]> git.proxmox.com Git - ovs.git/blame - vswitchd/vswitch.xml
projects / ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vswitch.xml: OpenFlow 1.5 has been released.
[ovs.git] / vswitchd / vswitch.xml
CommitLineData
ce887677 1<?xml version="1.0" encoding="utf-8"?>
57ba0a77 2<database name="ovs-vswitchd.conf.db" title="Open vSwitch Configuration Database">
c5f341ab
BP		 3 <p>
4 A database with this schema holds the configuration for one Open
5 vSwitch daemon. The top-level configuration for the daemon is the
6 <ref table="Open_vSwitch"/> table, which must have exactly one
89365653 7 record. Records in other tables are significant only when they
c5f341ab
BP		 8 can be reached directly or indirectly from the <ref
9 table="Open_vSwitch"/> table. Records that are not reachable from
10 the <ref table="Open_vSwitch"/> table are automatically deleted
11 from the database, except for records in a few distinguished
3fd8d445 12 ``root set'' tables.
c5f341ab 13 </p>
89365653 14
3fd8d445
BP		 15 <h2>Common Columns</h2>
16
17 <p>
18 Most tables contain two special columns, named <code>other_config</code>
19 and <code>external_ids</code>. These columns have the same form and
20 purpose each place that they appear, so we describe them here to save space
21 later.
22 </p>
23
24 <dl>
25 <dt><code>other_config</code>: map of string-string pairs</dt>
26 <dd>
27 <p>
28 Key-value pairs for configuring rarely used features. Supported keys,
29 along with the forms taken by their values, are documented individually
30 for each table.
31 </p>
32 <p>
33 A few tables do not have <code>other_config</code> columns because no
34 key-value pairs have yet been defined for them.
35 </p>
36 </dd>
37
38 <dt><code>external_ids</code>: map of string-string pairs</dt>
39 <dd>
40 Key-value pairs for use by external frameworks that integrate with Open
41 vSwitch, rather than by Open vSwitch itself. System integrators should
42 either use the Open vSwitch development mailing list to coordinate on
43 common key-value definitions, or choose key names that are likely to be
44 unique. In some cases, where key-value pairs have been defined that are
45 likely to be widely useful, they are documented individually for each
46 table.
47 </dd>
48 </dl>
49
89365653 50 <table name="Open_vSwitch" title="Open vSwitch configuration.">
c5f341ab
BP		 51 Configuration for an Open vSwitch daemon. There must be exactly
52 one record in the <ref table="Open_vSwitch"/> table.
89365653
BP		 53
54 <group title="Configuration">
55 <column name="bridges">
56 Set of bridges managed by the daemon.
57 </column>
58
89365653
BP		 59 <column name="ssl">
60 SSL used globally by the daemon.
61 </column>
f5e7ed5d 62
3fd8d445
BP		 63 <column name="external_ids" key="system-id">
64 A unique identifier for the Open vSwitch's physical host.
65 The form of the identifier depends on the type of the host.
66 On a Citrix XenServer, this will likely be the same as
67 <ref column="external_ids" key="xs-system-uuid"/>.
3fe80505
BP		 68 </column>
69
3fd8d445
BP		 70 <column name="external_ids" key="xs-system-uuid">
71 The Citrix XenServer universally unique identifier for the physical
72 host as displayed by <code>xe host-list</code>.
f5e7ed5d 73 </column>
40358701 74
9e6ec60a
RB		 75 <column name="external_ids" key="hostname">
76 The hostname for the host running Open vSwitch.
77 </column>
78
12eb035b
AW		 79 <column name="other_config" key="stats-update-interval"
80 type='{"type": "integer", "minInteger": 5000}'>
81 <p>
82 Interval for updating statistics to the database, in milliseconds.
83 This option will affect the update of the <code>statistics</code>
84 column in the following tables: <code>Port</code>, <code>Interface
85 </code>, <code>Mirror</code>.
86 </p>
87 <p>
88 Default value is 5000 ms.
89 </p>
90 <p>
91 Getting statistics more frequently can be achieved via OpenFlow.
92 </p>
93 </column>
94
40358701
GS		 95 <column name="other_config" key="flow-restore-wait"
96 type='{"type": "boolean"}'>
97 <p>
98 When <code>ovs-vswitchd</code> starts up, it has an empty flow table
99 and therefore it handles all arriving packets in its default fashion
100 according to its configuration, by dropping them or sending them to
101 an OpenFlow controller or switching them as a standalone switch.
102 This behavior is ordinarily desirable. However, if
103 <code>ovs-vswitchd</code> is restarting as part of a ``hot-upgrade,''
104 then this leads to a relatively long period during which packets are
105 mishandled.
106 </p>
107 <p>
108 This option allows for improvement. When <code>ovs-vswitchd</code>
109 starts with this value set as <code>true</code>, it will neither
110 flush or expire previously set datapath flows nor will it send and
111 receive any packets to or from the datapath. When this value is
112 later set to <code>false</code>, <code>ovs-vswitchd</code> will
113 start receiving packets from the datapath and re-setup the flows.
114 </p>
115 <p>
116 Thus, with this option, the procedure for a hot-upgrade of
117 <code>ovs-vswitchd</code> becomes roughly the following:
118 </p>
119 <ol>
120 <li>
121 Stop <code>ovs-vswitchd</code>.
122 </li>
123 <li>
124 Set <ref column="other_config" key="flow-restore-wait"/>
125 to <code>true</code>.
126 </li>
127 <li>
128 Start <code>ovs-vswitchd</code>.
129 </li>
130 <li>
131 Use <code>ovs-ofctl</code> (or some other program, such as an
132 OpenFlow controller) to restore the OpenFlow flow table
133 to the desired state.
134 </li>
135 <li>
136 Set <ref column="other_config" key="flow-restore-wait"/>
137 to <code>false</code> (or remove it entirely from the database).
138 </li>
139 </ol>
407b1473
GS		 140 <p>
141 The <code>ovs-ctl</code>'s ``restart'' and ``force-reload-kmod''
142 functions use the above config option during hot upgrades.
143 </p>
40358701 144 </column>
380f49c4 145
e79a6c83 146 <column name="other_config" key="flow-limit"
380f49c4
EJ		 147 type='{"type": "integer", "minInteger": 0}'>
148 <p>
e79a6c83
EJ		 149 The maximum
150 number of flows allowed in the datapath flow table. Internally OVS
151 will choose a flow limit which will likely be lower than this number,
38b366b1
JS		 152 based on real time network conditions. Tweaking this value is
153 discouraged unless you know exactly what you're doing.
380f49c4
EJ		 154 </p>
155 <p>
e79a6c83 156 The default is 200000.
380f49c4
EJ		 157 </p>
158 </column>
7155fa52 159
06745dc3
JS		 160 <column name="other_config" key="max-idle"
161 type='{"type": "integer", "minInteger": 500}'>
162 <p>
163 The maximum time (in ms) that idle flows will remain cached in the
164 datapath. Internally OVS will check the validity and activity for
165 datapath flows regularly and may expire flows quicker than this
166 number, based on real time network conditions. Tweaking this
167 value is discouraged unless you know exactly what you're doing.
168 </p>
169 <p>
170 The default is 10000.
171 </p>
172 </column>
173
f2eee189
AW		 174 <column name="other_config" key="pmd-cpu-mask">
175 <p>
176 Specifies CPU mask for setting the cpu affinity of PMD (Poll
177 Mode Driver) threads. Value should be in the form of hex string,
178 similar to the dpdk EAL '-c COREMASK' option input or the 'taskset'
179 mask input.
180 </p>
181 <p>
182 The lowest order bit corresponds to the first CPU core. A set bit
ee8627fa
AW		 183 means the corresponding core is available and a pmd thread will be
184 created and pinned to it. If the input does not cover all cores,
185 those uncovered cores are considered not set.
f2eee189
AW		 186 </p>
187 <p>
188 If not specified, one pmd thread will be created for each numa node
189 and pinned to any available core on the numa node by default.
190 </p>
191 </column>
192
448a4b2f
AW		 193 <column name="other_config" key="n-handler-threads"
194 type='{"type": "integer", "minInteger": 1}'>
195 <p>
196 Specifies the number of threads for software datapaths to use for
e79a6c83
EJ		 197 handling new flows. The default the number of online CPU cores minus
198 the number of revalidators.
199 </p>
200 <p>
201 This configuration is per datapath. If you have more than one
202 software datapath (e.g. some <code>system</code> bridges and some
203 <code>netdev</code> bridges), then the total number of threads is
204 <code>n-handler-threads</code> times the number of software
205 datapaths.
206 </p>
207 </column>
208
209 <column name="other_config" key="n-revalidator-threads"
210 type='{"type": "integer", "minInteger": 1}'>
211 <p>
212 Specifies the number of threads for software datapaths to use for
213 revalidating flows in the datapath. Typically, there is a direct
214 correlation between the number of revalidator threads, and the number
215 of flows allowed in the datapath. The default is the number of cpu
216 cores divided by four plus one. If <code>n-handler-threads</code> is
217 set, the default changes to the number of cpu cores minus the number
218 of handler threads.
448a4b2f
AW		 219 </p>
220 <p>
221 This configuration is per datapath. If you have more than one
222 software datapath (e.g. some <code>system</code> bridges and some
223 <code>netdev</code> bridges), then the total number of threads is
224 <code>n-handler-threads</code> times the number of software
225 datapaths.
226 </p>
227 </column>
89365653
BP		 228 </group>
229
230 <group title="Status">
231 <column name="next_cfg">
232 Sequence number for client to increment. When a client modifies
233 any part of the database configuration and wishes to wait for
234 Open vSwitch to finish applying the changes, it may increment
235 this sequence number.
236 </column>
237
238 <column name="cur_cfg">
239 Sequence number that Open vSwitch sets to the current value of
2e57b537 240 <ref column="next_cfg"/> after it finishes applying a set of
89365653
BP		 241 configuration changes.
242 </column>
c1c9c9c4 243
3fd8d445 244 <group title="Statistics">
018f1525 245 <p>
3fd8d445
BP		 246 The <code>statistics</code> column contains key-value pairs that
247 report statistics about a system running an Open vSwitch. These are
248 updated periodically (currently, every 5 seconds). Key-value pairs
249 that cannot be determined or that do not apply to a platform are
250 omitted.
ce887677
BP		 251 </p>
252
f9e5e5b3
BP		 253 <column name="other_config" key="enable-statistics"
254 type='{"type": "boolean"}'>
3fd8d445
BP		 255 Statistics are disabled by default to avoid overhead in the common
256 case when statistics gathering is not useful. Set this value to
257 <code>true</code> to enable populating the <ref column="statistics"/>
258 column or to <code>false</code> to explicitly disable it.
259 </column>
3fe80505 260
f9e5e5b3
BP		 261 <column name="statistics" key="cpu"
262 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 263 <p>
264 Number of CPU processors, threads, or cores currently online and
265 available to the operating system on which Open vSwitch is running,
266 as an integer. This may be less than the number installed, if some
267 are not online or if they are not available to the operating
268 system.
269 </p>
270 <p>
271 Open vSwitch userspace processes are not multithreaded, but the
272 Linux kernel-based datapath is.
273 </p>
274 </column>
ce887677 275
3fd8d445
BP		 276 <column name="statistics" key="load_average">
277 A comma-separated list of three floating-point numbers,
278 representing the system load average over the last 1, 5, and 15
279 minutes, respectively.
280 </column>
ce887677 281
3fd8d445
BP		 282 <column name="statistics" key="memory">
283 <p>
284 A comma-separated list of integers, each of which represents a
285 quantity of memory in kilobytes that describes the operating
286 system on which Open vSwitch is running. In respective order,
287 these values are:
288 </p>
ce887677 289
3fd8d445
BP		 290 <ol>
291 <li>Total amount of RAM allocated to the OS.</li>
292 <li>RAM allocated to the OS that is in use.</li>
293 <li>RAM that can be flushed out to disk or otherwise discarded
294 if that space is needed for another purpose. This number is
295 necessarily less than or equal to the previous value.</li>
296 <li>Total disk space allocated for swap.</li>
297 <li>Swap space currently in use.</li>
298 </ol>
ce887677 299
3fd8d445
BP		 300 <p>
301 On Linux, all five values can be determined and are included. On
302 other operating systems, only the first two values can be
303 determined, so the list will only have two values.
304 </p>
305 </column>
ce887677 306
3fd8d445
BP		 307 <column name="statistics" key="process_NAME">
308 <p>
309 One such key-value pair, with <code>NAME</code> replaced by
310 a process name, will exist for each running Open vSwitch
311 daemon process, with <var>name</var> replaced by the
312 daemon's name (e.g. <code>process_ovs-vswitchd</code>). The
313 value is a comma-separated list of integers. The integers
314 represent the following, with memory measured in kilobytes
315 and durations in milliseconds:
316 </p>
ce887677 317
3fd8d445
BP		 318 <ol>
319 <li>The process's virtual memory size.</li>
320 <li>The process's resident set size.</li>
321 <li>The amount of user and system CPU time consumed by the
322 process.</li>
323 <li>The number of times that the process has crashed and been
324 automatically restarted by the monitor.</li>
325 <li>The duration since the process was started.</li>
326 <li>The duration for which the process has been running.</li>
327 </ol>
ce887677 328
3fd8d445
BP		 329 <p>
330 The interpretation of some of these values depends on whether the
331 process was started with the <option>--monitor</option>. If it
332 was not, then the crash count will always be 0 and the two
333 durations will always be the same. If <option>--monitor</option>
334 was given, then the crash count may be positive; if it is, the
335 latter duration is the amount of time since the most recent crash
336 and restart.
337 </p>
ce887677 338
3fd8d445
BP		 339 <p>
340 There will be one key-value pair for each file in Open vSwitch's
341 ``run directory'' (usually <code>/var/run/openvswitch</code>)
342 whose name ends in <code>.pid</code>, whose contents are a
343 process ID, and which is locked by a running process. The
344 <var>name</var> is taken from the pidfile's name.
345 </p>
ce887677 346
3fd8d445
BP		 347 <p>
348 Currently Open vSwitch is only able to obtain all of the above
349 detail on Linux systems. On other systems, the same key-value
350 pairs will be present but the values will always be the empty
351 string.
352 </p>
353 </column>
ce887677 354
3fd8d445
BP		 355 <column name="statistics" key="file_systems">
356 <p>
357 A space-separated list of information on local, writable file
358 systems. Each item in the list describes one file system and
359 consists in turn of a comma-separated list of the following:
360 </p>
ce887677 361
3fd8d445
BP		 362 <ol>
363 <li>Mount point, e.g. <code>/</code> or <code>/var/log</code>.
364 Any spaces or commas in the mount point are replaced by
365 underscores.</li>
366 <li>Total size, in kilobytes, as an integer.</li>
367 <li>Amount of storage in use, in kilobytes, as an integer.</li>
368 </ol>
ce887677 369
3fd8d445
BP		 370 <p>
371 This key-value pair is omitted if there are no local, writable
372 file systems or if Open vSwitch cannot obtain the needed
373 information.
374 </p>
375 </column>
376 </group>
89365653 377 </group>
94db5407 378
538c6dfa
BP		 379 <group title="Version Reporting">
380 <p>
6b4186af
EJ		 381 These columns report the types and versions of the hardware and
382 software running Open vSwitch. We recommend in general that software
383 should test whether specific features are supported instead of relying
384 on version number checks. These values are primarily intended for
385 reporting to human administrators.
538c6dfa
BP		 386 </p>
387
388 <column name="ovs_version">
d4da3acc 389 The Open vSwitch version number, e.g. <code>1.1.0</code>.
538c6dfa
BP		 390 </column>
391
8159b984 392 <column name="db_version">
6b4186af 393 <p>
8159b984
BP		 394 The database schema version number in the form
395 <code><var>major</var>.<var>minor</var>.<var>tweak</var></code>,
396 e.g. <code>1.2.3</code>. Whenever the database schema is changed in
397 a non-backward compatible way (e.g. deleting a column or a table),
398 <var>major</var> is incremented. When the database schema is changed
399 in a backward compatible way (e.g. adding a new column),
400 <var>minor</var> is incremented. When the database schema is changed
401 cosmetically (e.g. reindenting its syntax), <var>tweak</var> is
402 incremented.
403 </p>
404
405 <p>
406 The schema version is part of the database schema, so it can also be
407 retrieved by fetching the schema using the Open vSwitch database
408 protocol.
409 </p>
410 </column>
411
538c6dfa
BP		 412 <column name="system_type">
413 <p>
6b4186af
EJ		 414 An identifier for the type of system on top of which Open vSwitch
415 runs, e.g. <code>XenServer</code> or <code>KVM</code>.
416 </p>
417 <p>
418 System integrators are responsible for choosing and setting an
419 appropriate value for this column.
420 </p>
538c6dfa
BP		 421 </column>
422
423 <column name="system_version">
424 <p>
6b4186af 425 The version of the system identified by <ref column="system_type"/>,
404c1692 426 e.g. <code>5.6.100-39265p</code> on XenServer 5.6.100 build 39265.
6b4186af
EJ		 427 </p>
428 <p>
429 System integrators are responsible for choosing and setting an
430 appropriate value for this column.
431 </p>
538c6dfa 432 </column>
6b4186af 433
538c6dfa
BP		 434 </group>
435
842733c3
MG		 436 <group title="Capabilities">
437 <p>
438 These columns report capabilities of the Open vSwitch instance.
439 </p>
440 <column name="datapath_types">
441 <p>
442 This column reports the different dpifs registered with the system.
443 These are the values that this instance supports in the <ref
444 column="datapath_type" table="Bridge"/> column of the <ref
445 table="Bridge"/> table.
446 </p>
447 </column>
448 <column name="iface_types">
449 <p>
450 This column reports the different netdevs registered with the system.
451 These are the values that this instance supports in the <ref
452 column="type" table="Interface"/> column of the <ref
453 table="Interface"/> table.
454 </p>
455 </column>
456 </group>
457
94db5407
BP		 458 <group title="Database Configuration">
459 <p>
460 These columns primarily configure the Open vSwitch database
461 (<code>ovsdb-server</code>), not the Open vSwitch switch
462 (<code>ovs-vswitchd</code>). The OVSDB database also uses the <ref
463 column="ssl"/> settings.
464 </p>
465
466 <p>
467 The Open vSwitch switch does read the database configuration to
468 determine remote IP addresses to which in-band control should apply.
469 </p>
470
471 <column name="manager_options">
472 Database clients to which the Open vSwitch database server should
473 connect or to which it should listen, along with options for how these
474 connection should be configured. See the <ref table="Manager"/> table
475 for more information.
476 </column>
94db5407 477 </group>
3fd8d445
BP		 478
479 <group title="Common Columns">
480 The overall purpose of these columns is described under <code>Common
481 Columns</code> at the beginning of this document.
482
483 <column name="other_config"/>
484 <column name="external_ids"/>
485 </group>
89365653
BP		 486 </table>
487
488 <table name="Bridge">
489 <p>
490 Configuration for a bridge within an
491 <ref table="Open_vSwitch"/>.
492 </p>
493 <p>
494 A <ref table="Bridge"/> record represents an Ethernet switch with one or
495 more ``ports,'' which are the <ref table="Port"/> records pointed to by
496 the <ref table="Bridge"/>'s <ref column="ports"/> column.
497 </p>
498
499 <group title="Core Features">
500 <column name="name">
3cbe33df
BP		 501 <p>
502 Bridge identifier. Should be alphanumeric and no more than about 8
503 bytes long. Must be unique among the names of ports, interfaces, and
504 bridges on a host.
505 </p>
506
507 <p>
508 Forward and backward slashes are prohibited in bridge names.
509 </p>
89365653
BP		 510 </column>
511
512 <column name="ports">
513 Ports included in the bridge.
514 </column>
515
516 <column name="mirrors">
517 Port mirroring configuration.
518 </column>
519
520 <column name="netflow">
521 NetFlow configuration.
522 </column>
523
524 <column name="sflow">
29089a54
RL		 525 sFlow(R) configuration.
526 </column>
527
528 <column name="ipfix">
529 IPFIX configuration.
89365653
BP		 530 </column>
531
532 <column name="flood_vlans">
6c2d2a9f
BP		 533 <p>
534 VLAN IDs of VLANs on which MAC address learning should be disabled,
535 so that packets are flooded instead of being sent to specific ports
536 that are believed to contain packets' destination MACs. This should
537 ordinarily be used to disable MAC learning on VLANs used for
538 mirroring (RSPAN VLANs). It may also be useful for debugging.
539 </p>
540 <p>
541 SLB bonding (see the <ref table="Port" column="bond_mode"/> column in
542 the <ref table="Port"/> table) is incompatible with
543 <code>flood_vlans</code>. Consider using another bonding mode or
544 a different type of mirror instead.
545 </p>
89365653 546 </column>
99eef98b
DF		 547
548 <column name="auto_attach">
039a8ccd 549 Auto Attach configuration.
99eef98b 550 </column>
89365653
BP		 551 </group>
552
553 <group title="OpenFlow Configuration">
554 <column name="controller">
88f69f88
BP		 555 <p>
556 OpenFlow controller set. If unset, then no OpenFlow controllers
557 will be used.
558 </p>
559
560 <p>
561 If there are primary controllers, removing all of them clears the
562 flow table. If there are no primary controllers, adding one also
563 clears the flow table. Other changes to the set of controllers, such
564 as adding or removing a service controller, adding another primary
565 controller to supplement an existing primary controller, or removing
566 only one of two primary controllers, have no effect on the flow
567 table.
568 </p>
89365653
BP		 569 </column>
570
254750ce
BP		 571 <column name="flow_tables">
572 Configuration for OpenFlow tables. Each pair maps from an OpenFlow
573 table ID to configuration for that table.
574 </column>
575
31681a5d
JP		 576 <column name="fail_mode">
577 <p>When a controller is configured, it is, ordinarily, responsible
3fd8d445
BP		 578 for setting up all flows on the switch. Thus, if the connection to
579 the controller fails, no new network connections can be set up.
580 If the connection to the controller stays down long enough,
581 no packets can pass through the switch at all. This setting
582 determines the switch's response to such a situation. It may be set
583 to one of the following:
584 <dl>
585 <dt><code>standalone</code></dt>
586 <dd>If no message is received from the controller for three
587 times the inactivity probe interval
588 (see <ref column="inactivity_probe"/>), then Open vSwitch
589 will take over responsibility for setting up flows. In
590 this mode, Open vSwitch causes the bridge to act like an
591 ordinary MAC-learning switch. Open vSwitch will continue
592 to retry connecting to the controller in the background
593 and, when the connection succeeds, it will discontinue its
594 standalone behavior.</dd>
595 <dt><code>secure</code></dt>
596 <dd>Open vSwitch will not set up flows on its own when the
597 controller connection fails or when no controllers are
598 defined. The bridge will continue to retry connecting to
599 any defined controllers forever.</dd>
600 </dl>
31681a5d 601 </p>
aed2db18
BP		 602 <p>
603 The default is <code>standalone</code> if the value is unset, but
604 future versions of Open vSwitch may change the default.
605 </p>
7dea6ace
BP		 606 <p>
607 The <code>standalone</code> mode can create forwarding loops on a
608 bridge that has more than one uplink port unless STP is enabled. To
609 avoid loops on such a bridge, configure <code>secure</code> mode or
610 enable STP (see <ref column="stp_enable"/>).
611 </p>
299a244b 612 <p>When more than one controller is configured,
3fd8d445
BP		 613 <ref column="fail_mode"/> is considered only when none of the
614 configured controllers can be contacted.</p>
88f69f88
BP		 615 <p>
616 Changing <ref column="fail_mode"/> when no primary controllers are
617 configured clears the flow table.
618 </p>
31681a5d
JP		 619 </column>
620
89365653 621 <column name="datapath_id">
8de67146
BP		 622 Reports the OpenFlow datapath ID in use. Exactly 16 hex digits.
623 (Setting this column has no useful effect. Set <ref
624 column="other-config" key="datapath-id"/> instead.)
89365653 625 </column>
3fd8d445 626
b5cbbcf6
AZ		 627 <column name="datapath_version">
628 <p>
629 Reports the version number of the Open vSwitch datapath in use.
630 This allows management software to detect and report discrepancies
631 between Open vSwitch userspace and datapath versions. (The <ref
632 column="ovs_version" table="Open_vSwitch"/> column in the <ref
633 table="Open_vSwitch"/> reports the Open vSwitch userspace version.)
634 The version reported depends on the datapath in use:
635 </p>
636
637 <ul>
638 <li>
639 When the kernel module included in the Open vSwitch source tree is
640 used, this column reports the Open vSwitch version from which the
641 module was taken.
642 </li>
643
644 <li>
645 When the kernel module that is part of the upstream Linux kernel is
646 used, this column reports <code>&lt;unknown&gt;</code>.
647 </li>
648
649 <li>
650 When the datapath is built into the <code>ovs-vswitchd</code>
651 binary, this column reports <code>&lt;built-in&gt;</code>. A
652 built-in datapath is by definition the same version as the rest of
653 the Open VSwitch userspace.
654 </li>
655
656 <li>
657 Other datapaths (such as the Hyper-V kernel datapath) currently
658 report <code>&lt;unknown&gt;</code>.
659 </li>
660 </ul>
661
662 <p>
663 A version discrepancy between <code>ovs-vswitchd</code> and the
664 datapath in use is not normally cause for alarm. The Open vSwitch
665 kernel datapaths for Linux and Hyper-V, in particular, are designed
666 for maximum inter-version compatibility: any userspace version works
667 with with any kernel version. Some reasons do exist to insist on
668 particular user/kernel pairings. First, newer kernel versions add
669 new features, that can only be used by new-enough userspace, e.g.
