]>
Commit | Line | Data |
---|---|---|
add17b69 | 1 | <?xml version="1.0" encoding="utf-8"?> |
57ba0a77 | 2 | <database name="vtep" title="Hardware VTEP Database"> |
add17b69 BD |
3 | <p> |
4 | This schema specifies relations that a VTEP can use to integrate | |
5 | physical ports into logical switches maintained by a network | |
6 | virtualization controller such as NSX. | |
7 | </p> | |
f86f54a9 | 8 | |
add17b69 BD |
9 | <p>Glossary:</p> |
10 | ||
11 | <dl> | |
12 | <dt>VTEP</dt> | |
13 | <dd> | |
14 | VXLAN Tunnel End Point, an entity which originates and/or terminates | |
15 | VXLAN tunnels. | |
16 | </dd> | |
17 | ||
18 | <dt>HSC</dt> | |
19 | <dd> | |
20 | Hardware Switch Controller. | |
21 | </dd> | |
22 | ||
23 | <dt>NVC</dt> | |
24 | <dd> | |
25 | Network Virtualization Controller, e.g. NSX. | |
26 | </dd> | |
27 | ||
28 | <dt>VRF</dt> | |
29 | <dd> | |
30 | Virtual Routing and Forwarding instance. | |
31 | </dd> | |
f86f54a9 | 32 | </dl> |
add17b69 | 33 | |
3e769995 SS |
34 | <h2>Common Column</h2> |
35 | ||
36 | <p> | |
37 | Some tables contain a column, named <code>other_config</code>. | |
38 | This column has the same form and purpose each place that it appears, | |
39 | so we describe it here to save space later. | |
40 | </p> | |
41 | ||
42 | <dl> | |
43 | <dt><code>other_config</code>: map of string-string pairs</dt> | |
44 | <dd> | |
45 | <p> | |
46 | Key-value pairs for configuring rarely used or proprietary features. | |
47 | </p> | |
48 | <p> | |
49 | Some tables do not have <code>other_config</code> column because no | |
50 | key-value pairs have yet been defined for them. | |
51 | </p> | |
52 | </dd> | |
53 | </dl> | |
54 | ||
add17b69 BD |
55 | <table name="Global" title="Top-level configuration."> |
56 | Top-level configuration for a hardware VTEP. There must be | |
57 | exactly one record in the <ref table="Global"/> table. | |
58 | ||
59 | <column name="switches"> | |
849222dd BP |
60 | <p> |
61 | The physical switch or switches managed by the VTEP. | |
62 | </p> | |
63 | ||
64 | <p> | |
65 | When a physical switch integrates support for this VTEP schema, which | |
66 | is expected to be the most common case, this column should point to one | |
67 | <ref table="Physical_Switch"/> record that represents the switch | |
68 | itself. In another possible implementation, a server or a VM presents | |
69 | a VTEP schema front-end interface to one or more physical switches, | |
70 | presumably communicating with those physical switches over a | |
71 | proprietary protocol. In that case, this column would point to one | |
72 | <ref table="Physical_Switch"/> for each physical switch, and the set | |
73 | might change over time as the front-end server comes to represent a | |
74 | differing set of switches. | |
75 | </p> | |
add17b69 BD |
76 | </column> |
77 | ||
78 | <group title="Database Configuration"> | |
79 | <p> | |
80 | These columns primarily configure the database server | |
81 | (<code>ovsdb-server</code>), not the hardware VTEP itself. | |
82 | </p> | |
83 | ||
84 | <column name="managers"> | |
85 | Database clients to which the database server should connect or | |
86 | to which it should listen, along with options for how these | |
87 | connection should be configured. See the <ref table="Manager"/> | |
88 | table for more information. | |
89 | </column> | |
90 | </group> | |
ff35498b DS |
91 | |
92 | <group title="Common Column"> | |
93 | The overall purpose of this column is described under <code>Common | |
94 | Column</code> at the beginning of this document. | |
95 | ||
96 | <column name="other_config"/> | |
97 | </group> | |
98 | ||
add17b69 BD |
99 | </table> |
100 | ||
101 | <table name="Manager" title="OVSDB management connection."> | |
102 | <p> | |
103 | Configuration for a database connection to an Open vSwitch Database | |
104 | (OVSDB) client. | |
105 | </p> | |
106 | ||
107 | <p> | |
108 | The database server can initiate and maintain active connections | |
109 | to remote clients. It can also listen for database connections. | |
110 | </p> | |
111 | ||
112 | <group title="Core Features"> | |
113 | <column name="target"> | |
114 | <p>Connection method for managers.</p> | |
115 | <p> | |
116 | The following connection methods are currently supported: | |
117 | </p> | |
118 | <dl> | |
119 | <dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> | |
120 | <dd> | |
121 | <p> | |
d4763d1d | 122 | The specified SSL <var>port</var> (default: 6640) on the host at |
add17b69 BD |
123 | the given <var>ip</var>, which must be expressed as an IP address |
124 | (not a DNS name). | |
125 | </p> | |
126 | <p> | |
fdf059ff BD |
127 | SSL key and certificate configuration happens outside the |
128 | database. | |
add17b69 BD |
129 | </p> |
130 | </dd> | |
131 | ||
132 | <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt> | |
133 | <dd> | |
d4763d1d | 134 | The specified TCP <var>port</var> (default: 6640) on the host at |
add17b69 BD |
135 | the given <var>ip</var>, which must be expressed as an IP address |
136 | (not a DNS name). | |
137 | </dd> | |
138 | <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> | |
