1 <?xml version="1.0" encoding="utf-8"?>
2 <database name="ovs-vswitchd.conf.db" title="Open vSwitch Configuration Database">
4 A database with this schema holds the configuration for one Open
5 vSwitch daemon. The top-level configuration for the daemon is the
6 <ref table="Open_vSwitch"/> table, which must have exactly one
7 record. Records in other tables are significant only when they
8 can be reached directly or indirectly from the <ref
9 table="Open_vSwitch"/> table. Records that are not reachable from
10 the <ref table="Open_vSwitch"/> table are automatically deleted
11 from the database, except for records in a few distinguished
15 <h2>Common Columns</h2>
18 Most tables contain two special columns, named <code>other_config</code>
19 and <code>external_ids</code>. These columns have the same form and
20 purpose each place that they appear, so we describe them here to save space
25 <dt><code>other_config</code>: map of string-string pairs</dt>
28 Key-value pairs for configuring rarely used features. Supported keys,
29 along with the forms taken by their values, are documented individually
33 A few tables do not have <code>other_config</code> columns because no
34 key-value pairs have yet been defined for them.
38 <dt><code>external_ids</code>: map of string-string pairs</dt>
40 Key-value pairs for use by external frameworks that integrate with Open
41 vSwitch, rather than by Open vSwitch itself. System integrators should
42 either use the Open vSwitch development mailing list to coordinate on
43 common key-value definitions, or choose key names that are likely to be
44 unique. In some cases, where key-value pairs have been defined that are
45 likely to be widely useful, they are documented individually for each
50 <table name="Open_vSwitch" title="Open vSwitch configuration.">
51 Configuration for an Open vSwitch daemon. There must be exactly
52 one record in the <ref table="Open_vSwitch"/> table.
54 <group title="Configuration">
55 <column name="bridges">
56 Set of bridges managed by the daemon.
60 SSL used globally by the daemon.
63 <column name="external_ids" key="system-id">
64 A unique identifier for the Open vSwitch's physical host.
65 The form of the identifier depends on the type of the host.
66 On a Citrix XenServer, this will likely be the same as
67 <ref column="external_ids" key="xs-system-uuid"/>.
70 <column name="external_ids" key="xs-system-uuid">
71 The Citrix XenServer universally unique identifier for the physical
72 host as displayed by <code>xe host-list</code>.
75 <column name="other_config" key="stats-update-interval"
76 type='{"type": "integer", "minInteger": 5000}'>
78 Interval for updating statistics to the database, in milliseconds.
79 This option will affect the update of the <code>statistics</code>
80 column in the following tables: <code>Port</code>, <code>Interface
81 </code>, <code>Mirror</code>.
84 Default value is 5000 ms.
87 Getting statistics more frequently can be achieved via OpenFlow.
91 <column name="other_config" key="flow-restore-wait"
92 type='{"type": "boolean"}'>
94 When <code>ovs-vswitchd</code> starts up, it has an empty flow table
95 and therefore it handles all arriving packets in its default fashion
96 according to its configuration, by dropping them or sending them to
97 an OpenFlow controller or switching them as a standalone switch.
98 This behavior is ordinarily desirable. However, if
99 <code>ovs-vswitchd</code> is restarting as part of a ``hot-upgrade,''
100 then this leads to a relatively long period during which packets are
104 This option allows for improvement. When <code>ovs-vswitchd</code>
105 starts with this value set as <code>true</code>, it will neither
106 flush or expire previously set datapath flows nor will it send and
107 receive any packets to or from the datapath. When this value is
108 later set to <code>false</code>, <code>ovs-vswitchd</code> will
109 start receiving packets from the datapath and re-setup the flows.
112 Thus, with this option, the procedure for a hot-upgrade of
113 <code>ovs-vswitchd</code> becomes roughly the following:
117 Stop <code>ovs-vswitchd</code>.
120 Set <ref column="other_config" key="flow-restore-wait"/>
121 to <code>true</code>.
124 Start <code>ovs-vswitchd</code>.
127 Use <code>ovs-ofctl</code> (or some other program, such as an
128 OpenFlow controller) to restore the OpenFlow flow table
129 to the desired state.
132 Set <ref column="other_config" key="flow-restore-wait"/>
133 to <code>false</code> (or remove it entirely from the database).
137 The <code>ovs-ctl</code>'s ``restart'' and ``force-reload-kmod''
138 functions use the above config option during hot upgrades.
142 <column name="other_config" key="flow-limit"
143 type='{"type": "integer", "minInteger": 0}'>
146 number of flows allowed in the datapath flow table. Internally OVS
147 will choose a flow limit which will likely be lower than this number,
148 based on real time network conditions.
151 The default is 200000.
155 <column name="other_config" key="n-dpdk-rxqs"
156 type='{"type": "integer", "minInteger": 1}'>
158 Specifies the number of rx queues to be created for each dpdk
159 interface. If not specified or specified to 0, one rx queue will
160 be created for each dpdk interface by default.
164 <column name="other_config" key="pmd-cpu-mask">
166 Specifies CPU mask for setting the cpu affinity of PMD (Poll
167 Mode Driver) threads. Value should be in the form of hex string,
168 similar to the dpdk EAL '-c COREMASK' option input or the 'taskset'
172 The lowest order bit corresponds to the first CPU core. A set bit
173 means the corresponding core is available and a pmd thread will be
174 created and pinned to it. If the input does not cover all cores,
175 those uncovered cores are considered not set.
178 If not specified, one pmd thread will be created for each numa node
179 and pinned to any available core on the numa node by default.
183 <column name="other_config" key="n-handler-threads"
184 type='{"type": "integer", "minInteger": 1}'>
186 Specifies the number of threads for software datapaths to use for
187 handling new flows. The default the number of online CPU cores minus
188 the number of revalidators.
191 This configuration is per datapath. If you have more than one
192 software datapath (e.g. some <code>system</code> bridges and some
193 <code>netdev</code> bridges), then the total number of threads is
194 <code>n-handler-threads</code> times the number of software
199 <column name="other_config" key="n-revalidator-threads"
200 type='{"type": "integer", "minInteger": 1}'>
202 Specifies the number of threads for software datapaths to use for
203 revalidating flows in the datapath. Typically, there is a direct
204 correlation between the number of revalidator threads, and the number
205 of flows allowed in the datapath. The default is the number of cpu
206 cores divided by four plus one. If <code>n-handler-threads</code> is
207 set, the default changes to the number of cpu cores minus the number
211 This configuration is per datapath. If you have more than one
212 software datapath (e.g. some <code>system</code> bridges and some
213 <code>netdev</code> bridges), then the total number of threads is
214 <code>n-handler-threads</code> times the number of software
220 <group title="Status">
221 <column name="next_cfg">
222 Sequence number for client to increment. When a client modifies
223 any part of the database configuration and wishes to wait for
224 Open vSwitch to finish applying the changes, it may increment
225 this sequence number.
228 <column name="cur_cfg">
229 Sequence number that Open vSwitch sets to the current value of
230 <ref column="next_cfg"/> after it finishes applying a set of
231 configuration changes.
234 <group title="Statistics">
236 The <code>statistics</code> column contains key-value pairs that
237 report statistics about a system running an Open vSwitch. These are
238 updated periodically (currently, every 5 seconds). Key-value pairs
239 that cannot be determined or that do not apply to a platform are
243 <column name="other_config" key="enable-statistics"
244 type='{"type": "boolean"}'>
245 Statistics are disabled by default to avoid overhead in the common
246 case when statistics gathering is not useful. Set this value to
247 <code>true</code> to enable populating the <ref column="statistics"/>
248 column or to <code>false</code> to explicitly disable it.
251 <column name="statistics" key="cpu"
252 type='{"type": "integer", "minInteger": 1}'>
254 Number of CPU processors, threads, or cores currently online and
255 available to the operating system on which Open vSwitch is running,
256 as an integer. This may be less than the number installed, if some
257 are not online or if they are not available to the operating
261 Open vSwitch userspace processes are not multithreaded, but the
262 Linux kernel-based datapath is.
266 <column name="statistics" key="load_average">
267 A comma-separated list of three floating-point numbers,
268 representing the system load average over the last 1, 5, and 15
269 minutes, respectively.
272 <column name="statistics" key="memory">
274 A comma-separated list of integers, each of which represents a
275 quantity of memory in kilobytes that describes the operating
276 system on which Open vSwitch is running. In respective order,
281 <li>Total amount of RAM allocated to the OS.</li>
282 <li>RAM allocated to the OS that is in use.</li>
283 <li>RAM that can be flushed out to disk or otherwise discarded
284 if that space is needed for another purpose. This number is
285 necessarily less than or equal to the previous value.</li>
286 <li>Total disk space allocated for swap.</li>
287 <li>Swap space currently in use.</li>
291 On Linux, all five values can be determined and are included. On
292 other operating systems, only the first two values can be
293 determined, so the list will only have two values.
297 <column name="statistics" key="process_NAME">
299 One such key-value pair, with <code>NAME</code> replaced by
300 a process name, will exist for each running Open vSwitch
301 daemon process, with <var>name</var> replaced by the
302 daemon's name (e.g. <code>process_ovs-vswitchd</code>). The
303 value is a comma-separated list of integers. The integers
304 represent the following, with memory measured in kilobytes
305 and durations in milliseconds:
309 <li>The process's virtual memory size.</li>
310 <li>The process's resident set size.</li>
311 <li>The amount of user and system CPU time consumed by the
313 <li>The number of times that the process has crashed and been
314 automatically restarted by the monitor.</li>
315 <li>The duration since the process was started.</li>
316 <li>The duration for which the process has been running.</li>
320 The interpretation of some of these values depends on whether the
321 process was started with the <option>--monitor</option>. If it
322 was not, then the crash count will always be 0 and the two
323 durations will always be the same. If <option>--monitor</option>
324 was given, then the crash count may be positive; if it is, the
325 latter duration is the amount of time since the most recent crash
330 There will be one key-value pair for each file in Open vSwitch's
331 ``run directory'' (usually <code>/var/run/openvswitch</code>)
332 whose name ends in <code>.pid</code>, whose contents are a
333 process ID, and which is locked by a running process. The
334 <var>name</var> is taken from the pidfile's name.
338 Currently Open vSwitch is only able to obtain all of the above
339 detail on Linux systems. On other systems, the same key-value
340 pairs will be present but the values will always be the empty
345 <column name="statistics" key="file_systems">
347 A space-separated list of information on local, writable file
348 systems. Each item in the list describes one file system and
349 consists in turn of a comma-separated list of the following:
353 <li>Mount point, e.g. <code>/</code> or <code>/var/log</code>.
354 Any spaces or commas in the mount point are replaced by
356 <li>Total size, in kilobytes, as an integer.</li>
357 <li>Amount of storage in use, in kilobytes, as an integer.</li>
361 This key-value pair is omitted if there are no local, writable
362 file systems or if Open vSwitch cannot obtain the needed
369 <group title="Version Reporting">
371 These columns report the types and versions of the hardware and
372 software running Open vSwitch. We recommend in general that software
373 should test whether specific features are supported instead of relying
374 on version number checks. These values are primarily intended for
375 reporting to human administrators.
378 <column name="ovs_version">
379 The Open vSwitch version number, e.g. <code>1.1.0</code>.
382 <column name="db_version">
384 The database schema version number in the form
385 <code><var>major</var>.<var>minor</var>.<var>tweak</var></code>,
386 e.g. <code>1.2.3</code>. Whenever the database schema is changed in
387 a non-backward compatible way (e.g. deleting a column or a table),
388 <var>major</var> is incremented. When the database schema is changed
389 in a backward compatible way (e.g. adding a new column),
390 <var>minor</var> is incremented. When the database schema is changed
391 cosmetically (e.g. reindenting its syntax), <var>tweak</var> is
396 The schema version is part of the database schema, so it can also be
397 retrieved by fetching the schema using the Open vSwitch database
402 <column name="system_type">
404 An identifier for the type of system on top of which Open vSwitch
405 runs, e.g. <code>XenServer</code> or <code>KVM</code>.
408 System integrators are responsible for choosing and setting an
409 appropriate value for this column.
413 <column name="system_version">
415 The version of the system identified by <ref column="system_type"/>,
416 e.g. <code>5.6.100-39265p</code> on XenServer 5.6.100 build 39265.
419 System integrators are responsible for choosing and setting an
420 appropriate value for this column.
426 <group title="Database Configuration">
428 These columns primarily configure the Open vSwitch database
429 (<code>ovsdb-server</code>), not the Open vSwitch switch
430 (<code>ovs-vswitchd</code>). The OVSDB database also uses the <ref
431 column="ssl"/> settings.
435 The Open vSwitch switch does read the database configuration to
436 determine remote IP addresses to which in-band control should apply.
439 <column name="manager_options">
440 Database clients to which the Open vSwitch database server should
441 connect or to which it should listen, along with options for how these
442 connection should be configured. See the <ref table="Manager"/> table
443 for more information.
447 <group title="Common Columns">
448 The overall purpose of these columns is described under <code>Common
449 Columns</code> at the beginning of this document.
451 <column name="other_config"/>
452 <column name="external_ids"/>
456 <table name="Bridge">
458 Configuration for a bridge within an
459 <ref table="Open_vSwitch"/>.
462 A <ref table="Bridge"/> record represents an Ethernet switch with one or
463 more ``ports,'' which are the <ref table="Port"/> records pointed to by
464 the <ref table="Bridge"/>'s <ref column="ports"/> column.
467 <group title="Core Features">
469 Bridge identifier. Should be alphanumeric and no more than about 8
470 bytes long. Must be unique among the names of ports, interfaces, and
474 <column name="ports">
475 Ports included in the bridge.
478 <column name="mirrors">
479 Port mirroring configuration.
482 <column name="netflow">
483 NetFlow configuration.
486 <column name="sflow">
487 sFlow(R) configuration.
490 <column name="ipfix">
494 <column name="flood_vlans">
496 VLAN IDs of VLANs on which MAC address learning should be disabled,
497 so that packets are flooded instead of being sent to specific ports
498 that are believed to contain packets' destination MACs. This should
499 ordinarily be used to disable MAC learning on VLANs used for
500 mirroring (RSPAN VLANs). It may also be useful for debugging.
503 SLB bonding (see the <ref table="Port" column="bond_mode"/> column in
504 the <ref table="Port"/> table) is incompatible with
505 <code>flood_vlans</code>. Consider using another bonding mode or
506 a different type of mirror instead.
510 <column name="auto_attach">
511 Auto Attach configuration.
515 <group title="OpenFlow Configuration">
516 <column name="controller">
518 OpenFlow controller set. If unset, then no OpenFlow controllers
523 If there are primary controllers, removing all of them clears the
524 flow table. If there are no primary controllers, adding one also
525 clears the flow table. Other changes to the set of controllers, such
526 as adding or removing a service controller, adding another primary
527 controller to supplement an existing primary controller, or removing
528 only one of two primary controllers, have no effect on the flow
533 <column name="flow_tables">
534 Configuration for OpenFlow tables. Each pair maps from an OpenFlow
535 table ID to configuration for that table.
538 <column name="fail_mode">
539 <p>When a controller is configured, it is, ordinarily, responsible
540 for setting up all flows on the switch. Thus, if the connection to
541 the controller fails, no new network connections can be set up.
542 If the connection to the controller stays down long enough,
543 no packets can pass through the switch at all. This setting
544 determines the switch's response to such a situation. It may be set
545 to one of the following:
547 <dt><code>standalone</code></dt>
548 <dd>If no message is received from the controller for three
549 times the inactivity probe interval
550 (see <ref column="inactivity_probe"/>), then Open vSwitch
551 will take over responsibility for setting up flows. In
552 this mode, Open vSwitch causes the bridge to act like an
553 ordinary MAC-learning switch. Open vSwitch will continue
554 to retry connecting to the controller in the background
555 and, when the connection succeeds, it will discontinue its
556 standalone behavior.</dd>
557 <dt><code>secure</code></dt>
558 <dd>Open vSwitch will not set up flows on its own when the
559 controller connection fails or when no controllers are
560 defined. The bridge will continue to retry connecting to
561 any defined controllers forever.</dd>
565 The default is <code>standalone</code> if the value is unset, but
566 future versions of Open vSwitch may change the default.
569 The <code>standalone</code> mode can create forwarding loops on a
570 bridge that has more than one uplink port unless STP is enabled. To
571 avoid loops on such a bridge, configure <code>secure</code> mode or
572 enable STP (see <ref column="stp_enable"/>).
574 <p>When more than one controller is configured,
575 <ref column="fail_mode"/> is considered only when none of the
576 configured controllers can be contacted.</p>
578 Changing <ref column="fail_mode"/> when no primary controllers are
579 configured clears the flow table.
583 <column name="datapath_id">
584 Reports the OpenFlow datapath ID in use. Exactly 16 hex digits.
585 (Setting this column has no useful effect. Set <ref
586 column="other-config" key="datapath-id"/> instead.)
589 <column name="datapath_version">
591 Reports the version number of the Open vSwitch datapath in use.
592 This allows management software to detect and report discrepancies
593 between Open vSwitch userspace and datapath versions. (The <ref
594 column="ovs_version" table="Open_vSwitch"/> column in the <ref
595 table="Open_vSwitch"/> reports the Open vSwitch userspace version.)
596 The version reported depends on the datapath in use:
601 When the kernel module included in the Open vSwitch source tree is
602 used, this column reports the Open vSwitch version from which the
607 When the kernel module that is part of the upstream Linux kernel is
608 used, this column reports <code><unknown></code>.
612 When the datapath is built into the <code>ovs-vswitchd</code>
613 binary, this column reports <code><built-in></code>. A
614 built-in datapath is by definition the same version as the rest of
615 the Open VSwitch userspace.
619 Other datapaths (such as the Hyper-V kernel datapath) currently
620 report <code><unknown></code>.
625 A version discrepancy between <code>ovs-vswitchd</code> and the
626 datapath in use is not normally cause for alarm. The Open vSwitch
627 kernel datapaths for Linux and Hyper-V, in particular, are designed
628 for maximum inter-version compatibility: any userspace version works
629 with with any kernel version. Some reasons do exist to insist on
630 particular user/kernel pairings. First, newer kernel versions add
631 new features, that can only be used by new-enough userspace, e.g.
632 VXLAN tunneling requires certain minimal userspace and kernel
633 versions. Second, as an extension to the first reason, some newer
634 kernel versions add new features for enhancing performance that only
635 new-enough userspace versions can take advantage of.
639 <column name="other_config" key="datapath-id">
640 Exactly 16 hex digits to set the OpenFlow datapath ID to a specific
641 value. May not be all-zero.