670 VXLAN tunneling requires certain minimal userspace and kernel
671 versions. Second, as an extension to the first reason, some newer
672 kernel versions add new features for enhancing performance that only
673 new-enough userspace versions can take advantage of.
674 </p>
675 </column>
676
3fd8d445
BP		 677 <column name="other_config" key="datapath-id">
678 Exactly 16 hex digits to set the OpenFlow datapath ID to a specific
679 value. May not be all-zero.
680 </column>
681
8b6ff729
BP		 682 <column name="other_config" key="dp-desc">
683 Human readable description of datapath. It it a maximum 256
684 byte-long free-form string to describe the datapath for
685 debugging purposes, e.g. <code>switch3 in room 3120</code>.
686 </column>
687
f9e5e5b3
BP		 688 <column name="other_config" key="disable-in-band"
689 type='{"type": "boolean"}'>
3fd8d445
BP		 690 If set to <code>true</code>, disable in-band control on the bridge
691 regardless of controller and manager settings.
692 </column>
693
f9e5e5b3
BP		 694 <column name="other_config" key="in-band-queue"
695 type='{"type": "integer", "minInteger": 0, "maxInteger": 4294967295}'>
3fd8d445
BP		 696 A queue ID as a nonnegative integer. This sets the OpenFlow queue ID
697 that will be used by flows set up by in-band control on this bridge.
698 If unset, or if the port used by an in-band control flow does not have
699 QoS configured, or if the port does not have a queue with the specified
700 ID, the default queue is used instead.
701 </column>
7beaa082
SH		 702
703 <column name="protocols">
039a8ccd
BP		 704 <p>
705 List of OpenFlow protocols that may be used when negotiating
706 a connection with a controller. OpenFlow 1.0, 1.1, 1.2, and
707 1.3 are enabled by default if this column is empty.
708 </p>
ecb229be 709
039a8ccd 710 <p>
0c05d758
BP		 711 OpenFlow 1.4 and 1.5 are not enabled by default because their
712 implementations are missing features.
42dccab5 713 </p>
7beaa082 714 </column>
89365653
BP		 715 </group>
716
21f7563c 717 <group title="Spanning Tree Configuration">
01f13d4f
BP		 718 <p>
719 The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol
720 that ensures loop-free topologies. It allows redundant links to
721 be included in the network to provide automatic backup paths if
722 the active links fails.
723 </p>
9cc6bf75 724
01f13d4f
BP		 725 <p>
726 These settings configure the slower-to-converge but still widely
727 supported version of Spanning Tree Protocol, sometimes known as
728 802.1D-1998. Open vSwitch also supports the newer Rapid Spanning Tree
729 Protocol (RSTP), documented later in the section titled <code>Rapid
730 Spanning Tree Configuration</code>.
731 </p>
21f7563c 732
01f13d4f
BP		 733 <group title="STP Configuration">
734 <column name="stp_enable" type='{"type": "boolean"}'>
735 <p>
736 Enable spanning tree on the bridge. By default, STP is disabled
737 on bridges. Bond, internal, and mirror ports are not supported
738 and will not participate in the spanning tree.
739 </p>
21f7563c 740
01f13d4f
BP		 741 <p>
742 STP and RSTP are mutually exclusive. If both are enabled, RSTP
743 will be used.
744 </p>
745 </column>
21f7563c 746
01f13d4f
BP		 747 <column name="other_config" key="stp-system-id">
748 The bridge's STP identifier (the lower 48 bits of the bridge-id)
749 in the form
750 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
751 By default, the identifier is the MAC address of the bridge.
752 </column>
21f7563c 753
01f13d4f
BP		 754 <column name="other_config" key="stp-priority"
755 type='{"type": "integer", "minInteger": 0, "maxInteger": 65535}'>
756 The bridge's relative priority value for determining the root
757 bridge (the upper 16 bits of the bridge-id). A bridge with the
758 lowest bridge-id is elected the root. By default, the priority
759 is 0x8000.
760 </column>
dc2b70ba 761
01f13d4f
BP		 762 <column name="other_config" key="stp-hello-time"
763 type='{"type": "integer", "minInteger": 1, "maxInteger": 10}'>
764 The interval between transmissions of hello messages by
765 designated ports, in seconds. By default the hello interval is
766 2 seconds.
767 </column>
dc2b70ba 768
01f13d4f
BP		 769 <column name="other_config" key="stp-max-age"
770 type='{"type": "integer", "minInteger": 6, "maxInteger": 40}'>
771 The maximum age of the information transmitted by the bridge
772 when it is the root bridge, in seconds. By default, the maximum
773 age is 20 seconds.
774 </column>
775
776 <column name="other_config" key="stp-forward-delay"
777 type='{"type": "integer", "minInteger": 4, "maxInteger": 30}'>
778 The delay to wait between transitioning root and designated
779 ports to <code>forwarding</code>, in seconds. By default, the
780 forwarding delay is 15 seconds.
781 </column>
782
783 <column name="other_config" key="mcast-snooping-aging-time"
784 type='{"type": "integer", "minInteger": 1}'>
785 <p>
786 The maximum number of seconds to retain a multicast snooping entry for
787 which no packets have been seen. The default is currently 300
788 seconds (5 minutes). The value, if specified, is forced into a
789 reasonable range, currently 15 to 3600 seconds.
790 </p>
791 </column>
792
793 <column name="other_config" key="mcast-snooping-table-size"
794 type='{"type": "integer", "minInteger": 1}'>
795 <p>
796 The maximum number of multicast snooping addresses to learn. The
797 default is currently 2048. The value, if specified, is forced into
798 a reasonable range, currently 10 to 1,000,000.
799 </p>
800 </column>
801 <column name="other_config" key="mcast-snooping-disable-flood-unregistered"
802 type='{"type": "boolean"}'>
803 <p>
804 If set to <code>false</code>, unregistered multicast packets are forwarded
805 to all ports.
806 If set to <code>true</code>, unregistered multicast packets are forwarded
807 to ports connected to multicast routers.
808 </p>
809 </column>
810 </group>
811
812 <group title="STP Status">
dc2b70ba 813 <p>
01f13d4f
BP		 814 These key-value pairs report the status of 802.1D-1998. They are
815 present only if STP is enabled (via the <ref column="stp_enable"/>
816 column).
dc2b70ba 817 </p>
01f13d4f
BP		 818 <column name="status" key="stp_bridge_id">
819 The bridge ID used in spanning tree advertisements, in the form
820 <var>xxxx</var>.<var>yyyyyyyyyyyy</var> where the <var>x</var>s are
821 the STP priority, the <var>y</var>s are the STP system ID, and each
822 <var>x</var> and <var>y</var> is a hex digit.
823 </column>
824 <column name="status" key="stp_designated_root">
825 The designated root for this spanning tree, in the same form as <ref
826 column="status" key="stp_bridge_id"/>. If this bridge is the root,
827 this will have the same value as <ref column="status"
828 key="stp_bridge_id"/>, otherwise it will differ.
829 </column>
830 <column name="status" key="stp_root_path_cost">
831 The path cost of reaching the designated bridge. A lower number is
832 better. The value is 0 if this bridge is the root, otherwise it is
833 higher.
834 </column>
835 </group>
836 </group>
837
838 <group title="Rapid Spanning Tree">
839 <p>
840 Rapid Spanning Tree Protocol (RSTP), like STP, is a network protocol
841 that ensures loop-free topologies. RSTP superseded STP with the
842 publication of 802.1D-2004. Compared to STP, RSTP converges more
843 quickly and recovers more quickly from failures.
844 </p>
845
846 <group title="RSTP Configuration">
847 <column name="rstp_enable" type='{"type": "boolean"}'>
848 <p>
849 Enable Rapid Spanning Tree on the bridge. By default, RSTP is disabled
850 on bridges. Bond, internal, and mirror ports are not supported
851 and will not participate in the spanning tree.
852 </p>
853
854 <p>
855 STP and RSTP are mutually exclusive. If both are enabled, RSTP
856 will be used.
857 </p>
858 </column>
859
860 <column name="other_config" key="rstp-address">
861 The bridge's RSTP address (the lower 48 bits of the bridge-id)
862 in the form
863 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
864 By default, the address is the MAC address of the bridge.
865 </column>
866
867 <column name="other_config" key="rstp-priority"
868 type='{"type": "integer", "minInteger": 0, "maxInteger": 61440}'>
869 The bridge's relative priority value for determining the root
870 bridge (the upper 16 bits of the bridge-id). A bridge with the
871 lowest bridge-id is elected the root. By default, the priority
872 is 0x8000 (32768). This value needs to be a multiple of 4096,
873 otherwise it's rounded to the nearest inferior one.
874 </column>
875
876 <column name="other_config" key="rstp-ageing-time"
877 type='{"type": "integer", "minInteger": 10, "maxInteger": 1000000}'>
878 The Ageing Time parameter for the Bridge. The default value
879 is 300 seconds.
880 </column>
881
882 <column name="other_config" key="rstp-force-protocol-version"
883 type='{"type": "integer"}'>
884 The Force Protocol Version parameter for the Bridge. This
885 can take the value 0 (STP Compatibility mode) or 2
886 (the default, normal operation).
887 </column>
888
889 <column name="other_config" key="rstp-max-age"
890 type='{"type": "integer", "minInteger": 6, "maxInteger": 40}'>
891 The maximum age of the information transmitted by the Bridge
892 when it is the Root Bridge. The default value is 20.
893 </column>
894
895 <column name="other_config" key="rstp-forward-delay"
896 type='{"type": "integer", "minInteger": 4, "maxInteger": 30}'>
897 The delay used by STP Bridges to transition Root and Designated
898 Ports to Forwarding. The default value is 15.
899 </column>
900
901 <column name="other_config" key="rstp-transmit-hold-count"
902 type='{"type": "integer", "minInteger": 1, "maxInteger": 10}'>
903 The Transmit Hold Count used by the Port Transmit state machine
904 to limit transmission rate. The default value is 6.
905 </column>
906 </group>
907
908 <group title="RSTP Status">
dc2b70ba 909 <p>
01f13d4f
BP		 910 These key-value pairs report the status of 802.1D-2004. They are
911 present only if RSTP is enabled (via the <ref column="rstp_enable"/>
912 column).
dc2b70ba 913 </p>
01f13d4f
BP		 914 <column name="rstp_status" key="rstp_bridge_id">
915 The bridge ID used in rapid spanning tree advertisements, in the form
916 <var>x</var>.<var>yyy</var>.<var>zzzzzzzzzzzz</var> where
917 <var>x</var> is the RSTP priority, the <var>y</var>s are a locally
918 assigned system ID extension, the <var>z</var>s are the STP system
919 ID, and each <var>x</var>, <var>y</var>, or <var>z</var> is a hex
920 digit.
921 </column>
922 <column name="rstp_status" key="rstp_root_id">
923 The root of this spanning tree, in the same form as <ref
924 column="rstp_status" key="rstp_bridge_id"/>. If this bridge is the
925 root, this will have the same value as <ref column="rstp_status"
926 key="rstp_bridge_id"/>, otherwise it will differ.
927 </column>
928 <column name="rstp_status" key="rstp_root_path_cost"
929 type='{"type": "integer", "minInteger": 0}'>
930 The path cost of reaching the root. A lower number is better. The
931 value is 0 if this bridge is the root, otherwise it is higher.
932 </column>
933 <column name="rstp_status" key="rstp_designated_id">
934 The RSTP designated ID, in the same form as <ref column="rstp_status"
935 key="rstp_bridge_id"/>.
936 </column>
937 <column name="rstp_status" key="rstp_designated_port_id">
938 The RSTP designated port ID, as a 4-digit hex number.
939 </column>
940 <column name="rstp_status" key="rstp_bridge_port_id">
941 The RSTP bridge port ID, as a 4-digit hex number.
942 </column>
943 </group>
dc2b70ba
FL		 944 </group>
945
946 <group title="Multicast Snooping Configuration">
947 Multicast snooping (RFC 4541) monitors the Internet Group Management
06994f87
TLSC		 948 Protocol (IGMP) and Multicast Listener Discovery traffic between hosts
949 and multicast routers. The switch uses what IGMP and MLD snooping
950 learns to forward multicast traffic only to interfaces that are connected
951 to interested receivers. Currently it supports IGMPv1, IGMPv2, IGMPv3,
952 MLDv1 and MLDv2 protocols.
dc2b70ba
FL		 953
954 <column name="mcast_snooping_enable">
955 Enable multicast snooping on the bridge. For now, the default
956 is disabled.
957 </column>
21f7563c
JP		 958 </group>
959
89365653
BP		 960 <group title="Other Features">
961 <column name="datapath_type">
842733c3
MG		 962 Name of datapath provider. The kernel datapath has type
963 <code>system</code>. The userspace datapath has type
964 <code>netdev</code>. A manager may refer to the <ref
965 table="Open_vSwitch" column="datapath_types"/> column of the <ref
966 table="Open_vSwitch"/> table for a list of the types accepted by this
967 Open vSwitch instance.
89365653
BP		 968 </column>
969
3fd8d445
BP		 970 <column name="external_ids" key="bridge-id">
971 A unique identifier of the bridge. On Citrix XenServer this will
972 commonly be the same as
973 <ref column="external_ids" key="xs-network-uuids"/>.
89365653
BP		 974 </column>
975
3fd8d445
BP		 976 <column name="external_ids" key="xs-network-uuids">
977 Semicolon-delimited set of universally unique identifier(s) for the
978 network with which this bridge is associated on a Citrix XenServer
979 host. The network identifiers are RFC 4122 UUIDs as displayed by,
980 e.g., <code>xe network-list</code>.
981 </column>
982
983 <column name="other_config" key="hwaddr">
984 An Ethernet address in the form
985 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
986 to set the hardware address of the local port and influence the
987 datapath ID.
988 </column>
989
f9e5e5b3
BP		 990 <column name="other_config" key="forward-bpdu"
991 type='{"type": "boolean"}'>
da1e25d5 992
039a8ccd 993 <p>
da1e25d5
BP		 994 Controls forwarding of BPDUs and other network control frames when
995 NORMAL action is invoked. When this option is <code>false</code> or
996 unset, frames with reserved Ethernet addresses (see table below) will
997 not be forwarded. When this option is <code>true</code>, such frames
998 will not be treated specially.
039a8ccd
BP		 999 </p>
1000
1001 <p>
1002 The above general rule has the following exceptions:
1003 </p>
1004
1005 <ul>
1006 <li>
1007 If STP is enabled on the bridge (see the <ref column="stp_enable"
1008 table="Bridge"/> column in the <ref table="Bridge"/> table), the
1009 bridge processes all received STP packets and never passes them to
1010 OpenFlow or forwards them. This is true even if STP is disabled on
1011 an individual port.
1012 </li>
1013
1014 <li>
1015 If LLDP is enabled on an interface (see the <ref column="lldp"
1016 table="Interface"/> column in the <ref table="Interface"/> table),
1017 the interface processes received LLDP packets and never passes them
1018 to OpenFlow or forwards them.
1019 </li>
1020 </ul>
1021
1022 <p>
1023 Set this option to <code>true</code> if the Open vSwitch bridge
1024 connects different Ethernet networks and is not configured to
1025 participate in STP.
1026 </p>
1027
1028 <p>
1029 This option affects packets with the following destination MAC
1030 addresses:
1031 </p>
da1e25d5 1032
05be4e2c
EJ		 1033 <dl>
1034 <dt><code>01:80:c2:00:00:00</code></dt>
1035 <dd>IEEE 802.1D Spanning Tree Protocol (STP).</dd>
1036
1037 <dt><code>01:80:c2:00:00:01</code></dt>
1038 <dd>IEEE Pause frame.</dd>
1039
1040 <dt><code>01:80:c2:00:00:0<var>x</var></code></dt>
1041 <dd>Other reserved protocols.</dd>
1042
7d48a4cc
BP		 1043 <dt><code>00:e0:2b:00:00:00</code></dt>
1044 <dd>Extreme Discovery Protocol (EDP).</dd>
c93f9a78 1045
7d48a4cc 1046 <dt>
039a8ccd
BP		 1047 <code>00:e0:2b:00:00:04</code> and <code>00:e0:2b:00:00:06</code>
1048 </dt>
7d48a4cc 1049 <dd>Ethernet Automatic Protection Switching (EAPS).</dd>
c93f9a78 1050
05be4e2c
EJ		 1051 <dt><code>01:00:0c:cc:cc:cc</code></dt>
1052 <dd>
1053 Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP),
1054 Dynamic Trunking Protocol (DTP), Port Aggregation Protocol (PAgP),
1055 and others.
1056 </dd>
1057
1058 <dt><code>01:00:0c:cc:cc:cd</code></dt>
1059 <dd>Cisco Shared Spanning Tree Protocol PVSTP+.</dd>
1060
1061 <dt><code>01:00:0c:cd:cd:cd</code></dt>
1062 <dd>Cisco STP Uplink Fast.</dd>
1063
1064 <dt><code>01:00:0c:00:00:00</code></dt>
1065 <dd>Cisco Inter Switch Link.</dd>
7d48a4cc
BP		 1066
1067 <dt><code>01:00:0c:cc:cc:c<var>x</var></code></dt>
1068 <dd>Cisco CFM.</dd>
05be4e2c 1069 </dl>
21f7563c 1070 </column>
e764773c
BP		 1071
1072 <column name="other_config" key="mac-aging-time"
1073 type='{"type": "integer", "minInteger": 1}'>
1074 <p>
1075 The maximum number of seconds to retain a MAC learning entry for
1076 which no packets have been seen. The default is currently 300
1077 seconds (5 minutes). The value, if specified, is forced into a
1078 reasonable range, currently 15 to 3600 seconds.
1079 </p>
1080
1081 <p>
1082 A short MAC aging time allows a network to more quickly detect that a
1083 host is no longer connected to a switch port. However, it also makes
1084 it more likely that packets will be flooded unnecessarily, when they
1085 are addressed to a connected host that rarely transmits packets. To
1086 reduce the incidence of unnecessary flooding, use a MAC aging time
1087 longer than the maximum interval at which a host will ordinarily
1088 transmit packets.
1089 </p>
1090 </column>
c4069512
BP		 1091
1092 <column name="other_config" key="mac-table-size"
1093 type='{"type": "integer", "minInteger": 1}'>
1094 <p>
1095 The maximum number of MAC addresses to learn. The default is
1096 currently 2048. The value, if specified, is forced into a reasonable
1097 range, currently 10 to 1,000,000.
1098 </p>
1099 </column>
21f7563c
JP		 1100 </group>
1101
3fd8d445
BP		 1102 <group title="Common Columns">
1103 The overall purpose of these columns is described under <code>Common
1104 Columns</code> at the beginning of this document.
1105
1106 <column name="other_config"/>
1107 <column name="external_ids"/>
1108 </group>
89365653 1109 </table>
039a8ccd
BP		 1110
1111 <table name="Port" table="Port or bond configuration.">
89365653
BP		 1112 <p>A port within a <ref table="Bridge"/>.</p>
1113 <p>Most commonly, a port has exactly one ``interface,'' pointed to by its
3fd8d445
BP		 1114 <ref column="interfaces"/> column. Such a port logically
1115 corresponds to a port on a physical Ethernet switch. A port
1116 with more than one interface is a ``bonded port'' (see
1117 <ref group="Bonding Configuration"/>).</p>
89365653 1118 <p>Some properties that one might think as belonging to a port are actually
3fd8d445 1119 part of the port's <ref table="Interface"/> members.</p>
89365653
BP		 1120
1121 <column name="name">
1122 Port name. Should be alphanumeric and no more than about 8
1123 bytes long. May be the same as the interface name, for
1124 non-bonded ports. Must otherwise be unique among the names of
1125 ports, interfaces, and bridges on a host.
1126 </column>
1127
1128 <column name="interfaces">
1129 The port's interfaces. If there is more than one, this is a
1130 bonded Port.
1131 </column>
1132
1133 <group title="VLAN Configuration">
ecac4ebf
BP		 1134 <p>Bridge ports support the following types of VLAN configuration:</p>
1135 <dl>
1136 <dt>trunk</dt>
1137 <dd>
1138 <p>
1139 A trunk port carries packets on one or more specified VLANs
1140 specified in the <ref column="trunks"/> column (often, on every
1141 VLAN). A packet that ingresses on a trunk port is in the VLAN
1142 specified in its 802.1Q header, or VLAN 0 if the packet has no
1143 802.1Q header. A packet that egresses through a trunk port will
5e9ceccd 1144 have an 802.1Q header if it has a nonzero VLAN ID.
ecac4ebf
BP		 1145 </p>
1146
1147 <p>
1148 Any packet that ingresses on a trunk port tagged with a VLAN that
1149 the port does not trunk is dropped.
1150 </p>
1151 </dd>
1152
1153 <dt>access</dt>
1154 <dd>
1155 <p>
1156 An access port carries packets on exactly one VLAN specified in the
5e9ceccd
BP		 1157 <ref column="tag"/> column. Packets egressing on an access port
1158 have no 802.1Q header.
ecac4ebf
BP		 1159 </p>
1160
1161 <p>
5e9ceccd
BP		 1162 Any packet with an 802.1Q header with a nonzero VLAN ID that
1163 ingresses on an access port is dropped, regardless of whether the
1164 VLAN ID in the header is the access port's VLAN ID.
ecac4ebf
BP		 1165 </p>
1166 </dd>
1167
1168 <dt>native-tagged</dt>
1169 <dd>
1170 A native-tagged port resembles a trunk port, with the exception that
1171 a packet without an 802.1Q header that ingresses on a native-tagged
1172 port is in the ``native VLAN'' (specified in the <ref column="tag"/>
1173 column).
1174 </dd>
1175
1176 <dt>native-untagged</dt>
1177 <dd>
1178 A native-untagged port resembles a native-tagged port, with the
1179 exception that a packet that egresses on a native-untagged port in
5e9ceccd 1180 the native VLAN will not have an 802.1Q header.
ecac4ebf
BP		 1181 </dd>
1182 </dl>
1183 <p>
1184 A packet will only egress through bridge ports that carry the VLAN of
1185 the packet, as described by the rules above.
89365653
BP		 1186 </p>
1187
ecac4ebf 1188 <column name="vlan_mode">
7894d33b 1189 <p>
ecac4ebf
BP		 1190 The VLAN mode of the port, as described above. When this column is
1191 empty, a default mode is selected as follows:
7894d33b 1192 </p>
ecac4ebf
BP		 1193 <ul>
1194 <li>
1195 If <ref column="tag"/> contains a value, the port is an access
1196 port. The <ref column="trunks"/> column should be empty.
1197 </li>
1198 <li>
1199 Otherwise, the port is a trunk port. The <ref column="trunks"/>
1200 column value is honored if it is present.
1201 </li>
1202 </ul>
1203 </column>
1204
1205 <column name="tag">
7894d33b 1206 <p>
ecac4ebf
BP		 1207 For an access port, the port's implicitly tagged VLAN. For a
1208 native-tagged or native-untagged port, the port's native VLAN. Must
1209 be empty if this is a trunk port.
7894d33b 1210 </p>
89365653
BP		 1211 </column>
1212
1213 <column name="trunks">
7894d33b 1214 <p>
ecac4ebf
BP		 1215 For a trunk, native-tagged, or native-untagged port, the 802.1Q VLAN
1216 or VLANs that this port trunks; if it is empty, then the port trunks
1217 all VLANs. Must be empty if this is an access port.
7894d33b
BP		 1218 </p>
1219 <p>
ecac4ebf
BP		 1220 A native-tagged or native-untagged port always trunks its native
1221 VLAN, regardless of whether <ref column="trunks"/> includes that
1222 VLAN.
7894d33b 1223 </p>
89365653 1224 </column>
5e9ceccd
BP		 1225
1226 <column name="other_config" key="priority-tags"
1227 type='{"type": "boolean"}'>
1228 <p>
1229 An 802.1Q header contains two important pieces of information: a VLAN
1230 ID and a priority. A frame with a zero VLAN ID, called a
1231 ``priority-tagged'' frame, is supposed to be treated the same way as
1232 a frame without an 802.1Q header at all (except for the priority).
1233 </p>
1234
1235 <p>
1236 However, some network elements ignore any frame that has 802.1Q
1237 header at all, even when the VLAN ID is zero. Therefore, by default
1238 Open vSwitch does not output priority-tagged frames, instead omitting
1239 the 802.1Q header entirely if the VLAN ID is zero. Set this key to
1240 <code>true</code> to enable priority-tagged frames on a port.
1241 </p>
1242
1243 <p>
1244 Regardless of this setting, Open vSwitch omits the 802.1Q header on
1245 output if both the VLAN ID and priority would be zero.
1246 </p>
1247
1248 <p>
1249 All frames output to native-tagged ports have a nonzero VLAN ID, so
1250 this setting is not meaningful on native-tagged ports.
1251 </p>
1252 </column>
89365653
BP		 1253 </group>
1254
1255 <group title="Bonding Configuration">
be02e7c3 1256 <p>A port that has more than one interface is a ``bonded port.'' Bonding
d64e1870
BP		 1257 allows for load balancing and fail-over.</p>
1258
1259 <p>
1260 The following types of bonding will work with any kind of upstream
1261 switch. On the upstream switch, do not configure the interfaces as a
1262 bond:
1263 </p>
9f5073d8
EJ		 1264
1265 <dl>
1266 <dt><code>balance-slb</code></dt>
1267 <dd>
1268 Balances flows among slaves based on source MAC address and output
1269 VLAN, with periodic rebalancing as traffic patterns change.
1270 </dd>
1271
1272 <dt><code>active-backup</code></dt>
1273 <dd>
1274 Assigns all flows to one slave, failing over to a backup slave when
629d868c
BP		 1275 the active slave is disabled. This is the only bonding mode in which
1276 interfaces may be plugged into different upstream switches.
