X-Git-Url: http://git.cascardo.eti.br/?a=blobdiff_plain;f=vswitchd%2Fvswitch.xml;h=b00f74d66434511397224353ede091a8d911db33;hb=f2eee189118139995d61468cecb85654dd45bb36;hp=ebbfba8060bd357cc11d2d3859133528cbd33c6e;hpb=1c1440518a878c0897d17cb1ebbc95466715d316;p=cascardo%2Fovs.git diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml index ebbfba806..b00f74d66 100644 --- a/vswitchd/vswitch.xml +++ b/vswitchd/vswitch.xml @@ -71,6 +71,149 @@ The Citrix XenServer universally unique identifier for the physical host as displayed by xe host-list. + + +

+ Interval for updating statistics to the database, in milliseconds. + This option will affect the update of the statistics + column in the following tables: Port, Interface + , Mirror. +

+

+ Default value is 5000 ms. +

+

+ Getting statistics more frequently can be achieved via OpenFlow. +

+ + + +

+ When ovs-vswitchd starts up, it has an empty flow table + and therefore it handles all arriving packets in its default fashion + according to its configuration, by dropping them or sending them to + an OpenFlow controller or switching them as a standalone switch. + This behavior is ordinarily desirable. However, if + ovs-vswitchd is restarting as part of a ``hot-upgrade,'' + then this leads to a relatively long period during which packets are + mishandled. +

+

+ This option allows for improvement. When ovs-vswitchd + starts with this value set as true, it will neither + flush or expire previously set datapath flows nor will it send and + receive any packets to or from the datapath. When this value is + later set to false, ovs-vswitchd will + start receiving packets from the datapath and re-setup the flows. +

+

+ Thus, with this option, the procedure for a hot-upgrade of + ovs-vswitchd becomes roughly the following: +

+
    +
  1. + Stop ovs-vswitchd. +
    2. +
  2. + Set + to true. +
    3. +
  3. + Start ovs-vswitchd. +
    4. +
  4. + Use ovs-ofctl (or some other program, such as an + OpenFlow controller) to restore the OpenFlow flow table + to the desired state. +
    5. +
  5. + Set + to false (or remove it entirely from the database). +
    6. +
+

+ The ovs-ctl's ``restart'' and ``force-reload-kmod'' + functions use the above config option during hot upgrades. +

+ + + +

+ The maximum + number of flows allowed in the datapath flow table. Internally OVS + will choose a flow limit which will likely be lower than this number, + based on real time network conditions. +

+

+ The default is 200000. +

+ + + +

+ Specifies the number of rx queues to be created for each dpdk + interface. If not specified or specified to 0, one rx queue will + be created for each dpdk interface by default. +

+ + + +

+ Specifies CPU mask for setting the cpu affinity of PMD (Poll + Mode Driver) threads. Value should be in the form of hex string, + similar to the dpdk EAL '-c COREMASK' option input or the 'taskset' + mask input. +

+

+ The lowest order bit corresponds to the first CPU core. A set bit + means the corresponding core is available. If the input does not + cover all cores, those uncovered cores are considered not set. +

+

+ If not specified, one pmd thread will be created for each numa node + and pinned to any available core on the numa node by default. +

+ + + +

+ Specifies the number of threads for software datapaths to use for + handling new flows. The default the number of online CPU cores minus + the number of revalidators. +

+

+ This configuration is per datapath. If you have more than one + software datapath (e.g. some system bridges and some + netdev bridges), then the total number of threads is + n-handler-threads times the number of software + datapaths. +

+ + + +

+ Specifies the number of threads for software datapaths to use for + revalidating flows in the datapath. Typically, there is a direct + correlation between the number of revalidator threads, and the number + of flows allowed in the datapath. The default is the number of cpu + cores divided by four plus one. If n-handler-threads is + set, the default changes to the number of cpu cores minus the number + of handler threads. +

+

+ This configuration is per datapath. If you have more than one + software datapath (e.g. some system bridges and some + netdev bridges), then the total number of threads is + n-handler-threads times the number of software + datapaths. +

+ @@ -340,7 +483,11 @@ - sFlow configuration. + sFlow(R) configuration. + + + + IPFIX configuration. @@ -439,6 +586,12 @@ value. May not be all-zero. + + Human readable description of datapath. It it a maximum 256 + byte-long free-form string to describe the datapath for + debugging purposes, e.g. switch3 in room 3120. + + If set to true, disable in-band control on the bridge @@ -453,6 +606,27 @@ QoS configured, or if the port does not have a queue with the specified ID, the default queue is used instead. + + +

+ List of OpenFlow protocols that may be used when negotiating + a connection with a controller. OpenFlow 1.0, 1.1, 1.2, and + 1.3 are enabled by default if this column is empty. +

+ +

+ OpenFlow 1.4 is not enabled by default because its implementation is + missing features. +

+ +

+ OpenFlow 1.5 has the same risks as OpenFlow 1.4, but it is even more + experimental because the OpenFlow 1.5 specification is still under + development and thus subject to change. Pass + --enable-of15 to ovs-vswitchd to allow + OpenFlow 1.5 to be enabled. +

+ @@ -461,7 +635,7 @@ be included in the network to provide automatic backup paths if the active links fails. - + Enable spanning tree on the bridge. By default, STP is disabled on bridges. Bond, internal, and mirror ports are not supported and will not participate in the spanning tree. @@ -502,6 +676,114 @@ ports to forwarding, in seconds. By default, the forwarding delay is 15 seconds. + + +

+ The maximum number of seconds to retain a multicast snooping entry for + which no packets have been seen. The default is currently 300 + seconds (5 minutes). The value, if specified, is forced into a + reasonable range, currently 15 to 3600 seconds. +

+ + + +

+ The maximum number of multicast snooping addresses to learn. The + default is currently 2048. The value, if specified, is forced into + a reasonable range, currently 10 to 1,000,000. +

+ + +

+ If set to false, unregistered multicast packets are forwarded + to all ports. + If set to true, unregistered multicast packets are forwarded + to ports connected to multicast routers. +