644 <column name="other_config" key="dp-desc">
645 Human readable description of datapath. It it a maximum 256
646 byte-long free-form string to describe the datapath for
647 debugging purposes, e.g. <code>switch3 in room 3120</code>.
650 <column name="other_config" key="disable-in-band"
651 type='{"type": "boolean"}'>
652 If set to <code>true</code>, disable in-band control on the bridge
653 regardless of controller and manager settings.
656 <column name="other_config" key="in-band-queue"
657 type='{"type": "integer", "minInteger": 0, "maxInteger": 4294967295}'>
658 A queue ID as a nonnegative integer. This sets the OpenFlow queue ID
659 that will be used by flows set up by in-band control on this bridge.
660 If unset, or if the port used by an in-band control flow does not have
661 QoS configured, or if the port does not have a queue with the specified
662 ID, the default queue is used instead.
665 <column name="protocols">
667 List of OpenFlow protocols that may be used when negotiating
668 a connection with a controller. OpenFlow 1.0, 1.1, 1.2, and
669 1.3 are enabled by default if this column is empty.
673 OpenFlow 1.4 is not enabled by default because its implementation is
678 OpenFlow 1.5 has the same risks as OpenFlow 1.4, but it is even more
679 experimental because the OpenFlow 1.5 specification is still under
680 development and thus subject to change. Pass
681 <code>--enable-of15</code> to <code>ovs-vswitchd</code> to allow
682 OpenFlow 1.5 to be enabled.
687 <group title="Spanning Tree Configuration">
689 The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol
690 that ensures loop-free topologies. It allows redundant links to
691 be included in the network to provide automatic backup paths if
692 the active links fails.
696 These settings configure the slower-to-converge but still widely
697 supported version of Spanning Tree Protocol, sometimes known as
698 802.1D-1998. Open vSwitch also supports the newer Rapid Spanning Tree
699 Protocol (RSTP), documented later in the section titled <code>Rapid
700 Spanning Tree Configuration</code>.
703 <group title="STP Configuration">
704 <column name="stp_enable" type='{"type": "boolean"}'>
706 Enable spanning tree on the bridge. By default, STP is disabled
707 on bridges. Bond, internal, and mirror ports are not supported
708 and will not participate in the spanning tree.
712 STP and RSTP are mutually exclusive. If both are enabled, RSTP
717 <column name="other_config" key="stp-system-id">
718 The bridge's STP identifier (the lower 48 bits of the bridge-id)
720 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
721 By default, the identifier is the MAC address of the bridge.
724 <column name="other_config" key="stp-priority"
725 type='{"type": "integer", "minInteger": 0, "maxInteger": 65535}'>
726 The bridge's relative priority value for determining the root
727 bridge (the upper 16 bits of the bridge-id). A bridge with the
728 lowest bridge-id is elected the root. By default, the priority
732 <column name="other_config" key="stp-hello-time"
733 type='{"type": "integer", "minInteger": 1, "maxInteger": 10}'>
734 The interval between transmissions of hello messages by
735 designated ports, in seconds. By default the hello interval is
739 <column name="other_config" key="stp-max-age"
740 type='{"type": "integer", "minInteger": 6, "maxInteger": 40}'>
741 The maximum age of the information transmitted by the bridge
742 when it is the root bridge, in seconds. By default, the maximum
746 <column name="other_config" key="stp-forward-delay"
747 type='{"type": "integer", "minInteger": 4, "maxInteger": 30}'>
748 The delay to wait between transitioning root and designated
749 ports to <code>forwarding</code>, in seconds. By default, the
750 forwarding delay is 15 seconds.
753 <column name="other_config" key="mcast-snooping-aging-time"
754 type='{"type": "integer", "minInteger": 1}'>
756 The maximum number of seconds to retain a multicast snooping entry for
757 which no packets have been seen. The default is currently 300
758 seconds (5 minutes). The value, if specified, is forced into a
759 reasonable range, currently 15 to 3600 seconds.
763 <column name="other_config" key="mcast-snooping-table-size"
764 type='{"type": "integer", "minInteger": 1}'>
766 The maximum number of multicast snooping addresses to learn. The
767 default is currently 2048. The value, if specified, is forced into
768 a reasonable range, currently 10 to 1,000,000.
771 <column name="other_config" key="mcast-snooping-disable-flood-unregistered"
772 type='{"type": "boolean"}'>
774 If set to <code>false</code>, unregistered multicast packets are forwarded
776 If set to <code>true</code>, unregistered multicast packets are forwarded
777 to ports connected to multicast routers.
782 <group title="STP Status">
784 These key-value pairs report the status of 802.1D-1998. They are
785 present only if STP is enabled (via the <ref column="stp_enable"/>
788 <column name="status" key="stp_bridge_id">
789 The bridge ID used in spanning tree advertisements, in the form
790 <var>xxxx</var>.<var>yyyyyyyyyyyy</var> where the <var>x</var>s are
791 the STP priority, the <var>y</var>s are the STP system ID, and each
792 <var>x</var> and <var>y</var> is a hex digit.
794 <column name="status" key="stp_designated_root">
795 The designated root for this spanning tree, in the same form as <ref
796 column="status" key="stp_bridge_id"/>. If this bridge is the root,
797 this will have the same value as <ref column="status"
798 key="stp_bridge_id"/>, otherwise it will differ.
800 <column name="status" key="stp_root_path_cost">
801 The path cost of reaching the designated bridge. A lower number is
802 better. The value is 0 if this bridge is the root, otherwise it is
808 <group title="Rapid Spanning Tree">
810 Rapid Spanning Tree Protocol (RSTP), like STP, is a network protocol
811 that ensures loop-free topologies. RSTP superseded STP with the
812 publication of 802.1D-2004. Compared to STP, RSTP converges more
813 quickly and recovers more quickly from failures.
816 <group title="RSTP Configuration">
817 <column name="rstp_enable" type='{"type": "boolean"}'>
819 Enable Rapid Spanning Tree on the bridge. By default, RSTP is disabled
820 on bridges. Bond, internal, and mirror ports are not supported
821 and will not participate in the spanning tree.
825 STP and RSTP are mutually exclusive. If both are enabled, RSTP
830 <column name="other_config" key="rstp-address">
831 The bridge's RSTP address (the lower 48 bits of the bridge-id)
833 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
834 By default, the address is the MAC address of the bridge.
837 <column name="other_config" key="rstp-priority"
838 type='{"type": "integer", "minInteger": 0, "maxInteger": 61440}'>
839 The bridge's relative priority value for determining the root
840 bridge (the upper 16 bits of the bridge-id). A bridge with the
841 lowest bridge-id is elected the root. By default, the priority
842 is 0x8000 (32768). This value needs to be a multiple of 4096,
843 otherwise it's rounded to the nearest inferior one.
846 <column name="other_config" key="rstp-ageing-time"
847 type='{"type": "integer", "minInteger": 10, "maxInteger": 1000000}'>
848 The Ageing Time parameter for the Bridge. The default value
852 <column name="other_config" key="rstp-force-protocol-version"
853 type='{"type": "integer"}'>
854 The Force Protocol Version parameter for the Bridge. This
855 can take the value 0 (STP Compatibility mode) or 2
856 (the default, normal operation).
859 <column name="other_config" key="rstp-max-age"
860 type='{"type": "integer", "minInteger": 6, "maxInteger": 40}'>
861 The maximum age of the information transmitted by the Bridge
862 when it is the Root Bridge. The default value is 20.
865 <column name="other_config" key="rstp-forward-delay"
866 type='{"type": "integer", "minInteger": 4, "maxInteger": 30}'>
867 The delay used by STP Bridges to transition Root and Designated
868 Ports to Forwarding. The default value is 15.
871 <column name="other_config" key="rstp-transmit-hold-count"
872 type='{"type": "integer", "minInteger": 1, "maxInteger": 10}'>
873 The Transmit Hold Count used by the Port Transmit state machine
874 to limit transmission rate. The default value is 6.
878 <group title="RSTP Status">
880 These key-value pairs report the status of 802.1D-2004. They are
881 present only if RSTP is enabled (via the <ref column="rstp_enable"/>
884 <column name="rstp_status" key="rstp_bridge_id">
885 The bridge ID used in rapid spanning tree advertisements, in the form
886 <var>x</var>.<var>yyy</var>.<var>zzzzzzzzzzzz</var> where
887 <var>x</var> is the RSTP priority, the <var>y</var>s are a locally
888 assigned system ID extension, the <var>z</var>s are the STP system
889 ID, and each <var>x</var>, <var>y</var>, or <var>z</var> is a hex
892 <column name="rstp_status" key="rstp_root_id">
893 The root of this spanning tree, in the same form as <ref
894 column="rstp_status" key="rstp_bridge_id"/>. If this bridge is the
895 root, this will have the same value as <ref column="rstp_status"
896 key="rstp_bridge_id"/>, otherwise it will differ.
898 <column name="rstp_status" key="rstp_root_path_cost"
899 type='{"type": "integer", "minInteger": 0}'>
900 The path cost of reaching the root. A lower number is better. The
901 value is 0 if this bridge is the root, otherwise it is higher.
903 <column name="rstp_status" key="rstp_designated_id">
904 The RSTP designated ID, in the same form as <ref column="rstp_status"
905 key="rstp_bridge_id"/>.
907 <column name="rstp_status" key="rstp_designated_port_id">
908 The RSTP designated port ID, as a 4-digit hex number.
910 <column name="rstp_status" key="rstp_bridge_port_id">
911 The RSTP bridge port ID, as a 4-digit hex number.
916 <group title="Multicast Snooping Configuration">
917 Multicast snooping (RFC 4541) monitors the Internet Group Management
918 Protocol (IGMP) traffic between hosts and multicast routers. The
919 switch uses what IGMP snooping learns to forward multicast traffic
920 only to interfaces that are connected to interested receivers.
921 Currently it supports IGMPv1 and IGMPv2 protocols.
923 <column name="mcast_snooping_enable">
924 Enable multicast snooping on the bridge. For now, the default
929 <group title="Other Features">
930 <column name="datapath_type">
931 Name of datapath provider. The kernel datapath has
932 type <code>system</code>. The userspace datapath has
933 type <code>netdev</code>.
936 <column name="external_ids" key="bridge-id">
937 A unique identifier of the bridge. On Citrix XenServer this will
938 commonly be the same as
939 <ref column="external_ids" key="xs-network-uuids"/>.
942 <column name="external_ids" key="xs-network-uuids">
943 Semicolon-delimited set of universally unique identifier(s) for the
944 network with which this bridge is associated on a Citrix XenServer
945 host. The network identifiers are RFC 4122 UUIDs as displayed by,
946 e.g., <code>xe network-list</code>.
949 <column name="other_config" key="hwaddr">
950 An Ethernet address in the form
951 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
952 to set the hardware address of the local port and influence the
956 <column name="other_config" key="forward-bpdu"
957 type='{"type": "boolean"}'>
958 Option to allow forwarding of BPDU frames when NORMAL action is
959 invoked. Frames with reserved Ethernet addresses (e.g. STP
960 BPDU) will be forwarded when this option is enabled and the
961 switch is not providing that functionality. If STP is enabled
962 on the port, STP BPDUs will never be forwarded. If the Open
963 vSwitch bridge is used to connect different Ethernet networks,
964 and if Open vSwitch node does not run STP, then this option
965 should be enabled. Default is disabled, set to
966 <code>true</code> to enable.
968 The following destination MAC addresss will not be forwarded when this
971 <dt><code>01:80:c2:00:00:00</code></dt>
972 <dd>IEEE 802.1D Spanning Tree Protocol (STP).</dd>
974 <dt><code>01:80:c2:00:00:01</code></dt>
975 <dd>IEEE Pause frame.</dd>
977 <dt><code>01:80:c2:00:00:0<var>x</var></code></dt>
978 <dd>Other reserved protocols.</dd>
980 <dt><code>00:e0:2b:00:00:00</code></dt>
981 <dd>Extreme Discovery Protocol (EDP).</dd>
984 <code>00:e0:2b:00:00:04</code> and <code>00:e0:2b:00:00:06</code>
986 <dd>Ethernet Automatic Protection Switching (EAPS).</dd>
988 <dt><code>01:00:0c:cc:cc:cc</code></dt>
990 Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP),
991 Dynamic Trunking Protocol (DTP), Port Aggregation Protocol (PAgP),
995 <dt><code>01:00:0c:cc:cc:cd</code></dt>
996 <dd>Cisco Shared Spanning Tree Protocol PVSTP+.</dd>
998 <dt><code>01:00:0c:cd:cd:cd</code></dt>
999 <dd>Cisco STP Uplink Fast.</dd>
1001 <dt><code>01:00:0c:00:00:00</code></dt>
1002 <dd>Cisco Inter Switch Link.</dd>
1004 <dt><code>01:00:0c:cc:cc:c<var>x</var></code></dt>
1009 <column name="other_config" key="mac-aging-time"
1010 type='{"type": "integer", "minInteger": 1}'>
1012 The maximum number of seconds to retain a MAC learning entry for
1013 which no packets have been seen. The default is currently 300
1014 seconds (5 minutes). The value, if specified, is forced into a
1015 reasonable range, currently 15 to 3600 seconds.
1019 A short MAC aging time allows a network to more quickly detect that a
1020 host is no longer connected to a switch port. However, it also makes
1021 it more likely that packets will be flooded unnecessarily, when they
1022 are addressed to a connected host that rarely transmits packets. To
1023 reduce the incidence of unnecessary flooding, use a MAC aging time
1024 longer than the maximum interval at which a host will ordinarily
1029 <column name="other_config" key="mac-table-size"
1030 type='{"type": "integer", "minInteger": 1}'>
1032 The maximum number of MAC addresses to learn. The default is
1033 currently 2048. The value, if specified, is forced into a reasonable
1034 range, currently 10 to 1,000,000.
1039 <group title="Common Columns">
1040 The overall purpose of these columns is described under <code>Common
1041 Columns</code> at the beginning of this document.
1043 <column name="other_config"/>
1044 <column name="external_ids"/>
1048 <table name="Port" table="Port or bond configuration.">
1049 <p>A port within a <ref table="Bridge"/>.</p>
1050 <p>Most commonly, a port has exactly one ``interface,'' pointed to by its
1051 <ref column="interfaces"/> column. Such a port logically
1052 corresponds to a port on a physical Ethernet switch. A port
1053 with more than one interface is a ``bonded port'' (see
1054 <ref group="Bonding Configuration"/>).</p>
1055 <p>Some properties that one might think as belonging to a port are actually
1056 part of the port's <ref table="Interface"/> members.</p>
1058 <column name="name">
1059 Port name. Should be alphanumeric and no more than about 8
1060 bytes long. May be the same as the interface name, for
1061 non-bonded ports. Must otherwise be unique among the names of
1062 ports, interfaces, and bridges on a host.
1065 <column name="interfaces">
1066 The port's interfaces. If there is more than one, this is a
1070 <group title="VLAN Configuration">
1071 <p>Bridge ports support the following types of VLAN configuration:</p>
1076 A trunk port carries packets on one or more specified VLANs
1077 specified in the <ref column="trunks"/> column (often, on every
1078 VLAN). A packet that ingresses on a trunk port is in the VLAN
1079 specified in its 802.1Q header, or VLAN 0 if the packet has no
1080 802.1Q header. A packet that egresses through a trunk port will
1081 have an 802.1Q header if it has a nonzero VLAN ID.
1085 Any packet that ingresses on a trunk port tagged with a VLAN that
1086 the port does not trunk is dropped.
1093 An access port carries packets on exactly one VLAN specified in the
1094 <ref column="tag"/> column. Packets egressing on an access port
1095 have no 802.1Q header.
1099 Any packet with an 802.1Q header with a nonzero VLAN ID that
1100 ingresses on an access port is dropped, regardless of whether the
1101 VLAN ID in the header is the access port's VLAN ID.
1105 <dt>native-tagged</dt>
1107 A native-tagged port resembles a trunk port, with the exception that
1108 a packet without an 802.1Q header that ingresses on a native-tagged
1109 port is in the ``native VLAN'' (specified in the <ref column="tag"/>
1113 <dt>native-untagged</dt>
1115 A native-untagged port resembles a native-tagged port, with the
1116 exception that a packet that egresses on a native-untagged port in
1117 the native VLAN will not have an 802.1Q header.
1121 A packet will only egress through bridge ports that carry the VLAN of
1122 the packet, as described by the rules above.
1125 <column name="vlan_mode">
1127 The VLAN mode of the port, as described above. When this column is
1128 empty, a default mode is selected as follows:
1132 If <ref column="tag"/> contains a value, the port is an access
1133 port. The <ref column="trunks"/> column should be empty.
1136 Otherwise, the port is a trunk port. The <ref column="trunks"/>
1137 column value is honored if it is present.
1144 For an access port, the port's implicitly tagged VLAN. For a
1145 native-tagged or native-untagged port, the port's native VLAN. Must
1146 be empty if this is a trunk port.
1150 <column name="trunks">
1152 For a trunk, native-tagged, or native-untagged port, the 802.1Q VLAN
1153 or VLANs that this port trunks; if it is empty, then the port trunks
1154 all VLANs. Must be empty if this is an access port.
1157 A native-tagged or native-untagged port always trunks its native
1158 VLAN, regardless of whether <ref column="trunks"/> includes that
1163 <column name="other_config" key="priority-tags"
1164 type='{"type": "boolean"}'>
1166 An 802.1Q header contains two important pieces of information: a VLAN
1167 ID and a priority. A frame with a zero VLAN ID, called a
1168 ``priority-tagged'' frame, is supposed to be treated the same way as
1169 a frame without an 802.1Q header at all (except for the priority).
1173 However, some network elements ignore any frame that has 802.1Q
1174 header at all, even when the VLAN ID is zero. Therefore, by default
1175 Open vSwitch does not output priority-tagged frames, instead omitting
1176 the 802.1Q header entirely if the VLAN ID is zero. Set this key to
1177 <code>true</code> to enable priority-tagged frames on a port.
1181 Regardless of this setting, Open vSwitch omits the 802.1Q header on
1182 output if both the VLAN ID and priority would be zero.
1186 All frames output to native-tagged ports have a nonzero VLAN ID, so
1187 this setting is not meaningful on native-tagged ports.