9f5073d8
EJ		 1277 </dd>
1278 </dl>
1279
1280 <p>
fb0b29a3 1281 The following modes require the upstream switch to support 802.3ad with
9dd165e0
RK		 1282 successful LACP negotiation. If LACP negotiation fails and
1283 other-config:lacp-fallback-ab is true, then <code>active-backup</code>
1284 mode is used:
9f5073d8
EJ		 1285 </p>
1286
1287 <dl>
1288 <dt><code>balance-tcp</code></dt>
1289 <dd>
1290 Balances flows among slaves based on L2, L3, and L4 protocol
1291 information such as destination MAC address, IP address, and TCP
1292 port.
1293 </dd>
fb0b29a3
EJ		 1294 </dl>
1295
89365653 1296 <p>These columns apply only to bonded ports. Their values are
3fd8d445 1297 otherwise ignored.</p>
89365653 1298
27dcaa1a 1299 <column name="bond_mode">
9f5073d8 1300 <p>The type of bonding used for a bonded port. Defaults to
4df08875 1301 <code>active-backup</code> if unset.
9f5073d8 1302 </p>
be02e7c3
EJ		 1303 </column>
1304
96ada1a4
EJ		 1305 <column name="other_config" key="bond-hash-basis"
1306 type='{"type": "integer"}'>
1307 An integer hashed along with flows when choosing output slaves in load
1308 balanced bonds. When changed, all flows will be assigned different
1309 hash values possibly causing slave selection decisions to change. Does
1310 not affect bonding modes which do not employ load balancing such as
1311 <code>active-backup</code>.
1312 </column>
1313
3fd8d445
BP		 1314 <group title="Link Failure Detection">
1315 <p>
1316 An important part of link bonding is detecting that links are down so
1317 that they may be disabled. These settings determine how Open vSwitch
1318 detects link failure.
1319 </p>
89365653 1320
f9e5e5b3
BP		 1321 <column name="other_config" key="bond-detect-mode"
1322 type='{"type": "string", "enum": ["set", ["carrier", "miimon"]]}'>
1323 The means used to detect link failures. Defaults to
3fd8d445
BP		 1324 <code>carrier</code> which uses each interface's carrier to detect
1325 failures. When set to <code>miimon</code>, will check for failures
1326 by polling each interface's MII.
1327 </column>
89365653 1328
f9e5e5b3
BP		 1329 <column name="other_config" key="bond-miimon-interval"
1330 type='{"type": "integer"}'>
3fd8d445
BP		 1331 The interval, in milliseconds, between successive attempts to poll
1332 each interface's MII. Relevant only when <ref column="other_config"
1333 key="bond-detect-mode"/> is <code>miimon</code>.
1334 </column>
1335
1336 <column name="bond_updelay">
1337 <p>
1c144051 1338 The number of milliseconds for which the link must stay up on an
3fd8d445
BP		 1339 interface before the interface is considered to be up. Specify
1340 <code>0</code> to enable the interface immediately.
1341 </p>
1342
1343 <p>
1344 This setting is honored only when at least one bonded interface is
1345 already enabled. When no interfaces are enabled, then the first
1346 bond interface to come up is enabled immediately.
1347 </p>
1348 </column>
1349
1350 <column name="bond_downdelay">
1c144051 1351 The number of milliseconds for which the link must stay down on an
3fd8d445
BP		 1352 interface before the interface is considered to be down. Specify
1353 <code>0</code> to disable the interface immediately.
1354 </column>
1355 </group>
c25c91fd 1356
3fd8d445
BP		 1357 <group title="LACP Configuration">
1358 <p>
1359 LACP, the Link Aggregation Control Protocol, is an IEEE standard that
1360 allows switches to automatically detect that they are connected by
1361 multiple links and aggregate across those links. These settings
1362 control LACP behavior.
1363 </p>
1364
1365 <column name="lacp">
1366 Configures LACP on this port. LACP allows directly connected
76ea8efd
AE		 1367 switches to negotiate which links may be bonded. LACP may be enabled
1368 on non-bonded ports for the benefit of any switches they may be
c25c91fd
EJ		 1369 connected to. <code>active</code> ports are allowed to initiate LACP
1370 negotiations. <code>passive</code> ports are allowed to participate
1371 in LACP negotiations initiated by a remote switch, but not allowed to
bdebeece
EJ		 1372 initiate such negotiations themselves. If LACP is enabled on a port
1373 whose partner switch does not support LACP, the bond will be
9dd165e0
RK		 1374 disabled, unless other-config:lacp-fallback-ab is set to true.
1375 Defaults to <code>off</code> if unset.
3fd8d445
BP		 1376 </column>
1377
1378 <column name="other_config" key="lacp-system-id">
1379 The LACP system ID of this <ref table="Port"/>. The system ID of a
1380 LACP bond is used to identify itself to its partners. Must be a
a9bf011b
EJ		 1381 nonzero MAC address. Defaults to the bridge Ethernet address if
1382 unset.
3fd8d445
BP		 1383 </column>
1384
f9e5e5b3
BP		 1385 <column name="other_config" key="lacp-system-priority"
1386 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
3fd8d445
BP		 1387 The LACP system priority of this <ref table="Port"/>. In LACP
1388 negotiations, link status decisions are made by the system with the
f9e5e5b3 1389 numerically lower priority.
3fd8d445
BP		 1390 </column>
1391
bf83f7c8 1392 <column name="other_config" key="lacp-time"
039a8ccd 1393 type='{"type": "string", "enum": ["set", ["fast", "slow"]]}'>
3fd8d445
BP		 1394 <p>
1395 The LACP timing which should be used on this <ref table="Port"/>.
bf83f7c8
EJ		 1396 By default <code>slow</code> is used. When configured to be
1397 <code>fast</code> LACP heartbeats are requested at a rate of once
1398 per second causing connectivity problems to be detected more
1399 quickly. In <code>slow</code> mode, heartbeats are requested at a
1400 rate of once every 30 seconds.
3fd8d445
BP		 1401 </p>
1402 </column>
9dd165e0
RK		 1403
1404 <column name="other_config" key="lacp-fallback-ab"
039a8ccd 1405 type='{"type": "boolean"}'>
9dd165e0
RK		 1406 <p>
1407 Determines the behavior of openvswitch bond in LACP mode. If
1408 the partner switch does not support LACP, setting this option
1409 to <code>true</code> allows openvswitch to fallback to
1410 active-backup. If the option is set to <code>false</code>, the
1411 bond will be disabled. In both the cases, once the partner switch
1412 is configured to LACP mode, the bond will use LACP.
1413 </p>
1414 </column>
3fd8d445
BP		 1415 </group>
1416
b62ee96f 1417 <group title="Rebalancing Configuration">
3fd8d445
BP		 1418 <p>
1419 These settings control behavior when a bond is in
b62ee96f 1420 <code>balance-slb</code> or <code>balance-tcp</code> mode.
3fd8d445
BP		 1421 </p>
1422
f9e5e5b3 1423 <column name="other_config" key="bond-rebalance-interval"
bc1b010c
EJ		 1424 type='{"type": "integer", "minInteger": 0, "maxInteger": 10000}'>
1425 For a load balanced bonded port, the number of milliseconds between
1426 successive attempts to rebalance the bond, that is, to move flows
1427 from one interface on the bond to another in an attempt to keep usage
1428 of each interface roughly equal. If zero, load balancing is disabled
1c144051 1429 on the bond (link failure still cause flows to move). If
bc1b010c 1430 less than 1000ms, the rebalance interval will be 1000ms.
3fd8d445
BP		 1431 </column>
1432 </group>
1433
1434 <column name="bond_fake_iface">
1435 For a bonded port, whether to create a fake internal interface with the
1436 name of the port. Use only for compatibility with legacy software that
1437 requires this.
1438 </column>
89365653
BP		 1439 </group>
1440
01f13d4f
BP		 1441 <group title="Spanning Tree Protocol">
1442 <p>
1443 The configuration here is only meaningful, and the status is only
1444 populated, when 802.1D-1998 Spanning Tree Protocol is enabled on the
1445 port's <ref column="Bridge"/> with its <ref column="stp_enable"/>
1446 column.
1447 </p>
21f7563c 1448
01f13d4f
BP		 1449 <group title="STP Configuration">
1450 <column name="other_config" key="stp-enable"
1451 type='{"type": "boolean"}'>
1452 When STP is enabled on a bridge, it is enabled by default on all of
1453 the bridge's ports except bond, internal, and mirror ports (which do
1454 not work with STP). If this column's value is <code>false</code>,
1455 STP is disabled on the port.
1456 </column>
21f7563c 1457
01f13d4f
BP		 1458 <column name="other_config" key="stp-port-num"
1459 type='{"type": "integer", "minInteger": 1, "maxInteger": 255}'>
1460 The port number used for the lower 8 bits of the port-id. By
1461 default, the numbers will be assigned automatically. If any
1462 port's number is manually configured on a bridge, then they
1463 must all be.
1464 </column>
21f7563c 1465
01f13d4f
BP		 1466 <column name="other_config" key="stp-port-priority"
1467 type='{"type": "integer", "minInteger": 0, "maxInteger": 255}'>
1468 The port's relative priority value for determining the root
1469 port (the upper 8 bits of the port-id). A port with a lower
1470 port-id will be chosen as the root port. By default, the
1471 priority is 0x80.
1472 </column>
1473
1474 <column name="other_config" key="stp-path-cost"
1475 type='{"type": "integer", "minInteger": 0, "maxInteger": 65535}'>
1476 Spanning tree path cost for the port. A lower number indicates
1477 a faster link. By default, the cost is based on the maximum
1478 speed of the link.
1479 </column>
1480 </group>
1481
1482 <group title="STP Status">
1483 <column name="status" key="stp_port_id">
1484 The port ID used in spanning tree advertisements for this port, as 4
1485 hex digits. Configuring the port ID is described in the
1486 <code>stp-port-num</code> and <code>stp-port-priority</code> keys of
1487 the <code>other_config</code> section earlier.
1488 </column>
1489 <column name="status" key="stp_state"
1490 type='{"type": "string", "enum": ["set",
1491 ["disabled", "listening", "learning",
1492 "forwarding", "blocking"]]}'>
1493 STP state of the port.
1494 </column>
1495 <column name="status" key="stp_sec_in_state"
1496 type='{"type": "integer", "minInteger": 0}'>
1497 The amount of time this port has been in the current STP state, in
1498 seconds.
1499 </column>
1500 <column name="status" key="stp_role"
1501 type='{"type": "string", "enum": ["set",
1502 ["root", "designated", "alternate"]]}'>
1503 STP role of the port.
1504 </column>
1505 </group>
21f7563c 1506 </group>
d62d7cb1 1507
01f13d4f
BP		 1508 <group title="Rapid Spanning Tree Protocol">
1509 <p>
1510 The configuration here is only meaningful, and the status and
1511 statistics are only populated, when 802.1D-1998 Spanning Tree Protocol
1512 is enabled on the port's <ref column="Bridge"/> with its <ref
1513 column="stp_enable"/> column.
1514 </p>
d62d7cb1 1515
01f13d4f
BP		 1516 <group title="RSTP Configuration">
1517 <column name="other_config" key="rstp-enable"
1518 type='{"type": "boolean"}'>
1519 When RSTP is enabled on a bridge, it is enabled by default on all of
1520 the bridge's ports except bond, internal, and mirror ports (which do
1521 not work with RSTP). If this column's value is <code>false</code>,
1522 RSTP is disabled on the port.
1523 </column>
d62d7cb1 1524
01f13d4f
BP		 1525 <column name="other_config" key="rstp-port-priority"
1526 type='{"type": "integer", "minInteger": 0, "maxInteger": 240}'>
1527 The port's relative priority value for determining the root port, in
1528 multiples of 16. By default, the port priority is 0x80 (128). Any
1529 value in the lower 4 bits is rounded off. The significant upper 4
1530 bits become the upper 4 bits of the port-id. A port with the lowest
1531 port-id is elected as the root.
1532 </column>
d62d7cb1 1533
01f13d4f
BP		 1534 <column name="other_config" key="rstp-port-num"
1535 type='{"type": "integer", "minInteger": 1, "maxInteger": 4095}'>
1536 The local RSTP port number, used as the lower 12 bits of the port-id.
1537 By default the port numbers are assigned automatically, and typically
1538 may not correspond to the OpenFlow port numbers. A port with the
1539 lowest port-id is elected as the root.
1540 </column>
d62d7cb1 1541
01f13d4f
BP		 1542 <column name="other_config" key="rstp-port-path-cost"
1543 type='{"type": "integer"}'>
1544 The port path cost. The Port's contribution, when it is
1545 the Root Port, to the Root Path Cost for the Bridge. By default the
1546 cost is automatically calculated from the port's speed.
1547 </column>
d62d7cb1 1548
01f13d4f
BP		 1549 <column name="other_config" key="rstp-port-admin-edge"
1550 type='{"type": "boolean"}'>
1551 The admin edge port parameter for the Port. Default is
1552 <code>false</code>.
1553 </column>
d62d7cb1 1554
01f13d4f
BP		 1555 <column name="other_config" key="rstp-port-auto-edge"
1556 type='{"type": "boolean"}'>
1557 The auto edge port parameter for the Port. Default is
d62d7cb1 1558 <code>true</code>.
01f13d4f
BP		 1559 </column>
1560
1561 <column name="other_config" key="rstp-port-mcheck"
1562 type='{"type": "boolean"}'>
1563 <p>
1564 The mcheck port parameter for the Port. Default is
1565 <code>false</code>. May be set to force the Port Protocol
1566 Migration state machine to transmit RST BPDUs for a
1567 MigrateTime period, to test whether all STP Bridges on the
1568 attached LAN have been removed and the Port can continue to
1569 transmit RSTP BPDUs. Setting mcheck has no effect if the
1570 Bridge is operating in STP Compatibility mode.
1571 </p>
1572 <p>
1573 Changing the value from <code>true</code> to
1574 <code>false</code> has no effect, but needs to be done if
1575 this behavior is to be triggered again by subsequently
1576 changing the value from <code>false</code> to
1577 <code>true</code>.
1578 </p>
1579 </column>
1580 </group>
1581
1582 <group title="RSTP Status">
1583 <column name="rstp_status" key="rstp_port_id">
1584 The port ID used in spanning tree advertisements for this port, as 4
1585 hex digits. Configuring the port ID is described in the
1586 <code>rstp-port-num</code> and <code>rstp-port-priority</code> keys
1587 of the <code>other_config</code> section earlier.
1588 </column>
1589 <column name="rstp_status" key="rstp_port_role"
1590 type='{"type": "string", "enum": ["set",
1591 ["Root", "Designated", "Alternate", "Backup", "Disabled"]]}'>
1592 RSTP role of the port.
1593 </column>
1594 <column name="rstp_status" key="rstp_port_state"
1595 type='{"type": "string", "enum": ["set",
1596 ["Disabled", "Learning", "Forwarding", "Discarding"]]}'>
1597 RSTP state of the port.
1598 </column>
1599 <column name="rstp_status" key="rstp_designated_bridge_id">
1600 The port's RSTP designated bridge ID, in the same form as <ref
1601 column="rstp_status" key="rstp_bridge_id"/> in the <ref
1602 table="Bridge"/> table.
1603 </column>
1604 <column name="rstp_status" key="rstp_designated_port_id">
1605 The port's RSTP designated port ID, as 4 hex digits.
1606 </column>
1607 <column name="rstp_status" key="rstp_designated_path_cost"
1608 type='{"type": "integer"}'>
1609 The port's RSTP designated path cost. Lower is better.
1610 </column>
1611 </group>
1612
1613 <group title="RSTP Statistics">
1614 <column name="rstp_statistics" key="rstp_tx_count">
1615 Number of RSTP BPDUs transmitted through this port.
1616 </column>
1617 <column name="rstp_statistics" key="rstp_rx_count">
1618 Number of valid RSTP BPDUs received by this port.
1619 </column>
1620 <column name="rstp_statistics" key="rstp_error_count">
1621 Number of invalid RSTP BPDUs received by this port.
1622 </column>
1623 <column name="rstp_statistics" key="rstp_uptime">
1624 The duration covered by the other RSTP statistics, in seconds.
1625 </column>
1626 </group>
d62d7cb1
JR		 1627 </group>
1628
dc2b70ba
FL		 1629 <group title="Multicast Snooping">
1630 <column name="other_config" key="mcast-snooping-flood"
1631 type='{"type": "boolean"}'>
1632 <p>
8e04a33f
FL		 1633 If set to <code>true</code>, multicast packets (except Reports) are
1634 unconditionally forwarded to the specific port.
1635 </p>
1636 </column>
1637 <column name="other_config" key="mcast-snooping-flood-reports"
1638 type='{"type": "boolean"}'>
1639 <p>
1640 If set to <code>true</code>, multicast Reports are unconditionally
dc2b70ba
FL		 1641 forwarded to the specific port.
1642 </p>
1643 </column>
1644 </group>
21f7563c 1645
89365653 1646 <group title="Other Features">
c1c9c9c4
BP		 1647 <column name="qos">
1648 Quality of Service configuration for this port.
1649 </column>
299a244b 1650
89365653
BP		 1651 <column name="mac">
1652 The MAC address to use for this port for the purpose of choosing the
1653 bridge's MAC address. This column does not necessarily reflect the
1654 port's actual MAC address, nor will setting it change the port's actual
1655 MAC address.
1656 </column>
1657
1658 <column name="fake_bridge">
1659 Does this port represent a sub-bridge for its tagged VLAN within the
1660 Bridge? See ovs-vsctl(8) for more information.
1661 </column>
1662
3fd8d445
BP		 1663 <column name="external_ids" key="fake-bridge-id-*">
1664 External IDs for a fake bridge (see the <ref column="fake_bridge"/>
1665 column) are defined by prefixing a <ref table="Bridge"/> <ref
1666 table="Bridge" column="external_ids"/> key with
1667 <code>fake-bridge-</code>,
1668 e.g. <code>fake-bridge-xs-network-uuids</code>.
89365653 1669 </column>
54b21db7
TLSC		 1670
1671 <column name="other_config" key="transient"
1672 type='{"type": "boolean"}'>
1673 <p>
1674 If set to <code>true</code>, the port will be removed when
1675 <code>ovs-ctl start --delete-transient-ports</code> is used.
1676 </p>
1677 </column>
3fd8d445 1678 </group>
89365653 1679
01f13d4f
BP		 1680 <column name="bond_active_slave">
1681 For a bonded port, record the mac address of the current active slave.
1682 </column>
21f7563c 1683
80740385
JP		 1684 <group title="Port Statistics">
1685 <p>
12eb035b
AW		 1686 Key-value pairs that report port statistics. The update period
1687 is controlled by <ref column="other_config"
1688 key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
80740385
JP		 1689 </p>
1690 <group title="Statistics: STP transmit and receive counters">
1691 <column name="statistics" key="stp_tx_count">
1692 Number of STP BPDUs sent on this port by the spanning
1693 tree library.
1694 </column>
1695 <column name="statistics" key="stp_rx_count">
1696 Number of STP BPDUs received on this port and accepted by the
1697 spanning tree library.
1698 </column>
1699 <column name="statistics" key="stp_error_count">
1700 Number of bad STP BPDUs received on this port. Bad BPDUs
1701 include runt packets and those with an unexpected protocol ID.
1702 </column>
1703 </group>
1704 </group>
1705
3fd8d445
BP		 1706 <group title="Common Columns">
1707 The overall purpose of these columns is described under <code>Common
1708 Columns</code> at the beginning of this document.
1709
1710 <column name="other_config"/>
1711 <column name="external_ids"/>
89365653
BP		 1712 </group>
1713 </table>
1714
1715 <table name="Interface" title="One physical network device in a Port.">
1716 An interface within a <ref table="Port"/>.
1717
1718 <group title="Core Features">
1719 <column name="name">
1720 Interface name. Should be alphanumeric and no more than about 8 bytes
1721 long. May be the same as the port name, for non-bonded ports. Must
1722 otherwise be unique among the names of ports, interfaces, and bridges
1723 on a host.
1724 </column>
1725
ea401d9a
NM		 1726 <column name="ifindex">
1727 A positive interface index as defined for SNMP MIB-II in RFCs 1213 and
1728 2863, if the interface has one, otherwise 0. The ifindex is useful for
1729 seamless integration with protocols such as SNMP and sFlow.
1730 </column>
1731
df867eda
JP		 1732 <column name="mac_in_use">
1733 The MAC address in use by this interface.
1734 </column>
1735
89365653
BP		 1736 <column name="mac">
1737 <p>Ethernet address to set for this interface. If unset then the
3fd8d445 1738 default MAC address is used:</p>
89365653
BP		 1739 <ul>
1740 <li>For the local interface, the default is the lowest-numbered MAC
3fd8d445
BP		 1741 address among the other bridge ports, either the value of the
1742 <ref table="Port" column="mac"/> in its <ref table="Port"/> record,
1743 if set, or its actual MAC (for bonded ports, the MAC of its slave
1744 whose name is first in alphabetical order). Internal ports and
1745 bridge ports that are used as port mirroring destinations (see the
1746 <ref table="Mirror"/> table) are ignored.</li>
2e57b537 1747 <li>For other internal interfaces, the default MAC is randomly
3fd8d445 1748 generated.</li>
89365653 1749 <li>External interfaces typically have a MAC address associated with
3fd8d445 1750 their hardware.</li>
89365653
BP		 1751 </ul>
1752 <p>Some interfaces may not have a software-controllable MAC
1753 address.</p>
1754 </column>
1755
bbe6109d
TG		 1756 <column name="error">
1757 If the configuration of the port failed, as indicated by -1 in <ref
1758 column="ofport"/>, Open vSwitch sets this column to an error
1759 description in human readable form. Otherwise, Open vSwitch clears
1760 this column.
1761 </column>
1762
484c8355 1763 <group title="OpenFlow Port Number">
039a8ccd
BP		 1764 <p>
1765 When a client adds a new interface, Open vSwitch chooses an OpenFlow
1766 port number for the new port. If the client that adds the port fills
1767 in <ref column="ofport_request"/>, then Open vSwitch tries to use its
1768 value as the OpenFlow port number. Otherwise, or if the requested
1769 port number is already in use or cannot be used for another reason,
1770 Open vSwitch automatically assigns a free port number. Regardless of
1771 how the port number was obtained, Open vSwitch then reports in <ref
1772 column="ofport"/> the port number actually assigned.
1773 </p>
1774
1775 <p>
1776 Open vSwitch limits the port numbers that it automatically assigns to
1777 the range 1 through 32,767, inclusive. Controllers therefore have
1778 free use of ports 32,768 and up.
1779 </p>
1780
1781 <column name="ofport">
1782 <p>
1783 OpenFlow port number for this interface. Open vSwitch sets this
1784 column's value, so other clients should treat it as read-only.
1785 </p>
1786 <p>
1787 The OpenFlow ``local'' port (<code>OFPP_LOCAL</code>) is 65,534.
1788 The other valid port numbers are in the range 1 to 65,279,
1789 inclusive. Value -1 indicates an error adding the interface.
1790 </p>
1791 </column>
1792
1793 <column name="ofport_request"
1794 type='{"type": "integer", "minInteger": 1, "maxInteger": 65279}'>
1795 <p>
1796 Requested OpenFlow port number for this interface.
1797 </p>
1798
1799 <p>
1800 A client should ideally set this column's value in the same
1801 database transaction that it uses to create the interface. Open
1802 vSwitch version 2.1 and later will honor a later request for a
1803 specific port number, althuogh it might confuse some controllers:
1804 OpenFlow does not have a way to announce a port number change, so
1805 Open vSwitch represents it over OpenFlow as a port deletion
1806 followed immediately by a port addition.
1807 </p>
1808
1809 <p>
1810 If <ref column="ofport_request"/> is set or changed to some other
1811 port's automatically assigned port number, Open vSwitch chooses a
1812 new port number for the latter port.
1813 </p>
1814 </column>
484c8355 1815 </group>
89365653
BP		 1816 </group>
1817
1818 <group title="System-Specific Details">
1819 <column name="type">
3fd8d445 1820 <p>
842733c3
MG		 1821 The interface type. The types supported by a particular instance of
1822 Open vSwitch are listed in the <ref table="Open_vSwitch"
1823 column="iface_types"/> column in the <ref table="Open_vSwitch"/>
1824 table. The following types are defined:
3fd8d445
BP		 1825 </p>
1826
89365653
BP		 1827 <dl>
1828 <dt><code>system</code></dt>
1829 <dd>An ordinary network device, e.g. <code>eth0</code> on Linux.
