]> git.proxmox.com Git - ovs.git/blame - ovn/ovn-sb.xml
projects / ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ovn-controller: process lport bindings only when transaction is possible
[ovs.git] / ovn / ovn-sb.xml
CommitLineData
fe36184b 1<?xml version="1.0" encoding="utf-8"?>
ec78987f 2<database name="ovn-sb" title="OVN Southbound Database">
fe36184b
BP		 3 <p>
4 This database holds logical and physical configuration and state for the
5 Open Virtual Network (OVN) system to support virtual network abstraction.
6 For an introduction to OVN, please see <code>ovn-architecture</code>(7).
7 </p>
8
9 <p>
ec78987f
JP		 10 The OVN Southbound database sits at the center of the OVN
11 architecture. It is the one component that speaks both southbound
12 directly to all the hypervisors and gateways, via
88058f19
AW		 13 <code>ovn-controller</code>/<code>ovn-controller-vtep</code>, and
14 northbound to the Cloud Management System, via <code>ovn-northd</code>:
fe36184b
BP		 15 </p>
16
17 <h2>Database Structure</h2>
18
19 <p>
0bac7164 20 The OVN Southbound database contains classes of data with
ec78987f 21 different properties, as described in the sections below.
fe36184b
BP		 22 </p>
23
24 <h3>Physical Network (PN) data</h3>
25
26 <p>
27 PN tables contain information about the chassis nodes in the system. This
28 contains all the information necessary to wire the overlay, such as IP
29 addresses, supported tunnel types, and security keys.
30 </p>
31
32 <p>
33 The amount of PN data is small (O(n) in the number of chassis) and it
34 changes infrequently, so it can be replicated to every chassis.
35 </p>
36
37 <p>
62fdd819 38 The <ref table="Chassis"/> table comprises the PN tables.
fe36184b
BP		 39 </p>
40
41 <h3>Logical Network (LN) data</h3>
42
43 <p>
44 LN tables contain the topology of logical switches and routers, ACLs,
45 firewall rules, and everything needed to describe how packets traverse a
46 logical network, represented as logical datapath flows (see Logical
47 Datapath Flows, below).
48 </p>
49
50 <p>
51 LN data may be large (O(n) in the number of logical ports, ACL rules,
52 etc.). Thus, to improve scaling, each chassis should receive only data
53 related to logical networks in which that chassis participates. Past
54 experience shows that in the presence of large logical networks, even
55 finer-grained partitioning of data, e.g. designing logical flows so that
56 only the chassis hosting a logical port needs related flows, pays off
57 scale-wise. (This is not necessary initially but it is worth bearing in
58 mind in the design.)
59 </p>
60
61 <p>
62 The LN is a slave of the cloud management system running northbound of OVN.
63 That CMS determines the entire OVN logical configuration and therefore the
64 LN's content at any given time is a deterministic function of the CMS's
09986f8c
JP		 65 configuration, although that happens indirectly via the
66 <ref db="OVN_Northbound"/> database and <code>ovn-northd</code>.
fe36184b
BP		 67 </p>
68
69 <p>
70 LN data is likely to change more quickly than PN data. This is especially
71 true in a container environment where VMs are created and destroyed (and
72 therefore added to and deleted from logical switches) quickly.
73 </p>
74
75 <p>
5868eb24
BP		 76 <ref table="Logical_Flow"/> and <ref table="Multicast_Group"/> contain LN
77 data.
fe36184b
BP		 78 </p>
79
0bac7164 80 <h3>Logical-physical bindings</h3>
fe36184b
BP		 81
82 <p>
0bac7164 83 These tables link logical and physical components. They show the current
5868eb24
BP		 84 placement of logical components (such as VMs and VIFs) onto chassis, and
85 map logical entities to the values that represent them in tunnel
86 encapsulations.
fe36184b
BP		 87 </p>
88
89 <p>
0bac7164 90 These tables change frequently, at least every time a VM powers up or down
fe36184b
BP		 91 or migrates, and especially quickly in a container environment. The
92 amount of data per VM (or VIF) is small.
93 </p>
94
95 <p>
96 Each chassis is authoritative about the VMs and VIFs that it hosts at any
97 given time and can efficiently flood that state to a central location, so
98 the consistency needs are minimal.
99 </p>
100
101 <p>
5868eb24
BP		 102 The <ref table="Port_Binding"/> and <ref table="Datapath_Binding"/> tables
103 contain binding data.
fe36184b
BP		 104 </p>
105
0bac7164
BP		 106 <h3>MAC bindings</h3>
107
108 <p>
109 The <ref table="MAC_Binding"/> table tracks the bindings from IP addresses
110 to Ethernet addresses that are dynamically discovered using ARP (for IPv4)
111 and neighbor discovery (for IPv6). Usually, IP-to-MAC bindings for virtual
112 machines are statically populated into the <ref table="Port_Binding"/>
113 table, so <ref table="MAC_Binding"/> is primarily used to discover bindings
114 on physical networks.
115 </p>
116
5868eb24
BP		 117 <h2>Common Columns</h2>
118
119 <p>
120 Some tables contain a special column named <code>external_ids</code>. This
121 column has the same form and purpose each place that it appears, so we
122 describe it here to save space later.
123 </p>
124
125 <dl>
126 <dt><code>external_ids</code>: map of string-string pairs</dt>
127 <dd>
128 Key-value pairs for use by the software that manages the OVN Southbound
88058f19
AW		 129 database rather than by
130 <code>ovn-controller</code>/<code>ovn-controller-vtep</code>. In
131 particular, <code>ovn-northd</code> can use key-value pairs in this
132 column to relate entities in the southbound database to higher-level
133 entities (such as entities in the OVN Northbound database). Individual
134 key-value pairs in this column may be documented in some cases to aid
135 in understanding and troubleshooting, but the reader should not mistake
136 such documentation as comprehensive.
5868eb24
BP		 137 </dd>
138 </dl>
139
fe36184b
BP		 140 <table name="Chassis" title="Physical Network Hypervisor and Gateway Information">
141 <p>
142 Each row in this table represents a hypervisor or gateway (a chassis) in
143 the physical network (PN). Each chassis, via
88058f19
AW		 144 <code>ovn-controller</code>/<code>ovn-controller-vtep</code>, adds
145 and updates its own row, and keeps a copy of the remaining rows to
146 determine how to reach other hypervisors.
fe36184b
BP		 147 </p>
148
149 <p>
150 When a chassis shuts down gracefully, it should remove its own row.
151 (This is not critical because resources hosted on the chassis are equally
152 unreachable regardless of whether the row is present.) If a chassis
153 shuts down permanently without removing its row, some kind of manual or
154 automatic cleanup is eventually needed; we can devise a process for that
155 as necessary.
156 </p>
157
158 <column name="name">
fc26cf25
RB		 159 OVN does not prescribe a particular format for chassis names.
160 ovn-controller populates this column using <ref key="system-id"
161 table="Open_vSwitch" column="external_ids" db="Open_vSwitch"/>
162 in the Open_vSwitch database's <ref table="Open_vSwitch"
163 db="Open_vSwitch"/> table. ovn-controller-vtep populates this
164 column with <ref table="Physical_Switch" column="name"
165 db="hardware_vtep"/> in the hardware_vtep database's
166 <ref table="Physical_Switch" db="hardware_vtep"/> table.
fe36184b
BP		 167 </column>
168
2229f3ec
RB		 169 <column name="hostname">
170 The hostname of the chassis, if applicable. ovn-controller will populate
171 this column with the hostname of the host it is running on.
172 ovn-controller-vtep will leave this column empty.
173 </column>
174
4250ee37
RB		 175 <column name="external_ids" key="ovn-bridge-mappings">
176 <code>ovn-controller</code> populates this key with the set of bridge
177 mappings it has been configured to use. Other applications should treat
178 this key as read-only. See <code>ovn-controller</code>(8) for more
179 information.
180 </column>
181
1cef5fff
RB		 182 <group title="Common Columns">
183 The overall purpose of these columns is described under <code>Common
184 Columns</code> at the beginning of this document.
185
186 <column name="external_ids"/>
187 </group>
188
09db214c 189 <group title="Encapsulation Configuration">
fe36184b 190 <p>
09db214c
JP		 191 OVN uses encapsulation to transmit logical dataplane packets
192 between chassis.
fe36184b
BP		 193 </p>
194
09db214c
JP		 195 <column name="encaps">
196 Points to supported encapsulation configurations to transmit
197 logical dataplane packets to this chassis. Each entry is a <ref
198 table="Encap"/> record that describes the configuration.
fe36184b
BP		 199 </column>
200 </group>
201
62fdd819
AW		 202 <group title="Gateway Configuration">
203 <p>
204 A <dfn>gateway</dfn> is a chassis that forwards traffic between the
205 OVN-managed part of a logical network and a physical VLAN, extending a
206 tunnel-based logical network into a physical network. Gateways are
88058f19
AW		 207 typically dedicated nodes that do not host VMs and will be controlled
208 by <code>ovn-controller-vtep</code>.
fe36184b
BP		 209 </p>
210
62fdd819 211 <column name="vtep_logical_switches">
88058f19
AW		 212 Stores all VTEP logical switch names connected by this gateway
213 chassis. The <ref table="Port_Binding"/> table entry with
214 <ref column="options" table="Port_Binding"/>:<code>vtep-physical-switch</code>
215 equal <ref table="Chassis"/> <ref column="name" table="Chassis"/>, and
216 <ref column="options" table="Port_Binding"/>:<code>vtep-logical-switch</code>
217 value in <ref table="Chassis"/>
218 <ref column="vtep_logical_switches" table="Chassis"/>, will be
219 associated with this <ref table="Chassis"/>.
fe36184b 220 </column>
62fdd819 221 </group>
fe36184b
BP		 222 </table>
223
09db214c
JP		 224 <table name="Encap" title="Encapsulation Types">
225 <p>
226 The <ref column="encaps" table="Chassis"/> column in the <ref
227 table="Chassis"/> table refers to rows in this table to identify
228 how OVN may transmit logical dataplane packets to this chassis.