+ + + + + Multicast snooping (RFC 4541) monitors the Internet Group Management + Protocol (IGMP) traffic between hosts and multicast routers. The + switch uses what IGMP snooping learns to forward multicast traffic + only to interfaces that are connected to interested receivers. + Currently it supports IGMPv1 and IGMPv2 protocols. + + + Enable multicast snooping on the bridge. For now, the default + is disabled. + + + + + In IEEE Std 802.1D, 1998 Edition, and prior editions of this standard, + Clause 8 specified the spanning tree algorithm and protocol (STP). STP + has now been superseded by the Rapid Spanning Tree Protocol (RSTP) + specified in Clause 17 of the IEEE Std 802.1D, 2004 Edition. + The IEEE 802.1D-2004 Rapid Spanning Tree Algorithm Protocol configures + full, simple, and symmetric connectivity throughout a Bridged Local Area + Network that comprises individual LANs interconnected by Bridges. + Like STP, RSTP is a network protocol that ensures loop-free topologies. + It allows redundant links to be included in the network to provide + automatic backup paths if the active links fails. + + + Enable Rapid Spanning Tree on the bridge. By default, RSTP is disabled + on bridges. Bond, internal, and mirror ports are not supported + and will not participate in the spanning tree. + + + + The bridge's RSTP address (the lower 48 bits of the bridge-id) + in the form + xx:xx:xx:xx:xx:xx. + By default, the address is the MAC address of the bridge. + + + + The bridge's relative priority value for determining the root + bridge (the upper 16 bits of the bridge-id). A bridge with the + lowest bridge-id is elected the root. By default, the priority + is 0x8000 (32768). This value needs to be a multiple of 4096, + otherwise it's rounded to the nearest inferior one. + + + + The Ageing Time parameter for the Bridge. The default value + is 300 seconds. + + + + The Force Protocol Version parameter for the Bridge. This + can take the value 0 (STP Compatibility mode) or 2 + (the default, normal operation). + + + + The maximum age of the information transmitted by the Bridge + when it is the Root Bridge. The default value is 20. + + + + The delay used by STP Bridges to transition Root and Designated + Ports to Forwarding. The default value is 15. + + + + The Transmit Hold Count used by the Port Transmit state machine + to limit transmission rate. The default value is 6. + + @@ -531,20 +813,6 @@ datapath ID. - -

- A number of flows as a nonnegative integer. This sets number of - flows at which eviction from the kernel flow table will be triggered. - If there are a large number of flows then increasing this value to - around the number of flows present can result in reduced CPU usage - and packet loss. -

-

- The default is 1000. Values below 100 will be rounded up to 100. -

- - Option to allow forwarding of BPDU frames when NORMAL action is @@ -617,6 +885,15 @@ transmit packets.

+ + +

+ The maximum number of MAC addresses to learn. The default is + currently 2048. The value, if specified, is forced into a reasonable + range, currently 10 to 1,000,000. +

+ @@ -655,8 +932,8 @@ - - + +

A port within a .

Most commonly, a port has exactly one ``interface,'' pointed to by its column. Such a port logically @@ -827,7 +1104,9 @@

The following modes require the upstream switch to support 802.3ad with - successful LACP negotiation: + successful LACP negotiation. If LACP negotiation fails and + other-config:lacp-fallback-ab is true, then active-backup + mode is used:

@@ -837,21 +1116,6 @@ information such as destination MAC address, IP address, and TCP port. - -
stable
-
-

Attempts to always assign a given flow to the same slave - consistently. In an effort to maintain stability, no load - balancing is done. Uses a similar hashing strategy to - balance-tcp, always taking into account L3 and L4 - fields even if LACP negotiations are unsuccessful.

-

Slave selection decisions are made based on if set. Otherwise, - OpenFlow port number is used. Decisions are consistent across all - ovs-vswitchd instances with equivalent - - values.

-

These columns apply only to bonded ports. Their values are @@ -932,7 +1196,8 @@ in LACP negotiations initiated by a remote switch, but not allowed to initiate such negotiations themselves. If LACP is enabled on a port whose partner switch does not support LACP, the bond will be - disabled. Defaults to off if unset. + disabled, unless other-config:lacp-fallback-ab is set to true. + Defaults to off if unset. @@ -960,14 +1225,24 @@ rate of once every 30 seconds.

+ + +

+ Determines the behavior of openvswitch bond in LACP mode. If + the partner switch does not support LACP, setting this option + to true allows openvswitch to fallback to + active-backup. If the option is set to false, the + bond will be disabled. In both the cases, once the partner switch + is configured to LACP mode, the bond will use LACP. +

+ - +

These settings control behavior when a bond is in - balance-slb mode, regardless of whether the bond was - intentionally configured in SLB mode or it fell back to SLB mode - because LACP negotiation failed. + balance-slb or balance-tcp mode.

+ + + If rapid spanning tree is enabled on the bridge, member ports are + enabled by default (with the exception of bond, internal, and + mirror ports which do not work with RSTP). If this column's + value is false rapid spanning tree is disabled on the + port. + + + + The port's relative priority value for determining the root + port, in multiples of 16. By default, the port priority is 0x80 + (128). Any value in the lower 4 bits is rounded off. The significant + upper 4 bits become the upper 4 bits of the port-id. A port with the + lowest port-id is elected as the root. + + + + The local RSTP port number, used as the lower 12 bits of the port-id. + By default the port numbers are assigned automatically, and typically + may not correspond to the OpenFlow port numbers. A port with the + lowest port-id is elected as the root. + + + + The port path cost. The Port's contribution, when it is + the Root Port, to the Root Path Cost for the Bridge. By default the + cost is automatically calculated from the port's speed. + + + + The admin edge port parameter for the Port. Default is + false. + + + + The auto edge port parameter for the Port. Default is + true. + + + +

+ The mcheck port parameter for the Port. Default is + false. May be set to force the Port Protocol + Migration state machine to transmit RST BPDUs for a + MigrateTime period, to test whether all STP Bridges on the + attached LAN have been removed and the Port can continue to + transmit RSTP BPDUs. Setting mcheck has no effect if the + Bridge is operating in STP Compatibility mode. +

+

+ Changing the value from true to + false has no effect, but needs to be done if + this behavior is to be triggered again by subsequently + changing the value from false to + true. +

+ + + + + +

+ If set to true, multicast packets are unconditionally + forwarded to the specific port. +

+ + + Quality of Service configuration for this port. @@ -1089,7 +1441,9 @@

- Key-value pairs that report port statistics. + Key-value pairs that report port statistics. The update period + is controlled by in the Open_vSwitch table.