3fd8d445
BP		 1830 Sometimes referred to as ``external interfaces'' since they are
1831 generally connected to hardware external to that on which the Open
1832 vSwitch is running. The empty string is a synonym for
1833 <code>system</code>.</dd>
1834
89365653 1835 <dt><code>internal</code></dt>
2e57b537 1836 <dd>A simulated network device that sends and receives traffic. An
3fd8d445
BP		 1837 internal interface whose <ref column="name"/> is the same as its
1838 bridge's <ref table="Open_vSwitch" column="name"/> is called the
1839 ``local interface.'' It does not make sense to bond an internal
1840 interface, so the terms ``port'' and ``interface'' are often used
1841 imprecisely for internal interfaces.</dd>
1842
89365653
BP		 1843 <dt><code>tap</code></dt>
1844 <dd>A TUN/TAP device managed by Open vSwitch.</dd>
3fd8d445 1845
c1fc1411
JG		 1846 <dt><code>geneve</code></dt>
1847 <dd>
9558d2a5 1848 An Ethernet over Geneve (<code>http://tools.ietf.org/html/draft-ietf-nvo3-geneve-00</code>)
80c4589a 1849 IPv4/IPv6 tunnel.
c1fc1411 1850
9558d2a5
JG		 1851 A description of how to match and set Geneve options can be found
1852 in the <code>ovs-ofctl</code> manual page.
c1fc1411
JG		 1853 </dd>
1854
89365653 1855 <dt><code>gre</code></dt>
3fd8d445 1856 <dd>
80c4589a 1857 An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4/IPv6
79f827fa 1858 tunnel.
e16a28b5 1859 </dd>
3fd8d445 1860
e16a28b5 1861 <dt><code>ipsec_gre</code></dt>
3fd8d445 1862 <dd>
80c4589a 1863 An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4/IPv6
9cc6bf75 1864 IPsec tunnel.
a28716da 1865 </dd>
3fd8d445 1866
79f827fa
KM		 1867 <dt><code>vxlan</code></dt>
1868 <dd>
039a8ccd
BP		 1869 <p>
1870 An Ethernet tunnel over the UDP-based VXLAN protocol described in
1871 RFC 7348.
1872 </p>
1873 <p>
1874 Open vSwitch uses UDP destination port 4789. The source port used for
1875 VXLAN traffic varies on a per-flow basis and is in the ephemeral port
1876 range.
1877 </p>
79f827fa
KM		 1878 </dd>
1879
a6ae068b
LJ		 1880 <dt><code>lisp</code></dt>
1881 <dd>
a6363cfd
LJ		 1882 <p>
1883 A layer 3 tunnel over the experimental, UDP-based Locator/ID
1884 Separation Protocol (RFC 6830).
1885 </p>
1886 <p>
1887 Only IPv4 and IPv6 packets are supported by the protocol, and
1888 they are sent and received without an Ethernet header. Traffic
1889 to/from LISP ports is expected to be configured explicitly, and
1890 the ports are not intended to participate in learning based
1891 switching. As such, they are always excluded from packet
1892 flooding.
1893 </p>
a6ae068b
LJ		 1894 </dd>
1895
4237026e
PS		 1896 <dt><code>stt</code></dt>
1897 <dd>
039a8ccd
BP		 1898 The Stateless TCP Tunnel (STT) is particularly useful when tunnel
1899 endpoints are in end-systems, as it utilizes the capabilities of
1900 standard network interface cards to improve performance. STT utilizes
1901 a TCP-like header inside the IP header. It is stateless, i.e., there is
1902 no TCP connection state of any kind associated with the tunnel. The
1903 TCP-like header is used to leverage the capabilities of existing
1904 network interface cards, but should not be interpreted as implying
1905 any sort of connection state between endpoints.
1906 Since the STT protocol does not engage in the usual TCP 3-way handshake,
1907 so it will have difficulty traversing stateful firewalls.
1908 The protocol is documented at
1909 http://www.ietf.org/archive/id/draft-davie-stt-06.txt
1910
1911 All traffic uses a default destination port of 7471. STT is only
1912 available in kernel datapath on kernel 3.5 or newer.
4237026e
PS		 1913 </dd>
1914
8aed4223 1915 <dt><code>patch</code></dt>
eca2df31 1916 <dd>
3fd8d445 1917 A pair of virtual devices that act as a patch cable.
eca2df31 1918 </dd>
3fd8d445 1919
84b32864 1920 <dt><code>null</code></dt>
0faed346 1921 <dd>An ignored interface. Deprecated and slated for removal in
039a8ccd 1922 February 2013.</dd>
89365653
BP		 1923 </dl>
1924 </column>
3fd8d445
BP		 1925 </group>
1926
1927 <group title="Tunnel Options">
1928 <p>
1929 These options apply to interfaces with <ref column="type"/> of
c1fc1411 1930 <code>geneve</code>, <code>gre</code>, <code>ipsec_gre</code>,
99e7b077 1931 <code>vxlan</code>, <code>lisp</code> and <code>stt</code>.
3fd8d445
BP		 1932 </p>
1933
1934 <p>
1935 Each tunnel must be uniquely identified by the combination of <ref
1936 column="type"/>, <ref column="options" key="remote_ip"/>, <ref
1937 column="options" key="local_ip"/>, and <ref column="options"
1938 key="in_key"/>. If two ports are defined that are the same except one
1939 has an optional identifier and the other does not, the more specific
1940 one is matched first. <ref column="options" key="in_key"/> is
1941 considered more specific than <ref column="options" key="local_ip"/> if
1942 a port defines one and another port defines the other.
1943 </p>
1944
1945 <column name="options" key="remote_ip">
0ad90c84
JR		 1946 <p>Required. The remote tunnel endpoint, one of:</p>
1947
1948 <ul>
1949 <li>
80c4589a 1950 An IPv4 or IPv6 address (not a DNS name), e.g. <code>192.168.0.123</code>.
0ad90c84
JR		 1951 Only unicast endpoints are supported.
1952 </li>
1953 <li>
1954 The word <code>flow</code>. The tunnel accepts packets from any
1955 remote tunnel endpoint. To process only packets from a specific
1956 remote tunnel endpoint, the flow entries may match on the
80c4589a
PS		 1957 <code>tun_src</code> or <code>tun_ipv6_src</code>field. When
1958 sending packets to a <code>remote_ip=flow</code> tunnel, the flow
1959 actions must explicitly set the <code>tun_dst</code> or
1960 <code>tun_ipv6_dst</code> field to the IP address of the desired
1961 remote tunnel endpoint, e.g. with a <code>set_field</code> action.
0ad90c84
JR		 1962 </li>
1963 </ul>
1964
1965 <p>
039a8ccd
BP		 1966 The remote tunnel endpoint for any packet received from a tunnel
1967 is available in the <code>tun_src</code> field for matching in the
1968 flow table.
0ad90c84 1969 </p>
3fd8d445
BP		 1970 </column>
1971
1972 <column name="options" key="local_ip">
0ad90c84
JR		 1973 <p>
1974 Optional. The tunnel destination IP that received packets must
1975 match. Default is to match all addresses. If specified, may be one
1976 of:
1977 </p>
1978
1979 <ul>
1980 <li>
80c4589a 1981 An IPv4/IPv6 address (not a DNS name), e.g. <code>192.168.12.3</code>.
0ad90c84
JR		 1982 </li>
1983 <li>
1984 The word <code>flow</code>. The tunnel accepts packets sent to any
1985 of the local IP addresses of the system running OVS. To process
1986 only packets sent to a specific IP address, the flow entries may
80c4589a
PS		 1987 match on the <code>tun_dst</code> or <code>tun_ipv6_dst</code> field.
1988 When sending packets to a <code>local_ip=flow</code> tunnel, the flow
1989 actions may explicitly set the <code>tun_src</code> or <code>tun_ipv6_src</code>
1990 field to the desired IP address, e.g. with a <code>set_field</code> action.
1991 However, while routing the tunneled packet out, the local system may
1992 override the specified address with the local IP address configured for the
0ad90c84
JR		 1993 outgoing system interface.
1994
1995 <p>
1996 This option is valid only for tunnels also configured with the
1997 <code>remote_ip=flow</code> option.
1998 </p>
1999 </li>
2000 </ul>
2001
2002 <p>
2003 The tunnel destination IP address for any packet received from a
80c4589a
PS		 2004 tunnel is available in the <code>tun_dst</code> or <code>tun_ipv6_dst</code>
2005 field for matching in the flow table.
0ad90c84 2006 </p>
3fd8d445
BP		 2007 </column>
2008
2009 <column name="options" key="in_key">
2010 <p>Optional. The key that received packets must contain, one of:</p>
2011
2012 <ul>
2013 <li>
2014 <code>0</code>. The tunnel receives packets with no key or with a
2015 key of 0. This is equivalent to specifying no <ref column="options"
2016 key="in_key"/> at all.
2017 </li>
2018 <li>
271e6bc7 2019 A positive 24-bit (for Geneve, VXLAN, and LISP), 32-bit (for GRE)
99e7b077 2020 or 64-bit (for STT) number. The tunnel receives only
4237026e 2021 packets with the specified key.
3fd8d445
BP		 2022 </li>
2023 <li>
2024 The word <code>flow</code>. The tunnel accepts packets with any
2025 key. The key will be placed in the <code>tun_id</code> field for
2026 matching in the flow table. The <code>ovs-ofctl</code> manual page
2027 contains additional information about matching fields in OpenFlow
2028 flows.
2029 </li>
2030 </ul>
2031
2032 <p>
2033 </p>
2034 </column>
2035
2036 <column name="options" key="out_key">
2037 <p>Optional. The key to be set on outgoing packets, one of:</p>
2038
2039 <ul>
2040 <li>
2041 <code>0</code>. Packets sent through the tunnel will have no key.
2042 This is equivalent to specifying no <ref column="options"
2043 key="out_key"/> at all.
2044 </li>
2045 <li>
271e6bc7 2046 A positive 24-bit (for Geneve, VXLAN and LISP), 32-bit (for GRE) or
99e7b077 2047 64-bit (for STT) number. Packets sent through the tunnel
4237026e 2048 will have the specified key.
3fd8d445
BP		 2049 </li>
2050 <li>
2051 The word <code>flow</code>. Packets sent through the tunnel will
2052 have the key set using the <code>set_tunnel</code> Nicira OpenFlow
2053 vendor extension (0 is used in the absence of an action). The
2054 <code>ovs-ofctl</code> manual page contains additional information
2055 about the Nicira OpenFlow vendor extensions.
2056 </li>
2057 </ul>
2058 </column>
2059
2060 <column name="options" key="key">
2061 Optional. Shorthand to set <code>in_key</code> and
2062 <code>out_key</code> at the same time.
2063 </column>
2064
2065 <column name="options" key="tos">
2066 Optional. The value of the ToS bits to be set on the encapsulating
749ae950
PS		 2067 packet. ToS is interpreted as DSCP and ECN bits, ECN part must be
2068 zero. It may also be the word <code>inherit</code>, in which case
3fd8d445
BP		 2069 the ToS will be copied from the inner packet if it is IPv4 or IPv6
2070 (otherwise it will be 0). The ECN fields are always inherited.
2071 Default is 0.
2072 </column>
2073
2074 <column name="options" key="ttl">
2075 Optional. The TTL to be set on the encapsulating packet. It may also
2076 be the word <code>inherit</code>, in which case the TTL will be copied
2077 from the inner packet if it is IPv4 or IPv6 (otherwise it will be the
2078 system default, typically 64). Default is the system default TTL.
2079 </column>
9cc6bf75 2080
f9e5e5b3
BP		 2081 <column name="options" key="df_default"
2082 type='{"type": "boolean"}'>
9b9f4d60
EJ		 2083 Optional. If enabled, the Don't Fragment bit will be set on tunnel
2084 outer headers to allow path MTU discovery. Default is enabled; set
2085 to <code>false</code> to disable.
3fd8d445
BP		 2086 </column>
2087
526df7d8
TG		 2088 <group title="Tunnel Options: vxlan only">
2089
039a8ccd
BP		 2090 <column name="options" key="exts">
2091 <p>Optional. Comma separated list of optional VXLAN extensions to
2092 enable. The following extensions are supported:</p>
526df7d8 2093
039a8ccd
BP		 2094 <ul>
2095 <li>
2096 <code>gbp</code>: VXLAN-GBP allows to transport the group policy
2097 context of a packet across the VXLAN tunnel to other network
2098 peers. See the field description of <code>tun_gbp_id</code> and
2099 <code>tun_gbp_flags</code> in ovs-ofctl(8) for additional
2100 information.
2101 (<code>https://tools.ietf.org/html/draft-smith-vxlan-group-policy</code>)
2102 </li>
2103 </ul>
2104 </column>
526df7d8 2105
039a8ccd 2106 </group>
526df7d8 2107
4752cc0c 2108 <group title="Tunnel Options: gre, ipsec_gre, geneve, and vxlan">
3fd8d445 2109 <p>
4752cc0c
JG		 2110 <code>gre</code>, <code>ipsec_gre</code>, <code>geneve</code>, and
2111 <code>vxlan</code> interfaces support these options.
3fd8d445
BP		 2112 </p>
2113
f9e5e5b3 2114 <column name="options" key="csum" type='{"type": "boolean"}'>
3fd8d445 2115 <p>
4752cc0c
JG		 2116 Optional. Compute encapsulation header (either GRE or UDP)
2117 checksums on outgoing packets. Default is disabled, set to
2118 <code>true</code> to enable. Checksums present on incoming
2119 packets will be validated regardless of this setting.
039a8ccd 2120 </p>
3fd8d445 2121
4752cc0c
JG		 2122 <p>
2123 When using the upstream Linux kernel module, computation of
2124 checksums for <code>geneve</code> and <code>vxlan</code> requires
2125 Linux kernel version 4.0 or higher. <code>gre</code> supports
2126 checksums for all versions of Open vSwitch that support GRE.
2127 The out of tree kernel module distributed as part of OVS
2128 can compute all tunnel checksums on any kernel version that it
2129 is compatible with.
3fd8d445
BP		 2130 </p>
2131
2132 <p>
039a8ccd
BP		 2133 This option is supported for <code>ipsec_gre</code>, but not useful
2134 because GRE checksums are weaker than, and redundant with, IPsec
2135 payload authentication.
3fd8d445
BP		 2136 </p>
2137 </column>
2138 </group>
2139
2140 <group title="Tunnel Options: ipsec_gre only">
2141 <p>
2142 Only <code>ipsec_gre</code> interfaces support these options.
2143 </p>
2144
2145 <column name="options" key="peer_cert">
2146 Required for certificate authentication. A string containing the
2147 peer's certificate in PEM format. Additionally the host's
2148 certificate must be specified with the <code>certificate</code>
2149 option.
2150 </column>
2151
2152 <column name="options" key="certificate">
2153 Required for certificate authentication. The name of a PEM file
2154 containing a certificate that will be presented to the peer during
2155 authentication.
2156 </column>
2157
2158 <column name="options" key="private_key">
2159 Optional for certificate authentication. The name of a PEM file
2160 containing the private key associated with <code>certificate</code>.
2161 If <code>certificate</code> contains the private key, this option may
2162 be omitted.
2163 </column>
2164
2165 <column name="options" key="psk">
2166 Required for pre-shared key authentication. Specifies a pre-shared
2167 key for authentication that must be identical on both sides of the
2168 tunnel.
2169 </column>
2170 </group>
2171 </group>
2172
2173 <group title="Patch Options">
2174 <p>
2175 Only <code>patch</code> interfaces support these options.
2176 </p>
89365653 2177
3fd8d445
BP		 2178 <column name="options" key="peer">
2179 The <ref column="name"/> of the <ref table="Interface"/> for the other
2180 side of the patch. The named <ref table="Interface"/>'s own
2181 <code>peer</code> option must specify this <ref table="Interface"/>'s
2182 name. That is, the two patch interfaces must have reversed <ref
2183 column="name"/> and <code>peer</code> values.
89365653 2184 </column>
e210037e
AE		 2185 </group>
2186
a14b8947
IM		 2187 <group title="PMD (Poll Mode Driver) Options">
2188 <p>
2189 Only PMD netdevs support these options.
2190 </p>
2191
2192 <column name="options" key="n_rxqs"
2193 type='{"type": "integer", "minInteger": 1}'>
2194 <p>
2195 Specifies the maximum number of rx queues to be created for PMD
2196 netdev. If not specified or specified to 0, one rx queue will
2197 be created by default.
2198 </p>
2199 </column>
2200 </group>
2201
e210037e
AE		 2202 <group title="Interface Status">
2203 <p>
2204 Status information about interfaces attached to bridges, updated every
2205 5 seconds. Not all interfaces have all of these properties; virtual
2206 interfaces don't have a link speed, for example. Non-applicable
2207 columns will have empty values.
2208 </p>
2209 <column name="admin_state">
2210 <p>
2211 The administrative state of the physical network link.
2212 </p>
2213 </column>
2214
2215 <column name="link_state">
2216 <p>
0b8024eb
BP		 2217 The observed state of the physical network link. This is ordinarily
2218 the link's carrier status. If the interface's <ref table="Port"/> is
2219 a bond configured for miimon monitoring, it is instead the network
2220 link's miimon status.
e210037e
AE		 2221 </p>
2222 </column>
2223
65c3058c
EJ		 2224 <column name="link_resets">
2225 <p>
2226 The number of times Open vSwitch has observed the
2227 <ref column="link_state"/> of this <ref table="Interface"/> change.
2228 </p>
2229 </column>
2230
e210037e
AE		 2231 <column name="link_speed">
2232 <p>
2233 The negotiated speed of the physical network link.
2234 Valid values are positive integers greater than 0.
2235 </p>
2236 </column>
2237
2238 <column name="duplex">
2239 <p>
2240 The duplex mode of the physical network link.
2241 </p>
2242 </column>
2243
2244 <column name="mtu">
2245 <p>
2246 The MTU (maximum transmission unit); i.e. the largest
2247 amount of data that can fit into a single Ethernet frame.
2248 The standard Ethernet MTU is 1500 bytes. Some physical media
2249 and many kinds of virtual interfaces can be configured with
2250 higher MTUs.
2251 </p>
f915f1a8
BP		 2252 <p>
2253 This column will be empty for an interface that does not
2254 have an MTU as, for example, some kinds of tunnels do not.
2255 </p>
e210037e 2256 </column>
573c1db9 2257
3fd8d445
BP		 2258 <column name="lacp_current">
2259 Boolean value indicating LACP status for this interface. If true, this
2260 interface has current LACP information about its LACP partner. This
2261 information may be used to monitor the health of interfaces in a LACP
2262 enabled port. This column will be empty if LACP is not enabled.
2263 </column>
2264
573c1db9 2265 <column name="status">
3fd8d445
BP		 2266 Key-value pairs that report port status. Supported status values are
2267 <ref column="type"/>-dependent; some interfaces may not have a valid
2268 <ref column="status" key="driver_name"/>, for example.
2269 </column>
2270
2271 <column name="status" key="driver_name">
2272 The name of the device driver controlling the network adapter.
2273 </column>
2274
2275 <column name="status" key="driver_version">
2276 The version string of the device driver controlling the network
2277 adapter.
2278 </column>
2279
2280 <column name="status" key="firmware_version">
2281 The version string of the network adapter's firmware, if available.
2282 </column>
2283
2284 <column name="status" key="source_ip">
80c4589a 2285 The source IP address used for an IPv4/IPv6 tunnel end-point, such as
09538fdc 2286 <code>gre</code>.
573c1db9 2287 </column>
3fd8d445
BP		 2288
2289 <column name="status" key="tunnel_egress_iface">
271e6bc7
JG		 2290 Egress interface for tunnels. Currently only relevant for tunnels
2291 on Linux systems, this column will show the name of the interface
09538fdc
PS		 2292 which is responsible for routing traffic destined for the configured
2293 <ref column="options" key="remote_ip"/>. This could be an internal
2294 interface such as a bridge port.
3fd8d445
BP		 2295 </column>
2296
f9e5e5b3
BP		 2297 <column name="status" key="tunnel_egress_iface_carrier"
2298 type='{"type": "string", "enum": ["set", ["down", "up"]]}'>
2299 Whether carrier is detected on <ref column="status"
2300 key="tunnel_egress_iface"/>.
3fd8d445
BP		 2301 </column>
2302 </group>
2303
2304 <group title="Statistics">
2305 <p>
2306 Key-value pairs that report interface statistics. The current
12eb035b
AW		 2307 implementation updates these counters periodically. The update period
2308 is controlled by <ref column="other_config"
2309 key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
2310 Future implementations may update them when an interface is created,
2311 when they are queried (e.g. using an OVSDB <code>select</code>
2312 operation), and just before an interface is deleted due to virtual
2313 interface hot-unplug or VM shutdown, and perhaps at other times, but
2314 not on any regular periodic basis.
3fd8d445
BP		 2315 </p>
2316 <p>
2317 These are the same statistics reported by OpenFlow in its <code>struct
2318 ofp_port_stats</code> structure. If an interface does not support a
2319 given statistic, then that pair is omitted.
2320 </p>
2321 <group title="Statistics: Successful transmit and receive counters">
2322 <column name="statistics" key="rx_packets">
2323 Number of received packets.
2324 </column>
2325 <column name="statistics" key="rx_bytes">
2326 Number of received bytes.
2327 </column>
2328 <column name="statistics" key="tx_packets">
2329 Number of transmitted packets.
2330 </column>
2331 <column name="statistics" key="tx_bytes">
2332 Number of transmitted bytes.
2333 </column>
2334 </group>
2335 <group title="Statistics: Receive errors">
2336 <column name="statistics" key="rx_dropped">
2337 Number of packets dropped by RX.
2338 </column>
2339 <column name="statistics" key="rx_frame_err">
2340 Number of frame alignment errors.
2341 </column>
2342 <column name="statistics" key="rx_over_err">
2343 Number of packets with RX overrun.
2344 </column>
2345 <column name="statistics" key="rx_crc_err">
2346 Number of CRC errors.
2347 </column>
2348 <column name="statistics" key="rx_errors">
2349 Total number of receive errors, greater than or equal to the sum of
2350 the above.
2351 </column>
9cc6bf75 2352 </group>
3fd8d445
BP		 2353 <group title="Statistics: Transmit errors">
2354 <column name="statistics" key="tx_dropped">
2355 Number of packets dropped by TX.
2356 </column>
2357 <column name="statistics" key="collisions">
2358 Number of collisions.
2359 </column>
2360 <column name="statistics" key="tx_errors">
2361 Total number of transmit errors, greater than or equal to the sum of
2362 the above.
2363 </column>
2364 </group>
89365653
BP		 2365 </group>
2366
2367 <group title="Ingress Policing">
3f5d8c02
BP		 2368 <p>
2369 These settings control ingress policing for packets received on this
2370 interface. On a physical interface, this limits the rate at which
2371 traffic is allowed into the system from the outside; on a virtual
2372 interface (one connected to a virtual machine), this limits the rate at
2373 which the VM is able to transmit.
2374 </p>
2375 <p>
2376 Policing is a simple form of quality-of-service that simply drops
2377 packets received in excess of the configured rate. Due to its
2378 simplicity, policing is usually less accurate and less effective than
2379 egress QoS (which is configured using the <ref table="QoS"/> and <ref
2380 table="Queue"/> tables).
2381 </p>
2382 <p>
2383 Policing is currently implemented only on Linux. The Linux
2384 implementation uses a simple ``token bucket'' approach:
2385 </p>
2386 <ul>
2387 <li>
2388 The size of the bucket corresponds to <ref
2389 column="ingress_policing_burst"/>. Initially the bucket is full.
2390 </li>
2391 <li>
2392 Whenever a packet is received, its size (converted to tokens) is
2393 compared to the number of tokens currently in the bucket. If the
2394 required number of tokens are available, they are removed and the
2395 packet is forwarded. Otherwise, the packet is dropped.
2396 </li>
2397 <li>
2398 Whenever it is not full, the bucket is refilled with tokens at the
2399 rate specified by <ref column="ingress_policing_rate"/>.
2400 </li>
2401 </ul>
2402 <p>
2403 Policing interacts badly with some network protocols, and especially
2404 with fragmented IP packets. Suppose that there is enough network
2405 activity to keep the bucket nearly empty all the time. Then this token
2406 bucket algorithm will forward a single packet every so often, with the
2407 period depending on packet size and on the configured rate. All of the
2408 fragments of an IP packets are normally transmitted back-to-back, as a
2409 group. In such a situation, therefore, only one of these fragments
2410 will be forwarded and the rest will be dropped. IP does not provide
2411 any way for the intended recipient to ask for only the remaining
2412 fragments. In such a case there are two likely possibilities for what
2413 will happen next: either all of the fragments will eventually be
2414 retransmitted (as TCP will do), in which case the same problem will
2415 recur, or the sender will not realize that its packet has been dropped
2416 and data will simply be lost (as some UDP-based protocols will do).
2417 Either way, it is possible that no forward progress will ever occur.
2418 </p>
2419 <column name="ingress_policing_rate">
2420 <p>
2421 Maximum rate for data received on this interface, in kbps. Data
2422 received faster than this rate is dropped. Set to <code>0</code>
2423 (the default) to disable policing.
2424 </p>
2425 </column>
2426
89365653
BP		 2427 <column name="ingress_policing_burst">
2428 <p>Maximum burst size for data received on this interface, in kb. The
3fd8d445
BP		 2429 default burst size if set to <code>0</code> is 1000 kb. This value
2430 has no effect if <ref column="ingress_policing_rate"/>
2431 is <code>0</code>.</p>
3f5d8c02
BP		 2432 <p>
2433 Specifying a larger burst size lets the algorithm be more forgiving,
2434 which is important for protocols like TCP that react severely to
2435 dropped packets. The burst size should be at least the size of the
2436 interface's MTU. Specifying a value that is numerically at least as
2437 large as 10% of <ref column="ingress_policing_rate"/> helps TCP come
2438 closer to achieving the full rate.
2439 </p>
89365653
BP		 2440 </column>
2441 </group>
2442
ccc09689 2443 <group title="Bidirectional Forwarding Detection (BFD)">
e58855ec 2444 <p>
039a8ccd
BP		 2445 BFD, defined in RFC 5880 and RFC 5881, allows point-to-point
2446 detection of connectivity failures by occasional transmission of
2447 BFD control messages. Open vSwitch implements BFD to serve
2448 as a more popular and standards compliant alternative to CFM.
e58855ec 2449 </p>
ccc09689 2450
e58855ec 2451 <p>
039a8ccd
BP		 2452 BFD operates by regularly transmitting BFD control messages at a rate
2453 negotiated independently in each direction. Each endpoint specifies
2454 the rate at which it expects to receive control messages, and the rate
2455 at which it is willing to transmit them. Open vSwitch uses a detection
2456 multiplier of three, meaning that an endpoint signals a connectivity
2457 fault if three consecutive BFD control messages fail to arrive. In the
2458 case of a unidirectional connectivity issue, the system not receiving
2459 BFD control messages signals the problem to its peer in the messages it
2460 transmits.
e58855ec 2461 </p>
ccc09689 2462
e58855ec 2463 <p>
039a8ccd
BP		 2464 The Open vSwitch implementation of BFD aims to comply faithfully
2465 with RFC 5880 requirements. Open vSwitch does not implement the
2466 optional Authentication or ``Echo Mode'' features.
e58855ec 2467 </p>
ccc09689 2468
e58855ec 2469 <group title="BFD Configuration">
039a8ccd
BP		 2470 <p>
2471 A controller sets up key-value pairs in the <ref column="bfd"/>
2472 column to enable and configure BFD.
