]> git.proxmox.com Git - ovs.git/blame - vswitchd/vswitch.xml
projects / ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: rstp close input file
[ovs.git] / vswitchd / vswitch.xml
CommitLineData
ce887677 1<?xml version="1.0" encoding="utf-8"?>
57ba0a77 2<database name="ovs-vswitchd.conf.db" title="Open vSwitch Configuration Database">
c5f341ab
BP		 3 <p>
4 A database with this schema holds the configuration for one Open
5 vSwitch daemon. The top-level configuration for the daemon is the
6 <ref table="Open_vSwitch"/> table, which must have exactly one
89365653 7 record. Records in other tables are significant only when they
c5f341ab
BP		 8 can be reached directly or indirectly from the <ref
9 table="Open_vSwitch"/> table. Records that are not reachable from
10 the <ref table="Open_vSwitch"/> table are automatically deleted
11 from the database, except for records in a few distinguished
3fd8d445 12 ``root set'' tables.
c5f341ab 13 </p>
89365653 14
3fd8d445
BP		 15 <h2>Common Columns</h2>
16
17 <p>
18 Most tables contain two special columns, named <code>other_config</code>
19 and <code>external_ids</code>. These columns have the same form and
20 purpose each place that they appear, so we describe them here to save space
21 later.
22 </p>
23
24 <dl>
25 <dt><code>other_config</code>: map of string-string pairs</dt>
26 <dd>
27 <p>
28 Key-value pairs for configuring rarely used features. Supported keys,
29 along with the forms taken by their values, are documented individually
30 for each table.
31 </p>
32 <p>
33 A few tables do not have <code>other_config</code> columns because no
34 key-value pairs have yet been defined for them.
35 </p>
36 </dd>
37
38 <dt><code>external_ids</code>: map of string-string pairs</dt>
39 <dd>
40 Key-value pairs for use by external frameworks that integrate with Open
41 vSwitch, rather than by Open vSwitch itself. System integrators should
42 either use the Open vSwitch development mailing list to coordinate on
43 common key-value definitions, or choose key names that are likely to be
44 unique. In some cases, where key-value pairs have been defined that are
45 likely to be widely useful, they are documented individually for each
46 table.
47 </dd>
48 </dl>
49
89365653 50 <table name="Open_vSwitch" title="Open vSwitch configuration.">
c5f341ab
BP		 51 Configuration for an Open vSwitch daemon. There must be exactly
52 one record in the <ref table="Open_vSwitch"/> table.
89365653
BP		 53
54 <group title="Configuration">
55 <column name="bridges">
56 Set of bridges managed by the daemon.
57 </column>
58
89365653
BP		 59 <column name="ssl">
60 SSL used globally by the daemon.
61 </column>
f5e7ed5d 62
3fd8d445
BP		 63 <column name="external_ids" key="system-id">
64 A unique identifier for the Open vSwitch's physical host.
65 The form of the identifier depends on the type of the host.
66 On a Citrix XenServer, this will likely be the same as
67 <ref column="external_ids" key="xs-system-uuid"/>.
3fe80505
BP		 68 </column>
69
3fd8d445
BP		 70 <column name="external_ids" key="xs-system-uuid">
71 The Citrix XenServer universally unique identifier for the physical
72 host as displayed by <code>xe host-list</code>.
f5e7ed5d 73 </column>
40358701 74
9e6ec60a 75 <column name="external_ids" key="hostname">
207e85db
BS		 76 The hostname for the host running Open vSwitch. This is a fully
77 qualified domain name since version 2.6.2.
9e6ec60a
RB		 78 </column>
79
12eb035b
AW		 80 <column name="other_config" key="stats-update-interval"
81 type='{"type": "integer", "minInteger": 5000}'>
82 <p>
83 Interval for updating statistics to the database, in milliseconds.
84 This option will affect the update of the <code>statistics</code>
85 column in the following tables: <code>Port</code>, <code>Interface
86 </code>, <code>Mirror</code>.
87 </p>
88 <p>
89 Default value is 5000 ms.
90 </p>
91 <p>
92 Getting statistics more frequently can be achieved via OpenFlow.
93 </p>
94 </column>
95
40358701
GS		 96 <column name="other_config" key="flow-restore-wait"
97 type='{"type": "boolean"}'>
98 <p>
99 When <code>ovs-vswitchd</code> starts up, it has an empty flow table
100 and therefore it handles all arriving packets in its default fashion
101 according to its configuration, by dropping them or sending them to
102 an OpenFlow controller or switching them as a standalone switch.
103 This behavior is ordinarily desirable. However, if
104 <code>ovs-vswitchd</code> is restarting as part of a ``hot-upgrade,''
105 then this leads to a relatively long period during which packets are
106 mishandled.
107 </p>
108 <p>
109 This option allows for improvement. When <code>ovs-vswitchd</code>
110 starts with this value set as <code>true</code>, it will neither
111 flush or expire previously set datapath flows nor will it send and
112 receive any packets to or from the datapath. When this value is
113 later set to <code>false</code>, <code>ovs-vswitchd</code> will
114 start receiving packets from the datapath and re-setup the flows.
115 </p>
116 <p>
117 Thus, with this option, the procedure for a hot-upgrade of
118 <code>ovs-vswitchd</code> becomes roughly the following:
119 </p>
120 <ol>
121 <li>
122 Stop <code>ovs-vswitchd</code>.
123 </li>
124 <li>
125 Set <ref column="other_config" key="flow-restore-wait"/>
126 to <code>true</code>.
127 </li>
128 <li>
129 Start <code>ovs-vswitchd</code>.
130 </li>
131 <li>
132 Use <code>ovs-ofctl</code> (or some other program, such as an
133 OpenFlow controller) to restore the OpenFlow flow table
134 to the desired state.
135 </li>
136 <li>
137 Set <ref column="other_config" key="flow-restore-wait"/>
138 to <code>false</code> (or remove it entirely from the database).
139 </li>
140 </ol>
407b1473
GS		 141 <p>
142 The <code>ovs-ctl</code>'s ``restart'' and ``force-reload-kmod''
143 functions use the above config option during hot upgrades.
144 </p>
40358701 145 </column>
380f49c4 146
e79a6c83 147 <column name="other_config" key="flow-limit"
380f49c4
EJ		 148 type='{"type": "integer", "minInteger": 0}'>
149 <p>
e79a6c83
EJ		 150 The maximum
151 number of flows allowed in the datapath flow table. Internally OVS
152 will choose a flow limit which will likely be lower than this number,
38b366b1
JS		 153 based on real time network conditions. Tweaking this value is
154 discouraged unless you know exactly what you're doing.
380f49c4
EJ		 155 </p>
156 <p>
e79a6c83 157 The default is 200000.
380f49c4
EJ		 158 </p>
159 </column>
7155fa52 160
06745dc3
JS		 161 <column name="other_config" key="max-idle"
162 type='{"type": "integer", "minInteger": 500}'>
163 <p>
164 The maximum time (in ms) that idle flows will remain cached in the
165 datapath. Internally OVS will check the validity and activity for
166 datapath flows regularly and may expire flows quicker than this
167 number, based on real time network conditions. Tweaking this
168 value is discouraged unless you know exactly what you're doing.
169 </p>
170 <p>
171 The default is 10000.
172 </p>
173 </column>
174
bab69409
AC		 175 <column name="other_config" key="dpdk-init"
176 type='{"type": "boolean"}'>
177 <p>
178 Set this value to <code>true</code> to enable runtime support for
179 DPDK ports. The vswitch must have compile-time support for DPDK as
180 well.
181 </p>
182 <p>
183 The default value is <code>false</code>. Changing this value requires
184 restarting the daemon
185 </p>
186 <p>
187 If this value is <code>false</code> at startup, any dpdk ports which
188 are configured in the bridge will fail due to memory errors.
189 </p>
190 </column>
191
192 <column name="other_config" key="dpdk-lcore-mask"
193 type='{"type": "integer", "minInteger": 1}'>
194 <p>
195 Specifies the CPU cores where dpdk lcore threads should be spawned.
196 The DPDK lcore threads are used for DPDK library tasks, such as
197 library internal message processing, logging, etc. Value should be in
198 the form of a hex string (so '0x123') similar to the 'taskset' mask
199 input.
200 </p>
201 <p>
202 The lowest order bit corresponds to the first CPU core. A set bit
203 means the corresponding core is available and an lcore thread will be
204 created and pinned to it. If the input does not cover all cores,
205 those uncovered cores are considered not set.
206 </p>
207 <p>
208 For performance reasons, it is best to set this to a single core on
209 the system, rather than allow lcore threads to float.
210 </p>
211 <p>
212 If not specified, the value will be determined by choosing the lowest
213 CPU core from initial cpu affinity list. Otherwise, the value will be
214 passed directly to the DPDK library.
215 </p>
216 </column>
217
f2eee189
AW		 218 <column name="other_config" key="pmd-cpu-mask">
219 <p>
220 Specifies CPU mask for setting the cpu affinity of PMD (Poll
221 Mode Driver) threads. Value should be in the form of hex string,
222 similar to the dpdk EAL '-c COREMASK' option input or the 'taskset'
223 mask input.
224 </p>
225 <p>
226 The lowest order bit corresponds to the first CPU core. A set bit
ee8627fa
AW		 227 means the corresponding core is available and a pmd thread will be
228 created and pinned to it. If the input does not cover all cores,
229 those uncovered cores are considered not set.
f2eee189
AW		 230 </p>
231 <p>
232 If not specified, one pmd thread will be created for each numa node
233 and pinned to any available core on the numa node by default.
234 </p>
235 </column>
236
bab69409
AC		 237 <column name="other_config" key="dpdk-alloc-mem"
238 type='{"type": "integer", "minInteger": 0}'>
239 <p>
240 Specifies the amount of memory to preallocate from the hugepage pool,
241 regardless of socket. It is recommended that dpdk-socket-mem is used
242 instead.
243 </p>
244 <p>
245 If not specified, the value is 0. Changing this value requires
246 restarting the daemon.
247 </p>
248 </column>
249
250 <column name="other_config" key="dpdk-socket-mem"
251 type='{"type": "string"}'>
252 <p>
253 Specifies the amount of memory to preallocate from the hugepage pool,
254 on a per-socket basis.
255 </p>
256 <p>
257 The specifier is a comma-separated string, in ascending order of CPU
258 socket (ex: 1024,2048,4096,8192 would set socket 0 to preallocate
259 1024MB, socket 1 to preallocate 2048MB, etc.)
260 </p>
261 <p>
262 If not specified, the default value is 1024,0. Changing this value
263 requires restarting the daemon.
264 </p>
265 </column>
266
267 <column name="other_config" key="dpdk-hugepage-dir"
268 type='{"type": "string"}'>
269 <p>
270 Specifies the path to the hugetlbfs mount point.
271 </p>
272 <p>
273 If not specified, this will be guessed by the DPDK library (default
274 is /dev/hugepages). Changing this value requires restarting the
275 daemon.
276 </p>
277 </column>
278
eac84432
AC		 279 <column name="other_config" key="dpdk-extra"
280 type='{"type": "string"}'>
281 <p>
282 Specifies additional eal command line arguments for DPDK.
283 </p>
284 <p>
285 The default is empty. Changing this value requires restarting the
286 daemon
287 </p>
288 </column>
289
bab69409
AC		 290 <column name="other_config" key="vhost-sock-dir"
291 type='{"type": "string"}'>
292 <p>
d8a8f353
AC		 293 Specifies the path to the vhost-user unix domain socket files. This
294 path must exist and be a subdirectory tree of the Open vSwitch
295 run directory.
bab69409
AC		 296 </p>
297 <p>
298 Defaults to the working directory of the application. Changing this
299 value requires restarting the daemon.
300 </p>
301 </column>
302
448a4b2f
AW		 303 <column name="other_config" key="n-handler-threads"
304 type='{"type": "integer", "minInteger": 1}'>
305 <p>
306 Specifies the number of threads for software datapaths to use for
e79a6c83
EJ		 307 handling new flows. The default the number of online CPU cores minus
308 the number of revalidators.
309 </p>
310 <p>
311 This configuration is per datapath. If you have more than one
312 software datapath (e.g. some <code>system</code> bridges and some
313 <code>netdev</code> bridges), then the total number of threads is
314 <code>n-handler-threads</code> times the number of software
315 datapaths.
316 </p>
317 </column>
318
319 <column name="other_config" key="n-revalidator-threads"
320 type='{"type": "integer", "minInteger": 1}'>
321 <p>
322 Specifies the number of threads for software datapaths to use for
323 revalidating flows in the datapath. Typically, there is a direct
324 correlation between the number of revalidator threads, and the number
325 of flows allowed in the datapath. The default is the number of cpu
326 cores divided by four plus one. If <code>n-handler-threads</code> is
327 set, the default changes to the number of cpu cores minus the number
328 of handler threads.
448a4b2f
AW		 329 </p>
330 <p>
331 This configuration is per datapath. If you have more than one
332 software datapath (e.g. some <code>system</code> bridges and some
333 <code>netdev</code> bridges), then the total number of threads is
334 <code>n-handler-threads</code> times the number of software
335 datapaths.
336 </p>
337 </column>
89365653
BP		 338 </group>
339
340 <group title="Status">
341 <column name="next_cfg">
342 Sequence number for client to increment. When a client modifies
343 any part of the database configuration and wishes to wait for
344 Open vSwitch to finish applying the changes, it may increment
345 this sequence number.
346 </column>
347
348 <column name="cur_cfg">
349 Sequence number that Open vSwitch sets to the current value of
2e57b537 350 <ref column="next_cfg"/> after it finishes applying a set of
89365653
BP		 351 configuration changes.
352 </column>
c1c9c9c4 353
3fd8d445 354 <group title="Statistics">
018f1525 355 <p>
3fd8d445
BP		 356 The <code>statistics</code> column contains key-value pairs that
357 report statistics about a system running an Open vSwitch. These are
358 updated periodically (currently, every 5 seconds). Key-value pairs
359 that cannot be determined or that do not apply to a platform are
360 omitted.
ce887677
BP		 361 </p>
362
f9e5e5b3
BP		 363 <column name="other_config" key="enable-statistics"
364 type='{"type": "boolean"}'>
3fd8d445
BP		 365 Statistics are disabled by default to avoid overhead in the common
366 case when statistics gathering is not useful. Set this value to
367 <code>true</code> to enable populating the <ref column="statistics"/>
368 column or to <code>false</code> to explicitly disable it.
369 </column>
3fe80505 370
f9e5e5b3
BP		 371 <column name="statistics" key="cpu"
372 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 373 <p>
374 Number of CPU processors, threads, or cores currently online and
375 available to the operating system on which Open vSwitch is running,
376 as an integer. This may be less than the number installed, if some
377 are not online or if they are not available to the operating
378 system.
379 </p>
380 <p>
381 Open vSwitch userspace processes are not multithreaded, but the
382 Linux kernel-based datapath is.
383 </p>
384 </column>
ce887677 385
3fd8d445
BP		 386 <column name="statistics" key="load_average">
387 A comma-separated list of three floating-point numbers,
388 representing the system load average over the last 1, 5, and 15
389 minutes, respectively.
390 </column>
ce887677 391
3fd8d445
BP		 392 <column name="statistics" key="memory">
393 <p>
394 A comma-separated list of integers, each of which represents a
395 quantity of memory in kilobytes that describes the operating
396 system on which Open vSwitch is running. In respective order,
397 these values are:
398 </p>
ce887677 399
3fd8d445
BP		 400 <ol>
401 <li>Total amount of RAM allocated to the OS.</li>
402 <li>RAM allocated to the OS that is in use.</li>
403 <li>RAM that can be flushed out to disk or otherwise discarded
404 if that space is needed for another purpose. This number is
405 necessarily less than or equal to the previous value.</li>
406 <li>Total disk space allocated for swap.</li>
407 <li>Swap space currently in use.</li>
408 </ol>
ce887677 409
3fd8d445
BP		 410 <p>
411 On Linux, all five values can be determined and are included. On
412 other operating systems, only the first two values can be
413 determined, so the list will only have two values.
414 </p>
415 </column>
ce887677 416
3fd8d445
BP		 417 <column name="statistics" key="process_NAME">
418 <p>
419 One such key-value pair, with <code>NAME</code> replaced by
420 a process name, will exist for each running Open vSwitch
421 daemon process, with <var>name</var> replaced by the
422 daemon's name (e.g. <code>process_ovs-vswitchd</code>). The
423 value is a comma-separated list of integers. The integers
424 represent the following, with memory measured in kilobytes
425 and durations in milliseconds:
426 </p>
ce887677 427
3fd8d445
BP		 428 <ol>
429 <li>The process's virtual memory size.</li>
430 <li>The process's resident set size.</li>
431 <li>The amount of user and system CPU time consumed by the
432 process.</li>
433 <li>The number of times that the process has crashed and been
434 automatically restarted by the monitor.</li>
435 <li>The duration since the process was started.</li>
436 <li>The duration for which the process has been running.</li>
437 </ol>
ce887677 438
3fd8d445
BP		 439 <p>
440 The interpretation of some of these values depends on whether the
441 process was started with the <option>--monitor</option>. If it
442 was not, then the crash count will always be 0 and the two
443 durations will always be the same. If <option>--monitor</option>
444 was given, then the crash count may be positive; if it is, the
445 latter duration is the amount of time since the most recent crash
446 and restart.
447 </p>
ce887677 448
3fd8d445
BP		 449 <p>
450 There will be one key-value pair for each file in Open vSwitch's
451 ``run directory'' (usually <code>/var/run/openvswitch</code>)
452 whose name ends in <code>.pid</code>, whose contents are a
453 process ID, and which is locked by a running process. The
454 <var>name</var> is taken from the pidfile's name.
455 </p>
ce887677 456
3fd8d445
BP		 457 <p>
458 Currently Open vSwitch is only able to obtain all of the above
459 detail on Linux systems. On other systems, the same key-value
460 pairs will be present but the values will always be the empty
461 string.
462 </p>
463 </column>
ce887677 464
3fd8d445
BP		 465 <column name="statistics" key="file_systems">
466 <p>
467 A space-separated list of information on local, writable file
468 systems. Each item in the list describes one file system and
469 consists in turn of a comma-separated list of the following:
470 </p>
ce887677 471
3fd8d445
BP		 472 <ol>
473 <li>Mount point, e.g. <code>/</code> or <code>/var/log</code>.
474 Any spaces or commas in the mount point are replaced by
475 underscores.</li>
476 <li>Total size, in kilobytes, as an integer.</li>
477 <li>Amount of storage in use, in kilobytes, as an integer.</li>
478 </ol>
ce887677 479
3fd8d445
BP		 480 <p>
481 This key-value pair is omitted if there are no local, writable
482 file systems or if Open vSwitch cannot obtain the needed
483 information.
484 </p>
485 </column>
486 </group>
89365653 487 </group>
94db5407 488
538c6dfa
BP		 489 <group title="Version Reporting">
490 <p>
6b4186af
EJ		 491 These columns report the types and versions of the hardware and
492 software running Open vSwitch. We recommend in general that software
493 should test whether specific features are supported instead of relying
494 on version number checks. These values are primarily intended for
495 reporting to human administrators.
538c6dfa
BP		 496 </p>
497
498 <column name="ovs_version">
d4da3acc 499 The Open vSwitch version number, e.g. <code>1.1.0</code>.
538c6dfa
BP		 500 </column>
501
8159b984 502 <column name="db_version">
6b4186af 503 <p>
51738fe1
BP		 504 The database schema version number, e.g. <code>1.2.3</code>. See
505 ovsdb-tool(1) for an explanation of the numbering scheme.
8159b984
BP		 506 </p>
507
508 <p>
509 The schema version is part of the database schema, so it can also be
510 retrieved by fetching the schema using the Open vSwitch database
511 protocol.
512 </p>
513 </column>
514
538c6dfa
BP		 515 <column name="system_type">
516 <p>
6b4186af
EJ		 517 An identifier for the type of system on top of which Open vSwitch
518 runs, e.g. <code>XenServer</code> or <code>KVM</code>.
519 </p>
520 <p>
521 System integrators are responsible for choosing and setting an
522 appropriate value for this column.
523 </p>
538c6dfa
BP		 524 </column>
525
526 <column name="system_version">
527 <p>
6b4186af 528 The version of the system identified by <ref column="system_type"/>,
404c1692 529 e.g. <code>5.6.100-39265p</code> on XenServer 5.6.100 build 39265.
6b4186af
EJ		 530 </p>
531 <p>
532 System integrators are responsible for choosing and setting an
533 appropriate value for this column.
534 </p>
538c6dfa 535 </column>
6b4186af 536
538c6dfa
BP		 537 </group>
538
842733c3
MG		 539 <group title="Capabilities">
540 <p>
541 These columns report capabilities of the Open vSwitch instance.
542 </p>
543 <column name="datapath_types">
544 <p>
545 This column reports the different dpifs registered with the system.
546 These are the values that this instance supports in the <ref
547 column="datapath_type" table="Bridge"/> column of the <ref
548 table="Bridge"/> table.
549 </p>
550 </column>
551 <column name="iface_types">
552 <p>
553 This column reports the different netdevs registered with the system.
554 These are the values that this instance supports in the <ref
555 column="type" table="Interface"/> column of the <ref
556 table="Interface"/> table.
557 </p>
558 </column>
559 </group>
560
94db5407
BP		 561 <group title="Database Configuration">
562 <p>
563 These columns primarily configure the Open vSwitch database
564 (<code>ovsdb-server</code>), not the Open vSwitch switch
565 (<code>ovs-vswitchd</code>). The OVSDB database also uses the <ref
566 column="ssl"/> settings.
567 </p>
568
569 <p>
570 The Open vSwitch switch does read the database configuration to
571 determine remote IP addresses to which in-band control should apply.
572 </p>
573
574 <column name="manager_options">
575 Database clients to which the Open vSwitch database server should
576 connect or to which it should listen, along with options for how these
577 connection should be configured. See the <ref table="Manager"/> table
578 for more information.
579 </column>
94db5407 580 </group>
3fd8d445
BP		 581
582 <group title="Common Columns">
583 The overall purpose of these columns is described under <code>Common
584 Columns</code> at the beginning of this document.
585
586 <column name="other_config"/>
587 <column name="external_ids"/>
588 </group>
89365653
BP		 589 </table>
590
591 <table name="Bridge">
592 <p>
593 Configuration for a bridge within an
594 <ref table="Open_vSwitch"/>.
595 </p>
596 <p>
597 A <ref table="Bridge"/> record represents an Ethernet switch with one or
598 more ``ports,'' which are the <ref table="Port"/> records pointed to by
599 the <ref table="Bridge"/>'s <ref column="ports"/> column.
600 </p>
601
602 <group title="Core Features">
603 <column name="name">
3cbe33df 604 <p>
c885f934
BP		 605 Bridge identifier. Must be unique among the names of ports,
606 interfaces, and bridges on a host.
3cbe33df
BP		 607 </p>
608
609 <p>
c885f934
BP		 610 The name must be alphanumeric and must not contain forward or
611 backward slashes. The name of a bridge is also the name of an <ref
612 table="Interface"/> (and a <ref table="Port"/>) within the bridge, so
613 the restrictions on the <ref table="Interface" column="name"/> column
614 in the <ref table="Interface"/> table, particularly on length, also
615 apply to bridge names. Refer to the documentation for <ref
616 table="Interface"/> names for details.
3cbe33df 617 </p>
89365653
BP		 618 </column>
619
620 <column name="ports">
621 Ports included in the bridge.
622 </column>
623
624 <column name="mirrors">
625 Port mirroring configuration.
626 </column>
627
628 <column name="netflow">
629 NetFlow configuration.
630 </column>
631
632 <column name="sflow">
29089a54
RL		 633 sFlow(R) configuration.
634 </column>
635
636 <column name="ipfix">
637 IPFIX configuration.
89365653
BP		 638 </column>
639
640 <column name="flood_vlans">
6c2d2a9f
BP		 641 <p>
642 VLAN IDs of VLANs on which MAC address learning should be disabled,
643 so that packets are flooded instead of being sent to specific ports
644 that are believed to contain packets' destination MACs. This should
645 ordinarily be used to disable MAC learning on VLANs used for
646 mirroring (RSPAN VLANs). It may also be useful for debugging.
647 </p>
648 <p>
649 SLB bonding (see the <ref table="Port" column="bond_mode"/> column in
650 the <ref table="Port"/> table) is incompatible with
651 <code>flood_vlans</code>. Consider using another bonding mode or
652 a different type of mirror instead.
653 </p>
89365653 654 </column>
99eef98b
DF		 655
656 <column name="auto_attach">
039a8ccd 657 Auto Attach configuration.
99eef98b 658 </column>
89365653
BP		 659 </group>
660
661 <group title="OpenFlow Configuration">
662 <column name="controller">
88f69f88
BP		 663 <p>
664 OpenFlow controller set. If unset, then no OpenFlow controllers
665 will be used.
666 </p>
667
668 <p>
669 If there are primary controllers, removing all of them clears the
670 flow table. If there are no primary controllers, adding one also
671 clears the flow table. Other changes to the set of controllers, such
672 as adding or removing a service controller, adding another primary
673 controller to supplement an existing primary controller, or removing
674 only one of two primary controllers, have no effect on the flow
675 table.
676 </p>
89365653
BP		 677 </column>
678
254750ce
BP		 679 <column name="flow_tables">
680 Configuration for OpenFlow tables. Each pair maps from an OpenFlow
681 table ID to configuration for that table.
682 </column>
683
31681a5d
JP		 684 <column name="fail_mode">
685 <p>When a controller is configured, it is, ordinarily, responsible
3fd8d445
BP		 686 for setting up all flows on the switch. Thus, if the connection to
687 the controller fails, no new network connections can be set up.
688 If the connection to the controller stays down long enough,
689 no packets can pass through the switch at all. This setting
690 determines the switch's response to such a situation. It may be set
691 to one of the following:
692 <dl>
693 <dt><code>standalone</code></dt>
694 <dd>If no message is received from the controller for three
695 times the inactivity probe interval
696 (see <ref column="inactivity_probe"/>), then Open vSwitch
697 will take over responsibility for setting up flows. In
698 this mode, Open vSwitch causes the bridge to act like an
699 ordinary MAC-learning switch. Open vSwitch will continue
700 to retry connecting to the controller in the background
701 and, when the connection succeeds, it will discontinue its
702 standalone behavior.</dd>
703 <dt><code>secure</code></dt>
704 <dd>Open vSwitch will not set up flows on its own when the
705 controller connection fails or when no controllers are
706 defined. The bridge will continue to retry connecting to
707 any defined controllers forever.</dd>
708 </dl>
31681a5d 709 </p>
aed2db18
BP		 710 <p>
711 The default is <code>standalone</code> if the value is unset, but
712 future versions of Open vSwitch may change the default.
713 </p>
7dea6ace
BP		 714 <p>
715 The <code>standalone</code> mode can create forwarding loops on a
716 bridge that has more than one uplink port unless STP is enabled. To
717 avoid loops on such a bridge, configure <code>secure</code> mode or
718 enable STP (see <ref column="stp_enable"/>).
