<?xml version="1.0" encoding="utf-8"?>
-<database title="Open vSwitch Configuration Database">
+<database name="ovs-vswitchd.conf.db" title="Open vSwitch Configuration Database">
<p>
A database with this schema holds the configuration for one Open
vSwitch daemon. The top-level configuration for the daemon is the
<column name="other_config" key="n-dpdk-rxqs"
type='{"type": "integer", "minInteger": 1}'>
<p>
- Specifies the number of rx queues to be created for each dpdk
+ Specifies the maximum number of rx queues to be created for each dpdk
interface. If not specified or specified to 0, one rx queue will
be created for each dpdk interface by default.
</p>
</group>
+ <group title="Capabilities">
+ <p>
+ These columns report capabilities of the Open vSwitch instance.
+ </p>
+ <column name="datapath_types">
+ <p>
+ This column reports the different dpifs registered with the system.
+ These are the values that this instance supports in the <ref
+ column="datapath_type" table="Bridge"/> column of the <ref
+ table="Bridge"/> table.
+ </p>
+ </column>
+ <column name="iface_types">
+ <p>
+ This column reports the different netdevs registered with the system.
+ These are the values that this instance supports in the <ref
+ column="type" table="Interface"/> column of the <ref
+ table="Interface"/> table.
+ </p>
+ </column>
+ </group>
+
<group title="Database Configuration">
<p>
These columns primarily configure the Open vSwitch database
a different type of mirror instead.
</p>
</column>
+
+ <column name="auto_attach">
+ Auto Attach configuration.
+ </column>
</group>
<group title="OpenFlow Configuration">
</group>
<group title="Spanning Tree Configuration">
- The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol
- that ensures loop-free topologies. It allows redundant links to
- be included in the network to provide automatic backup paths if
- the active links fails.
+ <p>
+ The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol
+ that ensures loop-free topologies. It allows redundant links to
+ be included in the network to provide automatic backup paths if
+ the active links fails.
+ </p>
- <column name="stp_enable" type='{"type": "boolean"}'>
- Enable spanning tree on the bridge. By default, STP is disabled
- on bridges. Bond, internal, and mirror ports are not supported
- and will not participate in the spanning tree.
- </column>
+ <p>
+ These settings configure the slower-to-converge but still widely
+ supported version of Spanning Tree Protocol, sometimes known as
+ 802.1D-1998. Open vSwitch also supports the newer Rapid Spanning Tree
+ Protocol (RSTP), documented later in the section titled <code>Rapid
+ Spanning Tree Configuration</code>.
+ </p>
- <column name="other_config" key="stp-system-id">
- The bridge's STP identifier (the lower 48 bits of the bridge-id)
- in the form
- <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
- By default, the identifier is the MAC address of the bridge.
- </column>
+ <group title="STP Configuration">
+ <column name="stp_enable" type='{"type": "boolean"}'>
+ <p>
+ Enable spanning tree on the bridge. By default, STP is disabled
+ on bridges. Bond, internal, and mirror ports are not supported
+ and will not participate in the spanning tree.
+ </p>
- <column name="other_config" key="stp-priority"
- type='{"type": "integer", "minInteger": 0, "maxInteger": 65535}'>
- The bridge's relative priority value for determining the root
- bridge (the upper 16 bits of the bridge-id). A bridge with the
- lowest bridge-id is elected the root. By default, the priority
- is 0x8000.
- </column>
+ <p>
+ STP and RSTP are mutually exclusive. If both are enabled, RSTP
+ will be used.
+ </p>
+ </column>
- <column name="other_config" key="stp-hello-time"
- type='{"type": "integer", "minInteger": 1, "maxInteger": 10}'>
- The interval between transmissions of hello messages by
- designated ports, in seconds. By default the hello interval is
- 2 seconds.
- </column>
+ <column name="other_config" key="stp-system-id">
+ The bridge's STP identifier (the lower 48 bits of the bridge-id)
+ in the form
+ <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
+ By default, the identifier is the MAC address of the bridge.
+ </column>
- <column name="other_config" key="stp-max-age"
- type='{"type": "integer", "minInteger": 6, "maxInteger": 40}'>
- The maximum age of the information transmitted by the bridge
- when it is the root bridge, in seconds. By default, the maximum
- age is 20 seconds.
- </column>
+ <column name="other_config" key="stp-priority"
+ type='{"type": "integer", "minInteger": 0, "maxInteger": 65535}'>
+ The bridge's relative priority value for determining the root
+ bridge (the upper 16 bits of the bridge-id). A bridge with the
+ lowest bridge-id is elected the root. By default, the priority
+ is 0x8000.
+ </column>
- <column name="other_config" key="stp-forward-delay"
- type='{"type": "integer", "minInteger": 4, "maxInteger": 30}'>
- The delay to wait between transitioning root and designated
- ports to <code>forwarding</code>, in seconds. By default, the
- forwarding delay is 15 seconds.
- </column>
+ <column name="other_config" key="stp-hello-time"
+ type='{"type": "integer", "minInteger": 1, "maxInteger": 10}'>
+ The interval between transmissions of hello messages by
+ designated ports, in seconds. By default the hello interval is
+ 2 seconds.
+ </column>
- <column name="other_config" key="mcast-snooping-aging-time"
- type='{"type": "integer", "minInteger": 1}'>
- <p>
- The maximum number of seconds to retain a multicast snooping entry for
- which no packets have been seen. The default is currently 300
- seconds (5 minutes). The value, if specified, is forced into a
- reasonable range, currently 15 to 3600 seconds.
- </p>
- </column>
+ <column name="other_config" key="stp-max-age"
+ type='{"type": "integer", "minInteger": 6, "maxInteger": 40}'>
+ The maximum age of the information transmitted by the bridge
+ when it is the root bridge, in seconds. By default, the maximum
+ age is 20 seconds.
+ </column>
- <column name="other_config" key="mcast-snooping-table-size"
- type='{"type": "integer", "minInteger": 1}'>
- <p>
- The maximum number of multicast snooping addresses to learn. The
- default is currently 2048. The value, if specified, is forced into
- a reasonable range, currently 10 to 1,000,000.
- </p>
- </column>
- <column name="other_config" key="mcast-snooping-disable-flood-unregistered"
- type='{"type": "boolean"}'>
+ <column name="other_config" key="stp-forward-delay"
+ type='{"type": "integer", "minInteger": 4, "maxInteger": 30}'>
+ The delay to wait between transitioning root and designated
+ ports to <code>forwarding</code>, in seconds. By default, the
+ forwarding delay is 15 seconds.
+ </column>
+
+ <column name="other_config" key="mcast-snooping-aging-time"
+ type='{"type": "integer", "minInteger": 1}'>
+ <p>
+ The maximum number of seconds to retain a multicast snooping entry for
+ which no packets have been seen. The default is currently 300
+ seconds (5 minutes). The value, if specified, is forced into a
+ reasonable range, currently 15 to 3600 seconds.
+ </p>
+ </column>
+
+ <column name="other_config" key="mcast-snooping-table-size"
+ type='{"type": "integer", "minInteger": 1}'>
+ <p>
+ The maximum number of multicast snooping addresses to learn. The
+ default is currently 2048. The value, if specified, is forced into
+ a reasonable range, currently 10 to 1,000,000.
+ </p>
+ </column>
+ <column name="other_config" key="mcast-snooping-disable-flood-unregistered"
+ type='{"type": "boolean"}'>
+ <p>
+ If set to <code>false</code>, unregistered multicast packets are forwarded
+ to all ports.
+ If set to <code>true</code>, unregistered multicast packets are forwarded
+ to ports connected to multicast routers.
+ </p>
+ </column>
+ </group>
+
+ <group title="STP Status">
<p>
- If set to <code>false</code>, unregistered multicast packets are forwarded
- to all ports.