1192 <group title="Bonding Configuration">
1193 <p>A port that has more than one interface is a ``bonded port.'' Bonding
1194 allows for load balancing and fail-over.</p>
1197 The following types of bonding will work with any kind of upstream
1198 switch. On the upstream switch, do not configure the interfaces as a
1203 <dt><code>balance-slb</code></dt>
1205 Balances flows among slaves based on source MAC address and output
1206 VLAN, with periodic rebalancing as traffic patterns change.
1209 <dt><code>active-backup</code></dt>
1211 Assigns all flows to one slave, failing over to a backup slave when
1212 the active slave is disabled. This is the only bonding mode in which
1213 interfaces may be plugged into different upstream switches.
1218 The following modes require the upstream switch to support 802.3ad with
1219 successful LACP negotiation. If LACP negotiation fails and
1220 other-config:lacp-fallback-ab is true, then <code>active-backup</code>
1225 <dt><code>balance-tcp</code></dt>
1227 Balances flows among slaves based on L2, L3, and L4 protocol
1228 information such as destination MAC address, IP address, and TCP
1233 <p>These columns apply only to bonded ports. Their values are
1234 otherwise ignored.</p>
1236 <column name="bond_mode">
1237 <p>The type of bonding used for a bonded port. Defaults to
1238 <code>active-backup</code> if unset.
1242 <column name="other_config" key="bond-hash-basis"
1243 type='{"type": "integer"}'>
1244 An integer hashed along with flows when choosing output slaves in load
1245 balanced bonds. When changed, all flows will be assigned different
1246 hash values possibly causing slave selection decisions to change. Does
1247 not affect bonding modes which do not employ load balancing such as
1248 <code>active-backup</code>.
1251 <group title="Link Failure Detection">
1253 An important part of link bonding is detecting that links are down so
1254 that they may be disabled. These settings determine how Open vSwitch
1255 detects link failure.
1258 <column name="other_config" key="bond-detect-mode"
1259 type='{"type": "string", "enum": ["set", ["carrier", "miimon"]]}'>
1260 The means used to detect link failures. Defaults to
1261 <code>carrier</code> which uses each interface's carrier to detect
1262 failures. When set to <code>miimon</code>, will check for failures
1263 by polling each interface's MII.
1266 <column name="other_config" key="bond-miimon-interval"
1267 type='{"type": "integer"}'>
1268 The interval, in milliseconds, between successive attempts to poll
1269 each interface's MII. Relevant only when <ref column="other_config"
1270 key="bond-detect-mode"/> is <code>miimon</code>.
1273 <column name="bond_updelay">
1275 The number of milliseconds for which the link must stay up on an
1276 interface before the interface is considered to be up. Specify
1277 <code>0</code> to enable the interface immediately.
1281 This setting is honored only when at least one bonded interface is
1282 already enabled. When no interfaces are enabled, then the first
1283 bond interface to come up is enabled immediately.
1287 <column name="bond_downdelay">
1288 The number of milliseconds for which the link must stay down on an
1289 interface before the interface is considered to be down. Specify
1290 <code>0</code> to disable the interface immediately.
1294 <group title="LACP Configuration">
1296 LACP, the Link Aggregation Control Protocol, is an IEEE standard that
1297 allows switches to automatically detect that they are connected by
1298 multiple links and aggregate across those links. These settings
1299 control LACP behavior.
1302 <column name="lacp">
1303 Configures LACP on this port. LACP allows directly connected
1304 switches to negotiate which links may be bonded. LACP may be enabled
1305 on non-bonded ports for the benefit of any switches they may be
1306 connected to. <code>active</code> ports are allowed to initiate LACP
1307 negotiations. <code>passive</code> ports are allowed to participate
1308 in LACP negotiations initiated by a remote switch, but not allowed to
1309 initiate such negotiations themselves. If LACP is enabled on a port
1310 whose partner switch does not support LACP, the bond will be
1311 disabled, unless other-config:lacp-fallback-ab is set to true.
1312 Defaults to <code>off</code> if unset.
1315 <column name="other_config" key="lacp-system-id">
1316 The LACP system ID of this <ref table="Port"/>. The system ID of a
1317 LACP bond is used to identify itself to its partners. Must be a
1318 nonzero MAC address. Defaults to the bridge Ethernet address if
1322 <column name="other_config" key="lacp-system-priority"
1323 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
1324 The LACP system priority of this <ref table="Port"/>. In LACP
1325 negotiations, link status decisions are made by the system with the
1326 numerically lower priority.
1329 <column name="other_config" key="lacp-time"
1330 type='{"type": "string", "enum": ["set", ["fast", "slow"]]}'>
1332 The LACP timing which should be used on this <ref table="Port"/>.
1333 By default <code>slow</code> is used. When configured to be
1334 <code>fast</code> LACP heartbeats are requested at a rate of once
1335 per second causing connectivity problems to be detected more
1336 quickly. In <code>slow</code> mode, heartbeats are requested at a
1337 rate of once every 30 seconds.
1341 <column name="other_config" key="lacp-fallback-ab"
1342 type='{"type": "boolean"}'>
1344 Determines the behavior of openvswitch bond in LACP mode. If
1345 the partner switch does not support LACP, setting this option
1346 to <code>true</code> allows openvswitch to fallback to
1347 active-backup. If the option is set to <code>false</code>, the
1348 bond will be disabled. In both the cases, once the partner switch
1349 is configured to LACP mode, the bond will use LACP.
1354 <group title="Rebalancing Configuration">
1356 These settings control behavior when a bond is in
1357 <code>balance-slb</code> or <code>balance-tcp</code> mode.
1360 <column name="other_config" key="bond-rebalance-interval"
1361 type='{"type": "integer", "minInteger": 0, "maxInteger": 10000}'>
1362 For a load balanced bonded port, the number of milliseconds between
1363 successive attempts to rebalance the bond, that is, to move flows
1364 from one interface on the bond to another in an attempt to keep usage
1365 of each interface roughly equal. If zero, load balancing is disabled
1366 on the bond (link failure still cause flows to move). If
1367 less than 1000ms, the rebalance interval will be 1000ms.
1371 <column name="bond_fake_iface">
1372 For a bonded port, whether to create a fake internal interface with the
1373 name of the port. Use only for compatibility with legacy software that
1378 <group title="Spanning Tree Protocol">
1380 The configuration here is only meaningful, and the status is only
1381 populated, when 802.1D-1998 Spanning Tree Protocol is enabled on the
1382 port's <ref column="Bridge"/> with its <ref column="stp_enable"/>
1386 <group title="STP Configuration">
1387 <column name="other_config" key="stp-enable"
1388 type='{"type": "boolean"}'>
1389 When STP is enabled on a bridge, it is enabled by default on all of
1390 the bridge's ports except bond, internal, and mirror ports (which do
1391 not work with STP). If this column's value is <code>false</code>,
1392 STP is disabled on the port.
1395 <column name="other_config" key="stp-port-num"
1396 type='{"type": "integer", "minInteger": 1, "maxInteger": 255}'>
1397 The port number used for the lower 8 bits of the port-id. By
1398 default, the numbers will be assigned automatically. If any
1399 port's number is manually configured on a bridge, then they
1403 <column name="other_config" key="stp-port-priority"
1404 type='{"type": "integer", "minInteger": 0, "maxInteger": 255}'>
1405 The port's relative priority value for determining the root
1406 port (the upper 8 bits of the port-id). A port with a lower
1407 port-id will be chosen as the root port. By default, the
1411 <column name="other_config" key="stp-path-cost"
1412 type='{"type": "integer", "minInteger": 0, "maxInteger": 65535}'>
1413 Spanning tree path cost for the port. A lower number indicates
1414 a faster link. By default, the cost is based on the maximum
1419 <group title="STP Status">
1420 <column name="status" key="stp_port_id">
1421 The port ID used in spanning tree advertisements for this port, as 4
1422 hex digits. Configuring the port ID is described in the
1423 <code>stp-port-num</code> and <code>stp-port-priority</code> keys of
1424 the <code>other_config</code> section earlier.
1426 <column name="status" key="stp_state"
1427 type='{"type": "string", "enum": ["set",
1428 ["disabled", "listening", "learning",
1429 "forwarding", "blocking"]]}'>
1430 STP state of the port.
1432 <column name="status" key="stp_sec_in_state"
1433 type='{"type": "integer", "minInteger": 0}'>
1434 The amount of time this port has been in the current STP state, in
1437 <column name="status" key="stp_role"
1438 type='{"type": "string", "enum": ["set",
1439 ["root", "designated", "alternate"]]}'>
1440 STP role of the port.
1445 <group title="Rapid Spanning Tree Protocol">
1447 The configuration here is only meaningful, and the status and
1448 statistics are only populated, when 802.1D-1998 Spanning Tree Protocol
1449 is enabled on the port's <ref column="Bridge"/> with its <ref
1450 column="stp_enable"/> column.
1453 <group title="RSTP Configuration">
1454 <column name="other_config" key="rstp-enable"
1455 type='{"type": "boolean"}'>
1456 When RSTP is enabled on a bridge, it is enabled by default on all of
1457 the bridge's ports except bond, internal, and mirror ports (which do
1458 not work with RSTP). If this column's value is <code>false</code>,
1459 RSTP is disabled on the port.
1462 <column name="other_config" key="rstp-port-priority"
1463 type='{"type": "integer", "minInteger": 0, "maxInteger": 240}'>
1464 The port's relative priority value for determining the root port, in
1465 multiples of 16. By default, the port priority is 0x80 (128). Any
1466 value in the lower 4 bits is rounded off. The significant upper 4
1467 bits become the upper 4 bits of the port-id. A port with the lowest
1468 port-id is elected as the root.
1471 <column name="other_config" key="rstp-port-num"
1472 type='{"type": "integer", "minInteger": 1, "maxInteger": 4095}'>
1473 The local RSTP port number, used as the lower 12 bits of the port-id.
1474 By default the port numbers are assigned automatically, and typically
1475 may not correspond to the OpenFlow port numbers. A port with the
1476 lowest port-id is elected as the root.
1479 <column name="other_config" key="rstp-port-path-cost"
1480 type='{"type": "integer"}'>
1481 The port path cost. The Port's contribution, when it is
1482 the Root Port, to the Root Path Cost for the Bridge. By default the
1483 cost is automatically calculated from the port's speed.
1486 <column name="other_config" key="rstp-port-admin-edge"
1487 type='{"type": "boolean"}'>
1488 The admin edge port parameter for the Port. Default is
1492 <column name="other_config" key="rstp-port-auto-edge"
1493 type='{"type": "boolean"}'>
1494 The auto edge port parameter for the Port. Default is
1498 <column name="other_config" key="rstp-port-mcheck"
1499 type='{"type": "boolean"}'>
1501 The mcheck port parameter for the Port. Default is
1502 <code>false</code>. May be set to force the Port Protocol
1503 Migration state machine to transmit RST BPDUs for a
1504 MigrateTime period, to test whether all STP Bridges on the
1505 attached LAN have been removed and the Port can continue to
1506 transmit RSTP BPDUs. Setting mcheck has no effect if the
1507 Bridge is operating in STP Compatibility mode.
1510 Changing the value from <code>true</code> to
1511 <code>false</code> has no effect, but needs to be done if
1512 this behavior is to be triggered again by subsequently
1513 changing the value from <code>false</code> to
1519 <group title="RSTP Status">
1520 <column name="rstp_status" key="rstp_port_id">
1521 The port ID used in spanning tree advertisements for this port, as 4
1522 hex digits. Configuring the port ID is described in the
1523 <code>rstp-port-num</code> and <code>rstp-port-priority</code> keys
1524 of the <code>other_config</code> section earlier.
1526 <column name="rstp_status" key="rstp_port_role"
1527 type='{"type": "string", "enum": ["set",
1528 ["Root", "Designated", "Alternate", "Backup", "Disabled"]]}'>
1529 RSTP role of the port.
1531 <column name="rstp_status" key="rstp_port_state"
1532 type='{"type": "string", "enum": ["set",
1533 ["Disabled", "Learning", "Forwarding", "Discarding"]]}'>
1534 RSTP state of the port.
1536 <column name="rstp_status" key="rstp_designated_bridge_id">
1537 The port's RSTP designated bridge ID, in the same form as <ref
1538 column="rstp_status" key="rstp_bridge_id"/> in the <ref
1539 table="Bridge"/> table.
1541 <column name="rstp_status" key="rstp_designated_port_id">
1542 The port's RSTP designated port ID, as 4 hex digits.
1544 <column name="rstp_status" key="rstp_designated_path_cost"
1545 type='{"type": "integer"}'>
1546 The port's RSTP designated path cost. Lower is better.
1550 <group title="RSTP Statistics">
1551 <column name="rstp_statistics" key="rstp_tx_count">
1552 Number of RSTP BPDUs transmitted through this port.
1554 <column name="rstp_statistics" key="rstp_rx_count">
1555 Number of valid RSTP BPDUs received by this port.
1557 <column name="rstp_statistics" key="rstp_error_count">
1558 Number of invalid RSTP BPDUs received by this port.
1560 <column name="rstp_statistics" key="rstp_uptime">
1561 The duration covered by the other RSTP statistics, in seconds.
1566 <group title="Multicast Snooping">
1567 <column name="other_config" key="mcast-snooping-flood"
1568 type='{"type": "boolean"}'>
1570 If set to <code>true</code>, multicast packets (except Reports) are
1571 unconditionally forwarded to the specific port.
1574 <column name="other_config" key="mcast-snooping-flood-reports"
1575 type='{"type": "boolean"}'>
1577 If set to <code>true</code>, multicast Reports are unconditionally
1578 forwarded to the specific port.
1583 <group title="Other Features">
1585 Quality of Service configuration for this port.
1589 The MAC address to use for this port for the purpose of choosing the
1590 bridge's MAC address. This column does not necessarily reflect the
1591 port's actual MAC address, nor will setting it change the port's actual
1595 <column name="fake_bridge">
1596 Does this port represent a sub-bridge for its tagged VLAN within the
1597 Bridge? See ovs-vsctl(8) for more information.
1600 <column name="external_ids" key="fake-bridge-id-*">
1601 External IDs for a fake bridge (see the <ref column="fake_bridge"/>
1602 column) are defined by prefixing a <ref table="Bridge"/> <ref
1603 table="Bridge" column="external_ids"/> key with
1604 <code>fake-bridge-</code>,
1605 e.g. <code>fake-bridge-xs-network-uuids</code>.
1609 <column name="bond_active_slave">
1610 For a bonded port, record the mac address of the current active slave.
1613 <group title="Port Statistics">
1615 Key-value pairs that report port statistics. The update period
1616 is controlled by <ref column="other_config"
1617 key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
1619 <group title="Statistics: STP transmit and receive counters">
1620 <column name="statistics" key="stp_tx_count">
1621 Number of STP BPDUs sent on this port by the spanning
1624 <column name="statistics" key="stp_rx_count">
1625 Number of STP BPDUs received on this port and accepted by the
1626 spanning tree library.
1628 <column name="statistics" key="stp_error_count">
1629 Number of bad STP BPDUs received on this port. Bad BPDUs
1630 include runt packets and those with an unexpected protocol ID.
1635 <group title="Common Columns">
1636 The overall purpose of these columns is described under <code>Common
1637 Columns</code> at the beginning of this document.
1639 <column name="other_config"/>
1640 <column name="external_ids"/>
1644 <table name="Interface" title="One physical network device in a Port.">
1645 An interface within a <ref table="Port"/>.
1647 <group title="Core Features">
1648 <column name="name">
1649 Interface name. Should be alphanumeric and no more than about 8 bytes
1650 long. May be the same as the port name, for non-bonded ports. Must
1651 otherwise be unique among the names of ports, interfaces, and bridges
1655 <column name="ifindex">
1656 A positive interface index as defined for SNMP MIB-II in RFCs 1213 and
1657 2863, if the interface has one, otherwise 0. The ifindex is useful for
1658 seamless integration with protocols such as SNMP and sFlow.
1661 <column name="mac_in_use">
1662 The MAC address in use by this interface.
1666 <p>Ethernet address to set for this interface. If unset then the
1667 default MAC address is used:</p>
1669 <li>For the local interface, the default is the lowest-numbered MAC
1670 address among the other bridge ports, either the value of the
1671 <ref table="Port" column="mac"/> in its <ref table="Port"/> record,
1672 if set, or its actual MAC (for bonded ports, the MAC of its slave
1673 whose name is first in alphabetical order). Internal ports and
1674 bridge ports that are used as port mirroring destinations (see the
1675 <ref table="Mirror"/> table) are ignored.</li>
1676 <li>For other internal interfaces, the default MAC is randomly
1678 <li>External interfaces typically have a MAC address associated with
1679 their hardware.</li>
1681 <p>Some interfaces may not have a software-controllable MAC
1685 <column name="error">
1686 If the configuration of the port failed, as indicated by -1 in <ref
1687 column="ofport"/>, Open vSwitch sets this column to an error
1688 description in human readable form. Otherwise, Open vSwitch clears
1692 <group title="OpenFlow Port Number">
1694 When a client adds a new interface, Open vSwitch chooses an OpenFlow
1695 port number for the new port. If the client that adds the port fills
1696 in <ref column="ofport_request"/>, then Open vSwitch tries to use its
1697 value as the OpenFlow port number. Otherwise, or if the requested
1698 port number is already in use or cannot be used for another reason,
1699 Open vSwitch automatically assigns a free port number. Regardless of
1700 how the port number was obtained, Open vSwitch then reports in <ref
1701 column="ofport"/> the port number actually assigned.
1705 Open vSwitch limits the port numbers that it automatically assigns to
1706 the range 1 through 32,767, inclusive. Controllers therefore have
1707 free use of ports 32,768 and up.
1710 <column name="ofport">
1712 OpenFlow port number for this interface. Open vSwitch sets this
1713 column's value, so other clients should treat it as read-only.
1716 The OpenFlow ``local'' port (<code>OFPP_LOCAL</code>) is 65,534.
1717 The other valid port numbers are in the range 1 to 65,279,
1718 inclusive. Value -1 indicates an error adding the interface.
1722 <column name="ofport_request"
1723 type='{"type": "integer", "minInteger": 1, "maxInteger": 65279}'>
1725 Requested OpenFlow port number for this interface.
1729 A client should ideally set this column's value in the same
1730 database transaction that it uses to create the interface. Open
1731 vSwitch version 2.1 and later will honor a later request for a
1732 specific port number, althuogh it might confuse some controllers:
1733 OpenFlow does not have a way to announce a port number change, so
1734 Open vSwitch represents it over OpenFlow as a port deletion
1735 followed immediately by a port addition.
1739 If <ref column="ofport_request"/> is set or changed to some other
1740 port's automatically assigned port number, Open vSwitch chooses a
1741 new port number for the latter port.