2473 </p>
e58855ec 2474
039a8ccd 2475 <column name="bfd" key="enable" type='{"type": "boolean"}'>
f7491dce
AW		 2476 True to enable BFD on this <ref table="Interface"/>. If not
2477 specified, BFD will not be enabled by default.
039a8ccd 2478 </column>
e58855ec 2479
039a8ccd
BP		 2480 <column name="bfd" key="min_rx"
2481 type='{"type": "integer", "minInteger": 1}'>
e58855ec
BP		 2482 The shortest interval, in milliseconds, at which this BFD session
2483 offers to receive BFD control messages. The remote endpoint may
2484 choose to send messages at a slower rate. Defaults to
2485 <code>1000</code>.
039a8ccd 2486 </column>
e58855ec 2487
039a8ccd
BP		 2488 <column name="bfd" key="min_tx"
2489 type='{"type": "integer", "minInteger": 1}'>
e58855ec
BP		 2490 The shortest interval, in milliseconds, at which this BFD session is
2491 willing to transmit BFD control messages. Messages will actually be
2492 transmitted at a slower rate if the remote endpoint is not willing to
2493 receive as quickly as specified. Defaults to <code>100</code>.
039a8ccd
BP		 2494 </column>
2495
2496 <column name="bfd" key="decay_min_rx" type='{"type": "integer"}'>
2497 An alternate receive interval, in milliseconds, that must be greater
2498 than or equal to <ref column="bfd" key="min_rx"/>. The
2499 implementation switches from <ref column="bfd" key="min_rx"/> to <ref
2500 column="bfd" key="decay_min_rx"/> when there is no obvious incoming
2501 data traffic at the interface, to reduce the CPU and bandwidth cost
2502 of monitoring an idle interface. This feature may be disabled by
2503 setting a value of 0. This feature is reset whenever <ref
2504 column="bfd" key="decay_min_rx"/> or <ref column="bfd" key="min_rx"/>
2505 changes.
2506 </column>
2507
2508 <column name="bfd" key="forwarding_if_rx" type='{"type": "boolean"}'>
34c88624
AW		 2509 When <code>true</code>, traffic received on the
2510 <ref table="Interface"/> is used to indicate the capability of packet
2511 I/O. BFD control packets are still transmitted and received. At
2512 least one BFD control packet must be received every 100 * <ref
2513 column="bfd" key="min_rx"/> amount of time. Otherwise, even if
2514 traffic are received, the <ref column="bfd" key="forwarding"/>
2515 will be <code>false</code>.
039a8ccd 2516 </column>
e58855ec 2517
039a8ccd
BP		 2518 <column name="bfd" key="cpath_down" type='{"type": "boolean"}'>
2519 Set to true to notify the remote endpoint that traffic should not be
2520 forwarded to this system for some reason other than a connectivty
2521 failure on the interface being monitored. The typical underlying
2522 reason is ``concatenated path down,'' that is, that connectivity
2523 beyond the local system is down. Defaults to false.
2524 </column>
e58855ec 2525
039a8ccd 2526 <column name="bfd" key="check_tnl_key" type='{"type": "boolean"}'>
e58855ec
BP		 2527 Set to true to make BFD accept only control messages with a tunnel
2528 key of zero. By default, BFD accepts control messages with any
2529 tunnel key.
039a8ccd
BP		 2530 </column>
2531
2532 <column name="bfd" key="bfd_local_src_mac">
2533 Set to an Ethernet address in the form
2534 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
2535 to set the MAC used as source for transmitted BFD packets. The
2536 default is the mac address of the BFD enabled interface.
2537 </column>
2538
2539 <column name="bfd" key="bfd_local_dst_mac">
2540 Set to an Ethernet address in the form
2541 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
2542 to set the MAC used as destination for transmitted BFD packets. The
2543 default is <code>00:23:20:00:00:01</code>.
2544 </column>
2545
2546 <column name="bfd" key="bfd_remote_dst_mac">
2547 Set to an Ethernet address in the form
2548 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
2549 to set the MAC used for checking the destination of received BFD packets.
2550 Packets with different destination MAC will not be considered as BFD packets.
2551 If not specified the destination MAC address of received BFD packets
2552 are not checked.
2553 </column>
2554
2555 <column name="bfd" key="bfd_src_ip">
dfe37e6a 2556 Set to an IPv4 address to set the IP address used as source for
1314739c 2557 transmitted BFD packets. The default is <code>169.254.1.1</code>.
039a8ccd 2558 </column>
dfe37e6a 2559
039a8ccd 2560 <column name="bfd" key="bfd_dst_ip">
dfe37e6a 2561 Set to an IPv4 address to set the IP address used as destination
1314739c 2562 for transmitted BFD packets. The default is <code>169.254.1.0</code>.
039a8ccd 2563 </column>
e58855ec 2564 </group>
ccc09689 2565
e58855ec 2566 <group title="BFD Status">
039a8ccd
BP		 2567 <p>
2568 The switch sets key-value pairs in the <ref column="bfd_status"/>
2569 column to report the status of BFD on this interface. When BFD is
2570 not enabled, with <ref column="bfd" key="enable"/>, the switch clears
2571 all key-value pairs from <ref column="bfd_status"/>.
2572 </p>
2573
2574 <column name="bfd_status" key="state"
2575 type='{"type": "string",
2576 "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
2577 Reports the state of the BFD session. The BFD session is fully
2578 healthy and negotiated if <code>UP</code>.
2579 </column>
2580
2581 <column name="bfd_status" key="forwarding" type='{"type": "boolean"}'>
2582 Reports whether the BFD session believes this <ref
2583 table="Interface"/> may be used to forward traffic. Typically this
2584 means the local session is signaling <code>UP</code>, and the remote
2585 system isn't signaling a problem such as concatenated path down.
2586 </column>
2587
2588 <column name="bfd_status" key="diagnostic">
60a15922
AZ		 2589 A diagnostic code specifying the local system's reason for the
2590 last change in session state. The error messages are defined in
2591 section 4.1 of [RFC 5880].
039a8ccd
BP		 2592 </column>
2593
2594 <column name="bfd_status" key="remote_state"
2595 type='{"type": "string",
2596 "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
2597 Reports the state of the remote endpoint's BFD session.
2598 </column>
2599
2600 <column name="bfd_status" key="remote_diagnostic">
60a15922
AZ		 2601 A diagnostic code specifying the remote system's reason for the
2602 last change in session state. The error messages are defined in
2603 section 4.1 of [RFC 5880].
039a8ccd 2604 </column>
4905e2df
AW		 2605
2606 <column name="bfd_status" key="flap_count"
039a8ccd 2607 type='{"type": "integer", "minInteger": 0}'>
4905e2df
AW		 2608 Counts the number of <ref column="bfd_status" key="forwarding" />
2609 flaps since start. A flap is considered as a change of the
2610 <ref column="bfd_status" key="forwarding" /> value.
2611 </column>
e58855ec 2612 </group>
ccc09689
EJ		 2613 </group>
2614
93b8df38
EJ		 2615 <group title="Connectivity Fault Management">
2616 <p>
2617 802.1ag Connectivity Fault Management (CFM) allows a group of
2618 Maintenance Points (MPs) called a Maintenance Association (MA) to
2619 detect connectivity problems with each other. MPs within a MA should
2620 have complete and exclusive interconnectivity. This is verified by
2621 occasionally broadcasting Continuity Check Messages (CCMs) at a
2622 configurable transmission interval.
2623 </p>
2624
144216a3
EJ		 2625 <p>
2626 According to the 802.1ag specification, each Maintenance Point should
2627 be configured out-of-band with a list of Remote Maintenance Points it
2628 should have connectivity to. Open vSwitch differs from the
2629 specification in this area. It simply assumes the link is faulted if
2630 no Remote Maintenance Points are reachable, and considers it not
2631 faulted otherwise.
2632 </p>
2633
b363bae4 2634 <p>
039a8ccd
BP		 2635 When operating over tunnels which have no <code>in_key</code>, or an
2636 <code>in_key</code> of <code>flow</code>. CFM will only accept CCMs
2637 with a tunnel key of zero.
b363bae4
EJ		 2638 </p>
2639
93b8df38 2640 <column name="cfm_mpid">
b1a6083a
AW		 2641 <p>
2642 A Maintenance Point ID (MPID) uniquely identifies each endpoint
2643 within a Maintenance Association. The MPID is used to identify this
2644 endpoint to other Maintenance Points in the MA. Each end of a link
2645 being monitored should have a different MPID. Must be configured to
2646 enable CFM on this <ref table="Interface"/>.
2647 </p>
2648 <p>
2649 According to the 802.1ag specification, MPIDs can only range between
2650 [1, 8191]. However, extended mode (see <ref column="other_config"
2651 key="cfm_extended"/>) supports eight byte MPIDs.
2652 </p>
93b8df38 2653 </column>
b31bcf60 2654
76c4290d
AW		 2655 <column name="cfm_flap_count">
2656 Counts the number of cfm fault flapps since boot. A flap is
2657 considered to be a change of the <ref column="cfm_fault"/> value.
2658 </column>
2659
93b8df38 2660 <column name="cfm_fault">
144216a3
EJ		 2661 <p>
2662 Indicates a connectivity fault triggered by an inability to receive
2663 heartbeats from any remote endpoint. When a fault is triggered on
2664 <ref table="Interface"/>s participating in bonds, they will be
2665 disabled.
2666 </p>
2667 <p>
2668 Faults can be triggered for several reasons. Most importantly they
2669 are triggered when no CCMs are received for a period of 3.5 times the
2670 transmission interval. Faults are also triggered when any CCMs
2671 indicate that a Remote Maintenance Point is not receiving CCMs but
2672 able to send them. Finally, a fault is triggered if a CCM is
2673 received which indicates unexpected configuration. Notably, this
2674 case arises when a CCM is received which advertises the local MPID.
2675 </p>
93b8df38 2676 </column>
a5faa982 2677
b9380396
EJ		 2678 <column name="cfm_fault_status" key="recv">
2679 Indicates a CFM fault was triggered due to a lack of CCMs received on
2680 the <ref table="Interface"/>.
2681 </column>
2682
2683 <column name="cfm_fault_status" key="rdi">
2684 Indicates a CFM fault was triggered due to the reception of a CCM with
2685 the RDI bit flagged. Endpoints set the RDI bit in their CCMs when they
2686 are not receiving CCMs themselves. This typically indicates a
2687 unidirectional connectivity failure.
2688 </column>
2689
2690 <column name="cfm_fault_status" key="maid">
2691 Indicates a CFM fault was triggered due to the reception of a CCM with
2692 a MAID other than the one Open vSwitch uses. CFM broadcasts are tagged
2693 with an identification number in addition to the MPID called the MAID.
2694 Open vSwitch only supports receiving CCM broadcasts tagged with the
2695 MAID it uses internally.
2696 </column>
2697
2698 <column name="cfm_fault_status" key="loopback">
2699 Indicates a CFM fault was triggered due to the reception of a CCM
2700 advertising the same MPID configured in the <ref column="cfm_mpid"/>
2701 column of this <ref table="Interface"/>. This may indicate a loop in
2702 the network.
2703 </column>
2704
2705 <column name="cfm_fault_status" key="overflow">
2706 Indicates a CFM fault was triggered because the CFM module received
2707 CCMs from more remote endpoints than it can keep track of.
2708 </column>
2709
2710 <column name="cfm_fault_status" key="override">
2711 Indicates a CFM fault was manually triggered by an administrator using
2712 an <code>ovs-appctl</code> command.
2713 </column>
2714
2b540ecb
MM		 2715 <column name="cfm_fault_status" key="interval">
2716 Indicates a CFM fault was triggered due to the reception of a CCM
2717 frame having an invalid interval.
2718 </column>
2719
1c0333b6
EJ		 2720 <column name="cfm_remote_opstate">
2721 <p>When in extended mode, indicates the operational state of the
039a8ccd
BP		 2722 remote endpoint as either <code>up</code> or <code>down</code>. See
2723 <ref column="other_config" key="cfm_opstate"/>.
1c0333b6
EJ		 2724 </p>
2725 </column>
2726
3967a833
MM		 2727 <column name="cfm_health">
2728 <p>
2729 Indicates the health of the interface as a percentage of CCM frames
2730 received over 21 <ref column="other_config" key="cfm_interval"/>s.
2731 The health of an interface is undefined if it is communicating with
2732 more than one <ref column="cfm_remote_mpids"/>. It reduces if
2733 healthy heartbeats are not received at the expected rate, and
2734 gradually improves as healthy heartbeats are received at the desired
2735 rate. Every 21 <ref column="other_config" key="cfm_interval"/>s, the
2736 health of the interface is refreshed.
2737 </p>
2738 <p>
2739 As mentioned above, the faults can be triggered for several reasons.
2740 The link health will deteriorate even if heartbeats are received but
2741 they are reported to be unhealthy. An unhealthy heartbeat in this
2742 context is a heartbeat for which either some fault is set or is out
2743 of sequence. The interface health can be 100 only on receiving
2744 healthy heartbeats at the desired rate.
2745 </p>
2746 </column>
2747
a5faa982
EJ		 2748 <column name="cfm_remote_mpids">
2749 When CFM is properly configured, Open vSwitch will occasionally
2750 receive CCM broadcasts. These broadcasts contain the MPID of the
2751 sending Maintenance Point. The list of MPIDs from which this
2752 <ref table="Interface"/> is receiving broadcasts from is regularly
2753 collected and written to this column.
2754 </column>
3fd8d445 2755
f9e5e5b3
BP		 2756 <column name="other_config" key="cfm_interval"
2757 type='{"type": "integer"}'>
612ca9c5
BP		 2758 <p>
2759 The interval, in milliseconds, between transmissions of CFM
2760 heartbeats. Three missed heartbeat receptions indicate a
2761 connectivity fault.
2762 </p>
2763
2764 <p>
2765 In standard operation only intervals of 3, 10, 100, 1,000, 10,000,
2766 60,000, or 600,000 ms are supported. Other values will be rounded
2767 down to the nearest value on the list. Extended mode (see <ref
2768 column="other_config" key="cfm_extended"/>) supports any interval up
2769 to 65,535 ms. In either mode, the default is 1000 ms.
2770 </p>
2771
2772 <p>We do not recommend using intervals less than 100 ms.</p>
3fd8d445
BP		 2773 </column>
2774
f9e5e5b3
BP		 2775 <column name="other_config" key="cfm_extended"
2776 type='{"type": "boolean"}'>
3fd8d445
BP		 2777 When <code>true</code>, the CFM module operates in extended mode. This
2778 causes it to use a nonstandard destination address to avoid conflicting
2779 with compliant implementations which may be running concurrently on the
2780 network. Furthermore, extended mode increases the accuracy of the
2781 <code>cfm_interval</code> configuration parameter by breaking wire
b1a6083a
AW		 2782 compatibility with 802.1ag compliant implementations. And extended
2783 mode allows eight byte MPIDs. Defaults to <code>false</code>.
3fd8d445 2784 </column>
90967e95
EJ		 2785
2786 <column name="other_config" key="cfm_demand" type='{"type": "boolean"}'>
2787 <p>
2788 When <code>true</code>, and
2789 <ref column="other_config" key="cfm_extended"/> is true, the CFM
2790 module operates in demand mode. When in demand mode, traffic
2791 received on the <ref table="Interface"/> is used to indicate
5767a79a
AW		 2792 liveness. CCMs are still transmitted and received. At least one
2793 CCM must be received every 100 * <ref column="other_config"
2794 key="cfm_interval"/> amount of time. Otherwise, even if traffic
2795 are received, the CFM module will raise the connectivity fault.
90967e95
EJ		 2796 </p>
2797
2798 <p>
039a8ccd 2799 Demand mode has a couple of caveats:
90967e95
EJ		 2800 <ul>
2801 <li>
2802 To ensure that ovs-vswitchd has enough time to pull statistics
03f209ba
AW		 2803 from the datapath, the fault detection interval is set to
2804 3.5 * MAX(<ref column="other_config" key="cfm_interval"/>, 500)
2805 ms.
90967e95
EJ		 2806 </li>
2807
2808 <li>
2809 To avoid ambiguity, demand mode disables itself when there are
2810 multiple remote maintenance points.
2811 </li>
2812
2813 <li>
2814 If the <ref table="Interface"/> is heavily congested, CCMs
2815 containing the <ref column="other_config" key="cfm_opstate"/>
2816 status may be dropped causing changes in the operational state to
2817 be delayed. Similarly, if CCMs containing the RDI bit are not
2818 received, unidirectional link failures may not be detected.
2819 </li>
2820 </ul>
2821 </p>
2822 </column>
2823
dae57238
BP		 2824 <column name="other_config" key="cfm_opstate"
2825 type='{"type": "string", "enum": ["set", ["down", "up"]]}'>
86dc6501
EJ		 2826 When <code>down</code>, the CFM module marks all CCMs it generates as
2827 operationally down without triggering a fault. This allows remote
2828 maintenance points to choose not to forward traffic to the
2829 <ref table="Interface"/> on which this CFM module is running.
2830 Currently, in Open vSwitch, the opdown bit of CCMs affects
2831 <ref table="Interface"/>s participating in bonds, and the bundle
2832 OpenFlow action. This setting is ignored when CFM is not in extended
2833 mode. Defaults to <code>up</code>.
2834 </column>
75a4ead1
EJ		 2835
2836 <column name="other_config" key="cfm_ccm_vlan"
039a8ccd 2837 type='{"type": "integer", "minInteger": 1, "maxInteger": 4095}'>
75a4ead1 2838 When set, the CFM module will apply a VLAN tag to all CCMs it generates
189cb9e4
EJ		 2839 with the given value. May be the string <code>random</code> in which
2840 case each CCM will be tagged with a different randomly generated VLAN.
75a4ead1
EJ		 2841 </column>
2842
a7aa2d3c 2843 <column name="other_config" key="cfm_ccm_pcp"
039a8ccd 2844 type='{"type": "integer", "minInteger": 1, "maxInteger": 7}'>
a7aa2d3c 2845 When set, the CFM module will apply a VLAN tag to all CCMs it generates
b363bae4 2846 with the given PCP value, the VLAN ID of the tag is governed by the
a7aa2d3c
EJ		 2847 value of <ref column="other_config" key="cfm_ccm_vlan"/>. If
2848 <ref column="other_config" key="cfm_ccm_vlan"/> is unset, a VLAN ID of
2849 zero is used.
2850 </column>
2851
93b8df38
EJ		 2852 </group>
2853
3fd8d445 2854 <group title="Bonding Configuration">
f9e5e5b3
BP		 2855 <column name="other_config" key="lacp-port-id"
2856 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
3fd8d445
BP		 2857 The LACP port ID of this <ref table="Interface"/>. Port IDs are
2858 used in LACP negotiations to identify individual ports
f9e5e5b3 2859 participating in a bond.
a8172aa3
EJ		 2860 </column>
2861
f9e5e5b3
BP		 2862 <column name="other_config" key="lacp-port-priority"
2863 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
3fd8d445
BP		 2864 The LACP port priority of this <ref table="Interface"/>. In LACP
2865 negotiations <ref table="Interface"/>s with numerically lower
f9e5e5b3 2866 priorities are preferred for aggregation.
89365653 2867 </column>
018f1525 2868
f9e5e5b3
BP		 2869 <column name="other_config" key="lacp-aggregation-key"
2870 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
3fd8d445
BP		 2871 The LACP aggregation key of this <ref table="Interface"/>. <ref
2872 table="Interface"/>s with different aggregation keys may not be active
f9e5e5b3 2873 within a given <ref table="Port"/> at the same time.
a3acf0b0 2874 </column>
3fd8d445 2875 </group>
a3acf0b0 2876
3fd8d445
BP		 2877 <group title="Virtual Machine Identifiers">
2878 <p>
2879 These key-value pairs specifically apply to an interface that
2880 represents a virtual Ethernet interface connected to a virtual
2881 machine. These key-value pairs should not be present for other types
2882 of interfaces. Keys whose names end in <code>-uuid</code> have
2883 values that uniquely identify the entity in question. For a Citrix
2884 XenServer hypervisor, these values are UUIDs in RFC 4122 format.
2885 Other hypervisors may use other formats.
2886 </p>
2887
2888 <column name="external_ids" key="attached-mac">
2889 The MAC address programmed into the ``virtual hardware'' for this
2890 interface, in the form
2891 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
2892 For Citrix XenServer, this is the value of the <code>MAC</code> field
2893 in the VIF record for this interface.
2894 </column>
2895
2896 <column name="external_ids" key="iface-id">
2897 A system-unique identifier for the interface. On XenServer, this will
2898 commonly be the same as <ref column="external_ids" key="xs-vif-uuid"/>.
2899 </column>
2900
cf9deac5
BP		 2901 <column name="external_ids" key="iface-status"
2902 type='{"type": "string",
2903 "enum": ["set", ["active", "inactive"]]}'>
2904 <p>
2905 Hypervisors may sometimes have more than one interface associated
2906 with a given <ref column="external_ids" key="iface-id"/>, only one of
2907 which is actually in use at a given time. For example, in some
2908 circumstances XenServer has both a ``tap'' and a ``vif'' interface
2909 for a single <ref column="external_ids" key="iface-id"/>, but only
2910 uses one of them at a time. A hypervisor that behaves this way must
2911 mark the currently in use interface <code>active</code> and the
2912 others <code>inactive</code>. A hypervisor that never has more than
2913 one interface for a given <ref column="external_ids" key="iface-id"/>
2914 may mark that interface <code>active</code> or omit <ref
2915 column="external_ids" key="iface-status"/> entirely.
2916 </p>
2917
2918 <p>
2919 During VM migration, a given <ref column="external_ids"
2920 key="iface-id"/> might transiently be marked <code>active</code> on
2921 two different hypervisors. That is, <code>active</code> means that
2922 this <ref column="external_ids" key="iface-id"/> is the active
2923 instance within a single hypervisor, not in a broader scope.
3634eb99
BP		 2924 There is one exception: some hypervisors support ``migration'' from a
2925 given hypervisor to itself (most often for test purposes). During
2926 such a ``migration,'' two instances of a single <ref
2927 column="external_ids" key="iface-id"/> might both be briefly marked
2928 <code>active</code> on a single hypervisor.
cf9deac5
BP		 2929 </p>
2930 </column>
2931
3fd8d445
BP		 2932 <column name="external_ids" key="xs-vif-uuid">
2933 The virtual interface associated with this interface.
2934 </column>
2935
2936 <column name="external_ids" key="xs-network-uuid">
2937 The virtual network to which this interface is attached.
2938 </column>
2939
c473936b
GS		 2940 <column name="external_ids" key="vm-id">
2941 The VM to which this interface belongs. On XenServer, this will be the
2942 same as <ref column="external_ids" key="xs-vm-uuid"/>.
2943 </column>
2944
3fd8d445
BP		 2945 <column name="external_ids" key="xs-vm-uuid">
2946 The VM to which this interface belongs.
018f1525 2947 </column>
89365653 2948 </group>
3fd8d445 2949
52a90c29
BP		 2950 <group title="VLAN Splinters">
2951 <p>
039a8ccd
BP		 2952 The ``VLAN splinters'' feature increases Open vSwitch compatibility
2953 with buggy network drivers in old versions of Linux that do not
2954 properly support VLANs when VLAN devices are not used, at some cost
2955 in memory and performance.
52a90c29
BP		 2956 </p>
2957
2958 <p>
039a8ccd
BP		 2959 When VLAN splinters are enabled on a particular interface, Open vSwitch
2960 creates a VLAN device for each in-use VLAN. For sending traffic tagged
2961 with a VLAN on the interface, it substitutes the VLAN device. Traffic
2962 received on the VLAN device is treated as if it had been received on
52a90c29
BP		 2963 the interface on the particular VLAN.
2964 </p>
2965
2966 <p>
2967 VLAN splinters consider a VLAN to be in use if:
2968 </p>
2969
2970 <ul>
45c580a3
BP		 2971 <li>
2972 The VLAN is the <ref table="Port" column="tag"/> value in any <ref
2973 table="Port"/> record.
2974 </li>
2975
52a90c29
BP		 2976 <li>
2977 The VLAN is listed within the <ref table="Port" column="trunks"/>
2978 column of the <ref table="Port"/> record of an interface on which
2979 VLAN splinters are enabled.
2980
2981 An empty <ref table="Port" column="trunks"/> does not influence the
2982 in-use VLANs: creating 4,096 VLAN devices is impractical because it
2983 will exceed the current 1,024 port per datapath limit.
2984 </li>
2985
2986 <li>
2987 An OpenFlow flow within any bridge matches the VLAN.
2988 </li>
2989 </ul>
2990
2991 <p>
2992 The same set of in-use VLANs applies to every interface on which VLAN
2993 splinters are enabled. That is, the set is not chosen separately for
2994 each interface but selected once as the union of all in-use VLANs based
2995 on the rules above.