@@ -1127,6 +1481,16 @@ on a host. + + A positive interface index as defined for SNMP MIB-II in RFCs 1213 and + 2863, if the interface has one, otherwise 0. The ifindex is useful for + seamless integration with protocols such as SNMP and sFlow. + + + + The MAC address in use by this interface. + +

Ethernet address to set for this interface. If unset then the default MAC address is used:

@@ -1147,19 +1511,66 @@ address.

 - -

OpenFlow port number for this interface. Unlike most columns, this - column's value should be set only by Open vSwitch itself. Other - clients should set this column to an empty set (the default) when - creating an .

-

Open vSwitch populates this column when the port number becomes - known. If the interface is successfully added, - will be set to a number between 1 and 65535 - (generally either in the range 1 to 65279, inclusive, or 65534, the - port number for the OpenFlow ``local port''). If the interface - cannot be added then Open vSwitch sets this column - to -1.

- + + If the configuration of the port failed, as indicated by -1 in , Open vSwitch sets this column to an error + description in human readable form. Otherwise, Open vSwitch clears + this column. + + + +

+ When a client adds a new interface, Open vSwitch chooses an OpenFlow + port number for the new port. If the client that adds the port fills + in , then Open vSwitch tries to use its + value as the OpenFlow port number. Otherwise, or if the requested + port number is already in use or cannot be used for another reason, + Open vSwitch automatically assigns a free port number. Regardless of + how the port number was obtained, Open vSwitch then reports in the port number actually assigned. +

+ +

+ Open vSwitch limits the port numbers that it automatically assigns to + the range 1 through 32,767, inclusive. Controllers therefore have + free use of ports 32,768 and up. +

+ + +

+ OpenFlow port number for this interface. Open vSwitch sets this + column's value, so other clients should treat it as read-only. +

+

+ The OpenFlow ``local'' port (OFPP_LOCAL) is 65,534. + The other valid port numbers are in the range 1 to 65,279, + inclusive. Value -1 indicates an error adding the interface. +

+ + + +

+ Requested OpenFlow port number for this interface. +

+ +

+ A client should ideally set this column's value in the same + database transaction that it uses to create the interface. Open + vSwitch version 2.1 and later will honor a later request for a + specific port number, althuogh it might confuse some controllers: + OpenFlow does not have a way to announce a port number change, so + Open vSwitch represents it over OpenFlow as a port deletion + followed immediately by a port addition. +

+ +

+ If is set or changed to some other + port's automatically assigned port number, Open vSwitch chooses a + new port number for the latter port. +

+ + @@ -1187,11 +1598,20 @@
tap
A TUN/TAP device managed by Open vSwitch.
+
geneve
+
+ An Ethernet over Geneve (http://tools.ietf.org/html/draft-gross-geneve-00) + IPv4 tunnel. + + Geneve supports options as a means to transport additional metadata, + however, currently only the 24-bit VNI is supported. This is planned + to be extended in the future. +
+
gre
An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4 - tunnel. See for information on - configuring GRE tunnels. + tunnel.
ipsec_gre
@@ -1200,14 +1620,49 @@ IPsec tunnel. -
capwap
+
gre64
+
+ It is same as GRE, but it allows 64 bit key. To store higher 32-bits + of key, it uses GRE protocol sequence number field. This is non + standard use of GRE protocol since OVS does not increment + sequence number for every packet at time of encap as expected by + standard GRE implementation. See + for information on configuring GRE tunnels. +
+ +
ipsec_gre64
- An Ethernet tunnel over the UDP transport portion of CAPWAP (RFC - 5415). This allows interoperability with certain switches that do - not support GRE. Only the tunneling component of the protocol is - implemented. UDP ports 58881 and 58882 are used as the source and - destination ports respectively. CAPWAP is currently supported only - with the Linux kernel datapath with kernel version 2.6.26 or later. + Same as IPSEC_GRE except 64 bit key. +
+ +
vxlan
+
+

+ An Ethernet tunnel over the experimental, UDP-based VXLAN + protocol described at + http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-03. +

+

+ Open vSwitch uses UDP destination port 4789. The source port used for + VXLAN traffic varies on a per-flow basis and is in the ephemeral port + range. +

+
+ +
lisp
+
+

+ A layer 3 tunnel over the experimental, UDP-based Locator/ID + Separation Protocol (RFC 6830). +

+

+ Only IPv4 and IPv6 packets are supported by the protocol, and + they are sent and received without an Ethernet header. Traffic + to/from LISP ports is expected to be configured explicitly, and + the ports are not intended to participate in learning based + switching. As such, they are always excluded from packet + flooding. +

patch
@@ -1216,7 +1671,8 @@
null
-
An ignored interface.
+
An ignored interface. Deprecated and slated for removal in + February 2013.
 @@ -1224,7 +1680,9 @@

These options apply to interfaces with of - gre, ipsec_gre, and capwap. + geneve, gre, ipsec_gre, + gre64, ipsec_gre64, vxlan, + and lisp.

@@ -1239,22 +1697,67 @@

-

- Required. The tunnel endpoint. Unicast and multicast endpoints are - both supported. -

+

Required. The remote tunnel endpoint, one of:

+ +
    +
  • + An IPv4 address (not a DNS name), e.g. 192.168.0.123. + Only unicast endpoints are supported. +
    • +
  • + The word flow. The tunnel accepts packets from any + remote tunnel endpoint. To process only packets from a specific + remote tunnel endpoint, the flow entries may match on the + tun_src field. When sending packets to a + remote_ip=flow tunnel, the flow actions must + explicitly set the tun_dst field to the IP address of + the desired remote tunnel endpoint, e.g. with a + set_field action. +
    • +

- When a multicast endpoint is specified, a routing table lookup occurs - only when the tunnel is created. Following a routing change, delete - and then re-create the tunnel to force a new routing table lookup. + The remote tunnel endpoint for any packet received from a tunnel + is available in the tun_src field for matching in the + flow table.