88058f19
AW		 229 Each chassis, via <code>ovn-controller</code>(8) or
230 <code>ovn-controller-vtep</code>(8), adds and updates its own rows
231 and keeps a copy of the remaining rows to determine how to reach
232 other chassis.
09db214c
JP		 233 </p>
234
235 <column name="type">
236 The encapsulation to use to transmit packets to this chassis.
b705f9ea
JP		 237 Hypervisors must use either <code>geneve</code> or
238 <code>stt</code>. Gateways may use <code>vxlan</code>,
239 <code>geneve</code>, or <code>stt</code>.
09db214c
JP		 240 </column>
241
242 <column name="options">
243 Options for configuring the encapsulation, e.g. IPsec parameters when
244 IPsec support is introduced. No options are currently defined.
245 </column>
246
247 <column name="ip">
248 The IPv4 address of the encapsulation tunnel endpoint.
249 </column>
250 </table>
251
5868eb24 252 <table name="Logical_Flow" title="Logical Network Flows">
fe36184b 253 <p>
09986f8c
JP		 254 Each row in this table represents one logical flow.
255 <code>ovn-northd</code> populates this table with logical flows
256 that implement the L2 and L3 topologies specified in the
257 <ref db="OVN_Northbound"/> database. Each hypervisor, via
258 <code>ovn-controller</code>, translates the logical flows into
259 OpenFlow flows specific to its hypervisor and installs them into
260 Open vSwitch.
fe36184b
BP		 261 </p>
262
263 <p>
264 Logical flows are expressed in an OVN-specific format, described here. A
265 logical datapath flow is much like an OpenFlow flow, except that the
266 flows are written in terms of logical ports and logical datapaths instead
267 of physical ports and physical datapaths. Translation between logical
268 and physical flows helps to ensure isolation between logical datapaths.
09986f8c
JP		 269 (The logical flow abstraction also allows the OVN centralized
270 components to do less work, since they do not have to separately
271 compute and push out physical flows to each chassis.)
fe36184b
BP		 272 </p>
273
274 <p>
275 The default action when no flow matches is to drop packets.
276 </p>
277
69a832cf 278 <p><em>Architectural Logical Life Cycle of a Packet</em></p>
5868eb24
BP		 279
280 <p>
281 This following description focuses on the life cycle of a packet through
282 a logical datapath, ignoring physical details of the implementation.
69a832cf 283 Please refer to <em>Architectural Physical Life Cycle of a Packet</em> in
5868eb24
BP		 284 <code>ovn-architecture</code>(7) for the physical information.
285 </p>
286
287 <p>
288 The description here is written as if OVN itself executes these steps,
289 but in fact OVN (that is, <code>ovn-controller</code>) programs Open
290 vSwitch, via OpenFlow and OVSDB, to execute them on its behalf.
291 </p>
292
293 <p>
294 At a high level, OVN passes each packet through the logical datapath's
295 logical ingress pipeline, which may output the packet to one or more
296 logical port or logical multicast groups. For each such logical output
297 port, OVN passes the packet through the datapath's logical egress
298 pipeline, which may either drop the packet or deliver it to the
299 destination. Between the two pipelines, outputs to logical multicast
300 groups are expanded into logical ports, so that the egress pipeline only
301 processes a single logical output port at a time. Between the two
302 pipelines is also where, when necessary, OVN encapsulates a packet in a
303 tunnel (or tunnels) to transmit to remote hypervisors.
304 </p>
305
306 <p>
307 In more detail, to start, OVN searches the <ref table="Logical_Flow"/>
308 table for a row with correct <ref column="logical_datapath"/>, a <ref
309 column="pipeline"/> of <code>ingress</code>, a <ref column="table_id"/>
310 of 0, and a <ref column="match"/> that is true for the packet. If none
311 is found, OVN drops the packet. If OVN finds more than one, it chooses
312 the match with the highest <ref column="priority"/>. Then OVN executes
313 each of the actions specified in the row's <ref table="actions"/> column,
314 in the order specified. Some actions, such as those to modify packet
315 headers, require no further details. The <code>next</code> and
316 <code>output</code> actions are special.
317 </p>
318
319 <p>
320 The <code>next</code> action causes the above process to be repeated
321 recursively, except that OVN searches for <ref column="table_id"/> of 1
322 instead of 0. Similarly, any <code>next</code> action in a row found in
323 that table would cause a further search for a <ref column="table_id"/> of
324 2, and so on. When recursive processing completes, flow control returns
325 to the action following <code>next</code>.
326 </p>
327
328 <p>
329 The <code>output</code> action also introduces recursion. Its effect
330 depends on the current value of the <code>outport</code> field. Suppose
331 <code>outport</code> designates a logical port. First, OVN compares
332 <code>inport</code> to <code>outport</code>; if they are equal, it treats
333 the <code>output</code> as a no-op. In the common case, where they are
334 different, the packet enters the egress pipeline. This transition to the
78aab811
JP		 335 egress pipeline discards register data, e.g. <code>reg0</code> ...
336 <code>reg4</code> and connection tracking state, to achieve
337 uniform behavior regardless of whether the egress pipeline is on a
338 different hypervisor (because registers aren't preserve across
339 tunnel encapsulation).
5868eb24
BP		 340 </p>
341
342 <p>
343 To execute the egress pipeline, OVN again searches the <ref
344 table="Logical_Flow"/> table for a row with correct <ref
345 column="logical_datapath"/>, a <ref column="table_id"/> of 0, a <ref
346 column="match"/> that is true for the packet, but now looking for a <ref
347 column="pipeline"/> of <code>egress</code>. If no matching row is found,
348 the output becomes a no-op. Otherwise, OVN executes the actions for the
349 matching flow (which is chosen from multiple, if necessary, as already
350 described).
351 </p>
352
353 <p>
354 In the <code>egress</code> pipeline, the <code>next</code> action acts as
355 already described, except that it, of course, searches for
356 <code>egress</code> flows. The <code>output</code> action, however, now
357 directly outputs the packet to the output port (which is now fixed,
358 because <code>outport</code> is read-only within the egress pipeline).
359 </p>
360
361 <p>
362 The description earlier assumed that <code>outport</code> referred to a
363 logical port. If it instead designates a logical multicast group, then
364 the description above still applies, with the addition of fan-out from
365 the logical multicast group to each logical port in the group. For each
366 member of the group, OVN executes the logical pipeline as described, with
367 the logical output port replaced by the group member.
368 </p>
369
8d6e5516
JP		 370 <p><em>Pipeline Stages</em></p>
371
372 <p>
373 <code>ovn-northd</code> is responsible for populating the
374 <ref table="Logical_Flow"/> table, so the stages are an
375 implementation detail and subject to change. This section
376 describes the current logical flow table.
377 </p>
378
379 <p>
380 The ingress pipeline consists of the following stages:
381 </p>
382 <ul>
383 <li>
384 Port Security (Table 0): Validates the source address, drops
385 packets with a VLAN tag, and, if configured, verifies that the
386 logical port is allowed to send with the source address.
387 </li>
388
389 <li>
390 L2 Destination Lookup (Table 1): Forwards known unicast
391 addresses to the appropriate logical port. Unicast packets to
392 unknown hosts are forwarded to logical ports configured with the
393 special <code>unknown</code> mac address. Broadcast, and
394 multicast are flooded to all ports in the logical switch.
395 </li>
396 </ul>
397
398 <p>
399 The egress pipeline consists of the following stages:
400 </p>
401 <ul>
402 <li>
403 ACL (Table 0): Applies any specified access control lists.
404 </li>
405
406 <li>
407 Port Security (Table 1): If configured, verifies that the
408 logical port is allowed to receive packets with the destination
409 address.
410 </li>
411 </ul>
412
747b2a45 413 <column name="logical_datapath">
5868eb24
BP		 414 The logical datapath to which the logical flow belongs.
415 </column>
416
417 <column name="pipeline">
418 <p>
419 The primary flows used for deciding on a packet's destination are the
420 <code>ingress</code> flows. The <code>egress</code> flows implement
421 ACLs. See <em>Logical Life Cycle of a Packet</em>, above, for details.
422 </p>
747b2a45
BP		 423 </column>
424
fe36184b
BP		 425 <column name="table_id">
426 The stage in the logical pipeline, analogous to an OpenFlow table number.
427 </column>
428
429 <column name="priority">
430 The flow's priority. Flows with numerically higher priority take
431 precedence over those with lower. If two logical datapath flows with the
432 same priority both match, then the one actually applied to the packet is
433 undefined.
434 </column>
435
436 <column name="match">
437 <p>
438 A matching expression. OVN provides a superset of OpenFlow matching
439 capabilities, using a syntax similar to Boolean expressions in a
440 programming language.
441 </p>
442
443 <p>
fa6aeaeb
RB		 444 The most important components of match expression are
445 <dfn>comparisons</dfn> between <dfn>symbols</dfn> and
446 <dfn>constants</dfn>, e.g. <code>ip4.dst == 192.168.0.1</code>,
447 <code>ip.proto == 6</code>, <code>arp.op == 1</code>, <code>eth.type ==
448 0x800</code>. The logical AND operator <code>&amp;&amp;</code> and
449 logical OR operator <code>||</code> can combine comparisons into a
450 larger expression.
fe36184b
BP		 451 </p>
452
fe36184b 453 <p>
e0840f11
BP		 454 Matching expressions also support parentheses for grouping, the logical
455 NOT prefix operator <code>!</code>, and literals <code>0</code> and
456 <code>1</code> to express ``false'' or ``true,'' respectively. The
457 latter is useful by itself as a catch-all expression that matches every
458 packet.
fe36184b
BP		 459 </p>
460
e0840f11 461 <p><em>Symbols</em></p>
fe36184b
BP		 462
463 <p>
fa6aeaeb
RB		 464 <em>Type</em>. Symbols have <dfn>integer</dfn> or <dfn>string</dfn>
465 type. Integer symbols have a <dfn>width</dfn> in bits.
fe36184b
BP		 466 </p>
467
468 <p>
fa6aeaeb 469 <em>Kinds</em>. There are three kinds of symbols:
fe36184b
BP		 470 </p>
471
e0840f11 472 <ul>
fa6aeaeb
RB		 473 <li>
474 <p>
475 <dfn>Fields</dfn>. A field symbol represents a packet header or
476 metadata field. For example, a field
477 named <code>vlan.tci</code> might represent the VLAN TCI field in a
478 packet.
