if for topology.throttler.timeout.hard.enabled, you specified true.

topology.throttler_future.enable

System property.

Editing this property may render the controller inoperable.

topology.throttler_future.timeout.sec

System property.

Editing this property may render the controller inoperable.

Page top