719 </p>
299a244b 720 <p>When more than one controller is configured,
3fd8d445
BP		 721 <ref column="fail_mode"/> is considered only when none of the
722 configured controllers can be contacted.</p>
88f69f88
BP		 723 <p>
724 Changing <ref column="fail_mode"/> when no primary controllers are
725 configured clears the flow table.
726 </p>
31681a5d
JP		 727 </column>
728
89365653 729 <column name="datapath_id">
8de67146
BP		 730 Reports the OpenFlow datapath ID in use. Exactly 16 hex digits.
731 (Setting this column has no useful effect. Set <ref
732 column="other-config" key="datapath-id"/> instead.)
89365653 733 </column>
3fd8d445 734
b5cbbcf6
AZ		 735 <column name="datapath_version">
736 <p>
737 Reports the version number of the Open vSwitch datapath in use.
738 This allows management software to detect and report discrepancies
739 between Open vSwitch userspace and datapath versions. (The <ref
740 column="ovs_version" table="Open_vSwitch"/> column in the <ref
741 table="Open_vSwitch"/> reports the Open vSwitch userspace version.)
742 The version reported depends on the datapath in use:
743 </p>
744
745 <ul>
746 <li>
747 When the kernel module included in the Open vSwitch source tree is
748 used, this column reports the Open vSwitch version from which the
749 module was taken.
750 </li>
751
752 <li>
753 When the kernel module that is part of the upstream Linux kernel is
754 used, this column reports <code>&lt;unknown&gt;</code>.
755 </li>
756
757 <li>
758 When the datapath is built into the <code>ovs-vswitchd</code>
759 binary, this column reports <code>&lt;built-in&gt;</code>. A
760 built-in datapath is by definition the same version as the rest of
761 the Open VSwitch userspace.
762 </li>
763
764 <li>
765 Other datapaths (such as the Hyper-V kernel datapath) currently
766 report <code>&lt;unknown&gt;</code>.
767 </li>
768 </ul>
769
770 <p>
771 A version discrepancy between <code>ovs-vswitchd</code> and the
772 datapath in use is not normally cause for alarm. The Open vSwitch
773 kernel datapaths for Linux and Hyper-V, in particular, are designed
774 for maximum inter-version compatibility: any userspace version works
775 with with any kernel version. Some reasons do exist to insist on
776 particular user/kernel pairings. First, newer kernel versions add
777 new features, that can only be used by new-enough userspace, e.g.
778 VXLAN tunneling requires certain minimal userspace and kernel
779 versions. Second, as an extension to the first reason, some newer
780 kernel versions add new features for enhancing performance that only
781 new-enough userspace versions can take advantage of.
782 </p>
783 </column>
784
3fd8d445
BP		 785 <column name="other_config" key="datapath-id">
786 Exactly 16 hex digits to set the OpenFlow datapath ID to a specific
787 value. May not be all-zero.
788 </column>
789
8b6ff729
BP		 790 <column name="other_config" key="dp-desc">
791 Human readable description of datapath. It it a maximum 256
792 byte-long free-form string to describe the datapath for
793 debugging purposes, e.g. <code>switch3 in room 3120</code>.
794 </column>
795
f9e5e5b3
BP		 796 <column name="other_config" key="disable-in-band"
797 type='{"type": "boolean"}'>
3fd8d445
BP		 798 If set to <code>true</code>, disable in-band control on the bridge
799 regardless of controller and manager settings.
800 </column>
801
f9e5e5b3
BP		 802 <column name="other_config" key="in-band-queue"
803 type='{"type": "integer", "minInteger": 0, "maxInteger": 4294967295}'>
3fd8d445
BP		 804 A queue ID as a nonnegative integer. This sets the OpenFlow queue ID
805 that will be used by flows set up by in-band control on this bridge.
806 If unset, or if the port used by an in-band control flow does not have
807 QoS configured, or if the port does not have a queue with the specified
808 ID, the default queue is used instead.
809 </column>
7beaa082
SH		 810
811 <column name="protocols">
039a8ccd
BP		 812 <p>
813 List of OpenFlow protocols that may be used when negotiating
814 a connection with a controller. OpenFlow 1.0, 1.1, 1.2, and
815 1.3 are enabled by default if this column is empty.
816 </p>
ecb229be 817
039a8ccd 818 <p>
b79d45a1
BP		 819 OpenFlow 1.4, 1.5, and 1.6 are not enabled by default because their
820 implementations are missing features. In addition, the OpenFlow 1.6
821 specification is still under development and thus subject to change.
42dccab5 822 </p>
7beaa082 823 </column>
89365653
BP		 824 </group>
825
21f7563c 826 <group title="Spanning Tree Configuration">
01f13d4f
BP		 827 <p>
828 The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol
829 that ensures loop-free topologies. It allows redundant links to
830 be included in the network to provide automatic backup paths if
831 the active links fails.
832 </p>
9cc6bf75 833
01f13d4f
BP		 834 <p>
835 These settings configure the slower-to-converge but still widely
836 supported version of Spanning Tree Protocol, sometimes known as
837 802.1D-1998. Open vSwitch also supports the newer Rapid Spanning Tree
838 Protocol (RSTP), documented later in the section titled <code>Rapid
839 Spanning Tree Configuration</code>.
840 </p>
21f7563c 841
01f13d4f
BP		 842 <group title="STP Configuration">
843 <column name="stp_enable" type='{"type": "boolean"}'>
844 <p>
845 Enable spanning tree on the bridge. By default, STP is disabled
846 on bridges. Bond, internal, and mirror ports are not supported
847 and will not participate in the spanning tree.
848 </p>
21f7563c 849
01f13d4f
BP		 850 <p>
851 STP and RSTP are mutually exclusive. If both are enabled, RSTP
852 will be used.
853 </p>
854 </column>
21f7563c 855
01f13d4f
BP		 856 <column name="other_config" key="stp-system-id">
857 The bridge's STP identifier (the lower 48 bits of the bridge-id)
858 in the form
859 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
860 By default, the identifier is the MAC address of the bridge.
861 </column>
21f7563c 862
01f13d4f
BP		 863 <column name="other_config" key="stp-priority"
864 type='{"type": "integer", "minInteger": 0, "maxInteger": 65535}'>
865 The bridge's relative priority value for determining the root
866 bridge (the upper 16 bits of the bridge-id). A bridge with the
867 lowest bridge-id is elected the root. By default, the priority
868 is 0x8000.
869 </column>
dc2b70ba 870
01f13d4f
BP		 871 <column name="other_config" key="stp-hello-time"
872 type='{"type": "integer", "minInteger": 1, "maxInteger": 10}'>
873 The interval between transmissions of hello messages by
874 designated ports, in seconds. By default the hello interval is
875 2 seconds.
876 </column>
dc2b70ba 877
01f13d4f
BP		 878 <column name="other_config" key="stp-max-age"
879 type='{"type": "integer", "minInteger": 6, "maxInteger": 40}'>
880 The maximum age of the information transmitted by the bridge
881 when it is the root bridge, in seconds. By default, the maximum
882 age is 20 seconds.
883 </column>
884
885 <column name="other_config" key="stp-forward-delay"
886 type='{"type": "integer", "minInteger": 4, "maxInteger": 30}'>
887 The delay to wait between transitioning root and designated
888 ports to <code>forwarding</code>, in seconds. By default, the
889 forwarding delay is 15 seconds.
890 </column>
891
892 <column name="other_config" key="mcast-snooping-aging-time"
893 type='{"type": "integer", "minInteger": 1}'>
894 <p>
895 The maximum number of seconds to retain a multicast snooping entry for
896 which no packets have been seen. The default is currently 300
897 seconds (5 minutes). The value, if specified, is forced into a
898 reasonable range, currently 15 to 3600 seconds.
899 </p>
900 </column>
901
902 <column name="other_config" key="mcast-snooping-table-size"
903 type='{"type": "integer", "minInteger": 1}'>
904 <p>
905 The maximum number of multicast snooping addresses to learn. The
906 default is currently 2048. The value, if specified, is forced into
907 a reasonable range, currently 10 to 1,000,000.
908 </p>
909 </column>
910 <column name="other_config" key="mcast-snooping-disable-flood-unregistered"
911 type='{"type": "boolean"}'>
912 <p>
913 If set to <code>false</code>, unregistered multicast packets are forwarded
914 to all ports.
915 If set to <code>true</code>, unregistered multicast packets are forwarded
916 to ports connected to multicast routers.
917 </p>
918 </column>
919 </group>
920
921 <group title="STP Status">
dc2b70ba 922 <p>
01f13d4f
BP		 923 These key-value pairs report the status of 802.1D-1998. They are
924 present only if STP is enabled (via the <ref column="stp_enable"/>
925 column).
dc2b70ba 926 </p>
01f13d4f
BP		 927 <column name="status" key="stp_bridge_id">
928 The bridge ID used in spanning tree advertisements, in the form
929 <var>xxxx</var>.<var>yyyyyyyyyyyy</var> where the <var>x</var>s are
930 the STP priority, the <var>y</var>s are the STP system ID, and each
931 <var>x</var> and <var>y</var> is a hex digit.
932 </column>
933 <column name="status" key="stp_designated_root">
934 The designated root for this spanning tree, in the same form as <ref
935 column="status" key="stp_bridge_id"/>. If this bridge is the root,
936 this will have the same value as <ref column="status"
937 key="stp_bridge_id"/>, otherwise it will differ.
938 </column>
939 <column name="status" key="stp_root_path_cost">
940 The path cost of reaching the designated bridge. A lower number is
941 better. The value is 0 if this bridge is the root, otherwise it is
942 higher.
943 </column>
944 </group>
945 </group>
946
947 <group title="Rapid Spanning Tree">
948 <p>
949 Rapid Spanning Tree Protocol (RSTP), like STP, is a network protocol
950 that ensures loop-free topologies. RSTP superseded STP with the
951 publication of 802.1D-2004. Compared to STP, RSTP converges more
952 quickly and recovers more quickly from failures.
953 </p>
954
955 <group title="RSTP Configuration">
956 <column name="rstp_enable" type='{"type": "boolean"}'>
957 <p>
958 Enable Rapid Spanning Tree on the bridge. By default, RSTP is disabled
959 on bridges. Bond, internal, and mirror ports are not supported
960 and will not participate in the spanning tree.
961 </p>
962
963 <p>
964 STP and RSTP are mutually exclusive. If both are enabled, RSTP
965 will be used.
966 </p>
967 </column>
968
969 <column name="other_config" key="rstp-address">
970 The bridge's RSTP address (the lower 48 bits of the bridge-id)
971 in the form
972 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
973 By default, the address is the MAC address of the bridge.
974 </column>
975
976 <column name="other_config" key="rstp-priority"
977 type='{"type": "integer", "minInteger": 0, "maxInteger": 61440}'>
978 The bridge's relative priority value for determining the root
979 bridge (the upper 16 bits of the bridge-id). A bridge with the
980 lowest bridge-id is elected the root. By default, the priority
981 is 0x8000 (32768). This value needs to be a multiple of 4096,
982 otherwise it's rounded to the nearest inferior one.
983 </column>
984
985 <column name="other_config" key="rstp-ageing-time"
986 type='{"type": "integer", "minInteger": 10, "maxInteger": 1000000}'>
987 The Ageing Time parameter for the Bridge. The default value
988 is 300 seconds.
989 </column>
990
991 <column name="other_config" key="rstp-force-protocol-version"
992 type='{"type": "integer"}'>
993 The Force Protocol Version parameter for the Bridge. This
994 can take the value 0 (STP Compatibility mode) or 2
995 (the default, normal operation).
996 </column>
997
998 <column name="other_config" key="rstp-max-age"
999 type='{"type": "integer", "minInteger": 6, "maxInteger": 40}'>
1000 The maximum age of the information transmitted by the Bridge
1001 when it is the Root Bridge. The default value is 20.
1002 </column>
1003
1004 <column name="other_config" key="rstp-forward-delay"
1005 type='{"type": "integer", "minInteger": 4, "maxInteger": 30}'>
1006 The delay used by STP Bridges to transition Root and Designated
1007 Ports to Forwarding. The default value is 15.
1008 </column>
1009
1010 <column name="other_config" key="rstp-transmit-hold-count"
1011 type='{"type": "integer", "minInteger": 1, "maxInteger": 10}'>
1012 The Transmit Hold Count used by the Port Transmit state machine
1013 to limit transmission rate. The default value is 6.
1014 </column>
1015 </group>
1016
1017 <group title="RSTP Status">
dc2b70ba 1018 <p>
01f13d4f
BP		 1019 These key-value pairs report the status of 802.1D-2004. They are
1020 present only if RSTP is enabled (via the <ref column="rstp_enable"/>
1021 column).
dc2b70ba 1022 </p>
01f13d4f
BP		 1023 <column name="rstp_status" key="rstp_bridge_id">
1024 The bridge ID used in rapid spanning tree advertisements, in the form
1025 <var>x</var>.<var>yyy</var>.<var>zzzzzzzzzzzz</var> where
1026 <var>x</var> is the RSTP priority, the <var>y</var>s are a locally
1027 assigned system ID extension, the <var>z</var>s are the STP system
1028 ID, and each <var>x</var>, <var>y</var>, or <var>z</var> is a hex
1029 digit.
1030 </column>
1031 <column name="rstp_status" key="rstp_root_id">
1032 The root of this spanning tree, in the same form as <ref
1033 column="rstp_status" key="rstp_bridge_id"/>. If this bridge is the
1034 root, this will have the same value as <ref column="rstp_status"
1035 key="rstp_bridge_id"/>, otherwise it will differ.
1036 </column>
1037 <column name="rstp_status" key="rstp_root_path_cost"
1038 type='{"type": "integer", "minInteger": 0}'>
1039 The path cost of reaching the root. A lower number is better. The
1040 value is 0 if this bridge is the root, otherwise it is higher.
1041 </column>
1042 <column name="rstp_status" key="rstp_designated_id">
1043 The RSTP designated ID, in the same form as <ref column="rstp_status"
1044 key="rstp_bridge_id"/>.
1045 </column>
1046 <column name="rstp_status" key="rstp_designated_port_id">
1047 The RSTP designated port ID, as a 4-digit hex number.
1048 </column>
1049 <column name="rstp_status" key="rstp_bridge_port_id">
1050 The RSTP bridge port ID, as a 4-digit hex number.
1051 </column>
1052 </group>
dc2b70ba
FL		 1053 </group>
1054
1055 <group title="Multicast Snooping Configuration">
1056 Multicast snooping (RFC 4541) monitors the Internet Group Management
06994f87
TLSC		 1057 Protocol (IGMP) and Multicast Listener Discovery traffic between hosts
1058 and multicast routers. The switch uses what IGMP and MLD snooping
1059 learns to forward multicast traffic only to interfaces that are connected
1060 to interested receivers. Currently it supports IGMPv1, IGMPv2, IGMPv3,
1061 MLDv1 and MLDv2 protocols.
dc2b70ba
FL		 1062
1063 <column name="mcast_snooping_enable">
1064 Enable multicast snooping on the bridge. For now, the default
1065 is disabled.
1066 </column>
21f7563c
JP		 1067 </group>
1068
89365653
BP		 1069 <group title="Other Features">
1070 <column name="datapath_type">
842733c3
MG		 1071 Name of datapath provider. The kernel datapath has type
1072 <code>system</code>. The userspace datapath has type
1073 <code>netdev</code>. A manager may refer to the <ref
1074 table="Open_vSwitch" column="datapath_types"/> column of the <ref
1075 table="Open_vSwitch"/> table for a list of the types accepted by this
1076 Open vSwitch instance.
89365653
BP		 1077 </column>
1078
3fd8d445
BP		 1079 <column name="external_ids" key="bridge-id">
1080 A unique identifier of the bridge. On Citrix XenServer this will
1081 commonly be the same as
1082 <ref column="external_ids" key="xs-network-uuids"/>.
89365653
BP		 1083 </column>
1084
3fd8d445
BP		 1085 <column name="external_ids" key="xs-network-uuids">
1086 Semicolon-delimited set of universally unique identifier(s) for the
1087 network with which this bridge is associated on a Citrix XenServer
1088 host. The network identifiers are RFC 4122 UUIDs as displayed by,
1089 e.g., <code>xe network-list</code>.
1090 </column>
1091
1092 <column name="other_config" key="hwaddr">
1093 An Ethernet address in the form
1094 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
1095 to set the hardware address of the local port and influence the
1096 datapath ID.
1097 </column>
1098
f9e5e5b3
BP		 1099 <column name="other_config" key="forward-bpdu"
1100 type='{"type": "boolean"}'>
da1e25d5 1101
039a8ccd 1102 <p>
da1e25d5
BP		 1103 Controls forwarding of BPDUs and other network control frames when
1104 NORMAL action is invoked. When this option is <code>false</code> or
1105 unset, frames with reserved Ethernet addresses (see table below) will
1106 not be forwarded. When this option is <code>true</code>, such frames
1107 will not be treated specially.
039a8ccd
BP		 1108 </p>
1109
1110 <p>
1111 The above general rule has the following exceptions:
1112 </p>
1113
1114 <ul>
1115 <li>
1116 If STP is enabled on the bridge (see the <ref column="stp_enable"
1117 table="Bridge"/> column in the <ref table="Bridge"/> table), the
1118 bridge processes all received STP packets and never passes them to
1119 OpenFlow or forwards them. This is true even if STP is disabled on
1120 an individual port.
1121 </li>
1122
1123 <li>
1124 If LLDP is enabled on an interface (see the <ref column="lldp"
1125 table="Interface"/> column in the <ref table="Interface"/> table),
1126 the interface processes received LLDP packets and never passes them
1127 to OpenFlow or forwards them.
1128 </li>
1129 </ul>
1130
1131 <p>
1132 Set this option to <code>true</code> if the Open vSwitch bridge
1133 connects different Ethernet networks and is not configured to
1134 participate in STP.
1135 </p>
1136
1137 <p>
1138 This option affects packets with the following destination MAC
1139 addresses:
1140 </p>
da1e25d5 1141
05be4e2c
EJ		 1142 <dl>
1143 <dt><code>01:80:c2:00:00:00</code></dt>
1144 <dd>IEEE 802.1D Spanning Tree Protocol (STP).</dd>
1145
1146 <dt><code>01:80:c2:00:00:01</code></dt>
1147 <dd>IEEE Pause frame.</dd>
1148
1149 <dt><code>01:80:c2:00:00:0<var>x</var></code></dt>
1150 <dd>Other reserved protocols.</dd>
1151
7d48a4cc
BP		 1152 <dt><code>00:e0:2b:00:00:00</code></dt>
1153 <dd>Extreme Discovery Protocol (EDP).</dd>
c93f9a78 1154
7d48a4cc 1155 <dt>
039a8ccd
BP		 1156 <code>00:e0:2b:00:00:04</code> and <code>00:e0:2b:00:00:06</code>
1157 </dt>
7d48a4cc 1158 <dd>Ethernet Automatic Protection Switching (EAPS).</dd>
c93f9a78 1159
05be4e2c
EJ		 1160 <dt><code>01:00:0c:cc:cc:cc</code></dt>
1161 <dd>
1162 Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP),
1163 Dynamic Trunking Protocol (DTP), Port Aggregation Protocol (PAgP),
1164 and others.
1165 </dd>
1166
1167 <dt><code>01:00:0c:cc:cc:cd</code></dt>
1168 <dd>Cisco Shared Spanning Tree Protocol PVSTP+.</dd>
1169
1170 <dt><code>01:00:0c:cd:cd:cd</code></dt>
1171 <dd>Cisco STP Uplink Fast.</dd>
1172
1173 <dt><code>01:00:0c:00:00:00</code></dt>
1174 <dd>Cisco Inter Switch Link.</dd>
7d48a4cc
BP		 1175
1176 <dt><code>01:00:0c:cc:cc:c<var>x</var></code></dt>
1177 <dd>Cisco CFM.</dd>
05be4e2c 1178 </dl>
21f7563c 1179 </column>
e764773c
BP		 1180
1181 <column name="other_config" key="mac-aging-time"
1182 type='{"type": "integer", "minInteger": 1}'>
1183 <p>
1184 The maximum number of seconds to retain a MAC learning entry for
1185 which no packets have been seen. The default is currently 300
1186 seconds (5 minutes). The value, if specified, is forced into a
1187 reasonable range, currently 15 to 3600 seconds.
1188 </p>
1189
1190 <p>
1191 A short MAC aging time allows a network to more quickly detect that a
1192 host is no longer connected to a switch port. However, it also makes
1193 it more likely that packets will be flooded unnecessarily, when they
1194 are addressed to a connected host that rarely transmits packets. To
1195 reduce the incidence of unnecessary flooding, use a MAC aging time
1196 longer than the maximum interval at which a host will ordinarily
1197 transmit packets.
1198 </p>
1199 </column>
c4069512
BP		 1200
1201 <column name="other_config" key="mac-table-size"
1202 type='{"type": "integer", "minInteger": 1}'>
1203 <p>
1204 The maximum number of MAC addresses to learn. The default is
1205 currently 2048. The value, if specified, is forced into a reasonable
1206 range, currently 10 to 1,000,000.
1207 </p>
1208 </column>
21f7563c
JP		 1209 </group>
1210
3fd8d445
BP		 1211 <group title="Common Columns">
1212 The overall purpose of these columns is described under <code>Common
1213 Columns</code> at the beginning of this document.
1214
1215 <column name="other_config"/>
1216 <column name="external_ids"/>
1217 </group>
89365653 1218 </table>
039a8ccd
BP		 1219
1220 <table name="Port" table="Port or bond configuration.">
89365653
BP		 1221 <p>A port within a <ref table="Bridge"/>.</p>
1222 <p>Most commonly, a port has exactly one ``interface,'' pointed to by its
3fd8d445
BP		 1223 <ref column="interfaces"/> column. Such a port logically
1224 corresponds to a port on a physical Ethernet switch. A port
1225 with more than one interface is a ``bonded port'' (see
1226 <ref group="Bonding Configuration"/>).</p>
89365653 1227 <p>Some properties that one might think as belonging to a port are actually
3fd8d445 1228 part of the port's <ref table="Interface"/> members.</p>
89365653
BP		 1229
1230 <column name="name">
c885f934
BP		 1231 Port name. For a non-bonded port, this should be the same as its
1232 interface's name. Port names must otherwise be unique among the names of
1233 ports, interfaces, and bridges on a host. Because port and interfaces
1234 names are usually the same, the restrictions on the <ref
1235 table="Interface" column="name"/> column in the <ref table="Interface"/>
1236 table, particularly on length, also apply to port names. Refer to the
1237 documentation for <ref table="Interface"/> names for details.
89365653
BP		 1238 </column>
1239
1240 <column name="interfaces">
1241 The port's interfaces. If there is more than one, this is a
1242 bonded Port.
1243 </column>
1244
1245 <group title="VLAN Configuration">
ecac4ebf
BP		 1246 <p>Bridge ports support the following types of VLAN configuration:</p>
1247 <dl>
1248 <dt>trunk</dt>
1249 <dd>
1250 <p>
1251 A trunk port carries packets on one or more specified VLANs
1252 specified in the <ref column="trunks"/> column (often, on every
1253 VLAN). A packet that ingresses on a trunk port is in the VLAN
1254 specified in its 802.1Q header, or VLAN 0 if the packet has no
1255 802.1Q header. A packet that egresses through a trunk port will
5e9ceccd 1256 have an 802.1Q header if it has a nonzero VLAN ID.
ecac4ebf
BP		 1257 </p>
1258
1259 <p>
1260 Any packet that ingresses on a trunk port tagged with a VLAN that
1261 the port does not trunk is dropped.
1262 </p>
1263 </dd>
1264
1265 <dt>access</dt>
1266 <dd>
1267 <p>
1268 An access port carries packets on exactly one VLAN specified in the
5e9ceccd
BP		 1269 <ref column="tag"/> column. Packets egressing on an access port
1270 have no 802.1Q header.
ecac4ebf
BP		 1271 </p>
1272
1273 <p>
5e9ceccd
BP		 1274 Any packet with an 802.1Q header with a nonzero VLAN ID that
1275 ingresses on an access port is dropped, regardless of whether the
1276 VLAN ID in the header is the access port's VLAN ID.
ecac4ebf
BP		 1277 </p>
1278 </dd>
1279
1280 <dt>native-tagged</dt>
1281 <dd>
1282 A native-tagged port resembles a trunk port, with the exception that
1283 a packet without an 802.1Q header that ingresses on a native-tagged
1284 port is in the ``native VLAN'' (specified in the <ref column="tag"/>
1285 column).
1286 </dd>
1287
1288 <dt>native-untagged</dt>
1289 <dd>
1290 A native-untagged port resembles a native-tagged port, with the
1291 exception that a packet that egresses on a native-untagged port in
5e9ceccd 1292 the native VLAN will not have an 802.1Q header.
ecac4ebf
BP		 1293 </dd>
1294 </dl>
1295 <p>
1296 A packet will only egress through bridge ports that carry the VLAN of
1297 the packet, as described by the rules above.
89365653
BP		 1298 </p>
1299
ecac4ebf 1300 <column name="vlan_mode">
7894d33b 1301 <p>
ecac4ebf
BP		 1302 The VLAN mode of the port, as described above. When this column is
1303 empty, a default mode is selected as follows:
7894d33b 1304 </p>
ecac4ebf
BP		 1305 <ul>
1306 <li>
1307 If <ref column="tag"/> contains a value, the port is an access
1308 port. The <ref column="trunks"/> column should be empty.
1309 </li>
1310 <li>
1311 Otherwise, the port is a trunk port. The <ref column="trunks"/>
1312 column value is honored if it is present.
1313 </li>
1314 </ul>
1315 </column>
1316
1317 <column name="tag">
7894d33b 1318 <p>
ecac4ebf
BP		 1319 For an access port, the port's implicitly tagged VLAN. For a
1320 native-tagged or native-untagged port, the port's native VLAN. Must
1321 be empty if this is a trunk port.
7894d33b 1322 </p>
89365653
BP		 1323 </column>
1324
1325 <column name="trunks">
7894d33b 1326 <p>
ecac4ebf
BP		 1327 For a trunk, native-tagged, or native-untagged port, the 802.1Q VLAN
1328 or VLANs that this port trunks; if it is empty, then the port trunks
1329 all VLANs. Must be empty if this is an access port.
7894d33b
BP		 1330 </p>
1331 <p>
ecac4ebf
BP		 1332 A native-tagged or native-untagged port always trunks its native
1333 VLAN, regardless of whether <ref column="trunks"/> includes that
1334 VLAN.
7894d33b 1335 </p>
89365653 1336 </column>
5e9ceccd
BP		 1337
1338 <column name="other_config" key="priority-tags"
1339 type='{"type": "boolean"}'>
1340 <p>
1341 An 802.1Q header contains two important pieces of information: a VLAN
1342 ID and a priority. A frame with a zero VLAN ID, called a
1343 ``priority-tagged'' frame, is supposed to be treated the same way as
1344 a frame without an 802.1Q header at all (except for the priority).