479 </p>
480
481 <p>
482 A field symbol can have integer or string type. Integer fields can
483 be nominal or ordinal (see <em>Level of Measurement</em>,
484 below).
485 </p>
486 </li>
487
488 <li>
489 <p>
490 <dfn>Subfields</dfn>. A subfield represents a subset of bits from
491 a larger field. For example, a field <code>vlan.vid</code> might
492 be defined as an alias for <code>vlan.tci[0..11]</code>. Subfields
493 are provided for syntactic convenience, because it is always
494 possible to instead refer to a subset of bits from a field
495 directly.
496 </p>
497
498 <p>
499 Only ordinal fields (see <em>Level of Measurement</em>,
500 below) may have subfields. Subfields are always ordinal.
501 </p>
502 </li>
503
504 <li>
505 <p>
506 <dfn>Predicates</dfn>. A predicate is shorthand for a Boolean
507 expression. Predicates may be used much like 1-bit fields. For
508 example, <code>ip4</code> might expand to <code>eth.type ==
509 0x800</code>. Predicates are provided for syntactic convenience,
510 because it is always possible to instead specify the underlying
511 expression directly.
512 </p>
513
514 <p>
515 A predicate whose expansion refers to any nominal field or
516 predicate (see <em>Level of Measurement</em>, below) is nominal;
517 other predicates have Boolean level of measurement.
518 </p>
519 </li>
e0840f11
BP		 520 </ul>
521
fe36184b 522 <p>
fa6aeaeb
RB		 523 <em>Level of Measurement</em>. See
524 http://en.wikipedia.org/wiki/Level_of_measurement for the statistical
525 concept on which this classification is based. There are three
526 levels:
fe36184b
BP		 527 </p>
528
529 <ul>
fa6aeaeb
RB		 530 <li>
531 <p>
532 <dfn>Ordinal</dfn>. In statistics, ordinal values can be ordered
533 on a scale. OVN considers a field (or subfield) to be ordinal if
534 its bits can be examined individually. This is true for the
535 OpenFlow fields that OpenFlow or Open vSwitch makes ``maskable.''
536 </p>
537
538 <p>
539 Any use of a nominal field may specify a single bit or a range of
540 bits, e.g. <code>vlan.tci[13..15]</code> refers to the PCP field
541 within the VLAN TCI, and <code>eth.dst[40]</code> refers to the
542 multicast bit in the Ethernet destination address.
543 </p>
544
545 <p>
546 OVN supports all the usual arithmetic relations (<code>==</code>,
547 <code>!=</code>, <code>&lt;</code>, <code>&lt;=</code>,
548 <code>&gt;</code>, and <code>&gt;=</code>) on ordinal fields and
549 their subfields, because OVN can implement these in OpenFlow and
550 Open vSwitch as collections of bitwise tests.
551 </p>
552 </li>
553
554 <li>
555 <p>
556 <dfn>Nominal</dfn>. In statistics, nominal values cannot be
557 usefully compared except for equality. This is true of OpenFlow
558 port numbers, Ethernet types, and IP protocols are examples: all of
559 these are just identifiers assigned arbitrarily with no deeper
560 meaning. In OpenFlow and Open vSwitch, bits in these fields
561 generally aren't individually addressable.
562 </p>
563
564 <p>
565 OVN only supports arithmetic tests for equality on nominal fields,
566 because OpenFlow and Open vSwitch provide no way for a flow to
567 efficiently implement other comparisons on them. (A test for
568 inequality can be sort of built out of two flows with different
569 priorities, but OVN matching expressions always generate flows with
570 a single priority.)
571 </p>
572
573 <p>
574 String fields are always nominal.
575 </p>
576 </li>
577
578 <li>
579 <p>
580 <dfn>Boolean</dfn>. A nominal field that has only two values, 0
581 and 1, is somewhat exceptional, since it is easy to support both
582 equality and inequality tests on such a field: either one can be
583 implemented as a test for 0 or 1.
584 </p>
585
586 <p>
587 Only predicates (see above) have a Boolean level of measurement.
588 </p>
589
590 <p>
591 This isn't a standard level of measurement.
592 </p>
593 </li>
fe36184b
BP		 594 </ul>
595
596 <p>
fa6aeaeb
RB		 597 <em>Prerequisites</em>. Any symbol can have prerequisites, which are
598 additional condition implied by the use of the symbol. For example,
599 For example, <code>icmp4.type</code> symbol might have prerequisite
600 <code>icmp4</code>, which would cause an expression <code>icmp4.type ==
601 0</code> to be interpreted as <code>icmp4.type == 0 &amp;&amp;
602 icmp4</code>, which would in turn expand to <code>icmp4.type == 0
603 &amp;&amp; eth.type == 0x800 &amp;&amp; ip4.proto == 1</code> (assuming
604 <code>icmp4</code> is a predicate defined as suggested under
605 <em>Types</em> above).
fe36184b
BP		 606 </p>
607
e0840f11
BP		 608 <p><em>Relational operators</em></p>
609
fe36184b 610 <p>
fa6aeaeb
RB		 611 All of the standard relational operators <code>==</code>,
612 <code>!=</code>, <code>&lt;</code>, <code>&lt;=</code>,
613 <code>&gt;</code>, and <code>&gt;=</code> are supported. Nominal
614 fields support only <code>==</code> and <code>!=</code>, and only in a
615 positive sense when outer <code>!</code> are taken into account,
616 e.g. given string field <code>inport</code>, <code>inport ==
617 "eth0"</code> and <code>!(inport != "eth0")</code> are acceptable, but
618 not <code>inport != "eth0"</code>.
fe36184b
BP		 619 </p>
620
621 <p>
fa6aeaeb
RB		 622 The implementation of <code>==</code> (or <code>!=</code> when it is
623 negated), is more efficient than that of the other relational
624 operators.
fe36184b
BP		 625 </p>
626
e0840f11
BP		 627 <p><em>Constants</em></p>
628
fe36184b 629 <p>
e0840f11
BP		 630 Integer constants may be expressed in decimal, hexadecimal prefixed by
631 <code>0x</code>, or as dotted-quad IPv4 addresses, IPv6 addresses in
632 their standard forms, or Ethernet addresses as colon-separated hex
633 digits. A constant in any of these forms may be followed by a slash
634 and a second constant (the mask) in the same form, to form a masked
635 constant. IPv4 and IPv6 masks may be given as integers, to express
636 CIDR prefixes.
637 </p>
638
639 <p>
640 String constants have the same syntax as quoted strings in JSON (thus,
5868eb24 641 they are Unicode strings).
fe36184b
BP		 642 </p>
643
644 <p>
e0840f11
BP		 645 Some operators support sets of constants written inside curly braces
646 <code>{</code> ... <code>}</code>. Commas between elements of a set,
647 and after the last elements, are optional. With <code>==</code>,
648 ``<code><var>field</var> == { <var>constant1</var>,
649 <var>constant2</var>,</code> ... <code>}</code>'' is syntactic sugar
650 for ``<code><var>field</var> == <var>constant1</var> ||
651 <var>field</var> == <var>constant2</var> || </code>...<code></code>.
652 Similarly, ``<code><var>field</var> != { <var>constant1</var>,
653 <var>constant2</var>, </code>...<code> }</code>'' is equivalent to
654 ``<code><var>field</var> != <var>constant1</var> &amp;&amp;
fe36184b 655 <var>field</var> != <var>constant2</var> &amp;&amp;
e0840f11 656 </code>...<code></code>''.
fe36184b
BP		 657 </p>
658
e0840f11
BP		 659 <p><em>Miscellaneous</em></p>
660
fe36184b 661 <p>
fa6aeaeb
RB		 662 Comparisons may name the symbol or the constant first,
663 e.g. <code>tcp.src == 80</code> and <code>80 == tcp.src</code> are both
664 acceptable.
fe36184b
BP		 665 </p>
666
667 <p>
fa6aeaeb
RB		 668 Tests for a range may be expressed using a syntax like <code>1024 &lt;=
669 tcp.src &lt;= 49151</code>, which is equivalent to <code>1024 &lt;=
670 tcp.src &amp;&amp; tcp.src &lt;= 49151</code>.
fe36184b
BP		 671 </p>
672
673 <p>
fa6aeaeb
RB		 674 For a one-bit field or predicate, a mention of its name is equivalent
675 to <code><var>symobl</var> == 1</code>, e.g. <code>vlan.present</code>
676 is equivalent to <code>vlan.present == 1</code>. The same is true for
677 one-bit subfields, e.g. <code>vlan.tci[12]</code>. There is no
678 technical limitation to implementing the same for ordinal fields of all
679 widths, but the implementation is expensive enough that the syntax
680 parser requires writing an explicit comparison against zero to make
681 mistakes less likely, e.g. in <code>tcp.src != 0</code> the comparison
682 against 0 is required.
fe36184b
BP		 683 </p>
684
685 <p>
fa6aeaeb
RB		 686 <em>Operator precedence</em> is as shown below, from highest to lowest.
687 There are two exceptions where parentheses are required even though the
688 table would suggest that they are not: <code>&amp;&amp;</code> and
689 <code>||</code> require parentheses when used together, and
690 <code>!</code> requires parentheses when applied to a relational
691 expression. Thus, in <code>(eth.type == 0x800 || eth.type == 0x86dd)
692 &amp;&amp; ip.proto == 6</code> or <code>!(arp.op == 1)</code>, the
693 parentheses are mandatory.
fe36184b
BP		 694 </p>
695
e0840f11
BP		 696 <ul>
697 <li><code>()</code></li>
698 <li><code>== != &lt; &lt;= &gt; &gt;=</code></li>
699 <li><code>!</code></li>
700 <li><code>&amp;&amp; ||</code></li>
701 </ul>
702
10b1662b
BP		 703 <p>
704 <em>Comments</em> may be introduced by <code>//</code>, which extends
705 to the next new-line. Comments within a line may be bracketed by
706 <code>/*</code> and <code>*/</code>. Multiline comments are not
707 supported.
