host as displayed by <code>xe host-list</code>.
</column>
+ <column name="other_config" key="stats-update-interval"
+ type='{"type": "integer", "minInteger": 5000}'>
+ <p>
+ Interval for updating statistics to the database, in milliseconds.
+ This option will affect the update of the <code>statistics</code>
+ column in the following tables: <code>Port</code>, <code>Interface
+ </code>, <code>Mirror</code>.
+ </p>
+ <p>
+ Default value is 5000 ms.
+ </p>
+ <p>
+ Getting statistics more frequently can be achieved via OpenFlow.
+ </p>
+ </column>
+
<column name="other_config" key="flow-restore-wait"
type='{"type": "boolean"}'>
<p>
</p>
</column>
- <column name="other_config" key="flow-eviction-threshold"
+ <column name="other_config" key="flow-limit"
type='{"type": "integer", "minInteger": 0}'>
<p>
- A number of flows as a nonnegative integer. This sets number of
- flows at which eviction from the datapath flow table will be
- triggered. If there are a large number of flows then increasing this
- value to around the number of flows present can result in reduced CPU
- usage and packet loss.
+ The maximum
+ number of flows allowed in the datapath flow table. Internally OVS
+ will choose a flow limit which will likely be lower than this number,
+ based on real time network conditions.
+ </p>
+ <p>
+ The default is 200000.
</p>
+ </column>
+
+ <column name="other_config" key="n-dpdk-rxqs"
+ type='{"type": "integer", "minInteger": 1}'>
<p>
- The default is 2500. Values below 100 will be rounded up to 100.
+ Specifies the number of rx queues to be created for each dpdk
+ interface. If not specified or specified to 0, one rx queue will
+ be created for each dpdk interface by default.
</p>
</column>
- <column name="other_config" key="force-miss-model">
+ <column name="other_config" key="pmd-cpu-mask">
<p>
- Specifies userspace behaviour for handling flow misses. This takes
- precedence over flow-eviction-threshold.
+ Specifies CPU mask for setting the cpu affinity of PMD (Poll
+ Mode Driver) threads. Value should be in the form of hex string,
+ similar to the dpdk EAL '-c COREMASK' option input or the 'taskset'
+ mask input.
</p>
<p>
- <dl>
- <dt><code>auto</code></dt>
- <dd>Handle automatically based on the flow-eviction-threshold and
- the flow setup governer (default, recommended).</dd>
- <dt><code>with-facets</code></dt>
- <dd>Always create facets. Expensive kernel flow creation and
- statistics tracking is always performed, even on flows with only
- a small number of packets.</dd>
- <dt><code>without-facets</code></dt>
- <dd>Always handle without facets. Forces flow misses to be handled
- in userspace. May cause an increase in CPU usage and packet loss
- on high throughput.</dd>
- </dl>
+ The lowest order bit corresponds to the first CPU core. A set bit
+ means the corresponding core is available. If the input does not
+ cover all cores, those uncovered cores are considered not set.
+ </p>
+ <p>
+ If not specified, one pmd thread will be created for each numa node
+ and pinned to any available core on the numa node by default.
</p>
</column>
type='{"type": "integer", "minInteger": 1}'>
<p>
Specifies the number of threads for software datapaths to use for
- handling new flows. The default is two less than the number of
- online CPU cores (but at least 1).
+ handling new flows. The default the number of online CPU cores minus
+ the number of revalidators.
+ </p>
+ <p>
+ This configuration is per datapath. If you have more than one
+ software datapath (e.g. some <code>system</code> bridges and some
+ <code>netdev</code> bridges), then the total number of threads is
+ <code>n-handler-threads</code> times the number of software
+ datapaths.
+ </p>
+ </column>
+
+ <column name="other_config" key="n-revalidator-threads"
+ type='{"type": "integer", "minInteger": 1}'>
+ <p>
+ Specifies the number of threads for software datapaths to use for
+ revalidating flows in the datapath. Typically, there is a direct
+ correlation between the number of revalidator threads, and the number
+ of flows allowed in the datapath. The default is the number of cpu
+ cores divided by four plus one. If <code>n-handler-threads</code> is
+ set, the default changes to the number of cpu cores minus the number
+ of handler threads.
</p>
<p>
This configuration is per datapath. If you have more than one
</column>
<column name="protocols">
- List of OpenFlow protocols that may be used when negotiating a
- connection with a controller. A default value of
- <code>OpenFlow10</code> will be used if this column is empty.
+ <p>
+ List of OpenFlow protocols that may be used when negotiating
+ a connection with a controller. OpenFlow 1.0, 1.1, 1.2, and
+ 1.3 are enabled by default if this column is empty.
+ </p>
+
+ <p>
+ OpenFlow 1.4 is not enabled by default because its implementation is
+ missing features.
+ </p>
+
+ <p>
+ OpenFlow 1.5 has the same risks as OpenFlow 1.4, but it is even more
+ experimental because the OpenFlow 1.5 specification is still under
+ development and thus subject to change. Pass
+ <code>--enable-of15</code> to <code>ovs-vswitchd</code> to allow
+ OpenFlow 1.5 to be enabled.
+ </p>
</column>
</group>
be included in the network to provide automatic backup paths if
the active links fails.
- <column name="stp_enable">
+ <column name="stp_enable" type='{"type": "boolean"}'>
Enable spanning tree on the bridge. By default, STP is disabled
on bridges. Bond, internal, and mirror ports are not supported
and will not participate in the spanning tree.
ports to <code>forwarding</code>, in seconds. By default, the
forwarding delay is 15 seconds.
