[ovs.git] / vswitchd / vswitch-idl.ovsidl

//
// This is an ovsdb-idl schema.  The OVSDB IDL compiler, ovsdb-idlc,
// can translate it into an OVSDB schema (which simply entails
// deleting some members from the schema) or C headers or source for
// use with the IDL at runtime.
//

{"name": "ovs_vswitchd_db",
 "comment": "Configuration for one Open vSwitch daemon.",
 "idlPrefix": "ovsrec_",
 "idlHeader": "\"vswitchd/vswitch-idl.h\"",
 "tables": {
   "Open_vSwitch": {
     "comment": "Configuration for an Open vSwitch daemon.",
     "columns": {
       "bridges": {
         "comment": "Set of bridges managed by the daemon.",
         "type": {"key": "uuid", "keyRefTable": "Bridge",
                  "min": 0, "max": "unlimited"}},
       "management_id": {
         "comment": "Exactly 12 hex digits that identify the daemon.",
         "type": "string"},
       "controller": {
         "comment": "Default Controller used by bridges.",
         "type": {"key": "uuid", "keyRefTable": "Controller", "min": 0, "max": 1}},
       "ssl": {
         "comment": "SSL used globally by the daemon.",
         "type": {"key": "uuid", "keyRefTable": "SSL", "min": 0, "max": 1}}}},
   "Bridge": {
     "comment": "Configuration for a bridge within an Open_vSwitch.",
     "columns": {
       "name": {
         "comment": "Bridge identifier.  Should be alphanumeric and no more than about 8 bytes long.  Must be unique among the names of ports, interfaces, and bridges on a host.",
         "type": "string"},
       "datapath_id": {
         "comment": "OpenFlow datapath ID.  Exactly 12 hex digits.",
         "type": {"key": "string", "min": 0, "max": 1}},
       "hwaddr": {
         "comment": "Ethernet address to use for bridge.  Exactly 12 hex digits in the form XX:XX:XX:XX:XX:XX.",
         "type": {"key": "string", "min": 0, "max": 1}},
       "ports": {
         "comment": "Ports included in the bridge.",
         "type": {"key": "uuid", "keyRefTable": "Port", "min": 0, "max": "unlimited"}},
       "mirrors": {
         "comment": "Port mirroring configuration.",
         "type": {"key": "uuid", "keyRefTable": "Mirror", "min": 0, "max": "unlimited"}},
       "netflow": {
         "comment": "NetFlow configuration.",
         "type": {"key": "uuid", "keyRefTable": "NetFlow", "min": 0, "max": 1}},
       "controller": {
         "comment": "OpenFlow controller.  If unset, defaults to that specified by the parent Open_vSwitch.",
         "type": {"key": "uuid", "keyRefTable": "Controller", "min": 0, "max": 1}}}},
   "Port": {
     "comment": "A port within a Bridge.  May contain a single Interface or multiple (bonded) Interfaces.",
     "columns": {
       "name": {
         "comment": "Port name.  Should be alphanumeric and no more than about 8 bytes long.    May be the same as the interface name, for non-bonded ports.  Must otherwise be unique among the names of ports, interfaces, and bridges on a host.",
         "type": "string"},
       "interfaces": {
         "comment": "The Port's Interfaces.  If there is more than one, this is a bonded Port.",
         "type": {"key": "uuid", "keyRefTable": "Interface", "min": 1, "max": "unlimited"}},
       "trunks": {
         "comment": "The 802.1Q VLAN(s) that this port trunks.  Should be empty if this port trunks all VLAN(s) or if this is not a trunk port.",
         "type": {"key": "integer", "min": 0, "max": 4096}},
       "tag": {
         "comment": "This port's implicitly tagged VLAN.  Should be empty if this is a trunk port.",
         "type": {"key": "integer", "min": 0, "max": 1}},
       "mac": {
         "comment": "The MAC address to use for this port for the purpose of choosing the bridge's MAC address.  This column does not necessarily reflect the port's actual MAC address, nor will setting it change the port's actual MAC address.  Exactly 12 hex digits in the form XX:XX:XX:XX:XX:XX.",