- Optional. The destination IP that received packets must match. - Default is to match all addresses. Must be omitted when is a multicast address. +

+ Optional. The tunnel destination IP that received packets must + match. Default is to match all addresses. If specified, may be one + of: +

+ +
    +
  • + An IPv4 address (not a DNS name), e.g. 192.168.12.3. +
    • +
  • + The word flow. The tunnel accepts packets sent to any + of the local IP addresses of the system running OVS. To process + only packets sent to a specific IP address, the flow entries may + match on the tun_dst field. When sending packets to a + local_ip=flow tunnel, the flow actions may + explicitly set the tun_src field to the desired IP + address, e.g. with a set_field action. However, while + routing the tunneled packet out, the local system may override the + specified address with the local IP address configured for the + outgoing system interface. + +

    + This option is valid only for tunnels also configured with the + remote_ip=flow option. +

    +
    • +
+ +

+ The tunnel destination IP address for any packet received from a + tunnel is available in the tun_dst field for matching in + the flow table. +

@@ -1267,8 +1770,9 @@ key="in_key"/> at all.
  • - A positive 32-bit (for GRE) or 64-bit (for CAPWAP) number. The - tunnel receives only packets with the specified key. + A positive 24-bit (for Geneve, VXLAN, and LISP), 32-bit (for GRE) + or 64-bit (for GRE64) number. The tunnel receives only packets + with the specified key.
  • The word flow. The tunnel accepts packets with any @@ -1293,8 +1797,9 @@ key="out_key"/> at all.
  • - A positive 32-bit (for GRE) or 64-bit (for CAPWAP) number. Packets - sent through the tunnel will have the specified key. + A positive 24-bit (for Geneve, VXLAN and LISP), 32-bit (for GRE) or + 64-bit (for GRE64) number. Packets sent through the tunnel will + have the specified key.
  • The word flow. Packets sent through the tunnel will @@ -1327,48 +1832,13 @@ system default, typically 64). Default is the system default TTL. - - Optional. If enabled, the Don't Fragment bit will be copied from the - inner IP headers (those of the encapsulated traffic) to the outer - (tunnel) headers. Default is disabled; set to true to - enable. - - - Optional. If enabled, the Don't Fragment bit will be set by default on - tunnel headers if the df_inherit option is not set, or if - the encapsulated packet is not IP. Default is enabled; set to - false to disable. - - - - Optional. Enable tunnel path MTU discovery. If enabled ``ICMP - Destination Unreachable - Fragmentation Needed'' messages will be - generated for IPv4 packets with the DF bit set and IPv6 packets above - the minimum MTU if the packet size exceeds the path MTU minus the size - of the tunnel headers. Note that this option causes behavior that is - typically reserved for routers and therefore is not entirely in - compliance with the IEEE 802.1D specification for bridges. Default is - enabled; set to false to disable. + Optional. If enabled, the Don't Fragment bit will be set on tunnel + outer headers to allow path MTU discovery. Default is enabled; set + to false to disable. - -

    - Only gre interfaces support these options. -

    - - - Enable caching of tunnel headers and the output path. This can lead - to a significant performance increase without changing behavior. In - general it should not be necessary to adjust this setting. However, - the caching can bypass certain components of the IP stack (such as - iptables) and it may be useful to disable it if these - features are required or as a debugging measure. Default is enabled, - set to false to disable. - -     -

    Only gre and ipsec_gre interfaces support @@ -1528,15 +1998,15 @@ The source IP address used for an IPv4 tunnel end-point, such as - gre or capwap. + gre. - Egress interface for tunnels. Currently only relevant for GRE and - CAPWAP tunnels. On Linux systems, this column will show the name of - the interface which is responsible for routing traffic destined for the - configured . This could be an - internal interface such as a bridge port. + Egress interface for tunnels. Currently only relevant for tunnels + on Linux systems, this column will show the name of the interface + which is responsible for routing traffic destined for the configured + . This could be an internal + interface such as a bridge port.

    Key-value pairs that report interface statistics. The current - implementation updates these counters periodically. Future - implementations may update them when an interface is created, when they - are queried (e.g. using an OVSDB select operation), and - just before an interface is deleted due to virtual interface hot-unplug - or VM shutdown, and perhaps at other times, but not on any regular - periodic basis. + implementation updates these counters periodically. The update period + is controlled by in the Open_vSwitch table. + Future implementations may update them when an interface is created, + when they are queried (e.g. using an OVSDB select + operation), and just before an interface is deleted due to virtual + interface hot-unplug or VM shutdown, and perhaps at other times, but + not on any regular periodic basis.

    These are the same statistics reported by OpenFlow in its struct @@ -1683,6 +2155,178 @@ + +

    + BFD, defined in RFC 5880 and RFC 5881, allows point-to-point + detection of connectivity failures by occasional transmission of + BFD control messages. Open vSwitch implements BFD to serve + as a more popular and standards compliant alternative to CFM. +

    + +

    + BFD operates by regularly transmitting BFD control messages at a rate + negotiated independently in each direction. Each endpoint specifies + the rate at which it expects to receive control messages, and the rate + at which it is willing to transmit them. Open vSwitch uses a detection + multiplier of three, meaning that an endpoint signals a connectivity + fault if three consecutive BFD control messages fail to arrive. In the + case of a unidirectional connectivity issue, the system not receiving + BFD control messages signals the problem to its peer in the messages it + transmits. +

    + +

    + The Open vSwitch implementation of BFD aims to comply faithfully + with RFC 5880 requirements. Open vSwitch does not implement the + optional Authentication or ``Echo Mode'' features. +

    + + +

    + A controller sets up key-value pairs in the + column to enable and configure BFD. +