1345 </p>
1346
1347 <p>
1348 However, some network elements ignore any frame that has 802.1Q
1349 header at all, even when the VLAN ID is zero. Therefore, by default
1350 Open vSwitch does not output priority-tagged frames, instead omitting
1351 the 802.1Q header entirely if the VLAN ID is zero. Set this key to
1352 <code>true</code> to enable priority-tagged frames on a port.
1353 </p>
1354
1355 <p>
1356 Regardless of this setting, Open vSwitch omits the 802.1Q header on
1357 output if both the VLAN ID and priority would be zero.
1358 </p>
1359
1360 <p>
1361 All frames output to native-tagged ports have a nonzero VLAN ID, so
1362 this setting is not meaningful on native-tagged ports.
1363 </p>
1364 </column>
89365653
BP		 1365 </group>
1366
1367 <group title="Bonding Configuration">
be02e7c3 1368 <p>A port that has more than one interface is a ``bonded port.'' Bonding
d64e1870
BP		 1369 allows for load balancing and fail-over.</p>
1370
1371 <p>
1372 The following types of bonding will work with any kind of upstream
1373 switch. On the upstream switch, do not configure the interfaces as a
1374 bond:
1375 </p>
9f5073d8
EJ		 1376
1377 <dl>
1378 <dt><code>balance-slb</code></dt>
1379 <dd>
1380 Balances flows among slaves based on source MAC address and output
1381 VLAN, with periodic rebalancing as traffic patterns change.
1382 </dd>
1383
1384 <dt><code>active-backup</code></dt>
1385 <dd>
1386 Assigns all flows to one slave, failing over to a backup slave when
629d868c
BP		 1387 the active slave is disabled. This is the only bonding mode in which
1388 interfaces may be plugged into different upstream switches.
9f5073d8
EJ		 1389 </dd>
1390 </dl>
1391
1392 <p>
fb0b29a3 1393 The following modes require the upstream switch to support 802.3ad with
9dd165e0
RK		 1394 successful LACP negotiation. If LACP negotiation fails and
1395 other-config:lacp-fallback-ab is true, then <code>active-backup</code>
1396 mode is used:
9f5073d8
EJ		 1397 </p>
1398
1399 <dl>
1400 <dt><code>balance-tcp</code></dt>
1401 <dd>
1402 Balances flows among slaves based on L2, L3, and L4 protocol
1403 information such as destination MAC address, IP address, and TCP
1404 port.
1405 </dd>
fb0b29a3
EJ		 1406 </dl>
1407
89365653 1408 <p>These columns apply only to bonded ports. Their values are
3fd8d445 1409 otherwise ignored.</p>
89365653 1410
27dcaa1a 1411 <column name="bond_mode">
9f5073d8 1412 <p>The type of bonding used for a bonded port. Defaults to
4df08875 1413 <code>active-backup</code> if unset.
9f5073d8 1414 </p>
be02e7c3
EJ		 1415 </column>
1416
96ada1a4
EJ		 1417 <column name="other_config" key="bond-hash-basis"
1418 type='{"type": "integer"}'>
1419 An integer hashed along with flows when choosing output slaves in load
1420 balanced bonds. When changed, all flows will be assigned different
1421 hash values possibly causing slave selection decisions to change. Does
1422 not affect bonding modes which do not employ load balancing such as
1423 <code>active-backup</code>.
1424 </column>
1425
3fd8d445
BP		 1426 <group title="Link Failure Detection">
1427 <p>
1428 An important part of link bonding is detecting that links are down so
1429 that they may be disabled. These settings determine how Open vSwitch
1430 detects link failure.
1431 </p>
89365653 1432
f9e5e5b3
BP		 1433 <column name="other_config" key="bond-detect-mode"
1434 type='{"type": "string", "enum": ["set", ["carrier", "miimon"]]}'>
1435 The means used to detect link failures. Defaults to
3fd8d445
BP		 1436 <code>carrier</code> which uses each interface's carrier to detect
1437 failures. When set to <code>miimon</code>, will check for failures
1438 by polling each interface's MII.
1439 </column>
89365653 1440
f9e5e5b3
BP		 1441 <column name="other_config" key="bond-miimon-interval"
1442 type='{"type": "integer"}'>
3fd8d445
BP		 1443 The interval, in milliseconds, between successive attempts to poll
1444 each interface's MII. Relevant only when <ref column="other_config"
1445 key="bond-detect-mode"/> is <code>miimon</code>.
1446 </column>
1447
1448 <column name="bond_updelay">
1449 <p>
1c144051 1450 The number of milliseconds for which the link must stay up on an
3fd8d445
BP		 1451 interface before the interface is considered to be up. Specify
1452 <code>0</code> to enable the interface immediately.
1453 </p>
1454
1455 <p>
1456 This setting is honored only when at least one bonded interface is
1457 already enabled. When no interfaces are enabled, then the first
1458 bond interface to come up is enabled immediately.
1459 </p>
1460 </column>
1461
1462 <column name="bond_downdelay">
1c144051 1463 The number of milliseconds for which the link must stay down on an
3fd8d445
BP		 1464 interface before the interface is considered to be down. Specify
1465 <code>0</code> to disable the interface immediately.
1466 </column>
1467 </group>
c25c91fd 1468
3fd8d445
BP		 1469 <group title="LACP Configuration">
1470 <p>
1471 LACP, the Link Aggregation Control Protocol, is an IEEE standard that
1472 allows switches to automatically detect that they are connected by
1473 multiple links and aggregate across those links. These settings
1474 control LACP behavior.
1475 </p>
1476
1477 <column name="lacp">
1478 Configures LACP on this port. LACP allows directly connected
76ea8efd
AE		 1479 switches to negotiate which links may be bonded. LACP may be enabled
1480 on non-bonded ports for the benefit of any switches they may be
c25c91fd
EJ		 1481 connected to. <code>active</code> ports are allowed to initiate LACP
1482 negotiations. <code>passive</code> ports are allowed to participate
1483 in LACP negotiations initiated by a remote switch, but not allowed to
bdebeece
EJ		 1484 initiate such negotiations themselves. If LACP is enabled on a port
1485 whose partner switch does not support LACP, the bond will be
9dd165e0
RK		 1486 disabled, unless other-config:lacp-fallback-ab is set to true.
1487 Defaults to <code>off</code> if unset.
3fd8d445
BP		 1488 </column>
1489
1490 <column name="other_config" key="lacp-system-id">
1491 The LACP system ID of this <ref table="Port"/>. The system ID of a
1492 LACP bond is used to identify itself to its partners. Must be a
a9bf011b
EJ		 1493 nonzero MAC address. Defaults to the bridge Ethernet address if
1494 unset.
3fd8d445
BP		 1495 </column>
1496
f9e5e5b3
BP		 1497 <column name="other_config" key="lacp-system-priority"
1498 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
3fd8d445
BP		 1499 The LACP system priority of this <ref table="Port"/>. In LACP
1500 negotiations, link status decisions are made by the system with the
f9e5e5b3 1501 numerically lower priority.
3fd8d445
BP		 1502 </column>
1503
bf83f7c8 1504 <column name="other_config" key="lacp-time"
039a8ccd 1505 type='{"type": "string", "enum": ["set", ["fast", "slow"]]}'>
3fd8d445
BP		 1506 <p>
1507 The LACP timing which should be used on this <ref table="Port"/>.
bf83f7c8
EJ		 1508 By default <code>slow</code> is used. When configured to be
1509 <code>fast</code> LACP heartbeats are requested at a rate of once
1510 per second causing connectivity problems to be detected more
1511 quickly. In <code>slow</code> mode, heartbeats are requested at a
1512 rate of once every 30 seconds.
3fd8d445
BP		 1513 </p>
1514 </column>
9dd165e0
RK		 1515
1516 <column name="other_config" key="lacp-fallback-ab"
039a8ccd 1517 type='{"type": "boolean"}'>
9dd165e0
RK		 1518 <p>
1519 Determines the behavior of openvswitch bond in LACP mode. If
1520 the partner switch does not support LACP, setting this option
1521 to <code>true</code> allows openvswitch to fallback to
1522 active-backup. If the option is set to <code>false</code>, the
1523 bond will be disabled. In both the cases, once the partner switch
1524 is configured to LACP mode, the bond will use LACP.
1525 </p>
1526 </column>
3fd8d445
BP		 1527 </group>
1528
b62ee96f 1529 <group title="Rebalancing Configuration">
3fd8d445
BP		 1530 <p>
1531 These settings control behavior when a bond is in
b62ee96f 1532 <code>balance-slb</code> or <code>balance-tcp</code> mode.
3fd8d445
BP		 1533 </p>
1534
f9e5e5b3 1535 <column name="other_config" key="bond-rebalance-interval"
bc1b010c
EJ		 1536 type='{"type": "integer", "minInteger": 0, "maxInteger": 10000}'>
1537 For a load balanced bonded port, the number of milliseconds between
1538 successive attempts to rebalance the bond, that is, to move flows
1539 from one interface on the bond to another in an attempt to keep usage
1540 of each interface roughly equal. If zero, load balancing is disabled
1c144051 1541 on the bond (link failure still cause flows to move). If
bc1b010c 1542 less than 1000ms, the rebalance interval will be 1000ms.
3fd8d445
BP		 1543 </column>
1544 </group>
1545
1546 <column name="bond_fake_iface">
1547 For a bonded port, whether to create a fake internal interface with the
1548 name of the port. Use only for compatibility with legacy software that
1549 requires this.
1550 </column>
89365653
BP		 1551 </group>
1552
01f13d4f
BP		 1553 <group title="Spanning Tree Protocol">
1554 <p>
1555 The configuration here is only meaningful, and the status is only
1556 populated, when 802.1D-1998 Spanning Tree Protocol is enabled on the
1557 port's <ref column="Bridge"/> with its <ref column="stp_enable"/>
1558 column.
1559 </p>
21f7563c 1560
01f13d4f
BP		 1561 <group title="STP Configuration">
1562 <column name="other_config" key="stp-enable"
1563 type='{"type": "boolean"}'>
1564 When STP is enabled on a bridge, it is enabled by default on all of
1565 the bridge's ports except bond, internal, and mirror ports (which do
1566 not work with STP). If this column's value is <code>false</code>,
1567 STP is disabled on the port.
1568 </column>
21f7563c 1569
01f13d4f
BP		 1570 <column name="other_config" key="stp-port-num"
1571 type='{"type": "integer", "minInteger": 1, "maxInteger": 255}'>
1572 The port number used for the lower 8 bits of the port-id. By
1573 default, the numbers will be assigned automatically. If any
1574 port's number is manually configured on a bridge, then they
1575 must all be.
1576 </column>
21f7563c 1577
01f13d4f
BP		 1578 <column name="other_config" key="stp-port-priority"
1579 type='{"type": "integer", "minInteger": 0, "maxInteger": 255}'>
1580 The port's relative priority value for determining the root
1581 port (the upper 8 bits of the port-id). A port with a lower
1582 port-id will be chosen as the root port. By default, the
1583 priority is 0x80.
1584 </column>
1585
1586 <column name="other_config" key="stp-path-cost"
1587 type='{"type": "integer", "minInteger": 0, "maxInteger": 65535}'>
1588 Spanning tree path cost for the port. A lower number indicates
1589 a faster link. By default, the cost is based on the maximum
1590 speed of the link.
1591 </column>
1592 </group>
1593
1594 <group title="STP Status">
1595 <column name="status" key="stp_port_id">
1596 The port ID used in spanning tree advertisements for this port, as 4
1597 hex digits. Configuring the port ID is described in the
1598 <code>stp-port-num</code> and <code>stp-port-priority</code> keys of
1599 the <code>other_config</code> section earlier.
1600 </column>
1601 <column name="status" key="stp_state"
1602 type='{"type": "string", "enum": ["set",
1603 ["disabled", "listening", "learning",
1604 "forwarding", "blocking"]]}'>
1605 STP state of the port.
1606 </column>
1607 <column name="status" key="stp_sec_in_state"
1608 type='{"type": "integer", "minInteger": 0}'>
1609 The amount of time this port has been in the current STP state, in
1610 seconds.
1611 </column>
1612 <column name="status" key="stp_role"
1613 type='{"type": "string", "enum": ["set",
1614 ["root", "designated", "alternate"]]}'>
1615 STP role of the port.
1616 </column>
1617 </group>
21f7563c 1618 </group>
d62d7cb1 1619
01f13d4f
BP		 1620 <group title="Rapid Spanning Tree Protocol">
1621 <p>
1622 The configuration here is only meaningful, and the status and
1623 statistics are only populated, when 802.1D-1998 Spanning Tree Protocol
1624 is enabled on the port's <ref column="Bridge"/> with its <ref
1625 column="stp_enable"/> column.
1626 </p>
d62d7cb1 1627
01f13d4f
BP		 1628 <group title="RSTP Configuration">
1629 <column name="other_config" key="rstp-enable"
1630 type='{"type": "boolean"}'>
1631 When RSTP is enabled on a bridge, it is enabled by default on all of
1632 the bridge's ports except bond, internal, and mirror ports (which do
1633 not work with RSTP). If this column's value is <code>false</code>,
1634 RSTP is disabled on the port.
1635 </column>
d62d7cb1 1636
01f13d4f
BP		 1637 <column name="other_config" key="rstp-port-priority"
1638 type='{"type": "integer", "minInteger": 0, "maxInteger": 240}'>
1639 The port's relative priority value for determining the root port, in
1640 multiples of 16. By default, the port priority is 0x80 (128). Any
1641 value in the lower 4 bits is rounded off. The significant upper 4
1642 bits become the upper 4 bits of the port-id. A port with the lowest
1643 port-id is elected as the root.
1644 </column>
d62d7cb1 1645
01f13d4f
BP		 1646 <column name="other_config" key="rstp-port-num"
1647 type='{"type": "integer", "minInteger": 1, "maxInteger": 4095}'>
1648 The local RSTP port number, used as the lower 12 bits of the port-id.
1649 By default the port numbers are assigned automatically, and typically
1650 may not correspond to the OpenFlow port numbers. A port with the
1651 lowest port-id is elected as the root.
1652 </column>
d62d7cb1 1653
01f13d4f
BP		 1654 <column name="other_config" key="rstp-port-path-cost"
1655 type='{"type": "integer"}'>
1656 The port path cost. The Port's contribution, when it is
1657 the Root Port, to the Root Path Cost for the Bridge. By default the
1658 cost is automatically calculated from the port's speed.
1659 </column>
d62d7cb1 1660
01f13d4f
BP		 1661 <column name="other_config" key="rstp-port-admin-edge"
1662 type='{"type": "boolean"}'>
1663 The admin edge port parameter for the Port. Default is
1664 <code>false</code>.
1665 </column>
d62d7cb1 1666
01f13d4f
BP		 1667 <column name="other_config" key="rstp-port-auto-edge"
1668 type='{"type": "boolean"}'>
1669 The auto edge port parameter for the Port. Default is
d62d7cb1 1670 <code>true</code>.
01f13d4f
BP		 1671 </column>
1672
1673 <column name="other_config" key="rstp-port-mcheck"
1674 type='{"type": "boolean"}'>
1675 <p>
1676 The mcheck port parameter for the Port. Default is
1677 <code>false</code>. May be set to force the Port Protocol
1678 Migration state machine to transmit RST BPDUs for a
1679 MigrateTime period, to test whether all STP Bridges on the
1680 attached LAN have been removed and the Port can continue to
1681 transmit RSTP BPDUs. Setting mcheck has no effect if the
1682 Bridge is operating in STP Compatibility mode.
1683 </p>
1684 <p>
1685 Changing the value from <code>true</code> to
1686 <code>false</code> has no effect, but needs to be done if
1687 this behavior is to be triggered again by subsequently
1688 changing the value from <code>false</code> to
1689 <code>true</code>.
1690 </p>
1691 </column>
1692 </group>
1693
1694 <group title="RSTP Status">
1695 <column name="rstp_status" key="rstp_port_id">
1696 The port ID used in spanning tree advertisements for this port, as 4
1697 hex digits. Configuring the port ID is described in the
1698 <code>rstp-port-num</code> and <code>rstp-port-priority</code> keys
1699 of the <code>other_config</code> section earlier.
1700 </column>
1701 <column name="rstp_status" key="rstp_port_role"
1702 type='{"type": "string", "enum": ["set",
1703 ["Root", "Designated", "Alternate", "Backup", "Disabled"]]}'>
1704 RSTP role of the port.
1705 </column>
1706 <column name="rstp_status" key="rstp_port_state"
1707 type='{"type": "string", "enum": ["set",
1708 ["Disabled", "Learning", "Forwarding", "Discarding"]]}'>
1709 RSTP state of the port.
1710 </column>
1711 <column name="rstp_status" key="rstp_designated_bridge_id">
1712 The port's RSTP designated bridge ID, in the same form as <ref
1713 column="rstp_status" key="rstp_bridge_id"/> in the <ref
1714 table="Bridge"/> table.
1715 </column>
1716 <column name="rstp_status" key="rstp_designated_port_id">
1717 The port's RSTP designated port ID, as 4 hex digits.
1718 </column>
1719 <column name="rstp_status" key="rstp_designated_path_cost"
1720 type='{"type": "integer"}'>
1721 The port's RSTP designated path cost. Lower is better.
1722 </column>
1723 </group>
1724
1725 <group title="RSTP Statistics">
1726 <column name="rstp_statistics" key="rstp_tx_count">
1727 Number of RSTP BPDUs transmitted through this port.
1728 </column>
1729 <column name="rstp_statistics" key="rstp_rx_count">
1730 Number of valid RSTP BPDUs received by this port.
1731 </column>
1732 <column name="rstp_statistics" key="rstp_error_count">
1733 Number of invalid RSTP BPDUs received by this port.
1734 </column>
1735 <column name="rstp_statistics" key="rstp_uptime">
1736 The duration covered by the other RSTP statistics, in seconds.
1737 </column>
1738 </group>
d62d7cb1
JR		 1739 </group>
1740
dc2b70ba
FL		 1741 <group title="Multicast Snooping">
1742 <column name="other_config" key="mcast-snooping-flood"
1743 type='{"type": "boolean"}'>
1744 <p>
8e04a33f
FL		 1745 If set to <code>true</code>, multicast packets (except Reports) are
1746 unconditionally forwarded to the specific port.
1747 </p>
1748 </column>
1749 <column name="other_config" key="mcast-snooping-flood-reports"
1750 type='{"type": "boolean"}'>
1751 <p>
1752 If set to <code>true</code>, multicast Reports are unconditionally
dc2b70ba
FL		 1753 forwarded to the specific port.
1754 </p>
1755 </column>
1756 </group>
21f7563c 1757
89365653 1758 <group title="Other Features">
c1c9c9c4
BP		 1759 <column name="qos">
1760 Quality of Service configuration for this port.
1761 </column>
299a244b 1762
89365653
BP		 1763 <column name="mac">
1764 The MAC address to use for this port for the purpose of choosing the
1765 bridge's MAC address. This column does not necessarily reflect the
1766 port's actual MAC address, nor will setting it change the port's actual
1767 MAC address.
1768 </column>
1769
1770 <column name="fake_bridge">
1771 Does this port represent a sub-bridge for its tagged VLAN within the
1772 Bridge? See ovs-vsctl(8) for more information.
1773 </column>
1774
ced947ae
BK		 1775 <column name="protected" type='{"type": "boolean"}'>
1776 The protected ports feature allows certain ports to be designated as
1777 protected. Traffic between protected ports is blocked. Protected
1778 ports can send traffic to unprotected ports. Unprotected ports can
1779 send traffic to any port.
1780 Default is false.
1781 </column>
1782
3fd8d445
BP		 1783 <column name="external_ids" key="fake-bridge-id-*">
1784 External IDs for a fake bridge (see the <ref column="fake_bridge"/>
1785 column) are defined by prefixing a <ref table="Bridge"/> <ref
1786 table="Bridge" column="external_ids"/> key with
1787 <code>fake-bridge-</code>,
1788 e.g. <code>fake-bridge-xs-network-uuids</code>.
89365653 1789 </column>
54b21db7
TLSC		 1790
1791 <column name="other_config" key="transient"
1792 type='{"type": "boolean"}'>
1793 <p>
1794 If set to <code>true</code>, the port will be removed when
1795 <code>ovs-ctl start --delete-transient-ports</code> is used.
1796 </p>
1797 </column>
3fd8d445 1798 </group>
89365653 1799
01f13d4f
BP		 1800 <column name="bond_active_slave">
1801 For a bonded port, record the mac address of the current active slave.
1802 </column>
21f7563c 1803
80740385
JP		 1804 <group title="Port Statistics">
1805 <p>
12eb035b
AW		 1806 Key-value pairs that report port statistics. The update period
1807 is controlled by <ref column="other_config"
1808 key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
80740385
JP		 1809 </p>
1810 <group title="Statistics: STP transmit and receive counters">
1811 <column name="statistics" key="stp_tx_count">
1812 Number of STP BPDUs sent on this port by the spanning
1813 tree library.
1814 </column>
1815 <column name="statistics" key="stp_rx_count">
1816 Number of STP BPDUs received on this port and accepted by the
1817 spanning tree library.
1818 </column>
1819 <column name="statistics" key="stp_error_count">
1820 Number of bad STP BPDUs received on this port. Bad BPDUs
1821 include runt packets and those with an unexpected protocol ID.
1822 </column>
1823 </group>
1824 </group>
1825
3fd8d445
BP		 1826 <group title="Common Columns">
1827 The overall purpose of these columns is described under <code>Common
1828 Columns</code> at the beginning of this document.
1829
1830 <column name="other_config"/>
1831 <column name="external_ids"/>
89365653
BP		 1832 </group>
1833 </table>
1834
1835 <table name="Interface" title="One physical network device in a Port.">
1836 An interface within a <ref table="Port"/>.
1837
1838 <group title="Core Features">
1839 <column name="name">
c885f934
BP		 1840 <p>
1841 Interface name. Should be alphanumeric. For non-bonded port, this
1842 should be the same as the port name. It must otherwise be unique
1843 among the names of ports, interfaces, and bridges on a host.
1844 </p>
1845
1846 <p>
1847 The maximum length of an interface name depends on the underlying
1848 datapath:
1849 </p>
1850
1851 <ul>
1852 <li>
1853 The names of interfaces implemented as Linux and BSD network
1854 devices, including interfaces with type <code>internal</code>,
59a0ef1d
JG		 1855 <code>tap</code>, or <code>system</code> plus the different types
1856 of tunnel ports, are limited to 15 bytes. Windows limits these
1857 names to 255 bytes.
c885f934
BP		 1858 </li>
1859
1860 <li>
59a0ef1d
JG		 1861 The names of patch ports are not used in the underlying datapath,
1862 so operating system restrictions do not apply. Thus, they may have
1863 arbitrary length.
c885f934
BP		 1864 </li>
1865 </ul>
1866
1867 <p>
1868 Regardless of other restrictions, OpenFlow only supports 15-byte
1869 names, which means that <code>ovs-ofctl</code> and OpenFlow
1870 controllers will show names truncated to 15 bytes.
1871 </p>
89365653
BP		 1872 </column>
1873
ea401d9a
NM		 1874 <column name="ifindex">
1875 A positive interface index as defined for SNMP MIB-II in RFCs 1213 and
1876 2863, if the interface has one, otherwise 0. The ifindex is useful for
1877 seamless integration with protocols such as SNMP and sFlow.
1878 </column>
1879
df867eda
JP		 1880 <column name="mac_in_use">
1881 The MAC address in use by this interface.
1882 </column>
1883
89365653
BP		 1884 <column name="mac">
1885 <p>Ethernet address to set for this interface. If unset then the
3fd8d445 1886 default MAC address is used:</p>
89365653
BP		 1887 <ul>
1888 <li>For the local interface, the default is the lowest-numbered MAC
3fd8d445
BP		 1889 address among the other bridge ports, either the value of the
1890 <ref table="Port" column="mac"/> in its <ref table="Port"/> record,
1891 if set, or its actual MAC (for bonded ports, the MAC of its slave
1892 whose name is first in alphabetical order). Internal ports and
1893 bridge ports that are used as port mirroring destinations (see the
1894 <ref table="Mirror"/> table) are ignored.</li>
2e57b537 1895 <li>For other internal interfaces, the default MAC is randomly
3fd8d445 1896 generated.</li>
89365653 1897 <li>External interfaces typically have a MAC address associated with
3fd8d445 1898 their hardware.</li>
89365653
BP		 1899 </ul>
1900 <p>Some interfaces may not have a software-controllable MAC
1901 address.</p>
1902 </column>
1903
bbe6109d
TG		 1904 <column name="error">
1905 If the configuration of the port failed, as indicated by -1 in <ref
1906 column="ofport"/>, Open vSwitch sets this column to an error
1907 description in human readable form. Otherwise, Open vSwitch clears
1908 this column.
1909 </column>
1910
484c8355 1911 <group title="OpenFlow Port Number">
039a8ccd
BP		 1912 <p>
1913 When a client adds a new interface, Open vSwitch chooses an OpenFlow
1914 port number for the new port. If the client that adds the port fills
1915 in <ref column="ofport_request"/>, then Open vSwitch tries to use its
1916 value as the OpenFlow port number. Otherwise, or if the requested
1917 port number is already in use or cannot be used for another reason,
1918 Open vSwitch automatically assigns a free port number. Regardless of
1919 how the port number was obtained, Open vSwitch then reports in <ref
1920 column="ofport"/> the port number actually assigned.
1921 </p>
1922
1923 <p>
1924 Open vSwitch limits the port numbers that it automatically assigns to
1925 the range 1 through 32,767, inclusive. Controllers therefore have
1926 free use of ports 32,768 and up.
1927 </p>
1928
1929 <column name="ofport">
1930 <p>
1931 OpenFlow port number for this interface. Open vSwitch sets this
1932 column's value, so other clients should treat it as read-only.
1933 </p>
1934 <p>
1935 The OpenFlow ``local'' port (<code>OFPP_LOCAL</code>) is 65,534.
1936 The other valid port numbers are in the range 1 to 65,279,
1937 inclusive. Value -1 indicates an error adding the interface.
1938 </p>
1939 </column>
1940
1941 <column name="ofport_request"
1942 type='{"type": "integer", "minInteger": 1, "maxInteger": 65279}'>
1943 <p>
1944 Requested OpenFlow port number for this interface.
1945 </p>
1946
1947 <p>
1948 A client should ideally set this column's value in the same
1949 database transaction that it uses to create the interface. Open
1950 vSwitch version 2.1 and later will honor a later request for a
1951 specific port number, althuogh it might confuse some controllers:
1952 OpenFlow does not have a way to announce a port number change, so
1953 Open vSwitch represents it over OpenFlow as a port deletion
1954 followed immediately by a port addition.