</column>
+
+ <column name="other_config" key="mcast-snooping-aging-time"
+ type='{"type": "integer", "minInteger": 1}'>
+ <p>
+ The maximum number of seconds to retain a multicast snooping entry for
+ which no packets have been seen. The default is currently 300
+ seconds (5 minutes). The value, if specified, is forced into a
+ reasonable range, currently 15 to 3600 seconds.
+ </p>
+ </column>
+
+ <column name="other_config" key="mcast-snooping-table-size"
+ type='{"type": "integer", "minInteger": 1}'>
+ <p>
+ The maximum number of multicast snooping addresses to learn. The
+ default is currently 2048. The value, if specified, is forced into
+ a reasonable range, currently 10 to 1,000,000.
+ </p>
+ </column>
+ <column name="other_config" key="mcast-snooping-disable-flood-unregistered"
+ type='{"type": "boolean"}'>
+ <p>
+ If set to <code>false</code>, unregistered multicast packets are forwarded
+ to all ports.
+ If set to <code>true</code>, unregistered multicast packets are forwarded
+ to ports connected to multicast routers.
+ </p>
+ </column>
+ </group>
+
+ <group title="Multicast Snooping Configuration">
+ Multicast snooping (RFC 4541) monitors the Internet Group Management
+ Protocol (IGMP) traffic between hosts and multicast routers. The
+ switch uses what IGMP snooping learns to forward multicast traffic
+ only to interfaces that are connected to interested receivers.
+ Currently it supports IGMPv1 and IGMPv2 protocols.
+
+ <column name="mcast_snooping_enable">
+ Enable multicast snooping on the bridge. For now, the default
+ is disabled.
+ </column>
+ </group>
+
+ <group title="Rapid Spanning Tree Configuration">
+ In IEEE Std 802.1D, 1998 Edition, and prior editions of this standard,
+ Clause 8 specified the spanning tree algorithm and protocol (STP). STP
+ has now been superseded by the Rapid Spanning Tree Protocol (RSTP)
+ specified in Clause 17 of the IEEE Std 802.1D, 2004 Edition.
+ The IEEE 802.1D-2004 Rapid Spanning Tree Algorithm Protocol configures
+ full, simple, and symmetric connectivity throughout a Bridged Local Area
+ Network that comprises individual LANs interconnected by Bridges.
+ Like STP, RSTP is a network protocol that ensures loop-free topologies.
+ It allows redundant links to be included in the network to provide
+ automatic backup paths if the active links fails.
+
+ <column name="rstp_enable" type='{"type": "boolean"}'>
+ Enable Rapid Spanning Tree on the bridge. By default, RSTP is disabled
+ on bridges. Bond, internal, and mirror ports are not supported
+ and will not participate in the spanning tree.
+ </column>
+
+ <column name="other_config" key="rstp-address">
+ The bridge's RSTP address (the lower 48 bits of the bridge-id)
+ in the form
+ <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
+ By default, the address is the MAC address of the bridge.
+ </column>
+
+ <column name="other_config" key="rstp-priority"
+ type='{"type": "integer", "minInteger": 0, "maxInteger": 61440}'>
+ The bridge's relative priority value for determining the root
+ bridge (the upper 16 bits of the bridge-id). A bridge with the
+ lowest bridge-id is elected the root. By default, the priority
+ is 0x8000 (32768). This value needs to be a multiple of 4096,
+ otherwise it's rounded to the nearest inferior one.
+ </column>
+
+ <column name="other_config" key="rstp-ageing-time"
+ type='{"type": "integer", "minInteger": 10, "maxInteger": 1000000}'>
+ The Ageing Time parameter for the Bridge. The default value
+ is 300 seconds.
+ </column>
+
+ <column name="other_config" key="rstp-force-protocol-version"
+ type='{"type": "integer"}'>
+ The Force Protocol Version parameter for the Bridge. This
+ can take the value 0 (STP Compatibility mode) or 2
+ (the default, normal operation).
+ </column>
+
+ <column name="other_config" key="rstp-max-age"
+ type='{"type": "integer", "minInteger": 6, "maxInteger": 40}'>
+ The maximum age of the information transmitted by the Bridge
+ when it is the Root Bridge. The default value is 20.
+ </column>
+
+ <column name="other_config" key="rstp-forward-delay"
+ type='{"type": "integer", "minInteger": 4, "maxInteger": 30}'>
+ The delay used by STP Bridges to transition Root and Designated
+ Ports to Forwarding. The default value is 15.
+ </column>
+
+ <column name="other_config" key="rstp-transmit-hold-count"
+ type='{"type": "integer", "minInteger": 1, "maxInteger": 10}'>
+ The Transmit Hold Count used by the Port Transmit state machine
+ to limit transmission rate. The default value is 6.
+ </column>
+
</group>
<group title="Other Features">
<column name="external_ids"/>
</group>
</table>
-
-
<table name="Port" table="Port or bond configuration.">
+
+ <table name="Port" table="Port or bond configuration.">
<p>A port within a <ref table="Bridge"/>.</p>
<p>Most commonly, a port has exactly one ``interface,'' pointed to by its
<ref column="interfaces"/> column. Such a port logically
<p>
The following modes require the upstream switch to support 802.3ad with
- successful LACP negotiation:
+ successful LACP negotiation. If LACP negotiation fails and
+ other-config:lacp-fallback-ab is true, then <code>active-backup</code>
+ mode is used:
</p>
<dl>
in LACP negotiations initiated by a remote switch, but not allowed to
initiate such negotiations themselves. If LACP is enabled on a port
whose partner switch does not support LACP, the bond will be
- disabled. Defaults to <code>off</code> if unset.
+ disabled, unless other-config:lacp-fallback-ab is set to true.
+ Defaults to <code>off</code> if unset.
</column>
<column name="other_config" key="lacp-system-id">
rate of once every 30 seconds.
