]>
Commit | Line | Data |
---|---|---|
3b135da3 | 1 | .\" -*- nroff -*- |
9bccc3ff | 2 | .so lib/ovs.tmac |
d2cb6c95 | 3 | .TH ovs\-vsctl 8 "@VERSION@" "Open vSwitch" "Open vSwitch Manual" |
812560d7 | 4 | .\" This program's name: |
3b135da3 BP |
5 | .ds PN ovs\-vsctl |
6 | . | |
7 | .SH NAME | |
8 | ovs\-vsctl \- utility for querying and configuring \fBovs\-vswitchd\fR | |
9 | . | |
10 | .SH SYNOPSIS | |
204bad29 BP |
11 | \fBovs\-vsctl\fR [\fIoptions\fR] \fB\-\-\fR [\fIoptions\fR] \fIcommand |
12 | \fR[\fIargs\fR] [\fB\-\-\fR [\fIoptions\fR] \fIcommand \fR[\fIargs\fR]]... | |
3b135da3 BP |
13 | . |
14 | .SH DESCRIPTION | |
dfbe07ba | 15 | The \fBovs\-vsctl\fR program configures \fBovs\-vswitchd\fR(8) by |
5aa75474 BP |
16 | providing a high\-level interface to its configuration database. |
17 | See \fBovs\-vswitchd.conf.db\fR(5) for comprehensive documentation of | |
18 | the database schema. | |
19 | .PP | |
20 | \fBovs\-vsctl\fR connects to an \fBovsdb\-server\fR process that | |
21 | maintains an Open vSwitch configuration database. Using this | |
22 | connection, it queries and possibly applies changes to the database, | |
23 | depending on the supplied commands. Then, if it applied any changes, | |
24 | by default it waits until \fBovs\-vswitchd\fR has finished | |
25 | reconfiguring itself before it exits. (If you use \fBovs\-vsctl\fR | |
26 | when \fBovs\-vswitchd\fR is not running, use \fB\-\-no\-wait\fR.) | |
460aad80 BP |
27 | .PP |
28 | \fBovs\-vsctl\fR can perform any number of commands in a single run, | |
29 | implemented as a single atomic transaction against the database. | |
204bad29 BP |
30 | .PP |
31 | The \fBovs\-vsctl\fR command line begins with global options (see | |
32 | \fBOPTIONS\fR below for details). The global options are followed by | |
33 | one or more commands. Each command should begin with \fB\-\-\fR by | |
401d5a6d BP |
34 | itself as a command-line argument, to separate it from the following |
35 | commands. (The \fB\-\-\fR before the first command is optional.) The | |
36 | command | |
204bad29 BP |
37 | itself starts with command-specific options, if any, followed by the |
38 | command name and any arguments. See \fBEXAMPLES\fR below for syntax | |
39 | examples. | |
3b135da3 BP |
40 | . |
41 | .SS "Linux VLAN Bridging Compatibility" | |
42 | The \fBovs\-vsctl\fR program supports the model of a bridge | |
43 | implemented by Open vSwitch, in which a single bridge supports ports | |
44 | on multiple VLANs. In this model, each port on a bridge is either a | |
45 | trunk port that potentially passes packets tagged with 802.1Q headers | |
46 | that designate VLANs or it is assigned a single implicit VLAN that is | |
47 | never tagged with an 802.1Q header. | |
48 | .PP | |
49 | For compatibility with software designed for the Linux bridge, | |
50 | \fBovs\-vsctl\fR also supports a model in which traffic associated | |
51 | with a given 802.1Q VLAN is segregated into a separate bridge. A | |
52 | special form of the \fBadd\-br\fR command (see below) creates a ``fake | |
53 | bridge'' within an Open vSwitch bridge to simulate this behavior. | |
54 | When such a ``fake bridge'' is active, \fBovs\-vsctl\fR will treat it | |
55 | much like a bridge separate from its ``parent bridge,'' but the actual | |
56 | implementation in Open vSwitch uses only a single bridge, with ports on | |
57 | the fake bridge assigned the implicit VLAN of the fake bridge of which | |
5341d046 BP |
58 | they are members. (A fake bridge for VLAN 0 receives packets that |
59 | have no 802.1Q tag or a tag with VLAN 0.) | |
3b135da3 BP |
60 | . |
61 | .SH OPTIONS | |
62 | . | |
460aad80 BP |
63 | The following options affect the behavior \fBovs\-vsctl\fR as a whole. |
64 | Some individual commands also accept their own options, which are | |
65 | given just before the command name. If the first command on the | |
66 | command line has options, then those options must be separated from | |
67 | the global options by \fB\-\-\fR. | |
3b135da3 | 68 | . |
dfbe07ba BP |
69 | .IP "\fB\-\-db=\fIserver\fR" |
70 | Sets \fIserver\fR as the database server that \fBovs\-vsctl\fR | |
12b84d50 BP |
71 | contacts to query or modify configuration. \fIserver\fR may be an |
72 | OVSDB active or passive connection method, as described in | |
73 | \fBovsdb\fR(7). The default is \fBunix:@RUNDIR@/db.sock\fR. | |
dfbe07ba BP |
74 | .IP "\fB\-\-no\-wait\fR" |
75 | Prevents \fBovs\-vsctl\fR from waiting for \fBovs\-vswitchd\fR to | |
898dcef1 | 76 | reconfigure itself according to the modified database. This |
dfbe07ba | 77 | option should be used if \fBovs\-vswitchd\fR is not running; |
4e312e69 | 78 | otherwise, \fBovs\-vsctl\fR will not exit until \fBovs\-vswitchd\fR |
dfbe07ba | 79 | starts. |
3b135da3 | 80 | .IP |
dfbe07ba BP |
81 | This option has no effect if the commands specified do not change the |
82 | database. | |
3b135da3 | 83 | . |
37c84020 BP |
84 | .IP "\fB\-\-no\-syslog\fR" |
85 | By default, \fBovs\-vsctl\fR logs its arguments and the details of any | |
86 | changes that it makes to the system log. This option disables this | |
87 | logging. | |
dfbe07ba | 88 | .IP |
ae9a3235 | 89 | This option is equivalent to \fB\-\-verbose=vsctl:syslog:warn\fR. |
dfbe07ba | 90 | . |
2792c2ad | 91 | .IP "\fB\-\-oneline\fR" |
4d14e30f | 92 | Modifies the output format so that the output for each command is printed |
2792c2ad | 93 | on a single line. New-line characters that would otherwise separate |
4d14e30f | 94 | lines are printed as \fB\\n\fR, and any instances of \fB\\\fR that |
2792c2ad | 95 | would otherwise appear in the output are doubled. |
4d14e30f | 96 | Prints a blank line for each command that has no output. |
e051b42c BP |
97 | This option does not affect the formatting of output from the |