1955 </p>
1956
1957 <p>
1958 If <ref column="ofport_request"/> is set or changed to some other
1959 port's automatically assigned port number, Open vSwitch chooses a
1960 new port number for the latter port.
1961 </p>
1962 </column>
484c8355 1963 </group>
89365653
BP		 1964 </group>
1965
1966 <group title="System-Specific Details">
1967 <column name="type">
3fd8d445 1968 <p>
842733c3
MG		 1969 The interface type. The types supported by a particular instance of
1970 Open vSwitch are listed in the <ref table="Open_vSwitch"
1971 column="iface_types"/> column in the <ref table="Open_vSwitch"/>
1972 table. The following types are defined:
3fd8d445
BP		 1973 </p>
1974
89365653
BP		 1975 <dl>
1976 <dt><code>system</code></dt>
1977 <dd>An ordinary network device, e.g. <code>eth0</code> on Linux.
3fd8d445
BP		 1978 Sometimes referred to as ``external interfaces'' since they are
1979 generally connected to hardware external to that on which the Open
1980 vSwitch is running. The empty string is a synonym for
1981 <code>system</code>.</dd>
1982
89365653 1983 <dt><code>internal</code></dt>
2e57b537 1984 <dd>A simulated network device that sends and receives traffic. An
3fd8d445
BP		 1985 internal interface whose <ref column="name"/> is the same as its
1986 bridge's <ref table="Open_vSwitch" column="name"/> is called the
1987 ``local interface.'' It does not make sense to bond an internal
1988 interface, so the terms ``port'' and ``interface'' are often used
1989 imprecisely for internal interfaces.</dd>
1990
89365653
BP		 1991 <dt><code>tap</code></dt>
1992 <dd>A TUN/TAP device managed by Open vSwitch.</dd>
3fd8d445 1993
c1fc1411
JG		 1994 <dt><code>geneve</code></dt>
1995 <dd>
59a0ef1d 1996 An Ethernet over Geneve (<code>http://tools.ietf.org/html/draft-ietf-nvo3-geneve</code>)
80c4589a 1997 IPv4/IPv6 tunnel.
c1fc1411 1998
9558d2a5
JG		 1999 A description of how to match and set Geneve options can be found
2000 in the <code>ovs-ofctl</code> manual page.
c1fc1411
JG		 2001 </dd>
2002
89365653 2003 <dt><code>gre</code></dt>
3fd8d445 2004 <dd>
80c4589a 2005 An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4/IPv6
79f827fa 2006 tunnel.
e16a28b5 2007 </dd>
3fd8d445 2008
79f827fa
KM		 2009 <dt><code>vxlan</code></dt>
2010 <dd>
039a8ccd
BP		 2011 <p>
2012 An Ethernet tunnel over the UDP-based VXLAN protocol described in
2013 RFC 7348.
2014 </p>
2015 <p>
59a0ef1d
JG		 2016 Open vSwitch uses IANA-assigned UDP destination port 4789. The
2017 source port used for VXLAN traffic varies on a per-flow basis
2018 and is in the ephemeral port range.
039a8ccd 2019 </p>
79f827fa
KM		 2020 </dd>
2021
a6ae068b
LJ		 2022 <dt><code>lisp</code></dt>
2023 <dd>
a6363cfd
LJ		 2024 <p>
2025 A layer 3 tunnel over the experimental, UDP-based Locator/ID
2026 Separation Protocol (RFC 6830).
2027 </p>
2028 <p>
2029 Only IPv4 and IPv6 packets are supported by the protocol, and
2030 they are sent and received without an Ethernet header. Traffic
2031 to/from LISP ports is expected to be configured explicitly, and
2032 the ports are not intended to participate in learning based
2033 switching. As such, they are always excluded from packet
2034 flooding.
2035 </p>
a6ae068b
LJ		 2036 </dd>
2037
4237026e
PS		 2038 <dt><code>stt</code></dt>
2039 <dd>
039a8ccd
BP		 2040 The Stateless TCP Tunnel (STT) is particularly useful when tunnel
2041 endpoints are in end-systems, as it utilizes the capabilities of
2042 standard network interface cards to improve performance. STT utilizes
2043 a TCP-like header inside the IP header. It is stateless, i.e., there is
2044 no TCP connection state of any kind associated with the tunnel. The
2045 TCP-like header is used to leverage the capabilities of existing
2046 network interface cards, but should not be interpreted as implying
2047 any sort of connection state between endpoints.
2048 Since the STT protocol does not engage in the usual TCP 3-way handshake,
2049 so it will have difficulty traversing stateful firewalls.
2050 The protocol is documented at
59a0ef1d 2051 https://tools.ietf.org/html/draft-davie-stt
039a8ccd 2052
59a0ef1d 2053 All traffic uses a default destination port of 7471.
4237026e
PS		 2054 </dd>
2055
8aed4223 2056 <dt><code>patch</code></dt>
eca2df31 2057 <dd>
3fd8d445 2058 A pair of virtual devices that act as a patch cable.
eca2df31 2059 </dd>
3fd8d445 2060
84b32864 2061 <dt><code>null</code></dt>
0faed346 2062 <dd>An ignored interface. Deprecated and slated for removal in
039a8ccd 2063 February 2013.</dd>
89365653
BP		 2064 </dl>
2065 </column>
3fd8d445
BP		 2066 </group>
2067
2068 <group title="Tunnel Options">
2069 <p>
2070 These options apply to interfaces with <ref column="type"/> of
2b02d770
PS		 2071 <code>geneve</code>, <code>gre</code>, <code>vxlan</code>,
2072 <code>lisp</code> and <code>stt</code>.
3fd8d445
BP		 2073 </p>
2074
2075 <p>
2076 Each tunnel must be uniquely identified by the combination of <ref
2077 column="type"/>, <ref column="options" key="remote_ip"/>, <ref
2078 column="options" key="local_ip"/>, and <ref column="options"
2079 key="in_key"/>. If two ports are defined that are the same except one
2080 has an optional identifier and the other does not, the more specific
2081 one is matched first. <ref column="options" key="in_key"/> is
2082 considered more specific than <ref column="options" key="local_ip"/> if
2083 a port defines one and another port defines the other.
2084 </p>
2085
2086 <column name="options" key="remote_ip">
0ad90c84
JR		 2087 <p>Required. The remote tunnel endpoint, one of:</p>
2088
2089 <ul>
2090 <li>
80c4589a 2091 An IPv4 or IPv6 address (not a DNS name), e.g. <code>192.168.0.123</code>.
0ad90c84
JR		 2092 Only unicast endpoints are supported.
2093 </li>
2094 <li>
2095 The word <code>flow</code>. The tunnel accepts packets from any
2096 remote tunnel endpoint. To process only packets from a specific
2097 remote tunnel endpoint, the flow entries may match on the
80c4589a
PS		 2098 <code>tun_src</code> or <code>tun_ipv6_src</code>field. When
2099 sending packets to a <code>remote_ip=flow</code> tunnel, the flow
2100 actions must explicitly set the <code>tun_dst</code> or
2101 <code>tun_ipv6_dst</code> field to the IP address of the desired
2102 remote tunnel endpoint, e.g. with a <code>set_field</code> action.
0ad90c84
JR		 2103 </li>
2104 </ul>
2105
2106 <p>
039a8ccd
BP		 2107 The remote tunnel endpoint for any packet received from a tunnel
2108 is available in the <code>tun_src</code> field for matching in the
2109 flow table.
0ad90c84 2110 </p>
3fd8d445
BP		 2111 </column>
2112
2113 <column name="options" key="local_ip">
0ad90c84
JR		 2114 <p>
2115 Optional. The tunnel destination IP that received packets must
2116 match. Default is to match all addresses. If specified, may be one
2117 of:
2118 </p>
2119
2120 <ul>
2121 <li>
80c4589a 2122 An IPv4/IPv6 address (not a DNS name), e.g. <code>192.168.12.3</code>.
0ad90c84
JR		 2123 </li>
2124 <li>
2125 The word <code>flow</code>. The tunnel accepts packets sent to any
2126 of the local IP addresses of the system running OVS. To process
2127 only packets sent to a specific IP address, the flow entries may
80c4589a
PS		 2128 match on the <code>tun_dst</code> or <code>tun_ipv6_dst</code> field.
2129 When sending packets to a <code>local_ip=flow</code> tunnel, the flow
2130 actions may explicitly set the <code>tun_src</code> or <code>tun_ipv6_src</code>
2131 field to the desired IP address, e.g. with a <code>set_field</code> action.
2132 However, while routing the tunneled packet out, the local system may
2133 override the specified address with the local IP address configured for the
0ad90c84
JR		 2134 outgoing system interface.
2135
2136 <p>
2137 This option is valid only for tunnels also configured with the
2138 <code>remote_ip=flow</code> option.
2139 </p>
2140 </li>
2141 </ul>
2142
2143 <p>
2144 The tunnel destination IP address for any packet received from a
80c4589a
PS		 2145 tunnel is available in the <code>tun_dst</code> or <code>tun_ipv6_dst</code>
2146 field for matching in the flow table.
0ad90c84 2147 </p>
3fd8d445
BP		 2148 </column>
2149
2150 <column name="options" key="in_key">
2151 <p>Optional. The key that received packets must contain, one of:</p>
2152
2153 <ul>
2154 <li>
2155 <code>0</code>. The tunnel receives packets with no key or with a
2156 key of 0. This is equivalent to specifying no <ref column="options"
2157 key="in_key"/> at all.
2158 </li>
2159 <li>
271e6bc7 2160 A positive 24-bit (for Geneve, VXLAN, and LISP), 32-bit (for GRE)
99e7b077 2161 or 64-bit (for STT) number. The tunnel receives only
4237026e 2162 packets with the specified key.
3fd8d445
BP		 2163 </li>
2164 <li>
2165 The word <code>flow</code>. The tunnel accepts packets with any
2166 key. The key will be placed in the <code>tun_id</code> field for
2167 matching in the flow table. The <code>ovs-ofctl</code> manual page
2168 contains additional information about matching fields in OpenFlow
2169 flows.
2170 </li>
2171 </ul>
2172
2173 <p>
2174 </p>
2175 </column>
2176
2177 <column name="options" key="out_key">
2178 <p>Optional. The key to be set on outgoing packets, one of:</p>
2179
2180 <ul>
2181 <li>
2182 <code>0</code>. Packets sent through the tunnel will have no key.
2183 This is equivalent to specifying no <ref column="options"
2184 key="out_key"/> at all.
2185 </li>
2186 <li>
271e6bc7 2187 A positive 24-bit (for Geneve, VXLAN and LISP), 32-bit (for GRE) or
99e7b077 2188 64-bit (for STT) number. Packets sent through the tunnel
4237026e 2189 will have the specified key.
3fd8d445
BP		 2190 </li>
2191 <li>
2192 The word <code>flow</code>. Packets sent through the tunnel will
2193 have the key set using the <code>set_tunnel</code> Nicira OpenFlow
2194 vendor extension (0 is used in the absence of an action). The
2195 <code>ovs-ofctl</code> manual page contains additional information
2196 about the Nicira OpenFlow vendor extensions.
2197 </li>
2198 </ul>
2199 </column>
2200
2201 <column name="options" key="key">
2202 Optional. Shorthand to set <code>in_key</code> and
2203 <code>out_key</code> at the same time.
2204 </column>
2205
2206 <column name="options" key="tos">
2207 Optional. The value of the ToS bits to be set on the encapsulating
749ae950
PS		 2208 packet. ToS is interpreted as DSCP and ECN bits, ECN part must be
2209 zero. It may also be the word <code>inherit</code>, in which case
3fd8d445
BP		 2210 the ToS will be copied from the inner packet if it is IPv4 or IPv6
2211 (otherwise it will be 0). The ECN fields are always inherited.
2212 Default is 0.
2213 </column>
2214
2215 <column name="options" key="ttl">
2216 Optional. The TTL to be set on the encapsulating packet. It may also
2217 be the word <code>inherit</code>, in which case the TTL will be copied
2218 from the inner packet if it is IPv4 or IPv6 (otherwise it will be the
2219 system default, typically 64). Default is the system default TTL.
2220 </column>
9cc6bf75 2221
f9e5e5b3
BP		 2222 <column name="options" key="df_default"
2223 type='{"type": "boolean"}'>
9b9f4d60
EJ		 2224 Optional. If enabled, the Don't Fragment bit will be set on tunnel
2225 outer headers to allow path MTU discovery. Default is enabled; set
2226 to <code>false</code> to disable.
3fd8d445
BP		 2227 </column>
2228
526df7d8
TG		 2229 <group title="Tunnel Options: vxlan only">
2230
039a8ccd
BP		 2231 <column name="options" key="exts">
2232 <p>Optional. Comma separated list of optional VXLAN extensions to
2233 enable. The following extensions are supported:</p>
526df7d8 2234
039a8ccd
BP		 2235 <ul>
2236 <li>
2237 <code>gbp</code>: VXLAN-GBP allows to transport the group policy
2238 context of a packet across the VXLAN tunnel to other network
96fee5e0
BP		 2239 peers. See the description of <code>tun_gbp_id</code> and
2240 <code>tun_gbp_flags</code> in <code>ovs-fields</code>(7) for
2241 additional information.
039a8ccd
BP		 2242 (<code>https://tools.ietf.org/html/draft-smith-vxlan-group-policy</code>)
2243 </li>
2244 </ul>
2245 </column>
526df7d8 2246
039a8ccd 2247 </group>
526df7d8 2248
2b02d770 2249 <group title="Tunnel Options: gre, geneve, and vxlan">
3fd8d445 2250 <p>
2b02d770 2251 <code>gre</code>, <code>geneve</code>, and
4752cc0c 2252 <code>vxlan</code> interfaces support these options.
3fd8d445
BP		 2253 </p>
2254
f9e5e5b3 2255 <column name="options" key="csum" type='{"type": "boolean"}'>
3fd8d445 2256 <p>
4752cc0c
JG		 2257 Optional. Compute encapsulation header (either GRE or UDP)
2258 checksums on outgoing packets. Default is disabled, set to
2259 <code>true</code> to enable. Checksums present on incoming
2260 packets will be validated regardless of this setting.
039a8ccd 2261 </p>
3fd8d445 2262
4752cc0c
JG		 2263 <p>
2264 When using the upstream Linux kernel module, computation of
2265 checksums for <code>geneve</code> and <code>vxlan</code> requires
2266 Linux kernel version 4.0 or higher. <code>gre</code> supports
2267 checksums for all versions of Open vSwitch that support GRE.
2268 The out of tree kernel module distributed as part of OVS
2269 can compute all tunnel checksums on any kernel version that it
2270 is compatible with.
3fd8d445
BP		 2271 </p>
2272
3fd8d445
BP		 2273 </column>
2274 </group>
2275 </group>
2276
2277 <group title="Patch Options">
2278 <p>
2279 Only <code>patch</code> interfaces support these options.
2280 </p>
89365653 2281
3fd8d445
BP		 2282 <column name="options" key="peer">
2283 The <ref column="name"/> of the <ref table="Interface"/> for the other
2284 side of the patch. The named <ref table="Interface"/>'s own
2285 <code>peer</code> option must specify this <ref table="Interface"/>'s
2286 name. That is, the two patch interfaces must have reversed <ref
2287 column="name"/> and <code>peer</code> values.
89365653 2288 </column>
e210037e
AE		 2289 </group>
2290
a14b8947
IM		 2291 <group title="PMD (Poll Mode Driver) Options">
2292 <p>
2293 Only PMD netdevs support these options.
2294 </p>
2295
81acebda 2296 <column name="options" key="n_rxq"
a14b8947
IM		 2297 type='{"type": "integer", "minInteger": 1}'>
2298 <p>
2299 Specifies the maximum number of rx queues to be created for PMD
2300 netdev. If not specified or specified to 0, one rx queue will
2301 be created by default.
81acebda 2302 Not supported by DPDK vHost interfaces.
a14b8947
IM		 2303 </p>
2304 </column>
3eb67853 2305
55e075e6
CL		 2306 <column name="options" key="dpdk-devargs"
2307 type='{"type": "string"}'>
2308 <p>
69876ed7
CL		 2309 Specifies the PCI address associated with the port for physical
2310 devices, or the virtual driver to be used for the port when a virtual
2311 PMD is intended to be used. For the latter, the argument string
2312 typically takes the form of eth_&lt;driver_name&gt;&lt;x&gt; where
2313 'driver_name' is a valid virtual DPDK PMD driver name and where 'x'
2314 lies in the range of 0 to RTE_MAX_ETHPORTS-1.
2315 Only supported by the dpdk port type.
55e075e6
CL		 2316 </p>
2317 </column>
2318
3eb67853
IM		 2319 <column name="other_config" key="pmd-rxq-affinity">
2320 <p>Specifies mapping of RX queues of this interface to CPU cores.</p>
2321 <p>Value should be set in the following form:</p>
2322 <p>
2323 <code>other_config:pmd-rxq-affinity=&lt;rxq-affinity-list&gt;</code>
2324 </p>
2325 <p>where</p>
2326 <p>
2327 <ul>
2328 <li>
2329 &lt;rxq-affinity-list&gt; ::= NULL | &lt;non-empty-list&gt;
2330 </li>
2331 <li>
2332 &lt;non-empty-list&gt; ::= &lt;affinity-pair&gt; |
2333 &lt;affinity-pair&gt; , &lt;non-empty-list&gt;
2334 </li>
2335 <li>
2336 &lt;affinity-pair&gt; ::= &lt;queue-id&gt; : &lt;core-id&gt;
2337 </li>
2338 </ul>
2339 </p>
2340 </column>
c1ff66ac
CL		 2341
2342 <column name="options" key="vhost-server-path"
2343 type='{"type": "string"}'>
2344 <p>
2d24d165
CL		 2345 The value specifies the path to the socket associated with a vHost
2346 User client mode device that has been or will be created by QEMU.
2347 Only supported by dpdkvhostuserclient interfaces.
c1ff66ac
CL		 2348 </p>
2349 </column>
b685696b
CL		 2350
2351 <column name="options" key="n_rxq_desc"
2352 type='{"type": "integer", "minInteger": 1, "maxInteger": 4096}'>
2353 <p>
2354 Specifies the rx queue size (number rx descriptors) for dpdk ports.
2355 The value must be a power of 2, less than 4096 and supported
2356 by the hardware of the device being configured.
2357 If not specified or an incorrect value is specified, 2048 rx
2358 descriptors will be used by default.
2359 </p>
2360 </column>
2361
2362 <column name="options" key="n_txq_desc"
2363 type='{"type": "integer", "minInteger": 1, "maxInteger": 4096}'>
2364 <p>
2365 Specifies the tx queue size (number tx descriptors) for dpdk ports.
2366 The value must be a power of 2, less than 4096 and supported
2367 by the hardware of the device being configured.
2368 If not specified or an incorrect value is specified, 2048 tx
2369 descriptors will be used by default.
2370 </p>
2371 </column>
a14b8947
IM		 2372 </group>
2373
56abcf49
DDP		 2374 <group title="MTU">
2375 <p>
2376 The MTU (maximum transmission unit) is the largest amount of data
2377 that can fit into a single Ethernet frame. The standard Ethernet
2378 MTU is 1500 bytes. Some physical media and many kinds of virtual
2379 interfaces can be configured with higher MTUs.
2380 </p>
2381
2382 <p>
3a414a0a
DDP		 2383 A client may change an interface MTU by filling in
2384 <ref column="mtu_request"/>. Open vSwitch then reports in
2385 <ref column="mtu"/> the currently configured value.
56abcf49
DDP		 2386 </p>
2387
2388 <column name="mtu">
3a414a0a
DDP		 2389 <p>
2390 The currently configured MTU for the interface.
2391 </p>
2392
56abcf49
DDP		 2393 <p>
2394 This column will be empty for an interface that does not
2395 have an MTU as, for example, some kinds of tunnels do not.
2396 </p>
2397
2398 <p>
2399 Open vSwitch sets this column's value, so other clients should treat
2400 it as read-only.
2401 </p>
2402 </column>
2403
2404 <column name="mtu_request"
2405 type='{"type": "integer", "minInteger": 1}'>
2406 <p>
2407 Requested MTU (Maximum Transmission Unit) for the interface. A client
3a414a0a
DDP		 2408 can fill this column to change the MTU of an interface.
2409 </p>
2410
06ca9597 2411 <p>
2412 RFC 791 requires every internet module to be able to forward a
2413 datagram of 68 octets without further fragmentation. The maximum
2414 size of an IP packet is 65535 bytes.
2415 </p>
2416
3a414a0a
DDP		 2417 <p>
2418 If this is not set and if the interface has <code>internal</code>
2419 type, Open vSwitch will change the MTU to match the minimum of the
2420 other interfaces in the bridge.
56abcf49
DDP		 2421 </p>
2422 </column>
2423
2424 </group>
2425
e210037e
AE		 2426 <group title="Interface Status">
2427 <p>
2428 Status information about interfaces attached to bridges, updated every
2429 5 seconds. Not all interfaces have all of these properties; virtual
2430 interfaces don't have a link speed, for example. Non-applicable
2431 columns will have empty values.
2432 </p>
2433 <column name="admin_state">
2434 <p>
2435 The administrative state of the physical network link.
2436 </p>
2437 </column>
2438
2439 <column name="link_state">
2440 <p>
0b8024eb
BP		 2441 The observed state of the physical network link. This is ordinarily
2442 the link's carrier status. If the interface's <ref table="Port"/> is
2443 a bond configured for miimon monitoring, it is instead the network
2444 link's miimon status.
e210037e
AE		 2445 </p>
2446 </column>
2447
65c3058c
EJ		 2448 <column name="link_resets">
2449 <p>
2450 The number of times Open vSwitch has observed the
2451 <ref column="link_state"/> of this <ref table="Interface"/> change.
2452 </p>
2453 </column>
2454
e210037e
AE		 2455 <column name="link_speed">
2456 <p>
2457 The negotiated speed of the physical network link.
2458 Valid values are positive integers greater than 0.
2459 </p>
2460 </column>
2461
2462 <column name="duplex">
2463 <p>
2464 The duplex mode of the physical network link.
2465 </p>
2466 </column>
2467
3fd8d445
BP		 2468 <column name="lacp_current">
2469 Boolean value indicating LACP status for this interface. If true, this
2470 interface has current LACP information about its LACP partner. This
2471 information may be used to monitor the health of interfaces in a LACP
2472 enabled port. This column will be empty if LACP is not enabled.
2473 </column>
2474
573c1db9 2475 <column name="status">
3fd8d445
BP		 2476 Key-value pairs that report port status. Supported status values are
2477 <ref column="type"/>-dependent; some interfaces may not have a valid
2478 <ref column="status" key="driver_name"/>, for example.
2479 </column>
2480
2481 <column name="status" key="driver_name">
2482 The name of the device driver controlling the network adapter.
2483 </column>
2484
2485 <column name="status" key="driver_version">
2486 The version string of the device driver controlling the network
2487 adapter.
2488 </column>
2489
2490 <column name="status" key="firmware_version">
2491 The version string of the network adapter's firmware, if available.
2492 </column>
2493
2494 <column name="status" key="source_ip">
80c4589a 2495 The source IP address used for an IPv4/IPv6 tunnel end-point, such as
09538fdc 2496 <code>gre</code>.
573c1db9 2497 </column>
3fd8d445
BP		 2498
2499 <column name="status" key="tunnel_egress_iface">
271e6bc7
JG		 2500 Egress interface for tunnels. Currently only relevant for tunnels
2501 on Linux systems, this column will show the name of the interface
09538fdc
PS		 2502 which is responsible for routing traffic destined for the configured
2503 <ref column="options" key="remote_ip"/>. This could be an internal
2504 interface such as a bridge port.
3fd8d445
BP		 2505 </column>
2506
f9e5e5b3
BP		 2507 <column name="status" key="tunnel_egress_iface_carrier"
2508 type='{"type": "string", "enum": ["set", ["down", "up"]]}'>
2509 Whether carrier is detected on <ref column="status"
2510 key="tunnel_egress_iface"/>.
3fd8d445
BP		 2511 </column>
2512 </group>
2513
2514 <group title="Statistics">
2515 <p>
2516 Key-value pairs that report interface statistics. The current
12eb035b
AW		 2517 implementation updates these counters periodically. The update period
2518 is controlled by <ref column="other_config"
2519 key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
2520 Future implementations may update them when an interface is created,
2521 when they are queried (e.g. using an OVSDB <code>select</code>
2522 operation), and just before an interface is deleted due to virtual
2523 interface hot-unplug or VM shutdown, and perhaps at other times, but
2524 not on any regular periodic basis.
3fd8d445
BP		 2525 </p>
2526 <p>
2527 These are the same statistics reported by OpenFlow in its <code>struct
2528 ofp_port_stats</code> structure. If an interface does not support a
2529 given statistic, then that pair is omitted.
2530 </p>
2531 <group title="Statistics: Successful transmit and receive counters">
2532 <column name="statistics" key="rx_packets">
2533 Number of received packets.
2534 </column>
2535 <column name="statistics" key="rx_bytes">
2536 Number of received bytes.
2537 </column>
2538 <column name="statistics" key="tx_packets">
2539 Number of transmitted packets.
2540 </column>
2541 <column name="statistics" key="tx_bytes">
2542 Number of transmitted bytes.
2543 </column>
2544 </group>
2545 <group title="Statistics: Receive errors">
2546 <column name="statistics" key="rx_dropped">
2547 Number of packets dropped by RX.
2548 </column>
2549 <column name="statistics" key="rx_frame_err">
2550 Number of frame alignment errors.
2551 </column>
2552 <column name="statistics" key="rx_over_err">
2553 Number of packets with RX overrun.
2554 </column>
2555 <column name="statistics" key="rx_crc_err">
2556 Number of CRC errors.
2557 </column>
2558 <column name="statistics" key="rx_errors">
2559 Total number of receive errors, greater than or equal to the sum of
2560 the above.
2561 </column>
9cc6bf75 2562 </group>
3fd8d445
BP		 2563 <group title="Statistics: Transmit errors">
2564 <column name="statistics" key="tx_dropped">
2565 Number of packets dropped by TX.
2566 </column>
2567 <column name="statistics" key="collisions">
2568 Number of collisions.
2569 </column>
2570 <column name="statistics" key="tx_errors">
2571 Total number of transmit errors, greater than or equal to the sum of
2572 the above.
2573 </column>
2574 </group>
89365653
BP		 2575 </group>
2576
2577 <group title="Ingress Policing">
3f5d8c02
BP		 2578 <p>
2579 These settings control ingress policing for packets received on this
2580 interface. On a physical interface, this limits the rate at which
2581 traffic is allowed into the system from the outside; on a virtual
2582 interface (one connected to a virtual machine), this limits the rate at
2583 which the VM is able to transmit.
2584 </p>
2585 <p>
2586 Policing is a simple form of quality-of-service that simply drops
2587 packets received in excess of the configured rate. Due to its
2588 simplicity, policing is usually less accurate and less effective than
2589 egress QoS (which is configured using the <ref table="QoS"/> and <ref
2590 table="Queue"/> tables).