1747 <group title="System-Specific Details">
1748 <column name="type">
1750 The interface type, one of:
1754 <dt><code>system</code></dt>
1755 <dd>An ordinary network device, e.g. <code>eth0</code> on Linux.
1756 Sometimes referred to as ``external interfaces'' since they are
1757 generally connected to hardware external to that on which the Open
1758 vSwitch is running. The empty string is a synonym for
1759 <code>system</code>.</dd>
1761 <dt><code>internal</code></dt>
1762 <dd>A simulated network device that sends and receives traffic. An
1763 internal interface whose <ref column="name"/> is the same as its
1764 bridge's <ref table="Open_vSwitch" column="name"/> is called the
1765 ``local interface.'' It does not make sense to bond an internal
1766 interface, so the terms ``port'' and ``interface'' are often used
1767 imprecisely for internal interfaces.</dd>
1769 <dt><code>tap</code></dt>
1770 <dd>A TUN/TAP device managed by Open vSwitch.</dd>
1772 <dt><code>geneve</code></dt>
1774 An Ethernet over Geneve (<code>http://tools.ietf.org/html/draft-gross-geneve-00</code>)
1777 Geneve supports options as a means to transport additional metadata,
1778 however, currently only the 24-bit VNI is supported. This is planned
1779 to be extended in the future.
1782 <dt><code>gre</code></dt>
1784 An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4
1788 <dt><code>ipsec_gre</code></dt>
1790 An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4
1794 <dt><code>gre64</code></dt>
1796 It is same as GRE, but it allows 64 bit key. To store higher 32-bits
1797 of key, it uses GRE protocol sequence number field. This is non
1798 standard use of GRE protocol since OVS does not increment
1799 sequence number for every packet at time of encap as expected by
1800 standard GRE implementation. See <ref group="Tunnel Options"/>
1801 for information on configuring GRE tunnels.
1804 <dt><code>ipsec_gre64</code></dt>
1806 Same as IPSEC_GRE except 64 bit key.
1809 <dt><code>vxlan</code></dt>
1812 An Ethernet tunnel over the UDP-based VXLAN protocol described in
1816 Open vSwitch uses UDP destination port 4789. The source port used for
1817 VXLAN traffic varies on a per-flow basis and is in the ephemeral port
1822 <dt><code>lisp</code></dt>
1825 A layer 3 tunnel over the experimental, UDP-based Locator/ID
1826 Separation Protocol (RFC 6830).
1829 Only IPv4 and IPv6 packets are supported by the protocol, and
1830 they are sent and received without an Ethernet header. Traffic
1831 to/from LISP ports is expected to be configured explicitly, and
1832 the ports are not intended to participate in learning based
1833 switching. As such, they are always excluded from packet
1838 <dt><code>patch</code></dt>
1840 A pair of virtual devices that act as a patch cable.
1843 <dt><code>null</code></dt>
1844 <dd>An ignored interface. Deprecated and slated for removal in
1850 <group title="Tunnel Options">
1852 These options apply to interfaces with <ref column="type"/> of
1853 <code>geneve</code>, <code>gre</code>, <code>ipsec_gre</code>,
1854 <code>gre64</code>, <code>ipsec_gre64</code>, <code>vxlan</code>,
1855 and <code>lisp</code>.
1859 Each tunnel must be uniquely identified by the combination of <ref
1860 column="type"/>, <ref column="options" key="remote_ip"/>, <ref
1861 column="options" key="local_ip"/>, and <ref column="options"
1862 key="in_key"/>. If two ports are defined that are the same except one
1863 has an optional identifier and the other does not, the more specific
1864 one is matched first. <ref column="options" key="in_key"/> is
1865 considered more specific than <ref column="options" key="local_ip"/> if
1866 a port defines one and another port defines the other.
1869 <column name="options" key="remote_ip">
1870 <p>Required. The remote tunnel endpoint, one of:</p>
1874 An IPv4 address (not a DNS name), e.g. <code>192.168.0.123</code>.
1875 Only unicast endpoints are supported.
1878 The word <code>flow</code>. The tunnel accepts packets from any
1879 remote tunnel endpoint. To process only packets from a specific
1880 remote tunnel endpoint, the flow entries may match on the
1881 <code>tun_src</code> field. When sending packets to a
1882 <code>remote_ip=flow</code> tunnel, the flow actions must
1883 explicitly set the <code>tun_dst</code> field to the IP address of
1884 the desired remote tunnel endpoint, e.g. with a
1885 <code>set_field</code> action.
1890 The remote tunnel endpoint for any packet received from a tunnel
1891 is available in the <code>tun_src</code> field for matching in the
1896 <column name="options" key="local_ip">
1898 Optional. The tunnel destination IP that received packets must
1899 match. Default is to match all addresses. If specified, may be one
1905 An IPv4 address (not a DNS name), e.g. <code>192.168.12.3</code>.
1908 The word <code>flow</code>. The tunnel accepts packets sent to any
1909 of the local IP addresses of the system running OVS. To process
1910 only packets sent to a specific IP address, the flow entries may
1911 match on the <code>tun_dst</code> field. When sending packets to a
1912 <code>local_ip=flow</code> tunnel, the flow actions may
1913 explicitly set the <code>tun_src</code> field to the desired IP
1914 address, e.g. with a <code>set_field</code> action. However, while
1915 routing the tunneled packet out, the local system may override the
1916 specified address with the local IP address configured for the
1917 outgoing system interface.
1920 This option is valid only for tunnels also configured with the
1921 <code>remote_ip=flow</code> option.
1927 The tunnel destination IP address for any packet received from a
1928 tunnel is available in the <code>tun_dst</code> field for matching in
1933 <column name="options" key="in_key">
1934 <p>Optional. The key that received packets must contain, one of:</p>
1938 <code>0</code>. The tunnel receives packets with no key or with a
1939 key of 0. This is equivalent to specifying no <ref column="options"
1940 key="in_key"/> at all.
1943 A positive 24-bit (for Geneve, VXLAN, and LISP), 32-bit (for GRE)
1944 or 64-bit (for GRE64) number. The tunnel receives only packets
1945 with the specified key.
1948 The word <code>flow</code>. The tunnel accepts packets with any
1949 key. The key will be placed in the <code>tun_id</code> field for
1950 matching in the flow table. The <code>ovs-ofctl</code> manual page
1951 contains additional information about matching fields in OpenFlow
1960 <column name="options" key="out_key">
1961 <p>Optional. The key to be set on outgoing packets, one of:</p>
1965 <code>0</code>. Packets sent through the tunnel will have no key.
1966 This is equivalent to specifying no <ref column="options"
1967 key="out_key"/> at all.
1970 A positive 24-bit (for Geneve, VXLAN and LISP), 32-bit (for GRE) or
1971 64-bit (for GRE64) number. Packets sent through the tunnel will
1972 have the specified key.
1975 The word <code>flow</code>. Packets sent through the tunnel will
1976 have the key set using the <code>set_tunnel</code> Nicira OpenFlow
1977 vendor extension (0 is used in the absence of an action). The
1978 <code>ovs-ofctl</code> manual page contains additional information
1979 about the Nicira OpenFlow vendor extensions.
1984 <column name="options" key="key">
1985 Optional. Shorthand to set <code>in_key</code> and
1986 <code>out_key</code> at the same time.
1989 <column name="options" key="tos">
1990 Optional. The value of the ToS bits to be set on the encapsulating
1991 packet. ToS is interpreted as DSCP and ECN bits, ECN part must be
1992 zero. It may also be the word <code>inherit</code>, in which case
1993 the ToS will be copied from the inner packet if it is IPv4 or IPv6
1994 (otherwise it will be 0). The ECN fields are always inherited.
1998 <column name="options" key="ttl">
1999 Optional. The TTL to be set on the encapsulating packet. It may also
2000 be the word <code>inherit</code>, in which case the TTL will be copied
2001 from the inner packet if it is IPv4 or IPv6 (otherwise it will be the
2002 system default, typically 64). Default is the system default TTL.
2005 <column name="options" key="df_default"
2006 type='{"type": "boolean"}'>
2007 Optional. If enabled, the Don't Fragment bit will be set on tunnel
2008 outer headers to allow path MTU discovery. Default is enabled; set
2009 to <code>false</code> to disable.
2012 <group title="Tunnel Options: vxlan only">
2014 <column name="options" key="exts">
2015 <p>Optional. Comma separated list of optional VXLAN extensions to
2016 enable. The following extensions are supported:</p>
2020 <code>gbp</code>: VXLAN-GBP allows to transport the group policy
2021 context of a packet across the VXLAN tunnel to other network
2022 peers. See the field description of <code>tun_gbp_id</code> and
2023 <code>tun_gbp_flags</code> in ovs-ofctl(8) for additional
2025 (<code>https://tools.ietf.org/html/draft-smith-vxlan-group-policy</code>)
2032 <group title="Tunnel Options: gre and ipsec_gre only">
2034 Only <code>gre</code> and <code>ipsec_gre</code> interfaces support
2038 <column name="options" key="csum" type='{"type": "boolean"}'>
2040 Optional. Compute GRE checksums on outgoing packets. Default is
2041 disabled, set to <code>true</code> to enable. Checksums present on
2042 incoming packets will be validated regardless of this setting.
2046 GRE checksums impose a significant performance penalty because they
2047 cover the entire packet. The encapsulated L3, L4, and L7 packet
2048 contents typically have their own checksums, so this additional
2049 checksum only adds value for the GRE and encapsulated L2 headers.
2053 This option is supported for <code>ipsec_gre</code>, but not useful
2054 because GRE checksums are weaker than, and redundant with, IPsec
2055 payload authentication.
2060 <group title="Tunnel Options: ipsec_gre only">
2062 Only <code>ipsec_gre</code> interfaces support these options.
2065 <column name="options" key="peer_cert">
2066 Required for certificate authentication. A string containing the
2067 peer's certificate in PEM format. Additionally the host's
2068 certificate must be specified with the <code>certificate</code>
2072 <column name="options" key="certificate">
2073 Required for certificate authentication. The name of a PEM file
2074 containing a certificate that will be presented to the peer during
2078 <column name="options" key="private_key">
2079 Optional for certificate authentication. The name of a PEM file
2080 containing the private key associated with <code>certificate</code>.
2081 If <code>certificate</code> contains the private key, this option may
2085 <column name="options" key="psk">
2086 Required for pre-shared key authentication. Specifies a pre-shared
2087 key for authentication that must be identical on both sides of the
2093 <group title="Patch Options">
2095 Only <code>patch</code> interfaces support these options.
2098 <column name="options" key="peer">
2099 The <ref column="name"/> of the <ref table="Interface"/> for the other
2100 side of the patch. The named <ref table="Interface"/>'s own
2101 <code>peer</code> option must specify this <ref table="Interface"/>'s
2102 name. That is, the two patch interfaces must have reversed <ref
2103 column="name"/> and <code>peer</code> values.
2107 <group title="Interface Status">
2109 Status information about interfaces attached to bridges, updated every
2110 5 seconds. Not all interfaces have all of these properties; virtual
2111 interfaces don't have a link speed, for example. Non-applicable
2112 columns will have empty values.
2114 <column name="admin_state">
2116 The administrative state of the physical network link.
2120 <column name="link_state">
2122 The observed state of the physical network link. This is ordinarily
2123 the link's carrier status. If the interface's <ref table="Port"/> is
2124 a bond configured for miimon monitoring, it is instead the network
2125 link's miimon status.
2129 <column name="link_resets">
2131 The number of times Open vSwitch has observed the
2132 <ref column="link_state"/> of this <ref table="Interface"/> change.
2136 <column name="link_speed">
2138 The negotiated speed of the physical network link.
2139 Valid values are positive integers greater than 0.
2143 <column name="duplex">
2145 The duplex mode of the physical network link.
2151 The MTU (maximum transmission unit); i.e. the largest
2152 amount of data that can fit into a single Ethernet frame.
2153 The standard Ethernet MTU is 1500 bytes. Some physical media
2154 and many kinds of virtual interfaces can be configured with
2158 This column will be empty for an interface that does not
2159 have an MTU as, for example, some kinds of tunnels do not.
2163 <column name="lacp_current">
2164 Boolean value indicating LACP status for this interface. If true, this
2165 interface has current LACP information about its LACP partner. This
2166 information may be used to monitor the health of interfaces in a LACP
2167 enabled port. This column will be empty if LACP is not enabled.
2170 <column name="status">
2171 Key-value pairs that report port status. Supported status values are
2172 <ref column="type"/>-dependent; some interfaces may not have a valid
2173 <ref column="status" key="driver_name"/>, for example.
2176 <column name="status" key="driver_name">
2177 The name of the device driver controlling the network adapter.
2180 <column name="status" key="driver_version">
2181 The version string of the device driver controlling the network
2185 <column name="status" key="firmware_version">
2186 The version string of the network adapter's firmware, if available.
2189 <column name="status" key="source_ip">
2190 The source IP address used for an IPv4 tunnel end-point, such as
2194 <column name="status" key="tunnel_egress_iface">
2195 Egress interface for tunnels. Currently only relevant for tunnels
2196 on Linux systems, this column will show the name of the interface
2197 which is responsible for routing traffic destined for the configured
2198 <ref column="options" key="remote_ip"/>. This could be an internal
2199 interface such as a bridge port.
2202 <column name="status" key="tunnel_egress_iface_carrier"
2203 type='{"type": "string", "enum": ["set", ["down", "up"]]}'>
2204 Whether carrier is detected on <ref column="status"
2205 key="tunnel_egress_iface"/>.
2209 <group title="Statistics">
2211 Key-value pairs that report interface statistics. The current
2212 implementation updates these counters periodically. The update period
2213 is controlled by <ref column="other_config"
2214 key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
2215 Future implementations may update them when an interface is created,
2216 when they are queried (e.g. using an OVSDB <code>select</code>
2217 operation), and just before an interface is deleted due to virtual
2218 interface hot-unplug or VM shutdown, and perhaps at other times, but
2219 not on any regular periodic basis.
2222 These are the same statistics reported by OpenFlow in its <code>struct
2223 ofp_port_stats</code> structure. If an interface does not support a
2224 given statistic, then that pair is omitted.
2226 <group title="Statistics: Successful transmit and receive counters">
2227 <column name="statistics" key="rx_packets">
2228 Number of received packets.
2230 <column name="statistics" key="rx_bytes">
2231 Number of received bytes.
2233 <column name="statistics" key="tx_packets">
2234 Number of transmitted packets.
2236 <column name="statistics" key="tx_bytes">
2237 Number of transmitted bytes.
2240 <group title="Statistics: Receive errors">
2241 <column name="statistics" key="rx_dropped">
2242 Number of packets dropped by RX.
2244 <column name="statistics" key="rx_frame_err">
2245 Number of frame alignment errors.
2247 <column name="statistics" key="rx_over_err">
2248 Number of packets with RX overrun.
2250 <column name="statistics" key="rx_crc_err">
2251 Number of CRC errors.
2253 <column name="statistics" key="rx_errors">
2254 Total number of receive errors, greater than or equal to the sum of
2258 <group title="Statistics: Transmit errors">
2259 <column name="statistics" key="tx_dropped">
2260 Number of packets dropped by TX.
2262 <column name="statistics" key="collisions">
2263 Number of collisions.
2265 <column name="statistics" key="tx_errors">
2266 Total number of transmit errors, greater than or equal to the sum of
2272 <group title="Ingress Policing">
2274 These settings control ingress policing for packets received on this
2275 interface. On a physical interface, this limits the rate at which
2276 traffic is allowed into the system from the outside; on a virtual
2277 interface (one connected to a virtual machine), this limits the rate at
2278 which the VM is able to transmit.
2281 Policing is a simple form of quality-of-service that simply drops
2282 packets received in excess of the configured rate. Due to its
2283 simplicity, policing is usually less accurate and less effective than
2284 egress QoS (which is configured using the <ref table="QoS"/> and <ref
2285 table="Queue"/> tables).
2288 Policing is currently implemented only on Linux. The Linux
2289 implementation uses a simple ``token bucket'' approach:
2293 The size of the bucket corresponds to <ref
2294 column="ingress_policing_burst"/>. Initially the bucket is full.
2297 Whenever a packet is received, its size (converted to tokens) is
2298 compared to the number of tokens currently in the bucket. If the
2299 required number of tokens are available, they are removed and the
2300 packet is forwarded. Otherwise, the packet is dropped.
2303 Whenever it is not full, the bucket is refilled with tokens at the
2304 rate specified by <ref column="ingress_policing_rate"/>.
2308 Policing interacts badly with some network protocols, and especially
2309 with fragmented IP packets. Suppose that there is enough network
2310 activity to keep the bucket nearly empty all the time. Then this token
2311 bucket algorithm will forward a single packet every so often, with the
2312 period depending on packet size and on the configured rate. All of the
2313 fragments of an IP packets are normally transmitted back-to-back, as a
2314 group. In such a situation, therefore, only one of these fragments
2315 will be forwarded and the rest will be dropped. IP does not provide
2316 any way for the intended recipient to ask for only the remaining
2317 fragments. In such a case there are two likely possibilities for what
2318 will happen next: either all of the fragments will eventually be
2319 retransmitted (as TCP will do), in which case the same problem will
2320 recur, or the sender will not realize that its packet has been dropped
2321 and data will simply be lost (as some UDP-based protocols will do).
2322 Either way, it is possible that no forward progress will ever occur.
2324 <column name="ingress_policing_rate">
2326 Maximum rate for data received on this interface, in kbps. Data
2327 received faster than this rate is dropped. Set to <code>0</code>
2328 (the default) to disable policing.
2332 <column name="ingress_policing_burst">
2333 <p>Maximum burst size for data received on this interface, in kb. The
2334 default burst size if set to <code>0</code> is 1000 kb. This value
2335 has no effect if <ref column="ingress_policing_rate"/>
2336 is <code>0</code>.</p>
2338 Specifying a larger burst size lets the algorithm be more forgiving,
2339 which is important for protocols like TCP that react severely to
2340 dropped packets. The burst size should be at least the size of the
2341 interface's MTU. Specifying a value that is numerically at least as
2342 large as 10% of <ref column="ingress_policing_rate"/> helps TCP come
2343 closer to achieving the full rate.
2348 <group title="Bidirectional Forwarding Detection (BFD)">
2350 BFD, defined in RFC 5880 and RFC 5881, allows point-to-point
2351 detection of connectivity failures by occasional transmission of
2352 BFD control messages. Open vSwitch implements BFD to serve
2353 as a more popular and standards compliant alternative to CFM.