98 | \fBlist\fR or \fBfind\fR commands; see \fBTable Formatting Options\fR | |
99 | below. | |
37c84020 | 100 | . |
577aebdf BP |
101 | .IP "\fB\-\-dry\-run\fR" |
102 | Prevents \fBovs\-vsctl\fR from actually modifying the database. | |
103 | . | |
4e312e69 BP |
104 | .IP "\fB\-t \fIsecs\fR" |
105 | .IQ "\fB\-\-timeout=\fIsecs\fR" | |
6b7b9d34 BP |
106 | By default, or with a \fIsecs\fR of \fB0\fR, \fBovs\-vsctl\fR waits |
107 | forever for a response from the database. This option limits runtime | |
108 | to approximately \fIsecs\fR seconds. If the timeout expires, | |
109 | \fBovs\-vsctl\fR will exit with a \fBSIGALRM\fR signal. (A timeout | |
110 | would normally happen only if the database cannot be contacted, or if | |
111 | the system is overloaded.) | |
342045e1 | 112 | . |
fba6bd1d BP |
113 | .IP "\fB\-\-retry\fR" |
114 | Without this option, if \fBovs\-vsctl\fR connects outward to the | |
115 | database server (the default) then \fBovs\-vsctl\fR will try to | |
116 | connect once and exit with an error if the connection fails (which | |
117 | usually means that \fBovsdb\-server\fR is not running). | |
118 | .IP | |
119 | With this option, or if \fB\-\-db\fR specifies that \fBovs\-vsctl\fR | |
120 | should listen for an incoming connection from the database server, | |
121 | then \fBovs\-vsctl\fR will wait for a connection to the database | |
122 | forever. | |
123 | .IP | |
124 | Regardless of this setting, \fB\-\-timeout\fR always limits how long | |
125 | \fBovs\-vsctl\fR will wait. | |
126 | . | |
e051b42c BP |
127 | .SS "Table Formatting Options" |
128 | These options control the format of output from the \fBlist\fR and | |
129 | \fBfind\fR commands. | |
130 | .so lib/table.man | |
131 | . | |
ac300505 | 132 | .SS "Public Key Infrastructure Options" |
84ee7bcf | 133 | .so lib/ssl.man |
812560d7 BP |
134 | .so lib/ssl-bootstrap.man |
135 | .so lib/ssl-peer-ca-cert.man | |
dfbe07ba | 136 | .so lib/vlog.man |
77d9e0eb | 137 | .so lib/common.man |
dfbe07ba | 138 | . |
3b135da3 BP |
139 | .SH COMMANDS |
140 | The commands implemented by \fBovs\-vsctl\fR are described in the | |
141 | sections below. | |
524555d1 BP |
142 | .SS "Open vSwitch Commands" |
143 | These commands work with an Open vSwitch as a whole. | |
144 | . | |
145 | .IP "\fBinit\fR" | |
146 | Initializes the Open vSwitch database, if it is empty. If the | |
147 | database has already been initialized, this command has no effect. | |
148 | .IP | |
149 | Any successful \fBovs\-vsctl\fR command automatically initializes the | |
150 | Open vSwitch database if it is empty. This command is provided to | |
151 | initialize the database without executing any other command. | |
3b135da3 | 152 | . |
9b1735a7 BP |
153 | .IP "\fBshow\fR" |
154 | Prints a brief overview of the database contents. | |
155 | . | |
18ee958b | 156 | .IP "\fBemer\-reset\fR" |
26b31540 BP |
157 | Reset the configuration into a clean state. It deconfigures OpenFlow |
158 | controllers, OVSDB servers, and SSL, and deletes port mirroring, | |
29089a54 RL |
159 | \fBfail_mode\fR, NetFlow, sFlow, and IPFIX configuration. This |
160 | command also removes all \fBother\-config\fR keys from all database | |
161 | records, except that \fBother\-config:hwaddr\fR is preserved if it is | |
162 | present in a Bridge record. Other networking configuration is left | |
163 | as-is. | |
18ee958b | 164 | . |
3b135da3 BP |
165 | .SS "Bridge Commands" |
166 | These commands examine and manipulate Open vSwitch bridges. | |
167 | . | |
aeee85aa | 168 | .IP "[\fB\-\-may\-exist\fR] \fBadd\-br \fIbridge\fR" |
3b135da3 BP |
169 | Creates a new bridge named \fIbridge\fR. Initially the bridge will |
170 | have no ports (other than \fIbridge\fR itself). | |
aeee85aa BP |
171 | .IP |
172 | Without \fB\-\-may\-exist\fR, attempting to create a bridge that | |
cefb3cc6 BP |
173 | exists is an error. With \fB\-\-may\-exist\fR, this command does |
174 | nothing if \fIbridge\fR already exists as a real bridge. | |
3b135da3 | 175 | . |
aeee85aa | 176 | .IP "[\fB\-\-may\-exist\fR] \fBadd\-br \fIbridge parent vlan\fR" |
3b135da3 BP |
177 | Creates a ``fake bridge'' named \fIbridge\fR within the existing Open |
178 | vSwitch bridge \fIparent\fR, which must already exist and must not | |
179 | itself be a fake bridge. The new fake bridge will be on 802.1Q VLAN | |
5dd9826c BP |
180 | \fIvlan\fR, which must be an integer between 0 and 4095. The parent |
181 | bridge must not already have a fake bridge for \fIvlan\fR. Initially | |
3b135da3 | 182 | \fIbridge\fR will have no ports (other than \fIbridge\fR itself). |
aeee85aa BP |
183 | .IP |
184 | Without \fB\-\-may\-exist\fR, attempting to create a bridge that | |
cefb3cc6 BP |
185 | exists is an error. With \fB\-\-may\-exist\fR, this command does |
186 | nothing if \fIbridge\fR already exists as a VLAN bridge under | |
187 | \fIparent\fR for \fIvlan\fR. | |
3b135da3 | 188 | . |
460aad80 | 189 | .IP "[\fB\-\-if\-exists\fR] \fBdel\-br \fIbridge\fR" |
3b135da3 BP |
190 | Deletes \fIbridge\fR and all of its ports. If \fIbridge\fR is a real |
191 | bridge, this command also deletes any fake bridges that were created | |
192 | with \fIbridge\fR as parent, including all of their ports. | |
460aad80 BP |
193 | .IP |
194 | Without \fB\-\-if\-exists\fR, attempting to delete a bridge that does | |
195 | not exist is an error. With \fB\-\-if\-exists\fR, attempting to | |
196 | delete a bridge that does not exist has no effect. | |
3b135da3 | 197 | . |
515d830a | 198 | .IP "[\fB\-\-real\fR|\fB\-\-fake\fR] \fBlist\-br\fR" |
3b135da3 | 199 | Lists all existing real and fake bridges on standard output, one per |
515d830a JP |
200 | line. With \fB\-\-real\fR or \fB\-\-fake\fR, only bridges of that type |
201 | are returned. | |
3b135da3 BP |
202 | . |
203 | .IP "\fBbr\-exists \fIbridge\fR" | |