- If set to <code>true</code>, unregistered multicast packets are forwarded
- to ports connected to multicast routers.
+ These key-value pairs report the status of 802.1D-1998. They are
+ present only if STP is enabled (via the <ref column="stp_enable"/>
+ column).
</p>
- </column>
+ <column name="status" key="stp_bridge_id">
+ The bridge ID used in spanning tree advertisements, in the form
+ <var>xxxx</var>.<var>yyyyyyyyyyyy</var> where the <var>x</var>s are
+ the STP priority, the <var>y</var>s are the STP system ID, and each
+ <var>x</var> and <var>y</var> is a hex digit.
+ </column>
+ <column name="status" key="stp_designated_root">
+ The designated root for this spanning tree, in the same form as <ref
+ column="status" key="stp_bridge_id"/>. If this bridge is the root,
+ this will have the same value as <ref column="status"
+ key="stp_bridge_id"/>, otherwise it will differ.
+ </column>
+ <column name="status" key="stp_root_path_cost">
+ The path cost of reaching the designated bridge. A lower number is
+ better. The value is 0 if this bridge is the root, otherwise it is
+ higher.
+ </column>
+ </group>
</group>
- <group title="Multicast Snooping Configuration">
- Multicast snooping (RFC 4541) monitors the Internet Group Management
- Protocol (IGMP) traffic between hosts and multicast routers. The
- switch uses what IGMP snooping learns to forward multicast traffic
- only to interfaces that are connected to interested receivers.
- Currently it supports IGMPv1 and IGMPv2 protocols.
+ <group title="Rapid Spanning Tree">
+ <p>
+ Rapid Spanning Tree Protocol (RSTP), like STP, is a network protocol
+ that ensures loop-free topologies. RSTP superseded STP with the
+ publication of 802.1D-2004. Compared to STP, RSTP converges more
+ quickly and recovers more quickly from failures.
+ </p>
- <column name="mcast_snooping_enable">
- Enable multicast snooping on the bridge. For now, the default
- is disabled.
- </column>
- </group>
+ <group title="RSTP Configuration">
+ <column name="rstp_enable" type='{"type": "boolean"}'>
+ <p>
+ Enable Rapid Spanning Tree on the bridge. By default, RSTP is disabled
+ on bridges. Bond, internal, and mirror ports are not supported
+ and will not participate in the spanning tree.
+ </p>
- <group title="Rapid Spanning Tree Configuration">
- In IEEE Std 802.1D, 1998 Edition, and prior editions of this standard,
- Clause 8 specified the spanning tree algorithm and protocol (STP). STP
- has now been superseded by the Rapid Spanning Tree Protocol (RSTP)
- specified in Clause 17 of the IEEE Std 802.1D, 2004 Edition.
- The IEEE 802.1D-2004 Rapid Spanning Tree Algorithm Protocol configures
- full, simple, and symmetric connectivity throughout a Bridged Local Area
- Network that comprises individual LANs interconnected by Bridges.
- Like STP, RSTP is a network protocol that ensures loop-free topologies.
- It allows redundant links to be included in the network to provide
- automatic backup paths if the active links fails.
-
- <column name="rstp_enable" type='{"type": "boolean"}'>
- Enable Rapid Spanning Tree on the bridge. By default, RSTP is disabled
- on bridges. Bond, internal, and mirror ports are not supported
- and will not participate in the spanning tree.
- </column>
-
- <column name="other_config" key="rstp-address">
- The bridge's RSTP address (the lower 48 bits of the bridge-id)
- in the form
- <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
- By default, the address is the MAC address of the bridge.
- </column>
+ <p>
+ STP and RSTP are mutually exclusive. If both are enabled, RSTP
+ will be used.
+ </p>
+ </column>
- <column name="other_config" key="rstp-priority"
- type='{"type": "integer", "minInteger": 0, "maxInteger": 61440}'>
- The bridge's relative priority value for determining the root
- bridge (the upper 16 bits of the bridge-id). A bridge with the
- lowest bridge-id is elected the root. By default, the priority
- is 0x8000 (32768). This value needs to be a multiple of 4096,
- otherwise it's rounded to the nearest inferior one.
- </column>
+ <column name="other_config" key="rstp-address">
+ The bridge's RSTP address (the lower 48 bits of the bridge-id)
+ in the form
+ <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
+ By default, the address is the MAC address of the bridge.
+ </column>
- <column name="other_config" key="rstp-ageing-time"
- type='{"type": "integer", "minInteger": 10, "maxInteger": 1000000}'>
- The Ageing Time parameter for the Bridge. The default value
- is 300 seconds.
- </column>
+ <column name="other_config" key="rstp-priority"
+ type='{"type": "integer", "minInteger": 0, "maxInteger": 61440}'>
+ The bridge's relative priority value for determining the root
+ bridge (the upper 16 bits of the bridge-id). A bridge with the
+ lowest bridge-id is elected the root. By default, the priority
+ is 0x8000 (32768). This value needs to be a multiple of 4096,
+ otherwise it's rounded to the nearest inferior one.
+ </column>
- <column name="other_config" key="rstp-force-protocol-version"
- type='{"type": "integer"}'>
- The Force Protocol Version parameter for the Bridge. This
- can take the value 0 (STP Compatibility mode) or 2
- (the default, normal operation).
- </column>
+ <column name="other_config" key="rstp-ageing-time"
+ type='{"type": "integer", "minInteger": 10, "maxInteger": 1000000}'>
+ The Ageing Time parameter for the Bridge. The default value
+ is 300 seconds.
+ </column>
- <column name="other_config" key="rstp-max-age"
- type='{"type": "integer", "minInteger": 6, "maxInteger": 40}'>
- The maximum age of the information transmitted by the Bridge
- when it is the Root Bridge. The default value is 20.
- </column>
+ <column name="other_config" key="rstp-force-protocol-version"
+ type='{"type": "integer"}'>
+ The Force Protocol Version parameter for the Bridge. This
+ can take the value 0 (STP Compatibility mode) or 2
+ (the default, normal operation).
+ </column>
- <column name="other_config" key="rstp-forward-delay"
- type='{"type": "integer", "minInteger": 4, "maxInteger": 30}'>
- The delay used by STP Bridges to transition Root and Designated
- Ports to Forwarding. The default value is 15.
- </column>
+ <column name="other_config" key="rstp-max-age"
+ type='{"type": "integer", "minInteger": 6, "maxInteger": 40}'>
+ The maximum age of the information transmitted by the Bridge
+ when it is the Root Bridge. The default value is 20.
+ </column>
- <column name="other_config" key="rstp-transmit-hold-count"
- type='{"type": "integer", "minInteger": 1, "maxInteger": 10}'>
- The Transmit Hold Count used by the Port Transmit state machine
- to limit transmission rate. The default value is 6.
- </column>
+ <column name="other_config" key="rstp-forward-delay"
+ type='{"type": "integer", "minInteger": 4, "maxInteger": 30}'>
+ The delay used by STP Bridges to transition Root and Designated
+ Ports to Forwarding. The default value is 15.
+ </column>
+
+ <column name="other_config" key="rstp-transmit-hold-count"
+ type='{"type": "integer", "minInteger": 1, "maxInteger": 10}'>
+ The Transmit Hold Count used by the Port Transmit state machine
+ to limit transmission rate. The default value is 6.
+ </column>
+ </group>
+ <group title="RSTP Status">
+ <p>
+ These key-value pairs report the status of 802.1D-2004. They are
+ present only if RSTP is enabled (via the <ref column="rstp_enable"/>
+ column).