    + + + True to enable BFD on this . If not + specified, BFD will not be enabled by default. + + + + The shortest interval, in milliseconds, at which this BFD session + offers to receive BFD control messages. The remote endpoint may + choose to send messages at a slower rate. Defaults to + 1000. + + + + The shortest interval, in milliseconds, at which this BFD session is + willing to transmit BFD control messages. Messages will actually be + transmitted at a slower rate if the remote endpoint is not willing to + receive as quickly as specified. Defaults to 100. + + + + An alternate receive interval, in milliseconds, that must be greater + than or equal to . The + implementation switches from to when there is no obvious incoming + data traffic at the interface, to reduce the CPU and bandwidth cost + of monitoring an idle interface. This feature may be disabled by + setting a value of 0. This feature is reset whenever or + changes. + + + + When true, traffic received on the + is used to indicate the capability of packet + I/O. BFD control packets are still transmitted and received. At + least one BFD control packet must be received every 100 * amount of time. Otherwise, even if + traffic are received, the + will be false. + + + + Set to true to notify the remote endpoint that traffic should not be + forwarded to this system for some reason other than a connectivty + failure on the interface being monitored. The typical underlying + reason is ``concatenated path down,'' that is, that connectivity + beyond the local system is down. Defaults to false. + + + + Set to true to make BFD accept only control messages with a tunnel + key of zero. By default, BFD accepts control messages with any + tunnel key. + + + + Set to an Ethernet address in the form + xx:xx:xx:xx:xx:xx + to set the MAC used as source for transmitted BFD packets. The + default is the mac address of the BFD enabled interface. + + + + Set to an Ethernet address in the form + xx:xx:xx:xx:xx:xx + to set the MAC used as destination for transmitted BFD packets. The + default is 00:23:20:00:00:01. + + + + Set to an Ethernet address in the form + xx:xx:xx:xx:xx:xx + to set the MAC used for checking the destination of received BFD packets. + Packets with different destination MAC will not be considered as BFD packets. + If not specified the destination MAC address of received BFD packets + are not checked. + + + + Set to an IPv4 address to set the IP address used as source for + transmitted BFD packets. The default is 169.254.1.1. + + + + Set to an IPv4 address to set the IP address used as destination + for transmitted BFD packets. The default is 169.254.1.0. + +     + + +

    + The switch sets key-value pairs in the + column to report the status of BFD on this interface. When BFD is + not enabled, with , the switch clears + all key-value pairs from . +

    + + + Reports the state of the BFD session. The BFD session is fully + healthy and negotiated if UP. + + + + Reports whether the BFD session believes this may be used to forward traffic. Typically this + means the local session is signaling UP, and the remote + system isn't signaling a problem such as concatenated path down. + + + + In case of a problem, set to an error message that reports what the + local BFD session thinks is wrong. The error messages are defined + in section 4.1 of [RFC 5880]. + + + + Reports the state of the remote endpoint's BFD session. + + + + In case of a problem, set to an error message that reports what the + remote endpoint's BFD session thinks is wrong. The error messages + are defined in section 4.1 of [RFC 5880]. + + + + Counts the number of + flaps since start. A flap is considered as a change of the + value. + +     +     +

    802.1ag Connectivity Fault Management (CFM) allows a group of @@ -1702,12 +2346,30 @@ faulted otherwise.

    +

    + When operating over tunnels which have no in_key, or an + in_key of flow. CFM will only accept CCMs + with a tunnel key of zero. +

    + - A Maintenance Point ID (MPID) uniquely identifies each endpoint within - a Maintenance Association. The MPID is used to identify this endpoint - to other Maintenance Points in the MA. Each end of a link being - monitored should have a different MPID. Must be configured to enable - CFM on this . +

    + A Maintenance Point ID (MPID) uniquely identifies each endpoint + within a Maintenance Association. The MPID is used to identify this + endpoint to other Maintenance Points in the MA. Each end of a link + being monitored should have a different MPID. Must be configured to + enable CFM on this . +

    +

    + According to the 802.1ag specification, MPIDs can only range between + [1, 8191]. However, extended mode (see ) supports eight byte MPIDs. +

    +     + + + Counts the number of cfm fault flapps since boot. A flap is + considered to be a change of the value. @@ -1832,9 +2494,48 @@ with compliant implementations which may be running concurrently on the network. Furthermore, extended mode increases the accuracy of the cfm_interval configuration parameter by breaking wire - compatibility with 802.1ag compliant implementations. Defaults to - false. + compatibility with 802.1ag compliant implementations. And extended + mode allows eight byte MPIDs. Defaults to false. + + + +

    + When true, and + is true, the CFM + module operates in demand mode. When in demand mode, traffic + received on the is used to indicate + liveness. CCMs are still transmitted and received. At least one + CCM must be received every 100 * amount of time. Otherwise, even if traffic + are received, the CFM module will raise the connectivity fault. +

    + +

    + Demand mode has a couple of caveats: +

      +
    • + To ensure that ovs-vswitchd has enough time to pull statistics + from the datapath, the fault detection interval is set to + 3.5 * MAX(, 500) + ms. +
      • + +
    • + To avoid ambiguity, demand mode disables itself when there are + multiple remote maintenance points. +
      • + +
    • + If the is heavily congested, CCMs + containing the + status may be dropped causing changes in the operational state to + be delayed. Similarly, if CCMs containing the RDI bit are not + received, unidirectional link failures may not be detected. +
      • +
    +

    + When down, the CFM module marks all CCMs it generates as @@ -1857,7 +2558,7 @@ When set, the CFM module will apply a VLAN tag to all CCMs it generates - with the given PCP value. The VLAN ID of the tag is governed by the + with the given PCP value, the VLAN ID of the tag is governed by the value of . If is unset, a VLAN ID of zero is used. @@ -1866,16 +2567,6 @@     - - Used in stable bond mode to make slave - selection decisions. Allocating values consistently across interfaces - participating in a bond will guarantee consistent slave selection - decisions across ovs-vswitchd instances when using - stable bonding mode. - - The LACP port ID of this . Port IDs are @@ -1945,6 +2636,11 @@ two different hypervisors. That is, active means that this is the active instance within a single hypervisor, not in a broader scope. + There is one exception: some hypervisors support ``migration'' from a + given hypervisor to itself (most often for test purposes). During + such a ``migration,'' two instances of a single might both be briefly marked + active on a single hypervisor.