204 | Tests whether \fIbridge\fR exists as a real or fake bridge. If so, | |
205 | \fBovs\-vsctl\fR exits successfully with exit code 0. If not, | |
206 | \fBovs\-vsctl\fR exits unsuccessfully with exit code 2. | |
207 | . | |
8e58fa9a BP |
208 | .IP "\fBbr\-to\-vlan \fIbridge\fR" |
209 | If \fIbridge\fR is a fake bridge, prints the bridge's 802.1Q VLAN as a | |
210 | decimal integer. If \fIbridge\fR is a real bridge, prints 0. | |
211 | . | |
212 | .IP "\fBbr\-to\-parent \fIbridge\fR" | |
213 | If \fIbridge\fR is a fake bridge, prints the name of its parent | |
214 | bridge. If \fIbridge\fR is a real bridge, print \fIbridge\fR. | |
215 | . | |
457e1eb0 BP |
216 | .IP "\fBbr\-set\-external\-id \fIbridge key\fR [\fIvalue\fR]" |
217 | Sets or clears an ``external ID'' value on \fIbridge\fR. These values | |
218 | are intended to identify entities external to Open vSwitch with which | |
219 | \fIbridge\fR is associated, e.g. the bridge's identifier in a | |
220 | virtualization management platform. The Open vSwitch database schema | |
221 | specifies well-known \fIkey\fR values, but \fIkey\fR and \fIvalue\fR | |
222 | are otherwise arbitrary strings. | |
223 | .IP | |
224 | If \fIvalue\fR is specified, then \fIkey\fR is set to \fIvalue\fR for | |
225 | \fIbridge\fR, overwriting any previous value. If \fIvalue\fR is | |
226 | omitted, then \fIkey\fR is removed from \fIbridge\fR's set of external | |
227 | IDs (if it was present). | |
e328faad BP |
228 | .IP |
229 | For real bridges, the effect of this command is similar to that of a | |
230 | \fBset\fR or \fBremove\fR command in the \fBexternal\-ids\fR column of | |
231 | the \fBBridge\fR table. For fake bridges, it actually modifies keys | |
232 | with names prefixed by \fBfake\-bridge\-\fR in the \fBPort\fR table. | |
457e1eb0 BP |
233 | . |
234 | .IP "\fBbr\-get\-external\-id \fIbridge\fR [\fIkey\fR]" | |
235 | Queries the external IDs on \fIbridge\fR. If \fIkey\fR is specified, | |
236 | the output is the value for that \fIkey\fR or the empty string if | |
237 | \fIkey\fR is unset. If \fIkey\fR is omitted, the output is | |
238 | \fIkey\fB=\fIvalue\fR, one per line, for each key-value pair. | |
e328faad BP |
239 | .IP |
240 | For real bridges, the effect of this command is similar to that of a | |
241 | \fBget\fR command in the \fBexternal\-ids\fR column of the | |
242 | \fBBridge\fR table. For fake bridges, it queries keys with names | |
243 | prefixed by \fBfake\-bridge\-\fR in the \fBPort\fR table. | |
457e1eb0 | 244 | . |
3b135da3 BP |
245 | .SS "Port Commands" |
246 | . | |
247 | These commands examine and manipulate Open vSwitch ports. These | |
248 | commands treat a bonded port as a single entity. | |
249 | . | |
250 | .IP "\fBlist\-ports \fIbridge\fR" | |
251 | Lists all of the ports within \fIbridge\fR on standard output, one per | |
252 | line. The local port \fIbridge\fR is not included in the list. | |
253 | . | |
18b239f5 | 254 | .IP "[\fB\-\-may\-exist\fR] \fBadd\-port \fIbridge port \fR[\fIcolumn\fR[\fB:\fIkey\fR]\fR=\fIvalue\fR]\&...\fR" |
3b135da3 BP |
255 | Creates on \fIbridge\fR a new port named \fIport\fR from the network |
256 | device of the same name. | |
bb1c67c8 | 257 | .IP |
18b239f5 BP |
258 | Optional arguments set values of column in the Port record created by |
259 | the command. For example, \fBtag=9\fR would make the port an access | |
260 | port for VLAN 9. The syntax is the same as that for the \fBset\fR | |
261 | command (see \fBDatabase Commands\fR below). | |
262 | .IP | |
bb1c67c8 | 263 | Without \fB\-\-may\-exist\fR, attempting to create a port that exists |
cefb3cc6 BP |
264 | is an error. With \fB\-\-may\-exist\fR, this command does nothing if |
265 | \fIport\fR already exists on \fIbridge\fR and is not a bonded port. | |
3b135da3 | 266 | . |
460aad80 | 267 | .IP "[\fB\-\-if\-exists\fR] \fBdel\-port \fR[\fIbridge\fR] \fIport\fR" |
3d1b9636 BP |
268 | Deletes \fIport\fR. If \fIbridge\fR is omitted, \fIport\fR is removed |
269 | from whatever bridge contains it; if \fIbridge\fR is specified, it | |
270 | must be the real or fake bridge that contains \fIport\fR. | |
460aad80 BP |
271 | .IP |
272 | Without \fB\-\-if\-exists\fR, attempting to delete a port that does | |
273 | not exist is an error. With \fB\-\-if\-exists\fR, attempting to | |
274 | delete a port that does not exist has no effect. | |
3b135da3 | 275 | . |
7c79588e BP |
276 | .IP "[\fB\-\-if\-exists\fR] \fB\-\-with\-iface del\-port \fR[\fIbridge\fR] \fIiface\fR" |
277 | Deletes the port named \fIiface\fR or that has an interface named | |
278 | \fIiface\fR. If \fIbridge\fR is omitted, the port is removed from | |
279 | whatever bridge contains it; if \fIbridge\fR is specified, it must be | |
280 | the real or fake bridge that contains the port. | |
281 | .IP | |
282 | Without \fB\-\-if\-exists\fR, attempting to delete the port for an | |
283 | interface that does not exist is an error. With \fB\-\-if\-exists\fR, | |
284 | attempting to delete the port for an interface that does not exist has | |
285 | no effect. | |
286 | . | |
3b135da3 BP |
287 | .IP "\fBport\-to\-br \fIport\fR" |
288 | Prints the name of the bridge that contains \fIport\fR on standard | |
289 | output. | |
290 | . | |
ec5ef1cf BP |
291 | .SS "Bond Commands" |
292 | . | |
293 | These commands work with ports that have more than one interface, | |
294 | which Open vSwitch calls ``bonds.'' | |
295 | . | |
296 | .IP "[\fB\-\-fake\-iface\fR] \fBadd\-bond \fIbridge port iface\fR\&... [\fIcolumn\fR[\fB:\fIkey\fR]\fR=\fIvalue\fR]\&...\fR" | |
297 | Creates on \fIbridge\fR a new port named \fIport\fR that bonds | |
298 | together the network devices given as each \fIiface\fR. At least two | |
299 | interfaces must be named. If the interfaces are DPDK enabled then | |