+ </p>
+ <column name="rstp_status" key="rstp_bridge_id">
+ The bridge ID used in rapid spanning tree advertisements, in the form
+ <var>x</var>.<var>yyy</var>.<var>zzzzzzzzzzzz</var> where
+ <var>x</var> is the RSTP priority, the <var>y</var>s are a locally
+ assigned system ID extension, the <var>z</var>s are the STP system
+ ID, and each <var>x</var>, <var>y</var>, or <var>z</var> is a hex
+ digit.
+ </column>
+ <column name="rstp_status" key="rstp_root_id">
+ The root of this spanning tree, in the same form as <ref
+ column="rstp_status" key="rstp_bridge_id"/>. If this bridge is the
+ root, this will have the same value as <ref column="rstp_status"
+ key="rstp_bridge_id"/>, otherwise it will differ.
+ </column>
+ <column name="rstp_status" key="rstp_root_path_cost"
+ type='{"type": "integer", "minInteger": 0}'>
+ The path cost of reaching the root. A lower number is better. The
+ value is 0 if this bridge is the root, otherwise it is higher.
+ </column>
+ <column name="rstp_status" key="rstp_designated_id">
+ The RSTP designated ID, in the same form as <ref column="rstp_status"
+ key="rstp_bridge_id"/>.
+ </column>
+ <column name="rstp_status" key="rstp_designated_port_id">
+ The RSTP designated port ID, as a 4-digit hex number.
+ </column>
+ <column name="rstp_status" key="rstp_bridge_port_id">
+ The RSTP bridge port ID, as a 4-digit hex number.
+ </column>
+ </group>
+ </group>
+
+ <group title="Multicast Snooping Configuration">
+ Multicast snooping (RFC 4541) monitors the Internet Group Management
+ Protocol (IGMP) and Multicast Listener Discovery traffic between hosts
+ and multicast routers. The switch uses what IGMP and MLD snooping
+ learns to forward multicast traffic only to interfaces that are connected
+ to interested receivers. Currently it supports IGMPv1, IGMPv2, IGMPv3,
+ MLDv1 and MLDv2 protocols.
+
+ <column name="mcast_snooping_enable">
+ Enable multicast snooping on the bridge. For now, the default
+ is disabled.
+ </column>
</group>
<group title="Other Features">
<column name="datapath_type">
- Name of datapath provider. The kernel datapath has
- type <code>system</code>. The userspace datapath has
- type <code>netdev</code>.
+ Name of datapath provider. The kernel datapath has type
+ <code>system</code>. The userspace datapath has type
+ <code>netdev</code>. A manager may refer to the <ref
+ table="Open_vSwitch" column="datapath_types"/> column of the <ref
+ table="Open_vSwitch"/> table for a list of the types accepted by this
+ Open vSwitch instance.
</column>
<column name="external_ids" key="bridge-id">
<column name="other_config" key="forward-bpdu"
type='{"type": "boolean"}'>
- Option to allow forwarding of BPDU frames when NORMAL action is
- invoked. Frames with reserved Ethernet addresses (e.g. STP
- BPDU) will be forwarded when this option is enabled and the
- switch is not providing that functionality. If STP is enabled
- on the port, STP BPDUs will never be forwarded. If the Open
- vSwitch bridge is used to connect different Ethernet networks,
- and if Open vSwitch node does not run STP, then this option
- should be enabled. Default is disabled, set to
- <code>true</code> to enable.
-
- The following destination MAC addresss will not be forwarded when this
- option is enabled.
+
+ <p>
+ Controls forwarding of BPDUs and other network control frames when
+ NORMAL action is invoked. When this option is <code>false</code> or
+ unset, frames with reserved Ethernet addresses (see table below) will
+ not be forwarded. When this option is <code>true</code>, such frames
+ will not be treated specially.
+ </p>
+
+ <p>
+ The above general rule has the following exceptions:
+ </p>
+
+ <ul>
+ <li>
+ If STP is enabled on the bridge (see the <ref column="stp_enable"
+ table="Bridge"/> column in the <ref table="Bridge"/> table), the
+ bridge processes all received STP packets and never passes them to
+ OpenFlow or forwards them. This is true even if STP is disabled on
+ an individual port.
+ </li>
+
+ <li>
+ If LLDP is enabled on an interface (see the <ref column="lldp"
+ table="Interface"/> column in the <ref table="Interface"/> table),
+ the interface processes received LLDP packets and never passes them
+ to OpenFlow or forwards them.
+ </li>
+ </ul>
+
+ <p>
+ Set this option to <code>true</code> if the Open vSwitch bridge
+ connects different Ethernet networks and is not configured to
+ participate in STP.
+ </p>
+
+ <p>
+ This option affects packets with the following destination MAC
+ addresses:
+ </p>
+
<dl>
<dt><code>01:80:c2:00:00:00</code></dt>
<dd>IEEE 802.1D Spanning Tree Protocol (STP).</dd>
</column>
</group>
- <group title="Bridge Status">
- <p>
- Status information about bridges.
- </p>
- <column name="status">
- Key-value pairs that report bridge status.
- </column>
- <column name="status" key="stp_bridge_id">
- <p>
- The bridge-id (in hex) used in spanning tree advertisements.
- Configuring the bridge-id is described in the
- <code>stp-system-id</code> and <code>stp-priority</code> keys
- of the <code>other_config</code> section earlier.
- </p>
- </column>
- <column name="status" key="stp_designated_root">
- <p>
- The designated root (in hex) for this spanning tree.
- </p>
- </column>
- <column name="status" key="stp_root_path_cost">
- <p>
- The path cost of reaching the designated bridge. A lower
- number is better.
- </p>
- </column>
- </group>
-
<group title="Common Columns">
The overall purpose of these columns is described under <code>Common
Columns</code> at the beginning of this document.
</column>
</group>
- <group title="Spanning Tree Configuration">
- <column name="other_config" key="stp-enable"
- type='{"type": "boolean"}'>
- If spanning tree is enabled on the bridge, member ports are
- enabled by default (with the exception of bond, internal, and
- mirror ports which do not work with STP). If this column's
- value is <code>false</code> spanning tree is disabled on the
- port.
- </column>
+ <group title="Spanning Tree Protocol">
+ <p>
+ The configuration here is only meaningful, and the status is only
+ populated, when 802.1D-1998 Spanning Tree Protocol is enabled on the
+ port's <ref column="Bridge"/> with its <ref column="stp_enable"/>
+ column.
+ </p>
- <column name="other_config" key="stp-port-num"
- type='{"type": "integer", "minInteger": 1, "maxInteger": 255}'>
- The port number used for the lower 8 bits of the port-id. By
- default, the numbers will be assigned automatically. If any
- port's number is manually configured on a bridge, then they
- must all be.
- </column>
+ <group title="STP Configuration">
+ <column name="other_config" key="stp-enable"
+ type='{"type": "boolean"}'>
+ When STP is enabled on a bridge, it is enabled by default on all of
+ the bridge's ports except bond, internal, and mirror ports (which do
+ not work with STP). If this column's value is <code>false</code>,
+ STP is disabled on the port.
+ </column>
- <column name="other_config" key="stp-port-priority"
- type='{"type": "integer", "minInteger": 0, "maxInteger": 255}'>
- The port's relative priority value for determining the root
- port (the upper 8 bits of the port-id). A port with a lower
- port-id will be chosen as the root port. By default, the
- priority is 0x80.
- </column>
+ <column name="other_config" key="stp-port-num"
+ type='{"type": "integer", "minInteger": 1, "maxInteger": 255}'>
+ The port number used for the lower 8 bits of the port-id. By
+ default, the numbers will be assigned automatically. If any
+ port's number is manually configured on a bridge, then they
+ must all be.
+ </column>
- <column name="other_config" key="stp-path-cost"
- type='{"type": "integer", "minInteger": 0, "maxInteger": 65535}'>
- Spanning tree path cost for the port. A lower number indicates
- a faster link. By default, the cost is based on the maximum
- speed of the link.