2591 </p>
2592 <p>
9509913a
IS		 2593 Policing is currently implemented on Linux and OVS with DPDK. Both
2594 implementations use a simple ``token bucket'' approach:
3f5d8c02
BP		 2595 </p>
2596 <ul>
2597 <li>
2598 The size of the bucket corresponds to <ref
2599 column="ingress_policing_burst"/>. Initially the bucket is full.
2600 </li>
2601 <li>
2602 Whenever a packet is received, its size (converted to tokens) is
2603 compared to the number of tokens currently in the bucket. If the
2604 required number of tokens are available, they are removed and the
2605 packet is forwarded. Otherwise, the packet is dropped.
2606 </li>
2607 <li>
2608 Whenever it is not full, the bucket is refilled with tokens at the
2609 rate specified by <ref column="ingress_policing_rate"/>.
2610 </li>
2611 </ul>
2612 <p>
2613 Policing interacts badly with some network protocols, and especially
2614 with fragmented IP packets. Suppose that there is enough network
2615 activity to keep the bucket nearly empty all the time. Then this token
2616 bucket algorithm will forward a single packet every so often, with the
2617 period depending on packet size and on the configured rate. All of the
2618 fragments of an IP packets are normally transmitted back-to-back, as a
2619 group. In such a situation, therefore, only one of these fragments
2620 will be forwarded and the rest will be dropped. IP does not provide
2621 any way for the intended recipient to ask for only the remaining
2622 fragments. In such a case there are two likely possibilities for what
2623 will happen next: either all of the fragments will eventually be
2624 retransmitted (as TCP will do), in which case the same problem will
2625 recur, or the sender will not realize that its packet has been dropped
2626 and data will simply be lost (as some UDP-based protocols will do).
2627 Either way, it is possible that no forward progress will ever occur.
2628 </p>
2629 <column name="ingress_policing_rate">
2630 <p>
2631 Maximum rate for data received on this interface, in kbps. Data
2632 received faster than this rate is dropped. Set to <code>0</code>
2633 (the default) to disable policing.
2634 </p>
2635 </column>
2636
89365653
BP		 2637 <column name="ingress_policing_burst">
2638 <p>Maximum burst size for data received on this interface, in kb. The
79abacc8 2639 default burst size if set to <code>0</code> is 8000 kbit. This value
3fd8d445
BP		 2640 has no effect if <ref column="ingress_policing_rate"/>
2641 is <code>0</code>.</p>
3f5d8c02
BP		 2642 <p>
2643 Specifying a larger burst size lets the algorithm be more forgiving,
2644 which is important for protocols like TCP that react severely to
2645 dropped packets. The burst size should be at least the size of the
2646 interface's MTU. Specifying a value that is numerically at least as
79abacc8 2647 large as 80% of <ref column="ingress_policing_rate"/> helps TCP come
3f5d8c02
BP		 2648 closer to achieving the full rate.
2649 </p>
89365653
BP		 2650 </column>
2651 </group>
2652
ccc09689 2653 <group title="Bidirectional Forwarding Detection (BFD)">
e58855ec 2654 <p>
039a8ccd
BP		 2655 BFD, defined in RFC 5880 and RFC 5881, allows point-to-point
2656 detection of connectivity failures by occasional transmission of
2657 BFD control messages. Open vSwitch implements BFD to serve
2658 as a more popular and standards compliant alternative to CFM.
e58855ec 2659 </p>
ccc09689 2660
e58855ec 2661 <p>
039a8ccd
BP		 2662 BFD operates by regularly transmitting BFD control messages at a rate
2663 negotiated independently in each direction. Each endpoint specifies
2664 the rate at which it expects to receive control messages, and the rate
2665 at which it is willing to transmit them. Open vSwitch uses a detection
2666 multiplier of three, meaning that an endpoint signals a connectivity
2667 fault if three consecutive BFD control messages fail to arrive. In the
2668 case of a unidirectional connectivity issue, the system not receiving
2669 BFD control messages signals the problem to its peer in the messages it
2670 transmits.
e58855ec 2671 </p>
ccc09689 2672
e58855ec 2673 <p>
039a8ccd
BP		 2674 The Open vSwitch implementation of BFD aims to comply faithfully
2675 with RFC 5880 requirements. Open vSwitch does not implement the
2676 optional Authentication or ``Echo Mode'' features.
e58855ec 2677 </p>
ccc09689 2678
e58855ec 2679 <group title="BFD Configuration">
039a8ccd
BP		 2680 <p>
2681 A controller sets up key-value pairs in the <ref column="bfd"/>
2682 column to enable and configure BFD.
2683 </p>
e58855ec 2684
039a8ccd 2685 <column name="bfd" key="enable" type='{"type": "boolean"}'>
f7491dce
AW		 2686 True to enable BFD on this <ref table="Interface"/>. If not
2687 specified, BFD will not be enabled by default.
039a8ccd 2688 </column>
e58855ec 2689
039a8ccd
BP		 2690 <column name="bfd" key="min_rx"
2691 type='{"type": "integer", "minInteger": 1}'>
e58855ec
BP		 2692 The shortest interval, in milliseconds, at which this BFD session
2693 offers to receive BFD control messages. The remote endpoint may
2694 choose to send messages at a slower rate. Defaults to
2695 <code>1000</code>.
039a8ccd 2696 </column>
e58855ec 2697
039a8ccd
BP		 2698 <column name="bfd" key="min_tx"
2699 type='{"type": "integer", "minInteger": 1}'>
e58855ec
BP		 2700 The shortest interval, in milliseconds, at which this BFD session is
2701 willing to transmit BFD control messages. Messages will actually be
2702 transmitted at a slower rate if the remote endpoint is not willing to
2703 receive as quickly as specified. Defaults to <code>100</code>.
039a8ccd
BP		 2704 </column>
2705
2706 <column name="bfd" key="decay_min_rx" type='{"type": "integer"}'>
2707 An alternate receive interval, in milliseconds, that must be greater
2708 than or equal to <ref column="bfd" key="min_rx"/>. The
2709 implementation switches from <ref column="bfd" key="min_rx"/> to <ref
2710 column="bfd" key="decay_min_rx"/> when there is no obvious incoming
2711 data traffic at the interface, to reduce the CPU and bandwidth cost
2712 of monitoring an idle interface. This feature may be disabled by
2713 setting a value of 0. This feature is reset whenever <ref
2714 column="bfd" key="decay_min_rx"/> or <ref column="bfd" key="min_rx"/>
2715 changes.
2716 </column>
2717
2718 <column name="bfd" key="forwarding_if_rx" type='{"type": "boolean"}'>
34c88624
AW		 2719 When <code>true</code>, traffic received on the
2720 <ref table="Interface"/> is used to indicate the capability of packet
2721 I/O. BFD control packets are still transmitted and received. At
2722 least one BFD control packet must be received every 100 * <ref
2723 column="bfd" key="min_rx"/> amount of time. Otherwise, even if
2724 traffic are received, the <ref column="bfd" key="forwarding"/>
2725 will be <code>false</code>.
039a8ccd 2726 </column>
e58855ec 2727
039a8ccd
BP		 2728 <column name="bfd" key="cpath_down" type='{"type": "boolean"}'>
2729 Set to true to notify the remote endpoint that traffic should not be
2730 forwarded to this system for some reason other than a connectivty
2731 failure on the interface being monitored. The typical underlying
2732 reason is ``concatenated path down,'' that is, that connectivity
2733 beyond the local system is down. Defaults to false.
2734 </column>
e58855ec 2735
039a8ccd 2736 <column name="bfd" key="check_tnl_key" type='{"type": "boolean"}'>
e58855ec
BP		 2737 Set to true to make BFD accept only control messages with a tunnel
2738 key of zero. By default, BFD accepts control messages with any
2739 tunnel key.
039a8ccd
BP		 2740 </column>
2741
2742 <column name="bfd" key="bfd_local_src_mac">
2743 Set to an Ethernet address in the form
2744 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
2745 to set the MAC used as source for transmitted BFD packets. The
2746 default is the mac address of the BFD enabled interface.
2747 </column>
2748
2749 <column name="bfd" key="bfd_local_dst_mac">
2750 Set to an Ethernet address in the form
2751 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
2752 to set the MAC used as destination for transmitted BFD packets. The
2753 default is <code>00:23:20:00:00:01</code>.
2754 </column>
2755
2756 <column name="bfd" key="bfd_remote_dst_mac">
2757 Set to an Ethernet address in the form
2758 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
2759 to set the MAC used for checking the destination of received BFD packets.
2760 Packets with different destination MAC will not be considered as BFD packets.
2761 If not specified the destination MAC address of received BFD packets
2762 are not checked.
2763 </column>
2764
2765 <column name="bfd" key="bfd_src_ip">
dfe37e6a 2766 Set to an IPv4 address to set the IP address used as source for
1314739c 2767 transmitted BFD packets. The default is <code>169.254.1.1</code>.
039a8ccd 2768 </column>
dfe37e6a 2769
039a8ccd 2770 <column name="bfd" key="bfd_dst_ip">
dfe37e6a 2771 Set to an IPv4 address to set the IP address used as destination
1314739c 2772 for transmitted BFD packets. The default is <code>169.254.1.0</code>.
039a8ccd 2773 </column>
2eb79142
JG		 2774
2775 <column name="bfd" key="oam">
2776 Some tunnel protocols (such as Geneve) include a bit in the header
2777 to indicate that the encapsulated packet is an OAM frame. By setting
2778 this to true, BFD packets will be marked as OAM if encapsulated in
2779 one of these tunnels.
2780 </column>
e58855ec 2781 </group>
ccc09689 2782
e58855ec 2783 <group title="BFD Status">
039a8ccd
BP		 2784 <p>
2785 The switch sets key-value pairs in the <ref column="bfd_status"/>
2786 column to report the status of BFD on this interface. When BFD is
2787 not enabled, with <ref column="bfd" key="enable"/>, the switch clears
2788 all key-value pairs from <ref column="bfd_status"/>.
2789 </p>
2790
2791 <column name="bfd_status" key="state"
2792 type='{"type": "string",
2793 "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
2794 Reports the state of the BFD session. The BFD session is fully
2795 healthy and negotiated if <code>UP</code>.
2796 </column>
2797
2798 <column name="bfd_status" key="forwarding" type='{"type": "boolean"}'>
2799 Reports whether the BFD session believes this <ref
2800 table="Interface"/> may be used to forward traffic. Typically this
2801 means the local session is signaling <code>UP</code>, and the remote
2802 system isn't signaling a problem such as concatenated path down.
2803 </column>
2804
2805 <column name="bfd_status" key="diagnostic">
60a15922
AZ		 2806 A diagnostic code specifying the local system's reason for the
2807 last change in session state. The error messages are defined in
2808 section 4.1 of [RFC 5880].
039a8ccd
BP		 2809 </column>
2810
2811 <column name="bfd_status" key="remote_state"
2812 type='{"type": "string",
2813 "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
2814 Reports the state of the remote endpoint's BFD session.
2815 </column>
2816
2817 <column name="bfd_status" key="remote_diagnostic">
60a15922
AZ		 2818 A diagnostic code specifying the remote system's reason for the
2819 last change in session state. The error messages are defined in
2820 section 4.1 of [RFC 5880].
039a8ccd 2821 </column>
4905e2df
AW		 2822
2823 <column name="bfd_status" key="flap_count"
039a8ccd 2824 type='{"type": "integer", "minInteger": 0}'>
4905e2df
AW		 2825 Counts the number of <ref column="bfd_status" key="forwarding" />
2826 flaps since start. A flap is considered as a change of the
2827 <ref column="bfd_status" key="forwarding" /> value.
2828 </column>
e58855ec 2829 </group>
ccc09689
EJ		 2830 </group>
2831
93b8df38
EJ		 2832 <group title="Connectivity Fault Management">
2833 <p>
2834 802.1ag Connectivity Fault Management (CFM) allows a group of
2835 Maintenance Points (MPs) called a Maintenance Association (MA) to
2836 detect connectivity problems with each other. MPs within a MA should
2837 have complete and exclusive interconnectivity. This is verified by
2838 occasionally broadcasting Continuity Check Messages (CCMs) at a
2839 configurable transmission interval.
2840 </p>
2841
144216a3
EJ		 2842 <p>
2843 According to the 802.1ag specification, each Maintenance Point should
2844 be configured out-of-band with a list of Remote Maintenance Points it
2845 should have connectivity to. Open vSwitch differs from the
2846 specification in this area. It simply assumes the link is faulted if
2847 no Remote Maintenance Points are reachable, and considers it not
2848 faulted otherwise.
2849 </p>
2850
b363bae4 2851 <p>
039a8ccd
BP		 2852 When operating over tunnels which have no <code>in_key</code>, or an
2853 <code>in_key</code> of <code>flow</code>. CFM will only accept CCMs
2854 with a tunnel key of zero.
b363bae4
EJ		 2855 </p>
2856
93b8df38 2857 <column name="cfm_mpid">
b1a6083a
AW		 2858 <p>
2859 A Maintenance Point ID (MPID) uniquely identifies each endpoint
2860 within a Maintenance Association. The MPID is used to identify this
2861 endpoint to other Maintenance Points in the MA. Each end of a link
2862 being monitored should have a different MPID. Must be configured to
2863 enable CFM on this <ref table="Interface"/>.
2864 </p>
2865 <p>
2866 According to the 802.1ag specification, MPIDs can only range between
2867 [1, 8191]. However, extended mode (see <ref column="other_config"
2868 key="cfm_extended"/>) supports eight byte MPIDs.
2869 </p>
93b8df38 2870 </column>
b31bcf60 2871
76c4290d
AW		 2872 <column name="cfm_flap_count">
2873 Counts the number of cfm fault flapps since boot. A flap is
2874 considered to be a change of the <ref column="cfm_fault"/> value.
2875 </column>
2876
93b8df38 2877 <column name="cfm_fault">
144216a3
EJ		 2878 <p>
2879 Indicates a connectivity fault triggered by an inability to receive
2880 heartbeats from any remote endpoint. When a fault is triggered on
2881 <ref table="Interface"/>s participating in bonds, they will be
2882 disabled.
2883 </p>
2884 <p>
2885 Faults can be triggered for several reasons. Most importantly they
2886 are triggered when no CCMs are received for a period of 3.5 times the
2887 transmission interval. Faults are also triggered when any CCMs
2888 indicate that a Remote Maintenance Point is not receiving CCMs but
2889 able to send them. Finally, a fault is triggered if a CCM is
2890 received which indicates unexpected configuration. Notably, this
2891 case arises when a CCM is received which advertises the local MPID.
2892 </p>
93b8df38 2893 </column>
a5faa982 2894
b9380396
EJ		 2895 <column name="cfm_fault_status" key="recv">
2896 Indicates a CFM fault was triggered due to a lack of CCMs received on
2897 the <ref table="Interface"/>.
2898 </column>
2899
2900 <column name="cfm_fault_status" key="rdi">
2901 Indicates a CFM fault was triggered due to the reception of a CCM with
2902 the RDI bit flagged. Endpoints set the RDI bit in their CCMs when they
2903 are not receiving CCMs themselves. This typically indicates a
2904 unidirectional connectivity failure.
2905 </column>
2906
2907 <column name="cfm_fault_status" key="maid">
2908 Indicates a CFM fault was triggered due to the reception of a CCM with
2909 a MAID other than the one Open vSwitch uses. CFM broadcasts are tagged
2910 with an identification number in addition to the MPID called the MAID.
2911 Open vSwitch only supports receiving CCM broadcasts tagged with the
2912 MAID it uses internally.
2913 </column>
2914
2915 <column name="cfm_fault_status" key="loopback">
2916 Indicates a CFM fault was triggered due to the reception of a CCM
2917 advertising the same MPID configured in the <ref column="cfm_mpid"/>
2918 column of this <ref table="Interface"/>. This may indicate a loop in
2919 the network.
2920 </column>
2921
2922 <column name="cfm_fault_status" key="overflow">
2923 Indicates a CFM fault was triggered because the CFM module received
2924 CCMs from more remote endpoints than it can keep track of.
2925 </column>
2926
2927 <column name="cfm_fault_status" key="override">
2928 Indicates a CFM fault was manually triggered by an administrator using
2929 an <code>ovs-appctl</code> command.
2930 </column>
2931
2b540ecb
MM		 2932 <column name="cfm_fault_status" key="interval">
2933 Indicates a CFM fault was triggered due to the reception of a CCM
2934 frame having an invalid interval.
2935 </column>
2936
1c0333b6
EJ		 2937 <column name="cfm_remote_opstate">
2938 <p>When in extended mode, indicates the operational state of the
039a8ccd
BP		 2939 remote endpoint as either <code>up</code> or <code>down</code>. See
2940 <ref column="other_config" key="cfm_opstate"/>.
1c0333b6
EJ		 2941 </p>
2942 </column>
2943
3967a833
MM		 2944 <column name="cfm_health">
2945 <p>
2946 Indicates the health of the interface as a percentage of CCM frames
2947 received over 21 <ref column="other_config" key="cfm_interval"/>s.
2948 The health of an interface is undefined if it is communicating with
2949 more than one <ref column="cfm_remote_mpids"/>. It reduces if
2950 healthy heartbeats are not received at the expected rate, and
2951 gradually improves as healthy heartbeats are received at the desired
2952 rate. Every 21 <ref column="other_config" key="cfm_interval"/>s, the
2953 health of the interface is refreshed.
2954 </p>
2955 <p>
2956 As mentioned above, the faults can be triggered for several reasons.
2957 The link health will deteriorate even if heartbeats are received but
2958 they are reported to be unhealthy. An unhealthy heartbeat in this
2959 context is a heartbeat for which either some fault is set or is out
2960 of sequence. The interface health can be 100 only on receiving
2961 healthy heartbeats at the desired rate.
2962 </p>
2963 </column>
2964
a5faa982
EJ		 2965 <column name="cfm_remote_mpids">
2966 When CFM is properly configured, Open vSwitch will occasionally
2967 receive CCM broadcasts. These broadcasts contain the MPID of the
2968 sending Maintenance Point. The list of MPIDs from which this
2969 <ref table="Interface"/> is receiving broadcasts from is regularly
2970 collected and written to this column.
2971 </column>
3fd8d445 2972
f9e5e5b3
BP		 2973 <column name="other_config" key="cfm_interval"
2974 type='{"type": "integer"}'>
612ca9c5
BP		 2975 <p>
2976 The interval, in milliseconds, between transmissions of CFM
2977 heartbeats. Three missed heartbeat receptions indicate a
2978 connectivity fault.
2979 </p>
2980
2981 <p>
2982 In standard operation only intervals of 3, 10, 100, 1,000, 10,000,
2983 60,000, or 600,000 ms are supported. Other values will be rounded
2984 down to the nearest value on the list. Extended mode (see <ref
2985 column="other_config" key="cfm_extended"/>) supports any interval up
2986 to 65,535 ms. In either mode, the default is 1000 ms.
2987 </p>
2988
2989 <p>We do not recommend using intervals less than 100 ms.</p>
3fd8d445
BP		 2990 </column>
2991
f9e5e5b3
BP		 2992 <column name="other_config" key="cfm_extended"
2993 type='{"type": "boolean"}'>
3fd8d445
BP		 2994 When <code>true</code>, the CFM module operates in extended mode. This
2995 causes it to use a nonstandard destination address to avoid conflicting
2996 with compliant implementations which may be running concurrently on the
2997 network. Furthermore, extended mode increases the accuracy of the
2998 <code>cfm_interval</code> configuration parameter by breaking wire
b1a6083a
AW		 2999 compatibility with 802.1ag compliant implementations. And extended
3000 mode allows eight byte MPIDs. Defaults to <code>false</code>.
3fd8d445 3001 </column>
90967e95
EJ		 3002
3003 <column name="other_config" key="cfm_demand" type='{"type": "boolean"}'>
3004 <p>
3005 When <code>true</code>, and
3006 <ref column="other_config" key="cfm_extended"/> is true, the CFM
3007 module operates in demand mode. When in demand mode, traffic
3008 received on the <ref table="Interface"/> is used to indicate
5767a79a
AW		 3009 liveness. CCMs are still transmitted and received. At least one
3010 CCM must be received every 100 * <ref column="other_config"
3011 key="cfm_interval"/> amount of time. Otherwise, even if traffic
3012 are received, the CFM module will raise the connectivity fault.
90967e95
EJ		 3013 </p>
3014
3015 <p>
039a8ccd 3016 Demand mode has a couple of caveats:
90967e95
EJ		 3017 <ul>
3018 <li>
3019 To ensure that ovs-vswitchd has enough time to pull statistics
03f209ba
AW		 3020 from the datapath, the fault detection interval is set to
3021 3.5 * MAX(<ref column="other_config" key="cfm_interval"/>, 500)
3022 ms.
90967e95
EJ		 3023 </li>
3024
3025 <li>
3026 To avoid ambiguity, demand mode disables itself when there are
3027 multiple remote maintenance points.
3028 </li>
3029
3030 <li>
3031 If the <ref table="Interface"/> is heavily congested, CCMs
3032 containing the <ref column="other_config" key="cfm_opstate"/>
3033 status may be dropped causing changes in the operational state to
3034 be delayed. Similarly, if CCMs containing the RDI bit are not
3035 received, unidirectional link failures may not be detected.
3036 </li>
3037 </ul>
3038 </p>
3039 </column>
3040
dae57238
BP		 3041 <column name="other_config" key="cfm_opstate"
3042 type='{"type": "string", "enum": ["set", ["down", "up"]]}'>
86dc6501
EJ		 3043 When <code>down</code>, the CFM module marks all CCMs it generates as
3044 operationally down without triggering a fault. This allows remote
3045 maintenance points to choose not to forward traffic to the
3046 <ref table="Interface"/> on which this CFM module is running.
3047 Currently, in Open vSwitch, the opdown bit of CCMs affects
3048 <ref table="Interface"/>s participating in bonds, and the bundle
3049 OpenFlow action. This setting is ignored when CFM is not in extended
3050 mode. Defaults to <code>up</code>.
3051 </column>
75a4ead1
EJ		 3052
3053 <column name="other_config" key="cfm_ccm_vlan"
039a8ccd 3054 type='{"type": "integer", "minInteger": 1, "maxInteger": 4095}'>
75a4ead1 3055 When set, the CFM module will apply a VLAN tag to all CCMs it generates
189cb9e4
EJ		 3056 with the given value. May be the string <code>random</code> in which
3057 case each CCM will be tagged with a different randomly generated VLAN.
75a4ead1
EJ		 3058 </column>
3059
a7aa2d3c 3060 <column name="other_config" key="cfm_ccm_pcp"
039a8ccd 3061 type='{"type": "integer", "minInteger": 1, "maxInteger": 7}'>
a7aa2d3c 3062 When set, the CFM module will apply a VLAN tag to all CCMs it generates
b363bae4 3063 with the given PCP value, the VLAN ID of the tag is governed by the
a7aa2d3c
EJ		 3064 value of <ref column="other_config" key="cfm_ccm_vlan"/>. If
3065 <ref column="other_config" key="cfm_ccm_vlan"/> is unset, a VLAN ID of
3066 zero is used.
3067 </column>
3068
93b8df38
EJ		 3069 </group>
3070
3fd8d445 3071 <group title="Bonding Configuration">
f9e5e5b3
BP		 3072 <column name="other_config" key="lacp-port-id"
3073 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
3fd8d445
BP		 3074 The LACP port ID of this <ref table="Interface"/>. Port IDs are
3075 used in LACP negotiations to identify individual ports
f9e5e5b3 3076 participating in a bond.
a8172aa3
EJ		 3077 </column>
3078
f9e5e5b3
BP		 3079 <column name="other_config" key="lacp-port-priority"
3080 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
3fd8d445
BP		 3081 The LACP port priority of this <ref table="Interface"/>. In LACP
3082 negotiations <ref table="Interface"/>s with numerically lower
f9e5e5b3 3083 priorities are preferred for aggregation.
89365653 3084 </column>
018f1525 3085
f9e5e5b3
BP		 3086 <column name="other_config" key="lacp-aggregation-key"
3087 type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
3fd8d445
BP		 3088 The LACP aggregation key of this <ref table="Interface"/>. <ref
3089 table="Interface"/>s with different aggregation keys may not be active
f9e5e5b3 3090 within a given <ref table="Port"/> at the same time.
a3acf0b0 3091 </column>
3fd8d445 3092 </group>
a3acf0b0 3093
3fd8d445
BP		 3094 <group title="Virtual Machine Identifiers">
3095 <p>
3096 These key-value pairs specifically apply to an interface that
3097 represents a virtual Ethernet interface connected to a virtual
3098 machine. These key-value pairs should not be present for other types
3099 of interfaces. Keys whose names end in <code>-uuid</code> have
3100 values that uniquely identify the entity in question. For a Citrix
3101 XenServer hypervisor, these values are UUIDs in RFC 4122 format.
3102 Other hypervisors may use other formats.
3103 </p>
3104
3105 <column name="external_ids" key="attached-mac">
3106 The MAC address programmed into the ``virtual hardware'' for this
3107 interface, in the form
3108 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
3109 For Citrix XenServer, this is the value of the <code>MAC</code> field
3110 in the VIF record for this interface.
3111 </column>
3112
3113 <column name="external_ids" key="iface-id">
3114 A system-unique identifier for the interface. On XenServer, this will
3115 commonly be the same as <ref column="external_ids" key="xs-vif-uuid"/>.
3116 </column>
3117
cf9deac5
BP		 3118 <column name="external_ids" key="iface-status"
3119 type='{"type": "string",
3120 "enum": ["set", ["active", "inactive"]]}'>
3121 <p>
3122 Hypervisors may sometimes have more than one interface associated
3123 with a given <ref column="external_ids" key="iface-id"/>, only one of
3124 which is actually in use at a given time. For example, in some
3125 circumstances XenServer has both a ``tap'' and a ``vif'' interface
3126 for a single <ref column="external_ids" key="iface-id"/>, but only
3127 uses one of them at a time. A hypervisor that behaves this way must
3128 mark the currently in use interface <code>active</code> and the
3129 others <code>inactive</code>. A hypervisor that never has more than
3130 one interface for a given <ref column="external_ids" key="iface-id"/>
3131 may mark that interface <code>active</code> or omit <ref
3132 column="external_ids" key="iface-status"/> entirely.
3133 </p>
3134
3135 <p>
3136 During VM migration, a given <ref column="external_ids"
3137 key="iface-id"/> might transiently be marked <code>active</code> on
3138 two different hypervisors. That is, <code>active</code> means that
3139 this <ref column="external_ids" key="iface-id"/> is the active
3140 instance within a single hypervisor, not in a broader scope.