300 | the transaction will need to include operations to explicitly set the | |
301 | interface type to 'dpdk'. | |
302 | .IP | |
303 | Optional arguments set values of column in the Port record created by | |
304 | the command. The syntax is the same as that for the \fBset\fR command | |
305 | (see \fBDatabase Commands\fR below). | |
306 | .IP | |
307 | With \fB\-\-fake\-iface\fR, a fake interface with the name \fIport\fR is | |
308 | created. This should only be used for compatibility with legacy | |
309 | software that requires it. | |
310 | .IP | |
311 | Without \fB\-\-may\-exist\fR, attempting to create a port that exists | |
312 | is an error. With \fB\-\-may\-exist\fR, this command does nothing if | |
313 | \fIport\fR already exists on \fIbridge\fR and bonds together exactly | |
314 | the specified interfaces. | |
315 | . | |
316 | .IP "[\fB\-\-may\-exist\fR] \fBadd\-bond\-iface \fIbond iface\fR" | |
317 | Adds \fIiface\fR as a new bond interface to the existing port | |
318 | \fIbond\fR. If \fIbond\fR previously had only one port, this | |
319 | transforms it into a bond. | |
320 | .IP | |
321 | Without \fB\-\-may\-exist\fR, attempting to add an \fIiface\fR that is | |
322 | already part of \fIbond\fR is an error. With \fB\-\-may\-exist\fR, | |
323 | this command does nothing if \fIiface\fR is already part of | |
324 | \fIbond\fR. (It is still an error if \fIiface\fR is an interface of | |
325 | some other port or bond.) | |
326 | . | |
327 | .IP "[\fB\-\-if\-exists\fR] \fBdel\-bond\-iface\fR [\fIbond\fR] \fIiface\fR" | |
328 | Removes \fIiface\fR from its port. If \fIbond\fR is omitted, | |
329 | \fIiface\fR is removed from whatever port contains it; if \fIbond\fR | |
330 | is specified, it must be the port that contains \fIbond\fR. | |
331 | .IP | |
332 | If removing \fIiface\fR causes its port to have only a single | |
333 | interface, then that port transforms from a bond into an ordinary | |
334 | port. It is an error if \fIiface\fR is the only interface in its | |
335 | port. | |
336 | .IP | |
337 | Without \fB\-\-if\-exists\fR, attempting to delete an interface that | |
338 | does not exist is an error. With \fB\-\-if\-exists\fR, attempting to | |
339 | delete an interface that does not exist has no effect. | |
340 | . | |
3b135da3 BP |
341 | .SS "Interface Commands" |
342 | . | |
343 | These commands examine the interfaces attached to an Open vSwitch | |
344 | bridge. These commands treat a bonded port as a collection of two or | |
345 | more interfaces, rather than as a single port. | |
346 | . | |
347 | .IP "\fBlist\-ifaces \fIbridge\fR" | |
348 | Lists all of the interfaces within \fIbridge\fR on standard output, | |
349 | one per line. The local port \fIbridge\fR is not included in the | |
350 | list. | |
351 | . | |
352 | .IP "\fBiface\-to\-br \fIiface\fR" | |
353 | Prints the name of the bridge that contains \fIiface\fR on standard | |
354 | output. | |
457e1eb0 | 355 | . |
5aa00635 JP |
356 | .SS "OpenFlow Controller Connectivity" |
357 | . | |
358 | \fBovs\-vswitchd\fR can perform all configured bridging and switching | |
c0de82d9 JP |
359 | locally, or it can be configured to communicate with one or more |
360 | external OpenFlow controllers. The switch is typically configured to | |
361 | connect to a primary controller that takes charge of the bridge's flow | |
362 | table to implement a network policy. In addition, the switch can be | |
363 | configured to listen to connections from service controllers. Service | |
364 | controllers are typically used for occasional support and maintenance, | |
365 | e.g. with \fBovs\-ofctl\fR. | |
5aa00635 | 366 | . |
1a048029 | 367 | .IP "\fBget\-controller\fR \fIbridge\fR" |
5aa00635 JP |
368 | Prints the configured controller target. |
369 | . | |
1a048029 | 370 | .IP "\fBdel\-controller\fR \fIbridge\fR" |
5aa00635 JP |
371 | Deletes the configured controller target. |
372 | . | |
1a048029 JP |
373 | .IP "\fBset\-controller\fR \fIbridge\fR \fItarget\fR\&..." |
374 | Sets the configured controller target or targets. Each \fItarget\fR may | |
375 | use any of the following forms: | |
5aa00635 JP |
376 | . |
377 | .RS | |
84ee7bcf | 378 | .so lib/vconn-active.man |
c0de82d9 | 379 | .so lib/vconn-passive.man |
5aa00635 | 380 | .RE |
84ee7bcf | 381 | . |
5aa00635 | 382 | .ST "Controller Failure Settings" |
89365653 | 383 | .PP |
5aa00635 JP |
384 | When a controller is configured, it is, ordinarily, responsible for |
385 | setting up all flows on the switch. Thus, if the connection to | |
386 | the controller fails, no new network connections can be set up. If | |
387 | the connection to the controller stays down long enough, no packets | |
388 | can pass through the switch at all. | |
63f08492 | 389 | .PP |
5aa00635 JP |
390 | If the value is \fBstandalone\fR, or if neither of these settings |
391 | is set, \fBovs\-vswitchd\fR will take over | |
392 | responsibility for setting up | |
393 | flows when no message has been received from the controller for three | |
dd1dcc23 | 394 | times the inactivity probe interval. In this mode, |
5aa00635 JP |
395 | \fBovs\-vswitchd\fR causes the datapath to act like an ordinary |
396 | MAC-learning switch. \fBovs\-vswitchd\fR will continue to retry connecting | |
397 | to the controller in the background and, when the connection succeeds, | |
398 | it discontinues its standalone behavior. | |
63f08492 | 399 | .PP |
5aa00635 JP |
400 | If this option is set to \fBsecure\fR, \fBovs\-vswitchd\fR will not |
401 | set up flows on its own when the controller connection fails. | |
402 | . | |
1a048029 | 403 | .IP "\fBget\-fail\-mode\fR \fIbridge\fR" |
5aa00635 JP |
404 | Prints the configured failure mode. |
405 | . | |
1a048029 | 406 | .IP "\fBdel\-fail\-mode\fR \fIbridge\fR" |
5aa00635 JP |