139 | <dd> | |
140 | <p> | |
141 | Listens for SSL connections on the specified TCP <var>port</var> | |
d4763d1d | 142 | (default: 6640). If <var>ip</var>, which must be expressed as an |
add17b69 BD |
143 | IP address (not a DNS name), is specified, then connections are |
144 | restricted to the specified local IP address. | |
145 | </p> | |
146 | </dd> | |
147 | <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt> | |
148 | <dd> | |
149 | Listens for connections on the specified TCP <var>port</var> | |
d4763d1d | 150 | (default: 6640). If <var>ip</var>, which must be expressed as an |
add17b69 BD |
151 | IP address (not a DNS name), is specified, then connections are |
152 | restricted to the specified local IP address. | |
153 | </dd> | |
154 | </dl> | |
155 | </column> | |
156 | </group> | |
157 | ||
158 | <group title="Client Failure Detection and Handling"> | |
159 | <column name="max_backoff"> | |
160 | Maximum number of milliseconds to wait between connection attempts. | |
161 | Default is implementation-specific. | |
162 | </column> | |
163 | ||
164 | <column name="inactivity_probe"> | |
165 | Maximum number of milliseconds of idle time on connection to the | |
166 | client before sending an inactivity probe message. If the Open | |
167 | vSwitch database does not communicate with the client for the | |
168 | specified number of seconds, it will send a probe. If a | |
169 | response is not received for the same additional amount of time, | |
170 | the database server assumes the connection has been broken | |
171 | and attempts to reconnect. Default is implementation-specific. | |
172 | A value of 0 disables inactivity probes. | |
173 | </column> | |
174 | </group> | |
175 | ||
176 | <group title="Status"> | |
177 | <column name="is_connected"> | |
178 | <code>true</code> if currently connected to this manager, | |
179 | <code>false</code> otherwise. | |
180 | </column> | |
181 | ||
182 | <column name="status" key="last_error"> | |
183 | A human-readable description of the last error on the connection | |
184 | to the manager; i.e. <code>strerror(errno)</code>. This key | |
185 | will exist only if an error has occurred. | |
186 | </column> | |
187 | ||
188 | <column name="status" key="state" | |
189 | type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'> | |
190 | <p> | |
191 | The state of the connection to the manager: | |
192 | </p> | |
193 | <dl> | |
194 | <dt><code>VOID</code></dt> | |
195 | <dd>Connection is disabled.</dd> | |
196 | ||
197 | <dt><code>BACKOFF</code></dt> | |
198 | <dd>Attempting to reconnect at an increasing period.</dd> | |
199 | ||
200 | <dt><code>CONNECTING</code></dt> | |
201 | <dd>Attempting to connect.</dd> | |
202 | ||
203 | <dt><code>ACTIVE</code></dt> | |
204 | <dd>Connected, remote host responsive.</dd> | |
205 | ||
206 | <dt><code>IDLE</code></dt> | |
207 | <dd>Connection is idle. Waiting for response to keep-alive.</dd> | |
208 | </dl> | |
209 | <p> | |
210 | These values may change in the future. They are provided only for | |
211 | human consumption. | |
212 | </p> | |
213 | </column> | |
214 | ||
215 | <column name="status" key="sec_since_connect" | |
216 | type='{"type": "integer", "minInteger": 0}'> | |
217 | The amount of time since this manager last successfully connected | |
218 | to the database (in seconds). Value is empty if manager has never | |
219 | successfully connected. | |
220 | </column> | |
221 | ||
222 | <column name="status" key="sec_since_disconnect" | |
223 | type='{"type": "integer", "minInteger": 0}'> | |
224 | The amount of time since this manager last disconnected from the | |
225 | database (in seconds). Value is empty if manager has never | |
226 | disconnected. | |
227 | </column> | |
228 | ||
229 | <column name="status" key="locks_held"> | |
230 | Space-separated list of the names of OVSDB locks that the connection | |
231 | holds. Omitted if the connection does not hold any locks. | |
232 | </column> | |
233 | ||
234 | <column name="status" key="locks_waiting"> | |
235 | Space-separated list of the names of OVSDB locks that the connection is | |
236 | currently waiting to acquire. Omitted if the connection is not waiting | |
237 | for any locks. | |
238 | </column> | |
239 | ||
240 | <column name="status" key="locks_lost"> | |
241 | Space-separated list of the names of OVSDB locks that the connection | |
242 | has had stolen by another OVSDB client. Omitted if no locks have been | |
243 | stolen from this connection. | |
244 | </column> | |
245 | ||
246 | <column name="status" key="n_connections" | |
247 | type='{"type": "integer", "minInteger": 2}'> | |
248 | <p> | |
249 | When <ref column="target"/> specifies a connection method that | |
250 | listens for inbound connections (e.g. <code>ptcp:</code> or | |
251 | <code>pssl:</code>) and more than one connection is actually active, | |
252 | the value is the number of active connections. Otherwise, this | |
253 | key-value pair is omitted. | |
254 | </p> | |
255 | <p> | |
256 | When multiple connections are active, status columns and key-value | |
257 | pairs (other than this one) report the status of one arbitrarily | |