708 </p>
709
e0840f11
BP		 710 <p><em>Symbols</em></p>
711
5868eb24
BP		 712 <p>
713 Most of the symbols below have integer type. Only <code>inport</code>
714 and <code>outport</code> have string type. <code>inport</code> names a
715 logical port. Thus, its value is a <ref column="logical_port"/> name
62fdd819
AW		 716 from the <ref table="Port_Binding"/> table. <code>outport</code> may
717 name a logical port, as <code>inport</code>, or a logical multicast
718 group defined in the <ref table="Multicast_Group"/> table. For both
719 symbols, only names within the flow's logical datapath may be used.
5868eb24
BP		 720 </p>
721
e0840f11 722 <ul>
78aab811 723 <li><code>reg0</code>...<code>reg4</code></li>
5868eb24 724 <li><code>inport</code> <code>outport</code></li>
e0840f11
BP		 725 <li><code>eth.src</code> <code>eth.dst</code> <code>eth.type</code></li>
726 <li><code>vlan.tci</code> <code>vlan.vid</code> <code>vlan.pcp</code> <code>vlan.present</code></li>
727 <li><code>ip.proto</code> <code>ip.dscp</code> <code>ip.ecn</code> <code>ip.ttl</code> <code>ip.frag</code></li>
728 <li><code>ip4.src</code> <code>ip4.dst</code></li>
729 <li><code>ip6.src</code> <code>ip6.dst</code> <code>ip6.label</code></li>
730 <li><code>arp.op</code> <code>arp.spa</code> <code>arp.tpa</code> <code>arp.sha</code> <code>arp.tha</code></li>
731 <li><code>tcp.src</code> <code>tcp.dst</code> <code>tcp.flags</code></li>
732 <li><code>udp.src</code> <code>udp.dst</code></li>
733 <li><code>sctp.src</code> <code>sctp.dst</code></li>
734 <li><code>icmp4.type</code> <code>icmp4.code</code></li>
735 <li><code>icmp6.type</code> <code>icmp6.code</code></li>
736 <li><code>nd.target</code> <code>nd.sll</code> <code>nd.tll</code></li>
e3d81ade 737 <li><code>ct_mark</code> <code>ct_label</code></li>
78aab811
JP		 738 <li>
739 <p>
740 <code>ct_state</code>, which has the following Boolean subfields:
741 </p>
742 <ul>
743 <li><code>ct.new</code>: True for a new flow</li>
744 <li><code>ct.est</code>: True for an established flow</li>
745 <li><code>ct.rel</code>: True for a related flow</li>
746 <li><code>ct.rpl</code>: True for a reply flow</li>
747 <li><code>ct.inv</code>: True for a connection entry in a bad state</li>
748 </ul>
749 <p>
750 <code>ct_state</code> and its subfields are initialized by the
751 <code>ct_next</code> action, described below.
752 </p>
753 </li>
e0840f11
BP		 754 </ul>
755
25030d47
RB		 756 <p>
757 The following predicates are supported:
758 </p>
759
760 <ul>
a2011117
BP		 761 <li><code>eth.bcast</code> expands to <code>eth.dst == ff:ff:ff:ff:ff:ff</code></li>
762 <li><code>eth.mcast</code> expands to <code>eth.dst[40]</code></li>
25030d47
RB		 763 <li><code>vlan.present</code> expands to <code>vlan.tci[12]</code></li>
764 <li><code>ip4</code> expands to <code>eth.type == 0x800</code></li>
a2011117 765 <li><code>ip4.mcast</code> expands to <code>ip4.dst[28..31] == 0xe</code></li>
25030d47
RB		 766 <li><code>ip6</code> expands to <code>eth.type == 0x86dd</code></li>
767 <li><code>ip</code> expands to <code>ip4 || ip6</code></li>
768 <li><code>icmp4</code> expands to <code>ip4 &amp;&amp; ip.proto == 1</code></li>
769 <li><code>icmp6</code> expands to <code>ip6 &amp;&amp; ip.proto == 58</code></li>
770 <li><code>icmp</code> expands to <code>icmp4 || icmp6</code></li>
771 <li><code>ip.is_frag</code> expands to <code>ip.frag[0]</code></li>
772 <li><code>ip.later_frag</code> expands to <code>ip.frag[1]</code></li>
773 <li><code>ip.first_frag</code> expands to <code>ip.is_frag &amp;&amp; !ip.later_frag</code></li>
774 <li><code>arp</code> expands to <code>eth.type == 0x806</code></li>
775 <li><code>nd</code> expands to <code>icmp6.type == {135, 136} &amp;&amp; icmp6.code == 0</code></li>
776 <li><code>tcp</code> expands to <code>ip.proto == 6</code></li>
777 <li><code>udp</code> expands to <code>ip.proto == 17</code></li>
778 <li><code>sctp</code> expands to <code>ip.proto == 132</code></li>
779 </ul>
fe36184b
BP		 780 </column>
781
782 <column name="actions">
783 <p>
2cd87fce
RB		 784 Logical datapath actions, to be executed when the logical flow
785 represented by this row is the highest-priority match.
fe36184b
BP		 786 </p>
787
35060cdc 788 <p>
2cd87fce
RB		 789 Actions share lexical syntax with the <ref column="match"/> column. An
790 empty set of actions (or one that contains just white space or
791 comments), or a set of actions that consists of just
792 <code>drop;</code>, causes the matched packets to be dropped.
793 Otherwise, the column should contain a sequence of actions, each
794 terminated by a semicolon.
35060cdc 795 </p>
fe36184b 796
35060cdc 797 <p>
eee7a8ed 798 The following actions are defined:
35060cdc 799 </p>
fe36184b 800
35060cdc
BP		 801 <dl>
802 <dt><code>output;</code></dt>
803 <dd>
5868eb24 804 <p>
eee7a8ed
JP		 805 In the ingress pipeline, this action executes the
806 <code>egress</code> pipeline as a subroutine. If
807 <code>outport</code> names a logical port, the egress pipeline
808 executes once; if it is a multicast group, the egress pipeline runs
809 once for each logical port in the group.
5868eb24
BP		 810 </p>
811
812 <p>
813 In the egress pipeline, this action performs the actual
814 output to the <code>outport</code> logical port. (In the egress
815 pipeline, <code>outport</code> never names a multicast group.)
816 </p>
817
818 <p>
819 Output to the input port is implicitly dropped, that is,
820 <code>output</code> becomes a no-op if <code>outport</code> ==
b4970837
BP		 821 <code>inport</code>. Occasionally it may be useful to override
822 this behavior, e.g. to send an ARP reply to an ARP request; to do
823 so, use <code>inport = "";</code> to set the logical input port to
824 an empty string (which should not be used as the name of any
825 logical port).
5868eb24 826 </p>
eee7a8ed 827 </dd>
fe36184b 828
35060cdc 829 <dt><code>next;</code></dt>
558ec83d 830 <dt><code>next(<var>table</var>);</code></dt>
35060cdc 831 <dd>
558ec83d
BP		 832 Executes another logical datapath table as a subroutine. By default,
833 the table after the current one is executed. Specify
834 <var>table</var> to jump to a specific table in the same pipeline.
2cd87fce 835 </dd>
fe36184b 836
35060cdc
BP		 837 <dt><code><var>field</var> = <var>constant</var>;</code></dt>
838 <dd>
5868eb24 839 <p>
5ee054fb
BP		 840 Sets data or metadata field <var>field</var> to constant value
841 <var>constant</var>, e.g. <code>outport = "vif0";</code> to set the
842 logical output port. To set only a subset of bits in a field,
843 specify a subfield for <var>field</var> or a masked
844 <var>constant</var>, e.g. one may use <code>vlan.pcp[2] = 1;</code>
845 or <code>vlan.pcp = 4/4;</code> to set the most sigificant bit of
846 the VLAN PCP.
5868eb24
BP		 847 </p>
848
849 <p>
850 Assigning to a field with prerequisites implicitly adds those
851 prerequisites to <ref column="match"/>; thus, for example, a flow
852 that sets <code>tcp.dst</code> applies only to TCP flows,
853 regardless of whether its <ref column="match"/> mentions any TCP
854 field.
855 </p>
856
857 <p>
858 Not all fields are modifiable (e.g. <code>eth.type</code> and
859 <code>ip.proto</code> are read-only), and not all modifiable fields
860 may be partially modified (e.g. <code>ip.ttl</code> must assigned
861 as a whole). The <code>outport</code> field is modifiable in the
862 <code>ingress</code> pipeline but not in the <code>egress</code>
863 pipeline.
864 </p>
eee7a8ed 865 </dd>
5ee054fb
BP		 866
867 <dt><code><var>field1</var> = <var>field2</var>;</code></dt>
868 <dd>
869 <p>
870 Sets data or metadata field <var>field1</var> to the value of data
871 or metadata field <var>field2</var>, e.g. <code>reg0 =
872 ip4.src;</code> copies <code>ip4.src</code> into <code>reg0</code>.
873 To modify only a subset of a field's bits, specify a subfield for
874 <var>field1</var> or <var>field2</var> or both, e.g. <code>vlan.pcp
875 = reg0[0..2];</code> copies the least-significant bits of
876 <code>reg0</code> into the VLAN PCP.
877 </p>
878
879 <p>
880 <var>field1</var> and <var>field2</var> must be the same type,
881 either both string or both integer fields. If they are both
882 integer fields, they must have the same width.
883 </p>
884
885 <p>
886 If <var>field1</var> or <var>field2</var> has prerequisites, they
887 are added implicitly to <ref column="match"/>. It is possible to
888 write an assignment with contradictory prerequisites, such as
889 <code>ip4.src = ip6.src[0..31];</code>, but the contradiction means
890 that a logical flow with such an assignment will never be matched.