407 | Deletes the configured failure mode. |
408 | . | |
1a048029 | 409 | .IP "\fBset\-fail\-mode\fR \fIbridge\fR \fBstandalone\fR|\fBsecure\fR" |
5aa00635 JP |
410 | Sets the configured failure mode. |
411 | . | |
24b8b259 AE |
412 | .SS "Manager Connectivity" |
413 | . | |
289df16d AE |
414 | These commands manipulate the \fBmanager_options\fR column in the |
415 | \fBOpen_vSwitch\fR table and rows in the \fBManagers\fR table. When | |
416 | \fBovsdb\-server\fR is configured to use the \fBmanager_options\fR column for | |
795752a3 | 417 | OVSDB connections (as described in the startup scripts provided with |
ef679483 DB |
418 | Open vSwitch; the corresponding \fBovsdb\-server\fR command option is |
419 | \fB--remote=db:Open_vSwitch,Open_vSwitch,manager_options\fR), this allows the | |
420 | administrator to use \fBovs\-vsctl\fR to configure database connections. | |
24b8b259 AE |
421 | . |
422 | .IP "\fBget\-manager\fR" | |
423 | Prints the configured manager(s). | |
424 | . | |
425 | .IP "\fBdel\-manager\fR" | |
426 | Deletes the configured manager(s). | |
427 | . | |
428 | .IP "\fBset\-manager\fR \fItarget\fR\&..." | |
12b84d50 BP |
429 | Sets the configured manager target or targets. |
430 | Each \fItarget\fR may be an OVSDB active or passive connection method, | |
431 | e.g. \fBpssl:6640\fR, as described in \fBovsdb\fR(7). | |
24b8b259 | 432 | . |
dd8ac6fe JP |
433 | .SS "SSL Configuration" |
434 | When \fBovs\-vswitchd\fR is configured to connect over SSL for management or | |
435 | controller connectivity, the following parameters are required: | |
436 | .TP | |
ae9a3235 | 437 | \fIprivate-key\fR |
dd8ac6fe JP |
438 | Specifies a PEM file containing the private key used as the virtual |
439 | switch's identity for SSL connections to the controller. | |
440 | .TP | |
ae9a3235 | 441 | \fIcertificate\fR |
dd8ac6fe JP |
442 | Specifies a PEM file containing a certificate, signed by the |
443 | certificate authority (CA) used by the controller and manager, that | |
444 | certifies the virtual switch's private key, identifying a trustworthy | |
445 | switch. | |
446 | .TP | |
ae9a3235 | 447 | \fIca-cert\fR |
dd8ac6fe JP |
448 | Specifies a PEM file containing the CA certificate used to verify that |
449 | the virtual switch is connected to a trustworthy controller. | |
450 | .PP | |
451 | These files are read only once, at \fBovs\-vswitchd\fR startup time. If | |
452 | their contents change, \fBovs\-vswitchd\fR must be killed and restarted. | |
453 | .PP | |
454 | These SSL settings apply to all SSL connections made by the virtual | |
455 | switch. | |
456 | . | |
457 | .IP "\fBget\-ssl\fR" | |
458 | Prints the SSL configuration. | |
459 | . | |
460 | .IP "\fBdel\-ssl\fR" | |
461 | Deletes the current SSL configuration. | |
462 | . | |
463 | .IP "[\fB\-\-bootstrap\fR] \fBset\-ssl\fR \fIprivate-key\fR \fIcertificate\fR \fIca-cert\fR" | |
99eef98b | 464 | Sets the SSL configuration. The \fB\-\-bootstrap\fR option is described |
dd8ac6fe JP |
465 | below. |
466 | . | |
467 | .ST "CA Certificate Bootstrap" | |
89365653 | 468 | .PP |
dd8ac6fe | 469 | Ordinarily, all of the files named in the SSL configuration must exist |
40a09c8a BP |
470 | when \fBovs\-vswitchd\fR starts. However, if the \fIca-cert\fR file |
471 | does not exist and the \fB\-\-bootstrap\fR | |
dd8ac6fe JP |
472 | option is given, then \fBovs\-vswitchd\fR will attempt to obtain the |
473 | CA certificate from the controller on its first SSL connection and | |
474 | save it to the named PEM file. If it is successful, it will | |
475 | immediately drop the connection and reconnect, and from then on all | |
476 | SSL connections must be authenticated by a certificate signed by the | |
477 | CA certificate thus obtained. | |
478 | .PP | |
479 | \fBThis option exposes the SSL connection to a man-in-the-middle | |
480 | attack obtaining the initial CA certificate\fR, but it may be useful | |
481 | for bootstrapping. | |
482 | .PP | |
483 | This option is only useful if the controller sends its CA certificate | |
484 | as part of the SSL certificate chain. The SSL protocol does not | |
1d5aaa61 | 485 | require the controller to send the CA certificate. |
dd8ac6fe | 486 | . |
99eef98b DF |
487 | .SS "Auto-Attach Commands" |
488 | . | |
489 | The IETF Auto-Attach SPBM draft standard describes a compact method of using | |
490 | IEEE 802.1AB Link Layer Discovery Protocol (LLDP) together with a IEEE 802.1aq | |
491 | Shortest Path Bridging (SPB) network to automatically attach network devices to | |
492 | individual services in a SPB network. The intent here is to allow network | |
493 | applications and devices using OVS to be able to easily take advantage of | |
494 | features offered by industry standard SPB networks. A fundamental element of | |
495 | the Auto-Attach feature is to map traditional VLANs onto SPB I_SIDs. These | |
496 | commands manage the Auto-Attach I-SID/VLAN mappings. | |
497 | . | |
498 | .IP "\fBadd\-aa\-mapping \fIbridge i-sid vlan\fR" | |
499 | Creates a new Auto-Attach mapping on \fIbridge\fR for \fIi-sid\fR | |
500 | and \fIvlan\fR. | |
501 | . | |
502 | .IP "\fBdel\-aa\-mapping \fIbridge i-sid vlan\fR" | |
503 | Deletes an Auto-Attach mapping on \fIbridge\fR for \fIi-sid\fR | |
504 | and \fIvlan\fR. | |
505 | .IP "\fBget\-aa\-mapping \fIbridge\fR" | |
506 | Lists all of the Auto-Attach mappings within \fIbridge\fR on standard output. | |
507 | . | |
ad83bfa6 BP |
508 | .SS "Database Commands" |
509 | . | |
510 | These commands query and modify the contents of \fBovsdb\fR tables. | |
511 | They are a slight abstraction of the \fBovsdb\fR interface and as such | |
512 | they operate at a lower level than other \fBovs\-vsctl\fR commands. | |
513 | .PP | |
514 | .ST "Identifying Tables, Records, and Columns" | |
515 | .PP | |