    @@ -2144,6 +2840,88 @@ column has no effect.

    + + +

    + This string set specifies which fields should be used for + address prefix tracking. Prefix tracking allows the + classifier to skip rules with longer than necessary prefixes, + resulting in better wildcarding for datapath flows. +

    +

    + Prefix tracking may be beneficial when a flow table contains + matches on IP address fields with different prefix lengths. + For example, when a flow table contains IP address matches on + both full addresses and proper prefixes, the full address + matches will typically cause the datapath flow to un-wildcard + the whole address field (depending on flow entry priorities). + In this case each packet with a different address gets handed + to the userspace for flow processing and generates its own + datapath flow. With prefix tracking enabled for the address + field in question packets with addresses matching shorter + prefixes would generate datapath flows where the irrelevant + address bits are wildcarded, allowing the same datapath flow + to handle all the packets within the prefix in question. In + this case many userspace upcalls can be avoided and the + overall performance can be better. +

    +

    + This is a performance optimization only, so packets will + receive the same treatment with or without prefix tracking. +

    +

    + The supported fields are: tun_id, + tun_src, tun_dst, + nw_src, nw_dst (or aliases + ip_src and ip_dst), + ipv6_src, and ipv6_dst. (Using this + feature for tun_id would only make sense if the + tunnel IDs have prefix structure similar to IP addresses.) +

    + +

    + By default, the prefixes=ip_dst,ip_src are used + on each flow table. This instructs the flow classifier to + track the IP destination and source addresses used by the + rules in this specific flow table. +

    + +

    + The keyword none is recognized as an explicit + override of the default values, causing no prefix fields to be + tracked. +

    + +

    + To set the prefix fields, the flow table record needs to + exist: +

    + +
    +
    ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create Flow_Table name=table0
    +
    + Creates a flow table record for the OpenFlow table number 0. +
    + +
    ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
    +
    + Enables prefix tracking for IP source and destination + address fields. +
    +
    + +

    + There is a maximum number of fields that can be enabled for any + one flow table. Currently this limit is 3. +

    +     + + + The overall purpose of these columns is described under Common + Columns at the beginning of this document. + + +
    • @@ -2403,7 +3181,9 @@

    - Key-value pairs that report mirror statistics. + Key-value pairs that report mirror statistics. The update period + is controlled by in the Open_vSwitch table.

    Number of packets transmitted through this mirror. @@ -2493,18 +3273,33 @@
    ssl:ip[:port]
    -

    The specified SSL port (default: 6633) on the host at - the given ip, which must be expressed as an IP address - (not a DNS name). The - column in the table must point to a - valid SSL configuration when this form is used.

    +

    The specified SSL port on the host at the + given ip, which must be expressed as an IP + address (not a DNS name). The column in the + table must point to a valid SSL configuration when this form + is used.

    +

    If port is not specified, it currently + defaults to 6633. In the future, the default will change to + 6653, which is the IANA-defined value.

    SSL support is an optional feature that is not always built as part of Open vSwitch.

    tcp:ip[:port]
    -
    The specified TCP port (default: 6633) on the host at - the given ip, which must be expressed as an IP address - (not a DNS name).
    +
    +

    + The specified TCP port on the host at the given + ip, which must be expressed as an IP address (not a + DNS name), where ip can be IPv4 or IPv6 address. If + ip is an IPv6 address, wrap it in square brackets, + e.g. tcp:[::1]:6632. +

    +

    + If port is not specified, it currently defaults to + 6633. In the future, the default will change to 6653, which is + the IANA-defined value. +

    +

    The following connection methods are currently supported for service @@ -2514,25 +3309,47 @@

    pssl:[port][:ip]

    - Listens for SSL connections on the specified TCP port - (default: 6633). If ip, which must be expressed as an - IP address (not a DNS name), is specified, then connections are - restricted to the specified local IP address. + Listens for SSL connections on the specified TCP port. + If ip, which must be expressed as an IP address (not a + DNS name), is specified, then connections are restricted to the + specified local IP address (either IPv4 or IPv6). If + ip is an IPv6 address, wrap it in square brackets, + e.g. pssl:6632:[::1].

    - The column in the table must point to a valid SSL - configuration when this form is used. + If port is not specified, it currently defaults to + 6633. If ip is not specified then it listens only on + IPv4 (but not IPv6) addresses. The + + column in the table must point to a + valid SSL configuration when this form is used. +

    +

    + If port is not specified, it currently defaults to + 6633. In the future, the default will change to 6653, which is + the IANA-defined value. +

    +

    + SSL support is an optional feature that is not always built as + part of Open vSwitch.

    -

    SSL support is an optional feature that is not always built as - part of Open vSwitch.

    ptcp:[port][:ip]
    - Listens for connections on the specified TCP port - (default: 6633). If ip, which must be expressed as an - IP address (not a DNS name), is specified, then connections are - restricted to the specified local IP address. +

    + Listens for connections on the specified TCP port. If + ip, which must be expressed as an IP address (not a + DNS name), is specified, then connections are restricted to the + specified local IP address (either IPv4 or IPv6). If + ip is an IPv6 address, wrap it in square brackets, + e.g. ptcp:6632:[::1]. If ip is not + specified then it listens only on IPv4 addresses. +

    +

    + If port is not specified, it currently defaults to + 6633. In the future, the default will change to 6653, which is + the IANA-defined value. +

    When multiple controllers are configured for a single bridge, the @@ -2586,7 +3403,7 @@ - +

    OpenFlow switches send certain messages to controllers spontanenously, that is, not in response to any request from the controller. These @@ -2606,38 +3423,102 @@ on any messages that it does want to receive, if any. - +

    - The maximum rate at which the switch will forward packets to the - OpenFlow controller, in packets per second. This feature prevents a - single bridge from overwhelming the controller. If not specified, - the default is implementation-specific. + A switch can forward packets to a controller over the OpenFlow + protocol. Forwarding packets this way at too high a rate can + overwhelm a controller, frustrate use of the OpenFlow connection for + other purposes, increase the latency of flow setup, and use an + unreasonable amount of bandwidth. Therefore, Open vSwitch supports + limiting the rate of packet forwarding to a controller.