891 </p>
892 </dd>
a20c96c6
BP		 893
894 <dt><code><var>field1</var> &lt;-&gt; <var>field2</var>;</code></dt>
895 <dd>
896 <p>
897 Similar to <code><var>field1</var> = <var>field2</var>;</code>
898 except that the two values are exchanged instead of copied. Both
899 <var>field1</var> and <var>field2</var> must modifiable.
900 </p>
901 </dd>
78aab811 902
00ea19e4
BP		 903 <dt><code>ip.ttl--;</code></dt>
904 <dd>
905 <p>
906 Decrements the IPv4 or IPv6 TTL. If this would make the TTL zero
907 or negative, then processing of the packet halts; no further
908 actions are processed. (To properly handle such cases, a
4c20b9f2
JP		 909 higher-priority flow should match on
910 <code>ip.ttl == {0, 1};</code>.)
00ea19e4
BP		 911 </p>
912
913 <p><b>Prerequisite:</b> <code>ip</code></p>
914 </dd>
915
78aab811
JP		 916 <dt><code>ct_next;</code></dt>
917 <dd>
918 <p>
919 Apply connection tracking to the flow, initializing
920 <code>ct_state</code> for matching in later tables.
921 Automatically moves on to the next table, as if followed by
922 <code>next</code>.
923 </p>
924
925 <p>
926 As a side effect, IP fragments will be reassembled for matching.
927 If a fragmented packet is output, then it will be sent with any
928 overlapping fragments squashed. The connection tracking state is
929 scoped by the logical port, so overlapping addresses may be used.
930 To allow traffic related to the matched flow, execute
931 <code>ct_commit</code>.
932 </p>
933
934 <p>
935 It is possible to have actions follow <code>ct_next</code>,
936 but they will not have access to any of its side-effects and
937 is not generally useful.
938 </p>
939 </dd>
940
941 <dt><code>ct_commit;</code></dt>
a9e1b66f
RB		 942 <dt><code>ct_commit(ct_mark=<var>value[/mask]</var>);</code></dt>
943 <dt><code>ct_commit(ct_label=<var>value[/mask]</var>);</code></dt>
944 <dt><code>ct_commit(ct_mark=<var>value[/mask]</var>, ct_label=<var>value[/mask]</var>);</code></dt>
78aab811 945 <dd>
c4623bb8 946 <p>
a9e1b66f
RB		 947 Commit the flow to the connection tracking entry associated with it
948 by a previous call to <code>ct_next</code>. When
949 <code>ct_mark=<var>value[/mask]</var></code> and/or
950 <code>ct_label=<var>value[/mask]</var></code> are supplied,
951 <code>ct_mark</code> and/or <code>ct_label</code> will be set to the
952 values indicated by <var>value[/mask]</var> on the connection
953 tracking entry. <code>ct_mark</code> is a 32-bit field.
954 <code>ct_label</code> is technically a 128-bit field, though OVN
955 currently only supports 64-bits and will later be extended to
956 support the full 128-bits.
c4623bb8 957 </p>
a9e1b66f 958
c4623bb8
RB		 959 <p>
960 Note that if you want processing to continue in the next table,
961 you must execute the <code>next</code> action after
a9e1b66f
RB		 962 <code>ct_commit</code>. You may also leave out <code>next</code>
963 which will commit connection tracking state, and then drop the
964 packet. This could be useful for setting <code>ct_mark</code>
965 on a connection tracking entry before dropping a packet,
966 for example.
c4623bb8 967 </p>
78aab811 968 </dd>
fe36184b 969
de297547
GS		 970 <dt><code>ct_dnat;</code></dt>
971 <dt><code>ct_dnat(<var>IP</var>);</code></dt>
972 <dd>
973 <p>
974 <code>ct_dnat</code> sends the packet through the DNAT zone in
975 connection tracking table to unDNAT any packet that was DNATed in
976 the opposite direction. The packet is then automatically sent to
977 to the next tables as if followed by <code>next;</code> action.
978 The next tables will see the changes in the packet caused by
979 the connection tracker.
980 </p>
981 <p>
982 <code>ct_dnat(<var>IP</var>)</code> sends the packet through the
983 DNAT zone to change the destination IP address of the packet to
984 the one provided inside the parenthesis and commits the connection.
985 The packet is then automatically sent to the next tables as if
986 followed by <code>next;</code> action. The next tables will see
987 the changes in the packet caused by the connection tracker.
988 </p>
989 </dd>
990
991 <dt><code>ct_snat;</code></dt>
992 <dt><code>ct_snat(<var>IP</var>);</code></dt>
993 <dd>
994 <p>
995 <code>ct_snat</code> sends the packet through the SNAT zone to
996 unSNAT any packet that was SNATed in the opposite direction. If
997 the packet needs to be sent to the next tables, then it should be
998 followed by a <code>next;</code> action. The next tables will not
999 see the changes in the packet caused by the connection tracker.
1000 </p>
1001 <p>
1002 <code>ct_snat(<var>IP</var>)</code> sends the packet through the
1003 SNAT zone to change the source IP address of the packet to
1004 the one provided inside the parenthesis and commits the connection.
1005 The packet is then automatically sent to the next tables as if
1006 followed by <code>next;</code> action. The next tables will see the
1007 changes in the packet caused by the connection tracker.
1008 </p>
1009 </dd>
1010
69a832cf
BP		 1011 <dt><code>arp { <var>action</var>; </code>...<code> };</code></dt>
1012 <dd>
1013 <p>
1014 Temporarily replaces the IPv4 packet being processed by an ARP
1015 packet and executes each nested <var>action</var> on the ARP
1016 packet. Actions following the <var>arp</var> action, if any, apply
1017 to the original, unmodified packet.
1018 </p>
1019
1020 <p>
1021 The ARP packet that this action operates on is initialized based on
1022 the IPv4 packet being processed, as follows. These are default
1023 values that the nested actions will probably want to change:
1024 </p>
1025
1026 <ul>
1027 <li><code>eth.src</code> unchanged</li>
1028 <li><code>eth.dst</code> unchanged</li>
1029 <li><code>eth.type = 0x0806</code></li>
1030 <li><code>arp.op = 1</code> (ARP request)</li>
1031 <li><code>arp.sha</code> copied from <code>eth.src</code></li>
1032 <li><code>arp.spa</code> copied from <code>ip4.src</code></li>
1033 <li><code>arp.tha = 00:00:00:00:00:00</code></li>
1034 <li><code>arp.tpa</code> copied from <code>ip4.dst</code></li>
1035 </ul>
1036
6335d074
BP		 1037 <p>
1038 The ARP packet has the same VLAN header, if any, as the IP packet
1039 it replaces.
1040 </p>
1041
69a832cf
BP		 1042 <p><b>Prerequisite:</b> <code>ip4</code></p>
1043 </dd>
1044
e75451fe
ZKL		 1045 <dt>
1046 <code>na { <var>action</var>; </code>...<code> };</code>
1047 </dt>
1048
1049 <dd>
1050 <p>
1051 Temporarily replaces the IPv6 packet being processed by an IPv6
1052 neighbor advertisement (NA) packet and executes each nested
1053 <var>action</var> on the NA packet. Actions following the
1054 <var>na</var> action, if any, apply to the original, unmodified
1055 packet.
1056 </p>
1057
1058 <p>
1059 The NA packet that this action operates on is initialized based on
1060 the IPv6 packet being processed, as follows. These are default
1061 values that the nested actions will probably want to change:
1062 </p>
1063
1064 <ul>
1065 <li><code>eth.dst</code> exchanged with <code>eth.src</code></li>
1066 <li><code>eth.type = 0x86dd</code></li>
1067 <li><code>ip6.dst</code> copied from <code>ip6.src</code></li>
1068 <li><code>ip6.src</code> copied from <code>nd.target</code></li>
1069 <li><code>icmp6.type = 136</code> (Neighbor Advertisement)</li>
1070 <li><code>nd.target</code> unchanged</li>
1071 <li><code>nd.sll = 00:00:00:00:00:00</code></li>
1072 <li><code>nd.tll</code> copied from <code>eth.dst</code></li>
1073 </ul>
1074
1075 <p>
1076 The ND packet has the same VLAN header, if any, as the IPv6 packet
1077 it replaces.
1078 </p>
1079
1080 <p>
1081 <b>Prerequisite:</b> <code>nd</code>
1082 </p>
1083 </dd>
1084
0bac7164
BP		 1085 <dt><code>get_arp(<var>P</var>, <var>A</var>);</code></dt>
1086
1087 <dd>
1088 <p>
1089 <b>Parameters</b>: logical port string field <var>P</var>, 32-bit
1090 IP address field <var>A</var>.
1091 </p>
1092
1093 <p>
1094 Looks up <var>A</var> in <var>P</var>'s ARP table. If an entry is
1095 found, stores its Ethernet address in <code>eth.dst</code>,
1096 otherwise stores <code>00:00:00:00:00:00</code> in
1097 <code>eth.dst</code>.
1098 </p>
1099
1100 <p><b>Example:</b> <code>get_arp(outport, ip4.dst);</code></p>
1101 </dd>
1102
1103 <dt>
1104 <code>put_arp(<var>P</var>, <var>A</var>, <var>E</var>);</code>
1105 </dt>
1106
1107 <dd>
1108 <p>
1109 <b>Parameters</b>: logical port string field <var>P</var>, 32-bit
1110 IP address field <var>A</var>, 48-bit Ethernet address field
1111 <var>E</var>.
1112 </p>
1113
1114 <p>
1115 Adds or updates the entry for IP address <var>A</var> in logical
1116 port <var>P</var>'s ARP table, setting its Ethernet address to
1117 <var>E</var>.
1118 </p>
1119
1120 <p><b>Example:</b> <code>put_arp(inport, arp.spa, arp.sha);</code></p>
1121 </dd>
42814145
NS		 1122
1123 <dt>
1124 <code><var>R</var> = put_dhcp_opts(<code>offerip</code> = <var>IP</var>, <var>D1</var> = <var>V1</var>, <var>D2</var> = <var>V2</var>, ..., <var>Dn</var> = <var>Vn</var>);</code>
1125 </dt>
1126
1127 <dd>
1128 <p>
1129 <b>Parameters</b>: one or more DHCP option/value pairs, the first
1130 of which must set a value for the offered IP, <code>offerip</code>.