</p>
</column>
+
+ <column name="other_config" key="lacp-fallback-ab"
+ type='{"type": "boolean"}'>
+ <p>
+ Determines the behavior of openvswitch bond in LACP mode. If
+ the partner switch does not support LACP, setting this option
+ to <code>true</code> allows openvswitch to fallback to
+ active-backup. If the option is set to <code>false</code>, the
+ bond will be disabled. In both the cases, once the partner switch
+ is configured to LACP mode, the bond will use LACP.
+ </p>
+ </column>
</group>
<group title="Rebalancing Configuration">
</column>
</group>
+ <group title="Rapid Spanning Tree Configuration">
+ <column name="other_config" key="rstp-enable"
+ type='{"type": "boolean"}'>
+ If rapid spanning tree is enabled on the bridge, member ports are
+ enabled by default (with the exception of bond, internal, and
+ mirror ports which do not work with RSTP). If this column's
+ value is <code>false</code> rapid spanning tree is disabled on the
+ port.
+ </column>
+
+ <column name="other_config" key="rstp-port-priority"
+ type='{"type": "integer", "minInteger": 0, "maxInteger": 240}'>
+ The port's relative priority value for determining the root
+ port, in multiples of 16. By default, the port priority is 0x80
+ (128). Any value in the lower 4 bits is rounded off. The significant
+ upper 4 bits become the upper 4 bits of the port-id. A port with the
+ lowest port-id is elected as the root.
+ </column>
+
+ <column name="other_config" key="rstp-port-num"
+ type='{"type": "integer", "minInteger": 1, "maxInteger": 4095}'>
+ The local RSTP port number, used as the lower 12 bits of the port-id.
+ By default the port numbers are assigned automatically, and typically
+ may not correspond to the OpenFlow port numbers. A port with the
+ lowest port-id is elected as the root.
+ </column>
+
+ <column name="other_config" key="rstp-port-path-cost"
+ type='{"type": "integer"}'>
+ The port path cost. The Port's contribution, when it is
+ the Root Port, to the Root Path Cost for the Bridge. By default the
+ cost is automatically calculated from the port's speed.
+ </column>
+
+ <column name="other_config" key="rstp-port-admin-edge"
+ type='{"type": "boolean"}'>
+ The admin edge port parameter for the Port. Default is
+ <code>false</code>.
+ </column>
+
+ <column name="other_config" key="rstp-port-auto-edge"
+ type='{"type": "boolean"}'>
+ The auto edge port parameter for the Port. Default is
+ <code>true</code>.
+ </column>
+
+ <column name="other_config" key="rstp-port-mcheck"
+ type='{"type": "boolean"}'>
+ <p>
+ The mcheck port parameter for the Port. Default is
+ <code>false</code>. May be set to force the Port Protocol
+ Migration state machine to transmit RST BPDUs for a
+ MigrateTime period, to test whether all STP Bridges on the
+ attached LAN have been removed and the Port can continue to
+ transmit RSTP BPDUs. Setting mcheck has no effect if the
+ Bridge is operating in STP Compatibility mode.
+ </p>
+ <p>
+ Changing the value from <code>true</code> to
+ <code>false</code> has no effect, but needs to be done if
+ this behavior is to be triggered again by subsequently
+ changing the value from <code>false</code> to
+ <code>true</code>.
+ </p>
+ </column>
+ </group>
+
+ <group title="Multicast Snooping">
+ <column name="other_config" key="mcast-snooping-flood"
+ type='{"type": "boolean"}'>
+ <p>
+ If set to <code>true</code>, multicast packets are unconditionally
+ forwarded to the specific port.
+ </p>
+ </column>
+ </group>
+
<group title="Other Features">
<column name="qos">
Quality of Service configuration for this port.
<group title="Port Statistics">
<p>
- Key-value pairs that report port statistics.
+ Key-value pairs that report port statistics. The update period
+ is controlled by <ref column="other_config"
+ key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
</p>
<group title="Statistics: STP transmit and receive counters">
<column name="statistics" key="stp_tx_count">
address.</p>
</column>
+ <column name="error">
+ If the configuration of the port failed, as indicated by -1 in <ref
+ column="ofport"/>, Open vSwitch sets this column to an error
+ description in human readable form. Otherwise, Open vSwitch clears
+ this column.
+ </column>
+
<group title="OpenFlow Port Number">
<p>
When a client adds a new interface, Open vSwitch chooses an OpenFlow
</p>
<p>
- Open vSwitch currently assigns the OpenFlow port number for an
- interface once, when the client first adds the interface. It does
- not change the port number later if the client sets or changes or
- clears <ref column="ofport_request"/>. Therefore, to ensure that
- <ref column="ofport_request"/> takes effect, the client should set
- it in the same database transaction that creates the interface.
- (Future versions of Open vSwitch might honor changes to <ref
- column="ofport_request"/>.)
+ A client should ideally set this column's value in the same
+ database transaction that it uses to create the interface. Open
+ vSwitch version 2.1 and later will honor a later request for a
+ specific port number, althuogh it might confuse some controllers:
+ OpenFlow does not have a way to announce a port number change, so
+ Open vSwitch represents it over OpenFlow as a port deletion
+ followed immediately by a port addition.
+ </p>
+
+ <p>
+ If <ref column="ofport_request"/> is set or changed to some other
+ port's automatically assigned port number, Open vSwitch chooses a
+ new port number for the latter port.
</p>
</column>
</group>
<dt><code>tap</code></dt>
<dd>A TUN/TAP device managed by Open vSwitch.</dd>
+ <dt><code>geneve</code></dt>
+ <dd>
+ An Ethernet over Geneve (<code>http://tools.ietf.org/html/draft-gross-geneve-00</code>)
+ IPv4 tunnel.