    - In addition, when a high rate triggers rate-limiting, Open vSwitch - queues controller packets for each port and transmits them to the - controller at the configured rate. The value limits the number of queued - packets. Ports on a bridge share the packet queue fairly. + There are two main reasons in OpenFlow for a packet to be sent to a + controller: either the packet ``misses'' in the flow table, that is, + there is no matching flow, or a flow table action says to send the + packet to the controller. Open vSwitch limits the rate of each kind + of packet separately at the configured rate. Therefore, the actual + rate that packets are sent to the controller can be up to twice the + configured rate, when packets are sent for both reasons.

    - Open vSwitch maintains two such packet rate-limiters per bridge: one - for packets sent up to the controller because they do not correspond - to any flow, and the other for packets sent up to the controller by - request through flow actions. When both rate-limiters are filled with - packets, the actual rate that packets are sent to the controller is - up to twice the specified rate. + This feature is specific to forwarding packets over an OpenFlow + connection. It is not general-purpose QoS. See the table for quality of service configuration, and in the table for ingress policing configuration.

    -     - - In conjunction with , - the maximum number of unused packet credits that the bridge will - allow to accumulate, in packets. If not specified, the default - is implementation-specific. - + +

    + The maximum rate at which the switch will forward packets to the + OpenFlow controller, in packets per second. If no value is + specified, rate limiting is disabled. +

    +     + + +

    + When a high rate triggers rate-limiting, Open vSwitch queues + packets to the controller for each port and transmits them to the + controller at the configured rate. This value limits the number of + queued packets. Ports on a bridge share the packet queue fairly. +

    + +

    + This value has no effect unless is configured. The current + default when this value is not specified is one-quarter of , meaning that queuing can delay + forwarding a packet to the controller by up to 250 ms. +

    +     + + +

    + These values report the effects of rate limiting. Their values are + relative to establishment of the most recent OpenFlow connection, + or since rate limiting was enabled, whichever happened more + recently. Each consists of two values, one with TYPE + replaced by miss for rate limiting flow table misses, + and the other with TYPE replaced by + action for rate limiting packets sent by OpenFlow + actions. +

    + +

    + These statistics are reported only when controller rate limiting is + enabled. +

    + + + Number of packets sent directly to the controller, without queuing, + because the rate did not exceed the configured maximum. + + + + Number of packets added to the queue to send later. + + + + Number of packets added to the queue that were later dropped due to + overflow. This value is less than or equal to . + + + + Number of packets currently queued. The other statistics increase + monotonically, but this one fluctuates between 0 and the as conditions change. + +     +     @@ -2687,7 +3568,7 @@
    Equivalent to other, except that there may be at most one master controller at a time. When a controller configures itself as master, any existing master is demoted to - the slaverole.
    + the slave role.
    slave
    Allows the controller read-only access to OpenFlow features. Attempts to modify the flow table will be rejected with an @@ -2804,37 +3685,60 @@
    ssl:ip[:port]

    - The specified SSL port (default: 6632) on the host at - the given ip, which must be expressed as an IP address - (not a DNS name). The - column in the table must point to a - valid SSL configuration when this form is used. + The specified SSL port on the host at the given + ip, which must be expressed as an IP address + (not a DNS name). The column in the + table must point to a valid SSL configuration when this + form is used.

    - SSL support is an optional feature that is not always built as - part of Open vSwitch. + If port is not specified, it currently defaults + to 6632. In the future, the default will change to 6640, + which is the IANA-defined value. +

    +

    + SSL support is an optional feature that is not always + built as part of Open vSwitch.

    tcp:ip[:port]
    - The specified TCP port (default: 6632) on the host at - the given ip, which must be expressed as an IP address - (not a DNS name). +

    + The specified TCP port on the host at the given + ip, which must be expressed as an IP address (not a + DNS name), where ip can be IPv4 or IPv6 address. If + ip is an IPv6 address, wrap it in square brackets, + e.g. tcp:[::1]:6632. +

    +

    + If port is not specified, it currently defaults + to 6632. In the future, the default will change to 6640, + which is the IANA-defined value. +

    pssl:[port][:ip]

    - Listens for SSL connections on the specified TCP port - (default: 6632). If ip, which must be expressed as an - IP address (not a DNS name), is specified, then connections are - restricted to the specified local IP address. -

    -

    + Listens for SSL connections on the specified TCP port. + Specify 0 for port to have the kernel automatically + choose an available port. If ip, which must be + expressed as an IP address (not a DNS name), is specified, then + connections are restricted to the specified local IP address + (either IPv4 or IPv6 address). If ip is an IPv6 + address, wrap in square brackets, + e.g. pssl:6632:[::1]. If ip is not + specified then it listens only on IPv4 (but not IPv6) addresses. The column in the table must point to a valid SSL configuration when this form is used.

    +

    + If port is not specified, it currently defaults + to 6632. In the future, the default will change to 6640, + which is the IANA-defined value. +

    SSL support is an optional feature that is not always built as part of Open vSwitch. @@ -2842,10 +3746,22 @@

    ptcp:[port][:ip]
    - Listens for connections on the specified TCP port - (default: 6632). If ip, which must be expressed as an - IP address (not a DNS name), is specified, then connections are - restricted to the specified local IP address. +

    + Listens for connections on the specified TCP port. + Specify 0 for port to have the kernel automatically + choose an available port. If ip, which must be + expressed as an IP address (not a DNS name), is specified, then + connections are restricted to the specified local IP address + (either IPv4 or IPv6 address). If ip is an IPv6 + address, wrap it in square brackets, + e.g. ptcp:6632:[::1]. If ip is not + specified then it listens only on IPv4 addresses. +

    +

    + If port is not specified, it currently defaults + to 6632. In the future, the default will change to 6640, + which is the IANA-defined value. +

    When multiple managers are configured, the @@ -2989,6 +3905,14 @@ chosen connection.