1131 </p>
1132
1133 <p>
1134 <b>Result</b>: stored to a 1-bit subfield <var>R</var>.
1135 </p>
1136
1137 <p>
1138 Valid only in the ingress pipeline.
1139 </p>
1140
1141 <p>
1142 When this action is applied to a DHCP request packet (DHCPDISCOVER
1143 or DHCPREQUEST), it changes the packet into a DHCP reply (DHCPOFFER
1144 or DHCPACK, respectively), replaces the options by those specified
1145 as parameters, and stores 1 in <var>R</var>.
1146 </p>
1147
1148 <p>
1149 When this action is applied to a non-DHCP packet or a DHCP packet
1150 that is not DHCPDISCOVER or DHCPREQUEST, it leaves the packet
1151 unchanged and stores 0 in <var>R</var>.
1152 </p>
1153
1154 <p>
1155 The contents of the <ref table="DHCP_Option"/> table control the
1156 DHCP option names and values that this action supports.
1157 </p>
1158
1159 <p>
1160 <b>Example:</b>
1161 <code>
1162 reg0[0] = put_dhcp_opts(offerip = 10.0.0.2, router = 10.0.0.1,
1163 netmask = 255.255.255.0, dns_server = {8.8.8.8, 7.7.7.7});
1164 </code>
1165 </p>
1166 </dd>
6335d074
BP		 1167 </dl>
1168
1169 <p>
1170 The following actions will likely be useful later, but they have not
1171 been thought out carefully.
1172 </p>
1173
1174 <dl>
69a832cf
BP		 1175 <dt><code>icmp4 { <var>action</var>; </code>...<code> };</code></dt>
1176 <dd>
1177 <p>
1178 Temporarily replaces the IPv4 packet being processed by an ICMPv4
1179 packet and executes each nested <var>action</var> on the ICMPv4
1180 packet. Actions following the <var>icmp4</var> action, if any,
1181 apply to the original, unmodified packet.
1182 </p>
1183
1184 <p>
1185 The ICMPv4 packet that this action operates on is initialized based
1186 on the IPv4 packet being processed, as follows. These are default
1187 values that the nested actions will probably want to change.
1188 Ethernet and IPv4 fields not listed here are not changed:
1189 </p>
1190
1191 <ul>
1192 <li><code>ip.proto = 1</code> (ICMPv4)</li>
1193 <li><code>ip.frag = 0</code> (not a fragment)</li>
1194 <li><code>icmp4.type = 3</code> (destination unreachable)</li>
1195 <li><code>icmp4.code = 1</code> (host unreachable)</li>
1196 </ul>
1197
1198 <p>
1199 Details TBD.
1200 </p>
fe36184b 1201
69a832cf
BP		 1202 <p><b>Prerequisite:</b> <code>ip4</code></p>
1203 </dd>
1204
1205 <dt><code>tcp_reset;</code></dt>
1206 <dd>
1207 <p>
1208 This action transforms the current TCP packet according to the
1209 following pseudocode:
1210 </p>
1211
1212 <pre>
1213if (tcp.ack) {
1214 tcp.seq = tcp.ack;
1215} else {
1216 tcp.ack = tcp.seq + length(tcp.payload);
1217 tcp.seq = 0;
1218}
1219tcp.flags = RST;
1220</pre>
1221
1222 <p>
1223 Then, the action drops all TCP options and payload data, and
1224 updates the TCP checksum.
1225 </p>
1226
1227 <p>
1228 Details TBD.
1229 </p>
1230
1231 <p><b>Prerequisite:</b> <code>tcp</code></p>
1232 </dd>
fe36184b 1233 </dl>
fe36184b 1234 </column>
091e3af9
JP		 1235
1236 <column name="external_ids" key="stage-name">
1237 Human-readable name for this flow's stage in the pipeline.
1238 </column>
1239
1240 <group title="Common Columns">
1241 The overall purpose of these columns is described under <code>Common
1242 Columns</code> at the beginning of this document.
1243
1244 <column name="external_ids"/>
1245 </group>
fe36184b
BP		 1246 </table>
1247
5868eb24
BP		 1248 <table name="Multicast_Group" title="Logical Port Multicast Groups">
1249 <p>
1250 The rows in this table define multicast groups of logical ports.
1251 Multicast groups allow a single packet transmitted over a tunnel to a
1252 hypervisor to be delivered to multiple VMs on that hypervisor, which
1253 uses bandwidth more efficiently.
1254 </p>
1255
1256 <p>
1257 Each row in this table defines a logical multicast group numbered <ref
1258 column="tunnel_key"/> within <ref column="datapath"/>, whose logical
1259 ports are listed in the <ref column="ports"/> column.
1260 </p>
1261
1262 <column name="datapath">
1263 The logical datapath in which the multicast group resides.
1264 </column>
1265
1266 <column name="tunnel_key">
1267 The value used to designate this logical egress port in tunnel
1268 encapsulations. An index forces the key to be unique within the <ref
1269 column="datapath"/>. The unusual range ensures that multicast group IDs
1270 do not overlap with logical port IDs.
1271 </column>
1272
1273 <column name="name">
1274 <p>
1275 The logical multicast group's name. An index forces the name to be
1276 unique within the <ref column="datapath"/>. Logical flows in the
1277 ingress pipeline may output to the group just as for individual logical
1278 ports, by assigning the group's name to <code>outport</code> and
1279 executing an <code>output</code> action.
1280 </p>
1281
1282 <p>
1283 Multicast group names and logical port names share a single namespace
1284 and thus should not overlap (but the database schema cannot enforce
1285 this). To try to avoid conflicts, <code>ovn-northd</code> uses names
1286 that begin with <code>_MC_</code>.
1287 </p>
1288 </column>
1289
1290 <column name="ports">
1291 The logical ports included in the multicast group. All of these ports
1292 must be in the <ref column="datapath"/> logical datapath (but the
1293 database schema cannot enforce this).
1294 </column>
1295 </table>
1296
1297 <table name="Datapath_Binding" title="Physical-Logical Datapath Bindings">
1298 <p>
1299 Each row in this table identifies physical bindings of a logical
1300 datapath. A logical datapath implements a logical pipeline among the
1301 ports in the <ref table="Port_Binding"/> table associated with it. In
1302 practice, the pipeline in a given logical datapath implements either a
1303 logical switch or a logical router.
1304 </p>
1305
1306 <column name="tunnel_key">
1307 The tunnel key value to which the logical datapath is bound.
1308 The <code>Tunnel Encapsulation</code> section in
1309 <code>ovn-architecture</code>(7) describes how tunnel keys are
1310 constructed for each supported encapsulation.
1311 </column>
1312
9975d7be
BP		 1313 <group title="OVN_Northbound Relationship">
1314 <p>
1315 Each row in <ref table="Datapath_Binding"/> is associated with some
1316 logical datapath. <code>ovn-northd</code> uses these keys to track the
1317 association of a logical datapath with concepts in the <ref
1318 db="OVN_Northbound"/> database.
1319 </p>
1320
1321 <column name="external_ids" key="logical-switch" type='{"type": "uuid"}'>
1322 For a logical datapath that represents a logical switch,
1323 <code>ovn-northd</code> stores in this key the UUID of the
1324 corresponding <ref table="Logical_Switch" db="OVN_Northbound"/> row in
1325 the <ref db="OVN_Northbound"/> database.
1326 </column>
1327
1328 <column name="external_ids" key="logical-router" type='{"type": "uuid"}'>
1329 For a logical datapath that represents a logical router,
1330 <code>ovn-northd</code> stores in this key the UUID of the
1331 corresponding <ref table="Logical_Router" db="OVN_Northbound"/> row in
1332 the <ref db="OVN_Northbound"/> database.
1333 </column>
1334 </group>
5868eb24
BP		 1335
1336 <group title="Common Columns">
1337 The overall purpose of these columns is described under <code>Common
1338 Columns</code> at the beginning of this document.
1339
1340 <column name="external_ids"/>
1341 </group>
1342 </table>
1343
dcda6e0d 1344 <table name="Port_Binding" title="Physical-Logical Port Bindings">
fe36184b 1345 <p>
d387d24d
BP		 1346 Most rows in this table identify the physical location of a logical port.
1347 (The exceptions are logical patch ports, which do not have any physical
1348 location.)
fe36184b
BP		 1349 </p>
1350
1351 <p>
80f408f4
JP		 1352 For every <code>Logical_Switch_Port</code> record in
1353 <code>OVN_Northbound</code> database, <code>ovn-northd</code>
1354 creates a record in this table. <code>ovn-northd</code> populates
1355 and maintains every column except the <code>chassis</code> column,
1356 which it leaves empty in new records.
9fb4636f
GS		 1357 </p>
1358
1359 <p>
88058f19
AW		 1360 <code>ovn-controller</code>/<code>ovn-controller-vtep</code>
1361 populates the <code>chassis</code> column for the records that
1362 identify the logical ports that are located on its hypervisor/gateway,
1363 which <code>ovn-controller</code>/<code>ovn-controller-vtep</code> in
1364 turn finds out by monitoring the local hypervisor's Open_vSwitch
1365 database, which identifies logical ports via the conventions described
c1645003
GS		 1366 in <code>IntegrationGuide.md</code>. (The exceptions are for
1367 <code>Port_Binding</code> records with <code>type</code> of
1368 <code>gateway</code>, whose locations are identified by
1369 <code>ovn-northd</code> via the <code>options:gateway-chassis</code>
1370 column in this table. <code>ovn-controller</code> is still responsible
1371 to populate the <code>chassis</code> column.)