- </column>
+ <column name="other_config" key="stp-port-priority"
+ type='{"type": "integer", "minInteger": 0, "maxInteger": 255}'>
+ The port's relative priority value for determining the root
+ port (the upper 8 bits of the port-id). A port with a lower
+ port-id will be chosen as the root port. By default, the
+ priority is 0x80.
+ </column>
+
+ <column name="other_config" key="stp-path-cost"
+ type='{"type": "integer", "minInteger": 0, "maxInteger": 65535}'>
+ Spanning tree path cost for the port. A lower number indicates
+ a faster link. By default, the cost is based on the maximum
+ speed of the link.
+ </column>
+ </group>
+
+ <group title="STP Status">
+ <column name="status" key="stp_port_id">
+ The port ID used in spanning tree advertisements for this port, as 4
+ hex digits. Configuring the port ID is described in the
+ <code>stp-port-num</code> and <code>stp-port-priority</code> keys of
+ the <code>other_config</code> section earlier.
+ </column>
+ <column name="status" key="stp_state"
+ type='{"type": "string", "enum": ["set",
+ ["disabled", "listening", "learning",
+ "forwarding", "blocking"]]}'>
+ STP state of the port.
+ </column>
+ <column name="status" key="stp_sec_in_state"
+ type='{"type": "integer", "minInteger": 0}'>
+ The amount of time this port has been in the current STP state, in
+ seconds.
+ </column>
+ <column name="status" key="stp_role"
+ type='{"type": "string", "enum": ["set",
+ ["root", "designated", "alternate"]]}'>
+ STP role of the port.
+ </column>
+ </group>
</group>
- <group title="Rapid Spanning Tree Configuration">
- <column name="other_config" key="rstp-enable"
- type='{"type": "boolean"}'>
- If rapid spanning tree is enabled on the bridge, member ports are
- enabled by default (with the exception of bond, internal, and
- mirror ports which do not work with RSTP). If this column's
- value is <code>false</code> rapid spanning tree is disabled on the
- port.
- </column>
+ <group title="Rapid Spanning Tree Protocol">
+ <p>
+ The configuration here is only meaningful, and the status and
+ statistics are only populated, when 802.1D-1998 Spanning Tree Protocol
+ is enabled on the port's <ref column="Bridge"/> with its <ref
+ column="stp_enable"/> column.
+ </p>
- <column name="other_config" key="rstp-port-priority"
- type='{"type": "integer", "minInteger": 0, "maxInteger": 240}'>
- The port's relative priority value for determining the root
- port, in multiples of 16. By default, the port priority is 0x80
- (128). Any value in the lower 4 bits is rounded off. The significant
- upper 4 bits become the upper 4 bits of the port-id. A port with the
- lowest port-id is elected as the root.
- </column>
+ <group title="RSTP Configuration">
+ <column name="other_config" key="rstp-enable"
+ type='{"type": "boolean"}'>
+ When RSTP is enabled on a bridge, it is enabled by default on all of
+ the bridge's ports except bond, internal, and mirror ports (which do
+ not work with RSTP). If this column's value is <code>false</code>,
+ RSTP is disabled on the port.
+ </column>
- <column name="other_config" key="rstp-port-num"
- type='{"type": "integer", "minInteger": 1, "maxInteger": 4095}'>
- The local RSTP port number, used as the lower 12 bits of the port-id.
- By default the port numbers are assigned automatically, and typically
- may not correspond to the OpenFlow port numbers. A port with the
- lowest port-id is elected as the root.
- </column>
+ <column name="other_config" key="rstp-port-priority"
+ type='{"type": "integer", "minInteger": 0, "maxInteger": 240}'>
+ The port's relative priority value for determining the root port, in
+ multiples of 16. By default, the port priority is 0x80 (128). Any
+ value in the lower 4 bits is rounded off. The significant upper 4
+ bits become the upper 4 bits of the port-id. A port with the lowest
+ port-id is elected as the root.
+ </column>
- <column name="other_config" key="rstp-port-path-cost"
- type='{"type": "integer"}'>
- The port path cost. The Port's contribution, when it is
- the Root Port, to the Root Path Cost for the Bridge. By default the
- cost is automatically calculated from the port's speed.
- </column>
+ <column name="other_config" key="rstp-port-num"
+ type='{"type": "integer", "minInteger": 1, "maxInteger": 4095}'>
+ The local RSTP port number, used as the lower 12 bits of the port-id.
+ By default the port numbers are assigned automatically, and typically
+ may not correspond to the OpenFlow port numbers. A port with the
+ lowest port-id is elected as the root.
+ </column>
- <column name="other_config" key="rstp-port-admin-edge"
- type='{"type": "boolean"}'>
- The admin edge port parameter for the Port. Default is
- <code>false</code>.
- </column>
+ <column name="other_config" key="rstp-port-path-cost"
+ type='{"type": "integer"}'>
+ The port path cost. The Port's contribution, when it is
+ the Root Port, to the Root Path Cost for the Bridge. By default the
+ cost is automatically calculated from the port's speed.
+ </column>
- <column name="other_config" key="rstp-port-auto-edge"
- type='{"type": "boolean"}'>
- The auto edge port parameter for the Port. Default is
- <code>true</code>.
- </column>
+ <column name="other_config" key="rstp-port-admin-edge"
+ type='{"type": "boolean"}'>
+ The admin edge port parameter for the Port. Default is
+ <code>false</code>.
+ </column>
- <column name="other_config" key="rstp-port-mcheck"
- type='{"type": "boolean"}'>
- <p>
- The mcheck port parameter for the Port. Default is
- <code>false</code>. May be set to force the Port Protocol
- Migration state machine to transmit RST BPDUs for a
- MigrateTime period, to test whether all STP Bridges on the
- attached LAN have been removed and the Port can continue to
- transmit RSTP BPDUs. Setting mcheck has no effect if the
- Bridge is operating in STP Compatibility mode.
- </p>
- <p>
- Changing the value from <code>true</code> to
- <code>false</code> has no effect, but needs to be done if
- this behavior is to be triggered again by subsequently
- changing the value from <code>false</code> to
+ <column name="other_config" key="rstp-port-auto-edge"
+ type='{"type": "boolean"}'>
+ The auto edge port parameter for the Port. Default is
<code>true</code>.
- </p>
- </column>
+ </column>
+
+ <column name="other_config" key="rstp-port-mcheck"
+ type='{"type": "boolean"}'>
+ <p>
+ The mcheck port parameter for the Port. Default is
+ <code>false</code>. May be set to force the Port Protocol
+ Migration state machine to transmit RST BPDUs for a
+ MigrateTime period, to test whether all STP Bridges on the
+ attached LAN have been removed and the Port can continue to
+ transmit RSTP BPDUs. Setting mcheck has no effect if the
+ Bridge is operating in STP Compatibility mode.
+ </p>
+ <p>
+ Changing the value from <code>true</code> to
+ <code>false</code> has no effect, but needs to be done if
+ this behavior is to be triggered again by subsequently
+ changing the value from <code>false</code> to
+ <code>true</code>.
+ </p>
+ </column>
+ </group>
+
+ <group title="RSTP Status">
+ <column name="rstp_status" key="rstp_port_id">
+ The port ID used in spanning tree advertisements for this port, as 4
+ hex digits. Configuring the port ID is described in the
+ <code>rstp-port-num</code> and <code>rstp-port-priority</code> keys
+ of the <code>other_config</code> section earlier.
+ </column>
+ <column name="rstp_status" key="rstp_port_role"
+ type='{"type": "string", "enum": ["set",
+ ["Root", "Designated", "Alternate", "Backup", "Disabled"]]}'>
+ RSTP role of the port.
+ </column>
+ <column name="rstp_status" key="rstp_port_state"
+ type='{"type": "string", "enum": ["set",
+ ["Disabled", "Learning", "Forwarding", "Discarding"]]}'>
+ RSTP state of the port.