2996 </p>
2997
2998 <p>
2999 It does not make sense to enable VLAN splinters on an interface for an
3000 access port, or on an interface that is not a physical port.
3001 </p>
3002
3003 <p>
039a8ccd
BP		 3004 VLAN splinters are deprecated. When broken device drivers are no
3005 longer in widespread use, we will delete this feature.
52a90c29
BP		 3006 </p>
3007
3008 <column name="other_config" key="enable-vlan-splinters"
3009 type='{"type": "boolean"}'>
3010 <p>
3011 Set to <code>true</code> to enable VLAN splinters on this interface.
3012 Defaults to <code>false</code>.
3013 </p>
3014
3015 <p>
3016 VLAN splinters increase kernel and userspace memory overhead, so do
3017 not use them unless they are needed.
3018 </p>
7be6d701
BP		 3019
3020 <p>
3021 VLAN splinters do not support 802.1p priority tags. Received
3022 priorities will appear to be 0, regardless of their actual values,
3023 and priorities on transmitted packets will also be cleared to 0.
3024 </p>
52a90c29
BP		 3025 </column>
3026 </group>
3027
99eef98b
DF		 3028 <group title="Auto Attach Configuration">
3029 <p>
039a8ccd 3030 Auto Attach configuration for a particular interface.
99eef98b
DF		 3031 </p>
3032
3033 <column name="lldp" key="enable" type='{"type": "boolean"}'>
039a8ccd
BP		 3034 True to enable LLDP on this <ref table="Interface"/>. If not
3035 specified, LLDP will be disabled by default.
99eef98b
DF		 3036 </column>
3037 </group>
3038
3fd8d445
BP		 3039 <group title="Common Columns">
3040 The overall purpose of these columns is described under <code>Common
3041 Columns</code> at the beginning of this document.
3042
3043 <column name="other_config"/>
3044 <column name="external_ids"/>
3045 </group>
89365653
BP		 3046 </table>
3047
254750ce
BP		 3048 <table name="Flow_Table" title="OpenFlow table configuration">
3049 <p>Configuration for a particular OpenFlow table.</p>
3050
3051 <column name="name">
3052 The table's name. Set this column to change the name that controllers
3053 will receive when they request table statistics, e.g. <code>ovs-ofctl
3054 dump-tables</code>. The name does not affect switch behavior.
3055 </column>
3056
82c22d34 3057 <group title="Eviction Policy">
254750ce 3058 <p>
82c22d34
BP		 3059 Open vSwitch supports limiting the number of flows that may be
3060 installed in a flow table, via the <ref column="flow_limit"/> column.
3061 When adding a flow would exceed this limit, by default Open vSwitch
3062 reports an error, but there are two ways to configure Open vSwitch to
3063 instead delete (``evict'') a flow to make room for the new one:
254750ce
BP		 3064 </p>
3065
82c22d34
BP		 3066 <ul>
3067 <li>
3068 Set the <ref column="overflow_policy"/> column to <code>evict</code>.
3069 </li>
254750ce 3070
82c22d34
BP		 3071 <li>
3072 Send an OpenFlow 1.4+ ``table mod request'' to enable eviction for
3073 the flow table (e.g. <code>ovs-ofctl -O OpenFlow14 mod-table br0 0
3074 evict</code> to enable eviction on flow table 0 of bridge
3075 <code>br0</code>).
3076 </li>
3077 </ul>
254750ce
BP		 3078
3079 <p>
3080 When a flow must be evicted due to overflow, the flow to evict is
f70b94de
BP		 3081 chosen through an approximation of the following algorithm. This
3082 algorithm is used regardless of how eviction was enabled:
254750ce
BP		 3083 </p>
3084
3085 <ol>
3086 <li>
3087 Divide the flows in the table into groups based on the values of the
f70b94de
BP		 3088 fields or subfields specified in the <ref column="groups"/> column,
3089 so that all of the flows in a given group have the same values for
3090 those fields. If a flow does not specify a given field, that field's
3091 value is treated as 0. If <ref column="groups"/> is empty, then all
3092 of the flows in the flow table are treated as a single group.
254750ce
BP		 3093 </li>
3094
3095 <li>
3096 Consider the flows in the largest group, that is, the group that
3097 contains the greatest number of flows. If two or more groups all
3098 have the same largest number of flows, consider the flows in all of
3099 those groups.
3100 </li>
3101
f70b94de
BP		 3102 <li>
3103 If the flows under consideration have different importance values,
3104 eliminate from consideration any flows except those with the lowest
3105 importance. (``Importance,'' a 16-bit integer value attached to each
3106 flow, was introduced in OpenFlow 1.4. Flows inserted with older
3107 versions of OpenFlow always have an importance of 0.)
3108 </li>
3109
254750ce
BP		 3110 <li>
3111 Among the flows under consideration, choose the flow that expires
3112 soonest for eviction.
3113 </li>
3114 </ol>
3115
3116 <p>
82c22d34
BP		 3117 The eviction process only considers flows that have an idle timeout
3118 or a hard timeout. That is, eviction never deletes permanent flows.
7792bfe0 3119 (Permanent flows do count against <ref column="flow_limit"/>.)
254750ce
BP		 3120 </p>
3121
82c22d34
BP		 3122 <column name="flow_limit">
3123 If set, limits the number of flows that may be added to the table.
3124 Open vSwitch may limit the number of flows in a table for other
3125 reasons, e.g. due to hardware limitations or for resource availability
3126 or performance reasons.
3127 </column>
254750ce 3128
82c22d34
BP		 3129 <column name="overflow_policy">
3130 <p>
3131 Controls the switch's behavior when an OpenFlow flow table
3132 modification request would add flows in excess of <ref
3133 column="flow_limit"/>. The supported values are:
3134 </p>
13751fd8 3135
82c22d34
BP		 3136 <dl>
3137 <dt><code>refuse</code></dt>
3138 <dd>
3139 Refuse to add the flow or flows. This is also the default policy
3140 when <ref column="overflow_policy"/> is unset.
3141 </dd>
f017d986 3142
82c22d34
BP		 3143 <dt><code>evict</code></dt>
3144 <dd>
3145 Delete a flow chosen according to the algorithm described above.
3146 </dd>
3147 </dl>
3148 </column>
f017d986 3149
82c22d34
BP		 3150 <column name="groups">
3151 <p>
3152 When <ref column="overflow_policy"/> is <code>evict</code>, this
3153 controls how flows are chosen for eviction when the flow table would
3154 otherwise exceed <ref column="flow_limit"/> flows. Its value is a
3155 set of NXM fields or sub-fields, each of which takes one of the forms
3156 <code><var>field</var>[]</code> or
3157 <code><var>field</var>[<var>start</var>..<var>end</var>]</code>,
3158 e.g. <code>NXM_OF_IN_PORT[]</code>. Please see
3159 <code>nicira-ext.h</code> for a complete list of NXM field names.
3160 </p>
f017d986 3161
82c22d34
BP		 3162 <p>
3163 Open vSwitch ignores any invalid or unknown field specifications.
3164 </p>
f017d986 3165
82c22d34
BP		 3166 <p>
3167 When eviction is not enabled, via <ref column="overflow_policy"/> or
3168 an OpenFlow 1.4+ ``table mod,'' this column has no effect.
3169 </p>
3170 </column>
3171 </group>
13751fd8 3172
82c22d34
BP		 3173 <group title="Classifier Optimization">
3174 <column name="prefixes">
3175 <p>
3176 This string set specifies which fields should be used for
3177 address prefix tracking. Prefix tracking allows the
3178 classifier to skip rules with longer than necessary prefixes,
3179 resulting in better wildcarding for datapath flows.
3180 </p>
3181 <p>
3182 Prefix tracking may be beneficial when a flow table contains
3183 matches on IP address fields with different prefix lengths.
3184 For example, when a flow table contains IP address matches on
3185 both full addresses and proper prefixes, the full address
3186 matches will typically cause the datapath flow to un-wildcard
3187 the whole address field (depending on flow entry priorities).
3188 In this case each packet with a different address gets handed
3189 to the userspace for flow processing and generates its own
3190 datapath flow. With prefix tracking enabled for the address
3191 field in question packets with addresses matching shorter
3192 prefixes would generate datapath flows where the irrelevant
3193 address bits are wildcarded, allowing the same datapath flow
3194 to handle all the packets within the prefix in question. In
3195 this case many userspace upcalls can be avoided and the
3196 overall performance can be better.
3197 </p>
3198 <p>
3199 This is a performance optimization only, so packets will
3200 receive the same treatment with or without prefix tracking.
3201 </p>
3202 <p>
3203 The supported fields are: <code>tun_id</code>,
3204 <code>tun_src</code>, <code>tun_dst</code>,
80c4589a 3205 <code>tun_ipv6_src</code>, <code>tun_ipv6_dst</code>,
82c22d34
BP		 3206 <code>nw_src</code>, <code>nw_dst</code> (or aliases
3207 <code>ip_src</code> and <code>ip_dst</code>),
3208 <code>ipv6_src</code>, and <code>ipv6_dst</code>. (Using this
3209 feature for <code>tun_id</code> would only make sense if the
3210 tunnel IDs have prefix structure similar to IP addresses.)
3211 </p>
13751fd8 3212
82c22d34
BP		 3213 <p>
3214 By default, the <code>prefixes=ip_dst,ip_src</code> are used
3215 on each flow table. This instructs the flow classifier to
3216 track the IP destination and source addresses used by the
3217 rules in this specific flow table.
3218 </p>
3219
3220 <p>
3221 The keyword <code>none</code> is recognized as an explicit
3222 override of the default values, causing no prefix fields to be
3223 tracked.
3224 </p>
3225
3226 <p>
3227 To set the prefix fields, the flow table record needs to
3228 exist:
3229 </p>
3230
3231 <dl>
3232 <dt><code>ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create Flow_Table name=table0</code></dt>
3233 <dd>
3234 Creates a flow table record for the OpenFlow table number 0.
3235 </dd>
3236
3237 <dt><code>ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src</code></dt>
3238 <dd>
3239 Enables prefix tracking for IP source and destination
3240 address fields.
3241 </dd>
3242 </dl>
3243
3244 <p>
3245 There is a maximum number of fields that can be enabled for any
3246 one flow table. Currently this limit is 3.
3247 </p>
3248 </column>
3249 </group>
e3fbd9df
BP		 3250
3251 <group title="Common Columns">
3252 The overall purpose of these columns is described under <code>Common
3253 Columns</code> at the beginning of this document.
3254
3255 <column name="external_ids"/>
3256 </group>
254750ce
BP		 3257 </table>
3258
c1c9c9c4
BP		 3259 <table name="QoS" title="Quality of Service configuration">
3260 <p>Quality of Service (QoS) configuration for each Port that
3fd8d445 3261 references it.</p>
c1c9c9c4
BP		 3262
3263 <column name="type">
b850dc6d
BP		 3264 <p>The type of QoS to implement. The currently defined types are
3265 listed below:</p>
c1c9c9c4
BP		 3266 <dl>
3267 <dt><code>linux-htb</code></dt>
6784cb57
BP		 3268 <dd>
3269 Linux ``hierarchy token bucket'' classifier. See tc-htb(8) (also at
3270 <code>http://linux.die.net/man/8/tc-htb</code>) and the HTB manual
3271 (<code>http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm</code>)
3272 for information on how this classifier works and how to configure it.
3273 </dd>
c1c9c9c4 3274 </dl>
a339aa81
EJ		 3275 <dl>
3276 <dt><code>linux-hfsc</code></dt>
3277 <dd>
3278 Linux "Hierarchical Fair Service Curve" classifier.
3279 See <code>http://linux-ip.net/articles/hfsc.en/</code> for
3280 information on how this classifier works.
3281 </dd>
3282 </dl>
677d9158
JV		 3283 <dl>
3284 <dt><code>linux-sfq</code></dt>
3285 <dd>
3286 Linux ``Stochastic Fairness Queueing'' classifier. See
3287 <code>tc-sfq</code>(8) (also at
3288 <code>http://linux.die.net/man/8/tc-sfq</code>) for information on
3289 how this classifier works.
3290 </dd>
3291 </dl>
3292 <dl>
3293 <dt><code>linux-codel</code></dt>
3294 <dd>
3295 Linux ``Controlled Delay'' classifier. See <code>tc-codel</code>(8)
3296 (also at
3297 <code>http://man7.org/linux/man-pages/man8/tc-codel.8.html</code>)
3298 for information on how this classifier works.
3299 </dd>
3300 </dl>
3301 <dl>
3302 <dt><code>linux-fq_codel</code></dt>
3303 <dd>
3304 Linux ``Fair Queuing with Controlled Delay'' classifier. See
3305 <code>tc-fq_codel</code>(8) (also at
3306 <code>http://man7.org/linux/man-pages/man8/tc-fq_codel.8.html</code>)
3307 for information on how this classifier works.
3308 </dd>
3309 </dl>
0bf765f7
IS		 3310 <dl>
3311 <dt><code>egress-policer</code></dt>
3312 <dd>
3313 An egress policer algorithm. This implementation uses the DPDK
3314 rte_meter library. The rte_meter library provides an implementation
3315 which allows the metering and policing of traffic. The implementation
3316 in OVS essentially creates a single token bucket used to police
3317 traffic. It should be noted that when the rte_meter is configured as
3318 part of QoS there will be a performance overhead as the rte_meter
3319 itself will consume CPU cycles in order to police traffic. These CPU
3320 cycles ordinarily are used for packet proccessing. As such the drop
3321 in performance will be noticed in terms of overall aggregate traffic
3322 throughput.
3323 </dd>
3324 </dl>
c1c9c9c4
BP		 3325 </column>
3326
3327 <column name="queues">
3328 <p>A map from queue numbers to <ref table="Queue"/> records. The
3fd8d445
BP		 3329 supported range of queue numbers depend on <ref column="type"/>. The
3330 queue numbers are the same as the <code>queue_id</code> used in
3331 OpenFlow in <code>struct ofp_action_enqueue</code> and other
2c999774
BP		 3332 structures.</p>
3333
3334 <p>
3335 Queue 0 is the ``default queue.'' It is used by OpenFlow output
8bddb894
BP		 3336 actions when no specific queue has been set. When no configuration for
3337 queue 0 is present, it is automatically configured as if a <ref
3338 table="Queue"/> record with empty <ref table="Queue" column="dscp"/>
3339 and <ref table="Queue" column="other_config"/> columns had been
3340 specified.
2c999774
BP		 3341 (Before version 1.6, Open vSwitch would leave queue 0 unconfigured in
3342 this case. With some queuing disciplines, this dropped all packets
3343 destined for the default queue.)
3344 </p>
c1c9c9c4
BP		 3345 </column>
3346
3fd8d445
BP		 3347 <group title="Configuration for linux-htb and linux-hfsc">
3348 <p>
3349 The <code>linux-htb</code> and <code>linux-hfsc</code> classes support
3350 the following key-value pair:
3351 </p>
9cc6bf75 3352
f9e5e5b3 3353 <column name="other_config" key="max-rate" type='{"type": "integer"}'>
3fd8d445
BP		 3354 Maximum rate shared by all queued traffic, in bit/s. Optional. If not
3355 specified, for physical interfaces, the default is the link rate. For
3356 other interfaces or if the link rate cannot be determined, the default
3357 is currently 100 Mbps.
3358 </column>
3359 </group>
13008eb3 3360
0bf765f7
IS		 3361 <group title="Configuration for egress-policer QoS">
3362 <p>
3363 <ref table="QoS"/> <ref table="QoS" column="type"/>
3364 <code>egress-policer</code> provides egress policing for userspace
3365 port types with DPDK.
3366
3367 It has the following key-value pairs defined.
3368 </p>
3369
3370 <column name="other_config" key="cir" type='{"type": "integer"}'>
3371 The Committed Information Rate (CIR) is measured in bytes of IP
3372 packets per second, i.e. it includes the IP header, but not link
3373 specific (e.g. Ethernet) headers. This represents the bytes per second
3374 rate at which the token bucket will be updated. The cir value is
3375 calculated by (pps x packet data size). For example assuming a user
3376 wishes to limit a stream consisting of 64 byte packets to 1 million
3377 packets per second the CIR would be set to to to 46000000. This value
3378 can be broken into '1,000,000 x 46'. Where 1,000,000 is the policing
3379 rate for the number of packets per second and 46 represents the size
3380 of the packet data for a 64 byte ip packet.
3381 </column>
3382 <column name="other_config" key="cbs" type='{"type": "integer"}'>
3383 The Committed Burst Size (CBS) is measured in bytes and represents a
3384 token bucket. At a minimum this value should be be set to the expected
3385 largest size packet in the traffic stream. In practice larger values
3386 may be used to increase the size of the token bucket. If a packet can
3387 be transmitted then the cbs will be decremented by the number of
3388 bytes/tokens of the packet. If there are not enough tokens in the cbs
3389 bucket the packet will be dropped.
3390 </column>
3391 </group>
3392
3fd8d445
BP		 3393 <group title="Common Columns">
3394 The overall purpose of these columns is described under <code>Common
3395 Columns</code> at the beginning of this document.
3396
3397 <column name="other_config"/>
3398 <column name="external_ids"/>
3399 </group>
c1c9c9c4
BP		 3400 </table>
3401
3402 <table name="Queue" title="QoS output queue.">
3403 <p>A configuration for a port output queue, used in configuring Quality of
3fd8d445
BP		 3404 Service (QoS) features. May be referenced by <ref column="queues"
3405 table="QoS"/> column in <ref table="QoS"/> table.</p>
13008eb3 3406
8b36f51e
EJ		 3407 <column name="dscp">
3408 If set, Open vSwitch will mark all traffic egressing this
3409 <ref table="Queue"/> with the given DSCP bits. Traffic egressing the
3410 default <ref table="Queue"/> is only marked if it was explicitly selected
3411 as the <ref table="Queue"/> at the time the packet was output. If unset,
3412 the DSCP bits of traffic egressing this <ref table="Queue"/> will remain
3413 unchanged.
3414 </column>
3415
3fd8d445
BP		 3416 <group title="Configuration for linux-htb QoS">
3417 <p>
69822b3c
EJ		 3418 <ref table="QoS"/> <ref table="QoS" column="type"/>
3419 <code>linux-htb</code> may use <code>queue_id</code>s less than 61440.
3420 It has the following key-value pairs defined.
3fd8d445 3421 </p>
9cc6bf75 3422
f9e5e5b3
BP		 3423 <column name="other_config" key="min-rate"
3424 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 3425 Minimum guaranteed bandwidth, in bit/s.
3426 </column>
3427
f9e5e5b3
BP		 3428 <column name="other_config" key="max-rate"
3429 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 3430 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
3431 queue's rate will not be allowed to exceed the specified value, even
3432 if excess bandwidth is available. If unspecified, defaults to no
3433 limit.
3434 </column>
3435
f9e5e5b3
BP		 3436 <column name="other_config" key="burst"
3437 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 3438 Burst size, in bits. This is the maximum amount of ``credits'' that a
3439 queue can accumulate while it is idle. Optional. Details of the
3440 <code>linux-htb</code> implementation require a minimum burst size, so
3441 a too-small <code>burst</code> will be silently ignored.
3442 </column>
3443
f9e5e5b3
BP		 3444 <column name="other_config" key="priority"
3445 type='{"type": "integer", "minInteger": 0, "maxInteger": 4294967295}'>
3446 A queue with a smaller <code>priority</code> will receive all the
3447 excess bandwidth that it can use before a queue with a larger value
3448 receives any. Specific priority values are unimportant; only relative
3449 ordering matters. Defaults to 0 if unspecified.
3fd8d445
BP		 3450 </column>
3451 </group>
3452
3453 <group title="Configuration for linux-hfsc QoS">
3454 <p>
69822b3c
EJ		 3455 <ref table="QoS"/> <ref table="QoS" column="type"/>
3456 <code>linux-hfsc</code> may use <code>queue_id</code>s less than 61440.
3457 It has the following key-value pairs defined.
3fd8d445 3458 </p>
9cc6bf75 3459
f9e5e5b3
BP		 3460 <column name="other_config" key="min-rate"
3461 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 3462 Minimum guaranteed bandwidth, in bit/s.
3463 </column>
9cc6bf75 3464
f9e5e5b3
BP		 3465 <column name="other_config" key="max-rate"
3466 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 3467 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
3468 queue's rate will not be allowed to exceed the specified value, even if
3469 excess bandwidth is available. If unspecified, defaults to no
3470 limit.
3471 </column>
3472 </group>
3473
3474 <group title="Common Columns">
3475 The overall purpose of these columns is described under <code>Common
3476 Columns</code> at the beginning of this document.
3477
3478 <column name="other_config"/>
3479 <column name="external_ids"/>
3480 </group>
c1c9c9c4
BP		 3481 </table>
3482
9ae7ddc0 3483 <table name="Mirror" title="Port mirroring.">
89365653
BP		 3484 <p>A port mirror within a <ref table="Bridge"/>.</p>
3485 <p>A port mirror configures a bridge to send selected frames to special
92ada132 3486 ``mirrored'' ports, in addition to their normal destinations. Mirroring
9ae7ddc0 3487 traffic may also be referred to as SPAN or RSPAN, depending on how
92ada132 3488 the mirrored traffic is sent.</p>
89365653 3489
7efbc3b7
BP		 3490 <p>
3491 When a packet enters an Open vSwitch bridge, it becomes eligible for
3492 mirroring based on its ingress port and VLAN. As the packet travels
3493 through the flow tables, each time it is output to a port, it becomes
3494 eligible for mirroring based on the egress port and VLAN. In Open
3495 vSwitch 2.5 and later, mirroring occurs just after a packet first becomes
3496 eligible, using the packet as it exists at that point; in Open vSwitch
3497 2.4 and earlier, mirroring occurs only after a packet has traversed all
3498 the flow tables, using the original packet as it entered the bridge.
3499 This makes a difference only when the flow table modifies the packet: in
3500 Open vSwitch 2.4, the modifications are never visible to mirrors, whereas
3501 in Open vSwitch 2.5 and later modifications made before the first output
3502 that makes it eligible for mirroring to a particular destination are
3503 visible.
3504 </p>
3505
3506 <p>
3507 A packet that enters an Open vSwitch bridge is mirrored to a particular
3508 destination only once, even if it is eligible for multiple reasons. For
3509 example, a packet would be mirrored to a particular <ref
3510 column="output_port"/> only once, even if it is selected for mirroring to
3511 that port by <ref column="select_dst_port"/> and <ref
3512 column="select_src_port"/> in the same or different <ref table="Mirror"/>
3513 records.
3514 </p>
3515
89365653
BP		 3516 <column name="name">
3517 Arbitrary identifier for the <ref table="Mirror"/>.
3518 </column>
3519
3520 <group title="Selecting Packets for Mirroring">
3e519d8e
BP		 3521 <p>
3522 To be selected for mirroring, a given packet must enter or leave the
3523 bridge through a selected port and it must also be in one of the
3524 selected VLANs.
3525 </p>
3526
939ff267
BP		 3527 <column name="select_all">
3528 If true, every packet arriving or departing on any port is
3529 selected for mirroring.
3530 </column>
3531
89365653
BP		 3532 <column name="select_dst_port">
3533 Ports on which departing packets are selected for mirroring.
3534 </column>
3535
3536 <column name="select_src_port">
939ff267 3537 Ports on which arriving packets are selected for mirroring.
89365653
BP		 3538 </column>
3539
3540 <column name="select_vlan">
3541 VLANs on which packets are selected for mirroring. An empty set
3542 selects packets on all VLANs.
3543 </column>
3544 </group>
3545
3546 <group title="Mirroring Destination Configuration">
3e519d8e
BP		 3547 <p>
3548 These columns are mutually exclusive. Exactly one of them must be
3549 nonempty.
3550 </p>
3551
89365653 3552 <column name="output_port">
3e519d8e 3553 <p>Output port for selected packets, if nonempty.</p>
89365653 3554 <p>Specifying a port for mirror output reserves that port exclusively
92ada132 3555 for mirroring. No frames other than those selected for mirroring
653fe3a3 3556 via this column
92ada132
BP		 3557 will be forwarded to the port, and any frames received on the port
3558 will be discarded.</p>
3559 <p>
3560 The output port may be any kind of port supported by Open vSwitch.
9ae7ddc0
JP		 3561 It may be, for example, a physical port (sometimes called SPAN) or a
3562 GRE tunnel.
92ada132 3563 </p>
89365653
BP		 3564 </column>
3565
3566 <column name="output_vlan">
3e519d8e 3567 <p>Output VLAN for selected packets, if nonempty.</p>
89365653 3568 <p>The frames will be sent out all ports that trunk
3fd8d445
BP		 3569 <ref column="output_vlan"/>, as well as any ports with implicit VLAN
3570 <ref column="output_vlan"/>. When a mirrored frame is sent out a
3571 trunk port, the frame's VLAN tag will be set to
3572 <ref column="output_vlan"/>, replacing any existing tag; when it is
3573 sent out an implicit VLAN port, the frame will not be tagged. This
3574 type of mirroring is sometimes called RSPAN.</p>
07817dfe 3575 <p>
05be4e2c
EJ		 3576 See the documentation for
3577 <ref column="other_config" key="forward-bpdu"/> in the
3578 <ref table="Interface"/> table for a list of destination MAC
3579 addresses which will not be mirrored to a VLAN to avoid confusing
3580 switches that interpret the protocols that they represent.