3634eb99
BP		 3141 There is one exception: some hypervisors support ``migration'' from a
3142 given hypervisor to itself (most often for test purposes). During
3143 such a ``migration,'' two instances of a single <ref
3144 column="external_ids" key="iface-id"/> might both be briefly marked
3145 <code>active</code> on a single hypervisor.
cf9deac5
BP		 3146 </p>
3147 </column>
3148
3fd8d445
BP		 3149 <column name="external_ids" key="xs-vif-uuid">
3150 The virtual interface associated with this interface.
3151 </column>
3152
3153 <column name="external_ids" key="xs-network-uuid">
3154 The virtual network to which this interface is attached.
3155 </column>
3156
c473936b
GS		 3157 <column name="external_ids" key="vm-id">
3158 The VM to which this interface belongs. On XenServer, this will be the
3159 same as <ref column="external_ids" key="xs-vm-uuid"/>.
3160 </column>
3161
3fd8d445
BP		 3162 <column name="external_ids" key="xs-vm-uuid">
3163 The VM to which this interface belongs.
018f1525 3164 </column>
89365653 3165 </group>
3fd8d445 3166
99eef98b
DF		 3167 <group title="Auto Attach Configuration">
3168 <p>
039a8ccd 3169 Auto Attach configuration for a particular interface.
99eef98b
DF		 3170 </p>
3171
3172 <column name="lldp" key="enable" type='{"type": "boolean"}'>
039a8ccd
BP		 3173 True to enable LLDP on this <ref table="Interface"/>. If not
3174 specified, LLDP will be disabled by default.
99eef98b
DF		 3175 </column>
3176 </group>
3177
9fd39370
SC		 3178 <group title="Flow control Configuration">
3179 <p>
3180 Ethernet flow control defined in IEEE 802.1Qbb provides link level flow
3181 control using MAC pause frames. Implemented only for interfaces with
3182 type <code>dpdk</code>.
3183 </p>
3184
3185 <column name="options" key="rx-flow-ctrl" type='{"type": "boolean"}'>
3186 Set to <code>true</code> to enable Rx flow control on physical ports.
3187 By default, Rx flow control is disabled.
3188 </column>
3189
3190 <column name="options" key="tx-flow-ctrl" type='{"type": "boolean"}'>
3191 Set to <code>true</code> to enable Tx flow control on physical ports.
3192 By default, Tx flow control is disabled.
3193 </column>
3194
3195 <column name="options" key="flow-ctrl-autoneg"
3196 type='{"type": "boolean"}'>
3197 Set to <code>true</code> to enable flow control auto negotiation on
3198 physical ports. By default, auto-neg is disabled.
3199 </column>
3200 </group>
3201
1a2bb118
SC		 3202 <group title="Rx Checksum Offload Configuration">
3203 <p>
3204 The checksum validation on the incoming packets are performed on NIC
3205 using Rx checksum offload feature. Implemented only for <code>dpdk
3206 </code>physical interfaces.
3207 </p>
3208
3209 <column name="options" key="rx-checksum-offload"
3210 type='{"type": "boolean"}'>
3211 Set to <code>false</code> to disble Rx checksum offloading on <code>
3212 dpdk</code>physical ports. By default, Rx checksum offload is enabled.
3213 </column>
3214 </group>
3215
3fd8d445
BP		 3216 <group title="Common Columns">
3217 The overall purpose of these columns is described under <code>Common
3218 Columns</code> at the beginning of this document.
3219
3220 <column name="other_config"/>
3221 <column name="external_ids"/>
3222 </group>
89365653
BP		 3223 </table>
3224
254750ce
BP		 3225 <table name="Flow_Table" title="OpenFlow table configuration">
3226 <p>Configuration for a particular OpenFlow table.</p>
3227
3228 <column name="name">
3229 The table's name. Set this column to change the name that controllers
3230 will receive when they request table statistics, e.g. <code>ovs-ofctl
3231 dump-tables</code>. The name does not affect switch behavior.
3232 </column>
3233
82c22d34 3234 <group title="Eviction Policy">
254750ce 3235 <p>
82c22d34
BP		 3236 Open vSwitch supports limiting the number of flows that may be
3237 installed in a flow table, via the <ref column="flow_limit"/> column.
3238 When adding a flow would exceed this limit, by default Open vSwitch
3239 reports an error, but there are two ways to configure Open vSwitch to
3240 instead delete (``evict'') a flow to make room for the new one:
254750ce
BP		 3241 </p>
3242
82c22d34
BP		 3243 <ul>
3244 <li>
3245 Set the <ref column="overflow_policy"/> column to <code>evict</code>.
3246 </li>
254750ce 3247
82c22d34
BP		 3248 <li>
3249 Send an OpenFlow 1.4+ ``table mod request'' to enable eviction for
3250 the flow table (e.g. <code>ovs-ofctl -O OpenFlow14 mod-table br0 0
3251 evict</code> to enable eviction on flow table 0 of bridge
3252 <code>br0</code>).
3253 </li>
3254 </ul>
254750ce
BP		 3255
3256 <p>
3257 When a flow must be evicted due to overflow, the flow to evict is
f70b94de
BP		 3258 chosen through an approximation of the following algorithm. This
3259 algorithm is used regardless of how eviction was enabled:
254750ce
BP		 3260 </p>
3261
3262 <ol>
3263 <li>
3264 Divide the flows in the table into groups based on the values of the
f70b94de
BP		 3265 fields or subfields specified in the <ref column="groups"/> column,
3266 so that all of the flows in a given group have the same values for
3267 those fields. If a flow does not specify a given field, that field's
3268 value is treated as 0. If <ref column="groups"/> is empty, then all
3269 of the flows in the flow table are treated as a single group.
254750ce
BP		 3270 </li>
3271
3272 <li>
3273 Consider the flows in the largest group, that is, the group that
3274 contains the greatest number of flows. If two or more groups all
3275 have the same largest number of flows, consider the flows in all of
3276 those groups.
3277 </li>
3278
f70b94de
BP		 3279 <li>
3280 If the flows under consideration have different importance values,
3281 eliminate from consideration any flows except those with the lowest
3282 importance. (``Importance,'' a 16-bit integer value attached to each
3283 flow, was introduced in OpenFlow 1.4. Flows inserted with older
3284 versions of OpenFlow always have an importance of 0.)
3285 </li>
3286
254750ce
BP		 3287 <li>
3288 Among the flows under consideration, choose the flow that expires
3289 soonest for eviction.
3290 </li>
3291 </ol>
3292
3293 <p>
82c22d34
BP		 3294 The eviction process only considers flows that have an idle timeout
3295 or a hard timeout. That is, eviction never deletes permanent flows.
7792bfe0 3296 (Permanent flows do count against <ref column="flow_limit"/>.)
254750ce
BP		 3297 </p>
3298
82c22d34
BP		 3299 <column name="flow_limit">
3300 If set, limits the number of flows that may be added to the table.
3301 Open vSwitch may limit the number of flows in a table for other
3302 reasons, e.g. due to hardware limitations or for resource availability
3303 or performance reasons.
3304 </column>
254750ce 3305
82c22d34
BP		 3306 <column name="overflow_policy">
3307 <p>
3308 Controls the switch's behavior when an OpenFlow flow table
3309 modification request would add flows in excess of <ref
3310 column="flow_limit"/>. The supported values are:
3311 </p>
13751fd8 3312
82c22d34
BP		 3313 <dl>
3314 <dt><code>refuse</code></dt>
3315 <dd>
3316 Refuse to add the flow or flows. This is also the default policy
3317 when <ref column="overflow_policy"/> is unset.
3318 </dd>
f017d986 3319
82c22d34
BP		 3320 <dt><code>evict</code></dt>
3321 <dd>
3322 Delete a flow chosen according to the algorithm described above.
3323 </dd>
3324 </dl>
3325 </column>
f017d986 3326
82c22d34
BP		 3327 <column name="groups">
3328 <p>
3329 When <ref column="overflow_policy"/> is <code>evict</code>, this
3330 controls how flows are chosen for eviction when the flow table would
3331 otherwise exceed <ref column="flow_limit"/> flows. Its value is a
3332 set of NXM fields or sub-fields, each of which takes one of the forms
3333 <code><var>field</var>[]</code> or
3334 <code><var>field</var>[<var>start</var>..<var>end</var>]</code>,
3335 e.g. <code>NXM_OF_IN_PORT[]</code>. Please see
0da61033 3336 <code>meta-flow.h</code> for a complete list of NXM field names.
82c22d34 3337 </p>
f017d986 3338
82c22d34
BP		 3339 <p>
3340 Open vSwitch ignores any invalid or unknown field specifications.
3341 </p>
f017d986 3342
82c22d34
BP		 3343 <p>
3344 When eviction is not enabled, via <ref column="overflow_policy"/> or
3345 an OpenFlow 1.4+ ``table mod,'' this column has no effect.
3346 </p>
3347 </column>
3348 </group>
13751fd8 3349
82c22d34
BP		 3350 <group title="Classifier Optimization">
3351 <column name="prefixes">
3352 <p>
3353 This string set specifies which fields should be used for
3354 address prefix tracking. Prefix tracking allows the
3355 classifier to skip rules with longer than necessary prefixes,
3356 resulting in better wildcarding for datapath flows.
3357 </p>
3358 <p>
3359 Prefix tracking may be beneficial when a flow table contains
3360 matches on IP address fields with different prefix lengths.
3361 For example, when a flow table contains IP address matches on
3362 both full addresses and proper prefixes, the full address
3363 matches will typically cause the datapath flow to un-wildcard
3364 the whole address field (depending on flow entry priorities).
3365 In this case each packet with a different address gets handed
3366 to the userspace for flow processing and generates its own
3367 datapath flow. With prefix tracking enabled for the address
3368 field in question packets with addresses matching shorter
3369 prefixes would generate datapath flows where the irrelevant
3370 address bits are wildcarded, allowing the same datapath flow
3371 to handle all the packets within the prefix in question. In
3372 this case many userspace upcalls can be avoided and the
3373 overall performance can be better.
3374 </p>
3375 <p>
3376 This is a performance optimization only, so packets will
3377 receive the same treatment with or without prefix tracking.
3378 </p>
3379 <p>
3380 The supported fields are: <code>tun_id</code>,
3381 <code>tun_src</code>, <code>tun_dst</code>,
80c4589a 3382 <code>tun_ipv6_src</code>, <code>tun_ipv6_dst</code>,
82c22d34
BP		 3383 <code>nw_src</code>, <code>nw_dst</code> (or aliases
3384 <code>ip_src</code> and <code>ip_dst</code>),
3385 <code>ipv6_src</code>, and <code>ipv6_dst</code>. (Using this
3386 feature for <code>tun_id</code> would only make sense if the
3387 tunnel IDs have prefix structure similar to IP addresses.)
3388 </p>
13751fd8 3389
82c22d34
BP		 3390 <p>
3391 By default, the <code>prefixes=ip_dst,ip_src</code> are used
3392 on each flow table. This instructs the flow classifier to
3393 track the IP destination and source addresses used by the
3394 rules in this specific flow table.
3395 </p>
3396
3397 <p>
3398 The keyword <code>none</code> is recognized as an explicit
3399 override of the default values, causing no prefix fields to be
3400 tracked.
3401 </p>
3402
3403 <p>
3404 To set the prefix fields, the flow table record needs to
3405 exist:
3406 </p>
3407
3408 <dl>
3409 <dt><code>ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create Flow_Table name=table0</code></dt>
3410 <dd>
3411 Creates a flow table record for the OpenFlow table number 0.
3412 </dd>
3413
3414 <dt><code>ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src</code></dt>
3415 <dd>
3416 Enables prefix tracking for IP source and destination
3417 address fields.
3418 </dd>
3419 </dl>
3420
3421 <p>
3422 There is a maximum number of fields that can be enabled for any
3423 one flow table. Currently this limit is 3.
3424 </p>
3425 </column>
3426 </group>
e3fbd9df
BP		 3427
3428 <group title="Common Columns">
3429 The overall purpose of these columns is described under <code>Common
3430 Columns</code> at the beginning of this document.
3431
3432 <column name="external_ids"/>
3433 </group>
254750ce
BP		 3434 </table>
3435
c1c9c9c4
BP		 3436 <table name="QoS" title="Quality of Service configuration">
3437 <p>Quality of Service (QoS) configuration for each Port that
3fd8d445 3438 references it.</p>
c1c9c9c4
BP		 3439
3440 <column name="type">
b850dc6d
BP		 3441 <p>The type of QoS to implement. The currently defined types are
3442 listed below:</p>
c1c9c9c4
BP		 3443 <dl>
3444 <dt><code>linux-htb</code></dt>
6784cb57
BP		 3445 <dd>
3446 Linux ``hierarchy token bucket'' classifier. See tc-htb(8) (also at
3447 <code>http://linux.die.net/man/8/tc-htb</code>) and the HTB manual
3448 (<code>http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm</code>)
3449 for information on how this classifier works and how to configure it.
3450 </dd>
6cf888b8 3451
a339aa81
EJ		 3452 <dt><code>linux-hfsc</code></dt>
3453 <dd>
3454 Linux "Hierarchical Fair Service Curve" classifier.
3455 See <code>http://linux-ip.net/articles/hfsc.en/</code> for
3456 information on how this classifier works.
3457 </dd>
6cf888b8 3458
677d9158
JV		 3459 <dt><code>linux-sfq</code></dt>
3460 <dd>
3461 Linux ``Stochastic Fairness Queueing'' classifier. See
3462 <code>tc-sfq</code>(8) (also at
3463 <code>http://linux.die.net/man/8/tc-sfq</code>) for information on
3464 how this classifier works.
3465 </dd>
6cf888b8 3466
677d9158
JV		 3467 <dt><code>linux-codel</code></dt>
3468 <dd>
3469 Linux ``Controlled Delay'' classifier. See <code>tc-codel</code>(8)
3470 (also at
3471 <code>http://man7.org/linux/man-pages/man8/tc-codel.8.html</code>)
3472 for information on how this classifier works.
3473 </dd>
6cf888b8 3474
677d9158
JV		 3475 <dt><code>linux-fq_codel</code></dt>
3476 <dd>
3477 Linux ``Fair Queuing with Controlled Delay'' classifier. See
3478 <code>tc-fq_codel</code>(8) (also at
3479 <code>http://man7.org/linux/man-pages/man8/tc-fq_codel.8.html</code>)
3480 for information on how this classifier works.
3481 </dd>
6cf888b8
BS		 3482
3483 <dt><code>linux-noop</code></dt>
3484 <dd>
3485 Linux ``No operation.'' By default, Open vSwitch manages quality of
3486 service on all of its configured ports. This can be helpful, but
3487 sometimes administrators prefer to use other software to manage QoS.
3488 This <ref column="type"/> prevents Open vSwitch from changing the QoS
3489 configuration for a port.
3490 </dd>
3491
0bf765f7
IS		 3492 <dt><code>egress-policer</code></dt>
3493 <dd>
6cf888b8 3494 A DPDK egress policer algorithm using the DPDK
0bf765f7
IS		 3495 rte_meter library. The rte_meter library provides an implementation
3496 which allows the metering and policing of traffic. The implementation
3497 in OVS essentially creates a single token bucket used to police
3498 traffic. It should be noted that when the rte_meter is configured as
3499 part of QoS there will be a performance overhead as the rte_meter
3500 itself will consume CPU cycles in order to police traffic. These CPU
3501 cycles ordinarily are used for packet proccessing. As such the drop
3502 in performance will be noticed in terms of overall aggregate traffic
3503 throughput.
3504 </dd>
3505 </dl>
c1c9c9c4
BP		 3506 </column>
3507
3508 <column name="queues">
3509 <p>A map from queue numbers to <ref table="Queue"/> records. The
3fd8d445
BP		 3510 supported range of queue numbers depend on <ref column="type"/>. The
3511 queue numbers are the same as the <code>queue_id</code> used in
3512 OpenFlow in <code>struct ofp_action_enqueue</code> and other
2c999774
BP		 3513 structures.</p>
3514
3515 <p>
3516 Queue 0 is the ``default queue.'' It is used by OpenFlow output
8bddb894
BP		 3517 actions when no specific queue has been set. When no configuration for
3518 queue 0 is present, it is automatically configured as if a <ref
3519 table="Queue"/> record with empty <ref table="Queue" column="dscp"/>
3520 and <ref table="Queue" column="other_config"/> columns had been
3521 specified.
2c999774
BP		 3522 (Before version 1.6, Open vSwitch would leave queue 0 unconfigured in
3523 this case. With some queuing disciplines, this dropped all packets
3524 destined for the default queue.)
3525 </p>
c1c9c9c4
BP		 3526 </column>
3527
3fd8d445
BP		 3528 <group title="Configuration for linux-htb and linux-hfsc">
3529 <p>
3530 The <code>linux-htb</code> and <code>linux-hfsc</code> classes support
3531 the following key-value pair:
3532 </p>
9cc6bf75 3533
f9e5e5b3 3534 <column name="other_config" key="max-rate" type='{"type": "integer"}'>
3fd8d445
BP		 3535 Maximum rate shared by all queued traffic, in bit/s. Optional. If not
3536 specified, for physical interfaces, the default is the link rate. For
3537 other interfaces or if the link rate cannot be determined, the default
3538 is currently 100 Mbps.
3539 </column>
3540 </group>
13008eb3 3541
0bf765f7
IS		 3542 <group title="Configuration for egress-policer QoS">
3543 <p>
3544 <ref table="QoS"/> <ref table="QoS" column="type"/>
3545 <code>egress-policer</code> provides egress policing for userspace
3546 port types with DPDK.
3547
3548 It has the following key-value pairs defined.
3549 </p>
3550
3551 <column name="other_config" key="cir" type='{"type": "integer"}'>
3552 The Committed Information Rate (CIR) is measured in bytes of IP
3553 packets per second, i.e. it includes the IP header, but not link
3554 specific (e.g. Ethernet) headers. This represents the bytes per second
3555 rate at which the token bucket will be updated. The cir value is
3556 calculated by (pps x packet data size). For example assuming a user
3557 wishes to limit a stream consisting of 64 byte packets to 1 million
3558 packets per second the CIR would be set to to to 46000000. This value
3559 can be broken into '1,000,000 x 46'. Where 1,000,000 is the policing
3560 rate for the number of packets per second and 46 represents the size
3561 of the packet data for a 64 byte ip packet.
3562 </column>
3563 <column name="other_config" key="cbs" type='{"type": "integer"}'>
3564 The Committed Burst Size (CBS) is measured in bytes and represents a
3565 token bucket. At a minimum this value should be be set to the expected
3566 largest size packet in the traffic stream. In practice larger values
3567 may be used to increase the size of the token bucket. If a packet can
3568 be transmitted then the cbs will be decremented by the number of
3569 bytes/tokens of the packet. If there are not enough tokens in the cbs
3570 bucket the packet will be dropped.
3571 </column>
3572 </group>
3573
3fd8d445
BP		 3574 <group title="Common Columns">
3575 The overall purpose of these columns is described under <code>Common
3576 Columns</code> at the beginning of this document.
3577
3578 <column name="other_config"/>
3579 <column name="external_ids"/>
3580 </group>
c1c9c9c4
BP		 3581 </table>
3582
3583 <table name="Queue" title="QoS output queue.">
3584 <p>A configuration for a port output queue, used in configuring Quality of
3fd8d445
BP		 3585 Service (QoS) features. May be referenced by <ref column="queues"
3586 table="QoS"/> column in <ref table="QoS"/> table.</p>
13008eb3 3587
8b36f51e
EJ		 3588 <column name="dscp">
3589 If set, Open vSwitch will mark all traffic egressing this
3590 <ref table="Queue"/> with the given DSCP bits. Traffic egressing the
3591 default <ref table="Queue"/> is only marked if it was explicitly selected
3592 as the <ref table="Queue"/> at the time the packet was output. If unset,
3593 the DSCP bits of traffic egressing this <ref table="Queue"/> will remain
3594 unchanged.
3595 </column>
3596
3fd8d445
BP		 3597 <group title="Configuration for linux-htb QoS">
3598 <p>
69822b3c
EJ		 3599 <ref table="QoS"/> <ref table="QoS" column="type"/>
3600 <code>linux-htb</code> may use <code>queue_id</code>s less than 61440.
3601 It has the following key-value pairs defined.
3fd8d445 3602 </p>
9cc6bf75 3603
f9e5e5b3
BP		 3604 <column name="other_config" key="min-rate"
3605 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 3606 Minimum guaranteed bandwidth, in bit/s.
3607 </column>
3608
f9e5e5b3
BP		 3609 <column name="other_config" key="max-rate"
3610 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 3611 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
3612 queue's rate will not be allowed to exceed the specified value, even
3613 if excess bandwidth is available. If unspecified, defaults to no
3614 limit.
3615 </column>
3616
f9e5e5b3
BP		 3617 <column name="other_config" key="burst"
3618 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 3619 Burst size, in bits. This is the maximum amount of ``credits'' that a
3620 queue can accumulate while it is idle. Optional. Details of the
3621 <code>linux-htb</code> implementation require a minimum burst size, so
3622 a too-small <code>burst</code> will be silently ignored.
3623 </column>
3624
f9e5e5b3
BP		 3625 <column name="other_config" key="priority"
3626 type='{"type": "integer", "minInteger": 0, "maxInteger": 4294967295}'>
3627 A queue with a smaller <code>priority</code> will receive all the
3628 excess bandwidth that it can use before a queue with a larger value
3629 receives any. Specific priority values are unimportant; only relative
3630 ordering matters. Defaults to 0 if unspecified.
3fd8d445
BP		 3631 </column>
3632 </group>
3633
3634 <group title="Configuration for linux-hfsc QoS">
3635 <p>
69822b3c
EJ		 3636 <ref table="QoS"/> <ref table="QoS" column="type"/>
3637 <code>linux-hfsc</code> may use <code>queue_id</code>s less than 61440.
3638 It has the following key-value pairs defined.
3fd8d445 3639 </p>
9cc6bf75 3640
f9e5e5b3
BP		 3641 <column name="other_config" key="min-rate"
3642 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 3643 Minimum guaranteed bandwidth, in bit/s.
3644 </column>
9cc6bf75 3645
f9e5e5b3
BP		 3646 <column name="other_config" key="max-rate"
3647 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 3648 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
3649 queue's rate will not be allowed to exceed the specified value, even if
3650 excess bandwidth is available. If unspecified, defaults to no
3651 limit.
3652 </column>
3653 </group>
3654
3655 <group title="Common Columns">
3656 The overall purpose of these columns is described under <code>Common
3657 Columns</code> at the beginning of this document.
3658
3659 <column name="other_config"/>
3660 <column name="external_ids"/>
3661 </group>
c1c9c9c4
BP		 3662 </table>
3663
9ae7ddc0 3664 <table name="Mirror" title="Port mirroring.">
89365653
BP		 3665 <p>A port mirror within a <ref table="Bridge"/>.</p>
3666 <p>A port mirror configures a bridge to send selected frames to special
92ada132 3667 ``mirrored'' ports, in addition to their normal destinations. Mirroring
9ae7ddc0 3668 traffic may also be referred to as SPAN or RSPAN, depending on how
92ada132 3669 the mirrored traffic is sent.</p>
89365653 3670
7efbc3b7
BP		 3671 <p>
3672 When a packet enters an Open vSwitch bridge, it becomes eligible for
3673 mirroring based on its ingress port and VLAN. As the packet travels
3674 through the flow tables, each time it is output to a port, it becomes
3675 eligible for mirroring based on the egress port and VLAN. In Open
3676 vSwitch 2.5 and later, mirroring occurs just after a packet first becomes
3677 eligible, using the packet as it exists at that point; in Open vSwitch
3678 2.4 and earlier, mirroring occurs only after a packet has traversed all
3679 the flow tables, using the original packet as it entered the bridge.
3680 This makes a difference only when the flow table modifies the packet: in
3681 Open vSwitch 2.4, the modifications are never visible to mirrors, whereas
3682 in Open vSwitch 2.5 and later modifications made before the first output
3683 that makes it eligible for mirroring to a particular destination are
3684 visible.
3685 </p>
3686
3687 <p>
3688 A packet that enters an Open vSwitch bridge is mirrored to a particular
3689 destination only once, even if it is eligible for multiple reasons. For
3690 example, a packet would be mirrored to a particular <ref
3691 column="output_port"/> only once, even if it is selected for mirroring to
3692 that port by <ref column="select_dst_port"/> and <ref
3693 column="select_src_port"/> in the same or different <ref table="Mirror"/>
3694 records.
3695 </p>
3696
89365653
BP		 3697 <column name="name">
3698 Arbitrary identifier for the <ref table="Mirror"/>.
3699 </column>
3700
3701 <group title="Selecting Packets for Mirroring">
3e519d8e
BP		 3702 <p>
3703 To be selected for mirroring, a given packet must enter or leave the
3704 bridge through a selected port and it must also be in one of the
3705 selected VLANs.
3706 </p>
3707
939ff267
BP		 3708 <column name="select_all">
3709 If true, every packet arriving or departing on any port is
3710 selected for mirroring.
3711 </column>
3712
89365653
BP		 3713 <column name="select_dst_port">
3714 Ports on which departing packets are selected for mirroring.
3715 </column>
3716
3717 <column name="select_src_port">
939ff267 3718 Ports on which arriving packets are selected for mirroring.
89365653
BP		 3719 </column>
3720
3721 <column name="select_vlan">
3722 VLANs on which packets are selected for mirroring. An empty set
3723 selects packets on all VLANs.
3724 </column>
3725 </group>
3726
3727 <group title="Mirroring Destination Configuration">
3e519d8e
BP		 3728 <p>
3729 These columns are mutually exclusive. Exactly one of them must be
3730 nonempty.
3731 </p>
3732
89365653 3733 <column name="output_port">
3e519d8e 3734 <p>Output port for selected packets, if nonempty.</p>
89365653 3735 <p>Specifying a port for mirror output reserves that port exclusively
92ada132 3736 for mirroring. No frames other than those selected for mirroring
653fe3a3 3737 via this column
92ada132
BP		 3738 will be forwarded to the port, and any frames received on the port
3739 will be discarded.</p>
3740 <p>
3741 The output port may be any kind of port supported by Open vSwitch.
9ae7ddc0
JP		 3742 It may be, for example, a physical port (sometimes called SPAN) or a
3743 GRE tunnel.
92ada132 3744 </p>
89365653
BP		 3745 </column>
3746
3747 <column name="output_vlan">
3e519d8e 3748 <p>Output VLAN for selected packets, if nonempty.</p>
89365653 3749 <p>The frames will be sent out all ports that trunk
3fd8d445
BP		 3750 <ref column="output_vlan"/>, as well as any ports with implicit VLAN
3751 <ref column="output_vlan"/>. When a mirrored frame is sent out a
3752 trunk port, the frame's VLAN tag will be set to
3753 <ref column="output_vlan"/>, replacing any existing tag; when it is
3754 sent out an implicit VLAN port, the frame will not be tagged. This
3755 type of mirroring is sometimes called RSPAN.</p>
07817dfe 3756 <p>
05be4e2c
EJ		 3757 See the documentation for
3758 <ref column="other_config" key="forward-bpdu"/> in the
3759 <ref table="Interface"/> table for a list of destination MAC
3760 addresses which will not be mirrored to a VLAN to avoid confusing
3761 switches that interpret the protocols that they represent.