258 | chosen connection. | |
259 | </p> | |
260 | </column> | |
261 | </group> | |
262 | ||
263 | <group title="Connection Parameters"> | |
264 | <p> | |
265 | Additional configuration for a connection between the manager | |
266 | and the database server. | |
267 | </p> | |
268 | ||
269 | <column name="other_config" key="dscp" | |
f86f54a9 | 270 | type='{"type": "integer"}'> |
add17b69 BD |
271 | The Differentiated Service Code Point (DSCP) is specified using 6 bits |
272 | in the Type of Service (TOS) field in the IP header. DSCP provides a | |
273 | mechanism to classify the network traffic and provide Quality of | |
274 | Service (QoS) on IP networks. | |
275 | ||
276 | The DSCP value specified here is used when establishing the | |
277 | connection between the manager and the database server. If no | |
278 | value is specified, a default value of 48 is chosen. Valid DSCP | |
279 | values must be in the range 0 to 63. | |
280 | </column> | |
281 | </group> | |
282 | </table> | |
283 | ||
284 | <table name="Physical_Switch" title="A physical switch."> | |
285 | A physical switch that implements a VTEP. | |
286 | ||
287 | <column name="ports"> | |
288 | The physical ports within the switch. | |
289 | </column> | |
290 | ||
c8f4eed5 AS |
291 | <column name="tunnels"> |
292 | Tunnels created by this switch as instructed by the NVC. | |
293 | </column> | |
294 | ||
add17b69 BD |
295 | <group title="Network Status"> |
296 | <column name="management_ips"> | |
297 | IPv4 or IPv6 addresses at which the switch may be contacted | |
298 | for management purposes. | |
299 | </column> | |
300 | ||
301 | <column name="tunnel_ips"> | |
302 | <p> | |
303 | IPv4 or IPv6 addresses on which the switch may originate or | |
304 | terminate tunnels. | |
305 | </p> | |
306 | ||
307 | <p> | |
308 | This column is intended to allow a <ref table="Manager"/> to | |
309 | determine the <ref table="Physical_Switch"/> that terminates | |
310 | the tunnel represented by a <ref table="Physical_Locator"/>. | |
311 | </p> | |
312 | </column> | |
313 | </group> | |
314 | ||
315 | <group title="Identification"> | |
316 | <column name="name"> | |
fdf059ff | 317 | Symbolic name for the switch, such as its hostname. |
add17b69 | 318 | </column> |
f86f54a9 | 319 | |
add17b69 | 320 | <column name="description"> |
fdf059ff BD |
321 | An extended description for the switch, such as its switch login |
322 | banner. | |
add17b69 BD |
323 | </column> |
324 | </group> | |
255842d9 BD |
325 | <group title="Error Notification"> |
326 | <p> | |
fdf059ff BD |
327 | An entry in this column indicates to the NVC that this switch |
328 | has encountered a fault. The switch must clear this column | |
329 | when the fault has been cleared. | |
255842d9 BD |
330 | </p> |
331 | ||
332 | <column name="switch_fault_status" key="mac_table_exhaustion"> | |
333 | Indicates that the switch has been unable to process MAC | |
334 | entries requested by the NVC due to lack of table resources. | |
335 | </column> | |
336 | ||
337 | <column name="switch_fault_status" key="tunnel_exhaustion"> | |
338 | Indicates that the switch has been unable to create tunnels | |
339 | requested by the NVC due to lack of resources. | |
340 | </column> | |
341 | ||
1f661ac7 DS |
342 | <column name="switch_fault_status" key="lr_switch_bindings_fault"> |
343 | Indicates that the switch has been unable to create the logical router | |
344 | interfaces requested by the NVC due to conflicting configurations or a | |
345 | lack of hardware resources. | |
346 | </column> | |
347 | ||
348 | <column name="switch_fault_status" key="lr_static_routes_fault"> | |
349 | Indicates that the switch has been unable to create the static routes | |
350 | requested by the NVC due to conflicting configurations or a lack of | |
351 | hardware resources. | |
352 | </column> | |
353 | ||
354 | <column name="switch_fault_status" key="lr_creation_fault"> | |
355 | Indicates that the switch has been unable to create the logical router | |
356 | requested by the NVC due to conflicting configurations or a lack of | |
357 | hardware resources. | |
358 | </column> | |
359 | ||
360 | <column name="switch_fault_status" key="lr_support_fault"> | |
361 | Indicates that the switch does not support logical routing. | |
362 | </column> | |
363 | ||
255842d9 BD |
364 | <column name="switch_fault_status" key="unspecified_fault"> |
365 | Indicates that an error has occurred in the switch but that no | |
366 | more specific information is available. | |
367 | </column> | |
b351ac0c DB |
368 | |
369 | <column name="switch_fault_status" | |
370 | key="unsupported_source_node_replication"> | |
371 | Indicates that the requested source node replication mode cannot be | |
372 | supported by the physical switch; this specifically means in this | |
373 | context that the physical switch lacks the capability to support | |
374 | source node replication mode. This error occurs when a controller | |
375 | attempts to set source node replication mode for one of the logical | |
376 | switches that the physical switch is keeping context for. An NVC | |
