]>
Commit | Line | Data |
---|---|---|
f4b72cb4 BP |
1 | Do not use commands to add or remove or modify datapaths if |
2 | \fBovs\-vswitchd\fR is running because this interferes with | |
3 | \fBovs\-vswitchd\fR's own datapath management. | |
fceef209 DDP |
4 | .TP |
5 | \*(DX\fBadd\-dp \fIdp\fR [\fInetdev\fR[\fB,\fIoption\fR]...] | |
6 | Creates datapath \fIdp\fR, with a local port also named \fIdp\fR. | |
7 | This will fail if a network device \fIdp\fR already exists. | |
8 | .IP | |
9 | If \fInetdev\fRs are specified, \fB\*(PN\fR adds them to the | |
10 | new datapath, just as if \fBadd\-if\fR was specified. | |
11 | . | |
12 | .TP | |
13 | \*(DX\fBdel\-dp \fIdp\fR | |
14 | Deletes datapath \fIdp\fR. If \fIdp\fR is associated with any network | |
15 | devices, they are automatically removed. | |
16 | . | |
17 | .TP | |
18 | \*(DX\fBadd\-if \fIdp netdev\fR[\fB,\fIoption\fR]... | |
19 | Adds each \fInetdev\fR to the set of network devices datapath | |
20 | \fIdp\fR monitors, where \fIdp\fR is the name of an existing | |
21 | datapath, and \fInetdev\fR is the name of one of the host's | |
22 | network devices, e.g. \fBeth0\fR. Once a network device has been added | |
23 | to a datapath, the datapath has complete ownership of the network device's | |
24 | traffic and the network device appears silent to the rest of the | |
25 | system. | |
26 | .IP | |
27 | A \fInetdev\fR may be followed by a comma-separated list of options. | |
28 | The following options are currently supported: | |
29 | . | |
30 | .RS | |
31 | .IP "\fBtype=\fItype\fR" | |
32 | Specifies the type of port to add. The default type is \fBsystem\fR. | |
33 | .IP "\fBport_no=\fIport\fR" | |
34 | Requests a specific port number within the datapath. If this option is | |
35 | not specified then one will be automatically assigned. | |
36 | .IP "\fIkey\fB=\fIvalue\fR" | |
37 | Adds an arbitrary key-value option to the port's configuration. | |
38 | .RE | |
39 | .IP | |
40 | \fBovs\-vswitchd.conf.db\fR(5) documents the available port types and | |
41 | options. | |
42 | . | |
43 | .IP "\*(DX\fBset\-if \fIdp port\fR[\fB,\fIoption\fR]..." | |
44 | Reconfigures each \fIport\fR in \fIdp\fR as specified. An | |
45 | \fIoption\fR of the form \fIkey\fB=\fIvalue\fR adds the specified | |
46 | key-value option to the port or overrides an existing key's value. An | |
47 | \fIoption\fR of the form \fIkey\fB=\fR, that is, without a value, | |
48 | deletes the key-value named \fIkey\fR. The type and port number of a | |
49 | port cannot be changed, so \fBtype\fR and \fBport_no\fR are only allowed if | |
50 | they match the existing configuration. | |
51 | .TP | |
52 | \*(DX\fBdel\-if \fIdp netdev\fR... | |
53 | Removes each \fInetdev\fR from the list of network devices datapath | |
54 | \fIdp\fR monitors. | |
55 | . | |
56 | .TP | |
57 | \*(DX\fBdump\-dps\fR | |
58 | Prints the name of each configured datapath on a separate line. | |
59 | . | |
60 | .TP | |
61 | .DO "[\fB\-s\fR | \fB\-\-statistics\fR]" "\*(DX\fBshow" "\fR[\fIdp\fR...]" | |
62 | Prints a summary of configured datapaths, including their datapath | |
63 | numbers and a list of ports connected to each datapath. (The local | |
64 | port is identified as port 0.) If \fB\-s\fR or \fB\-\-statistics\fR | |
65 | is specified, then packet and byte counters are also printed for each | |
66 | port. | |
67 | .IP | |
68 | The datapath numbers consists of flow stats and mega flow mask stats. | |
69 | .IP | |
70 | The "lookups" row displays three stats related to flow lookup triggered | |
71 | by processing incoming packets in the datapath. "hit" displays number | |
72 | of packets matches existing flows. "missed" displays the number of | |