+ </column>
+ <column name="rstp_status" key="rstp_designated_bridge_id">
+ The port's RSTP designated bridge ID, in the same form as <ref
+ column="rstp_status" key="rstp_bridge_id"/> in the <ref
+ table="Bridge"/> table.
+ </column>
+ <column name="rstp_status" key="rstp_designated_port_id">
+ The port's RSTP designated port ID, as 4 hex digits.
+ </column>
+ <column name="rstp_status" key="rstp_designated_path_cost"
+ type='{"type": "integer"}'>
+ The port's RSTP designated path cost. Lower is better.
+ </column>
+ </group>
+
+ <group title="RSTP Statistics">
+ <column name="rstp_statistics" key="rstp_tx_count">
+ Number of RSTP BPDUs transmitted through this port.
+ </column>
+ <column name="rstp_statistics" key="rstp_rx_count">
+ Number of valid RSTP BPDUs received by this port.
+ </column>
+ <column name="rstp_statistics" key="rstp_error_count">
+ Number of invalid RSTP BPDUs received by this port.
+ </column>
+ <column name="rstp_statistics" key="rstp_uptime">
+ The duration covered by the other RSTP statistics, in seconds.
+ </column>
+ </group>
</group>
<group title="Multicast Snooping">
<column name="other_config" key="mcast-snooping-flood"
type='{"type": "boolean"}'>
<p>
- If set to <code>true</code>, multicast packets are unconditionally
+ If set to <code>true</code>, multicast packets (except Reports) are
+ unconditionally forwarded to the specific port.
+ </p>
+ </column>
+ <column name="other_config" key="mcast-snooping-flood-reports"
+ type='{"type": "boolean"}'>
+ <p>
+ If set to <code>true</code>, multicast Reports are unconditionally
forwarded to the specific port.
</p>
</column>
</column>
</group>
- <group title="Port Status">
- <p>
- Status information about ports attached to bridges.
- </p>
- <column name="status">
- Key-value pairs that report port status.
- </column>
- <column name="status" key="stp_port_id">
- <p>
- The port-id (in hex) used in spanning tree advertisements for
- this port. Configuring the port-id is described in the
- <code>stp-port-num</code> and <code>stp-port-priority</code>
- keys of the <code>other_config</code> section earlier.
- </p>
- </column>
- <column name="status" key="stp_state"
- type='{"type": "string", "enum": ["set",
- ["disabled", "listening", "learning",
- "forwarding", "blocking"]]}'>
- <p>
- STP state of the port.
- </p>
- </column>
- <column name="status" key="stp_sec_in_state"
- type='{"type": "integer", "minInteger": 0}'>
- <p>
- The amount of time (in seconds) port has been in the current
- STP state.
- </p>
- </column>
- <column name="status" key="stp_role"
- type='{"type": "string", "enum": ["set",
- ["root", "designated", "alternate"]]}'>
- <p>
- STP role of the port.
- </p>
- </column>
-
- <column name="status" key="bond_active_slave">
- <p>
- For a bonded port, record the mac address of the current active slave.
- </p>
- </column>
-
- </group>
+ <column name="bond_active_slave">
+ For a bonded port, record the mac address of the current active slave.
+ </column>
<group title="Port Statistics">
<p>
<group title="System-Specific Details">
<column name="type">
<p>
- The interface type, one of:
+ The interface type. The types supported by a particular instance of
+ Open vSwitch are listed in the <ref table="Open_vSwitch"
+ column="iface_types"/> column in the <ref table="Open_vSwitch"/>
+ table. The following types are defined:
</p>
<dl>
<dt><code>geneve</code></dt>
<dd>
- An Ethernet over Geneve (<code>http://tools.ietf.org/html/draft-gross-geneve-00</code>)
+ An Ethernet over Geneve (<code>http://tools.ietf.org/html/draft-ietf-nvo3-geneve-00</code>)
IPv4 tunnel.
- Geneve supports options as a means to transport additional metadata,
- however, currently only the 24-bit VNI is supported. This is planned
- to be extended in the future.
+ A description of how to match and set Geneve options can be found
+ in the <code>ovs-ofctl</code> manual page.
</dd>
<dt><code>gre</code></dt>
IPsec tunnel.
</dd>
- <dt><code>gre64</code></dt>
- <dd>
- It is same as GRE, but it allows 64 bit key. To store higher 32-bits
- of key, it uses GRE protocol sequence number field. This is non
- standard use of GRE protocol since OVS does not increment
- sequence number for every packet at time of encap as expected by
- standard GRE implementation. See <ref group="Tunnel Options"/>
- for information on configuring GRE tunnels.
- </dd>
-
- <dt><code>ipsec_gre64</code></dt>
- <dd>
- Same as IPSEC_GRE except 64 bit key.
- </dd>
-
<dt><code>vxlan</code></dt>
<dd>
<p>
- An Ethernet tunnel over the experimental, UDP-based VXLAN
- protocol described at
- <code>http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-03</code>.
+ An Ethernet tunnel over the UDP-based VXLAN protocol described in
+ RFC 7348.
</p>
<p>
Open vSwitch uses UDP destination port 4789. The source port used for
</p>
</dd>
+ <dt><code>stt</code></dt>
+ <dd>
+ The Stateless TCP Tunnel (STT) is particularly useful when tunnel
+ endpoints are in end-systems, as it utilizes the capabilities of
+ standard network interface cards to improve performance. STT utilizes
+ a TCP-like header inside the IP header. It is stateless, i.e., there is
+ no TCP connection state of any kind associated with the tunnel. The
+ TCP-like header is used to leverage the capabilities of existing
+ network interface cards, but should not be interpreted as implying
+ any sort of connection state between endpoints.
+ Since the STT protocol does not engage in the usual TCP 3-way handshake,
+ so it will have difficulty traversing stateful firewalls.
+ The protocol is documented at
+ http://www.ietf.org/archive/id/draft-davie-stt-06.txt
+
+ All traffic uses a default destination port of 7471. STT is only
+ available in kernel datapath on kernel 3.5 or newer.
+ </dd>
+
<dt><code>patch</code></dt>
<dd>
A pair of virtual devices that act as a patch cable.
<p>
These options apply to interfaces with <ref column="type"/> of
<code>geneve</code>, <code>gre</code>, <code>ipsec_gre</code>,
- <code>gre64</code>, <code>ipsec_gre64</code>, <code>vxlan</code>,
- and <code>lisp</code>.
+ <code>vxlan</code>, <code>lisp</code> and <code>stt</code>.
</p>
<p>
</li>
<li>
A positive 24-bit (for Geneve, VXLAN, and LISP), 32-bit (for GRE)
- or 64-bit (for GRE64) number. The tunnel receives only packets
- with the specified key.
+ or 64-bit (for STT) number. The tunnel receives only
+ packets with the specified key.
</li>
<li>
The word <code>flow</code>. The tunnel accepts packets with any
</li>
<li>
A positive 24-bit (for Geneve, VXLAN and LISP), 32-bit (for GRE) or
- 64-bit (for GRE64) number. Packets sent through the tunnel will
- have the specified key.
+ 64-bit (for STT) number. Packets sent through the tunnel
+ will have the specified key.
</li>
<li>
The word <code>flow</code>. Packets sent through the tunnel will
to <code>false</code> to disable.
</column>
- <group title="Tunnel Options: gre and ipsec_gre only">
+ <group title="Tunnel Options: vxlan only">
+
+ <column name="options" key="exts">
+ <p>Optional. Comma separated list of optional VXLAN extensions to
+ enable. The following extensions are supported:</p>
+
+ <ul>
+ <li>
+ <code>gbp</code>: VXLAN-GBP allows to transport the group policy
+ context of a packet across the VXLAN tunnel to other network
+ peers. See the field description of <code>tun_gbp_id</code> and
+ <code>tun_gbp_flags</code> in ovs-ofctl(8) for additional
+ information.