+
+ Geneve supports options as a means to transport additional metadata,
+ however, currently only the 24-bit VNI is supported. This is planned
+ to be extended in the future.
+ </dd>
+
<dt><code>gre</code></dt>
<dd>
An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4
<dt><code>lisp</code></dt>
<dd>
- A layer 3 tunnel over the experimental, UDP-based Locator/ID
- Separation Protocol (RFC 6830).
+ <p>
+ A layer 3 tunnel over the experimental, UDP-based Locator/ID
+ Separation Protocol (RFC 6830).
+ </p>
+ <p>
+ Only IPv4 and IPv6 packets are supported by the protocol, and
+ they are sent and received without an Ethernet header. Traffic
+ to/from LISP ports is expected to be configured explicitly, and
+ the ports are not intended to participate in learning based
+ switching. As such, they are always excluded from packet
+ flooding.
+ </p>
</dd>
<dt><code>patch</code></dt>
<group title="Tunnel Options">
<p>
These options apply to interfaces with <ref column="type"/> of
- <code>gre</code>, <code>ipsec_gre</code>, <code>gre64</code>,
- <code>ipsec_gre64</code>, <code>vxlan</code>, and <code>lisp</code>.
+ <code>geneve</code>, <code>gre</code>, <code>ipsec_gre</code>,
+ <code>gre64</code>, <code>ipsec_gre64</code>, <code>vxlan</code>,
+ and <code>lisp</code>.
</p>
<p>
key="in_key"/> at all.
</li>
<li>
- A positive 24-bit (for VXLAN and LISP), 32-bit (for GRE) or 64-bit
- (for GRE64) number. The tunnel receives only packets with the
- specified key.
+ A positive 24-bit (for Geneve, VXLAN, and LISP), 32-bit (for GRE)
+ or 64-bit (for GRE64) number. The tunnel receives only packets
+ with the specified key.
</li>
<li>
The word <code>flow</code>. The tunnel accepts packets with any
key="out_key"/> at all.
</li>
<li>
- A positive 24-bit (for VXLAN and LISP), 32-bit (for GRE) or 64-bit
- (for GRE64) number. Packets sent through the tunnel will have the
- specified key.
+ A positive 24-bit (for Geneve, VXLAN and LISP), 32-bit (for GRE) or
+ 64-bit (for GRE64) number. Packets sent through the tunnel will
+ have the specified key.
</li>
<li>
The word <code>flow</code>. Packets sent through the tunnel will
</column>
<column name="status" key="tunnel_egress_iface">
- Egress interface for tunnels. Currently only relevant for GRE tunnels
- On Linux systems, this column will show the name of the interface
+ Egress interface for tunnels. Currently only relevant for tunnels
+ on Linux systems, this column will show the name of the interface
which is responsible for routing traffic destined for the configured
<ref column="options" key="remote_ip"/>. This could be an internal
interface such as a bridge port.
<group title="Statistics">
<p>
Key-value pairs that report interface statistics. The current
- implementation updates these counters periodically. Future
- implementations may update them when an interface is created, when they
- are queried (e.g. using an OVSDB <code>select</code> operation), and
- just before an interface is deleted due to virtual interface hot-unplug
- or VM shutdown, and perhaps at other times, but not on any regular
- periodic basis.
+ implementation updates these counters periodically. The update period
+ is controlled by <ref column="other_config"
+ key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
+ Future implementations may update them when an interface is created,
+ when they are queried (e.g. using an OVSDB <code>select</code>
+ operation), and just before an interface is deleted due to virtual
+ interface hot-unplug or VM shutdown, and perhaps at other times, but
+ not on any regular periodic basis.
</p>
<p>
These are the same statistics reported by OpenFlow in its <code>struct
</p>
<column name="bfd" key="enable" type='{"type": "boolean"}'>
- True to enable BFD on this <ref table="Interface"/>.
+ True to enable BFD on this <ref table="Interface"/>. If not
+ specified, BFD will not be enabled by default.
</column>
<column name="bfd" key="min_rx"
</column>
<column name="bfd" key="forwarding_if_rx" type='{"type": "boolean"}'>
- True to consider the interface capable of packet I/O as long as it
- continues to receive any packets (not just BFD packets). This
- prevents link congestion that causes consecutive BFD control packets
- to be lost from marking the interface down.
+ When <code>true</code>, traffic received on the
+ <ref table="Interface"/> is used to indicate the capability of packet
+ I/O. BFD control packets are still transmitted and received. At
+ least one BFD control packet must be received every 100 * <ref
+ column="bfd" key="min_rx"/> amount of time. Otherwise, even if
+ traffic are received, the <ref column="bfd" key="forwarding"/>
+ will be <code>false</code>.
</column>
<column name="bfd" key="cpath_down" type='{"type": "boolean"}'>
tunnel key.
</column>
- <column name="bfd" key="bfd_dst_mac">
+ <column name="bfd" key="bfd_local_src_mac">
+ Set to an Ethernet address in the form
+ <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
+ to set the MAC used as source for transmitted BFD packets. The
+ default is the mac address of the BFD enabled interface.
+ </column>
+
+ <column name="bfd" key="bfd_local_dst_mac">
Set to an Ethernet address in the form
<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
- to set the MAC used as destination for transmitted BFD packets and
- expected as destination for received BFD packets. The default is
- <code>00:23:20:00:00:01</code>.
+ to set the MAC used as destination for transmitted BFD packets. The
+ default is <code>00:23:20:00:00:01</code>.
+ </column>
+
+ <column name="bfd" key="bfd_remote_dst_mac">
+ Set to an Ethernet address in the form
+ <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
+ to set the MAC used for checking the destination of received BFD packets.
+ Packets with different destination MAC will not be considered as BFD packets.