73 | packets not matching any existing flow and require user space processing. | |
74 | "lost" displays number of packets destined for user space process but | |
75 | subsequently dropped before reaching userspace. The sum of "hit" and "miss" | |
76 | equals to the total number of packets datapath processed. | |
77 | .IP | |
78 | The "flows" row displays the number of flows in datapath. | |
79 | .IP | |
80 | The "masks" row displays the mega flow mask stats. This row is omitted | |
81 | for datapath not implementing mega flow. "hit" displays the total number | |
82 | of masks visited for matching incoming packets. "total" displays number of | |
83 | masks in the datapath. "hit/pkt" displays the average number of masks | |
84 | visited per packet; the ratio between "hit" and total number of | |
d1fd1ea9 | 85 | packets processed by the datapath. |
fceef209 DDP |
86 | .IP |
87 | If one or more datapaths are specified, information on only those | |
88 | datapaths are displayed. Otherwise, \fB\*(PN\fR displays information | |
89 | about all configured datapaths. | |
90 | .SS "DATAPATH FLOW TABLE DEBUGGING COMMANDS" | |
91 | The following commands are primarily useful for debugging Open | |
92 | vSwitch. The flow table entries (both matches and actions) that they | |
93 | work with are not OpenFlow flow entries. Instead, they are different | |
94 | and considerably simpler flows maintained by the Open vSwitch kernel | |
f4b72cb4 BP |
95 | module. Do not use commands to add or remove or modify datapath flows |
96 | if \fBovs\-vswitchd\fR is running because it interferes with | |
97 | \fBovs\-vswitchd\fR's own datapath flow management. Use | |
98 | \fBovs\-ofctl\fR(8), instead, to work with OpenFlow flow entries. | |
fceef209 DDP |
99 | . |
100 | .PP | |
101 | The \fIdp\fR argument to each of these commands is optional when | |
102 | exactly one datapath exists, in which case that datapath is the | |
103 | default. When multiple datapaths exist, then a datapath name is | |
104 | required. | |
105 | . | |
106 | .TP | |
d1fd1ea9 | 107 | .DO "[\fB\-m \fR| \fB\-\-more\fR] [\fB\-\-names \fR| \fB\-\-no\-names\fR]" \*(DX\fBdump\-flows\fR "[\fIdp\fR] [\fBfilter=\fIfilter\fR] [\fBtype=\fItype\fR]" |
fceef209 DDP |
108 | Prints to the console all flow entries in datapath \fIdp\fR's flow |
109 | table. Without \fB\-m\fR or \fB\-\-more\fR, output omits match fields | |
110 | that a flow wildcards entirely; with \fB\-m\fR or \fB\-\-more\fR, | |
111 | output includes all wildcarded fields. | |
112 | .IP | |
113 | If \fBfilter=\fIfilter\fR is specified, only displays the flows | |
114 | that match the \fIfilter\fR. \fIfilter\fR is a flow in the form similiar | |
115 | to that accepted by \fBovs\-ofctl\fR(8)'s \fBadd\-flow\fR command. (This is | |
116 | not an OpenFlow flow: besides other differences, it never contains wildcards.) | |
117 | The \fIfilter\fR is also useful to match wildcarded fields in the datapath | |
118 | flow. As an example, \fBfilter='tcp,tp_src=100'\fR will match the | |
119 | datapath flow containing '\fBtcp(src=80/0xff00,dst=8080/0xff)\fR'. | |
7e8b7199 PB |
120 | .IP |
121 | If \fBtype=\fItype\fR is specified, only displays flows of a specific type. | |
1d03c2cb | 122 | \fItype\fR can be \fBoffloaded\fR to display only offloaded rules or \fBovs\fR |
7e8b7199 PB |
123 | to display only non-offloaded rules. |
124 | By default both offloaded and non-offloaded rules are displayed. | |
fceef209 DDP |
125 | . |
126 | .IP "\*(DX\fBadd\-flow\fR [\fIdp\fR] \fIflow actions\fR" | |
127 | .TP | |
128 | .DO "[\fB\-\-clear\fR] [\fB\-\-may-create\fR] [\fB\-s\fR | \fB\-\-statistics\fR]" "\*(DX\fBmod\-flow\fR" "[\fIdp\fR] \fIflow actions\fR" | |