9fb4636f
GS		 1372 </p>
1373
1374 <p>
5868eb24 1375 When a chassis shuts down gracefully, it should clean up the
9fb4636f 1376 <code>chassis</code> column that it previously had populated.
fe36184b
BP		 1377 (This is not critical because resources hosted on the chassis are equally
1378 unreachable regardless of whether their rows are present.) To handle the
1379 case where a VM is shut down abruptly on one chassis, then brought up
88058f19
AW		 1380 again on a different one,
1381 <code>ovn-controller</code>/<code>ovn-controller-vtep</code> must
1382 overwrite the <code>chassis</code> column with new information.
fe36184b
BP		 1383 </p>
1384
c96ba502
BP		 1385 <group title="Core Features">
1386 <column name="datapath">
1387 The logical datapath to which the logical port belongs.
1388 </column>
1a76c93e 1389
c96ba502 1390 <column name="logical_port">
80f408f4
JP		 1391 A logical port, taken from <ref table="Logical_Switch_Port"
1392 column="name" db="OVN_Northbound"/> in the OVN_Northbound
1393 database's <ref table="Logical_Switch_Port" db="OVN_Northbound"/>
1394 table. OVN does not prescribe a particular format for the
1395 logical port ID.
c96ba502 1396 </column>
c0281929 1397
c96ba502 1398 <column name="chassis">
184bc3ca
RB		 1399 The meaning of this column depends on the value of the <ref column="type"/>
1400 column. This is the meaning for each <ref column="type"/>
1401
1402 <dl>
1403 <dt>(empty string)</dt>
1404 <dd>
1405 The physical location of the logical port. To successfully identify a
1406 chassis, this column must be a <ref table="Chassis"/> record. This is
1407 populated by <code>ovn-controller</code>.
1408 </dd>
1409
1410 <dt>vtep</dt>
1411 <dd>
1412 The physical location of the hardware_vtep gateway. To successfully
1413 identify a chassis, this column must be a <ref table="Chassis"/> record.
1414 This is populated by <code>ovn-controller-vtep</code>.
1415 </dd>
1416
1417 <dt>localnet</dt>
1418 <dd>
1419 Always empty. A localnet port is realized on every chassis that has
1420 connectivity to the corresponding physical network.
1421 </dd>
1422
1423 <dt>gateway</dt>
1424 <dd>
1425 The physical location of the L3 gateway. To successfully identify a
1426 chassis, this column must be a <ref table="Chassis"/> record. This is
1427 populated by <code>ovn-controller</code> based on the value of
1428 the <code>options:gateway-chassis</code> column in this table.
1429 </dd>
1430
1431 <dt>l2gateway</dt>
1432 <dd>
1433 The physical location of this L2 gateway. To successfully identify a
1434 chassis, this column must be a <ref table="Chassis"/> record.
1435 This is populated by an entity external to OVN, either manually or by
1436 a CMS.
1437 </dd>
1438 </dl>
1439
c96ba502 1440 </column>
c0281929 1441
c96ba502
BP		 1442 <column name="tunnel_key">
1443 <p>
1444 A number that represents the logical port in the key (e.g. STT key or
1445 Geneve TLV) field carried within tunnel protocol packets.
1446 </p>
c0281929 1447
c96ba502
BP		 1448 <p>
1449 The tunnel ID must be unique within the scope of a logical datapath.
1450 </p>
1451 </column>
88058f19 1452
c96ba502
BP		 1453 <column name="mac">
1454 <p>
1455 The Ethernet address or addresses used as a source address on the
1456 logical port, each in the form
1457 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
1458 The string <code>unknown</code> is also allowed to indicate that the
1459 logical port has an unknown set of (additional) source addresses.
1460 </p>
1461
1462 <p>
1463 A VM interface would ordinarily have a single Ethernet address. A
1464 gateway port might initially only have <code>unknown</code>, and then
1465 add MAC addresses to the set as it learns new source addresses.
1466 </p>
1467 </column>
88058f19 1468
c96ba502
BP		 1469 <column name="type">
1470 <p>
1471 A type for this logical port. Logical ports can be used to model other
1472 types of connectivity into an OVN logical switch. The following types
1473 are defined:
1474 </p>
1475
1476 <dl>
1477 <dt>(empty string)</dt>
1478 <dd>VM (or VIF) interface.</dd>
d387d24d
BP		 1479
1480 <dt><code>patch</code></dt>
1481 <dd>
1482 One of a pair of logical ports that act as if connected by a patch
1483 cable. Useful for connecting two logical datapaths, e.g. to connect
1484 a logical router to a logical switch or to another logical router.
1485 </dd>
1486
c1645003
GS		 1487 <dt><code>gateway</code></dt>
1488 <dd>
1489 One of a pair of logical ports that act as if connected by a patch
1490 cable across multiple chassis. Useful for connecting a logical
1491 switch with a Gateway router (which is only resident on a
1492 particular chassis).
1493 </dd>
1494
c96ba502
BP		 1495 <dt><code>localnet</code></dt>
1496 <dd>
1497 A connection to a locally accessible network from each
1498 <code>ovn-controller</code> instance. A logical switch can only
6e6c3f91
HZ		 1499 have a single <code>localnet</code> port attached. This is used
1500 to model direct connectivity to an existing network.
c96ba502
BP		 1501 </dd>
1502
184bc3ca
RB		 1503 <dt><code>l2gateway</code></dt>
1504 <dd>
1505 An L2 connection to a physical network. The chassis this
1506 <ref table="Port_Binding"/> is bound to will serve as
1507 an L2 gateway to the network named by
1508 <ref column="options" table="Port_Binding"/>:<code>network_name</code>.
1509 </dd>
1510
c96ba502
BP		 1511 <dt><code>vtep</code></dt>
1512 <dd>
1513 A port to a logical switch on a VTEP gateway chassis. In order to
1514 get this port correctly recognized by the OVN controller, the <ref
1515 column="options"
1516 table="Port_Binding"/>:<code>vtep-physical-switch</code> and <ref
1517 column="options"
1518 table="Port_Binding"/>:<code>vtep-logical-switch</code> must also
1519 be defined.
1520 </dd>
1521 </dl>
1522 </column>
1523 </group>
1a76c93e 1524
d387d24d
BP		 1525 <group title="Patch Options">
1526 <p>
1527 These options apply to logical ports with <ref column="type"/> of
1528 <code>patch</code>.
1529 </p>
1530
1531 <column name="options" key="peer">
1532 The <ref column="logical_port"/> in the <ref table="Port_Binding"/>
1533 record for the other side of the patch. The named <ref
1534 column="logical_port"/> must specify this <ref column="logical_port"/>
1535 in its own <code>peer</code> option. That is, the two patch logical
1536 ports must have reversed <ref column="logical_port"/> and
1537 <code>peer</code> values.
1538 </column>
1539 </group>
1540
184bc3ca 1541 <group title="L3 Gateway Options">
c1645003
GS		 1542 <p>
1543 These options apply to logical ports with <ref column="type"/> of
1544 <code>gateway</code>.
1545 </p>
1546
1547 <column name="options" key="peer">
1548 The <ref column="logical_port"/> in the <ref table="Port_Binding"/>
1549 record for the other side of the 'gateway' port. The named <ref
1550 column="logical_port"/> must specify this <ref column="logical_port"/>
1551 in its own <code>peer</code> option. That is, the two 'gateway'
1552 logical ports must have reversed <ref column="logical_port"/> and
1553 <code>peer</code> values.
1554 </column>
1555
1556 <column name="options" key="gateway-chassis">
1557 The <code>chassis</code> in which the port resides.
1558 </column>
1559 </group>
1560
c96ba502 1561 <group title="Localnet Options">
eb00399e 1562 <p>
c96ba502
BP		 1563 These options apply to logical ports with <ref column="type"/> of
1564 <code>localnet</code>.
eb00399e
BP		 1565 </p>
1566
c96ba502
BP		 1567 <column name="options" key="network_name">
1568 Required. <code>ovn-controller</code> uses the configuration entry
1569 <code>ovn-bridge-mappings</code> to determine how to connect to this
1570 network. <code>ovn-bridge-mappings</code> is a list of network names
1571 mapped to a local OVS bridge that provides access to that network. An
1572 example of configuring <code>ovn-bridge-mappings</code> would be:
1573
1574 <pre>$ ovs-vsctl set open . external-ids:ovn-bridge-mappings=physnet1:br-eth0,physnet2:br-eth1</pre>
1575
1576 <p>
1577 When a logical switch has a <code>localnet</code> port attached,
1578 every chassis that may have a local vif attached to that logical
1579 switch must have a bridge mapping configured to reach that
1580 <code>localnet</code>. Traffic that arrives on a
1581 <code>localnet</code> port is never forwarded over a tunnel to
1582 another chassis.
1583 </p>
1584 </column>
1585
1586 <column name="tag">
1587 If set, indicates that the port represents a connection to a specific
1588 VLAN on a locally accessible network. The VLAN ID is used to match
1589 incoming traffic and is also added to outgoing traffic.
1590 </column>
1591 </group>
1592
184bc3ca
RB		 1593 <group title="L2 Gateway Options">
1594 <p>
1595 These options apply to logical ports with <ref column="type"/> of
1596 <code>l2gateway</code>.
1597 </p>
1598
1599 <column name="options" key="network_name">
1600 Required. <code>ovn-controller</code> uses the configuration entry
1601 <code>ovn-bridge-mappings</code> to determine how to connect to this
1602 network. <code>ovn-bridge-mappings</code> is a list of network names
1603 mapped to a local OVS bridge that provides access to that network. An
1604 example of configuring <code>ovn-bridge-mappings</code> would be:
1605
1606 <pre>$ ovs-vsctl set open . external-ids:ovn-bridge-mappings=physnet1:br-eth0,physnet2:br-eth1</pre>
1607
1608 <p>
1609 When a logical switch has a <code>l2gateway</code> port attached,
1610 the chassis that the <code>l2gateway</code> port is bound to
1611 must have a bridge mapping configured to reach the network
1612 identified by <code>network_name</code>.
1613 </p>
1614 </column>
1615
1616 <column name="tag">
1617 If set, indicates that the gateway is connected to a specific
1618 VLAN on the physical network. The VLAN ID is used to match
1619 incoming traffic and is also added to outgoing traffic.