         "type": {"key": "string", "min": 0, "max": 1}},
       "bond_updelay": {
         "comment": "For a bonded port, the number of milliseconds for which carrier must stay up on an interface before the interface is considered to be up.  Ignored for non-bonded ports.",
         "type": "integer"},
       "bond_downdelay": {
         "comment": "For a bonded port, the number of milliseconds for which carrier must stay down on an interface before the interface is considered to be down.  Ignored for non-bonded ports.",
         "type": "integer"},
       "bond_fake_iface": {
         "comment": "For a bonded port, whether to create a fake interface with the name of the port.  Use only for compatibility with legacy software that requires this.",
         "type": "boolean"}}},
   "Interface": {
     "comment": "An interface within a Port.",
     "columns": {
       "name": {
         "comment": "Interface name.  Should be alphanumeric and no more than about 8 bytes long.  May be the same as the port name, for non-bonded ports.  Must otherwise be unique among the names of ports, interfaces, and bridges on a host.",
         "type": "string"},
       "type": {
         "comment": "The interface type.  Normal network devices, e.g.  eth0, have type \"system\" or \"\" (which are synonyms).  Internal ports have type \"internal\".  TUN/TAP devices have type \"tap\".  GRE devices have type \"gre\".",
         "type": "string"},
       "options": {
         "comment": "Configuration options whose interpretation varies based on \"type\".",
         "type": {"key": "string", "value": "string", "min": 0, "max": "unlimited"}},
       "internal": {
         "comment": "An \"internal\" port is one that is implemented in software as a logical device.",
         "type": "boolean"},
       "ingress_policing_rate": {
         "comment": "Maximum rate for data received on this interface, in kbps.  Set to 0 to disable policing.",
         "type": "integer"},
       "ingress_policing_burst": {
         "comment": "Maximum burst size for data received on this interface, in kb.  The default burst size if set to 0 is 10 kb.",
         "type": "integer"},
       "mac": {
         "comment": "Ethernet address to set for this interface.  If unset then the default MAC address is used.  May not be supported on all interfaces.  Exactly 12 hex digits in the form XX:XX:XX:XX:XX:XX.",
         "type": {"key": "string", "min": 0, "max": 1}},
       "external_ids": {
         "comment": "Key-value pairs that identify this interface's role in external systems.  The only currently defined key is \"xs-vif-uuid\", whose value is the UUID of the Citrix XenServer VIF associated with this interface.",
         "type": {"key": "string", "value": "string", "min": 0, "max": "unlimited"}},
       "ofport": {
         "comment": "OpenFlow port number for this interface.  This is populated when the port number becomes known.  Before it is populated its value will be missing.  If the interface cannot be added then this is indicated by a value of -1.",
         "type": {"key": "integer", "min": 0, "max": 1}}}},
   "Mirror": {
     "comment": "A port mirror within a Bridge.",
     "columns": {
       "name": {
         "comment": "Arbitrary identifier for the Mirror.",
         "type": "string"},
       "select_src_port": {
         "comment": "Ports on which arriving packets are selected for mirroring.",
         "type": {"key": "uuid", "keyRefTable": "Port", "min": 0, "max": "unlimited"}},
       "select_dst_port": {
         "comment": "Ports on which departing packets are selected for mirroring.",
         "type": {"key": "uuid", "keyRefTable": "Port", "min": 0, "max": "unlimited"}},
       "select_vlan": {