377 | that observes this error should take appropriate action (for example | |
378 | reverting the logical switch to service node replication mode). | |
379 | It is recommended that an NVC be proactive and test for support of | |
380 | source node replication by using a test logical switch on vtep | |
381 | physical switch nodes and then trying to change the replication mode | |
382 | to source node on this logical switch, checking for error. The NVC | |
383 | could remember this capability per vtep physical switch. Using | |
384 | mixed replication modes on a given logical switch is not recommended. | |
385 | Service node replication mode is considered a basic requirement | |
386 | since it only requires sending a packet to a single transport node, | |
387 | hence it is not expected that a switch should report that service | |
388 | node mode cannot be supported. | |
389 | </column> | |
3e769995 SS |
390 | </group> |
391 | ||
392 | <group title="Common Column"> | |
393 | The overall purpose of this column is described under <code>Common | |
394 | Column</code> at the beginning of this document. | |
255842d9 | 395 | |
3e769995 | 396 | <column name="other_config"/> |
255842d9 | 397 | </group> |
3e769995 | 398 | |
add17b69 BD |
399 | </table> |
400 | ||
c8f4eed5 AS |
401 | <table name="Tunnel" title="A tunnel created by a physical switch."> |
402 | A tunnel created by a <ref table="Physical_Switch"/>. | |
403 | ||
404 | <column name="local"> | |
405 | Tunnel end-point local to the physical switch. | |
406 | </column> | |
407 | ||
408 | <column name="remote"> | |
409 | Tunnel end-point remote to the physical switch. | |
410 | </column> | |
411 | ||
412 | <group title="Bidirectional Forwarding Detection (BFD)"> | |
413 | <p> | |
414 | BFD, defined in RFC 5880, allows point to point detection of | |
415 | connectivity failures by occasional transmission of BFD control | |
416 | messages. VTEPs are expected to implement BFD. | |
417 | </p> | |
418 | ||
419 | <p> | |
420 | BFD operates by regularly transmitting BFD control messages at a | |
421 | rate negotiated independently in each direction. Each endpoint | |
422 | specifies the rate at which it expects to receive control messages, | |
423 | and the rate at which it's willing to transmit them. An endpoint | |
424 | which fails to receive BFD control messages for a period of three | |
425 | times the expected reception rate will signal a connectivity | |
426 | fault. In the case of a unidirectional connectivity issue, the | |
427 | system not receiving BFD control messages will signal the problem | |
428 | to its peer in the messages it transmits. | |
429 | </p> | |
430 | ||
431 | <p> | |
432 | A hardware VTEP is expected to use BFD to determine reachability of | |
433 | devices at the end of the tunnels with which it exchanges data. This | |
434 | can enable the VTEP to choose a functioning service node among a set of | |
435 | service nodes providing high availability. It also enables the NVC to | |
436 | report the health status of tunnels. | |
437 | </p> | |
438 | ||
439 | <p> | |
19289787 | 440 | In many cases the BFD peer of a hardware VTEP will be an Open vSwitch |
c8f4eed5 AS |
441 | instance. The Open vSwitch implementation of BFD aims to comply |
442 | faithfully with the requirements put forth in RFC 5880. Open vSwitch | |
443 | does not implement the optional Authentication or ``Echo Mode'' | |
444 | features. | |
445 | </p> | |
446 | ||
447 | <group title="BFD Local Configuration"> | |
448 | <p> | |
449 | The HSC writes the key-value pairs in the | |
07bb41a9 | 450 | <ref column="bfd_config_local"/> column to specify the local |
c8f4eed5 AS |
451 | configurations to be used for BFD sessions on this tunnel. |
452 | </p> | |
453 | ||
454 | <column name="bfd_config_local" key="bfd_dst_mac"> | |
455 | Set to an Ethernet address in the form | |
456 | <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var> | |
457 | to set the MAC expected as destination for received BFD packets. | |
16ee1400 | 458 | The default is <code>00:23:20:00:00:01</code>. |
c8f4eed5 AS |
459 | </column> |
460 | ||
461 | <column name="bfd_config_local" key="bfd_dst_ip"> | |
462 | Set to an IPv4 address to set the IP address that is expected as destination | |
463 | for received BFD packets. The default is <code>169.254.1.0</code>. | |
464 | </column> | |
465 | ||
466 | </group> | |
467 | ||
468 | <group title="BFD Remote Configuration"> | |
469 | <p> | |
470 | The <ref column="bfd_config_remote"/> column is the remote | |
471 | counterpart of the <ref column="bfd_config_local"/> column. | |
472 | The NVC writes the key-value pairs in this column. | |
473 | </p> | |
474 | ||
475 | <column name="bfd_config_remote" key="bfd_dst_mac"> | |
476 | Set to an Ethernet address in the form | |
477 | <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var> | |
478 | to set the destination MAC to be used for transmitted BFD packets. | |
479 | The default is <code>00:23:20:00:00:01</code>. | |
480 | </column> | |
481 | ||
482 | <column name="bfd_config_remote" key="bfd_dst_ip"> | |
483 | Set to an IPv4 address to set the IP address used as destination | |