07817dfe 3762 </p>
89365653 3763 <p><em>Please note:</em> Mirroring to a VLAN can disrupt a network that
3fd8d445
BP		 3764 contains unmanaged switches. Consider an unmanaged physical switch
3765 with two ports: port 1, connected to an end host, and port 2,
3766 connected to an Open vSwitch configured to mirror received packets
3767 into VLAN 123 on port 2. Suppose that the end host sends a packet on
3768 port 1 that the physical switch forwards to port 2. The Open vSwitch
3769 forwards this packet to its destination and then reflects it back on
3770 port 2 in VLAN 123. This reflected packet causes the unmanaged
3771 physical switch to replace the MAC learning table entry, which
3772 correctly pointed to port 1, with one that incorrectly points to port
3773 2. Afterward, the physical switch will direct packets destined for
3774 the end host to the Open vSwitch on port 2, instead of to the end
3775 host on port 1, disrupting connectivity. If mirroring to a VLAN is
3776 desired in this scenario, then the physical switch must be replaced
3777 by one that learns Ethernet addresses on a per-VLAN basis. In
3778 addition, learning should be disabled on the VLAN containing mirrored
3779 traffic. If this is not done then intermediate switches will learn
3780 the MAC address of each end host from the mirrored traffic. If
3781 packets being sent to that end host are also mirrored, then they will
3782 be dropped since the switch will attempt to send them out the input
3783 port. Disabling learning for the VLAN will cause the switch to
3784 correctly send the packet out all ports configured for that VLAN. If
3785 Open vSwitch is being used as an intermediate switch, learning can be
3786 disabled by adding the mirrored VLAN to <ref column="flood_vlans"/>
3787 in the appropriate <ref table="Bridge"/> table or tables.</p>
3788 <p>
3789 Mirroring to a GRE tunnel has fewer caveats than mirroring to a
3790 VLAN and should generally be preferred.
3791 </p>
89365653 3792 </column>
1356dbd1
WT		 3793
3794 <column name="snaplen">
3795 <p>Maximum per-packet number of bytes to mirror.</p>
3796 <p>A mirrored packet with size larger than <ref column="snaplen"/>
3797 will be truncated in datapath to <ref column="snaplen"/> bytes
3798 before sending to the mirror output port. If omitted, packets
3799 are not truncated.
3800 </p>
3801 </column>
89365653 3802 </group>
13008eb3 3803
9d24de3b
JP		 3804 <group title="Statistics: Mirror counters">
3805 <p>
12eb035b
AW		 3806 Key-value pairs that report mirror statistics. The update period
3807 is controlled by <ref column="other_config"
3808 key="stats-update-interval"/> in the <code>Open_vSwitch</code> table.
9d24de3b
JP		 3809 </p>
3810 <column name="statistics" key="tx_packets">
3811 Number of packets transmitted through this mirror.
3812 </column>
3813 <column name="statistics" key="tx_bytes">
3814 Number of bytes transmitted through this mirror.
3815 </column>
3816 </group>
3817
3fd8d445
BP		 3818 <group title="Common Columns">
3819 The overall purpose of these columns is described under <code>Common
3820 Columns</code> at the beginning of this document.
3821
3822 <column name="external_ids"/>
13008eb3 3823 </group>
89365653
BP		 3824 </table>
3825
3826 <table name="Controller" title="OpenFlow controller configuration.">
76ce9432
BP		 3827 <p>An OpenFlow controller.</p>
3828
7d674866
BP		 3829 <p>
3830 Open vSwitch supports two kinds of OpenFlow controllers:
3831 </p>
299a244b 3832
7d674866
BP		 3833 <dl>
3834 <dt>Primary controllers</dt>
3835 <dd>
3836 <p>
3837 This is the kind of controller envisioned by the OpenFlow 1.0
3838 specification. Usually, a primary controller implements a network
3839 policy by taking charge of the switch's flow table.
3840 </p>
3841
3842 <p>
3843 Open vSwitch initiates and maintains persistent connections to
3844 primary controllers, retrying the connection each time it fails or
3845 drops. The <ref table="Bridge" column="fail_mode"/> column in the
3846 <ref table="Bridge"/> table applies to primary controllers.
3847 </p>
3848
3849 <p>
3850 Open vSwitch permits a bridge to have any number of primary
3851 controllers. When multiple controllers are configured, Open
3852 vSwitch connects to all of them simultaneously. Because
3853 OpenFlow 1.0 does not specify how multiple controllers
3854 coordinate in interacting with a single switch, more than
3855 one primary controller should be specified only if the
3856 controllers are themselves designed to coordinate with each
3857 other. (The Nicira-defined <code>NXT_ROLE</code> OpenFlow
3858 vendor extension may be useful for this.)
3859 </p>
3860 </dd>
3861 <dt>Service controllers</dt>
3862 <dd>
3863 <p>
3864 These kinds of OpenFlow controller connections are intended for
3865 occasional support and maintenance use, e.g. with
3866 <code>ovs-ofctl</code>. Usually a service controller connects only
3867 briefly to inspect or modify some of a switch's state.
3868 </p>
3869
3870 <p>
3871 Open vSwitch listens for incoming connections from service
3872 controllers. The service controllers initiate and, if necessary,
3873 maintain the connections from their end. The <ref table="Bridge"
3874 column="fail_mode"/> column in the <ref table="Bridge"/> table does
3875 not apply to service controllers.
3876 </p>
3877
3878 <p>
3879 Open vSwitch supports configuring any number of service controllers.
3880 </p>
3881 </dd>
3882 </dl>
3883
3884 <p>
3885 The <ref column="target"/> determines the type of controller.
3886 </p>
89365653
BP		 3887
3888 <group title="Core Features">
3889 <column name="target">
7d674866
BP		 3890 <p>Connection method for controller.</p>
3891 <p>
3892 The following connection methods are currently supported for primary
3893 controllers:
3894 </p>
89365653
BP		 3895 <dl>
3896 <dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
3897 <dd>
125b0291
JP		 3898 <p>The specified SSL <var>port</var> on the host at the
3899 given <var>ip</var>, which must be expressed as an IP
3900 address (not a DNS name). The <ref table="Open_vSwitch"
3901 column="ssl"/> column in the <ref table="Open_vSwitch"/>
3902 table must point to a valid SSL configuration when this form
3903 is used.</p>
d4763d1d 3904 <p>If <var>port</var> is not specified, it defaults to 6653.</p>
89365653 3905 <p>SSL support is an optional feature that is not always built as
3fd8d445 3906 part of Open vSwitch.</p>
89365653
BP		 3907 </dd>
3908 <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
125b0291 3909 <dd>
e731d71b
AS		 3910 <p>
3911 The specified TCP <var>port</var> on the host at the given
3912 <var>ip</var>, which must be expressed as an IP address (not a
3913 DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
3914 <var>ip</var> is an IPv6 address, wrap it in square brackets,
d4763d1d 3915 e.g. <code>tcp:[::1]:6653</code>.
e731d71b
AS		 3916 </p>
3917 <p>
d4763d1d 3918 If <var>port</var> is not specified, it defaults to 6653.
e731d71b 3919 </p>
125b0291 3920 </dd>
7d674866
BP		 3921 </dl>
3922 <p>
3923 The following connection methods are currently supported for service
3924 controllers:
3925 </p>
3926 <dl>
3927 <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
3928 <dd>
e731d71b
AS		 3929 <p>
3930 Listens for SSL connections on the specified TCP <var>port</var>.
3931 If <var>ip</var>, which must be expressed as an IP address (not a
3932 DNS name), is specified, then connections are restricted to the
3933 specified local IP address (either IPv4 or IPv6). If
3934 <var>ip</var> is an IPv6 address, wrap it in square brackets,
d4763d1d 3935 e.g. <code>pssl:6653:[::1]</code>.
e731d71b
AS		 3936 </p>
3937 <p>
d4763d1d
JP		 3938 If <var>port</var> is not specified, it defaults to
3939 6653. If <var>ip</var> is not specified then it listens only on
e731d71b
AS		 3940 IPv4 (but not IPv6) addresses. The
3941 <ref table="Open_vSwitch" column="ssl"/>
3942 column in the <ref table="Open_vSwitch"/> table must point to a
3943 valid SSL configuration when this form is used.
3944 </p>
3945 <p>
d4763d1d 3946 If <var>port</var> is not specified, it currently to 6653.
e731d71b
AS		 3947 </p>
3948 <p>
3949 SSL support is an optional feature that is not always built as
3950 part of Open vSwitch.
3951 </p>
7d674866
BP		 3952 </dd>
3953 <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
3954 <dd>
e731d71b
AS		 3955 <p>
3956 Listens for connections on the specified TCP <var>port</var>. If
3957 <var>ip</var>, which must be expressed as an IP address (not a
3958 DNS name), is specified, then connections are restricted to the
3959 specified local IP address (either IPv4 or IPv6). If
3960 <var>ip</var> is an IPv6 address, wrap it in square brackets,
d4763d1d 3961 e.g. <code>ptcp:6653:[::1]</code>. If <var>ip</var> is not
e731d71b
AS		 3962 specified then it listens only on IPv4 addresses.
3963 </p>
3964 <p>
d4763d1d 3965 If <var>port</var> is not specified, it defaults to 6653.
e731d71b 3966 </p>
7d674866 3967 </dd>
89365653 3968 </dl>
9a3f4a49 3969 <p>When multiple controllers are configured for a single bridge, the
3fd8d445
BP		 3970 <ref column="target"/> values must be unique. Duplicate
3971 <ref column="target"/> values yield unspecified results.</p>
89365653
BP		 3972 </column>
3973
3974 <column name="connection_mode">
9a3f4a49
JP		 3975 <p>If it is specified, this setting must be one of the following
3976 strings that describes how Open vSwitch contacts this OpenFlow
3977 controller over the network:</p>
3978
3979 <dl>
3980 <dt><code>in-band</code></dt>
3981 <dd>In this mode, this controller's OpenFlow traffic travels over the
3fd8d445
BP		 3982 bridge associated with the controller. With this setting, Open
3983 vSwitch allows traffic to and from the controller regardless of the
3984 contents of the OpenFlow flow table. (Otherwise, Open vSwitch
3985 would never be able to connect to the controller, because it did
3986 not have a flow to enable it.) This is the most common connection
3987 mode because it is not necessary to maintain two independent
3988 networks.</dd>
9a3f4a49
JP		 3989 <dt><code>out-of-band</code></dt>
3990 <dd>In this mode, OpenFlow traffic uses a control network separate
3fd8d445
BP		 3991 from the bridge associated with this controller, that is, the
3992 bridge does not use any of its own network devices to communicate
3993 with the controller. The control network must be configured
3994 separately, before or after <code>ovs-vswitchd</code> is started.
9a3f4a49
JP		 3995 </dd>
3996 </dl>
76ce9432 3997
195c8086 3998 <p>If not specified, the default is implementation-specific.</p>
89365653
BP		 3999 </column>
4000 </group>
4001
4002 <group title="Controller Failure Detection and Handling">
4003 <column name="max_backoff">
4004 Maximum number of milliseconds to wait between connection attempts.
4005 Default is implementation-specific.
4006 </column>
4007
4008 <column name="inactivity_probe">
4009 Maximum number of milliseconds of idle time on connection to
4010 controller before sending an inactivity probe message. If Open
4011 vSwitch does not communicate with the controller for the specified
4012 number of seconds, it will send a probe. If a response is not
4013 received for the same additional amount of time, Open vSwitch
4014 assumes the connection has been broken and attempts to reconnect.
2bb82bf0
BP		 4015 Default is implementation-specific. A value of 0 disables
4016 inactivity probes.
89365653 4017 </column>
89365653
BP		 4018 </group>
4019
a413195e 4020 <group title="Asynchronous Messages">
9886b662
BP		 4021 <p>
4022 OpenFlow switches send certain messages to controllers spontanenously,
4023 that is, not in response to any request from the controller. These
4024 messages are called ``asynchronous messages.'' These columns allow
4025 asynchronous messages to be limited or disabled to ensure the best use
4026 of network resources.
4027 </p>
4028
4029 <column name="enable_async_messages">
4030 The OpenFlow protocol enables asynchronous messages at time of
4031 connection establishment, which means that a controller can receive
4032 asynchronous messages, potentially many of them, even if it turns them
4033 off immediately after connecting. Set this column to
4034 <code>false</code> to change Open vSwitch behavior to disable, by
4035 default, all asynchronous messages. The controller can use the
4036 <code>NXT_SET_ASYNC_CONFIG</code> Nicira extension to OpenFlow to turn
4037 on any messages that it does want to receive, if any.
4038 </column>
4039
a413195e 4040 <group title="Controller Rate Limiting">
ebb65354 4041 <p>
a413195e
BP		 4042 A switch can forward packets to a controller over the OpenFlow
4043 protocol. Forwarding packets this way at too high a rate can
4044 overwhelm a controller, frustrate use of the OpenFlow connection for
4045 other purposes, increase the latency of flow setup, and use an
4046 unreasonable amount of bandwidth. Therefore, Open vSwitch supports
4047 limiting the rate of packet forwarding to a controller.
ebb65354
BP		 4048 </p>
4049
4050 <p>
a413195e
BP		 4051 There are two main reasons in OpenFlow for a packet to be sent to a
4052 controller: either the packet ``misses'' in the flow table, that is,
4053 there is no matching flow, or a flow table action says to send the
4054 packet to the controller. Open vSwitch limits the rate of each kind
4055 of packet separately at the configured rate. Therefore, the actual
4056 rate that packets are sent to the controller can be up to twice the
4057 configured rate, when packets are sent for both reasons.
ebb65354
BP		 4058 </p>
4059
4060 <p>
a413195e
BP		 4061 This feature is specific to forwarding packets over an OpenFlow
4062 connection. It is not general-purpose QoS. See the <ref
4063 table="QoS"/> table for quality of service configuration, and <ref
4064 column="ingress_policing_rate" table="Interface"/> in the <ref
4065 table="Interface"/> table for ingress policing configuration.
ebb65354 4066 </p>
3fd8d445 4067
a413195e
BP		 4068 <column name="controller_rate_limit">
4069 <p>
4070 The maximum rate at which the switch will forward packets to the
4071 OpenFlow controller, in packets per second. If no value is
4072 specified, rate limiting is disabled.
4073 </p>
4074 </column>
4075
4076 <column name="controller_burst_limit">
4077 <p>
4078 When a high rate triggers rate-limiting, Open vSwitch queues
4079 packets to the controller for each port and transmits them to the
4080 controller at the configured rate. This value limits the number of
4081 queued packets. Ports on a bridge share the packet queue fairly.
4082 </p>
4083
4084 <p>
4085 This value has no effect unless <ref
4086 column="controller_rate_limit"/> is configured. The current
4087 default when this value is not specified is one-quarter of <ref
4088 column="controller_rate_limit"/>, meaning that queuing can delay
4089 forwarding a packet to the controller by up to 250 ms.
4090 </p>
4091 </column>
4092
4093 <group title="Controller Rate Limiting Statistics">
4094 <p>
4095 These values report the effects of rate limiting. Their values are
4096 relative to establishment of the most recent OpenFlow connection,
4097 or since rate limiting was enabled, whichever happened more
4098 recently. Each consists of two values, one with <code>TYPE</code>
4099 replaced by <code>miss</code> for rate limiting flow table misses,
4100 and the other with <code>TYPE</code> replaced by
4101 <code>action</code> for rate limiting packets sent by OpenFlow
4102 actions.
4103 </p>
4104
4105 <p>
4106 These statistics are reported only when controller rate limiting is
4107 enabled.
4108 </p>
4109
4110 <column name="status" key="packet-in-TYPE-bypassed"
4111 type='{"type": "integer", "minInteger": 0}'>
4112 Number of packets sent directly to the controller, without queuing,
4113 because the rate did not exceed the configured maximum.
4114 </column>
4115
4116 <column name="status" key="packet-in-TYPE-queued"
4117 type='{"type": "integer", "minInteger": 0}'>
4118 Number of packets added to the queue to send later.
4119 </column>
4120
4121 <column name="status" key="packet-in-TYPE-dropped"
4122 type='{"type": "integer", "minInteger": 0}'>
4123 Number of packets added to the queue that were later dropped due to
4124 overflow. This value is less than or equal to <ref column="status"
4125 key="packet-in-TYPE-queued"/>.
4126 </column>
4127
4128 <column name="status" key="packet-in-TYPE-backlog"
4129 type='{"type": "integer", "minInteger": 0}'>
4130 Number of packets currently queued. The other statistics increase
4131 monotonically, but this one fluctuates between 0 and the <ref
4132 column="controller_burst_limit"/> as conditions change.
4133 </column>
4134 </group>
4135 </group>
89365653
BP		 4136 </group>
4137
76ce9432
BP		 4138 <group title="Additional In-Band Configuration">
4139 <p>These values are considered only in in-band control mode (see
3fd8d445 4140 <ref column="connection_mode"/>).</p>
76ce9432
BP		 4141
4142 <p>When multiple controllers are configured on a single bridge, there
3fd8d445
BP		 4143 should be only one set of unique values in these columns. If different
4144 values are set for these columns in different controllers, the effect
4145 is unspecified.</p>
89365653
BP		 4146
4147 <column name="local_ip">
76ce9432
BP		 4148 The IP address to configure on the local port,
4149 e.g. <code>192.168.0.123</code>. If this value is unset, then
4150 <ref column="local_netmask"/> and <ref column="local_gateway"/> are
4151 ignored.
89365653
BP		 4152 </column>
4153
4154 <column name="local_netmask">
76ce9432
BP		 4155 The IP netmask to configure on the local port,
4156 e.g. <code>255.255.255.0</code>. If <ref column="local_ip"/> is set
4157 but this value is unset, then the default is chosen based on whether
4158 the IP address is class A, B, or C.
4159 </column>
4160
4161 <column name="local_gateway">
4162 The IP address of the gateway to configure on the local port, as a
4163 string, e.g. <code>192.168.0.1</code>. Leave this column unset if
4164 this network has no gateway.
89365653
BP		 4165 </column>
4166 </group>
13008eb3 4167
bffc0589
AE		 4168 <group title="Controller Status">
4169 <column name="is_connected">
4170 <code>true</code> if currently connected to this controller,
4171 <code>false</code> otherwise.
4172 </column>
4173
f9e5e5b3
BP		 4174 <column name="role"
4175 type='{"type": "string", "enum": ["set", ["other", "master", "slave"]]}'>
bffc0589 4176 <p>The level of authority this controller has on the associated
3fd8d445 4177 bridge. Possible values are:</p>
bffc0589
AE		 4178 <dl>
4179 <dt><code>other</code></dt>
4180 <dd>Allows the controller access to all OpenFlow features.</dd>
bffc0589
AE		 4181 <dt><code>master</code></dt>
4182 <dd>Equivalent to <code>other</code>, except that there may be at
3fd8d445
BP		 4183 most one master controller at a time. When a controller configures
4184 itself as <code>master</code>, any existing master is demoted to
9f90ed90 4185 the <code>slave</code> role.</dd>
bffc0589
AE		 4186 <dt><code>slave</code></dt>
4187 <dd>Allows the controller read-only access to OpenFlow features.
3fd8d445
BP		 4188 Attempts to modify the flow table will be rejected with an
4189 error. Slave controllers do not receive OFPT_PACKET_IN or
4190 OFPT_FLOW_REMOVED messages, but they do receive OFPT_PORT_STATUS
4191 messages.</dd>
bffc0589
AE		 4192 </dl>
4193 </column>
4194
3fd8d445
BP		 4195 <column name="status" key="last_error">
4196 A human-readable description of the last error on the connection
4197 to the controller; i.e. <code>strerror(errno)</code>. This key
4198 will exist only if an error has occurred.
4199 </column>
4200
f9e5e5b3
BP		 4201 <column name="status" key="state"
4202 type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'>
3fd8d445 4203 <p>
f9e5e5b3 4204 The state of the connection to the controller:
3fd8d445 4205 </p>
bffc0589 4206 <dl>
3fd8d445
BP		 4207 <dt><code>VOID</code></dt>
4208 <dd>Connection is disabled.</dd>
4209
4210 <dt><code>BACKOFF</code></dt>
4211 <dd>Attempting to reconnect at an increasing period.</dd>
4212
4213 <dt><code>CONNECTING</code></dt>
4214 <dd>Attempting to connect.</dd>
4215
4216 <dt><code>ACTIVE</code></dt>
4217 <dd>Connected, remote host responsive.</dd>
4218
4219 <dt><code>IDLE</code></dt>
4220 <dd>Connection is idle. Waiting for response to keep-alive.</dd>
bffc0589 4221 </dl>
3fd8d445
BP		 4222 <p>
4223 These values may change in the future. They are provided only for
4224 human consumption.
4225 </p>
4226 </column>
9cc6bf75 4227
f9e5e5b3
BP		 4228 <column name="status" key="sec_since_connect"
4229 type='{"type": "integer", "minInteger": 0}'>
3fd8d445
BP		 4230 The amount of time since this controller last successfully connected to
4231 the switch (in seconds). Value is empty if controller has never
4232 successfully connected.
bffc0589 4233 </column>
9cc6bf75 4234
f9e5e5b3
BP		 4235 <column name="status" key="sec_since_disconnect"
4236 type='{"type": "integer", "minInteger": 1}'>
3fd8d445
BP		 4237 The amount of time since this controller last disconnected from
4238 the switch (in seconds). Value is empty if controller has never
4239 disconnected.
4240 </column>
4241 </group>
4242
f125905c
MM		 4243 <group title="Connection Parameters">
4244 <p>
4245 Additional configuration for a connection between the controller
4246 and the Open vSwitch.
4247 </p>
4248
4249 <column name="other_config" key="dscp"
039a8ccd 4250 type='{"type": "integer"}'>
cea15768
EJ		 4251 The Differentiated Service Code Point (DSCP) is specified using 6 bits
4252 in the Type of Service (TOS) field in the IP header. DSCP provides a
4253 mechanism to classify the network traffic and provide Quality of
4254 Service (QoS) on IP networks.
4255
4256 The DSCP value specified here is used when establishing the connection
0442efd9
MM		 4257 between the controller and the Open vSwitch. If no value is specified,
4258 a default value of 48 is chosen. Valid DSCP values must be in the
4259 range 0 to 63.
f125905c
MM		 4260 </column>
4261 </group>
4262
4263
3fd8d445
BP		 4264 <group title="Common Columns">
4265 The overall purpose of these columns is described under <code>Common
4266 Columns</code> at the beginning of this document.
4267
4268 <column name="external_ids"/>
f125905c 4269 <column name="other_config"/>
bffc0589 4270 </group>
89365653
BP		 4271 </table>
4272
94db5407
BP		 4273 <table name="Manager" title="OVSDB management connection.">
4274 <p>
4275 Configuration for a database connection to an Open vSwitch database
4276 (OVSDB) client.
4277 </p>
4278
4279 <p>
4280 This table primarily configures the Open vSwitch database
4281 (<code>ovsdb-server</code>), not the Open vSwitch switch
4282 (<code>ovs-vswitchd</code>). The switch does read the table to determine
4283 what connections should be treated as in-band.
4284 </p>
4285
4286 <p>
4287 The Open vSwitch database server can initiate and maintain active
4288 connections to remote clients. It can also listen for database
4289 connections.
4290 </p>
4291
4292 <group title="Core Features">
4293 <column name="target">
4294 <p>Connection method for managers.</p>
4295 <p>
4296 The following connection methods are currently supported:
4297 </p>
4298 <dl>
4299 <dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
4300 <dd>
4301 <p>
efc295d2
JP		 4302 The specified SSL <var>port</var> on the host at the given
4303 <var>ip</var>, which must be expressed as an IP address
4304 (not a DNS name). The <ref table="Open_vSwitch"
4305 column="ssl"/> column in the <ref table="Open_vSwitch"/>
4306 table must point to a valid SSL configuration when this
4307 form is used.
94db5407
BP		 4308 </p>
4309 <p>
d4763d1d 4310 If <var>port</var> is not specified, it defaults to 6640.
efc295d2
JP		 4311 </p>
4312 <p>
4313 SSL support is an optional feature that is not always
4314 built as part of Open vSwitch.
94db5407
BP		 4315 </p>
4316 </dd>
4317
4318 <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
4319 <dd>
efc295d2
JP		 4320 <p>
4321 The specified TCP <var>port</var> on the host at the given
e731d71b
AS		 4322 <var>ip</var>, which must be expressed as an IP address (not a
4323 DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
4324 <var>ip</var> is an IPv6 address, wrap it in square brackets,
d4763d1d 4325 e.g. <code>tcp:[::1]:6640</code>.
efc295d2
JP		 4326 </p>
4327 <p>
d4763d1d 4328 If <var>port</var> is not specified, it defaults to 6640.
efc295d2 4329 </p>
94db5407
BP		 4330 </dd>
4331 <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
4332 <dd>
4333 <p>
e731d71b
AS		 4334 Listens for SSL connections on the specified TCP <var>port</var>.
4335 Specify 0 for <var>port</var> to have the kernel automatically
4336 choose an available port. If <var>ip</var>, which must be
4337 expressed as an IP address (not a DNS name), is specified, then
4338 connections are restricted to the specified local IP address
4339 (either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
4340 address, wrap in square brackets,
d4763d1d 4341 e.g. <code>pssl:6640:[::1]</code>. If <var>ip</var> is not
e731d71b
AS		 4342 specified then it listens only on IPv4 (but not IPv6) addresses.
4343 The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
94db5407
BP		 4344 table="Open_vSwitch"/> table must point to a valid SSL
4345 configuration when this form is used.
4346 </p>
efc295d2 4347 <p>
d4763d1d 4348 If <var>port</var> is not specified, it defaults to 6640.
efc295d2 4349 </p>
94db5407
BP		 4350 <p>
4351 SSL support is an optional feature that is not always built as
4352 part of Open vSwitch.
4353 </p>
4354 </dd>
4355 <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
4356 <dd>
efc295d2 4357 <p>
e731d71b
AS		 4358 Listens for connections on the specified TCP <var>port</var>.
4359 Specify 0 for <var>port</var> to have the kernel automatically
4360 choose an available port. If <var>ip</var>, which must be
4361 expressed as an IP address (not a DNS name), is specified, then
4362 connections are restricted to the specified local IP address
4363 (either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
4364 address, wrap it in square brackets,
d4763d1d 4365 e.g. <code>ptcp:6640:[::1]</code>. If <var>ip</var> is not
e731d71b 4366 specified then it listens only on IPv4 addresses.
efc295d2
JP		 4367 </p>
4368 <p>
d4763d1d 4369 If <var>port</var> is not specified, it defaults to 6640.
efc295d2 4370 </p>
94db5407
BP		 4371 </dd>
4372 </dl>
4373 <p>When multiple managers are configured, the <ref column="target"/>
4374 values must be unique. Duplicate <ref column="target"/> values yield
4375 unspecified results.</p>
4376 </column>
4377
4378 <column name="connection_mode">
4379 <p>
4380 If it is specified, this setting must be one of the following strings
4381 that describes how Open vSwitch contacts this OVSDB client over the
4382 network:
4383 </p>
299a244b 4384
94db5407
BP		 4385 <dl>
4386 <dt><code>in-band</code></dt>
4387 <dd>
4388 In this mode, this connection's traffic travels over a bridge
4389 managed by Open vSwitch. With this setting, Open vSwitch allows
4390 traffic to and from the client regardless of the contents of the
4391 OpenFlow flow table. (Otherwise, Open vSwitch would never be able
4392 to connect to the client, because it did not have a flow to enable
4393 it.) This is the most common connection mode because it is not
4394 necessary to maintain two independent networks.