         "comment": "VLANs on which packets are selected for mirroring.",
         "type": {"key": "integer", "min": 0, "max": 4096}},
       "output_port": {
         "comment": "Output port for selected packets.  Mutually exclusive with output_vlan.",
         "type": {"key": "uuid", "keyRefTable": "Port", "min": 0, "max": 1}},
       "output_vlan": {
         "comment": "Output VLAN for selected packets.  Mutually exclusive with output_port.",
         "type": {"key": "integer", "min": 0, "max": 1}}}},
   "NetFlow": {
     "comment": "A NetFlow target.",
     "columns": {
       "targets": {
         "comment": "NetFlow targets in the form \"IP:PORT\".",
         "type": {"key": "string", "min": 1, "max": "unlimited"}},
       "engine_type": {
         "comment": "Engine type to use in NetFlow messages.  Defaults to datapath index if not specified.",
         "type": "integer", "min":0, "max":1},
       "engine_id": {
         "comment": "Engine ID to use in NetFlow messages.  Defaults to datapath index if not specified.",
         "type": "integer", "min":0, "max":1},
       "add_id_to_interface": {
         "comment": "Place least-significant 7 bits of engine ID into most significant bits of ingress and egress interface fields of NetFlow records?",
         "type": "boolean"},
       "active_timeout": {
         "comment": "Active timeout interval, in seconds.  A value of 0 requests the default timeout; a negative value disables active timeouts.",
         "type": "integer"}}},
   "Controller": {
     "comment": "An OpenFlow controller.",
     "columns": {
       "target": {
         "comment": "Connection method for controller, e.g. \"ssl:...\", \"tcp:...\".  The special string \"discover\" enables controller discovery.  The special string \"none\" disables the controller.",
         "type": "string"},
       "max_backoff": {
         "comment": "Maximum number of milliseconds to wait between connection attempts.  Default is implementation-specific.",
         "type": {"key": "integer", "min": 0, "max": 1}},
       "inactivity_probe": {
         "comment": "Maximum number of milliseconds of idle time on connection to controller before sending an inactivity probe message.  Default is implementation-specific.",
         "type": {"key": "integer", "min": 0, "max": 1}},
       "fail_mode": {
         "comment": "Either \"standalone\" or \"secure\", or empty to use the implementation's default.",
         "type": {"key": "string", "min": 0, "max": 1}},
       "discover_accept_regex": {
         "comment": "If \"target\" is \"discover\", a POSIX extended regular expression against which the discovered controller location is validated.  If not specified, the default is implementation-specific.",
         "type": {"key": "string", "min": 0, "max": 1}},
       "discover_update_resolv_conf": {
         "comment": "If \"target\" is \"discover\", whether to update /etc/resolv.conf when the controller is discovered.  If not specified, the default is implementation-specific.",
         "type": {"key": "boolean", "min": 0, "max": 1}},
       "connection_mode": {
         "comment": "Either \"in-band\" or \"out-of-band\".  If not specified, the default is implementation-specific.",
         "type": {"key": "string", "min": 0, "max": 1}},
       "local_ip": {
         "comment": "If \"target\" is not \"discover\", the IP address to configure on the local port.",
         "type": {"key": "string", "min": 0, "max": 1}},
       "local_netmask": {
         "comment": "If \"target\" is not \"discover\", the IP netmask to configure on the local port.",
         "type": {"key": "string", "min": 0, "max": 1}},
       "local_gateway": {
         "comment": "If \"target\" is not \"discover\", the IP gateway to configure on the local port.",