484 | for transmitted BFD packets. The default is <code>169.254.1.1</code>. | |
485 | </column> | |
486 | ||
487 | </group> | |
488 | ||
489 | <group title="BFD Parameters"> | |
490 | <p> | |
491 | The NVC sets up key-value pairs in the <ref column="bfd_params"/> | |
492 | column to enable and configure BFD. | |
493 | </p> | |
494 | ||
495 | <column name="bfd_params" key="enable" type='{"type": "boolean"}'> | |
19289787 AT |
496 | True to enable BFD on this <ref table="Tunnel"/>. If not |
497 | specified, BFD will not be enabled by default. | |
c8f4eed5 AS |
498 | </column> |
499 | ||
500 | <column name="bfd_params" key="min_rx" | |
501 | type='{"type": "integer", "minInteger": 1}'> | |
502 | The shortest interval, in milliseconds, at which this BFD session | |
503 | offers to receive BFD control messages. The remote endpoint may | |
504 | choose to send messages at a slower rate. Defaults to | |
505 | <code>1000</code>. | |
506 | </column> | |
507 | ||
508 | <column name="bfd_params" key="min_tx" | |
509 | type='{"type": "integer", "minInteger": 1}'> | |
510 | The shortest interval, in milliseconds, at which this BFD session is | |
511 | willing to transmit BFD control messages. Messages will actually be | |
512 | transmitted at a slower rate if the remote endpoint is not willing to | |
513 | receive as quickly as specified. Defaults to <code>100</code>. | |
514 | </column> | |
515 | ||
516 | <column name="bfd_params" key="decay_min_rx" type='{"type": "integer"}'> | |
517 | An alternate receive interval, in milliseconds, that must be greater | |
19289787 AT |
518 | than or equal to <ref column="bfd_params" key="min_rx"/>. The |
519 | implementation should switch from <ref column="bfd_params" key="min_rx"/> | |
520 | to <ref column="bfd_params" key="decay_min_rx"/> when there is no obvious | |
521 | incoming data traffic at the tunnel, to reduce the CPU and bandwidth | |
522 | cost of monitoring an idle tunnel. This feature may be disabled by | |
523 | setting a value of 0. This feature is reset whenever | |
524 | <ref column="bfd_params" key="decay_min_rx"/> or | |
525 | <ref column="bfd_params" key="min_rx"/> changes. | |
c8f4eed5 AS |
526 | </column> |
527 | ||
528 | <column name="bfd_params" key="forwarding_if_rx" type='{"type": "boolean"}'> | |
19289787 AT |
529 | When <code>true</code>, traffic received on the <ref table="Tunnel"/> |
530 | is used to indicate the capability of packet I/O. | |
531 | BFD control packets are still transmitted and received. At least one | |
532 | BFD control packet must be received every | |
533 | 100 * <ref column="bfd_params" key="min_rx"/> amount of time. | |
534 | Otherwise, even if traffic is received, the | |
535 | <ref column="bfd_params" key="forwarding"/> will be <code>false</code>. | |
c8f4eed5 AS |
536 | </column> |
537 | ||
538 | <column name="bfd_params" key="cpath_down" type='{"type": "boolean"}'> | |
539 | Set to true to notify the remote endpoint that traffic should not be | |
07bb41a9 | 540 | forwarded to this system for some reason other than a connectivity |
c8f4eed5 AS |
541 | failure on the interface being monitored. The typical underlying |
542 | reason is ``concatenated path down,'' that is, that connectivity | |
543 | beyond the local system is down. Defaults to false. | |
544 | </column> | |
545 | ||
546 | <column name="bfd_params" key="check_tnl_key" type='{"type": "boolean"}'> | |
547 | Set to true to make BFD accept only control messages with a tunnel | |
548 | key of zero. By default, BFD accepts control messages with any | |
549 | tunnel key. | |
550 | </column> | |
551 | ||
552 | </group> | |
553 | ||
19289787 AT |
554 | <group title="BFD Status"> |
555 | <p> | |
556 | The VTEP sets key-value pairs in the <ref column="bfd_status"/> | |
557 | column to report the status of BFD on this tunnel. When BFD is | |
558 | not enabled, with <ref column="bfd_params" key="enable"/>, the | |
559 | HSC clears all key-value pairs from <ref column="bfd_status"/>. | |
560 | </p> | |
c8f4eed5 | 561 | |
19289787 AT |
562 | <column name="bfd_status" key="enabled" type='{"type": "boolean"}'> |
563 | Set to true if the BFD session has been successfully enabled. | |
564 | Set to false if the VTEP cannot support BFD or has insufficient | |
565 | resources to enable BFD on this tunnel. The NVC will disable | |
566 | the BFD monitoring on the other side of the tunnel once this | |
567 | value is set to false. | |
568 | </column> | |
16ee1400 | 569 | |
19289787 AT |
570 | <column name="bfd_status" key="state" |
571 | type='{"type": "string", | |
c8f4eed5 | 572 | "enum": ["set", ["admin_down", "down", "init", "up"]]}'> |
19289787 AT |
573 | Reports the state of the BFD session. The BFD session is fully |
574 | healthy and negotiated if <code>UP</code>. | |
575 | </column> | |
c8f4eed5 | 576 | |
19289787 AT |
577 | <column name="bfd_status" key="forwarding" type='{"type": "boolean"}'> |
578 | Reports whether the BFD session believes this <ref table="Tunnel"/> | |
579 | may be used to forward traffic. Typically this means the local session | |