4395 </dd>
4396 <dt><code>out-of-band</code></dt>
4397 <dd>
4398 In this mode, the client's traffic uses a control network separate
4399 from that managed by Open vSwitch, that is, Open vSwitch does not
4400 use any of its own network devices to communicate with the client.
4401 The control network must be configured separately, before or after
4402 <code>ovs-vswitchd</code> is started.
4403 </dd>
4404 </dl>
4405
4406 <p>
4407 If not specified, the default is implementation-specific.
4408 </p>
4409 </column>
4410 </group>
4411
4412 <group title="Client Failure Detection and Handling">
4413 <column name="max_backoff">
4414 Maximum number of milliseconds to wait between connection attempts.
4415 Default is implementation-specific.
4416 </column>
4417
4418 <column name="inactivity_probe">
4419 Maximum number of milliseconds of idle time on connection to the client
4420 before sending an inactivity probe message. If Open vSwitch does not
4421 communicate with the client for the specified number of seconds, it
4422 will send a probe. If a response is not received for the same
4423 additional amount of time, Open vSwitch assumes the connection has been
4424 broken and attempts to reconnect. Default is implementation-specific.
2bb82bf0 4425 A value of 0 disables inactivity probes.
94db5407
BP		 4426 </column>
4427 </group>
4428
0b3e7a8b 4429 <group title="Status">
600766e8
AZ		 4430 <p>
4431 Key-value pair of <ref column="is_connected"/> is always updated.
4432 Other key-value pairs in the status columns may be updated depends
4433 on the <ref column="target"/> type.
4434 </p>
4435
4436 <p>
4437 When <ref column="target"/> specifies a connection method that
4438 listens for inbound connections (e.g. <code>ptcp:</code> or
4439 <code>punix:</code>), both <ref column="n_connections"/> and
4440 <ref column="is_connected"/> may also be updated while the
4441 remaining key-value pairs are omitted.
4442 </p>
4443
4444 <p>
4445 On the other hand, when <ref column="target"/> specifies an
4446 outbound connection, all key-value pairs may be updated, except
4447 the above-mentioned two key-value pairs associated with inbound
4448 connection targets. They are omitted.
4449 </p>
4450
4451 <column name="is_connected">
0b3e7a8b
AE		 4452 <code>true</code> if currently connected to this manager,
4453 <code>false</code> otherwise.
4454 </column>
4455
3fd8d445
BP		 4456 <column name="status" key="last_error">
4457 A human-readable description of the last error on the connection
4458 to the manager; i.e. <code>strerror(errno)</code>. This key
4459 will exist only if an error has occurred.
4460 </column>
4461
f9e5e5b3
BP		 4462 <column name="status" key="state"
4463 type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'>
3fd8d445 4464 <p>
f9e5e5b3 4465 The state of the connection to the manager:
3fd8d445 4466 </p>
a11f6164 4467 <dl>
3fd8d445
BP		 4468 <dt><code>VOID</code></dt>
4469 <dd>Connection is disabled.</dd>
4470
4471 <dt><code>BACKOFF</code></dt>
4472 <dd>Attempting to reconnect at an increasing period.</dd>
4473
4474 <dt><code>CONNECTING</code></dt>
4475 <dd>Attempting to connect.</dd>
4476
4477 <dt><code>ACTIVE</code></dt>
4478 <dd>Connected, remote host responsive.</dd>
4479
4480 <dt><code>IDLE</code></dt>
4481 <dd>Connection is idle. Waiting for response to keep-alive.</dd>
a11f6164 4482 </dl>
3fd8d445
BP		 4483 <p>
4484 These values may change in the future. They are provided only for
4485 human consumption.
4486 </p>
4487 </column>
4488
f9e5e5b3
BP		 4489 <column name="status" key="sec_since_connect"
4490 type='{"type": "integer", "minInteger": 0}'>
3fd8d445
BP		 4491 The amount of time since this manager last successfully connected
4492 to the database (in seconds). Value is empty if manager has never
4493 successfully connected.
4494 </column>
4495
f9e5e5b3
BP		 4496 <column name="status" key="sec_since_disconnect"
4497 type='{"type": "integer", "minInteger": 0}'>
3fd8d445
BP		 4498 The amount of time since this manager last disconnected from the
4499 database (in seconds). Value is empty if manager has never
4500 disconnected.
4501 </column>
4502
4503 <column name="status" key="locks_held">
4504 Space-separated list of the names of OVSDB locks that the connection
4505 holds. Omitted if the connection does not hold any locks.
4506 </column>
4507
4508 <column name="status" key="locks_waiting">
4509 Space-separated list of the names of OVSDB locks that the connection is
4510 currently waiting to acquire. Omitted if the connection is not waiting
4511 for any locks.
4512 </column>
4513
4514 <column name="status" key="locks_lost">
4515 Space-separated list of the names of OVSDB locks that the connection
4516 has had stolen by another OVSDB client. Omitted if no locks have been
4517 stolen from this connection.
4518 </column>
4519
f9e5e5b3
BP		 4520 <column name="status" key="n_connections"
4521 type='{"type": "integer", "minInteger": 2}'>
600766e8
AZ		 4522 When <ref column="target"/> specifies a connection method that
4523 listens for inbound connections (e.g. <code>ptcp:</code> or
4524 <code>pssl:</code>) and more than one connection is actually active,
4525 the value is the number of active connections. Otherwise, this
4526 key-value pair is omitted.
0b3e7a8b 4527 </column>
798e1352
BP		 4528
4529 <column name="status" key="bound_port" type='{"type": "integer"}'>
039a8ccd
BP		 4530 When <ref column="target"/> is <code>ptcp:</code> or
4531 <code>pssl:</code>, this is the TCP port on which the OVSDB server is
6c75e208 4532 listening. (This is particularly useful when <ref
039a8ccd
BP		 4533 column="target"/> specifies a port of 0, allowing the kernel to
4534 choose any available port.)
798e1352 4535 </column>
0b3e7a8b 4536 </group>
3fd8d445 4537
f125905c
MM		 4538 <group title="Connection Parameters">
4539 <p>
4540 Additional configuration for a connection between the manager
4541 and the Open vSwitch Database.
4542 </p>
4543
4544 <column name="other_config" key="dscp"
039a8ccd 4545 type='{"type": "integer"}'>
cea15768
EJ		 4546 The Differentiated Service Code Point (DSCP) is specified using 6 bits
4547 in the Type of Service (TOS) field in the IP header. DSCP provides a
4548 mechanism to classify the network traffic and provide Quality of
4549 Service (QoS) on IP networks.
4550
4551 The DSCP value specified here is used when establishing the connection
0442efd9
MM		 4552 between the manager and the Open vSwitch. If no value is specified, a
4553 default value of 48 is chosen. Valid DSCP values must be in the range
4554 0 to 63.
f125905c
MM		 4555 </column>
4556 </group>
4557
3fd8d445
BP		 4558 <group title="Common Columns">
4559 The overall purpose of these columns is described under <code>Common
4560 Columns</code> at the beginning of this document.
4561
4562 <column name="external_ids"/>
f125905c 4563 <column name="other_config"/>
3fd8d445 4564 </group>
94db5407
BP		 4565 </table>
4566
89365653
BP		 4567 <table name="NetFlow">
4568 A NetFlow target. NetFlow is a protocol that exports a number of
4569 details about terminating IP flows, such as the principals involved
4570 and duration.
4571
4572 <column name="targets">
4573 NetFlow targets in the form
4574 <code><var>ip</var>:<var>port</var></code>. The <var>ip</var>
4575 must be specified numerically, not as a DNS name.
4576 </column>
4577
4578 <column name="engine_id">
4579 Engine ID to use in NetFlow messages. Defaults to datapath index
4580 if not specified.
4581 </column>
4582
4583 <column name="engine_type">
4584 Engine type to use in NetFlow messages. Defaults to datapath
4585 index if not specified.
4586 </column>
4587
4588 <column name="active_timeout">
a70f8b11 4589 <p>
039a8ccd
BP		 4590 The interval at which NetFlow records are sent for flows that
4591 are still active, in seconds. A value of <code>0</code>
4592 requests the default timeout (currently 600 seconds); a value
4593 of <code>-1</code> disables active timeouts.
a70f8b11
BP		 4594 </p>
4595
4596 <p>
039a8ccd
BP		 4597 The NetFlow passive timeout, for flows that become inactive,
4598 is not configurable. It will vary depending on the Open
4599 vSwitch version, the forms and contents of the OpenFlow flow
4600 tables, CPU and memory usage, and network activity. A typical
4601 passive timeout is about a second.
a70f8b11 4602 </p>
89365653
BP		 4603 </column>
4604
4605 <column name="add_id_to_interface">
4606 <p>If this column's value is <code>false</code>, the ingress and egress
3fd8d445
BP		 4607 interface fields of NetFlow flow records are derived from OpenFlow port
4608 numbers. When it is <code>true</code>, the 7 most significant bits of
4609 these fields will be replaced by the least significant 7 bits of the
4610 engine id. This is useful because many NetFlow collectors do not
4611 expect multiple switches to be sending messages from the same host, so
4612 they do not store the engine information which could be used to
4613 disambiguate the traffic.</p>
89365653
BP		 4614 <p>When this option is enabled, a maximum of 508 ports are supported.</p>
4615 </column>
13008eb3 4616
3fd8d445
BP		 4617 <group title="Common Columns">
4618 The overall purpose of these columns is described under <code>Common
4619 Columns</code> at the beginning of this document.
4620
4621 <column name="external_ids"/>
4622 </group>
89365653
BP		 4623 </table>
4624
4625 <table name="SSL">
4626 SSL configuration for an Open_vSwitch.
4627
4628 <column name="private_key">
4629 Name of a PEM file containing the private key used as the switch's
4630 identity for SSL connections to the controller.
4631 </column>
4632
4633 <column name="certificate">
4634 Name of a PEM file containing a certificate, signed by the
4635 certificate authority (CA) used by the controller and manager,
4636 that certifies the switch's private key, identifying a trustworthy
4637 switch.
4638 </column>
4639
4640 <column name="ca_cert">
4641 Name of a PEM file containing the CA certificate used to verify
4642 that the switch is connected to a trustworthy controller.
4643 </column>
4644
4645 <column name="bootstrap_ca_cert">
4646 If set to <code>true</code>, then Open vSwitch will attempt to
4647 obtain the CA certificate from the controller on its first SSL
4648 connection and save it to the named PEM file. If it is successful,
4649 it will immediately drop the connection and reconnect, and from then
4650 on all SSL connections must be authenticated by a certificate signed
4651 by the CA certificate thus obtained. <em>This option exposes the
3fd8d445
BP		 4652 SSL connection to a man-in-the-middle attack obtaining the initial
4653 CA certificate.</em> It may still be useful for bootstrapping.
89365653 4654 </column>
13008eb3 4655
3fd8d445
BP		 4656 <group title="Common Columns">
4657 The overall purpose of these columns is described under <code>Common
4658 Columns</code> at the beginning of this document.
4659
4660 <column name="external_ids"/>
4661 </group>
89365653
BP		 4662 </table>
4663
4664 <table name="sFlow">
29089a54
RL		 4665 <p>A set of sFlow(R) targets. sFlow is a protocol for remote
4666 monitoring of switches.</p>
89365653
BP		 4667
4668 <column name="agent">
e723ff43 4669 Name of the network device whose IP address should be reported as the
733adf2a
LG		 4670 ``agent address'' to collectors. If not specified, the agent device is
4671 figured from the first target address and the routing table. If the
4672 routing table does not contain a route to the target, the IP address
e723ff43
BP		 4673 defaults to the <ref table="Controller" column="local_ip"/> in the
4674 collector's <ref table="Controller"/>. If an agent IP address cannot be
733adf2a 4675 determined any of these ways, sFlow is disabled.
89365653
BP		 4676 </column>
4677
4678 <column name="header">
4679 Number of bytes of a sampled packet to send to the collector.
4680 If not specified, the default is 128 bytes.
4681 </column>
4682
4683 <column name="polling">
4684 Polling rate in seconds to send port statistics to the collector.
4685 If not specified, defaults to 30 seconds.
4686 </column>
4687
4688 <column name="sampling">
4689 Rate at which packets should be sampled and sent to the collector.
4690 If not specified, defaults to 400, which means one out of 400
4691 packets, on average, will be sent to the collector.
4692 </column>
4693
4694 <column name="targets">
4695 sFlow targets in the form
4696 <code><var>ip</var>:<var>port</var></code>.
4697 </column>
13008eb3 4698
3fd8d445
BP		 4699 <group title="Common Columns">
4700 The overall purpose of these columns is described under <code>Common
4701 Columns</code> at the beginning of this document.
4702
4703 <column name="external_ids"/>
4704 </group>
89365653 4705 </table>
c1c9c9c4 4706
29089a54 4707 <table name="IPFIX">
99ec8f05 4708 <p>Configuration for sending packets to IPFIX collectors.</p>
29089a54 4709
99ec8f05
BP		 4710 <p>
4711 IPFIX is a protocol that exports a number of details about flows. The
4712 IPFIX implementation in Open vSwitch samples packets at a configurable
4713 rate, extracts flow information from those packets, optionally caches and
4714 aggregates the flow information, and sends the result to one or more
4715 collectors.
4716 </p>
29089a54 4717
99ec8f05
BP		 4718 <p>
4719 IPFIX in Open vSwitch can be configured two different ways:
4720 </p>
29089a54 4721
99ec8f05
BP		 4722 <ul>
4723 <li>
4724 With <em>per-bridge sampling</em>, Open vSwitch performs IPFIX sampling
4725 automatically on all packets that pass through a bridge. To configure
4726 per-bridge sampling, create an <ref table="IPFIX"/> record and point a
4727 <ref table="Bridge"/> table's <ref table="Bridge" column="ipfix"/>
4728 column to it. The <ref table="Flow_Sample_Collector_Set"/> table is
4729 not used for per-bridge sampling.
4730 </li>
4731
4732 <li>
4733 <p>
4734 With <em>flow-based sampling</em>, <code>sample</code> actions in the
4735 OpenFlow flow table drive IPFIX sampling. See
4736 <code>ovs-ofctl</code>(8) for a description of the
4737 <code>sample</code> action.
4738 </p>
4739
4740 <p>
4741 Flow-based sampling also requires database configuration: create a
4742 <ref table="IPFIX"/> record that describes the IPFIX configuration
4743 and a <ref table="Flow_Sample_Collector_Set"/> record that points to
4744 the <ref table="Bridge"/> whose flow table holds the
4745 <code>sample</code> actions and to <ref table="IPFIX"/> record. The
4746 <ref table="Bridge" column="ipfix"/> in the <ref table="Bridge"/>
4747 table is not used for flow-based sampling.
4748 </p>
4749 </li>
4750 </ul>
29089a54 4751
99ec8f05
BP		 4752 <column name="targets">
4753 IPFIX target collectors in the form
4754 <code><var>ip</var>:<var>port</var></code>.
29089a54
RL		 4755 </column>
4756
978427a5
RL		 4757 <column name="cache_active_timeout">
4758 The maximum period in seconds for which an IPFIX flow record is
4759 cached and aggregated before being sent. If not specified,
4760 defaults to 0. If 0, caching is disabled.
4761 </column>
4762
4763 <column name="cache_max_flows">
4764 The maximum number of IPFIX flow records that can be cached at a
4765 time. If not specified, defaults to 0. If 0, caching is
4766 disabled.
4767 </column>
4768
f69f713b
BY		 4769 <column name="other_config" key="enable-tunnel-sampling"
4770 type='{"type": "boolean"}'>
4771 <p>
4772 Set to <code>true</code> to enable sampling and reporting tunnel
4773 header 7-tuples in IPFIX flow records. Tunnel sampling is enabled
4774 by default.
4775 </p>
4776
4777 <p>
4778 The following enterprise entities report the sampled tunnel info:
4779 </p>
4780
4781 <dl>
4782 <dt>tunnelType:</dt>
4783 <dd>
4784 <p>ID: 891, and enterprise ID 6876 (VMware).</p>
4785 <p>type: unsigned 8-bit integer.</p>
4786 <p>data type semantics: identifier.</p>
4787 <p>description: Identifier of the layer 2 network overlay network
2b02d770 4788 encapsulation type: 0x01 VxLAN, 0x02 GRE, 0x03 LISP, 0x07 GENEVE.</p>
f69f713b
BY		 4789 </dd>
4790 <dt>tunnelKey:</dt>
4791 <dd>
4792 <p>ID: 892, and enterprise ID 6876 (VMware).</p>
4793 <p>type: variable-length octetarray.</p>
4794 <p>data type semantics: identifier.</p>
4795 <p>description: Key which is used for identifying an individual
4796 traffic flow within a VxLAN (24-bit VNI), GENEVE (24-bit VNI),
4797 GRE (32-bit key), or LISP (24-bit instance ID) tunnel. The
4798 key is encoded in this octetarray as a 3-, 4-, or 8-byte integer
4799 ID in network byte order.</p>
4800 </dd>
4801 <dt>tunnelSourceIPv4Address:</dt>
4802 <dd>
4803 <p>ID: 893, and enterprise ID 6876 (VMware).</p>
4804 <p>type: unsigned 32-bit integer.</p>
4805 <p>data type semantics: identifier.</p>
4806 <p>description: The IPv4 source address in the tunnel IP packet
4807 header.</p>
4808 </dd>
4809 <dt>tunnelDestinationIPv4Address:</dt>
4810 <dd>
4811 <p>ID: 894, and enterprise ID 6876 (VMware).</p>
4812 <p>type: unsigned 32-bit integer.</p>
4813 <p>data type semantics: identifier.</p>
4814 <p>description: The IPv4 destination address in the tunnel IP
4815 packet header.</p>
4816 </dd>
4817 <dt>tunnelProtocolIdentifier:</dt>
4818 <dd>
4819 <p>ID: 895, and enterprise ID 6876 (VMware).</p>
4820 <p>type: unsigned 8-bit integer.</p>
4821 <p>data type semantics: identifier.</p>
4822 <p>description: The value of the protocol number in the tunnel
4823 IP packet header. The protocol number identifies the tunnel IP
4824 packet payload type.</p>
4825 </dd>
4826 <dt>tunnelSourceTransportPort:</dt>
4827 <dd>
4828 <p>ID: 896, and enterprise ID 6876 (VMware).</p>
4829 <p>type: unsigned 16-bit integer.</p>
4830 <p>data type semantics: identifier.</p>
4831 <p>description: The source port identifier in the tunnel transport
4832 header. For the transport protocols UDP, TCP, and SCTP, this is
4833 the source port number given in the respective header.</p>
4834 </dd>
4835 <dt>tunnelDestinationTransportPort:</dt>
4836 <dd>
4837 <p>ID: 897, and enterprise ID 6876 (VMware).</p>
4838 <p>type: unsigned 16-bit integer.</p>
4839 <p>data type semantics: identifier.</p>
4840 <p>description: The destination port identifier in the tunnel
4841 transport header. For the transport protocols UDP, TCP, and SCTP,
4842 this is the destination port number given in the respective header.
4843 </p>
4844 </dd>
4845 </dl>
4846
4847 <p>
4848 Before Open vSwitch 2.5.90, <ref column="other_config"
4849 key="enable-tunnel-sampling"/> was only supported with per-bridge
4850 sampling, and ignored otherwise. Open vSwitch 2.5.90 and later support
4851 <ref column="other_config" key="enable-tunnel-sampling"/> for
4852 per-bridge and per-flow sampling.
4853 </p>
4854 </column>
4855
c97320eb
WZ		 4856 <column name="other_config" key="virtual_obs_id"
4857 type='{"type": "string"}'>
4858 <p>
4859 A string that accompanies each IPFIX flow record. Its intended use is
4860 for the ``virtual observation ID,'' an identifier of a virtual
4861 observation point that is locally unique in a virtual network. It
4862 describes a location in the virtual network where IP packets can be
4863 observed. The maximum length is 254 bytes. If not specified, the
4864 field is omitted from the IPFIX flow record.
4865 </p>
4866
4867 <p>
4868 The following enterprise entity reports the specified virtual
4869 observation ID:
4870 </p>
4871
4872 <dl>
4873 <dt>virtualObsID:</dt>
4874 <dd>
4875 <p>ID: 898, and enterprise ID 6876 (VMware).</p>
4876 <p>type: variable-length string.</p>
4877 <p>data type semantics: identifier.</p>
4878 <p>description: A virtual observation domain ID that is locally
4879 unique in a virtual network.
4880 </p>
4881 </dd>
4882 </dl>
4883
4884 <p>
4885 This feature was introduced in Open vSwitch 2.5.90.
4886 </p>
4887 </column>
4888
99ec8f05
BP		 4889 <group title="Per-Bridge Sampling">
4890 <p>
4891 These values affect only per-bridge sampling. See above for a
4892 description of the differences between per-bridge and flow-based
4893 sampling.
4894 </p>
8b7ea2d4 4895
99ec8f05
BP		 4896 <column name="sampling">
4897 The rate at which packets should be sampled and sent to each target
4898 collector. If not specified, defaults to 400, which means one out of
4899 400 packets, on average, will be sent to each target collector.
4900 </column>
8b7ea2d4 4901
99ec8f05
BP		 4902 <column name="obs_domain_id">
4903 The IPFIX Observation Domain ID sent in each IPFIX packet. If not
4904 specified, defaults to 0.
4905 </column>
4906
4907 <column name="obs_point_id">
4908 The IPFIX Observation Point ID sent in each IPFIX flow record. If not
4909 specified, defaults to 0.
4910 </column>
4911
99ec8f05
BP		 4912 <column name="other_config" key="enable-input-sampling"
4913 type='{"type": "boolean"}'>
4914 By default, Open vSwitch samples and reports flows at bridge port input
4915 in IPFIX flow records. Set this column to <code>false</code> to
4916 disable input sampling.
4917 </column>
4918
4919 <column name="other_config" key="enable-output-sampling"
4920 type='{"type": "boolean"}'>
4921 By default, Open vSwitch samples and reports flows at bridge port
4922 output in IPFIX flow records. Set this column to <code>false</code> to
4923 disable output sampling.
4924 </column>
4925 </group>
8b7ea2d4 4926
29089a54
RL		 4927 <group title="Common Columns">
4928 The overall purpose of these columns is described under <code>Common
4929 Columns</code> at the beginning of this document.
4930
4931 <column name="external_ids"/>
4932 </group>
4933 </table>
4934
4935 <table name="Flow_Sample_Collector_Set">
99ec8f05
BP		 4936 <p>
4937 A set of IPFIX collectors of packet samples generated by OpenFlow
4938 <code>sample</code> actions. This table is used only for IPFIX
4939 flow-based sampling, not for per-bridge sampling (see the <ref
4940 table="IPFIX"/> table for a description of the two forms).
4941 </p>
29089a54
RL		 4942
4943 <column name="id">
4944 The ID of this collector set, unique among the bridge's
4945 collector sets, to be used as the <code>collector_set_id</code>
4946 in OpenFlow <code>sample</code> actions.
4947 </column>
4948
4949 <column name="bridge">
4950 The bridge into which OpenFlow <code>sample</code> actions can
4951 be added to send packet samples to this set of IPFIX collectors.
4952 </column>
4953
4954 <column name="ipfix">
4955 Configuration of the set of IPFIX collectors to send one flow
4956 record per sampled packet to.
4957 </column>
4958
4959 <group title="Common Columns">
4960 The overall purpose of these columns is described under <code>Common
4961 Columns</code> at the beginning of this document.
4962
4963 <column name="external_ids"/>
4964 </group>
4965 </table>
4966
99eef98b 4967 <table name="AutoAttach">
039a8ccd
BP		 4968 <p>
4969 Auto Attach configuration within a bridge. The IETF Auto-Attach SPBM
4970 draft standard describes a compact method of using IEEE 802.1AB Link
4971 Layer Discovery Protocol (LLDP) together with a IEEE 802.1aq Shortest
4972 Path Bridging (SPB) network to automatically attach network devices
4973 to individual services in a SPB network. The intent here is to allow
4974 network applications and devices using OVS to be able to easily take
4975 advantage of features offered by industry standard SPB networks.
4976 </p>
4977
4978 <p>
4979 Auto Attach (AA) uses LLDP to communicate between a directly connected
4980 Auto Attach Client (AAC) and Auto Attach Server (AAS). The LLDP protocol
4981 is extended to add two new Type-Length-Value tuples (TLVs). The first
4982 new TLV supports the ongoing discovery of directly connected AA
4983 correspondents. Auto Attach operates by regularly transmitting AA
4984 discovery TLVs between the AA client and AA server. By exchanging these
4985 discovery messages, both the AAC and AAS learn the system name and
4986 system description of their peer. In the OVS context, OVS operates as
4987 the AA client and the AA server resides on a switch at the edge of the
4988 SPB network.
4989 </p>
4990
4991 <p>
4992 Once AA discovery has been completed the AAC then uses the second new TLV
4993 to deliver identifier mappings from the AAC to the AAS. A primary feature
4994 of Auto Attach is to facilitate the mapping of VLANs defined outside the
4995 SPB network onto service ids (ISIDs) defined within the SPM network. By
4996 doing so individual external VLANs can be mapped onto specific SPB
4997 network services. These VLAN id to ISID mappings can be configured and
4998 managed locally using new options added to the ovs-vsctl command.
4999 </p>
5000
5001 <p>
5002 The Auto Attach OVS feature does not provide a full implementation of
5003 the LLDP protocol. Support for the mandatory TLVs as defined by the LLDP
5004 standard and support for the AA TLV extensions is provided. LLDP
5005 protocol support in OVS can be enabled or disabled on a port by port
5006 basis. LLDP support is disabled by default.
5007 </p>
99eef98b
DF		 5008
5009 <column name="system_name">
5010 The system_name string is exported in LLDP messages. It should uniquely
5011 identify the bridge in the network.
5012 </column>
5013
5014 <column name="system_description">
5015 The system_description string is exported in LLDP messages. It should
5016 describe the type of software and hardware.
5017 </column>
5018
5019 <column name="mappings">
039a8ccd
BP		 5020 A mapping from SPB network Individual Service Identifier (ISID) to VLAN
5021 id.
99eef98b
DF		 5022 </column>
5023 </table>
89365653 5024</database>
openvswitch packages for PVE