07817dfe 3581 </p>
89365653 3582 <p><em>Please note:</em> Mirroring to a VLAN can disrupt a network that
3fd8d445
BP		 3583 contains unmanaged switches. Consider an unmanaged physical switch
3584 with two ports: port 1, connected to an end host, and port 2,
3585 connected to an Open vSwitch configured to mirror received packets
3586 into VLAN 123 on port 2. Suppose that the end host sends a packet on
3587 port 1 that the physical switch forwards to port 2. The Open vSwitch
3588 forwards this packet to its destination and then reflects it back on
3589 port 2 in VLAN 123. This reflected packet causes the unmanaged
3590 physical switch to replace the MAC learning table entry, which
3591 correctly pointed to port 1, with one that incorrectly points to port
3592 2. Afterward, the physical switch will direct packets destined for
3593 the end host to the Open vSwitch on port 2, instead of to the end
3594 host on port 1, disrupting connectivity. If mirroring to a VLAN is
3595 desired in this scenario, then the physical switch must be replaced
3596 by one that learns Ethernet addresses on a per-VLAN basis. In
3597 addition, learning should be disabled on the VLAN containing mirrored
3598 traffic. If this is not done then intermediate switches will learn
3599 the MAC address of each end host from the mirrored traffic. If
3600 packets being sent to that end host are also mirrored, then they will
3601 be dropped since the switch will attempt to send them out the input
3602 port. Disabling learning for the VLAN will cause the switch to
3603 correctly send the packet out all ports configured for that VLAN. If
3604 Open vSwitch is being used as an intermediate switch, learning can be
3605 disabled by adding the mirrored VLAN to <ref column="flood_vlans"/>
3606 in the appropriate <ref table="Bridge"/> table or tables.</p>
3607 <p>
3608 Mirroring to a GRE tunnel has fewer caveats than mirroring to a
3609 VLAN and should generally be preferred.
3610 </p>
89365653
BP		 3611 </column>
3612 </group>
13008eb3 3613
9d24de3b
JP		 3614 <group title="Statistics: Mirror counters">
3615 <p>
12eb035b
AW		 3616 Key-value pairs that report mirror statistics. The update period
3617 is controlled by <ref column="other_config"
3618 key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
9d24de3b
JP		 3619 </p>
3620 <column name="statistics" key="tx_packets">
3621 Number of packets transmitted through this mirror.
3622 </column>
3623 <column name="statistics" key="tx_bytes">
3624 Number of bytes transmitted through this mirror.
3625 </column>
3626 </group>
3627
3fd8d445
BP		 3628 <group title="Common Columns">
3629 The overall purpose of these columns is described under <code>Common
3630 Columns</code> at the beginning of this document.
3631
3632 <column name="external_ids"/>
13008eb3 3633 </group>
89365653
BP		 3634 </table>
3635
3636 <table name="Controller" title="OpenFlow controller configuration.">
76ce9432
BP		 3637 <p>An OpenFlow controller.</p>
3638
7d674866
BP		 3639 <p>
3640 Open vSwitch supports two kinds of OpenFlow controllers:
3641 </p>
299a244b 3642
7d674866
BP		 3643 <dl>
3644 <dt>Primary controllers</dt>
3645 <dd>
3646 <p>
3647 This is the kind of controller envisioned by the OpenFlow 1.0
3648 specification. Usually, a primary controller implements a network
3649 policy by taking charge of the switch's flow table.
3650 </p>
3651
3652 <p>
3653 Open vSwitch initiates and maintains persistent connections to
3654 primary controllers, retrying the connection each time it fails or
3655 drops. The <ref table="Bridge" column="fail_mode"/> column in the
3656 <ref table="Bridge"/> table applies to primary controllers.
3657 </p>
3658
3659 <p>
3660 Open vSwitch permits a bridge to have any number of primary
3661 controllers. When multiple controllers are configured, Open
3662 vSwitch connects to all of them simultaneously. Because
3663 OpenFlow 1.0 does not specify how multiple controllers
3664 coordinate in interacting with a single switch, more than
3665 one primary controller should be specified only if the
3666 controllers are themselves designed to coordinate with each
3667 other. (The Nicira-defined <code>NXT_ROLE</code> OpenFlow
3668 vendor extension may be useful for this.)
3669 </p>
3670 </dd>
3671 <dt>Service controllers</dt>
3672 <dd>
3673 <p>
3674 These kinds of OpenFlow controller connections are intended for
3675 occasional support and maintenance use, e.g. with
3676 <code>ovs-ofctl</code>. Usually a service controller connects only
3677 briefly to inspect or modify some of a switch's state.
3678 </p>
3679
3680 <p>
3681 Open vSwitch listens for incoming connections from service
3682 controllers. The service controllers initiate and, if necessary,
3683 maintain the connections from their end. The <ref table="Bridge"
3684 column="fail_mode"/> column in the <ref table="Bridge"/> table does
3685 not apply to service controllers.
3686 </p>
3687
3688 <p>
3689 Open vSwitch supports configuring any number of service controllers.
3690 </p>
3691 </dd>
3692 </dl>
3693
3694 <p>
3695 The <ref column="target"/> determines the type of controller.
3696 </p>
89365653
BP		 3697
3698 <group title="Core Features">
3699 <column name="target">
7d674866
BP		 3700 <p>Connection method for controller.</p>
3701 <p>
3702 The following connection methods are currently supported for primary
3703 controllers:
3704 </p>
89365653
BP		 3705 <dl>
3706 <dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
3707 <dd>
125b0291
JP		 3708 <p>The specified SSL <var>port</var> on the host at the
3709 given <var>ip</var>, which must be expressed as an IP
3710 address (not a DNS name). The <ref table="Open_vSwitch"
3711 column="ssl"/> column in the <ref table="Open_vSwitch"/>
3712 table must point to a valid SSL configuration when this form
3713 is used.</p>
d4763d1d 3714 <p>If <var>port</var> is not specified, it defaults to 6653.</p>
89365653 3715 <p>SSL support is an optional feature that is not always built as
3fd8d445 3716 part of Open vSwitch.</p>
89365653
BP		 3717 </dd>
3718 <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
125b0291 3719 <dd>
e731d71b
AS		 3720 <p>
3721 The specified TCP <var>port</var> on the host at the given
3722 <var>ip</var>, which must be expressed as an IP address (not a
3723 DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
3724 <var>ip</var> is an IPv6 address, wrap it in square brackets,
d4763d1d 3725 e.g. <code>tcp:[::1]:6653</code>.
e731d71b
AS		 3726 </p>
3727 <p>
d4763d1d 3728 If <var>port</var> is not specified, it defaults to 6653.
e731d71b 3729 </p>
125b0291 3730 </dd>
7d674866
BP		 3731 </dl>
3732 <p>
3733 The following connection methods are currently supported for service
3734 controllers:
3735 </p>
3736 <dl>
3737 <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
3738 <dd>
e731d71b
AS		 3739 <p>
3740 Listens for SSL connections on the specified TCP <var>port</var>.
3741 If <var>ip</var>, which must be expressed as an IP address (not a
3742 DNS name), is specified, then connections are restricted to the
3743 specified local IP address (either IPv4 or IPv6). If
3744 <var>ip</var> is an IPv6 address, wrap it in square brackets,
d4763d1d 3745 e.g. <code>pssl:6653:[::1]</code>.
e731d71b
AS		 3746 </p>
3747 <p>
d4763d1d
JP		 3748 If <var>port</var> is not specified, it defaults to
3749 6653. If <var>ip</var> is not specified then it listens only on
e731d71b
AS		 3750 IPv4 (but not IPv6) addresses. The
3751 <ref table="Open_vSwitch" column="ssl"/>
3752 column in the <ref table="Open_vSwitch"/> table must point to a
3753 valid SSL configuration when this form is used.
3754 </p>
3755 <p>
d4763d1d 3756 If <var>port</var> is not specified, it currently to 6653.
e731d71b
AS		 3757 </p>
3758 <p>
3759 SSL support is an optional feature that is not always built as
3760 part of Open vSwitch.
3761 </p>
7d674866
BP		 3762 </dd>
3763 <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
3764 <dd>
e731d71b
AS		 3765 <p>
3766 Listens for connections on the specified TCP <var>port</var>. If
3767 <var>ip</var>, which must be expressed as an IP address (not a
3768 DNS name), is specified, then connections are restricted to the
3769 specified local IP address (either IPv4 or IPv6). If
3770 <var>ip</var> is an IPv6 address, wrap it in square brackets,
d4763d1d 3771 e.g. <code>ptcp:6653:[::1]</code>. If <var>ip</var> is not
e731d71b
AS		 3772 specified then it listens only on IPv4 addresses.
3773 </p>
3774 <p>
d4763d1d 3775 If <var>port</var> is not specified, it defaults to 6653.
e731d71b 3776 </p>
7d674866 3777 </dd>
89365653 3778 </dl>
9a3f4a49 3779 <p>When multiple controllers are configured for a single bridge, the
3fd8d445
BP		 3780 <ref column="target"/> values must be unique. Duplicate
3781 <ref column="target"/> values yield unspecified results.</p>
89365653
BP		 3782 </column>
3783
3784 <column name="connection_mode">
9a3f4a49
JP		 3785 <p>If it is specified, this setting must be one of the following
3786 strings that describes how Open vSwitch contacts this OpenFlow
3787 controller over the network:</p>
3788
3789 <dl>
3790 <dt><code>in-band</code></dt>
3791 <dd>In this mode, this controller's OpenFlow traffic travels over the
3fd8d445
BP		 3792 bridge associated with the controller. With this setting, Open
3793 vSwitch allows traffic to and from the controller regardless of the
3794 contents of the OpenFlow flow table. (Otherwise, Open vSwitch
3795 would never be able to connect to the controller, because it did
3796 not have a flow to enable it.) This is the most common connection
3797 mode because it is not necessary to maintain two independent
3798 networks.</dd>
9a3f4a49
JP		 3799 <dt><code>out-of-band</code></dt>
3800 <dd>In this mode, OpenFlow traffic uses a control network separate
3fd8d445
BP		 3801 from the bridge associated with this controller, that is, the
3802 bridge does not use any of its own network devices to communicate
3803 with the controller. The control network must be configured
3804 separately, before or after <code>ovs-vswitchd</code> is started.
9a3f4a49
JP		 3805 </dd>
3806 </dl>
76ce9432 3807
195c8086 3808 <p>If not specified, the default is implementation-specific.</p>
89365653
BP		 3809 </column>
3810 </group>
3811
3812 <group title="Controller Failure Detection and Handling">
3813 <column name="max_backoff">
3814 Maximum number of milliseconds to wait between connection attempts.
3815 Default is implementation-specific.
3816 </column>
3817
3818 <column name="inactivity_probe">
3819 Maximum number of milliseconds of idle time on connection to
3820 controller before sending an inactivity probe message. If Open
3821 vSwitch does not communicate with the controller for the specified
3822 number of seconds, it will send a probe. If a response is not
3823 received for the same additional amount of time, Open vSwitch
3824 assumes the connection has been broken and attempts to reconnect.
2bb82bf0
BP		 3825 Default is implementation-specific. A value of 0 disables
3826 inactivity probes.
89365653 3827 </column>
89365653
BP		 3828 </group>
3829
a413195e 3830 <group title="Asynchronous Messages">
9886b662
BP		 3831 <p>
3832 OpenFlow switches send certain messages to controllers spontanenously,
3833 that is, not in response to any request from the controller. These
3834 messages are called ``asynchronous messages.'' These columns allow
3835 asynchronous messages to be limited or disabled to ensure the best use
3836 of network resources.
3837 </p>
3838
3839 <column name="enable_async_messages">
3840 The OpenFlow protocol enables asynchronous messages at time of
3841 connection establishment, which means that a controller can receive
3842 asynchronous messages, potentially many of them, even if it turns them
3843 off immediately after connecting. Set this column to
3844 <code>false</code> to change Open vSwitch behavior to disable, by
3845 default, all asynchronous messages. The controller can use the
3846 <code>NXT_SET_ASYNC_CONFIG</code> Nicira extension to OpenFlow to turn
3847 on any messages that it does want to receive, if any.
3848 </column>
3849
a413195e 3850 <group title="Controller Rate Limiting">
ebb65354 3851 <p>
a413195e
BP		 3852 A switch can forward packets to a controller over the OpenFlow
3853 protocol. Forwarding packets this way at too high a rate can
3854 overwhelm a controller, frustrate use of the OpenFlow connection for
3855 other purposes, increase the latency of flow setup, and use an
3856 unreasonable amount of bandwidth. Therefore, Open vSwitch supports
3857 limiting the rate of packet forwarding to a controller.
ebb65354
BP		 3858 </p>
3859
3860 <p>
a413195e
BP		 3861 There are two main reasons in OpenFlow for a packet to be sent to a
3862 controller: either the packet ``misses'' in the flow table, that is,
3863 there is no matching flow, or a flow table action says to send the
3864 packet to the controller. Open vSwitch limits the rate of each kind
3865 of packet separately at the configured rate. Therefore, the actual
3866 rate that packets are sent to the controller can be up to twice the
3867 configured rate, when packets are sent for both reasons.
ebb65354
BP		 3868 </p>
3869
3870 <p>
a413195e
BP		 3871 This feature is specific to forwarding packets over an OpenFlow
3872 connection. It is not general-purpose QoS. See the <ref
3873 table="QoS"/> table for quality of service configuration, and <ref
3874 column="ingress_policing_rate" table="Interface"/> in the <ref
3875 table="Interface"/> table for ingress policing configuration.
ebb65354 3876 </p>
3fd8d445 3877
a413195e
BP		 3878 <column name="controller_rate_limit">
3879 <p>
3880 The maximum rate at which the switch will forward packets to the
3881 OpenFlow controller, in packets per second. If no value is
3882 specified, rate limiting is disabled.
3883 </p>
3884 </column>
3885
3886 <column name="controller_burst_limit">
3887 <p>
3888 When a high rate triggers rate-limiting, Open vSwitch queues
3889 packets to the controller for each port and transmits them to the
3890 controller at the configured rate. This value limits the number of
3891 queued packets. Ports on a bridge share the packet queue fairly.
3892 </p>
3893
3894 <p>
3895 This value has no effect unless <ref
3896 column="controller_rate_limit"/> is configured. The current
3897 default when this value is not specified is one-quarter of <ref
3898 column="controller_rate_limit"/>, meaning that queuing can delay
3899 forwarding a packet to the controller by up to 250 ms.
3900 </p>
3901 </column>
3902
3903 <group title="Controller Rate Limiting Statistics">
3904 <p>
3905 These values report the effects of rate limiting. Their values are
3906 relative to establishment of the most recent OpenFlow connection,
3907 or since rate limiting was enabled, whichever happened more
3908 recently. Each consists of two values, one with <code>TYPE</code>
3909 replaced by <code>miss</code> for rate limiting flow table misses,
3910 and the other with <code>TYPE</code> replaced by
3911 <code>action</code> for rate limiting packets sent by OpenFlow
3912 actions.
3913 </p>
3914
3915 <p>
3916 These statistics are reported only when controller rate limiting is
3917 enabled.
3918 </p>
3919
3920 <column name="status" key="packet-in-TYPE-bypassed"
3921 type='{"type": "integer", "minInteger": 0}'>
3922 Number of packets sent directly to the controller, without queuing,
3923 because the rate did not exceed the configured maximum.
3924 </column>
3925
3926 <column name="status" key="packet-in-TYPE-queued"
3927 type='{"type": "integer", "minInteger": 0}'>
3928 Number of packets added to the queue to send later.
3929 </column>
3930
3931 <column name="status" key="packet-in-TYPE-dropped"
3932 type='{"type": "integer", "minInteger": 0}'>
3933 Number of packets added to the queue that were later dropped due to
3934 overflow. This value is less than or equal to <ref column="status"
3935 key="packet-in-TYPE-queued"/>.
3936 </column>
3937
3938 <column name="status" key="packet-in-TYPE-backlog"
3939 type='{"type": "integer", "minInteger": 0}'>
3940 Number of packets currently queued. The other statistics increase
3941 monotonically, but this one fluctuates between 0 and the <ref
3942 column="controller_burst_limit"/> as conditions change.
3943 </column>
3944 </group>
3945 </group>
89365653
BP		 3946 </group>
3947
76ce9432
BP		 3948 <group title="Additional In-Band Configuration">
3949 <p>These values are considered only in in-band control mode (see
3fd8d445 3950 <ref column="connection_mode"/>).</p>
76ce9432
BP		 3951
3952 <p>When multiple controllers are configured on a single bridge, there
3fd8d445
BP		 3953 should be only one set of unique values in these columns. If different
3954 values are set for these columns in different controllers, the effect
3955 is unspecified.</p>
89365653
BP		 3956
3957 <column name="local_ip">
76ce9432
BP		 3958 The IP address to configure on the local port,
3959 e.g. <code>192.168.0.123</code>. If this value is unset, then
3960 <ref column="local_netmask"/> and <ref column="local_gateway"/> are
3961 ignored.
89365653
BP		 3962 </column>
3963
3964 <column name="local_netmask">
76ce9432
BP		 3965 The IP netmask to configure on the local port,
3966 e.g. <code>255.255.255.0</code>. If <ref column="local_ip"/> is set
3967 but this value is unset, then the default is chosen based on whether
3968 the IP address is class A, B, or C.
3969 </column>
3970
3971 <column name="local_gateway">
3972 The IP address of the gateway to configure on the local port, as a
3973 string, e.g. <code>192.168.0.1</code>. Leave this column unset if
3974 this network has no gateway.
89365653
BP		 3975 </column>
3976 </group>
13008eb3 3977
bffc0589
AE		 3978 <group title="Controller Status">
3979 <column name="is_connected">
3980 <code>true</code> if currently connected to this controller,
3981 <code>false</code> otherwise.
3982 </column>
3983
f9e5e5b3
BP		 3984 <column name="role"
3985 type='{"type": "string", "enum": ["set", ["other", "master", "slave"]]}'>
bffc0589 3986 <p>The level of authority this controller has on the associated
3fd8d445 3987 bridge. Possible values are:</p>
bffc0589
AE		 3988 <dl>
3989 <dt><code>other</code></dt>
3990 <dd>Allows the controller access to all OpenFlow features.</dd>
bffc0589
AE		 3991 <dt><code>master</code></dt>
3992 <dd>Equivalent to <code>other</code>, except that there may be at
3fd8d445
BP		 3993 most one master controller at a time. When a controller configures
3994 itself as <code>master</code>, any existing master is demoted to
9f90ed90 3995 the <code>slave</code> role.</dd>
bffc0589
AE		 3996 <dt><code>slave</code></dt>
3997 <dd>Allows the controller read-only access to OpenFlow features.
3fd8d445
BP		 3998 Attempts to modify the flow table will be rejected with an
3999 error. Slave controllers do not receive OFPT_PACKET_IN or
4000 OFPT_FLOW_REMOVED messages, but they do receive OFPT_PORT_STATUS
4001 messages.</dd>
bffc0589
AE		 4002 </dl>
4003 </column>
4004
3fd8d445
BP		 4005 <column name="status" key="last_error">
4006 A human-readable description of the last error on the connection
4007 to the controller; i.e. <code>strerror(errno)</code>. This key
4008 will exist only if an error has occurred.
4009 </column>
4010
f9e5e5b3
BP		 4011 <column name="status" key="state"
4012 type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'>
3fd8d445 4013 <p>
f9e5e5b3 4014 The state of the connection to the controller:
3fd8d445 4015 </p>
bffc0589 4016 <dl>
3fd8d445
BP		 4017 <dt><code>VOID</code></dt>
4018 <dd>Connection is disabled.</dd>
4019
4020 <dt><code>BACKOFF</code></dt>
4021 <dd>Attempting to reconnect at an increasing period.</dd>
4022
4023 <dt><code>CONNECTING</code></dt>
4024 <dd>Attempting to connect.</dd>
4025
4026 <dt><code>ACTIVE</code></dt>
4027 <dd>Connected, remote host responsive.</dd>
4028
4029 <dt><code>IDLE</code></dt>
4030 <dd>Connection is idle. Waiting for response to keep-alive.</dd>
bffc0589 4031 </dl>
3fd8d445
BP		 4032 <p>
4033 These values may change in the future. They are provided only for
4034 human consumption.
4035 </p>
4036 </column>
9cc6bf75 4037
f9e5e5b3
BP		 4038 <column name="status" key="sec_since_connect"
4039 type='{"type": "integer", "minInteger": 0}'>
3fd8d445
BP		 4040 The amount of time since this controller last successfully connected to
4041 the switch (in seconds). Value is empty if controller has never
4042 successfully connected.
bffc0589 4043 </column>
9cc6bf75 4044
f9e5e5b3
BP		 4045 <column name="status" key="sec_since_disconnect"
4046 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 4047 The amount of time since this controller last disconnected from
4048 the switch (in seconds). Value is empty if controller has never
4049 disconnected.
4050 </column>
4051 </group>
4052
f125905c
MM		 4053 <group title="Connection Parameters">
4054 <p>
4055 Additional configuration for a connection between the controller
4056 and the Open vSwitch.
4057 </p>
4058
4059 <column name="other_config" key="dscp"
039a8ccd 4060 type='{"type": "integer"}'>
cea15768
EJ		 4061 The Differentiated Service Code Point (DSCP) is specified using 6 bits
4062 in the Type of Service (TOS) field in the IP header. DSCP provides a
4063 mechanism to classify the network traffic and provide Quality of
4064 Service (QoS) on IP networks.
4065
4066 The DSCP value specified here is used when establishing the connection
0442efd9
MM		 4067 between the controller and the Open vSwitch. If no value is specified,
4068 a default value of 48 is chosen. Valid DSCP values must be in the
4069 range 0 to 63.
f125905c
MM		 4070 </column>
4071 </group>
4072
4073
3fd8d445
BP		 4074 <group title="Common Columns">
4075 The overall purpose of these columns is described under <code>Common
4076 Columns</code> at the beginning of this document.
4077
4078 <column name="external_ids"/>
f125905c 4079 <column name="other_config"/>
bffc0589 4080 </group>
89365653
BP		 4081 </table>
4082
94db5407
BP		 4083 <table name="Manager" title="OVSDB management connection.">
4084 <p>
4085 Configuration for a database connection to an Open vSwitch database
4086 (OVSDB) client.
4087 </p>
4088
4089 <p>
4090 This table primarily configures the Open vSwitch database
4091 (<code>ovsdb-server</code>), not the Open vSwitch switch
4092 (<code>ovs-vswitchd</code>). The switch does read the table to determine
4093 what connections should be treated as in-band.
4094 </p>
4095
4096 <p>
4097 The Open vSwitch database server can initiate and maintain active
4098 connections to remote clients. It can also listen for database
4099 connections.
4100 </p>
4101
4102 <group title="Core Features">
4103 <column name="target">
4104 <p>Connection method for managers.</p>
4105 <p>
4106 The following connection methods are currently supported:
4107 </p>
4108 <dl>
4109 <dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
4110 <dd>
4111 <p>
efc295d2
JP		 4112 The specified SSL <var>port</var> on the host at the given
4113 <var>ip</var>, which must be expressed as an IP address
4114 (not a DNS name). The <ref table="Open_vSwitch"
4115 column="ssl"/> column in the <ref table="Open_vSwitch"/>
4116 table must point to a valid SSL configuration when this
4117 form is used.
94db5407
BP		 4118 </p>
4119 <p>
d4763d1d 4120 If <var>port</var> is not specified, it defaults to 6640.
efc295d2
JP		 4121 </p>
4122 <p>
4123 SSL support is an optional feature that is not always
4124 built as part of Open vSwitch.
94db5407
BP		 4125 </p>
4126 </dd>
4127
4128 <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
4129 <dd>
efc295d2
JP		 4130 <p>
4131 The specified TCP <var>port</var> on the host at the given
e731d71b
AS		 4132 <var>ip</var>, which must be expressed as an IP address (not a
4133 DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
4134 <var>ip</var> is an IPv6 address, wrap it in square brackets,
d4763d1d 4135 e.g. <code>tcp:[::1]:6640</code>.
efc295d2
JP		 4136 </p>
4137 <p>
d4763d1d 4138 If <var>port</var> is not specified, it defaults to 6640.
efc295d2 4139 </p>
94db5407
BP		 4140 </dd>
4141 <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
4142 <dd>
4143 <p>
e731d71b
AS		 4144 Listens for SSL connections on the specified TCP <var>port</var>.
4145 Specify 0 for <var>port</var> to have the kernel automatically
4146 choose an available port. If <var>ip</var>, which must be
4147 expressed as an IP address (not a DNS name), is specified, then
4148 connections are restricted to the specified local IP address
4149 (either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
4150 address, wrap in square brackets,
d4763d1d 4151 e.g. <code>pssl:6640:[::1]</code>. If <var>ip</var> is not
e731d71b
AS		 4152 specified then it listens only on IPv4 (but not IPv6) addresses.
4153 The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
94db5407
BP		 4154 table="Open_vSwitch"/> table must point to a valid SSL
4155 configuration when this form is used.
4156 </p>
efc295d2 4157 <p>
d4763d1d 4158 If <var>port</var> is not specified, it defaults to 6640.
efc295d2 4159 </p>
94db5407
BP		 4160 <p>
4161 SSL support is an optional feature that is not always built as
4162 part of Open vSwitch.
4163 </p>
4164 </dd>
4165 <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
4166 <dd>
efc295d2 4167 <p>
e731d71b
AS		 4168 Listens for connections on the specified TCP <var>port</var>.