         "type": {"key": "string", "min": 0, "max": 1}},
       "controller_rate_limit": {
         "comment": "The maximum rate at which packets will be forwarded to the OpenFlow controller, in packets per second.  If not specified, the default is implementation-specific.",
         "type": {"key": "integer", "min": 0, "max": 1}},
       "controller_burst_limit": {
         "comment": "The maximum number of unused packet credits that the bridge will allow to accumulate, in packets.  If not specified, the default is implementation-specific.",
         "type": {"key": "integer", "min": 0, "max": 1}}}},
   "SSL": {
     "comment": "SSL configuration for an Open_vSwitch.",
     "columns": {
       "private_key": {
         "comment": "Name of a PEM file containing the private key used as the switch's identity for SSL connections to the controller.",
         "type": "string"},
       "certificate": {
         "comment": "Name of a PEM file containing a certificate, signed by the certificate authority (CA) used by the controller and manager, that certifies the switch's private key, identifying a trustworthy switch.",
         "type": "string"},
       "ca_cert": {
         "comment": "Name of a PEM file containing the CA certificate used to verify that the switch is connected to a trustworthy controller.",
         "type": "string"},
       "bootstrap_ca_cert": {
         "comment": "If set to true, then Open vSwitch will attempt to obtain the CA certificate from the controller on its first SSL connection and save it to the named PEM file. If it is successful, it will immediately drop the connection and reconnect, and from then on all SSL connections must be authenticated by a certificate signed by the CA certificate thus obtained.  This option exposes the SSL connection to a man-in-the-middle attack obtaining the initial CA certificate, but it may be useful for bootstrapping.",
         "type": "boolean"}}}}}
Commit	Line	Data
d879a707 BP	1	//
	2	// This is an ovsdb-idl schema. The OVSDB IDL compiler, ovsdb-idlc,
	3	// can translate it into an OVSDB schema (which simply entails
	4	// deleting some members from the schema) or C headers or source for
	5	// use with the IDL at runtime.
	6	//
	7
	8	{"name": "ovs_vswitchd_db",
	9	"comment": "Configuration for one Open vSwitch daemon.",
c3bb4bd7 BP	10	"idlPrefix": "ovsrec_",
c3bb4bd7 BP	11	"idlHeader": "\"vswitchd/vswitch-idl.h\"",
d879a707	12	"tables": {
352cd3f4	13	"Open_vSwitch": {
d879a707 BP	14	"comment": "Configuration for an Open vSwitch daemon.",
	15	"columns": {
	16	"bridges": {
	17	"comment": "Set of bridges managed by the daemon.",
	18	"type": {"key": "uuid", "keyRefTable": "Bridge",
	19	"min": 0, "max": "unlimited"}},
	20	"management_id": {
	21	"comment": "Exactly 12 hex digits that identify the daemon.",
	22	"type": "string"},
	23	"controller": {
	24	"comment": "Default Controller used by bridges.",
	25	"type": {"key": "uuid", "keyRefTable": "Controller", "min": 0, "max": 1}},
	26	"ssl": {
	27	"comment": "SSL used globally by the daemon.",
	28	"type": {"key": "uuid", "keyRefTable": "SSL", "min": 0, "max": 1}}}},
	29	"Bridge": {
352cd3f4	30	"comment": "Configuration for a bridge within an Open_vSwitch.",
d879a707 BP	31	"columns": {
	32	"name": {
	33	"comment": "Bridge identifier. Should be alphanumeric and no more than about 8 bytes long. Must be unique among the names of ports, interfaces, and bridges on a host.",
	34	"type": "string"},
	35	"datapath_id": {
	36	"comment": "OpenFlow datapath ID. Exactly 12 hex digits.",
	37	"type": {"key": "string", "min": 0, "max": 1}},
	38	"hwaddr": {
	39	"comment": "Ethernet address to use for bridge. Exactly 12 hex digits in the form XX:XX:XX:XX:XX:XX.",
	40	"type": {"key": "string", "min": 0, "max": 1}},
	41	"ports": {
	42	"comment": "Ports included in the bridge.",