129 | Adds or modifies a flow in \fIdp\fR's flow table that, when a packet | |
130 | matching \fIflow\fR arrives, causes \fIactions\fR to be executed. | |
131 | .IP | |
132 | The \fBadd\-flow\fR command succeeds only if \fIflow\fR does not | |
133 | already exist in \fIdp\fR. Contrariwise, \fBmod\-flow\fR without | |
134 | \fB\-\-may\-create\fR only modifies the actions for an existing flow. | |
135 | With \fB\-\-may\-create\fR, \fBmod\-flow\fR will add a new flow or | |
136 | modify an existing one. | |
137 | .IP | |
138 | If \fB\-s\fR or \fB\-\-statistics\fR is specified, then | |
d0c4f1dc | 139 | \fBmod\-flow\fR prints the modified flow's statistics. A flow's |
fceef209 DDP |
140 | statistics are the number of packets and bytes that have passed |
141 | through the flow, the elapsed time since the flow last processed a | |
142 | packet (if ever), and (for TCP flows) the union of the TCP flags | |
143 | processed through the flow. | |
144 | .IP | |
d0c4f1dc | 145 | With \fB\-\-clear\fR, \fBmod\-flow\fR zeros out the flow's |
fceef209 DDP |
146 | statistics. The statistics printed if \fB\-s\fR or |
147 | \fB\-\-statistics\fR is also specified are those from just before | |
148 | clearing the statistics. | |
07e0337b AC |
149 | .IP |
150 | NOTE: | |
151 | \fIflow\fR and \fIactions\fR do not match the syntax used with | |
152 | \fBovs\-ofctl\fR(8)'s \fBadd\-flow\fR command. | |
153 | . | |
154 | .IP | |
155 | \fBUsage Examples\fR | |
156 | . | |
157 | .RS | |
158 | .PP | |
159 | Forward ARP between ports 1 and 2 on datapath myDP: | |
160 | .IP | |
161 | ovs-dpctl add-flow myDP \\ | |
162 | . | |
163 | "in_port(1),eth(),eth_type(0x0806),arp()" 2 | |
164 | . | |
165 | .IP | |
166 | ovs-dpctl add-flow myDP \\ | |
fceef209 | 167 | . |
07e0337b AC |
168 | "in_port(2),eth(),eth_type(0x0806),arp()" 1 |
169 | . | |
170 | .PP | |
171 | Forward all IPv4 traffic between two addresses on ports 1 and 2: | |
172 | . | |
173 | .IP | |
174 | ovs-dpctl add-flow myDP \\ | |
175 | . | |
176 | "in_port(1),eth(),eth_type(0x800),\\ | |
177 | ipv4(src=172.31.110.4,dst=172.31.110.5)" 2 | |
178 | . | |
179 | .IP | |
180 | ovs-dpctl add-flow myDP \\ | |
181 | . | |
182 | "in_port(2),eth(),eth_type(0x800),\\ | |
183 | ipv4(src=172.31.110.5,dst=172.31.110.4)" 1 | |
184 | . | |
185 | .RE | |
fceef209 DDP |
186 | .TP |
187 | .DO "[\fB\-s\fR | \fB\-\-statistics\fR]" "\*(DX\fBdel\-flow\fR" "[\fIdp\fR] \fIflow\fR" | |
188 | Deletes the flow from \fIdp\fR's flow table that matches \fIflow\fR. | |
189 | If \fB\-s\fR or \fB\-\-statistics\fR is specified, then | |
d0c4f1dc | 190 | \fBdel\-flow\fR prints the deleted flow's statistics. |
fceef209 | 191 | . |
d1fd1ea9 BP |
192 | .TP |
193 | .DO "[\fB\-m \fR| \fB\-\-more\fR] [\fB\-\-names \fR| \fB\-\-no\-names\fR]" "\*(DX\fBget\-flow\fR [\fIdp\fR] ufid:\fIufid\fR" | |
818650e6 JS |
194 | Fetches the flow from \fIdp\fR's flow table with unique identifier \fIufid\fR. |
195 | \fIufid\fR must be specified as a string of 32 hexadecimal characters. | |
196 | . | |
fceef209 DDP |
197 | .IP "\*(DX\fBdel\-flows\fR [\fIdp\fR]" |
198 | Deletes all flow entries from datapath \fIdp\fR's flow table. | |
dffae65f DDP |
199 | .SS "CONNECTION TRACKING TABLE DEBUGGING COMMANDS" |
200 | The following commands are primarily useful for debugging the connection | |
201 | tracking entries in the datapath. | |
202 | . | |
203 | .PP | |
204 | The \fIdp\fR argument to each of these commands is optional when | |
205 | exactly one datapath exists, in which case that datapath is the | |
206 | default. When multiple datapaths exist, then a datapath name is | |
207 | required. | |
208 | . | |
209 | .PP | |
210 | \fBN.B.\fR(Linux specific): the \fIsystem\fR datapaths (i.e. the Linux | |