516 | Each of these commands has a \fItable\fR parameter to identify a table | |
517 | within the database. Many of them also take a \fIrecord\fR parameter | |
518 | that identifies a particular record within a table. The \fIrecord\fR | |
519 | parameter may be the UUID for a record, and many tables offer | |
520 | additional ways to identify records. Some commands also take | |
521 | \fIcolumn\fR parameters that identify a particular field within the | |
522 | records in a table. | |
523 | .PP | |
8519ea87 MM |
524 | For a list of tables and their columns, see \fBovs-vswitchd.conf.db\fR(5) or |
525 | see the table listing from the \fB--help\fR option. | |
ad83bfa6 | 526 | .PP |
e111e681 | 527 | Record names must be specified in full and with correct |
4e3000a0 BP |
528 | capitalization, except that UUIDs may be abbreviated to their first 4 |
529 | (or more) hex digits, as long as that is unique within the table. | |
530 | Names of tables and columns are not case-sensitive, and \fB\-\fR and | |
531 | \fB_\fR are treated interchangeably. Unique abbreviations of table | |
532 | and column names are acceptable, e.g. \fBnet\fR or \fBn\fR is | |
533 | sufficient to identify the \fBNetFlow\fR table. | |
ad83bfa6 | 534 | . |
f6a2e156 | 535 | .so lib/db-ctl-base.man |
4d14e30f BP |
536 | .SH "EXAMPLES" |
537 | Create a new bridge named br0 and add port eth0 to it: | |
538 | .IP | |
4e312e69 | 539 | .B "ovs\-vsctl add\-br br0" |
4d14e30f | 540 | .br |
4e312e69 | 541 | .B "ovs\-vsctl add\-port br0 eth0" |
4d14e30f BP |
542 | .PP |
543 | Alternatively, perform both operations in a single atomic transaction: | |
99eef98b | 544 | .IP |
4e312e69 | 545 | .B "ovs\-vsctl add\-br br0 \-\- add\-port br0 eth0" |
460aad80 BP |
546 | .PP |
547 | Delete bridge \fBbr0\fR, reporting an error if it does not exist: | |
548 | .IP | |
549 | .B "ovs\-vsctl del\-br br0" | |
550 | .PP | |
401d5a6d | 551 | Delete bridge \fBbr0\fR if it exists: |
460aad80 | 552 | .IP |
401d5a6d | 553 | .B "ovs\-vsctl \-\-if\-exists del\-br br0" |
ce5a3e38 BP |
554 | .PP |
555 | Set the \fBqos\fR column of the \fBPort\fR record for \fBeth0\fR to | |
556 | point to a new \fBQoS\fR record, which in turn points with its queue 0 | |
557 | to a new \fBQueue\fR record: | |
558 | .IP | |
4e312e69 | 559 | .B "ovs\-vsctl \-\- set port eth0 qos=@newqos \-\- \-\-id=@newqos create qos type=linux\-htb other\-config:max\-rate=1000000 queues:0=@newqueue \-\- \-\-id=@newqueue create queue other\-config:min\-rate=1000000 other\-config:max\-rate=1000000" |
bad973d7 BP |
560 | .SH "CONFIGURATION COOKBOOK" |
561 | .SS "Port Configuration" | |
562 | .PP | |
563 | Add an ``internal port'' \fBvlan10\fR to bridge \fBbr0\fR as a VLAN | |
564 | access port for VLAN 10, and configure it with an IP address: | |
565 | .IP | |
566 | .B "ovs\-vsctl add\-port br0 vlan10 tag=10 \-\- set Interface vlan10 type=internal" | |
567 | .IP | |
0b2c7e69 | 568 | .B "ip addr add 192.168.0.123/24 dev vlan10" |
3b135da3 | 569 | . |
19a79607 BP |
570 | .PP |
571 | Add a GRE tunnel port \fBgre0\fR to remote IP address 1.2.3.4 to | |
572 | bridge \fBbr0\fR: | |
573 | .IP | |
574 | .B "ovs\-vsctl add\-port br0 gre0 \-\- set Interface gre0 type=gre options:remote_ip=1.2.3.4" | |
575 | . | |
bad973d7 BP |
576 | .SS "Port Mirroring" |
577 | .PP | |
578 | Mirror all packets received or sent on \fBeth0\fR or \fBeth1\fR onto | |
579 | \fBeth2\fR, assuming that all of those ports exist on bridge \fBbr0\fR | |
580 | (as a side-effect this causes any packets received on \fBeth2\fR to be | |
581 | ignored): | |
582 | .IP | |
583 | .B "ovs\-vsctl \-\- set Bridge br0 mirrors=@m \(rs" | |
584 | .IP | |
585 | .B "\-\- \-\-id=@eth0 get Port eth0 \(rs" | |
586 | .IP | |
587 | .B "\-\- \-\-id=@eth1 get Port eth1 \(rs" | |
588 | .IP | |
589 | .B "\-\- \-\-id=@eth2 get Port eth2 \(rs" | |
590 | .IP | |
591 | .B "\-\- \-\-id=@m create Mirror name=mymirror select-dst-port=@eth0,@eth1 select-src-port=@eth0,@eth1 output-port=@eth2" | |
592 | .PP | |
c5f341ab BP |
593 | Remove the mirror created above from \fBbr0\fR, which also destroys |
594 | the Mirror record (since it is now unreferenced): | |
bad973d7 | 595 | .IP |
9d2e7445 BP |
596 | .B "ovs\-vsctl \-\- \-\-id=@rec get Mirror mymirror \(rs" |
597 | .IP | |
598 | .B "\-\- remove Bridge br0 mirrors @rec" | |
599 | .PP | |
600 | The following simpler command also works: | |
601 | .IP | |
602 | .B "ovs\-vsctl clear Bridge br0 mirrors" | |
bad973d7 BP |
603 | .SS "Quality of Service (QoS)" |
604 | .PP | |
605 | Create a \fBlinux\-htb\fR QoS record that points to a few queues and | |
606 | use it on \fBeth0\fR and \fBeth1\fR: | |
607 | .IP | |
608 | .B "ovs\-vsctl \-\- set Port eth0 qos=@newqos \(rs" | |
609 | .IP | |
610 | .B "\-\- set Port eth1 qos=@newqos \(rs" | |
611 | .IP | |
612 | .B "\-\- \-\-id=@newqos create QoS type=linux\-htb other\-config:max\-rate=1000000000 queues=0=@q0,1=@q1 \(rs" | |
613 | .IP | |
614 | .B "\-\- \-\-id=@q0 create Queue other\-config:min\-rate=100000000 other\-config:max\-rate=100000000 \(rs" | |
615 | .IP | |
616 | .B "\-\- \-\-id=@q1 create Queue other\-config:min\-rate=500000000" | |
617 | .PP | |
618 | Deconfigure the QoS record above from \fBeth1\fR only: | |
619 | .IP | |
620 | .B "ovs\-vsctl clear Port eth1 qos" | |
621 | .PP | |
622 | To deconfigure the QoS record from both \fBeth0\fR and \fBeth1\fR and | |
c5f341ab BP |
623 | then delete the QoS record (which must be done explicitly because |
624 | unreferenced QoS records are not automatically destroyed): | |
bad973d7 BP |
625 | .IP |
626 | .B "ovs\-vsctl \-\- destroy QoS eth0 \-\- clear Port eth0 qos \-\- clear Port eth1 qos" | |
627 | .PP | |
628 | (This command will leave two unreferenced Queue records in the | |
629 | database. To delete them, use "\fBovs\-vsctl list Queue\fR" to find | |