	43	"type": {"key": "uuid", "keyRefTable": "Port", "min": 0, "max": "unlimited"}},
	44	"mirrors": {
	45	"comment": "Port mirroring configuration.",
	46	"type": {"key": "uuid", "keyRefTable": "Mirror", "min": 0, "max": "unlimited"}},
	47	"netflow": {
	48	"comment": "NetFlow configuration.",
76343538	49	"type": {"key": "uuid", "keyRefTable": "NetFlow", "min": 0, "max": 1}},
d879a707	50	"controller": {
352cd3f4	51	"comment": "OpenFlow controller. If unset, defaults to that specified by the parent Open_vSwitch.",
d879a707 BP	52	"type": {"key": "uuid", "keyRefTable": "Controller", "min": 0, "max": 1}}}},
	53	"Port": {
	54	"comment": "A port within a Bridge. May contain a single Interface or multiple (bonded) Interfaces.",
	55	"columns": {
	56	"name": {
	57	"comment": "Port name. Should be alphanumeric and no more than about 8 bytes long. May be the same as the interface name, for non-bonded ports. Must otherwise be unique among the names of ports, interfaces, and bridges on a host.",
	58	"type": "string"},
	59	"interfaces": {
	60	"comment": "The Port's Interfaces. If there is more than one, this is a bonded Port.",
	61	"type": {"key": "uuid", "keyRefTable": "Interface", "min": 1, "max": "unlimited"}},
	62	"trunks": {
	63	"comment": "The 802.1Q VLAN(s) that this port trunks. Should be empty if this port trunks all VLAN(s) or if this is not a trunk port.",
	64	"type": {"key": "integer", "min": 0, "max": 4096}},
	65	"tag": {
	66	"comment": "This port's implicitly tagged VLAN. Should be empty if this is a trunk port.",
	67	"type": {"key": "integer", "min": 0, "max": 1}},
76343538 BP	68	"mac": {
	69	"comment": "The MAC address to use for this port for the purpose of choosing the bridge's MAC address. This column does not necessarily reflect the port's actual MAC address, nor will setting it change the port's actual MAC address. Exactly 12 hex digits in the form XX:XX:XX:XX:XX:XX.",
	70	"type": {"key": "string", "min": 0, "max": 1}},
	71	"bond_updelay": {
d879a707 BP	72	"comment": "For a bonded port, the number of milliseconds for which carrier must stay up on an interface before the interface is considered to be up. Ignored for non-bonded ports.",
d879a707 BP	73	"type": "integer"},
76343538	74	"bond_downdelay": {
d879a707	75	"comment": "For a bonded port, the number of milliseconds for which carrier must stay down on an interface before the interface is considered to be down. Ignored for non-bonded ports.",
76343538 BP	76	"type": "integer"},
	77	"bond_fake_iface": {
	78	"comment": "For a bonded port, whether to create a fake interface with the name of the port. Use only for compatibility with legacy software that requires this.",
	79	"type": "boolean"}}},
d879a707 BP	80	"Interface": {
	81	"comment": "An interface within a Port.",
	82	"columns": {
	83	"name": {
	84	"comment": "Interface name. Should be alphanumeric and no more than about 8 bytes long. May be the same as the port name, for non-bonded ports. Must otherwise be unique among the names of ports, interfaces, and bridges on a host.",
	85	"type": "string"},
76343538	86	"type": {
c1546e02	87	"comment": "The interface type. Normal network devices, e.g. eth0, have type \"system\" or \"\" (which are synonyms). Internal ports have type \"internal\". TUN/TAP devices have type \"tap\". GRE devices have type \"gre\".",
76343538 BP	88	"type": "string"},
	89	"options": {
	90	"comment": "Configuration options whose interpretation varies based on \"type\".",
	91	"type": {"key": "string", "value": "string", "min": 0, "max": "unlimited"}},
d879a707 BP	92	"internal": {
	93	"comment": "An \"internal\" port is one that is implemented in software as a logical device.",
	94	"type": "boolean"},
	95	"ingress_policing_rate": {
	96	"comment": "Maximum rate for data received on this interface, in kbps. Set to 0 to disable policing.",