4169 Specify 0 for <var>port</var> to have the kernel automatically
4170 choose an available port. If <var>ip</var>, which must be
4171 expressed as an IP address (not a DNS name), is specified, then
4172 connections are restricted to the specified local IP address
4173 (either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
4174 address, wrap it in square brackets,
d4763d1d 4175 e.g. <code>ptcp:6640:[::1]</code>. If <var>ip</var> is not
e731d71b 4176 specified then it listens only on IPv4 addresses.
efc295d2
JP		 4177 </p>
4178 <p>
d4763d1d 4179 If <var>port</var> is not specified, it defaults to 6640.
efc295d2 4180 </p>
94db5407
BP		 4181 </dd>
4182 </dl>
4183 <p>When multiple managers are configured, the <ref column="target"/>
4184 values must be unique. Duplicate <ref column="target"/> values yield
4185 unspecified results.</p>
4186 </column>
4187
4188 <column name="connection_mode">
4189 <p>
4190 If it is specified, this setting must be one of the following strings
4191 that describes how Open vSwitch contacts this OVSDB client over the
4192 network:
4193 </p>
299a244b 4194
94db5407
BP		 4195 <dl>
4196 <dt><code>in-band</code></dt>
4197 <dd>
4198 In this mode, this connection's traffic travels over a bridge
4199 managed by Open vSwitch. With this setting, Open vSwitch allows
4200 traffic to and from the client regardless of the contents of the
4201 OpenFlow flow table. (Otherwise, Open vSwitch would never be able
4202 to connect to the client, because it did not have a flow to enable
4203 it.) This is the most common connection mode because it is not
4204 necessary to maintain two independent networks.
4205 </dd>
4206 <dt><code>out-of-band</code></dt>
4207 <dd>
4208 In this mode, the client's traffic uses a control network separate
4209 from that managed by Open vSwitch, that is, Open vSwitch does not
4210 use any of its own network devices to communicate with the client.
4211 The control network must be configured separately, before or after
4212 <code>ovs-vswitchd</code> is started.
4213 </dd>
4214 </dl>
4215
4216 <p>
4217 If not specified, the default is implementation-specific.
4218 </p>
4219 </column>
4220 </group>
4221
4222 <group title="Client Failure Detection and Handling">
4223 <column name="max_backoff">
4224 Maximum number of milliseconds to wait between connection attempts.
4225 Default is implementation-specific.
4226 </column>
4227
4228 <column name="inactivity_probe">
4229 Maximum number of milliseconds of idle time on connection to the client
4230 before sending an inactivity probe message. If Open vSwitch does not
4231 communicate with the client for the specified number of seconds, it
4232 will send a probe. If a response is not received for the same
4233 additional amount of time, Open vSwitch assumes the connection has been
4234 broken and attempts to reconnect. Default is implementation-specific.
2bb82bf0 4235 A value of 0 disables inactivity probes.
94db5407
BP		 4236 </column>
4237 </group>
4238
0b3e7a8b 4239 <group title="Status">
600766e8
AZ		 4240 <p>
4241 Key-value pair of <ref column="is_connected"/> is always updated.
4242 Other key-value pairs in the status columns may be updated depends
4243 on the <ref column="target"/> type.
4244 </p>
4245
4246 <p>
4247 When <ref column="target"/> specifies a connection method that
4248 listens for inbound connections (e.g. <code>ptcp:</code> or
4249 <code>punix:</code>), both <ref column="n_connections"/> and
4250 <ref column="is_connected"/> may also be updated while the
4251 remaining key-value pairs are omitted.
4252 </p>
4253
4254 <p>
4255 On the other hand, when <ref column="target"/> specifies an
4256 outbound connection, all key-value pairs may be updated, except
4257 the above-mentioned two key-value pairs associated with inbound
4258 connection targets. They are omitted.
4259 </p>
4260
4261 <column name="is_connected">
0b3e7a8b
AE		 4262 <code>true</code> if currently connected to this manager,
4263 <code>false</code> otherwise.
4264 </column>
4265
3fd8d445
BP		 4266 <column name="status" key="last_error">
4267 A human-readable description of the last error on the connection
4268 to the manager; i.e. <code>strerror(errno)</code>. This key
4269 will exist only if an error has occurred.
4270 </column>
4271
f9e5e5b3
BP		 4272 <column name="status" key="state"
4273 type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'>
3fd8d445 4274 <p>
f9e5e5b3 4275 The state of the connection to the manager:
3fd8d445 4276 </p>
a11f6164 4277 <dl>
3fd8d445
BP		 4278 <dt><code>VOID</code></dt>
4279 <dd>Connection is disabled.</dd>
4280
4281 <dt><code>BACKOFF</code></dt>
4282 <dd>Attempting to reconnect at an increasing period.</dd>
4283
4284 <dt><code>CONNECTING</code></dt>
4285 <dd>Attempting to connect.</dd>
4286
4287 <dt><code>ACTIVE</code></dt>
4288 <dd>Connected, remote host responsive.</dd>
4289
4290 <dt><code>IDLE</code></dt>
4291 <dd>Connection is idle. Waiting for response to keep-alive.</dd>
a11f6164 4292 </dl>
3fd8d445
BP		 4293 <p>
4294 These values may change in the future. They are provided only for
4295 human consumption.
4296 </p>
4297 </column>
4298
f9e5e5b3
BP		 4299 <column name="status" key="sec_since_connect"
4300 type='{"type": "integer", "minInteger": 0}'>
3fd8d445
BP		 4301 The amount of time since this manager last successfully connected
4302 to the database (in seconds). Value is empty if manager has never
4303 successfully connected.
4304 </column>
4305
f9e5e5b3
BP		 4306 <column name="status" key="sec_since_disconnect"
4307 type='{"type": "integer", "minInteger": 0}'>
3fd8d445
BP		 4308 The amount of time since this manager last disconnected from the
4309 database (in seconds). Value is empty if manager has never
4310 disconnected.
4311 </column>
4312
4313 <column name="status" key="locks_held">
4314 Space-separated list of the names of OVSDB locks that the connection
4315 holds. Omitted if the connection does not hold any locks.
4316 </column>
4317
4318 <column name="status" key="locks_waiting">
4319 Space-separated list of the names of OVSDB locks that the connection is
4320 currently waiting to acquire. Omitted if the connection is not waiting
4321 for any locks.
4322 </column>
4323
4324 <column name="status" key="locks_lost">
4325 Space-separated list of the names of OVSDB locks that the connection
4326 has had stolen by another OVSDB client. Omitted if no locks have been
4327 stolen from this connection.
4328 </column>
4329
f9e5e5b3
BP		 4330 <column name="status" key="n_connections"
4331 type='{"type": "integer", "minInteger": 2}'>
600766e8
AZ		 4332 When <ref column="target"/> specifies a connection method that
4333 listens for inbound connections (e.g. <code>ptcp:</code> or
4334 <code>pssl:</code>) and more than one connection is actually active,
4335 the value is the number of active connections. Otherwise, this
4336 key-value pair is omitted.
0b3e7a8b 4337 </column>
798e1352
BP		 4338
4339 <column name="status" key="bound_port" type='{"type": "integer"}'>
039a8ccd
BP		 4340 When <ref column="target"/> is <code>ptcp:</code> or
4341 <code>pssl:</code>, this is the TCP port on which the OVSDB server is
6c75e208 4342 listening. (This is particularly useful when <ref
039a8ccd
BP		 4343 column="target"/> specifies a port of 0, allowing the kernel to
4344 choose any available port.)
798e1352 4345 </column>
0b3e7a8b 4346 </group>
3fd8d445 4347
f125905c
MM		 4348 <group title="Connection Parameters">
4349 <p>
4350 Additional configuration for a connection between the manager
4351 and the Open vSwitch Database.
4352 </p>
4353
4354 <column name="other_config" key="dscp"
039a8ccd 4355 type='{"type": "integer"}'>
cea15768
EJ		 4356 The Differentiated Service Code Point (DSCP) is specified using 6 bits
4357 in the Type of Service (TOS) field in the IP header. DSCP provides a
4358 mechanism to classify the network traffic and provide Quality of
4359 Service (QoS) on IP networks.
4360
4361 The DSCP value specified here is used when establishing the connection
0442efd9
MM		 4362 between the manager and the Open vSwitch. If no value is specified, a
4363 default value of 48 is chosen. Valid DSCP values must be in the range
4364 0 to 63.
f125905c
MM		 4365 </column>
4366 </group>
4367
3fd8d445
BP		 4368 <group title="Common Columns">
4369 The overall purpose of these columns is described under <code>Common
4370 Columns</code> at the beginning of this document.
4371
4372 <column name="external_ids"/>
f125905c 4373 <column name="other_config"/>
3fd8d445 4374 </group>
94db5407
BP		 4375 </table>
4376
89365653
BP		 4377 <table name="NetFlow">
4378 A NetFlow target. NetFlow is a protocol that exports a number of
4379 details about terminating IP flows, such as the principals involved
4380 and duration.
4381
4382 <column name="targets">
4383 NetFlow targets in the form
4384 <code><var>ip</var>:<var>port</var></code>. The <var>ip</var>
4385 must be specified numerically, not as a DNS name.
4386 </column>
4387
4388 <column name="engine_id">
4389 Engine ID to use in NetFlow messages. Defaults to datapath index
4390 if not specified.
4391 </column>
4392
4393 <column name="engine_type">
4394 Engine type to use in NetFlow messages. Defaults to datapath
4395 index if not specified.
4396 </column>
4397
4398 <column name="active_timeout">
a70f8b11 4399 <p>
039a8ccd
BP		 4400 The interval at which NetFlow records are sent for flows that
4401 are still active, in seconds. A value of <code>0</code>
4402 requests the default timeout (currently 600 seconds); a value
4403 of <code>-1</code> disables active timeouts.
a70f8b11
BP		 4404 </p>
4405
4406 <p>
039a8ccd
BP		 4407 The NetFlow passive timeout, for flows that become inactive,
4408 is not configurable. It will vary depending on the Open
4409 vSwitch version, the forms and contents of the OpenFlow flow
4410 tables, CPU and memory usage, and network activity. A typical
4411 passive timeout is about a second.
a70f8b11 4412 </p>
89365653
BP		 4413 </column>
4414
4415 <column name="add_id_to_interface">
4416 <p>If this column's value is <code>false</code>, the ingress and egress
3fd8d445
BP		 4417 interface fields of NetFlow flow records are derived from OpenFlow port
4418 numbers. When it is <code>true</code>, the 7 most significant bits of
4419 these fields will be replaced by the least significant 7 bits of the
4420 engine id. This is useful because many NetFlow collectors do not
4421 expect multiple switches to be sending messages from the same host, so
4422 they do not store the engine information which could be used to
4423 disambiguate the traffic.</p>
89365653
BP		 4424 <p>When this option is enabled, a maximum of 508 ports are supported.</p>
4425 </column>
13008eb3 4426
3fd8d445
BP		 4427 <group title="Common Columns">
4428 The overall purpose of these columns is described under <code>Common
4429 Columns</code> at the beginning of this document.
4430
4431 <column name="external_ids"/>
4432 </group>
89365653
BP		 4433 </table>
4434
4435 <table name="SSL">
4436 SSL configuration for an Open_vSwitch.
4437
4438 <column name="private_key">
4439 Name of a PEM file containing the private key used as the switch's
4440 identity for SSL connections to the controller.
4441 </column>
4442
4443 <column name="certificate">
4444 Name of a PEM file containing a certificate, signed by the
4445 certificate authority (CA) used by the controller and manager,
4446 that certifies the switch's private key, identifying a trustworthy
4447 switch.
4448 </column>
4449
4450 <column name="ca_cert">
4451 Name of a PEM file containing the CA certificate used to verify
4452 that the switch is connected to a trustworthy controller.
4453 </column>
4454
4455 <column name="bootstrap_ca_cert">
4456 If set to <code>true</code>, then Open vSwitch will attempt to
4457 obtain the CA certificate from the controller on its first SSL
4458 connection and save it to the named PEM file. If it is successful,
4459 it will immediately drop the connection and reconnect, and from then
4460 on all SSL connections must be authenticated by a certificate signed
4461 by the CA certificate thus obtained. <em>This option exposes the
3fd8d445
BP		 4462 SSL connection to a man-in-the-middle attack obtaining the initial
4463 CA certificate.</em> It may still be useful for bootstrapping.
89365653 4464 </column>
13008eb3 4465
3fd8d445
BP		 4466 <group title="Common Columns">
4467 The overall purpose of these columns is described under <code>Common
4468 Columns</code> at the beginning of this document.
4469
4470 <column name="external_ids"/>
4471 </group>
89365653
BP		 4472 </table>
4473
4474 <table name="sFlow">
29089a54
RL		 4475 <p>A set of sFlow(R) targets. sFlow is a protocol for remote
4476 monitoring of switches.</p>
89365653
BP		 4477
4478 <column name="agent">
e723ff43 4479 Name of the network device whose IP address should be reported as the
733adf2a
LG		 4480 ``agent address'' to collectors. If not specified, the agent device is
4481 figured from the first target address and the routing table. If the
4482 routing table does not contain a route to the target, the IP address
e723ff43
BP		 4483 defaults to the <ref table="Controller" column="local_ip"/> in the
4484 collector's <ref table="Controller"/>. If an agent IP address cannot be
733adf2a 4485 determined any of these ways, sFlow is disabled.
89365653
BP		 4486 </column>
4487
4488 <column name="header">
4489 Number of bytes of a sampled packet to send to the collector.
4490 If not specified, the default is 128 bytes.
4491 </column>
4492
4493 <column name="polling">
4494 Polling rate in seconds to send port statistics to the collector.
4495 If not specified, defaults to 30 seconds.
4496 </column>
4497
4498 <column name="sampling">
4499 Rate at which packets should be sampled and sent to the collector.
4500 If not specified, defaults to 400, which means one out of 400
4501 packets, on average, will be sent to the collector.
4502 </column>
4503
4504 <column name="targets">
4505 sFlow targets in the form
4506 <code><var>ip</var>:<var>port</var></code>.
4507 </column>
13008eb3 4508
3fd8d445
BP		 4509 <group title="Common Columns">
4510 The overall purpose of these columns is described under <code>Common
4511 Columns</code> at the beginning of this document.
4512
4513 <column name="external_ids"/>
4514 </group>
89365653 4515 </table>
c1c9c9c4 4516
29089a54 4517 <table name="IPFIX">
99ec8f05 4518 <p>Configuration for sending packets to IPFIX collectors.</p>
29089a54 4519
99ec8f05
BP		 4520 <p>
4521 IPFIX is a protocol that exports a number of details about flows. The
4522 IPFIX implementation in Open vSwitch samples packets at a configurable
4523 rate, extracts flow information from those packets, optionally caches and
4524 aggregates the flow information, and sends the result to one or more
4525 collectors.
4526 </p>
29089a54 4527
99ec8f05
BP		 4528 <p>
4529 IPFIX in Open vSwitch can be configured two different ways:
4530 </p>
29089a54 4531
99ec8f05
BP		 4532 <ul>
4533 <li>
4534 With <em>per-bridge sampling</em>, Open vSwitch performs IPFIX sampling
4535 automatically on all packets that pass through a bridge. To configure
4536 per-bridge sampling, create an <ref table="IPFIX"/> record and point a
4537 <ref table="Bridge"/> table's <ref table="Bridge" column="ipfix"/>
4538 column to it. The <ref table="Flow_Sample_Collector_Set"/> table is
4539 not used for per-bridge sampling.
4540 </li>
4541
4542 <li>
4543 <p>
4544 With <em>flow-based sampling</em>, <code>sample</code> actions in the
4545 OpenFlow flow table drive IPFIX sampling. See
4546 <code>ovs-ofctl</code>(8) for a description of the
4547 <code>sample</code> action.
4548 </p>
4549
4550 <p>
4551 Flow-based sampling also requires database configuration: create a
4552 <ref table="IPFIX"/> record that describes the IPFIX configuration
4553 and a <ref table="Flow_Sample_Collector_Set"/> record that points to
4554 the <ref table="Bridge"/> whose flow table holds the
4555 <code>sample</code> actions and to <ref table="IPFIX"/> record. The
4556 <ref table="Bridge" column="ipfix"/> in the <ref table="Bridge"/>
4557 table is not used for flow-based sampling.
4558 </p>
4559 </li>
4560 </ul>
29089a54 4561
99ec8f05
BP		 4562 <column name="targets">
4563 IPFIX target collectors in the form
4564 <code><var>ip</var>:<var>port</var></code>.
29089a54
RL		 4565 </column>
4566
978427a5
RL		 4567 <column name="cache_active_timeout">
4568 The maximum period in seconds for which an IPFIX flow record is
4569 cached and aggregated before being sent. If not specified,
4570 defaults to 0. If 0, caching is disabled.
4571 </column>
4572
4573 <column name="cache_max_flows">
4574 The maximum number of IPFIX flow records that can be cached at a
4575 time. If not specified, defaults to 0. If 0, caching is
4576 disabled.
4577 </column>
4578
99ec8f05
BP		 4579 <group title="Per-Bridge Sampling">
4580 <p>
4581 These values affect only per-bridge sampling. See above for a
4582 description of the differences between per-bridge and flow-based
4583 sampling.
4584 </p>
8b7ea2d4 4585
99ec8f05
BP		 4586 <column name="sampling">
4587 The rate at which packets should be sampled and sent to each target
4588 collector. If not specified, defaults to 400, which means one out of
4589 400 packets, on average, will be sent to each target collector.
4590 </column>
8b7ea2d4 4591
99ec8f05
BP		 4592 <column name="obs_domain_id">
4593 The IPFIX Observation Domain ID sent in each IPFIX packet. If not
4594 specified, defaults to 0.
4595 </column>
4596
4597 <column name="obs_point_id">
4598 The IPFIX Observation Point ID sent in each IPFIX flow record. If not
4599 specified, defaults to 0.
4600 </column>
4601
4602 <column name="other_config" key="enable-tunnel-sampling"
4603 type='{"type": "boolean"}'>
4604 <p>
4605 Set to <code>true</code> to enable sampling and reporting tunnel
4606 header 7-tuples in IPFIX flow records. Tunnel sampling is disabled
4607 by default.
4608 </p>
4609
4610 <p>
4611 The following enterprise entities report the sampled tunnel info:
4612 </p>
4613
4614 <dl>
4615 <dt>tunnelType:</dt>
4616 <dd>
4617 <p>ID: 891, and enterprise ID 6876 (VMware).</p>
4618 <p>type: unsigned 8-bit integer.</p>
4619 <p>data type semantics: identifier.</p>
4620 <p>description: Identifier of the layer 2 network overlay network
4621 encapsulation type: 0x01 VxLAN, 0x02 GRE, 0x03 LISP, 0x05 IPsec+GRE,
4622 0x07 GENEVE.</p>
4623 </dd>
4624 <dt>tunnelKey:</dt>
4625 <dd>
4626 <p>ID: 892, and enterprise ID 6876 (VMware).</p>
4627 <p>type: variable-length octetarray.</p>
4628 <p>data type semantics: identifier.</p>
4629 <p>description: Key which is used for identifying an individual
4630 traffic flow within a VxLAN (24-bit VNI), GENEVE (24-bit VNI),
99e7b077 4631 GRE (32-bit key), or LISP (24-bit instance ID) tunnel. The
99ec8f05
BP		 4632 key is encoded in this octetarray as a 3-, 4-, or 8-byte integer
4633 ID in network byte order.</p>
4634 </dd>
4635 <dt>tunnelSourceIPv4Address:</dt>
4636 <dd>
4637 <p>ID: 893, and enterprise ID 6876 (VMware).</p>
4638 <p>type: unsigned 32-bit integer.</p>
4639 <p>data type semantics: identifier.</p>
4640 <p>description: The IPv4 source address in the tunnel IP packet
4641 header.</p>
4642 </dd>
4643 <dt>tunnelDestinationIPv4Address:</dt>
4644 <dd>
4645 <p>ID: 894, and enterprise ID 6876 (VMware).</p>
4646 <p>type: unsigned 32-bit integer.</p>
4647 <p>data type semantics: identifier.</p>
4648 <p>description: The IPv4 destination address in the tunnel IP
4649 packet header.</p>
4650 </dd>
4651 <dt>tunnelProtocolIdentifier:</dt>
4652 <dd>
4653 <p>ID: 895, and enterprise ID 6876 (VMware).</p>
4654 <p>type: unsigned 8-bit integer.</p>
4655 <p>data type semantics: identifier.</p>
4656 <p>description: The value of the protocol number in the tunnel
4657 IP packet header. The protocol number identifies the tunnel IP
4658 packet payload type.</p>
4659 </dd>
4660 <dt>tunnelSourceTransportPort:</dt>
4661 <dd>
4662 <p>ID: 896, and enterprise ID 6876 (VMware).</p>
4663 <p>type: unsigned 16-bit integer.</p>
4664 <p>data type semantics: identifier.</p>
4665 <p>description: The source port identifier in the tunnel transport
4666 header. For the transport protocols UDP, TCP, and SCTP, this is
4667 the source port number given in the respective header.</p>
4668 </dd>
4669 <dt>tunnelDestinationTransportPort:</dt>
4670 <dd>
4671 <p>ID: 897, and enterprise ID 6876 (VMware).</p>
4672 <p>type: unsigned 16-bit integer.</p>
4673 <p>data type semantics: identifier.</p>
4674 <p>description: The destination port identifier in the tunnel
4675 transport header. For the transport protocols UDP, TCP, and SCTP,
4676 this is the destination port number given in the respective header.
4677 </p>
4678 </dd>
4679 </dl>
4680 </column>
4681
4682 <column name="other_config" key="enable-input-sampling"
4683 type='{"type": "boolean"}'>
4684 By default, Open vSwitch samples and reports flows at bridge port input
4685 in IPFIX flow records. Set this column to <code>false</code> to
4686 disable input sampling.
4687 </column>
4688
4689 <column name="other_config" key="enable-output-sampling"
4690 type='{"type": "boolean"}'>
4691 By default, Open vSwitch samples and reports flows at bridge port
4692 output in IPFIX flow records. Set this column to <code>false</code> to
4693 disable output sampling.
4694 </column>
4695 </group>
8b7ea2d4 4696
29089a54
RL		 4697 <group title="Common Columns">
4698 The overall purpose of these columns is described under <code>Common
4699 Columns</code> at the beginning of this document.
4700
4701 <column name="external_ids"/>
4702 </group>
4703 </table>
4704
4705 <table name="Flow_Sample_Collector_Set">
99ec8f05
BP		 4706 <p>
4707 A set of IPFIX collectors of packet samples generated by OpenFlow
4708 <code>sample</code> actions. This table is used only for IPFIX
4709 flow-based sampling, not for per-bridge sampling (see the <ref
4710 table="IPFIX"/> table for a description of the two forms).
4711 </p>
29089a54
RL		 4712
4713 <column name="id">
4714 The ID of this collector set, unique among the bridge's
4715 collector sets, to be used as the <code>collector_set_id</code>
4716 in OpenFlow <code>sample</code> actions.
4717 </column>
4718
4719 <column name="bridge">
4720 The bridge into which OpenFlow <code>sample</code> actions can
4721 be added to send packet samples to this set of IPFIX collectors.
4722 </column>
4723
4724 <column name="ipfix">
4725 Configuration of the set of IPFIX collectors to send one flow
4726 record per sampled packet to.
4727 </column>
4728
4729 <group title="Common Columns">
4730 The overall purpose of these columns is described under <code>Common
4731 Columns</code> at the beginning of this document.
4732
4733 <column name="external_ids"/>
4734 </group>
4735 </table>
4736
99eef98b 4737 <table name="AutoAttach">
039a8ccd
BP		 4738 <p>
4739 Auto Attach configuration within a bridge. The IETF Auto-Attach SPBM
4740 draft standard describes a compact method of using IEEE 802.1AB Link
4741 Layer Discovery Protocol (LLDP) together with a IEEE 802.1aq Shortest
4742 Path Bridging (SPB) network to automatically attach network devices
4743 to individual services in a SPB network. The intent here is to allow
4744 network applications and devices using OVS to be able to easily take
4745 advantage of features offered by industry standard SPB networks.
4746 </p>
4747
4748 <p>
4749 Auto Attach (AA) uses LLDP to communicate between a directly connected
4750 Auto Attach Client (AAC) and Auto Attach Server (AAS). The LLDP protocol
4751 is extended to add two new Type-Length-Value tuples (TLVs). The first
4752 new TLV supports the ongoing discovery of directly connected AA
4753 correspondents. Auto Attach operates by regularly transmitting AA
4754 discovery TLVs between the AA client and AA server. By exchanging these
4755 discovery messages, both the AAC and AAS learn the system name and
4756 system description of their peer. In the OVS context, OVS operates as
4757 the AA client and the AA server resides on a switch at the edge of the
4758 SPB network.
4759 </p>
4760
4761 <p>
4762 Once AA discovery has been completed the AAC then uses the second new TLV
4763 to deliver identifier mappings from the AAC to the AAS. A primary feature
4764 of Auto Attach is to facilitate the mapping of VLANs defined outside the
4765 SPB network onto service ids (ISIDs) defined within the SPM network. By
4766 doing so individual external VLANs can be mapped onto specific SPB
4767 network services. These VLAN id to ISID mappings can be configured and
4768 managed locally using new options added to the ovs-vsctl command.
4769 </p>
4770
4771 <p>
4772 The Auto Attach OVS feature does not provide a full implementation of
4773 the LLDP protocol. Support for the mandatory TLVs as defined by the LLDP
4774 standard and support for the AA TLV extensions is provided. LLDP
4775 protocol support in OVS can be enabled or disabled on a port by port
4776 basis. LLDP support is disabled by default.
4777 </p>
99eef98b
DF		 4778
4779 <column name="system_name">
4780 The system_name string is exported in LLDP messages. It should uniquely
4781 identify the bridge in the network.
4782 </column>
4783
4784 <column name="system_description">
4785 The system_description string is exported in LLDP messages. It should
4786 describe the type of software and hardware.
4787 </column>
4788
4789 <column name="mappings">
039a8ccd
BP		 4790 A mapping from SPB network Individual Service Identifier (ISID) to VLAN
4791 id.
99eef98b
DF		 4792 </column>
4793 </table>
89365653 4794</database>
openvswitch packages for PVE