+ If not specified the destination MAC address of received BFD packets
+ are not checked.
+ </column>
+
+ <column name="bfd" key="bfd_src_ip">
+ Set to an IPv4 address to set the IP address used as source for
+ transmitted BFD packets. The default is <code>169.254.1.1</code>.
+ </column>
+
+ <column name="bfd" key="bfd_dst_ip">
+ Set to an IPv4 address to set the IP address used as destination
+ for transmitted BFD packets. The default is <code>169.254.1.0</code>.
</column>
</group>
</column>
<column name="bfd_status" key="diagnostic">
- In case of a problem, set to a short message that reports what the
- local BFD session thinks is wrong.
+ In case of a problem, set to an error message that reports what the
+ local BFD session thinks is wrong. The error messages are defined
+ in section 4.1 of [RFC 5880].
</column>
<column name="bfd_status" key="remote_state"
</column>
<column name="bfd_status" key="remote_diagnostic">
- In case of a problem, set to a short message that reports what the
- remote endpoint's BFD session thinks is wrong.
+ In case of a problem, set to an error message that reports what the
+ remote endpoint's BFD session thinks is wrong. The error messages
+ are defined in section 4.1 of [RFC 5880].
</column>
+
+ <column name="bfd_status" key="flap_count"
+ type='{"type": "integer", "minInteger": 0}'>
+ Counts the number of <ref column="bfd_status" key="forwarding" />
+ flaps since start. A flap is considered as a change of the
+ <ref column="bfd_status" key="forwarding" /> value.
+ </column>
</group>
</group>
</p>
<column name="cfm_mpid">
- A Maintenance Point ID (MPID) uniquely identifies each endpoint within
- a Maintenance Association. The MPID is used to identify this endpoint
- to other Maintenance Points in the MA. Each end of a link being
- monitored should have a different MPID. Must be configured to enable
- CFM on this <ref table="Interface"/>.
+ <p>
+ A Maintenance Point ID (MPID) uniquely identifies each endpoint
+ within a Maintenance Association. The MPID is used to identify this
+ endpoint to other Maintenance Points in the MA. Each end of a link
+ being monitored should have a different MPID. Must be configured to
+ enable CFM on this <ref table="Interface"/>.
+ </p>
+ <p>
+ According to the 802.1ag specification, MPIDs can only range between
+ [1, 8191]. However, extended mode (see <ref column="other_config"
+ key="cfm_extended"/>) supports eight byte MPIDs.
+ </p>
</column>
<column name="cfm_flap_count">
with compliant implementations which may be running concurrently on the
network. Furthermore, extended mode increases the accuracy of the
<code>cfm_interval</code> configuration parameter by breaking wire
- compatibility with 802.1ag compliant implementations. Defaults to
- <code>false</code>.
+ compatibility with 802.1ag compliant implementations. And extended
+ mode allows eight byte MPIDs. Defaults to <code>false</code>.
</column>
<column name="other_config" key="cfm_demand" type='{"type": "boolean"}'>
<ref column="other_config" key="cfm_extended"/> is true, the CFM
module operates in demand mode. When in demand mode, traffic
received on the <ref table="Interface"/> is used to indicate
- liveness. CCMs are still transmitted and received, but if the
- <ref table="Interface"/> is receiving traffic, their absence does not
- cause a connectivity fault.
+ liveness. CCMs are still transmitted and received. At least one
+ CCM must be received every 100 * <ref column="other_config"
+ key="cfm_interval"/> amount of time. Otherwise, even if traffic
+ are received, the CFM module will raise the connectivity fault.
</p>
<p>
column has no effect.
</p>
</column>
+
+ <column name="prefixes">
+ <p>
+ This string set specifies which fields should be used for
+ address prefix tracking. Prefix tracking allows the
+ classifier to skip rules with longer than necessary prefixes,
+ resulting in better wildcarding for datapath flows.
+ </p>
+ <p>
+ Prefix tracking may be beneficial when a flow table contains
+ matches on IP address fields with different prefix lengths.
+ For example, when a flow table contains IP address matches on
+ both full addresses and proper prefixes, the full address
+ matches will typically cause the datapath flow to un-wildcard
+ the whole address field (depending on flow entry priorities).
+ In this case each packet with a different address gets handed
+ to the userspace for flow processing and generates its own
+ datapath flow. With prefix tracking enabled for the address
+ field in question packets with addresses matching shorter
+ prefixes would generate datapath flows where the irrelevant
+ address bits are wildcarded, allowing the same datapath flow
+ to handle all the packets within the prefix in question. In
+ this case many userspace upcalls can be avoided and the
+ overall performance can be better.
+ </p>
+ <p>
+ This is a performance optimization only, so packets will
+ receive the same treatment with or without prefix tracking.
+ </p>
+ <p>
+ The supported fields are: <code>tun_id</code>,
+ <code>tun_src</code>, <code>tun_dst</code>,
+ <code>nw_src</code>, <code>nw_dst</code> (or aliases
+ <code>ip_src</code> and <code>ip_dst</code>),
+ <code>ipv6_src</code>, and <code>ipv6_dst</code>. (Using this
+ feature for <code>tun_id</code> would only make sense if the
+ tunnel IDs have prefix structure similar to IP addresses.)
+ </p>
+
+ <p>
+ By default, the <code>prefixes=ip_dst,ip_src</code> are used
+ on each flow table. This instructs the flow classifier to
+ track the IP destination and source addresses used by the
+ rules in this specific flow table.
+ </p>
+
+ <p>
+ The keyword <code>none</code> is recognized as an explicit
+ override of the default values, causing no prefix fields to be
+ tracked.