+ (<code>https://tools.ietf.org/html/draft-smith-vxlan-group-policy</code>)
+ </li>
+ </ul>
+ </column>
+
+ </group>
+
+ <group title="Tunnel Options: gre, ipsec_gre, geneve, and vxlan">
<p>
- Only <code>gre</code> and <code>ipsec_gre</code> interfaces support
- these options.
+ <code>gre</code>, <code>ipsec_gre</code>, <code>geneve</code>, and
+ <code>vxlan</code> interfaces support these options.
</p>
<column name="options" key="csum" type='{"type": "boolean"}'>
<p>
- Optional. Compute GRE checksums on outgoing packets. Default is
- disabled, set to <code>true</code> to enable. Checksums present on
- incoming packets will be validated regardless of this setting.
+ Optional. Compute encapsulation header (either GRE or UDP)
+ checksums on outgoing packets. Default is disabled, set to
+ <code>true</code> to enable. Checksums present on incoming
+ packets will be validated regardless of this setting.
</p>
- <p>
- GRE checksums impose a significant performance penalty because they
- cover the entire packet. The encapsulated L3, L4, and L7 packet
- contents typically have their own checksums, so this additional
- checksum only adds value for the GRE and encapsulated L2 headers.
+ <p>
+ When using the upstream Linux kernel module, computation of
+ checksums for <code>geneve</code> and <code>vxlan</code> requires
+ Linux kernel version 4.0 or higher. <code>gre</code> supports
+ checksums for all versions of Open vSwitch that support GRE.
+ The out of tree kernel module distributed as part of OVS
+ can compute all tunnel checksums on any kernel version that it
+ is compatible with.
</p>
<p>
</column>
</group>
+ <group title="Auto Attach Configuration">
+ <p>
+ Auto Attach configuration for a particular interface.
+ </p>
+
+ <column name="lldp" key="enable" type='{"type": "boolean"}'>
+ True to enable LLDP on this <ref table="Interface"/>. If not
+ specified, LLDP will be disabled by default.
+ </column>
+ </group>
+
<group title="Common Columns">
The overall purpose of these columns is described under <code>Common
Columns</code> at the beginning of this document.
dump-tables</code>. The name does not affect switch behavior.
</column>
- <column name="flow_limit">
- If set, limits the number of flows that may be added to the table. Open
- vSwitch may limit the number of flows in a table for other reasons,
- e.g. due to hardware limitations or for resource availability or
- performance reasons.
- </column>
-
- <column name="overflow_policy">
+ <group title="Eviction Policy">
<p>
- Controls the switch's behavior when an OpenFlow flow table modification
- request would add flows in excess of <ref column="flow_limit"/>. The
- supported values are:
+ Open vSwitch supports limiting the number of flows that may be
+ installed in a flow table, via the <ref column="flow_limit"/> column.
+ When adding a flow would exceed this limit, by default Open vSwitch
+ reports an error, but there are two ways to configure Open vSwitch to
+ instead delete (``evict'') a flow to make room for the new one:
</p>
- <dl>
- <dt><code>refuse</code></dt>
- <dd>
- Refuse to add the flow or flows. This is also the default policy
- when <ref column="overflow_policy"/> is unset.
- </dd>
-
- <dt><code>evict</code></dt>
- <dd>
- Delete the flow that will expire soonest. See <ref column="groups"/>
- for details.
- </dd>
- </dl>
- </column>
+ <ul>
+ <li>
+ Set the <ref column="overflow_policy"/> column to <code>evict</code>.
+ </li>
- <column name="groups">
- <p>
- When <ref column="overflow_policy"/> is <code>evict</code>, this
- controls how flows are chosen for eviction when the flow table would
- otherwise exceed <ref column="flow_limit"/> flows. Its value is a set
- of NXM fields or sub-fields, each of which takes one of the forms
- <code><var>field</var>[]</code> or
- <code><var>field</var>[<var>start</var>..<var>end</var>]</code>,
- e.g. <code>NXM_OF_IN_PORT[]</code>. Please see
- <code>nicira-ext.h</code> for a complete list of NXM field names.
- </p>
+ <li>
+ Send an OpenFlow 1.4+ ``table mod request'' to enable eviction for
+ the flow table (e.g. <code>ovs-ofctl -O OpenFlow14 mod-table br0 0
+ evict</code> to enable eviction on flow table 0 of bridge
+ <code>br0</code>).
+ </li>
+ </ul>
<p>
When a flow must be evicted due to overflow, the flow to evict is
- chosen through an approximation of the following algorithm:
+ chosen through an approximation of the following algorithm. This
+ algorithm is used regardless of how eviction was enabled:
</p>
<ol>
<li>
Divide the flows in the table into groups based on the values of the
- specified fields or subfields, so that all of the flows in a given
- group have the same values for those fields. If a flow does not
- specify a given field, that field's value is treated as 0.
+ fields or subfields specified in the <ref column="groups"/> column,
+ so that all of the flows in a given group have the same values for
+ those fields. If a flow does not specify a given field, that field's
+ value is treated as 0. If <ref column="groups"/> is empty, then all
+ of the flows in the flow table are treated as a single group.
</li>
<li>
those groups.
</li>
+ <li>
+ If the flows under consideration have different importance values,
+ eliminate from consideration any flows except those with the lowest
+ importance. (``Importance,'' a 16-bit integer value attached to each
+ flow, was introduced in OpenFlow 1.4. Flows inserted with older
+ versions of OpenFlow always have an importance of 0.)
+ </li>
+
<li>
Among the flows under consideration, choose the flow that expires
soonest for eviction.
</ol>
<p>
- The eviction process only considers flows that have an idle timeout or
- a hard timeout. That is, eviction never deletes permanent flows.
+ The eviction process only considers flows that have an idle timeout
+ or a hard timeout. That is, eviction never deletes permanent flows.
(Permanent flows do count against <ref column="flow_limit"/>.)
</p>
- <p>
- Open vSwitch ignores any invalid or unknown field specifications.
- </p>
+ <column name="flow_limit">
+ If set, limits the number of flows that may be added to the table.
+ Open vSwitch may limit the number of flows in a table for other
+ reasons, e.g. due to hardware limitations or for resource availability
+ or performance reasons.
+ </column>
- <p>
- When <ref column="overflow_policy"/> is not <code>evict</code>, this
- column has no effect.
- </p>
- </column>
+ <column name="overflow_policy">
+ <p>
+ Controls the switch's behavior when an OpenFlow flow table
+ modification request would add flows in excess of <ref
+ column="flow_limit"/>. The supported values are:
+ </p>
- <column name="prefixes">
- <p>
- This string set specifies which fields should be used for
- address prefix tracking. Prefix tracking allows the
- classifier to skip rules with longer than necessary prefixes,
- resulting in better wildcarding for datapath flows.
- </p>
- <p>
- Prefix tracking may be beneficial when a flow table contains
- matches on IP address fields with different prefix lengths.
- For example, when a flow table contains IP address matches on
- both full addresses and proper prefixes, the full address
- matches will typically cause the datapath flow to un-wildcard
- the whole address field (depending on flow entry priorities).
- In this case each packet with a different address gets handed
- to the userspace for flow processing and generates its own
- datapath flow. With prefix tracking enabled for the address
- field in question packets with addresses matching shorter
- prefixes would generate datapath flows where the irrelevant
- address bits are wildcarded, allowing the same datapath flow
- to handle all the packets within the prefix in question. In
- this case many userspace upcalls can be avoided and the
- overall performance can be better.
- </p>
- <p>
- This is a performance optimization only, so packets will
- receive the same treatment with or without prefix tracking.