580 | is signaling <code>UP</code>, and the remote system isn't signaling a | |
581 | problem such as concatenated path down. | |
582 | </column> | |
c8f4eed5 | 583 | |
19289787 AT |
584 | <column name="bfd_status" key="diagnostic"> |
585 | A diagnostic code specifying the local system's reason for the | |
586 | last change in session state. The error messages are defined in | |
587 | section 4.1 of [RFC 5880]. | |
588 | </column> | |
c8f4eed5 | 589 | |
19289787 AT |
590 | <column name="bfd_status" key="remote_state" |
591 | type='{"type": "string", | |
c8f4eed5 | 592 | "enum": ["set", ["admin_down", "down", "init", "up"]]}'> |
19289787 AT |
593 | Reports the state of the remote endpoint's BFD session. |
594 | </column> | |
c8f4eed5 | 595 | |
19289787 AT |
596 | <column name="bfd_status" key="remote_diagnostic"> |
597 | A diagnostic code specifying the remote system's reason for the | |
598 | last change in session state. The error messages are defined in | |
599 | section 4.1 of [RFC 5880]. | |
600 | </column> | |
16ee1400 | 601 | |
19289787 AT |
602 | <column name="bfd_status" key="info"> |
603 | A short message providing further information about the BFD status | |
604 | (possibly including reasons why BFD could not be enabled). | |
605 | </column> | |
c8f4eed5 AS |
606 | </group> |
607 | </group> | |
608 | </table> | |
609 | ||
add17b69 BD |
610 | <table name="Physical_Port" title="A port within a physical switch."> |
611 | A port within a <ref table="Physical_Switch"/>. | |
612 | ||
613 | <column name="vlan_bindings"> | |
614 | Identifies how VLANs on the physical port are bound to logical switches. | |
615 | If, for example, the map contains a (VLAN, logical switch) pair, a packet | |
616 | that arrives on the port in the VLAN is considered to belong to the | |
b49f5f7a BD |
617 | paired logical switch. A value of zero in the VLAN field means |
618 | that untagged traffic on the physical port is mapped to the | |
619 | logical switch. | |
add17b69 BD |
620 | </column> |
621 | ||
c0c1dccb BD |
622 | <column name="acl_bindings"> |
623 | <p> | |
624 | Attach Access Control Lists (ACLs) to the physical port. The | |
625 | column consists of a map of VLAN tags to <ref table="ACL"/>s. If the value of | |
626 | the VLAN tag in the map is 0, this means that the ACL is | |
627 | associated with the entire physical port. Non-zero values mean | |
628 | that the ACL is to be applied only on packets carrying that VLAN | |
629 | tag value. Switches will not necessarily support matching on the | |
630 | VLAN tag for all ACLs, and unsupported ACL bindings will cause | |
631 | errors to be reported. The binding of an ACL to a specific | |
632 | VLAN and the binding of an ACL to the entire physical port | |
633 | should not be combined on a single physical port. That is, a | |
634 | mix of zero and non-zero keys in the map is not recommended. | |
635 | </p> | |
636 | </column> | |
637 | ||
add17b69 BD |
638 | <column name="vlan_stats"> |
639 | Statistics for VLANs bound to logical switches on the physical port. An | |
640 | implementation that fully supports such statistics would populate this | |
641 | column with a mapping for every VLAN that is bound in <ref | |
642 | column="vlan_bindings"/>. An implementation that does not support such | |
643 | statistics or only partially supports them would not populate this column | |
b49f5f7a BD |
644 | or partially populate it, respectively. A value of zero in the |
645 | VLAN field refers to untagged traffic on the physical port. | |
add17b69 BD |
646 | </column> |
647 | ||
648 | <group title="Identification"> | |
649 | <column name="name"> | |
fdf059ff BD |
650 | Symbolic name for the port. The name ought to be unique within a given |
651 | <ref table="Physical_Switch"/>, but the database is not capable of | |
652 | enforcing this. | |
add17b69 BD |
653 | </column> |
654 | ||
655 | <column name="description"> | |
fdf059ff | 656 | An extended description for the port. |
add17b69 BD |
657 | </column> |
658 | </group> | |
255842d9 BD |
659 | <group title="Error Notification"> |
660 | <p> | |
fdf059ff | 661 | An entry in this column indicates to the NVC that the physical port has |
07bb41a9 | 662 | encountered a fault. The switch must clear this column when the error |
fdf059ff | 663 | has been cleared. |
255842d9 BD |
664 | </p> |
665 | <column name="port_fault_status" key="invalid_vlan_map"> | |
fdf059ff BD |
666 | <p> |
667 | Indicates that a VLAN-to-logical-switch mapping requested by | |
668 | the controller could not be instantiated by the switch | |
669 | because of a conflict with local configuration. | |
670 | </p> | |
255842d9 | 671 | </column> |
c0c1dccb BD |
672 | <column name="port_fault_status" key="invalid_ACL_binding"> |
673 | <p> | |
674 | Indicates that an error has occurred in associating an ACL | |
675 | with a port. | |
676 | </p> | |
677 | </column> | |
255842d9 | 678 | <column name="port_fault_status" key="unspecified_fault"> |
fdf059ff BD |
679 | <p> |
680 | Indicates that an error has occurred on the port but that no | |
681 | more specific information is available. | |
682 | </p> | |
255842d9 BD |
683 | </column> |