+ </p>
+
+ <p>
+ To set the prefix fields, the flow table record needs to
+ exist:
+ </p>
+
+ <dl>
+ <dt><code>ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create Flow_Table name=table0</code></dt>
+ <dd>
+ Creates a flow table record for the OpenFlow table number 0.
+ </dd>
+
+ <dt><code>ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src</code></dt>
+ <dd>
+ Enables prefix tracking for IP source and destination
+ address fields.
+ </dd>
+ </dl>
+
+ <p>
+ There is a maximum number of fields that can be enabled for any
+ one flow table. Currently this limit is 3.
+ </p>
+ </column>
+
+ <group title="Common Columns">
+ The overall purpose of these columns is described under <code>Common
+ Columns</code> at the beginning of this document.
+
+ <column name="external_ids"/>
+ </group>
</table>
<table name="QoS" title="Quality of Service configuration">
<group title="Statistics: Mirror counters">
<p>
- Key-value pairs that report mirror statistics.
+ Key-value pairs that report mirror statistics. The update period
+ is controlled by <ref column="other_config"
+ key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
</p>
<column name="statistics" key="tx_packets">
Number of packets transmitted through this mirror.
</dd>
<dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
<dd>
- <p>The specified TCP <var>port</var> on the host at the
- given <var>ip</var>, which must be expressed as an IP
- address (not a DNS name).</p>
- <p>If <var>port</var> is not specified, it currently
- defaults to 6633. In the future, the default will change to
- 6653, which is the IANA-defined value.</p>
+ <p>
+ The specified TCP <var>port</var> on the host at the given
+ <var>ip</var>, which must be expressed as an IP address (not a
+ DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
+ <var>ip</var> is an IPv6 address, wrap it in square brackets,
+ e.g. <code>tcp:[::1]:6632</code>.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it currently defaults to
+ 6633. In the future, the default will change to 6653, which is
+ the IANA-defined value.
+ </p>
</dd>
</dl>
<p>
<dl>
<dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
<dd>
- <p> Listens for SSL connections on the specified TCP
- <var>port</var>. If <var>ip</var>, which must be expressed
- as an IP address (not a DNS name), is specified, then
- connections are restricted to the specified local IP
- address. The <ref table="Open_vSwitch" column="ssl"/>
- column in the <ref table="Open_vSwitch"/> table must point
- to a valid SSL configuration when this form is used.</p>
- <p>If <var>port</var> is not specified, it currently
- defaults to 6633. In the future, the default will change to
- 6653, which is the IANA-defined value.</p>
- <p>SSL support is an optional feature that is not always built as
- part of Open vSwitch.</p>
+ <p>
+ Listens for SSL connections on the specified TCP <var>port</var>.
+ If <var>ip</var>, which must be expressed as an IP address (not a
+ DNS name), is specified, then connections are restricted to the
+ specified local IP address (either IPv4 or IPv6). If
+ <var>ip</var> is an IPv6 address, wrap it in square brackets,
+ e.g. <code>pssl:6632:[::1]</code>.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it currently defaults to
+ 6633. If <var>ip</var> is not specified then it listens only on
+ IPv4 (but not IPv6) addresses. The
+ <ref table="Open_vSwitch" column="ssl"/>
+ column in the <ref table="Open_vSwitch"/> table must point to a
+ valid SSL configuration when this form is used.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it currently defaults to
+ 6633. In the future, the default will change to 6653, which is
+ the IANA-defined value.
+ </p>
+ <p>
+ SSL support is an optional feature that is not always built as
+ part of Open vSwitch.
+ </p>
</dd>
<dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
<dd>
- <p>Listens for connections on the specified TCP
- <var>port</var>. If <var>ip</var>, which must be expressed
- as an IP address (not a DNS name), is specified, then
- connections are restricted to the specified local IP
- address.</p>
- <p>If <var>port</var> is not specified, it currently
- defaults to 6633. In the future, the default will change to
- 6653, which is the IANA-defined value.</p>
+ <p>
+ Listens for connections on the specified TCP <var>port</var>. If
+ <var>ip</var>, which must be expressed as an IP address (not a
+ DNS name), is specified, then connections are restricted to the
+ specified local IP address (either IPv4 or IPv6). If
+ <var>ip</var> is an IPv6 address, wrap it in square brackets,
+ e.g. <code>ptcp:6632:[::1]</code>. If <var>ip</var> is not
+ specified then it listens only on IPv4 addresses.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it currently defaults to
+ 6633. In the future, the default will change to 6653, which is
+ the IANA-defined value.
+ </p>
</dd>
</dl>
<p>When multiple controllers are configured for a single bridge, the
</column>
</group>
- <group title="Asynchronous Message Configuration">
+ <group title="Asynchronous Messages">
<p>
OpenFlow switches send certain messages to controllers spontanenously,
that is, not in response to any request from the controller. These
on any messages that it does want to receive, if any.
</column>
- <column name="controller_rate_limit">
+ <group title="Controller Rate Limiting">
<p>
- The maximum rate at which the switch will forward packets to the
- OpenFlow controller, in packets per second. This feature prevents a
- single bridge from overwhelming the controller. If not specified,
- the default is implementation-specific.
+ A switch can forward packets to a controller over the OpenFlow
+ protocol. Forwarding packets this way at too high a rate can
+ overwhelm a controller, frustrate use of the OpenFlow connection for
+ other purposes, increase the latency of flow setup, and use an
+ unreasonable amount of bandwidth. Therefore, Open vSwitch supports
+ limiting the rate of packet forwarding to a controller.
</p>
<p>
- In addition, when a high rate triggers rate-limiting, Open vSwitch
- queues controller packets for each port and transmits them to the
- controller at the configured rate. The <ref
- column="controller_burst_limit"/> value limits the number of queued
- packets. Ports on a bridge share the packet queue fairly.