    + + + When is ptcp: or + pssl:, this is the TCP port on which the OVSDB server is + listening. (This is is particularly useful when specifies a port of 0, allowing the kernel to + choose any available port.) +     @@ -3108,8 +4032,8 @@
    -

    An sFlow(R) target. sFlow is a protocol for remote monitoring - of switches.

    +

    A set of sFlow(R) targets. sFlow is a protocol for remote + monitoring of switches.

    Name of the network device whose IP address should be reported as the @@ -3150,4 +4074,182 @@
    + +

    A set of IPFIX collectors. IPFIX is a protocol that exports a + number of details about flows.

    + + + IPFIX target collectors in the form + ip:port. + + + + For per-bridge packet sampling, i.e. when this row is referenced + from a , the rate at which packets should + be sampled and sent to each target collector. If not specified, + defaults to 400, which means one out of 400 packets, on average, + will be sent to each target collector. Ignored for per-flow + sampling, i.e. when this row is referenced from a . + + + + For per-bridge packet sampling, i.e. when this row is referenced + from a , the IPFIX Observation Domain ID + sent in each IPFIX packet. If not specified, defaults to 0. + Ignored for per-flow sampling, i.e. when this row is referenced + from a . + + + + For per-bridge packet sampling, i.e. when this row is referenced + from a , the IPFIX Observation Point ID + sent in each IPFIX flow record. If not specified, defaults to + 0. Ignored for per-flow sampling, i.e. when this row is + referenced from a . + + + + The maximum period in seconds for which an IPFIX flow record is + cached and aggregated before being sent. If not specified, + defaults to 0. If 0, caching is disabled. + + + + The maximum number of IPFIX flow records that can be cached at a + time. If not specified, defaults to 0. If 0, caching is + disabled. + + + +

    For per-bridge packet sampling, i.e. when this row is referenced + from a , enable sampling and reporting tunnel + header 7-tuples in IPFIX flow records. Disabled by default. + Ignored for per-flow sampling, i.e. when this row is referenced + from a .

    +

    Please note: The following enterprise entities are + currently used when exporting the sampled tunnel info.

    +
    +
    tunnelType:
    +
    +

    ID: 891, and enterprise ID 6876 (VMware).

    +

    type: unsigned 8-bit interger.

    +

    data type semantics: identifier.

    +

    description: Identifier of the layer 2 network overlay network + encapsulation type: 0x01 VxLAN, 0x02 GRE, 0x03 LISP, 0x05 IPsec+GRE, + 0x07 GENEVE.

    +
    +
    tunnelKey:
    +
    +

    ID: 892, and enterprise ID 6876 (VMware).

    +

    type: variable-length octetarray.

    +

    data type semantics: identifier.

    +

    description: Key which is used for identifying an individual + traffic flow within a VxLAN (24-bit VNI), GENEVE(24-bit VNI), + GRE (32- or 64-bit key), or LISP (24-bit instance ID) tunnel. The + key is encoded in this octetarray as a 3-, 4-, or 8-byte integer + ID in network byte order.

    +
    +
    tunnelSourceIPv4Address:
    +
    +

    ID: 893, and enterprise ID 6876 (VMware).

    +

    type: unsigned 32-bit interger.

    +

    data type semantics: identifier.

    +

    description: The IPv4 source address in the tunnel IP packet + header.

    +
    +
    tunnelDestinationIPv4Address:
    +
    +

    ID: 894, and enterprise ID 6876 (VMware).

    +

    type: unsigned 32-bit integer.

    +

    data type semantics: identifier.

    +

    description: The IPv4 destination address in the tunnel IP + packet header.

    +
    +
    tunnelProtocolIdentifier:
    +
    +

    ID: 895, and enterprise ID 6876 (VMware).

    +

    type: unsigned 8-bit integer.

    +

    data type semantics: identifier.

    +

    description: The value of the protocol number in the tunnel + IP packet header. The protocol number identifies the tunnel IP + packet payload type.

    +
    +
    tunnelSourceTransportPort:
    +
    +

    ID: 896, and enterprise ID 6876 (VMware).

    +

    type: unsigned 16-bit integer.

    +

    data type semantics: identifier.

    +

    description: The source port identifier in the tunnel transport + header. For the transport protocols UDP, TCP, and SCTP, this is + the source port number given in the respective header.

    +
    +
    tunnelDestinationTransportPort:
    +
    +

    ID: 897, and enterprise ID 6876 (VMware).

    +

    type: unsigned 16-bit integer.

    +

    data type semantics: identifier.

    +

    description: The destination port identifier in the tunnel + transport header. For the transport protocols UDP, TCP, and SCTP, + this is the destination port number given in the respective header. +

    +
    +
    +     + + + For per-bridge packet sampling, i.e. when this row is referenced + from a , enable sampling and reporting flows + at bridge port input in IPFIX flow records. Enabled by default. + Ignored for per-flow sampling, i.e. when this row is referenced + from a . + + + + For per-bridge packet sampling, i.e. when this row is referenced + from a , enable sampling and reporting flows + at bridge port output in IPFIX flow records. Enabled by default. + Ignored for per-flow sampling, i.e. when this row is referenced + from a . + + + + The overall purpose of these columns is described under Common + Columns at the beginning of this document. + + + +
    + + +

    A set of IPFIX collectors of packet samples generated by + OpenFlow sample actions.

    + + + The ID of this collector set, unique among the bridge's + collector sets, to be used as the collector_set_id + in OpenFlow sample actions. + + + + The bridge into which OpenFlow sample actions can + be added to send packet samples to this set of IPFIX collectors. + + + + Configuration of the set of IPFIX collectors to send one flow + record per sampled packet to. + + + + The overall purpose of these columns is described under Common + Columns at the beginning of this document. + + + +
    +