- </p>
- <p>
- The supported fields are: <code>tun_id</code>,
- <code>tun_src</code>, <code>tun_dst</code>,
- <code>nw_src</code>, <code>nw_dst</code> (or aliases
- <code>ip_src</code> and <code>ip_dst</code>),
- <code>ipv6_src</code>, and <code>ipv6_dst</code>. (Using this
- feature for <code>tun_id</code> would only make sense if the
- tunnel IDs have prefix structure similar to IP addresses.)
- </p>
+ <dl>
+ <dt><code>refuse</code></dt>
+ <dd>
+ Refuse to add the flow or flows. This is also the default policy
+ when <ref column="overflow_policy"/> is unset.
+ </dd>
- <p>
- By default, the <code>prefixes=ip_dst,ip_src</code> are used
- on each flow table. This instructs the flow classifier to
- track the IP destination and source addresses used by the
- rules in this specific flow table.
- </p>
+ <dt><code>evict</code></dt>
+ <dd>
+ Delete a flow chosen according to the algorithm described above.
+ </dd>
+ </dl>
+ </column>
- <p>
- The keyword <code>none</code> is recognized as an explicit
- override of the default values, causing no prefix fields to be
- tracked.
- </p>
+ <column name="groups">
+ <p>
+ When <ref column="overflow_policy"/> is <code>evict</code>, this
+ controls how flows are chosen for eviction when the flow table would
+ otherwise exceed <ref column="flow_limit"/> flows. Its value is a
+ set of NXM fields or sub-fields, each of which takes one of the forms
+ <code><var>field</var>[]</code> or
+ <code><var>field</var>[<var>start</var>..<var>end</var>]</code>,
+ e.g. <code>NXM_OF_IN_PORT[]</code>. Please see
+ <code>nicira-ext.h</code> for a complete list of NXM field names.
+ </p>
- <p>
- To set the prefix fields, the flow table record needs to
- exist:
- </p>
+ <p>
+ Open vSwitch ignores any invalid or unknown field specifications.
+ </p>
- <dl>
- <dt><code>ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create Flow_Table name=table0</code></dt>
- <dd>
- Creates a flow table record for the OpenFlow table number 0.
- </dd>
+ <p>
+ When eviction is not enabled, via <ref column="overflow_policy"/> or
+ an OpenFlow 1.4+ ``table mod,'' this column has no effect.
+ </p>
+ </column>
+ </group>
- <dt><code>ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src</code></dt>
- <dd>
- Enables prefix tracking for IP source and destination
- address fields.
- </dd>
- </dl>
+ <group title="Classifier Optimization">
+ <column name="prefixes">
+ <p>
+ This string set specifies which fields should be used for
+ address prefix tracking. Prefix tracking allows the
+ classifier to skip rules with longer than necessary prefixes,
+ resulting in better wildcarding for datapath flows.
+ </p>
+ <p>
+ Prefix tracking may be beneficial when a flow table contains
+ matches on IP address fields with different prefix lengths.
+ For example, when a flow table contains IP address matches on
+ both full addresses and proper prefixes, the full address
+ matches will typically cause the datapath flow to un-wildcard
+ the whole address field (depending on flow entry priorities).
+ In this case each packet with a different address gets handed
+ to the userspace for flow processing and generates its own
+ datapath flow. With prefix tracking enabled for the address
+ field in question packets with addresses matching shorter
+ prefixes would generate datapath flows where the irrelevant
+ address bits are wildcarded, allowing the same datapath flow
+ to handle all the packets within the prefix in question. In
+ this case many userspace upcalls can be avoided and the
+ overall performance can be better.
+ </p>
+ <p>
+ This is a performance optimization only, so packets will
+ receive the same treatment with or without prefix tracking.
+ </p>
+ <p>
+ The supported fields are: <code>tun_id</code>,
+ <code>tun_src</code>, <code>tun_dst</code>,
+ <code>nw_src</code>, <code>nw_dst</code> (or aliases
+ <code>ip_src</code> and <code>ip_dst</code>),
+ <code>ipv6_src</code>, and <code>ipv6_dst</code>. (Using this
+ feature for <code>tun_id</code> would only make sense if the
+ tunnel IDs have prefix structure similar to IP addresses.)
+ </p>
- <p>
- There is a maximum number of fields that can be enabled for any
- one flow table. Currently this limit is 3.
- </p>
- </column>
+ <p>
+ By default, the <code>prefixes=ip_dst,ip_src</code> are used
+ on each flow table. This instructs the flow classifier to
+ track the IP destination and source addresses used by the
+ rules in this specific flow table.
+ </p>
+
+ <p>
+ The keyword <code>none</code> is recognized as an explicit
+ override of the default values, causing no prefix fields to be
+ tracked.
+ </p>
+
+ <p>
+ To set the prefix fields, the flow table record needs to
+ exist:
+ </p>
+
+ <dl>
+ <dt><code>ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create Flow_Table name=table0</code></dt>
+ <dd>
+ Creates a flow table record for the OpenFlow table number 0.
+ </dd>
+
+ <dt><code>ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src</code></dt>
+ <dd>
+ Enables prefix tracking for IP source and destination
+ address fields.
+ </dd>
+ </dl>
+
+ <p>
+ There is a maximum number of fields that can be enabled for any
+ one flow table. Currently this limit is 3.
+ </p>
+ </column>
+ </group>
<group title="Common Columns">
The overall purpose of these columns is described under <code>Common
information on how this classifier works.
</dd>
</dl>
+ <dl>
+ <dt><code>linux-sfq</code></dt>
+ <dd>
+ Linux ``Stochastic Fairness Queueing'' classifier. See
+ <code>tc-sfq</code>(8) (also at
+ <code>http://linux.die.net/man/8/tc-sfq</code>) for information on
+ how this classifier works.
+ </dd>
+ </dl>
+ <dl>
+ <dt><code>linux-codel</code></dt>
+ <dd>
+ Linux ``Controlled Delay'' classifier. See <code>tc-codel</code>(8)
+ (also at
+ <code>http://man7.org/linux/man-pages/man8/tc-codel.8.html</code>)
+ for information on how this classifier works.
+ </dd>
+ </dl>
+ <dl>
+ <dt><code>linux-fq_codel</code></dt>
+ <dd>
+ Linux ``Fair Queuing with Controlled Delay'' classifier. See
+ <code>tc-fq_codel</code>(8) (also at
+ <code>http://man7.org/linux/man-pages/man8/tc-fq_codel.8.html</code>)
+ for information on how this classifier works.
+ </dd>
+ </dl>
</column>
<column name="queues">
traffic may also be referred to as SPAN or RSPAN, depending on how
the mirrored traffic is sent.</p>
+ <p>
+ When a packet enters an Open vSwitch bridge, it becomes eligible for
+ mirroring based on its ingress port and VLAN. As the packet travels
+ through the flow tables, each time it is output to a port, it becomes
+ eligible for mirroring based on the egress port and VLAN. In Open
+ vSwitch 2.5 and later, mirroring occurs just after a packet first becomes
+ eligible, using the packet as it exists at that point; in Open vSwitch
+ 2.4 and earlier, mirroring occurs only after a packet has traversed all
+ the flow tables, using the original packet as it entered the bridge.
+ This makes a difference only when the flow table modifies the packet: in
+ Open vSwitch 2.4, the modifications are never visible to mirrors, whereas
+ in Open vSwitch 2.5 and later modifications made before the first output
+ that makes it eligible for mirroring to a particular destination are
+ visible.
+ </p>
+
+ <p>
+ A packet that enters an Open vSwitch bridge is mirrored to a particular
+ destination only once, even if it is eligible for multiple reasons. For
+ example, a packet would be mirrored to a particular <ref
+ column="output_port"/> only once, even if it is selected for mirroring to
+ that port by <ref column="select_dst_port"/> and <ref
+ column="select_src_port"/> in the same or different <ref table="Mirror"/>
+ records.