	97	"type": "integer"},
	98	"ingress_policing_burst": {
	99	"comment": "Maximum burst size for data received on this interface, in kb. The default burst size if set to 0 is 10 kb.",
76343538 BP	100	"type": "integer"},
	101	"mac": {
	102	"comment": "Ethernet address to set for this interface. If unset then the default MAC address is used. May not be supported on all interfaces. Exactly 12 hex digits in the form XX:XX:XX:XX:XX:XX.",
99331c0a	103	"type": {"key": "string", "min": 0, "max": 1}},
da50fb9c BP	104	"external_ids": {
	105	"comment": "Key-value pairs that identify this interface's role in external systems. The only currently defined key is \"xs-vif-uuid\", whose value is the UUID of the Citrix XenServer VIF associated with this interface.",
	106	"type": {"key": "string", "value": "string", "min": 0, "max": "unlimited"}},
	107	"ofport": {
	108	"comment": "OpenFlow port number for this interface. This is populated when the port number becomes known. Before it is populated its value will be missing. If the interface cannot be added then this is indicated by a value of -1.",
	109	"type": {"key": "integer", "min": 0, "max": 1}}}},
d879a707 BP	110	"Mirror": {
	111	"comment": "A port mirror within a Bridge.",
	112	"columns": {
	113	"name": {
	114	"comment": "Arbitrary identifier for the Mirror.",
	115	"type": "string"},
	116	"select_src_port": {
	117	"comment": "Ports on which arriving packets are selected for mirroring.",
	118	"type": {"key": "uuid", "keyRefTable": "Port", "min": 0, "max": "unlimited"}},
	119	"select_dst_port": {
	120	"comment": "Ports on which departing packets are selected for mirroring.",
	121	"type": {"key": "uuid", "keyRefTable": "Port", "min": 0, "max": "unlimited"}},
	122	"select_vlan": {
	123	"comment": "VLANs on which packets are selected for mirroring.",
	124	"type": {"key": "integer", "min": 0, "max": 4096}},
	125	"output_port": {
0809cca7	126	"comment": "Output port for selected packets. Mutually exclusive with output_vlan.",
d879a707 BP	127	"type": {"key": "uuid", "keyRefTable": "Port", "min": 0, "max": 1}},
d879a707 BP	128	"output_vlan": {
0809cca7	129	"comment": "Output VLAN for selected packets. Mutually exclusive with output_port.",
d879a707	130	"type": {"key": "integer", "min": 0, "max": 1}}}},
352cd3f4 JP	131	"NetFlow": {
352cd3f4 JP	132	"comment": "A NetFlow target.",
d879a707	133	"columns": {
76343538 BP	134	"targets": {
	135	"comment": "NetFlow targets in the form \"IP:PORT\".",
	136	"type": {"key": "string", "min": 1, "max": "unlimited"}},
d879a707	137	"engine_type": {
352cd3f4 JP	138	"comment": "Engine type to use in NetFlow messages. Defaults to datapath index if not specified.",
352cd3f4 JP	139	"type": "integer", "min":0, "max":1},
d879a707	140	"engine_id": {
352cd3f4 JP	141	"comment": "Engine ID to use in NetFlow messages. Defaults to datapath index if not specified.",
352cd3f4 JP	142	"type": "integer", "min":0, "max":1},
d879a707 BP	143	"add_id_to_interface": {
d879a707 BP	144	"comment": "Place least-significant 7 bits of engine ID into most significant bits of ingress and egress interface fields of NetFlow records?",
76343538 BP	145	"type": "boolean"},
	146	"active_timeout": {
	147	"comment": "Active timeout interval, in seconds. A value of 0 requests the default timeout; a negative value disables active timeouts.",
	148	"type": "integer"}}},
d879a707 BP	149	"Controller": {
	150	"comment": "An OpenFlow controller.",
	151	"columns": {
	152	"target": {
76343538	153	"comment": "Connection method for controller, e.g. \"ssl:...\", \"tcp:...\". The special string \"discover\" enables controller discovery. The special string \"none\" disables the controller.",
d879a707 BP	154	"type": "string"},
	155	"max_backoff": {
	156	"comment": "Maximum number of milliseconds to wait between connection attempts. Default is implementation-specific.",