2357 BFD operates by regularly transmitting BFD control messages at a rate
2358 negotiated independently in each direction. Each endpoint specifies
2359 the rate at which it expects to receive control messages, and the rate
2360 at which it is willing to transmit them. Open vSwitch uses a detection
2361 multiplier of three, meaning that an endpoint signals a connectivity
2362 fault if three consecutive BFD control messages fail to arrive. In the
2363 case of a unidirectional connectivity issue, the system not receiving
2364 BFD control messages signals the problem to its peer in the messages it
2369 The Open vSwitch implementation of BFD aims to comply faithfully
2370 with RFC 5880 requirements. Open vSwitch does not implement the
2371 optional Authentication or ``Echo Mode'' features.
2374 <group title="BFD Configuration">
2376 A controller sets up key-value pairs in the <ref column="bfd"/>
2377 column to enable and configure BFD.
2380 <column name="bfd" key="enable" type='{"type": "boolean"}'>
2381 True to enable BFD on this <ref table="Interface"/>. If not
2382 specified, BFD will not be enabled by default.
2385 <column name="bfd" key="min_rx"
2386 type='{"type": "integer", "minInteger": 1}'>
2387 The shortest interval, in milliseconds, at which this BFD session
2388 offers to receive BFD control messages. The remote endpoint may
2389 choose to send messages at a slower rate. Defaults to
2393 <column name="bfd" key="min_tx"
2394 type='{"type": "integer", "minInteger": 1}'>
2395 The shortest interval, in milliseconds, at which this BFD session is
2396 willing to transmit BFD control messages. Messages will actually be
2397 transmitted at a slower rate if the remote endpoint is not willing to
2398 receive as quickly as specified. Defaults to <code>100</code>.
2401 <column name="bfd" key="decay_min_rx" type='{"type": "integer"}'>
2402 An alternate receive interval, in milliseconds, that must be greater
2403 than or equal to <ref column="bfd" key="min_rx"/>. The
2404 implementation switches from <ref column="bfd" key="min_rx"/> to <ref
2405 column="bfd" key="decay_min_rx"/> when there is no obvious incoming
2406 data traffic at the interface, to reduce the CPU and bandwidth cost
2407 of monitoring an idle interface. This feature may be disabled by
2408 setting a value of 0. This feature is reset whenever <ref
2409 column="bfd" key="decay_min_rx"/> or <ref column="bfd" key="min_rx"/>
2413 <column name="bfd" key="forwarding_if_rx" type='{"type": "boolean"}'>
2414 When <code>true</code>, traffic received on the
2415 <ref table="Interface"/> is used to indicate the capability of packet
2416 I/O. BFD control packets are still transmitted and received. At
2417 least one BFD control packet must be received every 100 * <ref
2418 column="bfd" key="min_rx"/> amount of time. Otherwise, even if
2419 traffic are received, the <ref column="bfd" key="forwarding"/>
2420 will be <code>false</code>.
2423 <column name="bfd" key="cpath_down" type='{"type": "boolean"}'>
2424 Set to true to notify the remote endpoint that traffic should not be
2425 forwarded to this system for some reason other than a connectivty
2426 failure on the interface being monitored. The typical underlying
2427 reason is ``concatenated path down,'' that is, that connectivity
2428 beyond the local system is down. Defaults to false.
2431 <column name="bfd" key="check_tnl_key" type='{"type": "boolean"}'>
2432 Set to true to make BFD accept only control messages with a tunnel
2433 key of zero. By default, BFD accepts control messages with any
2437 <column name="bfd" key="bfd_local_src_mac">
2438 Set to an Ethernet address in the form
2439 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
2440 to set the MAC used as source for transmitted BFD packets. The
2441 default is the mac address of the BFD enabled interface.
2444 <column name="bfd" key="bfd_local_dst_mac">
2445 Set to an Ethernet address in the form
2446 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
2447 to set the MAC used as destination for transmitted BFD packets. The
2448 default is <code>00:23:20:00:00:01</code>.
2451 <column name="bfd" key="bfd_remote_dst_mac">
2452 Set to an Ethernet address in the form
2453 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
2454 to set the MAC used for checking the destination of received BFD packets.
2455 Packets with different destination MAC will not be considered as BFD packets.
2456 If not specified the destination MAC address of received BFD packets
2460 <column name="bfd" key="bfd_src_ip">
2461 Set to an IPv4 address to set the IP address used as source for
2462 transmitted BFD packets. The default is <code>169.254.1.1</code>.
2465 <column name="bfd" key="bfd_dst_ip">
2466 Set to an IPv4 address to set the IP address used as destination
2467 for transmitted BFD packets. The default is <code>169.254.1.0</code>.
2471 <group title="BFD Status">
2473 The switch sets key-value pairs in the <ref column="bfd_status"/>
2474 column to report the status of BFD on this interface. When BFD is
2475 not enabled, with <ref column="bfd" key="enable"/>, the switch clears
2476 all key-value pairs from <ref column="bfd_status"/>.
2479 <column name="bfd_status" key="state"
2480 type='{"type": "string",
2481 "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
2482 Reports the state of the BFD session. The BFD session is fully
2483 healthy and negotiated if <code>UP</code>.
2486 <column name="bfd_status" key="forwarding" type='{"type": "boolean"}'>
2487 Reports whether the BFD session believes this <ref
2488 table="Interface"/> may be used to forward traffic. Typically this
2489 means the local session is signaling <code>UP</code>, and the remote
2490 system isn't signaling a problem such as concatenated path down.
2493 <column name="bfd_status" key="diagnostic">
2494 In case of a problem, set to an error message that reports what the
2495 local BFD session thinks is wrong. The error messages are defined
2496 in section 4.1 of [RFC 5880].
2499 <column name="bfd_status" key="remote_state"
2500 type='{"type": "string",
2501 "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
2502 Reports the state of the remote endpoint's BFD session.
2505 <column name="bfd_status" key="remote_diagnostic">
2506 In case of a problem, set to an error message that reports what the
2507 remote endpoint's BFD session thinks is wrong. The error messages
2508 are defined in section 4.1 of [RFC 5880].
2511 <column name="bfd_status" key="flap_count"
2512 type='{"type": "integer", "minInteger": 0}'>
2513 Counts the number of <ref column="bfd_status" key="forwarding" />
2514 flaps since start. A flap is considered as a change of the
2515 <ref column="bfd_status" key="forwarding" /> value.
2520 <group title="Connectivity Fault Management">
2522 802.1ag Connectivity Fault Management (CFM) allows a group of
2523 Maintenance Points (MPs) called a Maintenance Association (MA) to
2524 detect connectivity problems with each other. MPs within a MA should
2525 have complete and exclusive interconnectivity. This is verified by
2526 occasionally broadcasting Continuity Check Messages (CCMs) at a
2527 configurable transmission interval.
2531 According to the 802.1ag specification, each Maintenance Point should
2532 be configured out-of-band with a list of Remote Maintenance Points it
2533 should have connectivity to. Open vSwitch differs from the
2534 specification in this area. It simply assumes the link is faulted if
2535 no Remote Maintenance Points are reachable, and considers it not
2540 When operating over tunnels which have no <code>in_key</code>, or an
2541 <code>in_key</code> of <code>flow</code>. CFM will only accept CCMs
2542 with a tunnel key of zero.
2545 <column name="cfm_mpid">
2547 A Maintenance Point ID (MPID) uniquely identifies each endpoint
2548 within a Maintenance Association. The MPID is used to identify this
2549 endpoint to other Maintenance Points in the MA. Each end of a link
2550 being monitored should have a different MPID. Must be configured to
2551 enable CFM on this <ref table="Interface"/>.
2554 According to the 802.1ag specification, MPIDs can only range between
2555 [1, 8191]. However, extended mode (see <ref column="other_config"
2556 key="cfm_extended"/>) supports eight byte MPIDs.
2560 <column name="cfm_flap_count">
2561 Counts the number of cfm fault flapps since boot. A flap is
2562 considered to be a change of the <ref column="cfm_fault"/> value.
2565 <column name="cfm_fault">
2567 Indicates a connectivity fault triggered by an inability to receive
2568 heartbeats from any remote endpoint. When a fault is triggered on
2569 <ref table="Interface"/>s participating in bonds, they will be
2573 Faults can be triggered for several reasons. Most importantly they
2574 are triggered when no CCMs are received for a period of 3.5 times the
2575 transmission interval. Faults are also triggered when any CCMs
2576 indicate that a Remote Maintenance Point is not receiving CCMs but
2577 able to send them. Finally, a fault is triggered if a CCM is
2578 received which indicates unexpected configuration. Notably, this
2579 case arises when a CCM is received which advertises the local MPID.
2583 <column name="cfm_fault_status" key="recv">
2584 Indicates a CFM fault was triggered due to a lack of CCMs received on
2585 the <ref table="Interface"/>.
2588 <column name="cfm_fault_status" key="rdi">
2589 Indicates a CFM fault was triggered due to the reception of a CCM with
2590 the RDI bit flagged. Endpoints set the RDI bit in their CCMs when they
2591 are not receiving CCMs themselves. This typically indicates a
2592 unidirectional connectivity failure.
2595 <column name="cfm_fault_status" key="maid">
2596 Indicates a CFM fault was triggered due to the reception of a CCM with
2597 a MAID other than the one Open vSwitch uses. CFM broadcasts are tagged
2598 with an identification number in addition to the MPID called the MAID.
2599 Open vSwitch only supports receiving CCM broadcasts tagged with the
2600 MAID it uses internally.
2603 <column name="cfm_fault_status" key="loopback">
2604 Indicates a CFM fault was triggered due to the reception of a CCM
2605 advertising the same MPID configured in the <ref column="cfm_mpid"/>
2606 column of this <ref table="Interface"/>. This may indicate a loop in
2610 <column name="cfm_fault_status" key="overflow">
2611 Indicates a CFM fault was triggered because the CFM module received
2612 CCMs from more remote endpoints than it can keep track of.
2615 <column name="cfm_fault_status" key="override">
2616 Indicates a CFM fault was manually triggered by an administrator using
2617 an <code>ovs-appctl</code> command.
2620 <column name="cfm_fault_status" key="interval">
2621 Indicates a CFM fault was triggered due to the reception of a CCM
2622 frame having an invalid interval.
2625 <column name="cfm_remote_opstate">
2626 <p>When in extended mode, indicates the operational state of the
2627 remote endpoint as either <code>up</code> or <code>down</code>. See
2628 <ref column="other_config" key="cfm_opstate"/>.
2632 <column name="cfm_health">
2634 Indicates the health of the interface as a percentage of CCM frames
2635 received over 21 <ref column="other_config" key="cfm_interval"/>s.
2636 The health of an interface is undefined if it is communicating with
2637 more than one <ref column="cfm_remote_mpids"/>. It reduces if
2638 healthy heartbeats are not received at the expected rate, and
2639 gradually improves as healthy heartbeats are received at the desired
2640 rate. Every 21 <ref column="other_config" key="cfm_interval"/>s, the
2641 health of the interface is refreshed.
2644 As mentioned above, the faults can be triggered for several reasons.
2645 The link health will deteriorate even if heartbeats are received but
2646 they are reported to be unhealthy. An unhealthy heartbeat in this
2647 context is a heartbeat for which either some fault is set or is out
2648 of sequence. The interface health can be 100 only on receiving
2649 healthy heartbeats at the desired rate.
2653 <column name="cfm_remote_mpids">
2654 When CFM is properly configured, Open vSwitch will occasionally
2655 receive CCM broadcasts. These broadcasts contain the MPID of the
2656 sending Maintenance Point. The list of MPIDs from which this
2657 <ref table="Interface"/> is receiving broadcasts from is regularly
2658 collected and written to this column.
2661 <column name="other_config" key="cfm_interval"
2662 type='{"type": "integer"}'>
2664 The interval, in milliseconds, between transmissions of CFM
2665 heartbeats. Three missed heartbeat receptions indicate a
2670 In standard operation only intervals of 3, 10, 100, 1,000, 10,000,
2671 60,000, or 600,000 ms are supported. Other values will be rounded
2672 down to the nearest value on the list. Extended mode (see <ref
2673 column="other_config" key="cfm_extended"/>) supports any interval up
2674 to 65,535 ms. In either mode, the default is 1000 ms.
2677 <p>We do not recommend using intervals less than 100 ms.</p>
2680 <column name="other_config" key="cfm_extended"
2681 type='{"type": "boolean"}'>
2682 When <code>true</code>, the CFM module operates in extended mode. This
2683 causes it to use a nonstandard destination address to avoid conflicting
2684 with compliant implementations which may be running concurrently on the
2685 network. Furthermore, extended mode increases the accuracy of the
2686 <code>cfm_interval</code> configuration parameter by breaking wire
2687 compatibility with 802.1ag compliant implementations. And extended
2688 mode allows eight byte MPIDs. Defaults to <code>false</code>.
2691 <column name="other_config" key="cfm_demand" type='{"type": "boolean"}'>
2693 When <code>true</code>, and
2694 <ref column="other_config" key="cfm_extended"/> is true, the CFM
2695 module operates in demand mode. When in demand mode, traffic
2696 received on the <ref table="Interface"/> is used to indicate
2697 liveness. CCMs are still transmitted and received. At least one
2698 CCM must be received every 100 * <ref column="other_config"
2699 key="cfm_interval"/> amount of time. Otherwise, even if traffic
2700 are received, the CFM module will raise the connectivity fault.
2704 Demand mode has a couple of caveats:
2707 To ensure that ovs-vswitchd has enough time to pull statistics
2708 from the datapath, the fault detection interval is set to
2709 3.5 * MAX(<ref column="other_config" key="cfm_interval"/>, 500)
2714 To avoid ambiguity, demand mode disables itself when there are
2715 multiple remote maintenance points.
2719 If the <ref table="Interface"/> is heavily congested, CCMs
2720 containing the <ref column="other_config" key="cfm_opstate"/>
2721 status may be dropped causing changes in the operational state to
2722 be delayed. Similarly, if CCMs containing the RDI bit are not
2723 received, unidirectional link failures may not be detected.
2729 <column name="other_config" key="cfm_opstate"
2730 type='{"type": "string", "enum": ["set", ["down", "up"]]}'>
2731 When <code>down</code>, the CFM module marks all CCMs it generates as
2732 operationally down without triggering a fault. This allows remote
2733 maintenance points to choose not to forward traffic to the
2734 <ref table="Interface"/> on which this CFM module is running.
2735 Currently, in Open vSwitch, the opdown bit of CCMs affects
2736 <ref table="Interface"/>s participating in bonds, and the bundle
2737 OpenFlow action. This setting is ignored when CFM is not in extended
2738 mode. Defaults to <code>up</code>.
2741 <column name="other_config" key="cfm_ccm_vlan"
2742 type='{"type": "integer", "minInteger": 1, "maxInteger": 4095}'>
2743 When set, the CFM module will apply a VLAN tag to all CCMs it generates
2744 with the given value. May be the string <code>random</code> in which
2745 case each CCM will be tagged with a different randomly generated VLAN.
2748 <column name="other_config" key="cfm_ccm_pcp"
2749 type='{"type": "integer", "minInteger": 1, "maxInteger": 7}'>
2750 When set, the CFM module will apply a VLAN tag to all CCMs it generates
2751 with the given PCP value, the VLAN ID of the tag is governed by the
2752 value of <ref column="other_config" key="cfm_ccm_vlan"/>. If
2753 <ref column="other_config" key="cfm_ccm_vlan"/> is unset, a VLAN ID of
2759 <group title="Bonding Configuration">
2760 <column name="other_config" key="lacp-port-id"
2761 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
2762 The LACP port ID of this <ref table="Interface"/>. Port IDs are
2763 used in LACP negotiations to identify individual ports
2764 participating in a bond.
2767 <column name="other_config" key="lacp-port-priority"
2768 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
2769 The LACP port priority of this <ref table="Interface"/>. In LACP
2770 negotiations <ref table="Interface"/>s with numerically lower
2771 priorities are preferred for aggregation.
2774 <column name="other_config" key="lacp-aggregation-key"
2775 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
2776 The LACP aggregation key of this <ref table="Interface"/>. <ref
2777 table="Interface"/>s with different aggregation keys may not be active
2778 within a given <ref table="Port"/> at the same time.
2782 <group title="Virtual Machine Identifiers">
2784 These key-value pairs specifically apply to an interface that
2785 represents a virtual Ethernet interface connected to a virtual
2786 machine. These key-value pairs should not be present for other types
2787 of interfaces. Keys whose names end in <code>-uuid</code> have
2788 values that uniquely identify the entity in question. For a Citrix
2789 XenServer hypervisor, these values are UUIDs in RFC 4122 format.
2790 Other hypervisors may use other formats.
2793 <column name="external_ids" key="attached-mac">
2794 The MAC address programmed into the ``virtual hardware'' for this
2795 interface, in the form
2796 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
2797 For Citrix XenServer, this is the value of the <code>MAC</code> field
2798 in the VIF record for this interface.
2801 <column name="external_ids" key="iface-id">
2802 A system-unique identifier for the interface. On XenServer, this will
2803 commonly be the same as <ref column="external_ids" key="xs-vif-uuid"/>.
2806 <column name="external_ids" key="iface-status"
2807 type='{"type": "string",
2808 "enum": ["set", ["active", "inactive"]]}'>
2810 Hypervisors may sometimes have more than one interface associated
2811 with a given <ref column="external_ids" key="iface-id"/>, only one of
2812 which is actually in use at a given time. For example, in some
2813 circumstances XenServer has both a ``tap'' and a ``vif'' interface
2814 for a single <ref column="external_ids" key="iface-id"/>, but only
2815 uses one of them at a time. A hypervisor that behaves this way must
2816 mark the currently in use interface <code>active</code> and the
2817 others <code>inactive</code>. A hypervisor that never has more than
2818 one interface for a given <ref column="external_ids" key="iface-id"/>
2819 may mark that interface <code>active</code> or omit <ref
2820 column="external_ids" key="iface-status"/> entirely.
2824 During VM migration, a given <ref column="external_ids"
2825 key="iface-id"/> might transiently be marked <code>active</code> on
2826 two different hypervisors. That is, <code>active</code> means that
2827 this <ref column="external_ids" key="iface-id"/> is the active
2828 instance within a single hypervisor, not in a broader scope.
2829 There is one exception: some hypervisors support ``migration'' from a
2830 given hypervisor to itself (most often for test purposes). During
2831 such a ``migration,'' two instances of a single <ref
2832 column="external_ids" key="iface-id"/> might both be briefly marked
2833 <code>active</code> on a single hypervisor.