1620 </column>
1621 </group>
1622
c96ba502 1623 <group title="VTEP Options">
eb00399e 1624 <p>
c96ba502
BP		 1625 These options apply to logical ports with <ref column="type"/> of
1626 <code>vtep</code>.
eb00399e 1627 </p>
9fb4636f 1628
c96ba502
BP		 1629 <column name="options" key="vtep-physical-switch">
1630 Required. The name of the VTEP gateway.
1631 </column>
fe36184b 1632
c96ba502
BP		 1633 <column name="options" key="vtep-logical-switch">
1634 Required. A logical switch name connected by the VTEP gateway. Must
1635 be set when <ref column="type"/> is <code>vtep</code>.
1636 </column>
1637 </group>
fe36184b 1638
aef5f431
BP		 1639 <group title="VMI (or VIF) Options">
1640 <p>
1641 These options apply to logical ports with <ref column="type"/> having
1642 (empty string)
1643 </p>
1644
1645 <column name="options" key="policing_rate">
1646 If set, indicates the maximum rate for data sent from this interface,
1647 in kbps. Data exceeding this rate is dropped.
1648 </column>
1649
1650 <column name="options" key="policing_burst">
1651 If set, indicates the maximum burst size for data sent from this
1652 interface, in kb.
1653 </column>
1654 </group>
1655
c96ba502 1656 <group title="Nested Containers">
fe36184b 1657 <p>
c96ba502
BP		 1658 These columns support containers nested within a VM. Specifically,
1659 they are used when <ref column="type"/> is empty and <ref
1660 column="logical_port"/> identifies the interface of a container spawned
1661 inside a VM. They are empty for containers or VMs that run directly on
1662 a hypervisor.
fe36184b
BP		 1663 </p>
1664
c96ba502
BP		 1665 <column name="parent_port">
1666 This is taken from
80f408f4
JP		 1667 <ref table="Logical_Switch_Port" column="parent_name"
1668 db="OVN_Northbound"/> in the OVN_Northbound database's
1669 <ref table="Logical_Switch_Port" db="OVN_Northbound"/> table.
c96ba502
BP		 1670 </column>
1671
1672 <column name="tag">
1673 <p>
1674 Identifies the VLAN tag in the network traffic associated with that
1675 container's network interface.
1676 </p>
1677
1678 <p>
1679 This column is used for a different purpose when <ref column="type"/>
184bc3ca
RB		 1680 is <code>localnet</code> (see <code>Localnet Options</code>, above)
1681 or <code>l2gateway</code> (see <code>L2 Gateway Options</code>, above).
c96ba502
BP		 1682 </p>
1683 </column>
1684 </group>
fe36184b 1685 </table>
0bac7164
BP		 1686
1687 <table name="MAC_Binding" title="IP to MAC bindings">
1688 <p>
1689 Each row in this table specifies a binding from an IP address to an
1690 Ethernet address that has been discovered through ARP (for IPv4) or
1691 neighbor discovery (for IPv6). This table is primarily used to discover
1692 bindings on physical networks, because IP-to-MAC bindings for virtual
1693 machines are usually populated statically into the <ref
1694 table="Port_Binding"/> table.
1695 </p>
1696
1697 <p>
1698 This table expresses a functional relationship: <ref
1699 table="MAC_Binding"/>(<ref column="logical_port"/>, <ref column="ip"/>) =
1700 <ref column="mac"/>.
1701 </p>
1702
1703 <p>
1704 In outline, the lifetime of a logical router's MAC binding looks like
1705 this:
1706 </p>
1707
1708 <ol>
1709 <li>
1710 On hypervisor 1, a logical router determines that a packet should be
1711 forwarded to IP address <var>A</var> on one of its router ports. It
1712 uses its logical flow table to determine that <var>A</var> lacks a
1713 static IP-to-MAC binding and the <code>get_arp</code> action to
1714 determine that it lacks a dynamic IP-to-MAC binding.
1715 </li>
1716
1717 <li>
1718 Using an OVN logical <code>arp</code> action, the logical router
1719 generates and sends a broadcast ARP request to the router port. It
1720 drops the IP packet.
1721 </li>
1722
1723 <li>
1724 The logical switch attached to the router port delivers the ARP request
1725 to all of its ports. (It might make sense to deliver it only to ports
1726 that have no static IP-to-MAC bindings, but this could also be
1727 surprising behavior.)
1728 </li>
1729
1730 <li>
1731 A host or VM on hypervisor 2 (which might be the same as hypervisor 1)
1732 attached to the logical switch owns the IP address in question. It
1733 composes an ARP reply and unicasts it to the logical router port's
1734 Ethernet address.
1735 </li>
1736
1737 <li>
1738 The logical switch delivers the ARP reply to the logical router port.
1739 </li>
1740
1741 <li>
1742 The logical router flow table executes a <code>put_arp</code> action.
1743 To record the IP-to-MAC binding, <code>ovn-controller</code> adds a row
1744 to the <ref table="MAC_Binding"/> table.
1745 </li>
1746
1747 <li>
1748 On hypervisor 1, <code>ovn-controller</code> receives the updated <ref
1749 table="MAC_Binding"/> table from the OVN southbound database. The next
1750 packet destined to <var>A</var> through the logical router is sent
1751 directly to the bound Ethernet address.
1752 </li>
1753 </ol>
1754
1755 <column name="logical_port">
1756 The logical port on which the binding was discovered.
1757 </column>
1758
1759 <column name="ip">
1760 The bound IP address.
1761 </column>
1762
1763 <column name="mac">
1764 The Ethernet address to which the IP is bound.
1765 </column>
1766 </table>
42814145
NS		 1767
1768 <table name="DHCP_Options" title="DHCP Options supported by native OVN DHCP">
1769 <p>
1770 Each row in this table stores the DHCP Options supported by native OVN
1771 DHCP. <code>ovn-northd</code> populates this table with the supported
1772 DHCP options. <code>ovn-controller</code> looks up this table to get the
1773 DHCP codes of the DHCP options defined in the "put_dhcp_opts" action.
1774 Please refer to the RFC 2132 <code>"https://tools.ietf.org/html/rfc2132"</code>
1775 for the possible list of DHCP options that can be defined here.
1776 </p>
1777
1778 <column name="name">
1779 <p>
1780 Name of the DHCP option.
1781 </p>
1782
1783 <p>
1784 Example. name="router"
1785 </p>
1786 </column>
1787
1788 <column name="code">
1789 <p>
1790 DHCP option code for the DHCP option as defined in the RFC 2132.
1791 </p>
1792
1793 <p>
1794 Example. code=3
1795 </p>
1796 </column>
1797
1798 <column name="type">
1799 <p>
1800 Data type of the DHCP option code.
1801 </p>
1802
1803 <dl>
1804 <dt><code>value: bool</code></dt>
1805 <dd>
1806 <p>
1807 This indicates that the value of the DHCP option is a bool.
1808 </p>
1809
1810 <p>
1811 Example. "name=ip_forward_enable", "code=19", "type=bool".
1812 </p>
1813
1814 <p>
1815 put_dhcp_opts(..., ip_forward_enable = 1,...)
1816 </p>
1817 </dd>
1818
1819 <dt><code>value: uint8</code></dt>
1820 <dd>
1821 <p>
1822 This indicates that the value of the DHCP option is an unsigned
1823 int8 (8 bits)
1824 </p>
1825
1826 <p>
1827 Example. "name=default_ttl", "code=23", "type=uint8".
1828 </p>
1829
1830 <p>
1831 put_dhcp_opts(..., default_ttl = 50,...)
1832 </p>
1833 </dd>
1834
1835 <dt><code>value: uint16</code></dt>
1836 <dd>
1837 <p>
1838 This indicates that the value of the DHCP option is an unsigned
1839 int16 (16 bits).
1840 </p>
1841
1842 <p>
1843 Example. "name=mtu", "code=26", "type=uint16".
1844 </p>
1845
1846 <p>
1847 put_dhcp_opts(..., mtu = 1450,...)
1848 </p>
1849 </dd>
1850
1851 <dt><code>value: uint32</code></dt>
1852 <dd>
1853 <p>
1854 This indicates that the value of the DHCP option is an unsigned
1855 int32 (32 bits).
1856 </p>
1857
1858 <p>
1859 Example. "name=lease_time", "code=51", "type=uint32".
1860 </p>
1861
1862 <p>
1863 put_dhcp_opts(..., lease_time = 86400,...)
1864 </p>
1865 </dd>
1866
1867 <dt><code>value: ipv4</code></dt>
1868 <dd>
1869 <p>
1870 This indicates that the value of the DHCP option is an IPv4
1871 address or addresses.
1872 </p>
1873
1874 <p>
1875 Example. "name=router", "code=3", "type=ipv4".
1876 </p>
1877
1878 <p>
1879 put_dhcp_opts(..., router = 10.0.0.1,...)
1880 </p>
1881
1882 <p>
1883 Example. "name=dns_server", "code=6", "type=ipv4".
1884 </p>
1885
1886 <p>
1887 put_dhcp_opts(..., dns_server = {8.8.8.8 7.7.7.7},...)
1888 </p>
1889 </dd>
1890
1891 <dt><code>value: static_routes</code></dt>
1892 <dd>
1893 <p>
1894 This indicates that the value of the DHCP option contains a pair of
1895 IPv4 route and next hop addresses.
1896 </p>
1897
1898 <p>
1899 Example. "name=classless_static_route", "code=121", "type=static_routes".
1900 </p>
1901
1902 <p>
1903 put_dhcp_opts(..., classless_static_route = {30.0.0.0/24,10.0.0.4,0.0.0.0/0,10.0.0.1}...)
1904 </p>
1905 </dd>
1906
1907 <dt><code>value: str</code></dt>
1908 <dd>
1909 <p>
1910 This indicates that the value of the DHCP option is a string.
1911 </p>
1912
1913 <p>
1914 Example. "name=host_name", "code=12", "type=str".
1915 </p>
1916 </dd>
1917 </dl>
1918 </column>
1919 </table>
fe36184b 1920</database>
openvswitch packages for PVE