684 | </group> | |
685 | ||
3e769995 SS |
686 | <group title="Common Column"> |
687 | The overall purpose of this column is described under <code>Common | |
688 | Column</code> at the beginning of this document. | |
689 | ||
690 | <column name="other_config"/> | |
691 | </group> | |
692 | ||
add17b69 BD |
693 | </table> |
694 | ||
695 | <table name="Logical_Binding_Stats" title="Statistics for a VLAN on a physical port bound to a logical network."> | |
696 | Reports statistics for the <ref table="Logical_Switch"/> with which a VLAN | |
697 | on a <ref table="Physical_Port"/> is associated. | |
698 | ||
699 | <group title="Statistics"> | |
700 | These statistics count only packets to which the binding applies. | |
701 | ||
702 | <column name="packets_from_local"> | |
703 | Number of packets sent by the <ref table="Physical_Switch"/>. | |
704 | </column> | |
705 | ||
706 | <column name="bytes_from_local"> | |
707 | Number of bytes in packets sent by the <ref table="Physical_Switch"/>. | |
708 | </column> | |
709 | ||
710 | <column name="packets_to_local"> | |
711 | Number of packets received by the <ref table="Physical_Switch"/>. | |
712 | </column> | |
713 | ||
714 | <column name="bytes_to_local"> | |
715 | Number of bytes in packets received by the <ref | |
716 | table="Physical_Switch"/>. | |
717 | </column> | |
718 | </group> | |
719 | </table> | |
720 | ||
721 | <table name="Logical_Switch" title="A layer-2 domain."> | |
722 | A logical Ethernet switch, whose implementation may span physical and | |
723 | virtual media, possibly crossing L3 domains via tunnels; a logical layer-2 | |
724 | domain; an Ethernet broadcast domain. | |
725 | ||
726 | ||
727 | ||
728 | <group title="Per Logical-Switch Tunnel Key"> | |
729 | <p> | |
730 | Tunnel protocols tend to have a field that allows the tunnel | |
731 | to be partitioned into sub-tunnels: VXLAN has a VNI, GRE and | |
732 | STT have a key, CAPWAP has a WSI, and so on. We call these | |
733 | generically ``tunnel keys.'' Given that one needs to use a | |
734 | tunnel key at all, there are at least two reasonable ways to | |
735 | assign their values: | |
736 | </p> | |
737 | ||
738 | <ul> | |
739 | <li> | |
740 | <p> | |
741 | Per <ref table="Logical_Switch"/>+<ref table="Physical_Locator"/> | |
742 | pair. That is, each logical switch may be assigned a different | |
743 | tunnel key on every <ref table="Physical_Locator"/>. This model is | |
744 | especially flexible. | |
745 | </p> | |
746 | ||
747 | <p> | |
748 | In this model, <ref table="Physical_Locator"/> carries the tunnel | |
749 | key. Therefore, one <ref table="Physical_Locator"/> record will | |
750 | exist for each logical switch carried at a given IP destination. | |
751 | </p> | |
752 | </li> | |
753 | ||
754 | <li> | |
755 | <p> | |
756 | Per <ref table="Logical_Switch"/>. That is, every tunnel | |
757 | associated with a particular logical switch carries the same tunnel | |
758 | key, regardless of the <ref table="Physical_Locator"/> to which the | |
759 | tunnel is addressed. This model may ease switch implementation | |
760 | because it imposes fewer requirements on the hardware datapath. | |
761 | </p> | |
762 | ||
763 | <p> | |
764 | In this model, <ref table="Logical_Switch"/> carries the tunnel | |
765 | key. Therefore, one <ref table="Physical_Locator"/> record will | |
766 | exist for each IP destination. | |
767 | </p> | |
768 | </li> | |
769 | </ul> | |
770 | ||
771 | <column name="tunnel_key"> | |
772 | <p> | |
773 | This column is used only in the tunnel key per <ref | |
774 | table="Logical_Switch"/> model (see above), because only in that | |
775 | model is there a tunnel key associated with a logical switch. | |
776 | </p> | |
777 | ||
778 | <p> | |
c2cd1902 OBY |
779 | For <code>vxlan_over_ipv4</code> encapsulation, when the tunnel key |
780 | per <ref table="Logical_Switch"/> model is in use, this column is the | |
781 | VXLAN VNI that identifies a logical switch. It must be in the range | |
782 | 0 to 16,777,215. | |
add17b69 BD |
783 | </p> |
784 | </column> | |
785 | </group> | |
786 | ||
b351ac0c DB |
787 | <group title="Replication Mode"> |
788 | <p> | |
789 | For handling L2 broadcast, multicast and unknown unicast traffic, | |
790 | packets can be sent to all members of a logical switch referenced by | |
791 | a physical switch. There are different modes to replicate the | |
792 | packets. The default mode of replication is to send the traffic to | |
793 | a service node, which can be a hypervisor, server or appliance, and | |
794 | let the service node handle replication to other transport nodes | |
795 | (hypervisors or other VTEP physical switches). This mode is called | |
796 | service node replication. An alternate mode of replication, called | |
797 | source node replication involves the source node sending to all | |
798 | other transport nodes. Hypervisors are always responsible for doing | |
799 | their own replication for locally attached VMs in both modes. | |
800 | Service node replication mode is the default and considered a | |
801 | basic requirement because it only requires sending the packet to | |