+ There are two main reasons in OpenFlow for a packet to be sent to a
+ controller: either the packet ``misses'' in the flow table, that is,
+ there is no matching flow, or a flow table action says to send the
+ packet to the controller. Open vSwitch limits the rate of each kind
+ of packet separately at the configured rate. Therefore, the actual
+ rate that packets are sent to the controller can be up to twice the
+ configured rate, when packets are sent for both reasons.
</p>
<p>
- Open vSwitch maintains two such packet rate-limiters per bridge: one
- for packets sent up to the controller because they do not correspond
- to any flow, and the other for packets sent up to the controller by
- request through flow actions. When both rate-limiters are filled with
- packets, the actual rate that packets are sent to the controller is
- up to twice the specified rate.
+ This feature is specific to forwarding packets over an OpenFlow
+ connection. It is not general-purpose QoS. See the <ref
+ table="QoS"/> table for quality of service configuration, and <ref
+ column="ingress_policing_rate" table="Interface"/> in the <ref
+ table="Interface"/> table for ingress policing configuration.
</p>
- </column>
- <column name="controller_burst_limit">
- In conjunction with <ref column="controller_rate_limit"/>,
- the maximum number of unused packet credits that the bridge will
- allow to accumulate, in packets. If not specified, the default
- is implementation-specific.
- </column>
+ <column name="controller_rate_limit">
+ <p>
+ The maximum rate at which the switch will forward packets to the
+ OpenFlow controller, in packets per second. If no value is
+ specified, rate limiting is disabled.
+ </p>
+ </column>
+
+ <column name="controller_burst_limit">
+ <p>
+ When a high rate triggers rate-limiting, Open vSwitch queues
+ packets to the controller for each port and transmits them to the
+ controller at the configured rate. This value limits the number of
+ queued packets. Ports on a bridge share the packet queue fairly.
+ </p>
+
+ <p>
+ This value has no effect unless <ref
+ column="controller_rate_limit"/> is configured. The current
+ default when this value is not specified is one-quarter of <ref
+ column="controller_rate_limit"/>, meaning that queuing can delay
+ forwarding a packet to the controller by up to 250 ms.
+ </p>
+ </column>
+
+ <group title="Controller Rate Limiting Statistics">
+ <p>
+ These values report the effects of rate limiting. Their values are
+ relative to establishment of the most recent OpenFlow connection,
+ or since rate limiting was enabled, whichever happened more
+ recently. Each consists of two values, one with <code>TYPE</code>
+ replaced by <code>miss</code> for rate limiting flow table misses,
+ and the other with <code>TYPE</code> replaced by
+ <code>action</code> for rate limiting packets sent by OpenFlow
+ actions.
+ </p>
+
+ <p>
+ These statistics are reported only when controller rate limiting is
+ enabled.
+ </p>
+
+ <column name="status" key="packet-in-TYPE-bypassed"
+ type='{"type": "integer", "minInteger": 0}'>
+ Number of packets sent directly to the controller, without queuing,
+ because the rate did not exceed the configured maximum.
+ </column>
+
+ <column name="status" key="packet-in-TYPE-queued"
+ type='{"type": "integer", "minInteger": 0}'>
+ Number of packets added to the queue to send later.
+ </column>
+
+ <column name="status" key="packet-in-TYPE-dropped"
+ type='{"type": "integer", "minInteger": 0}'>
+ Number of packets added to the queue that were later dropped due to
+ overflow. This value is less than or equal to <ref column="status"
+ key="packet-in-TYPE-queued"/>.
+ </column>
+
+ <column name="status" key="packet-in-TYPE-backlog"
+ type='{"type": "integer", "minInteger": 0}'>
+ Number of packets currently queued. The other statistics increase
+ monotonically, but this one fluctuates between 0 and the <ref
+ column="controller_burst_limit"/> as conditions change.
+ </column>
+ </group>
+ </group>
</group>
<group title="Additional In-Band Configuration">
<dd>Equivalent to <code>other</code>, except that there may be at
most one master controller at a time. When a controller configures
itself as <code>master</code>, any existing master is demoted to
- the <code>slave</code>role.</dd>
+ the <code>slave</code> role.</dd>
<dt><code>slave</code></dt>
<dd>Allows the controller read-only access to OpenFlow features.
Attempts to modify the flow table will be rejected with an
<dd>
<p>
The specified TCP <var>port</var> on the host at the given
- <var>ip</var>, which must be expressed as an IP address
- (not a DNS name).
+ <var>ip</var>, which must be expressed as an IP address (not a
+ DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
+ <var>ip</var> is an IPv6 address, wrap it in square brackets,
+ e.g. <code>tcp:[::1]:6632</code>.
</p>
<p>
If <var>port</var> is not specified, it currently defaults
<dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
<dd>
<p>
- Listens for SSL connections on the specified TCP
- <var>port</var>. Specify 0 for <var>port</var> to have
- the kernel automatically choose an available port. If
- <var>ip</var>, which must be expressed as an IP address
- (not a DNS name), is specified, then connections are
- restricted to the specified local IP address. The <ref
- table="Open_vSwitch" column="ssl"/> column in the <ref
+ Listens for SSL connections on the specified TCP <var>port</var>.
+ Specify 0 for <var>port</var> to have the kernel automatically
+ choose an available port. If <var>ip</var>, which must be
+ expressed as an IP address (not a DNS name), is specified, then
+ connections are restricted to the specified local IP address
+ (either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
+ address, wrap in square brackets,
+ e.g. <code>pssl:6632:[::1]</code>. If <var>ip</var> is not
+ specified then it listens only on IPv4 (but not IPv6) addresses.
+ The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
table="Open_vSwitch"/> table must point to a valid SSL
configuration when this form is used.