	157	"type": {"key": "integer", "min": 0, "max": 1}},
	158	"inactivity_probe": {
	159	"comment": "Maximum number of milliseconds of idle time on connection to controller before sending an inactivity probe message. Default is implementation-specific.",
	160	"type": {"key": "integer", "min": 0, "max": 1}},
	161	"fail_mode": {
	162	"comment": "Either \"standalone\" or \"secure\", or empty to use the implementation's default.",
	163	"type": {"key": "string", "min": 0, "max": 1}},
352cd3f4 JP	164	"discover_accept_regex": {
352cd3f4 JP	165	"comment": "If \"target\" is \"discover\", a POSIX extended regular expression against which the discovered controller location is validated. If not specified, the default is implementation-specific.",
d879a707	166	"type": {"key": "string", "min": 0, "max": 1}},
352cd3f4 JP	167	"discover_update_resolv_conf": {
352cd3f4 JP	168	"comment": "If \"target\" is \"discover\", whether to update /etc/resolv.conf when the controller is discovered. If not specified, the default is implementation-specific.",
d879a707 BP	169	"type": {"key": "boolean", "min": 0, "max": 1}},
	170	"connection_mode": {
	171	"comment": "Either \"in-band\" or \"out-of-band\". If not specified, the default is implementation-specific.",
	172	"type": {"key": "string", "min": 0, "max": 1}},
	173	"local_ip": {
352cd3f4	174	"comment": "If \"target\" is not \"discover\", the IP address to configure on the local port.",
d879a707 BP	175	"type": {"key": "string", "min": 0, "max": 1}},
d879a707 BP	176	"local_netmask": {
352cd3f4	177	"comment": "If \"target\" is not \"discover\", the IP netmask to configure on the local port.",
d879a707 BP	178	"type": {"key": "string", "min": 0, "max": 1}},
d879a707 BP	179	"local_gateway": {
352cd3f4	180	"comment": "If \"target\" is not \"discover\", the IP gateway to configure on the local port.",
d879a707 BP	181	"type": {"key": "string", "min": 0, "max": 1}},
	182	"controller_rate_limit": {
	183	"comment": "The maximum rate at which packets will be forwarded to the OpenFlow controller, in packets per second. If not specified, the default is implementation-specific.",
	184	"type": {"key": "integer", "min": 0, "max": 1}},
	185	"controller_burst_limit": {
	186	"comment": "The maximum number of unused packet credits that the bridge will allow to accumulate, in packets. If not specified, the default is implementation-specific.",
	187	"type": {"key": "integer", "min": 0, "max": 1}}}},
	188	"SSL": {
352cd3f4	189	"comment": "SSL configuration for an Open_vSwitch.",
d879a707 BP	190	"columns": {
	191	"private_key": {
	192	"comment": "Name of a PEM file containing the private key used as the switch's identity for SSL connections to the controller.",
	193	"type": "string"},
	194	"certificate": {
	195	"comment": "Name of a PEM file containing a certificate, signed by the certificate authority (CA) used by the controller and manager, that certifies the switch's private key, identifying a trustworthy switch.",
	196	"type": "string"},
	197	"ca_cert": {
	198	"comment": "Name of a PEM file containing the CA certificate used to verify that the switch is connected to a trustworthy controller.",
76343538 BP	199	"type": "string"},
	200	"bootstrap_ca_cert": {
	201	"comment": "If set to true, then Open vSwitch will attempt to obtain the CA certificate from the controller on its first SSL connection and save it to the named PEM file. If it is successful, it will immediately drop the connection and reconnect, and from then on all SSL connections must be authenticated by a certificate signed by the CA certificate thus obtained. This option exposes the SSL connection to a man-in-the-middle attack obtaining the initial CA certificate, but it may be useful for bootstrapping.",
	202	"type": "boolean"}}}}}