+ </p>
+
<column name="name">
Arbitrary identifier for the <ref table="Mirror"/>.
</column>
column="ssl"/> column in the <ref table="Open_vSwitch"/>
table must point to a valid SSL configuration when this form
is used.</p>
- <p>If <var>port</var> is not specified, it currently
- defaults to 6633. In the future, the default will change to
- 6653, which is the IANA-defined value.</p>
+ <p>If <var>port</var> is not specified, it defaults to 6653.</p>
<p>SSL support is an optional feature that is not always built as
part of Open vSwitch.</p>
</dd>
<var>ip</var>, which must be expressed as an IP address (not a
DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
<var>ip</var> is an IPv6 address, wrap it in square brackets,
- e.g. <code>tcp:[::1]:6632</code>.
+ e.g. <code>tcp:[::1]:6653</code>.
</p>
<p>
- If <var>port</var> is not specified, it currently defaults to
- 6633. In the future, the default will change to 6653, which is
- the IANA-defined value.
+ If <var>port</var> is not specified, it defaults to 6653.
</p>
</dd>
</dl>
DNS name), is specified, then connections are restricted to the
specified local IP address (either IPv4 or IPv6). If
<var>ip</var> is an IPv6 address, wrap it in square brackets,
- e.g. <code>pssl:6632:[::1]</code>.
+ e.g. <code>pssl:6653:[::1]</code>.
</p>
<p>
- If <var>port</var> is not specified, it currently defaults to
- 6633. If <var>ip</var> is not specified then it listens only on
+ If <var>port</var> is not specified, it defaults to
+ 6653. If <var>ip</var> is not specified then it listens only on
IPv4 (but not IPv6) addresses. The
<ref table="Open_vSwitch" column="ssl"/>
column in the <ref table="Open_vSwitch"/> table must point to a
valid SSL configuration when this form is used.
</p>
<p>
- If <var>port</var> is not specified, it currently defaults to
- 6633. In the future, the default will change to 6653, which is
- the IANA-defined value.
+ If <var>port</var> is not specified, it currently to 6653.
</p>
<p>
SSL support is an optional feature that is not always built as
DNS name), is specified, then connections are restricted to the
specified local IP address (either IPv4 or IPv6). If
<var>ip</var> is an IPv6 address, wrap it in square brackets,
- e.g. <code>ptcp:6632:[::1]</code>. If <var>ip</var> is not
+ e.g. <code>ptcp:6653:[::1]</code>. If <var>ip</var> is not
specified then it listens only on IPv4 addresses.
</p>
<p>
- If <var>port</var> is not specified, it currently defaults to
- 6633. In the future, the default will change to 6653, which is
- the IANA-defined value.
+ If <var>port</var> is not specified, it defaults to 6653.
</p>
</dd>
</dl>
form is used.
</p>
<p>
- If <var>port</var> is not specified, it currently defaults
- to 6632. In the future, the default will change to 6640,
- which is the IANA-defined value.
+ If <var>port</var> is not specified, it defaults to 6640.
</p>
<p>
SSL support is an optional feature that is not always
<var>ip</var>, which must be expressed as an IP address (not a
DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
<var>ip</var> is an IPv6 address, wrap it in square brackets,
- e.g. <code>tcp:[::1]:6632</code>.
+ e.g. <code>tcp:[::1]:6640</code>.
</p>
<p>
- If <var>port</var> is not specified, it currently defaults
- to 6632. In the future, the default will change to 6640,
- which is the IANA-defined value.
+ If <var>port</var> is not specified, it defaults to 6640.
</p>
</dd>
<dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
connections are restricted to the specified local IP address
(either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
address, wrap in square brackets,
- e.g. <code>pssl:6632:[::1]</code>. If <var>ip</var> is not
+ e.g. <code>pssl:6640:[::1]</code>. If <var>ip</var> is not
specified then it listens only on IPv4 (but not IPv6) addresses.
The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
table="Open_vSwitch"/> table must point to a valid SSL
configuration when this form is used.
</p>
<p>
- If <var>port</var> is not specified, it currently defaults
- to 6632. In the future, the default will change to 6640,
- which is the IANA-defined value.
+ If <var>port</var> is not specified, it defaults to 6640.
</p>
<p>
SSL support is an optional feature that is not always built as
connections are restricted to the specified local IP address
(either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
address, wrap it in square brackets,
- e.g. <code>ptcp:6632:[::1]</code>. If <var>ip</var> is not
+ e.g. <code>ptcp:6640:[::1]</code>. If <var>ip</var> is not
specified then it listens only on IPv4 addresses.
</p>
<p>
- If <var>port</var> is not specified, it currently defaults
- to 6632. In the future, the default will change to 6640,
- which is the IANA-defined value.
+ If <var>port</var> is not specified, it defaults to 6640.
</p>
</dd>
</dl>
<p>data type semantics: identifier.</p>
<p>description: Key which is used for identifying an individual
traffic flow within a VxLAN (24-bit VNI), GENEVE (24-bit VNI),
- GRE (32- or 64-bit key), or LISP (24-bit instance ID) tunnel. The
+ GRE (32-bit key), or LISP (24-bit instance ID) tunnel. The
key is encoded in this octetarray as a 3-, 4-, or 8-byte integer
ID in network byte order.</p>
</dd>
</group>
</table>
+ <table name="AutoAttach">
+ <p>Auto Attach configuration within a bridge. The IETF Auto-Attach SPBM
+ draft standard describes a compact method of using IEEE 802.1AB Link
+ Layer Discovery Protocol (LLDP) together with a IEEE 802.1aq Shortest
+ Path Bridging (SPB) network to automatically attach network devices
+ to individual services in a SPB network. The intent here is to allow
+ network applications and devices using OVS to be able to easily take
+ advantage of features offered by industry standard SPB networks.</p>
+
+ <p>Auto Attach (AA) uses LLDP to communicate between a directly connected
+ Auto Attach Client (AAC) and Auto Attach Server (AAS). The LLDP protocol
+ is extended to add two new Type-Length-Value tuples (TLVs). The first
+ new TLV supports the ongoing discovery of directly connected AA
+ correspondents. Auto Attach operates by regularly transmitting AA
+ discovery TLVs between the AA client and AA server. By exchanging these
+ discovery messages, both the AAC and AAS learn the system name and
+ system description of their peer. In the OVS context, OVS operates as
+ the AA client and the AA server resides on a switch at the edge of the
+ SPB network.</p>
+
+ <p>Once AA discovery has been completed the AAC then uses the
+ second new TLV to deliver identifier mappings from the AAC to the AAS. A primary
+ feature of Auto Attach is to facilitate the mapping of VLANs defined
+ outside the SPB network onto service ids (ISIDs) defined within the SPM
+ network. By doing so individual external VLANs can be mapped onto
+ specific SPB network services. These VLAN id to ISID mappings can be
+ configured and managed locally using new options added to the ovs-vsctl
+ command.</p>
+
+ <p>The Auto Attach OVS feature does not provide a full implementation of
+ the LLDP protocol. Support for the mandatory TLVs as defined by the LLDP
+ standard and support for the AA TLV extensions is provided. LLDP
+ protocol support in OVS can be enabled or disabled on a port by port
+ basis. LLDP support is disabled by default.</p>
+
+ <column name="system_name">
+ The system_name string is exported in LLDP messages. It should uniquely
+ identify the bridge in the network.
+ </column>
+
+ <column name="system_description">
+ The system_description string is exported in LLDP messages. It should
+ describe the type of software and hardware.
+ </column>
+
+ <column name="mappings">
+ A mapping from SPB network Individual Service Identifier (ISID) to VLAN id.
+ </column>
+ </table>
</database>
projects / cascardo / ovs.git / blobdiff