</p>
<dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
<dd>
<p>
- Listens for connections on the specified TCP
- <var>port</var>. Specify 0 for <var>port</var> to have
- the kernel automatically choose an available port. If
- <var>ip</var>, which must be expressed as an IP address
- (not a DNS name), is specified, then connections are
- restricted to the specified local IP address.
+ Listens for connections on the specified TCP <var>port</var>.
+ Specify 0 for <var>port</var> to have the kernel automatically
+ choose an available port. If <var>ip</var>, which must be
+ expressed as an IP address (not a DNS name), is specified, then
+ connections are restricted to the specified local IP address
+ (either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
+ address, wrap it in square brackets,
+ e.g. <code>ptcp:6632:[::1]</code>. If <var>ip</var> is not
+ specified then it listens only on IPv4 addresses.
</p>
<p>
If <var>port</var> is not specified, it currently defaults
disabled.
</column>
+ <column name="other_config" key="enable-tunnel-sampling"
+ type='{"type": "boolean"}'>
+ <p>For per-bridge packet sampling, i.e. when this row is referenced
+ from a <ref table="Bridge"/>, enable sampling and reporting tunnel
+ header 7-tuples in IPFIX flow records. Disabled by default.
+ Ignored for per-flow sampling, i.e. when this row is referenced
+ from a <ref table="Flow_Sample_Collector_Set"/>.</p>
+ <p><em>Please note:</em> The following enterprise entities are
+ currently used when exporting the sampled tunnel info.</p>
+ <dl>
+ <dt>tunnelType:</dt>
+ <dd>
+ <p>ID: 891, and enterprise ID 6876 (VMware).</p>
+ <p>type: unsigned 8-bit interger.</p>
+ <p>data type semantics: identifier.</p>
+ <p>description: Identifier of the layer 2 network overlay network
+ encapsulation type: 0x01 VxLAN, 0x02 GRE, 0x03 LISP, 0x05 IPsec+GRE,
+ 0x07 GENEVE.</p>
+ </dd>
+ <dt>tunnelKey:</dt>
+ <dd>
+ <p>ID: 892, and enterprise ID 6876 (VMware).</p>
+ <p>type: variable-length octetarray.</p>
+ <p>data type semantics: identifier.</p>
+ <p>description: Key which is used for identifying an individual
+ traffic flow within a VxLAN (24-bit VNI), GENEVE(24-bit VNI),
+ GRE (32- or 64-bit key), or LISP (24-bit instance ID) tunnel. The
+ key is encoded in this octetarray as a 3-, 4-, or 8-byte integer
+ ID in network byte order.</p>
+ </dd>
+ <dt>tunnelSourceIPv4Address:</dt>
+ <dd>
+ <p>ID: 893, and enterprise ID 6876 (VMware).</p>
+ <p>type: unsigned 32-bit interger.</p>
+ <p>data type semantics: identifier.</p>
+ <p>description: The IPv4 source address in the tunnel IP packet
+ header.</p>
+ </dd>
+ <dt>tunnelDestinationIPv4Address:</dt>
+ <dd>
+ <p>ID: 894, and enterprise ID 6876 (VMware).</p>
+ <p>type: unsigned 32-bit integer.</p>
+ <p>data type semantics: identifier.</p>
+ <p>description: The IPv4 destination address in the tunnel IP
+ packet header.</p>
+ </dd>
+ <dt>tunnelProtocolIdentifier:</dt>
+ <dd>
+ <p>ID: 895, and enterprise ID 6876 (VMware).</p>
+ <p>type: unsigned 8-bit integer.</p>
+ <p>data type semantics: identifier.</p>
+ <p>description: The value of the protocol number in the tunnel
+ IP packet header. The protocol number identifies the tunnel IP
+ packet payload type.</p>
+ </dd>
+ <dt>tunnelSourceTransportPort:</dt>
+ <dd>
+ <p>ID: 896, and enterprise ID 6876 (VMware).</p>
+ <p>type: unsigned 16-bit integer.</p>
+ <p>data type semantics: identifier.</p>
+ <p>description: The source port identifier in the tunnel transport
+ header. For the transport protocols UDP, TCP, and SCTP, this is
+ the source port number given in the respective header.</p>
+ </dd>
+ <dt>tunnelDestinationTransportPort:</dt>
+ <dd>
+ <p>ID: 897, and enterprise ID 6876 (VMware).</p>
+ <p>type: unsigned 16-bit integer.</p>
+ <p>data type semantics: identifier.</p>
+ <p>description: The destination port identifier in the tunnel
+ transport header. For the transport protocols UDP, TCP, and SCTP,
+ this is the destination port number given in the respective header.
+ </p>
+ </dd>
+ </dl>
+ </column>
+
+ <column name="other_config" key="enable-input-sampling"
+ type='{"type": "boolean"}'>
+ For per-bridge packet sampling, i.e. when this row is referenced
+ from a <ref table="Bridge"/>, enable sampling and reporting flows
+ at bridge port input in IPFIX flow records. Enabled by default.
+ Ignored for per-flow sampling, i.e. when this row is referenced
+ from a <ref table="Flow_Sample_Collector_Set"/>.
+ </column>
+
+ <column name="other_config" key="enable-output-sampling"
+ type='{"type": "boolean"}'>
+ For per-bridge packet sampling, i.e. when this row is referenced
+ from a <ref table="Bridge"/>, enable sampling and reporting flows
+ at bridge port output in IPFIX flow records. Enabled by default.
+ Ignored for per-flow sampling, i.e. when this row is referenced
+ from a <ref table="Flow_Sample_Collector_Set"/>.
+ </column>
+
<group title="Common Columns">
The overall purpose of these columns is described under <code>Common
Columns</code> at the beginning of this document.
projects / cascardo / ovs.git / blobdiff