2837 <column name="external_ids" key="xs-vif-uuid">
2838 The virtual interface associated with this interface.
2841 <column name="external_ids" key="xs-network-uuid">
2842 The virtual network to which this interface is attached.
2845 <column name="external_ids" key="vm-id">
2846 The VM to which this interface belongs. On XenServer, this will be the
2847 same as <ref column="external_ids" key="xs-vm-uuid"/>.
2850 <column name="external_ids" key="xs-vm-uuid">
2851 The VM to which this interface belongs.
2855 <group title="VLAN Splinters">
2857 The ``VLAN splinters'' feature increases Open vSwitch compatibility
2858 with buggy network drivers in old versions of Linux that do not
2859 properly support VLANs when VLAN devices are not used, at some cost
2860 in memory and performance.
2864 When VLAN splinters are enabled on a particular interface, Open vSwitch
2865 creates a VLAN device for each in-use VLAN. For sending traffic tagged
2866 with a VLAN on the interface, it substitutes the VLAN device. Traffic
2867 received on the VLAN device is treated as if it had been received on
2868 the interface on the particular VLAN.
2872 VLAN splinters consider a VLAN to be in use if:
2877 The VLAN is the <ref table="Port" column="tag"/> value in any <ref
2878 table="Port"/> record.
2882 The VLAN is listed within the <ref table="Port" column="trunks"/>
2883 column of the <ref table="Port"/> record of an interface on which
2884 VLAN splinters are enabled.
2886 An empty <ref table="Port" column="trunks"/> does not influence the
2887 in-use VLANs: creating 4,096 VLAN devices is impractical because it
2888 will exceed the current 1,024 port per datapath limit.
2892 An OpenFlow flow within any bridge matches the VLAN.
2897 The same set of in-use VLANs applies to every interface on which VLAN
2898 splinters are enabled. That is, the set is not chosen separately for
2899 each interface but selected once as the union of all in-use VLANs based
2904 It does not make sense to enable VLAN splinters on an interface for an
2905 access port, or on an interface that is not a physical port.
2909 VLAN splinters are deprecated. When broken device drivers are no
2910 longer in widespread use, we will delete this feature.
2913 <column name="other_config" key="enable-vlan-splinters"
2914 type='{"type": "boolean"}'>
2916 Set to <code>true</code> to enable VLAN splinters on this interface.
2917 Defaults to <code>false</code>.
2921 VLAN splinters increase kernel and userspace memory overhead, so do
2922 not use them unless they are needed.
2926 VLAN splinters do not support 802.1p priority tags. Received
2927 priorities will appear to be 0, regardless of their actual values,
2928 and priorities on transmitted packets will also be cleared to 0.
2933 <group title="Auto Attach Configuration">
2935 Auto Attach configuration for a particular interface.
2938 <column name="lldp" key="enable" type='{"type": "boolean"}'>
2939 True to enable LLDP on this <ref table="Interface"/>. If not
2940 specified, LLDP will be disabled by default.
2944 <group title="Common Columns">
2945 The overall purpose of these columns is described under <code>Common
2946 Columns</code> at the beginning of this document.
2948 <column name="other_config"/>
2949 <column name="external_ids"/>
2953 <table name="Flow_Table" title="OpenFlow table configuration">
2954 <p>Configuration for a particular OpenFlow table.</p>
2956 <column name="name">
2957 The table's name. Set this column to change the name that controllers
2958 will receive when they request table statistics, e.g. <code>ovs-ofctl
2959 dump-tables</code>. The name does not affect switch behavior.
2962 <column name="flow_limit">
2963 If set, limits the number of flows that may be added to the table. Open
2964 vSwitch may limit the number of flows in a table for other reasons,
2965 e.g. due to hardware limitations or for resource availability or
2966 performance reasons.
2969 <column name="overflow_policy">
2971 Controls the switch's behavior when an OpenFlow flow table modification
2972 request would add flows in excess of <ref column="flow_limit"/>. The
2973 supported values are:
2977 <dt><code>refuse</code></dt>
2979 Refuse to add the flow or flows. This is also the default policy
2980 when <ref column="overflow_policy"/> is unset.
2983 <dt><code>evict</code></dt>
2985 Delete the flow that will expire soonest. See <ref column="groups"/>
2991 <column name="groups">
2993 When <ref column="overflow_policy"/> is <code>evict</code>, this
2994 controls how flows are chosen for eviction when the flow table would
2995 otherwise exceed <ref column="flow_limit"/> flows. Its value is a set
2996 of NXM fields or sub-fields, each of which takes one of the forms
2997 <code><var>field</var>[]</code> or
2998 <code><var>field</var>[<var>start</var>..<var>end</var>]</code>,
2999 e.g. <code>NXM_OF_IN_PORT[]</code>. Please see
3000 <code>nicira-ext.h</code> for a complete list of NXM field names.
3004 When a flow must be evicted due to overflow, the flow to evict is
3005 chosen through an approximation of the following algorithm:
3010 Divide the flows in the table into groups based on the values of the
3011 specified fields or subfields, so that all of the flows in a given
3012 group have the same values for those fields. If a flow does not
3013 specify a given field, that field's value is treated as 0.
3017 Consider the flows in the largest group, that is, the group that
3018 contains the greatest number of flows. If two or more groups all
3019 have the same largest number of flows, consider the flows in all of
3024 Among the flows under consideration, choose the flow that expires
3025 soonest for eviction.
3030 The eviction process only considers flows that have an idle timeout or
3031 a hard timeout. That is, eviction never deletes permanent flows.
3032 (Permanent flows do count against <ref column="flow_limit"/>.)
3036 Open vSwitch ignores any invalid or unknown field specifications.
3040 When <ref column="overflow_policy"/> is not <code>evict</code>, this
3041 column has no effect.
3045 <column name="prefixes">
3047 This string set specifies which fields should be used for
3048 address prefix tracking. Prefix tracking allows the
3049 classifier to skip rules with longer than necessary prefixes,
3050 resulting in better wildcarding for datapath flows.
3053 Prefix tracking may be beneficial when a flow table contains
3054 matches on IP address fields with different prefix lengths.
3055 For example, when a flow table contains IP address matches on
3056 both full addresses and proper prefixes, the full address
3057 matches will typically cause the datapath flow to un-wildcard
3058 the whole address field (depending on flow entry priorities).
3059 In this case each packet with a different address gets handed
3060 to the userspace for flow processing and generates its own
3061 datapath flow. With prefix tracking enabled for the address
3062 field in question packets with addresses matching shorter
3063 prefixes would generate datapath flows where the irrelevant
3064 address bits are wildcarded, allowing the same datapath flow
3065 to handle all the packets within the prefix in question. In
3066 this case many userspace upcalls can be avoided and the
3067 overall performance can be better.
3070 This is a performance optimization only, so packets will
3071 receive the same treatment with or without prefix tracking.
3074 The supported fields are: <code>tun_id</code>,
3075 <code>tun_src</code>, <code>tun_dst</code>,
3076 <code>nw_src</code>, <code>nw_dst</code> (or aliases
3077 <code>ip_src</code> and <code>ip_dst</code>),
3078 <code>ipv6_src</code>, and <code>ipv6_dst</code>. (Using this
3079 feature for <code>tun_id</code> would only make sense if the
3080 tunnel IDs have prefix structure similar to IP addresses.)
3084 By default, the <code>prefixes=ip_dst,ip_src</code> are used
3085 on each flow table. This instructs the flow classifier to
3086 track the IP destination and source addresses used by the
3087 rules in this specific flow table.
3091 The keyword <code>none</code> is recognized as an explicit
3092 override of the default values, causing no prefix fields to be
3097 To set the prefix fields, the flow table record needs to
3102 <dt><code>ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create Flow_Table name=table0</code></dt>
3104 Creates a flow table record for the OpenFlow table number 0.
3107 <dt><code>ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src</code></dt>
3109 Enables prefix tracking for IP source and destination
3115 There is a maximum number of fields that can be enabled for any
3116 one flow table. Currently this limit is 3.
3120 <group title="Common Columns">
3121 The overall purpose of these columns is described under <code>Common
3122 Columns</code> at the beginning of this document.
3124 <column name="external_ids"/>
3128 <table name="QoS" title="Quality of Service configuration">
3129 <p>Quality of Service (QoS) configuration for each Port that
3132 <column name="type">
3133 <p>The type of QoS to implement. The currently defined types are
3136 <dt><code>linux-htb</code></dt>
3138 Linux ``hierarchy token bucket'' classifier. See tc-htb(8) (also at
3139 <code>http://linux.die.net/man/8/tc-htb</code>) and the HTB manual
3140 (<code>http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm</code>)
3141 for information on how this classifier works and how to configure it.
3145 <dt><code>linux-hfsc</code></dt>
3147 Linux "Hierarchical Fair Service Curve" classifier.
3148 See <code>http://linux-ip.net/articles/hfsc.en/</code> for
3149 information on how this classifier works.
3154 <column name="queues">
3155 <p>A map from queue numbers to <ref table="Queue"/> records. The
3156 supported range of queue numbers depend on <ref column="type"/>. The
3157 queue numbers are the same as the <code>queue_id</code> used in
3158 OpenFlow in <code>struct ofp_action_enqueue</code> and other
3162 Queue 0 is the ``default queue.'' It is used by OpenFlow output
3163 actions when no specific queue has been set. When no configuration for
3164 queue 0 is present, it is automatically configured as if a <ref
3165 table="Queue"/> record with empty <ref table="Queue" column="dscp"/>
3166 and <ref table="Queue" column="other_config"/> columns had been
3168 (Before version 1.6, Open vSwitch would leave queue 0 unconfigured in
3169 this case. With some queuing disciplines, this dropped all packets
3170 destined for the default queue.)
3174 <group title="Configuration for linux-htb and linux-hfsc">
3176 The <code>linux-htb</code> and <code>linux-hfsc</code> classes support
3177 the following key-value pair:
3180 <column name="other_config" key="max-rate" type='{"type": "integer"}'>
3181 Maximum rate shared by all queued traffic, in bit/s. Optional. If not
3182 specified, for physical interfaces, the default is the link rate. For
3183 other interfaces or if the link rate cannot be determined, the default
3184 is currently 100 Mbps.
3188 <group title="Common Columns">
3189 The overall purpose of these columns is described under <code>Common
3190 Columns</code> at the beginning of this document.
3192 <column name="other_config"/>
3193 <column name="external_ids"/>
3197 <table name="Queue" title="QoS output queue.">
3198 <p>A configuration for a port output queue, used in configuring Quality of
3199 Service (QoS) features. May be referenced by <ref column="queues"
3200 table="QoS"/> column in <ref table="QoS"/> table.</p>
3202 <column name="dscp">
3203 If set, Open vSwitch will mark all traffic egressing this
3204 <ref table="Queue"/> with the given DSCP bits. Traffic egressing the
3205 default <ref table="Queue"/> is only marked if it was explicitly selected
3206 as the <ref table="Queue"/> at the time the packet was output. If unset,
3207 the DSCP bits of traffic egressing this <ref table="Queue"/> will remain
3211 <group title="Configuration for linux-htb QoS">
3213 <ref table="QoS"/> <ref table="QoS" column="type"/>
3214 <code>linux-htb</code> may use <code>queue_id</code>s less than 61440.
3215 It has the following key-value pairs defined.
3218 <column name="other_config" key="min-rate"
3219 type='{"type": "integer", "minInteger": 1}'>
3220 Minimum guaranteed bandwidth, in bit/s.
3223 <column name="other_config" key="max-rate"
3224 type='{"type": "integer", "minInteger": 1}'>
3225 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
3226 queue's rate will not be allowed to exceed the specified value, even
3227 if excess bandwidth is available. If unspecified, defaults to no
3231 <column name="other_config" key="burst"
3232 type='{"type": "integer", "minInteger": 1}'>
3233 Burst size, in bits. This is the maximum amount of ``credits'' that a
3234 queue can accumulate while it is idle. Optional. Details of the
3235 <code>linux-htb</code> implementation require a minimum burst size, so
3236 a too-small <code>burst</code> will be silently ignored.
3239 <column name="other_config" key="priority"
3240 type='{"type": "integer", "minInteger": 0, "maxInteger": 4294967295}'>
3241 A queue with a smaller <code>priority</code> will receive all the
3242 excess bandwidth that it can use before a queue with a larger value
3243 receives any. Specific priority values are unimportant; only relative
3244 ordering matters. Defaults to 0 if unspecified.
3248 <group title="Configuration for linux-hfsc QoS">
3250 <ref table="QoS"/> <ref table="QoS" column="type"/>
3251 <code>linux-hfsc</code> may use <code>queue_id</code>s less than 61440.
3252 It has the following key-value pairs defined.
3255 <column name="other_config" key="min-rate"
3256 type='{"type": "integer", "minInteger": 1}'>
3257 Minimum guaranteed bandwidth, in bit/s.
3260 <column name="other_config" key="max-rate"
3261 type='{"type": "integer", "minInteger": 1}'>
3262 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
3263 queue's rate will not be allowed to exceed the specified value, even if
3264 excess bandwidth is available. If unspecified, defaults to no
3269 <group title="Common Columns">
3270 The overall purpose of these columns is described under <code>Common
3271 Columns</code> at the beginning of this document.
3273 <column name="other_config"/>
3274 <column name="external_ids"/>
3278 <table name="Mirror" title="Port mirroring.">
3279 <p>A port mirror within a <ref table="Bridge"/>.</p>
3280 <p>A port mirror configures a bridge to send selected frames to special
3281 ``mirrored'' ports, in addition to their normal destinations. Mirroring
3282 traffic may also be referred to as SPAN or RSPAN, depending on how
3283 the mirrored traffic is sent.</p>
3285 <column name="name">
3286 Arbitrary identifier for the <ref table="Mirror"/>.
3289 <group title="Selecting Packets for Mirroring">
3291 To be selected for mirroring, a given packet must enter or leave the
3292 bridge through a selected port and it must also be in one of the
3296 <column name="select_all">
3297 If true, every packet arriving or departing on any port is
3298 selected for mirroring.
3301 <column name="select_dst_port">
3302 Ports on which departing packets are selected for mirroring.
3305 <column name="select_src_port">
3306 Ports on which arriving packets are selected for mirroring.
3309 <column name="select_vlan">
3310 VLANs on which packets are selected for mirroring. An empty set
3311 selects packets on all VLANs.
3315 <group title="Mirroring Destination Configuration">
3317 These columns are mutually exclusive. Exactly one of them must be
3321 <column name="output_port">
3322 <p>Output port for selected packets, if nonempty.</p>
3323 <p>Specifying a port for mirror output reserves that port exclusively
3324 for mirroring. No frames other than those selected for mirroring
3326 will be forwarded to the port, and any frames received on the port
3327 will be discarded.</p>
3329 The output port may be any kind of port supported by Open vSwitch.
3330 It may be, for example, a physical port (sometimes called SPAN) or a
3335 <column name="output_vlan">
3336 <p>Output VLAN for selected packets, if nonempty.</p>
3337 <p>The frames will be sent out all ports that trunk
3338 <ref column="output_vlan"/>, as well as any ports with implicit VLAN
3339 <ref column="output_vlan"/>. When a mirrored frame is sent out a
3340 trunk port, the frame's VLAN tag will be set to
3341 <ref column="output_vlan"/>, replacing any existing tag; when it is
3342 sent out an implicit VLAN port, the frame will not be tagged. This
3343 type of mirroring is sometimes called RSPAN.</p>
3345 See the documentation for
3346 <ref column="other_config" key="forward-bpdu"/> in the
3347 <ref table="Interface"/> table for a list of destination MAC
3348 addresses which will not be mirrored to a VLAN to avoid confusing
3349 switches that interpret the protocols that they represent.
3351 <p><em>Please note:</em> Mirroring to a VLAN can disrupt a network that
3352 contains unmanaged switches. Consider an unmanaged physical switch
3353 with two ports: port 1, connected to an end host, and port 2,
3354 connected to an Open vSwitch configured to mirror received packets
3355 into VLAN 123 on port 2. Suppose that the end host sends a packet on
3356 port 1 that the physical switch forwards to port 2. The Open vSwitch
3357 forwards this packet to its destination and then reflects it back on
3358 port 2 in VLAN 123. This reflected packet causes the unmanaged
3359 physical switch to replace the MAC learning table entry, which
3360 correctly pointed to port 1, with one that incorrectly points to port
3361 2. Afterward, the physical switch will direct packets destined for
3362 the end host to the Open vSwitch on port 2, instead of to the end
3363 host on port 1, disrupting connectivity. If mirroring to a VLAN is
3364 desired in this scenario, then the physical switch must be replaced
3365 by one that learns Ethernet addresses on a per-VLAN basis. In
3366 addition, learning should be disabled on the VLAN containing mirrored
3367 traffic. If this is not done then intermediate switches will learn
3368 the MAC address of each end host from the mirrored traffic. If
3369 packets being sent to that end host are also mirrored, then they will
3370 be dropped since the switch will attempt to send them out the input
3371 port. Disabling learning for the VLAN will cause the switch to
3372 correctly send the packet out all ports configured for that VLAN. If
3373 Open vSwitch is being used as an intermediate switch, learning can be
3374 disabled by adding the mirrored VLAN to <ref column="flood_vlans"/>
3375 in the appropriate <ref table="Bridge"/> table or tables.</p>
3377 Mirroring to a GRE tunnel has fewer caveats than mirroring to a
3378 VLAN and should generally be preferred.
3383 <group title="Statistics: Mirror counters">
3385 Key-value pairs that report mirror statistics. The update period
3386 is controlled by <ref column="other_config"
3387 key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
3389 <column name="statistics" key="tx_packets">
3390 Number of packets transmitted through this mirror.
3392 <column name="statistics" key="tx_bytes">
3393 Number of bytes transmitted through this mirror.
3397 <group title="Common Columns">
3398 The overall purpose of these columns is described under <code>Common
3399 Columns</code> at the beginning of this document.
3401 <column name="external_ids"/>
3405 <table name="Controller" title="OpenFlow controller configuration.">
3406 <p>An OpenFlow controller.</p>
3409 Open vSwitch supports two kinds of OpenFlow controllers:
3413 <dt>Primary controllers</dt>
3416 This is the kind of controller envisioned by the OpenFlow 1.0
3417 specification. Usually, a primary controller implements a network
3418 policy by taking charge of the switch's flow table.
3422 Open vSwitch initiates and maintains persistent connections to
3423 primary controllers, retrying the connection each time it fails or
3424 drops. The <ref table="Bridge" column="fail_mode"/> column in the
3425 <ref table="Bridge"/> table applies to primary controllers.