630 | their UUIDs, then "\fBovs\-vsctl destroy Queue \fIuuid1\fR | |
eeb8467e AS |
631 | \fIuuid2\fR" to destroy each of them or use |
632 | "\fBovs\-vsctl -- --all destroy Queue\fR" to delete all records.) | |
b31bcf60 EJ |
633 | .SS "Connectivity Monitoring" |
634 | .PP | |
93b8df38 | 635 | Monitor connectivity to a remote maintenance point on eth0. |
b31bcf60 | 636 | .IP |
a6e198ea | 637 | .B "ovs\-vsctl set Interface eth0 cfm_mpid=1" |
b31bcf60 | 638 | .PP |
93b8df38 | 639 | Deconfigure connectivity monitoring from above: |
b31bcf60 | 640 | .IP |
a6e198ea | 641 | .B "ovs\-vsctl clear Interface eth0 cfm_mpid" |
bad973d7 BP |
642 | .SS "NetFlow" |
643 | .PP | |
644 | Configure bridge \fBbr0\fR to send NetFlow records to UDP port 5566 on | |
645 | host 192.168.0.34, with an active timeout of 30 seconds: | |
646 | .IP | |
647 | .B "ovs\-vsctl \-\- set Bridge br0 netflow=@nf \(rs" | |
648 | .IP | |
649 | .B "\-\- \-\-id=@nf create NetFlow targets=\(rs\(dq192.168.0.34:5566\(rs\(dq active\-timeout=30" | |
650 | .PP | |
651 | Update the NetFlow configuration created by the previous command to | |
652 | instead use an active timeout of 60 seconds: | |
653 | .IP | |
654 | .B "ovs\-vsctl set NetFlow br0 active_timeout=60" | |
655 | .PP | |
c5f341ab BP |
656 | Deconfigure the NetFlow settings from \fBbr0\fR, which also destroys |
657 | the NetFlow record (since it is now unreferenced): | |
bad973d7 | 658 | .IP |
c5f341ab | 659 | .B "ovs\-vsctl clear Bridge br0 netflow" |
bad973d7 BP |
660 | .SS "sFlow" |
661 | .PP | |
662 | Configure bridge \fBbr0\fR to send sFlow records to a collector on | |
663 | 10.0.0.1 at port 6343, using \fBeth1\fR\'s IP address as the source, | |
664 | with specific sampling parameters: | |
665 | .IP | |
666 | .B "ovs\-vsctl \-\- \-\-id=@s create sFlow agent=eth1 target=\(rs\(dq10.0.0.1:6343\(rs\(dq header=128 sampling=64 polling=10 \(rs" | |
667 | .IP | |
668 | .B "\-\- set Bridge br0 sflow=@s" | |
669 | .PP | |
f0f87cbd | 670 | Deconfigure sFlow from \fBbr0\fR, which also destroys the sFlow record |
c5f341ab | 671 | (since it is now unreferenced): |
bad973d7 | 672 | .IP |
c5f341ab | 673 | .B "ovs\-vsctl \-\- clear Bridge br0 sflow" |
29089a54 RL |
674 | .SS "IPFIX" |
675 | .PP | |
676 | Configure bridge \fBbr0\fR to send one IPFIX flow record per packet | |
677 | sample to UDP port 4739 on host 192.168.0.34, with Observation Domain | |
978427a5 | 678 | ID 123 and Observation Point ID 456, a flow cache active timeout of 1 |
8b7ea2d4 WZ |
679 | minute (60 seconds), maximum flow cache size of 13 flows, and flows |
680 | sampled on output port with tunnel info(sampling on input and output | |
681 | port is enabled by default if not disabled) : | |
29089a54 RL |
682 | .IP |
683 | .B "ovs\-vsctl \-\- set Bridge br0 ipfix=@i \(rs" | |
684 | .IP | |
8b7ea2d4 WZ |
685 | .B "\-\- \-\-id=@i create IPFIX targets=\(rs\(dq192.168.0.34:4739\(rs\(dq obs_domain_id=123 obs_point_id=456 cache_active_timeout=60 cache_max_flows=13 \(rs" |
686 | .IP | |
687 | .B "other_config:enable-input-sampling=false other_config:enable-tunnel-sampling=true" | |
29089a54 RL |
688 | .PP |
689 | Deconfigure the IPFIX settings from \fBbr0\fR, which also destroys the | |
690 | IPFIX record (since it is now unreferenced): | |
691 | .IP | |
692 | .B "ovs\-vsctl clear Bridge br0 ipfix" | |
21f7563c JP |
693 | .SS "802.1D Spanning Tree Protocol (STP)" |
694 | .PP | |
695 | Configure bridge \fBbr0\fR to participate in an 802.1D spanning tree: | |
696 | .IP | |
697 | .B "ovs\-vsctl set Bridge br0 stp_enable=true" | |
698 | .PP | |
699 | Set the bridge priority of \fBbr0\fR to 0x7800: | |
700 | .IP | |
701 | .B "ovs\-vsctl set Bridge br0 other_config:stp-priority=0x7800" | |
702 | .PP | |
703 | Set the path cost of port \fBeth0\fR to 10: | |
704 | .IP | |
705 | .B "ovs\-vsctl set Port eth0 other_config:stp-path-cost=10" | |
706 | .PP | |
707 | Deconfigure STP from above: | |
708 | .IP | |
69630ea0 | 709 | .B "ovs\-vsctl set Bridge br0 stp_enable=false" |
21f7563c | 710 | .PP |
dc2b70ba FL |
711 | .SS "Multicast Snooping" |
712 | .PP | |
713 | Configure bridge \fBbr0\fR to enable multicast snooping: | |
714 | .IP | |
715 | .B "ovs\-vsctl set Bridge br0 mcast_snooping_enable=true" | |
716 | .PP | |
717 | Set the multicast snooping aging time \fBbr0\fR to 300 seconds: | |
718 | .IP | |
719 | .B "ovs\-vsctl set Bridge br0 other_config:mcast-snooping-aging-time=300" | |
720 | .PP | |
721 | Set the multicast snooping table size \fBbr0\fR to 2048 entries: | |
722 | .IP | |
723 | .B "ovs\-vsctl set Bridge br0 other_config:mcast-snooping-table-size=2048" | |
724 | .PP | |
725 | Disable flooding of unregistered multicast packets to all ports. When | |
67e8c1ac JR |
726 | set to \fBtrue\fR, the switch will send unregistered multicast packets only |
727 | to ports connected to multicast routers. When it is set to \fBfalse\fR, the | |
dc2b70ba FL |
728 | switch will send them to all ports. This command disables the flood of |
729 | unregistered packets on bridge \fBbr0\fR. | |
730 | .IP | |
731 | .B "ovs\-vsctl set Bridge br0 other_config:mcast-snooping-disable-flood-unregistered=true" | |
732 | .PP | |
8e04a33f | 733 | Enable flooding of multicast packets (except Reports) on a specific port. |
dc2b70ba FL |
734 | .IP |
735 | .B "ovs\-vsctl set Port eth1 other_config:mcast-snooping-flood=true" | |
736 | .PP | |
8e04a33f FL |
737 | Enable flooding of Reports on a specific port. |
738 | .IP | |
739 | .B "ovs\-vsctl set Port eth1 other_config:mcast-snooping-flood-reports=true" | |
740 | .PP | |
dc2b70ba FL |
741 | Deconfigure multicasting snooping from above: |
742 | .IP | |
743 | .B "ovs\-vsctl set Bridge br0 mcast_snooping_enable=false" | |
744 | .PP | |
9efd308e DV |
745 | .SS "802.1D-2004 Rapid Spanning Tree Protocol (RSTP)" |