211 | kernel module Open vSwitch datapaths) share a single connection tracking | |
212 | table (which is also used by other kernel subsystems, such as iptables, | |
213 | nftables and the regular host stack). Therefore, the following commands | |
214 | do not apply specifically to one datapath. | |
215 | . | |
216 | .TP | |
217 | .DO "[\fB\-m\fR | \fB\-\-more\fR] [\fB\-s\fR | \fB\-\-statistics\fR]" "\*(DX\fBdump\-conntrack\fR" "[\fIdp\fR] [\fBzone=\fIzone\fR]" | |
218 | Prints to the console all the connection entries in the tracker used by | |
219 | \fIdp\fR. If \fBzone=\fIzone\fR is specified, only shows the connections | |
220 | in \fBzone\fR. With \fB\-\-more\fR, some implementation specific details | |
221 | are included. With \fB\-\-statistics\fR timeouts and timestamps are | |
222 | added to the output. | |
7f278d1f DDP |
223 | . |
224 | .TP | |
c43a1331 YHW |
225 | \*(DX\fBflush\-conntrack\fR [\fIdp\fR] [\fBzone=\fIzone\fR] [\fIct-tuple\fR] |
226 | Flushes the connection entries in the tracker used by \fIdp\fR based on | |
227 | \fIzone\fR and connection tracking tuple \fIct-tuple\fR. | |
228 | If \fIct-tuple\fR is not provided, flushes all the connection entries. | |
229 | If \fBzone\fR=\fIzone\fR is specified, only flushes the connections in | |
230 | \fIzone\fR. | |
231 | .IP | |
232 | If \fIct-tuple\fR is provided, flushes the connection entry specified by | |
233 | \fIct-tuple\fR in \fIzone\fR. The zone defaults to 0 if it is not provided. | |
234 | An example of an IPv4 ICMP \fIct-tuple\fR: | |
235 | .IP | |
236 | "ct_nw_src=10.1.1.1,ct_nw_dst=10.1.1.2,ct_nw_proto=1,icmp_type=8,icmp_code=0,icmp_id=10" | |
237 | .IP | |
238 | An example of an IPv6 TCP \fIct-tuple\fR: | |
239 | .IP | |
240 | "ct_ipv6_src=fc00::1,ct_ipv6_dst=fc00::2,ct_nw_proto=6,ct_tp_src=1,ct_tp_dst=2" | |
8a0d9d85 FA |
241 | . |
242 | .TP | |
16b361ef | 243 | .DO "[\fB\-m\fR | \fB\-\-more\fR]" "\*(DX\fBct\-stats\-show\fR [\fIdp\fR] [\fBzone=\fIzone\fR]" |
8a0d9d85 FA |
244 | Displays the number of connections grouped by protocol used by \fIdp\fR. |
245 | If \fBzone=\fIzone\fR is specified, numbers refer to the connections in | |
16b361ef JP |
246 | \fBzone\fR. With \fB\-\-more\fR, groups by connection state for each |
247 | protocol. | |
ded30c74 FA |
248 | . |
249 | .TP | |
250 | \*(DX\fBct\-bkts\fR [\fIdp\fR] [\fBgt=\fIThreshold\fR] | |
251 | For each ConnTracker bucket, displays the number of connections used | |
252 | by \fIdp\fR. | |
253 | If \fBgt=\fIThreshold\fR is specified, bucket numbers are displayed when | |
254 | the number of connections in a bucket is greater than \fIThreshold\fR. | |
c92339ad DB |
255 | . |
256 | .TP | |
257 | \*(DX\fBct\-set\-maxconns\fR [\fIdp\fR] \fBparam\fR | |
258 | Set the maximum limit of connection tracker connections. | |
259 | Can be used to reduce the processing load on the system due to | |
260 | connection tracking or simply limiting connection tracking. | |
261 | If the number of connections is already beyond the new maximum limit | |
262 | request for the number of connections then the new maximum limit will | |
263 | be enforced when the number of connections decreases to that limit, which | |
264 | normally happens due to connection expiry. Only supported for userspace | |
265 | datapath. | |
266 | . | |
267 | .TP | |
268 | \*(DX\fBct\-get\-maxconns\fR [\fIdp\fR] | |
269 | Read the maximum limit of connection tracker connections. | |
270 | Only supported for userspace datapath. | |
875075b3 DB |
271 | . |
272 | .TP | |
273 | \*(DX\fBct\-get\-nconns\fR [\fIdp\fR] | |
274 | Read the current number of connection tracker connections. | |
275 | Only supported for userspace datapath. |