3429 Open vSwitch permits a bridge to have any number of primary
3430 controllers. When multiple controllers are configured, Open
3431 vSwitch connects to all of them simultaneously. Because
3432 OpenFlow 1.0 does not specify how multiple controllers
3433 coordinate in interacting with a single switch, more than
3434 one primary controller should be specified only if the
3435 controllers are themselves designed to coordinate with each
3436 other. (The Nicira-defined <code>NXT_ROLE</code> OpenFlow
3437 vendor extension may be useful for this.)
3440 <dt>Service controllers</dt>
3443 These kinds of OpenFlow controller connections are intended for
3444 occasional support and maintenance use, e.g. with
3445 <code>ovs-ofctl</code>. Usually a service controller connects only
3446 briefly to inspect or modify some of a switch's state.
3450 Open vSwitch listens for incoming connections from service
3451 controllers. The service controllers initiate and, if necessary,
3452 maintain the connections from their end. The <ref table="Bridge"
3453 column="fail_mode"/> column in the <ref table="Bridge"/> table does
3454 not apply to service controllers.
3458 Open vSwitch supports configuring any number of service controllers.
3464 The <ref column="target"/> determines the type of controller.
3467 <group title="Core Features">
3468 <column name="target">
3469 <p>Connection method for controller.</p>
3471 The following connection methods are currently supported for primary
3475 <dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
3477 <p>The specified SSL <var>port</var> on the host at the
3478 given <var>ip</var>, which must be expressed as an IP
3479 address (not a DNS name). The <ref table="Open_vSwitch"
3480 column="ssl"/> column in the <ref table="Open_vSwitch"/>
3481 table must point to a valid SSL configuration when this form
3483 <p>If <var>port</var> is not specified, it currently
3484 defaults to 6633. In the future, the default will change to
3485 6653, which is the IANA-defined value.</p>
3486 <p>SSL support is an optional feature that is not always built as
3487 part of Open vSwitch.</p>
3489 <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
3492 The specified TCP <var>port</var> on the host at the given
3493 <var>ip</var>, which must be expressed as an IP address (not a
3494 DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
3495 <var>ip</var> is an IPv6 address, wrap it in square brackets,
3496 e.g. <code>tcp:[::1]:6632</code>.
3499 If <var>port</var> is not specified, it currently defaults to
3500 6633. In the future, the default will change to 6653, which is
3501 the IANA-defined value.
3506 The following connection methods are currently supported for service
3510 <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
3513 Listens for SSL connections on the specified TCP <var>port</var>.
3514 If <var>ip</var>, which must be expressed as an IP address (not a
3515 DNS name), is specified, then connections are restricted to the
3516 specified local IP address (either IPv4 or IPv6). If
3517 <var>ip</var> is an IPv6 address, wrap it in square brackets,
3518 e.g. <code>pssl:6632:[::1]</code>.
3521 If <var>port</var> is not specified, it currently defaults to
3522 6633. If <var>ip</var> is not specified then it listens only on
3523 IPv4 (but not IPv6) addresses. The
3524 <ref table="Open_vSwitch" column="ssl"/>
3525 column in the <ref table="Open_vSwitch"/> table must point to a
3526 valid SSL configuration when this form is used.
3529 If <var>port</var> is not specified, it currently defaults to
3530 6633. In the future, the default will change to 6653, which is
3531 the IANA-defined value.
3534 SSL support is an optional feature that is not always built as
3535 part of Open vSwitch.
3538 <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
3541 Listens for connections on the specified TCP <var>port</var>. If
3542 <var>ip</var>, which must be expressed as an IP address (not a
3543 DNS name), is specified, then connections are restricted to the
3544 specified local IP address (either IPv4 or IPv6). If
3545 <var>ip</var> is an IPv6 address, wrap it in square brackets,
3546 e.g. <code>ptcp:6632:[::1]</code>. If <var>ip</var> is not
3547 specified then it listens only on IPv4 addresses.
3550 If <var>port</var> is not specified, it currently defaults to
3551 6633. In the future, the default will change to 6653, which is
3552 the IANA-defined value.
3556 <p>When multiple controllers are configured for a single bridge, the
3557 <ref column="target"/> values must be unique. Duplicate
3558 <ref column="target"/> values yield unspecified results.</p>
3561 <column name="connection_mode">
3562 <p>If it is specified, this setting must be one of the following
3563 strings that describes how Open vSwitch contacts this OpenFlow
3564 controller over the network:</p>
3567 <dt><code>in-band</code></dt>
3568 <dd>In this mode, this controller's OpenFlow traffic travels over the
3569 bridge associated with the controller. With this setting, Open
3570 vSwitch allows traffic to and from the controller regardless of the
3571 contents of the OpenFlow flow table. (Otherwise, Open vSwitch
3572 would never be able to connect to the controller, because it did
3573 not have a flow to enable it.) This is the most common connection
3574 mode because it is not necessary to maintain two independent
3576 <dt><code>out-of-band</code></dt>
3577 <dd>In this mode, OpenFlow traffic uses a control network separate
3578 from the bridge associated with this controller, that is, the
3579 bridge does not use any of its own network devices to communicate
3580 with the controller. The control network must be configured
3581 separately, before or after <code>ovs-vswitchd</code> is started.
3585 <p>If not specified, the default is implementation-specific.</p>
3589 <group title="Controller Failure Detection and Handling">
3590 <column name="max_backoff">
3591 Maximum number of milliseconds to wait between connection attempts.
3592 Default is implementation-specific.
3595 <column name="inactivity_probe">
3596 Maximum number of milliseconds of idle time on connection to
3597 controller before sending an inactivity probe message. If Open
3598 vSwitch does not communicate with the controller for the specified
3599 number of seconds, it will send a probe. If a response is not
3600 received for the same additional amount of time, Open vSwitch
3601 assumes the connection has been broken and attempts to reconnect.
3602 Default is implementation-specific. A value of 0 disables
3607 <group title="Asynchronous Messages">
3609 OpenFlow switches send certain messages to controllers spontanenously,
3610 that is, not in response to any request from the controller. These
3611 messages are called ``asynchronous messages.'' These columns allow
3612 asynchronous messages to be limited or disabled to ensure the best use
3613 of network resources.
3616 <column name="enable_async_messages">
3617 The OpenFlow protocol enables asynchronous messages at time of
3618 connection establishment, which means that a controller can receive
3619 asynchronous messages, potentially many of them, even if it turns them
3620 off immediately after connecting. Set this column to
3621 <code>false</code> to change Open vSwitch behavior to disable, by
3622 default, all asynchronous messages. The controller can use the
3623 <code>NXT_SET_ASYNC_CONFIG</code> Nicira extension to OpenFlow to turn
3624 on any messages that it does want to receive, if any.
3627 <group title="Controller Rate Limiting">
3629 A switch can forward packets to a controller over the OpenFlow
3630 protocol. Forwarding packets this way at too high a rate can
3631 overwhelm a controller, frustrate use of the OpenFlow connection for
3632 other purposes, increase the latency of flow setup, and use an
3633 unreasonable amount of bandwidth. Therefore, Open vSwitch supports
3634 limiting the rate of packet forwarding to a controller.
3638 There are two main reasons in OpenFlow for a packet to be sent to a
3639 controller: either the packet ``misses'' in the flow table, that is,
3640 there is no matching flow, or a flow table action says to send the
3641 packet to the controller. Open vSwitch limits the rate of each kind
3642 of packet separately at the configured rate. Therefore, the actual
3643 rate that packets are sent to the controller can be up to twice the
3644 configured rate, when packets are sent for both reasons.
3648 This feature is specific to forwarding packets over an OpenFlow
3649 connection. It is not general-purpose QoS. See the <ref
3650 table="QoS"/> table for quality of service configuration, and <ref
3651 column="ingress_policing_rate" table="Interface"/> in the <ref
3652 table="Interface"/> table for ingress policing configuration.
3655 <column name="controller_rate_limit">
3657 The maximum rate at which the switch will forward packets to the
3658 OpenFlow controller, in packets per second. If no value is
3659 specified, rate limiting is disabled.
3663 <column name="controller_burst_limit">
3665 When a high rate triggers rate-limiting, Open vSwitch queues
3666 packets to the controller for each port and transmits them to the
3667 controller at the configured rate. This value limits the number of
3668 queued packets. Ports on a bridge share the packet queue fairly.
3672 This value has no effect unless <ref
3673 column="controller_rate_limit"/> is configured. The current
3674 default when this value is not specified is one-quarter of <ref
3675 column="controller_rate_limit"/>, meaning that queuing can delay
3676 forwarding a packet to the controller by up to 250 ms.
3680 <group title="Controller Rate Limiting Statistics">
3682 These values report the effects of rate limiting. Their values are
3683 relative to establishment of the most recent OpenFlow connection,
3684 or since rate limiting was enabled, whichever happened more
3685 recently. Each consists of two values, one with <code>TYPE</code>
3686 replaced by <code>miss</code> for rate limiting flow table misses,
3687 and the other with <code>TYPE</code> replaced by
3688 <code>action</code> for rate limiting packets sent by OpenFlow
3693 These statistics are reported only when controller rate limiting is
3697 <column name="status" key="packet-in-TYPE-bypassed"
3698 type='{"type": "integer", "minInteger": 0}'>
3699 Number of packets sent directly to the controller, without queuing,
3700 because the rate did not exceed the configured maximum.
3703 <column name="status" key="packet-in-TYPE-queued"
3704 type='{"type": "integer", "minInteger": 0}'>
3705 Number of packets added to the queue to send later.
3708 <column name="status" key="packet-in-TYPE-dropped"
3709 type='{"type": "integer", "minInteger": 0}'>
3710 Number of packets added to the queue that were later dropped due to
3711 overflow. This value is less than or equal to <ref column="status"
3712 key="packet-in-TYPE-queued"/>.
3715 <column name="status" key="packet-in-TYPE-backlog"
3716 type='{"type": "integer", "minInteger": 0}'>
3717 Number of packets currently queued. The other statistics increase
3718 monotonically, but this one fluctuates between 0 and the <ref
3719 column="controller_burst_limit"/> as conditions change.
3725 <group title="Additional In-Band Configuration">
3726 <p>These values are considered only in in-band control mode (see
3727 <ref column="connection_mode"/>).</p>
3729 <p>When multiple controllers are configured on a single bridge, there
3730 should be only one set of unique values in these columns. If different
3731 values are set for these columns in different controllers, the effect
3734 <column name="local_ip">
3735 The IP address to configure on the local port,
3736 e.g. <code>192.168.0.123</code>. If this value is unset, then
3737 <ref column="local_netmask"/> and <ref column="local_gateway"/> are
3741 <column name="local_netmask">
3742 The IP netmask to configure on the local port,
3743 e.g. <code>255.255.255.0</code>. If <ref column="local_ip"/> is set
3744 but this value is unset, then the default is chosen based on whether
3745 the IP address is class A, B, or C.
3748 <column name="local_gateway">
3749 The IP address of the gateway to configure on the local port, as a
3750 string, e.g. <code>192.168.0.1</code>. Leave this column unset if
3751 this network has no gateway.
3755 <group title="Controller Status">
3756 <column name="is_connected">
3757 <code>true</code> if currently connected to this controller,
3758 <code>false</code> otherwise.
3762 type='{"type": "string", "enum": ["set", ["other", "master", "slave"]]}'>
3763 <p>The level of authority this controller has on the associated
3764 bridge. Possible values are:</p>
3766 <dt><code>other</code></dt>
3767 <dd>Allows the controller access to all OpenFlow features.</dd>
3768 <dt><code>master</code></dt>
3769 <dd>Equivalent to <code>other</code>, except that there may be at
3770 most one master controller at a time. When a controller configures
3771 itself as <code>master</code>, any existing master is demoted to
3772 the <code>slave</code> role.</dd>
3773 <dt><code>slave</code></dt>
3774 <dd>Allows the controller read-only access to OpenFlow features.
3775 Attempts to modify the flow table will be rejected with an
3776 error. Slave controllers do not receive OFPT_PACKET_IN or
3777 OFPT_FLOW_REMOVED messages, but they do receive OFPT_PORT_STATUS
3782 <column name="status" key="last_error">
3783 A human-readable description of the last error on the connection
3784 to the controller; i.e. <code>strerror(errno)</code>. This key
3785 will exist only if an error has occurred.
3788 <column name="status" key="state"
3789 type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'>
3791 The state of the connection to the controller:
3794 <dt><code>VOID</code></dt>
3795 <dd>Connection is disabled.</dd>
3797 <dt><code>BACKOFF</code></dt>
3798 <dd>Attempting to reconnect at an increasing period.</dd>
3800 <dt><code>CONNECTING</code></dt>
3801 <dd>Attempting to connect.</dd>
3803 <dt><code>ACTIVE</code></dt>
3804 <dd>Connected, remote host responsive.</dd>
3806 <dt><code>IDLE</code></dt>
3807 <dd>Connection is idle. Waiting for response to keep-alive.</dd>
3810 These values may change in the future. They are provided only for
3815 <column name="status" key="sec_since_connect"
3816 type='{"type": "integer", "minInteger": 0}'>
3817 The amount of time since this controller last successfully connected to
3818 the switch (in seconds). Value is empty if controller has never
3819 successfully connected.
3822 <column name="status" key="sec_since_disconnect"
3823 type='{"type": "integer", "minInteger": 1}'>
3824 The amount of time since this controller last disconnected from
3825 the switch (in seconds). Value is empty if controller has never
3830 <group title="Connection Parameters">
3832 Additional configuration for a connection between the controller
3833 and the Open vSwitch.
3836 <column name="other_config" key="dscp"
3837 type='{"type": "integer"}'>
3838 The Differentiated Service Code Point (DSCP) is specified using 6 bits
3839 in the Type of Service (TOS) field in the IP header. DSCP provides a
3840 mechanism to classify the network traffic and provide Quality of
3841 Service (QoS) on IP networks.
3843 The DSCP value specified here is used when establishing the connection
3844 between the controller and the Open vSwitch. If no value is specified,
3845 a default value of 48 is chosen. Valid DSCP values must be in the
3851 <group title="Common Columns">
3852 The overall purpose of these columns is described under <code>Common
3853 Columns</code> at the beginning of this document.
3855 <column name="external_ids"/>
3856 <column name="other_config"/>
3860 <table name="Manager" title="OVSDB management connection.">
3862 Configuration for a database connection to an Open vSwitch database
3867 This table primarily configures the Open vSwitch database
3868 (<code>ovsdb-server</code>), not the Open vSwitch switch
3869 (<code>ovs-vswitchd</code>). The switch does read the table to determine
3870 what connections should be treated as in-band.
3874 The Open vSwitch database server can initiate and maintain active
3875 connections to remote clients. It can also listen for database
3879 <group title="Core Features">
3880 <column name="target">
3881 <p>Connection method for managers.</p>
3883 The following connection methods are currently supported:
3886 <dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
3889 The specified SSL <var>port</var> on the host at the given
3890 <var>ip</var>, which must be expressed as an IP address
3891 (not a DNS name). The <ref table="Open_vSwitch"
3892 column="ssl"/> column in the <ref table="Open_vSwitch"/>
3893 table must point to a valid SSL configuration when this
3897 If <var>port</var> is not specified, it currently defaults
3898 to 6632. In the future, the default will change to 6640,
3899 which is the IANA-defined value.
3902 SSL support is an optional feature that is not always
3903 built as part of Open vSwitch.
3907 <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
3910 The specified TCP <var>port</var> on the host at the given
3911 <var>ip</var>, which must be expressed as an IP address (not a
3912 DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
3913 <var>ip</var> is an IPv6 address, wrap it in square brackets,
3914 e.g. <code>tcp:[::1]:6632</code>.
3917 If <var>port</var> is not specified, it currently defaults
3918 to 6632. In the future, the default will change to 6640,
3919 which is the IANA-defined value.
3922 <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
3925 Listens for SSL connections on the specified TCP <var>port</var>.
3926 Specify 0 for <var>port</var> to have the kernel automatically
3927 choose an available port. If <var>ip</var>, which must be
3928 expressed as an IP address (not a DNS name), is specified, then
3929 connections are restricted to the specified local IP address
3930 (either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
3931 address, wrap in square brackets,
3932 e.g. <code>pssl:6632:[::1]</code>. If <var>ip</var> is not
3933 specified then it listens only on IPv4 (but not IPv6) addresses.
3934 The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
3935 table="Open_vSwitch"/> table must point to a valid SSL
3936 configuration when this form is used.
3939 If <var>port</var> is not specified, it currently defaults
3940 to 6632. In the future, the default will change to 6640,
3941 which is the IANA-defined value.
3944 SSL support is an optional feature that is not always built as
3945 part of Open vSwitch.
3948 <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
3951 Listens for connections on the specified TCP <var>port</var>.
3952 Specify 0 for <var>port</var> to have the kernel automatically
3953 choose an available port. If <var>ip</var>, which must be
3954 expressed as an IP address (not a DNS name), is specified, then
3955 connections are restricted to the specified local IP address
3956 (either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
3957 address, wrap it in square brackets,
3958 e.g. <code>ptcp:6632:[::1]</code>. If <var>ip</var> is not
3959 specified then it listens only on IPv4 addresses.
3962 If <var>port</var> is not specified, it currently defaults
3963 to 6632. In the future, the default will change to 6640,
3964 which is the IANA-defined value.
3968 <p>When multiple managers are configured, the <ref column="target"/>
3969 values must be unique. Duplicate <ref column="target"/> values yield
3970 unspecified results.</p>
3973 <column name="connection_mode">
3975 If it is specified, this setting must be one of the following strings
3976 that describes how Open vSwitch contacts this OVSDB client over the
3981 <dt><code>in-band</code></dt>
3983 In this mode, this connection's traffic travels over a bridge
3984 managed by Open vSwitch. With this setting, Open vSwitch allows
3985 traffic to and from the client regardless of the contents of the
3986 OpenFlow flow table. (Otherwise, Open vSwitch would never be able
3987 to connect to the client, because it did not have a flow to enable
3988 it.) This is the most common connection mode because it is not
3989 necessary to maintain two independent networks.
3991 <dt><code>out-of-band</code></dt>
3993 In this mode, the client's traffic uses a control network separate
3994 from that managed by Open vSwitch, that is, Open vSwitch does not
3995 use any of its own network devices to communicate with the client.
3996 The control network must be configured separately, before or after
3997 <code>ovs-vswitchd</code> is started.