746 | .PP | |
747 | Configure bridge \fBbr0\fR to participate in an 802.1D-2004 Rapid Spanning Tree: | |
748 | .IP | |
749 | .B "ovs\-vsctl set Bridge br0 rstp_enable=true" | |
750 | .PP | |
751 | Set the bridge address of \fBbr0\fR to 00:aa:aa:aa:aa:aa : | |
752 | .IP | |
753 | .B "ovs\-vsctl set Bridge br0 other_config:rstp-address=00:aa:aa:aa:aa:aa" | |
754 | .PP | |
755 | Set the bridge priority of \fBbr0\fR to 0x7000. The value must be specified in | |
756 | decimal notation and should be a multiple of 4096 (if not, it is rounded down to | |
757 | the nearest multiple of 4096). The default priority value is 0x800 (32768). | |
758 | .IP | |
759 | .B "ovs\-vsctl set Bridge br0 other_config:rstp-priority=28672" | |
760 | .PP | |
761 | Set the bridge ageing time of \fBbr0\fR to 1000 s. The ageing time value should be | |
762 | between 10 s and 1000000 s. The default value is 300 s. | |
763 | .IP | |
764 | .B "ovs\-vsctl set Bridge br0 other_config:rstp-ageing-time=1000" | |
765 | .PP | |
766 | Set the bridge force protocol version of \fBbr0\fR to 0. The force protocol version | |
767 | has two acceptable values: 0 (STP compatibility mode) and 2 (normal operation). | |
768 | .IP | |
769 | .B "ovs\-vsctl set Bridge br0 other_config:rstp-force-protocol-version=0" | |
770 | .PP | |
771 | Set the bridge max age of \fBbr0\fR to 10 s. The max age value should be between 6 s | |
772 | and 40 s. The default value is 20 s. | |
773 | .IP | |
774 | .B "ovs\-vsctl set Bridge br0 other_config:rstp-max-age=10" | |
775 | .PP | |
776 | Set the bridge forward delay of \fBbr0\fR to 15 s. | |
777 | This value should be between 4 s and 30 s. The default value is 15 s. | |
778 | .IP | |
779 | .B "ovs\-vsctl set Bridge br0 other_config:rstp-forward-delay=15" | |
780 | .PP | |
781 | Set the bridge transmit hold count of \fBbr0\fR to 7 s. This value should be between | |
782 | 1 s and 10 s. The default value is 6 s. | |
783 | .IP | |
784 | .B "ovs\-vsctl set Bridge br0 other_config:rstp-transmit-hold-count=7" | |
785 | .PP | |
67e8c1ac | 786 | Enable RSTP on the Port \fBeth0\fR: |
9efd308e DV |
787 | .IP |
788 | .B "ovs\-vsctl set Port eth0 other_config:rstp-enable=true" | |
789 | .PP | |
67e8c1ac | 790 | Disable RSTP on the Port \fBeth0\fR: |
9efd308e DV |
791 | .IP |
792 | .B "ovs\-vsctl set Port eth0 other_config:rstp-enable=false" | |
793 | .PP | |
67e8c1ac | 794 | Set the priority of port \fBeth0\fR to 32. The value must be specified in |
9efd308e DV |
795 | decimal notation and should be a multiple of 16 (if not, it is rounded down to the |
796 | nearest multiple of 16). The default priority value is 0x80 (128). | |
797 | .IP | |
798 | .B "ovs\-vsctl set Port eth0 other_config:rstp-port-priority=32" | |
799 | .PP | |
800 | Set the port number of port \fBeth0\fR to 3: | |
801 | .IP | |
802 | .B "ovs\-vsctl set Port eth0 other_config:rstp-port-num=3" | |
803 | .PP | |
804 | Set the path cost of port \fBeth0\fR to 150: | |
805 | .IP | |
806 | .B "ovs\-vsctl set Port eth0 other_config:rstp-path-cost=150" | |
807 | .PP | |
808 | Set the admin edge value of port \fBeth0\fR: | |
809 | .IP | |
810 | .B "ovs\-vsctl set Port eth0 other_config:rstp-port-admin-edge=true" | |
811 | .PP | |
812 | Set the auto edge value of port \fBeth0\fR: | |
813 | .IP | |
814 | .B "ovs\-vsctl set Port eth0 other_config:rstp-port-auto-edge=true" | |
815 | .PP | |
9abdfbef DV |
816 | Set the admin point to point MAC value of port \fBeth0\fR. Acceptable |
817 | values are \fB0\fR (not point-to-point), \fB1\fR (point-to-point, the | |
818 | default value) or \fB2\fR (automatic detection). The auto-detection | |
819 | mode is not currently implemented, and the value \fB2\fR has the same | |
820 | effect of \fB0\fR (not point-to-point). | |
67e8c1ac JR |
821 | .IP |
822 | .B "ovs\-vsctl set Port eth0 other_config:rstp-admin-p2p-mac=1" | |
823 | .PP | |
824 | Set the admin port state value of port \fBeth0\fR. \fBtrue\fR is the | |
825 | default value. | |
826 | .IP | |
827 | .B "ovs\-vsctl set Port eth0 other_config:rstp-admin-port-state=false" | |
828 | .PP | |
9efd308e DV |
829 | Set the mcheck value of port \fBeth0\fR: |
830 | .IP | |
831 | .B "ovs\-vsctl set Port eth0 other_config:rstp-port-mcheck=true" | |
832 | .PP | |
833 | Deconfigure RSTP from above: | |
834 | .IP | |
835 | .B "ovs\-vsctl set Bridge br0 rstp_enable=false" | |
836 | .PP | |
bb8a54f3 IY |
837 | .SS "OpenFlow Version" |
838 | .PP | |
839 | Configure bridge \fBbr0\fR to support OpenFlow versions 1.0, 1.2, and | |
840 | 1.3: | |
841 | .IP | |
cccc12cc | 842 | .B "ovs\-vsctl set bridge br0 protocols=OpenFlow10,OpenFlow12,OpenFlow13" |
bb8a54f3 | 843 | . |
fe5c0d6b | 844 | .SS "Flow Table Configuration" |
6a9722fe | 845 | Make flow table 0 on bridge br0 refuse to accept more than 100 flows: |
fe5c0d6b BP |
846 | .IP |
847 | .B "ovs\-vsctl \-\- \-\-id=@ft create Flow_Table flow_limit=100 overflow_policy=refuse \-\- set Bridge br0 flow_tables=0=@ft" | |
6a9722fe BP |
848 | . |
849 | .PP | |
850 | Make flow table 0 on bridge br0 evict flows, with fairness based on | |
851 | the matched ingress port, when there are more than 100: | |
852 | . | |
853 | .IP | |
854 | .B "ovs\-vsctl \-\- \-\-id=@ft create Flow_Table flow_limit=100 overflow_policy=evict groups='\(dqNXM_OF_IN_PORT[]\(dq' \-\- set Bridge br0 flow_tables:0=@ft" | |
3b135da3 BP |
855 | .SH "EXIT STATUS" |
856 | .IP "0" | |
857 | Successful program execution. | |
858 | .IP "1" | |
859 | Usage, syntax, or configuration file error. | |
860 | .IP "2" | |
861 | The \fIbridge\fR argument to \fBbr\-exists\fR specified the name of a | |
862 | bridge that does not exist. | |
863 | .SH "SEE ALSO" | |
864 | . | |
dfbe07ba | 865 | .BR ovsdb\-server (1), |
5aa75474 BP |
866 | .BR ovs\-vswitchd (8), |
867 | .BR ovs\-vswitchd.conf.db (5). |