4002 If not specified, the default is implementation-specific.
4007 <group title="Client Failure Detection and Handling">
4008 <column name="max_backoff">
4009 Maximum number of milliseconds to wait between connection attempts.
4010 Default is implementation-specific.
4013 <column name="inactivity_probe">
4014 Maximum number of milliseconds of idle time on connection to the client
4015 before sending an inactivity probe message. If Open vSwitch does not
4016 communicate with the client for the specified number of seconds, it
4017 will send a probe. If a response is not received for the same
4018 additional amount of time, Open vSwitch assumes the connection has been
4019 broken and attempts to reconnect. Default is implementation-specific.
4020 A value of 0 disables inactivity probes.
4024 <group title="Status">
4025 <column name="is_connected">
4026 <code>true</code> if currently connected to this manager,
4027 <code>false</code> otherwise.
4030 <column name="status" key="last_error">
4031 A human-readable description of the last error on the connection
4032 to the manager; i.e. <code>strerror(errno)</code>. This key
4033 will exist only if an error has occurred.
4036 <column name="status" key="state"
4037 type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'>
4039 The state of the connection to the manager:
4042 <dt><code>VOID</code></dt>
4043 <dd>Connection is disabled.</dd>
4045 <dt><code>BACKOFF</code></dt>
4046 <dd>Attempting to reconnect at an increasing period.</dd>
4048 <dt><code>CONNECTING</code></dt>
4049 <dd>Attempting to connect.</dd>
4051 <dt><code>ACTIVE</code></dt>
4052 <dd>Connected, remote host responsive.</dd>
4054 <dt><code>IDLE</code></dt>
4055 <dd>Connection is idle. Waiting for response to keep-alive.</dd>
4058 These values may change in the future. They are provided only for
4063 <column name="status" key="sec_since_connect"
4064 type='{"type": "integer", "minInteger": 0}'>
4065 The amount of time since this manager last successfully connected
4066 to the database (in seconds). Value is empty if manager has never
4067 successfully connected.
4070 <column name="status" key="sec_since_disconnect"
4071 type='{"type": "integer", "minInteger": 0}'>
4072 The amount of time since this manager last disconnected from the
4073 database (in seconds). Value is empty if manager has never
4077 <column name="status" key="locks_held">
4078 Space-separated list of the names of OVSDB locks that the connection
4079 holds. Omitted if the connection does not hold any locks.
4082 <column name="status" key="locks_waiting">
4083 Space-separated list of the names of OVSDB locks that the connection is
4084 currently waiting to acquire. Omitted if the connection is not waiting
4088 <column name="status" key="locks_lost">
4089 Space-separated list of the names of OVSDB locks that the connection
4090 has had stolen by another OVSDB client. Omitted if no locks have been
4091 stolen from this connection.
4094 <column name="status" key="n_connections"
4095 type='{"type": "integer", "minInteger": 2}'>
4097 When <ref column="target"/> specifies a connection method that
4098 listens for inbound connections (e.g. <code>ptcp:</code> or
4099 <code>pssl:</code>) and more than one connection is actually active,
4100 the value is the number of active connections. Otherwise, this
4101 key-value pair is omitted.
4104 When multiple connections are active, status columns and key-value
4105 pairs (other than this one) report the status of one arbitrarily
4110 <column name="status" key="bound_port" type='{"type": "integer"}'>
4111 When <ref column="target"/> is <code>ptcp:</code> or
4112 <code>pssl:</code>, this is the TCP port on which the OVSDB server is
4113 listening. (This is is particularly useful when <ref
4114 column="target"/> specifies a port of 0, allowing the kernel to
4115 choose any available port.)
4119 <group title="Connection Parameters">
4121 Additional configuration for a connection between the manager
4122 and the Open vSwitch Database.
4125 <column name="other_config" key="dscp"
4126 type='{"type": "integer"}'>
4127 The Differentiated Service Code Point (DSCP) is specified using 6 bits
4128 in the Type of Service (TOS) field in the IP header. DSCP provides a
4129 mechanism to classify the network traffic and provide Quality of
4130 Service (QoS) on IP networks.
4132 The DSCP value specified here is used when establishing the connection
4133 between the manager and the Open vSwitch. If no value is specified, a
4134 default value of 48 is chosen. Valid DSCP values must be in the range
4139 <group title="Common Columns">
4140 The overall purpose of these columns is described under <code>Common
4141 Columns</code> at the beginning of this document.
4143 <column name="external_ids"/>
4144 <column name="other_config"/>
4148 <table name="NetFlow">
4149 A NetFlow target. NetFlow is a protocol that exports a number of
4150 details about terminating IP flows, such as the principals involved
4153 <column name="targets">
4154 NetFlow targets in the form
4155 <code><var>ip</var>:<var>port</var></code>. The <var>ip</var>
4156 must be specified numerically, not as a DNS name.
4159 <column name="engine_id">
4160 Engine ID to use in NetFlow messages. Defaults to datapath index
4164 <column name="engine_type">
4165 Engine type to use in NetFlow messages. Defaults to datapath
4166 index if not specified.
4169 <column name="active_timeout">
4171 The interval at which NetFlow records are sent for flows that
4172 are still active, in seconds. A value of <code>0</code>
4173 requests the default timeout (currently 600 seconds); a value
4174 of <code>-1</code> disables active timeouts.
4178 The NetFlow passive timeout, for flows that become inactive,
4179 is not configurable. It will vary depending on the Open
4180 vSwitch version, the forms and contents of the OpenFlow flow
4181 tables, CPU and memory usage, and network activity. A typical
4182 passive timeout is about a second.
4186 <column name="add_id_to_interface">
4187 <p>If this column's value is <code>false</code>, the ingress and egress
4188 interface fields of NetFlow flow records are derived from OpenFlow port
4189 numbers. When it is <code>true</code>, the 7 most significant bits of
4190 these fields will be replaced by the least significant 7 bits of the
4191 engine id. This is useful because many NetFlow collectors do not
4192 expect multiple switches to be sending messages from the same host, so
4193 they do not store the engine information which could be used to
4194 disambiguate the traffic.</p>
4195 <p>When this option is enabled, a maximum of 508 ports are supported.</p>
4198 <group title="Common Columns">
4199 The overall purpose of these columns is described under <code>Common
4200 Columns</code> at the beginning of this document.
4202 <column name="external_ids"/>
4207 SSL configuration for an Open_vSwitch.
4209 <column name="private_key">
4210 Name of a PEM file containing the private key used as the switch's
4211 identity for SSL connections to the controller.
4214 <column name="certificate">
4215 Name of a PEM file containing a certificate, signed by the
4216 certificate authority (CA) used by the controller and manager,
4217 that certifies the switch's private key, identifying a trustworthy
4221 <column name="ca_cert">
4222 Name of a PEM file containing the CA certificate used to verify
4223 that the switch is connected to a trustworthy controller.
4226 <column name="bootstrap_ca_cert">
4227 If set to <code>true</code>, then Open vSwitch will attempt to
4228 obtain the CA certificate from the controller on its first SSL
4229 connection and save it to the named PEM file. If it is successful,
4230 it will immediately drop the connection and reconnect, and from then
4231 on all SSL connections must be authenticated by a certificate signed
4232 by the CA certificate thus obtained. <em>This option exposes the
4233 SSL connection to a man-in-the-middle attack obtaining the initial
4234 CA certificate.</em> It may still be useful for bootstrapping.
4237 <group title="Common Columns">
4238 The overall purpose of these columns is described under <code>Common
4239 Columns</code> at the beginning of this document.
4241 <column name="external_ids"/>
4245 <table name="sFlow">
4246 <p>A set of sFlow(R) targets. sFlow is a protocol for remote
4247 monitoring of switches.</p>
4249 <column name="agent">
4250 Name of the network device whose IP address should be reported as the
4251 ``agent address'' to collectors. If not specified, the agent device is
4252 figured from the first target address and the routing table. If the
4253 routing table does not contain a route to the target, the IP address
4254 defaults to the <ref table="Controller" column="local_ip"/> in the
4255 collector's <ref table="Controller"/>. If an agent IP address cannot be
4256 determined any of these ways, sFlow is disabled.
4259 <column name="header">
4260 Number of bytes of a sampled packet to send to the collector.
4261 If not specified, the default is 128 bytes.
4264 <column name="polling">
4265 Polling rate in seconds to send port statistics to the collector.
4266 If not specified, defaults to 30 seconds.
4269 <column name="sampling">
4270 Rate at which packets should be sampled and sent to the collector.
4271 If not specified, defaults to 400, which means one out of 400
4272 packets, on average, will be sent to the collector.
4275 <column name="targets">
4276 sFlow targets in the form
4277 <code><var>ip</var>:<var>port</var></code>.
4280 <group title="Common Columns">
4281 The overall purpose of these columns is described under <code>Common
4282 Columns</code> at the beginning of this document.
4284 <column name="external_ids"/>
4288 <table name="IPFIX">
4289 <p>Configuration for sending packets to IPFIX collectors.</p>
4292 IPFIX is a protocol that exports a number of details about flows. The
4293 IPFIX implementation in Open vSwitch samples packets at a configurable
4294 rate, extracts flow information from those packets, optionally caches and
4295 aggregates the flow information, and sends the result to one or more
4300 IPFIX in Open vSwitch can be configured two different ways:
4305 With <em>per-bridge sampling</em>, Open vSwitch performs IPFIX sampling
4306 automatically on all packets that pass through a bridge. To configure
4307 per-bridge sampling, create an <ref table="IPFIX"/> record and point a
4308 <ref table="Bridge"/> table's <ref table="Bridge" column="ipfix"/>
4309 column to it. The <ref table="Flow_Sample_Collector_Set"/> table is
4310 not used for per-bridge sampling.
4315 With <em>flow-based sampling</em>, <code>sample</code> actions in the
4316 OpenFlow flow table drive IPFIX sampling. See
4317 <code>ovs-ofctl</code>(8) for a description of the
4318 <code>sample</code> action.
4322 Flow-based sampling also requires database configuration: create a
4323 <ref table="IPFIX"/> record that describes the IPFIX configuration
4324 and a <ref table="Flow_Sample_Collector_Set"/> record that points to
4325 the <ref table="Bridge"/> whose flow table holds the
4326 <code>sample</code> actions and to <ref table="IPFIX"/> record. The
4327 <ref table="Bridge" column="ipfix"/> in the <ref table="Bridge"/>
4328 table is not used for flow-based sampling.
4333 <column name="targets">
4334 IPFIX target collectors in the form
4335 <code><var>ip</var>:<var>port</var></code>.
4338 <column name="cache_active_timeout">
4339 The maximum period in seconds for which an IPFIX flow record is
4340 cached and aggregated before being sent. If not specified,
4341 defaults to 0. If 0, caching is disabled.
4344 <column name="cache_max_flows">
4345 The maximum number of IPFIX flow records that can be cached at a
4346 time. If not specified, defaults to 0. If 0, caching is
4350 <group title="Per-Bridge Sampling">
4352 These values affect only per-bridge sampling. See above for a
4353 description of the differences between per-bridge and flow-based
4357 <column name="sampling">
4358 The rate at which packets should be sampled and sent to each target
4359 collector. If not specified, defaults to 400, which means one out of
4360 400 packets, on average, will be sent to each target collector.
4363 <column name="obs_domain_id">
4364 The IPFIX Observation Domain ID sent in each IPFIX packet. If not
4365 specified, defaults to 0.
4368 <column name="obs_point_id">
4369 The IPFIX Observation Point ID sent in each IPFIX flow record. If not
4370 specified, defaults to 0.
4373 <column name="other_config" key="enable-tunnel-sampling"
4374 type='{"type": "boolean"}'>
4376 Set to <code>true</code> to enable sampling and reporting tunnel
4377 header 7-tuples in IPFIX flow records. Tunnel sampling is disabled
4382 The following enterprise entities report the sampled tunnel info:
4386 <dt>tunnelType:</dt>
4388 <p>ID: 891, and enterprise ID 6876 (VMware).</p>
4389 <p>type: unsigned 8-bit integer.</p>
4390 <p>data type semantics: identifier.</p>
4391 <p>description: Identifier of the layer 2 network overlay network
4392 encapsulation type: 0x01 VxLAN, 0x02 GRE, 0x03 LISP, 0x05 IPsec+GRE,
4397 <p>ID: 892, and enterprise ID 6876 (VMware).</p>
4398 <p>type: variable-length octetarray.</p>
4399 <p>data type semantics: identifier.</p>
4400 <p>description: Key which is used for identifying an individual
4401 traffic flow within a VxLAN (24-bit VNI), GENEVE (24-bit VNI),
4402 GRE (32- or 64-bit key), or LISP (24-bit instance ID) tunnel. The
4403 key is encoded in this octetarray as a 3-, 4-, or 8-byte integer
4404 ID in network byte order.</p>
4406 <dt>tunnelSourceIPv4Address:</dt>
4408 <p>ID: 893, and enterprise ID 6876 (VMware).</p>
4409 <p>type: unsigned 32-bit integer.</p>
4410 <p>data type semantics: identifier.</p>
4411 <p>description: The IPv4 source address in the tunnel IP packet
4414 <dt>tunnelDestinationIPv4Address:</dt>
4416 <p>ID: 894, and enterprise ID 6876 (VMware).</p>
4417 <p>type: unsigned 32-bit integer.</p>
4418 <p>data type semantics: identifier.</p>
4419 <p>description: The IPv4 destination address in the tunnel IP
4422 <dt>tunnelProtocolIdentifier:</dt>
4424 <p>ID: 895, and enterprise ID 6876 (VMware).</p>
4425 <p>type: unsigned 8-bit integer.</p>
4426 <p>data type semantics: identifier.</p>
4427 <p>description: The value of the protocol number in the tunnel
4428 IP packet header. The protocol number identifies the tunnel IP
4429 packet payload type.</p>
4431 <dt>tunnelSourceTransportPort:</dt>
4433 <p>ID: 896, and enterprise ID 6876 (VMware).</p>
4434 <p>type: unsigned 16-bit integer.</p>
4435 <p>data type semantics: identifier.</p>
4436 <p>description: The source port identifier in the tunnel transport
4437 header. For the transport protocols UDP, TCP, and SCTP, this is
4438 the source port number given in the respective header.</p>
4440 <dt>tunnelDestinationTransportPort:</dt>
4442 <p>ID: 897, and enterprise ID 6876 (VMware).</p>
4443 <p>type: unsigned 16-bit integer.</p>
4444 <p>data type semantics: identifier.</p>
4445 <p>description: The destination port identifier in the tunnel
4446 transport header. For the transport protocols UDP, TCP, and SCTP,
4447 this is the destination port number given in the respective header.
4453 <column name="other_config" key="enable-input-sampling"
4454 type='{"type": "boolean"}'>
4455 By default, Open vSwitch samples and reports flows at bridge port input
4456 in IPFIX flow records. Set this column to <code>false</code> to
4457 disable input sampling.
4460 <column name="other_config" key="enable-output-sampling"
4461 type='{"type": "boolean"}'>
4462 By default, Open vSwitch samples and reports flows at bridge port
4463 output in IPFIX flow records. Set this column to <code>false</code> to
4464 disable output sampling.
4468 <group title="Common Columns">
4469 The overall purpose of these columns is described under <code>Common
4470 Columns</code> at the beginning of this document.
4472 <column name="external_ids"/>
4476 <table name="Flow_Sample_Collector_Set">
4478 A set of IPFIX collectors of packet samples generated by OpenFlow
4479 <code>sample</code> actions. This table is used only for IPFIX
4480 flow-based sampling, not for per-bridge sampling (see the <ref
4481 table="IPFIX"/> table for a description of the two forms).
4485 The ID of this collector set, unique among the bridge's
4486 collector sets, to be used as the <code>collector_set_id</code>
4487 in OpenFlow <code>sample</code> actions.
4490 <column name="bridge">
4491 The bridge into which OpenFlow <code>sample</code> actions can
4492 be added to send packet samples to this set of IPFIX collectors.
4495 <column name="ipfix">
4496 Configuration of the set of IPFIX collectors to send one flow
4497 record per sampled packet to.
4500 <group title="Common Columns">
4501 The overall purpose of these columns is described under <code>Common
4502 Columns</code> at the beginning of this document.
4504 <column name="external_ids"/>
4508 <table name="AutoAttach">
4509 <p>Auto Attach configuration within a bridge. The IETF Auto-Attach SPBM
4510 draft standard describes a compact method of using IEEE 802.1AB Link
4511 Layer Discovery Protocol (LLDP) together with a IEEE 802.1aq Shortest
4512 Path Bridging (SPB) network to automatically attach network devices
4513 to individual services in a SPB network. The intent here is to allow
4514 network applications and devices using OVS to be able to easily take
4515 advantage of features offered by industry standard SPB networks.</p>
4517 <p>Auto Attach (AA) uses LLDP to communicate between a directly connected
4518 Auto Attach Client (AAC) and Auto Attach Server (AAS). The LLDP protocol
4519 is extended to add two new Type-Length-Value tuples (TLVs). The first
4520 new TLV supports the ongoing discovery of directly connected AA
4521 correspondents. Auto Attach operates by regularly transmitting AA
4522 discovery TLVs between the AA client and AA server. By exchanging these
4523 discovery messages, both the AAC and AAS learn the system name and
4524 system description of their peer. In the OVS context, OVS operates as
4525 the AA client and the AA server resides on a switch at the edge of the
4528 <p>Once AA discovery has been completed the AAC then uses the
4529 second new TLV to deliver identifier mappings from the AAC to the AAS. A primary
4530 feature of Auto Attach is to facilitate the mapping of VLANs defined
4531 outside the SPB network onto service ids (ISIDs) defined within the SPM
4532 network. By doing so individual external VLANs can be mapped onto
4533 specific SPB network services. These VLAN id to ISID mappings can be
4534 configured and managed locally using new options added to the ovs-vsctl
4537 <p>The Auto Attach OVS feature does not provide a full implementation of
4538 the LLDP protocol. Support for the mandatory TLVs as defined by the LLDP
4539 standard and support for the AA TLV extensions is provided. LLDP
4540 protocol support in OVS can be enabled or disabled on a port by port
4541 basis. LLDP support is disabled by default.</p>
4543 <column name="system_name">
4544 The system_name string is exported in LLDP messages. It should uniquely
4545 identify the bridge in the network.
4548 <column name="system_description">
4549 The system_description string is exported in LLDP messages. It should
4550 describe the type of software and hardware.
4553 <column name="mappings">
4554 A mapping from SPB network Individual Service Identifier (ISID) to VLAN id.
projects / cascardo / ovs.git / blob