802 | a single transport node. | |
803 | </p> | |
804 | ||
805 | <column name="replication_mode"> | |
806 | <p> | |
807 | This optional column defines the replication mode per | |
808 | <ref table="Logical_Switch"/>. There are 2 valid values, | |
809 | <code>service_node</code> and <code>source_node</code>. If the | |
810 | column is not set, the replication mode defaults to service_node. | |
811 | </p> | |
812 | ||
813 | </column> | |
814 | </group> | |
815 | ||
add17b69 BD |
816 | <group title="Identification"> |
817 | <column name="name"> | |
fdf059ff | 818 | Symbolic name for the logical switch. |
add17b69 | 819 | </column> |
f86f54a9 | 820 | |
add17b69 | 821 | <column name="description"> |
fdf059ff BD |
822 | An extended description for the logical switch, such as its switch |
823 | login banner. | |
add17b69 BD |
824 | </column> |
825 | </group> | |
3e769995 SS |
826 | |
827 | <group title="Common Column"> | |
828 | The overall purpose of this column is described under <code>Common | |
829 | Column</code> at the beginning of this document. | |
830 | ||
831 | <column name="other_config"/> | |
832 | </group> | |
833 | ||
add17b69 BD |
834 | </table> |
835 | ||
836 | <table name="Ucast_Macs_Local" title="Unicast MACs (local)"> | |
837 | <p> | |
838 | Mapping of unicast MAC addresses to tunnels (physical | |
839 | locators). This table is written by the HSC, so it contains the | |
840 | MAC addresses that have been learned on physical ports by a | |
841 | VTEP. | |
842 | </p> | |
843 | ||
844 | <column name="MAC"> | |
845 | A MAC address that has been learned by the VTEP. | |
846 | </column> | |
847 | ||
848 | <column name="logical_switch"> | |
849 | The Logical switch to which this mapping applies. | |
850 | </column> | |
851 | ||
852 | <column name="locator"> | |
853 | The physical locator to be used to reach this MAC address. In | |
854 | this table, the physical locator will be one of the tunnel IP | |
855 | addresses of the appropriate VTEP. | |
856 | </column> | |
857 | ||
858 | <column name="ipaddr"> | |
859 | The IP address to which this MAC corresponds. Optional field for | |
860 | the purpose of ARP supression. | |
861 | </column> | |
862 | ||
863 | </table> | |
864 | ||
f86f54a9 | 865 | <table name="Ucast_Macs_Remote" title="Unicast MACs (remote)"> |
add17b69 BD |
866 | <p> |
867 | Mapping of unicast MAC addresses to tunnels (physical | |
868 | locators). This table is written by the NVC, so it contains the | |
869 | MAC addresses that the NVC has learned. These include VM MAC | |
870 | addresses, in which case the physical locators will be | |
871 | hypervisor IP addresses. The NVC will also report MACs that it | |
872 | has learned from other HSCs in the network, in which case the | |
873 | physical locators will be tunnel IP addresses of the | |
874 | corresponding VTEPs. | |
875 | </p> | |
876 | ||
877 | <column name="MAC"> | |
255842d9 | 878 | A MAC address that has been learned by the NVC. |
add17b69 BD |
879 | </column> |
880 | ||
881 | <column name="logical_switch"> | |
882 | The Logical switch to which this mapping applies. | |
883 | </column> | |
884 | ||
885 | <column name="locator"> | |
886 | The physical locator to be used to reach this MAC address. In | |
887 | this table, the physical locator will be either a hypervisor IP | |
888 | address or a tunnel IP addresses of another VTEP. | |
889 | </column> | |
890 | ||
891 | <column name="ipaddr"> | |
892 | The IP address to which this MAC corresponds. Optional field for | |
893 | the purpose of ARP supression. | |
894 | </column> | |
895 | ||
896 | </table> | |
897 | ||
898 | <table name="Mcast_Macs_Local" title="Multicast MACs (local)"> | |
899 | <p> | |
900 | Mapping of multicast MAC addresses to tunnels (physical | |
901 | locators). This table is written by the HSC, so it contains the | |
902 | MAC addresses that have been learned on physical ports by a | |
903 | VTEP. These may be learned by IGMP snooping, for example. This | |
904 | table also specifies how to handle unknown unicast and broadcast packets. | |
905 | </p> | |
906 | ||
907 | <column name="MAC"> | |
908 | <p> | |
f86f54a9 | 909 | A MAC address that has been learned by the VTEP. |
add17b69 BD |
910 | </p> |
911 | <p> | |
fdf059ff BD |
912 | The keyword <code>unknown-dst</code> is used as a special |
913 | ``Ethernet address'' that indicates the locations to which | |
914 | packets in a logical switch whose destination addresses do not | |
915 | otherwise appear in <ref table="Ucast_Macs_Local"/> (for | |
916 | unicast addresses) or <ref table="Mcast_Macs_Local"/> (for | |
917 | multicast addresses) should be sent. | |
add17b69 BD |
918 | </p> |
919 | </column> | |
920 | ||
921 | <column name="logical_switch"> | |
922 | The Logical switch to which this mapping applies. | |
923 | </column> | |
924 | ||
925 | <column name="locator_set"> | |
926 | The physical locator set to be used to reach this MAC address. In | |
927 | this table, the physical locator set will be contain one or more tunnel IP | |
928 | addresses of the appropriate VTEP(s). | |
929 | </column> | |
930 | ||
19368978 BP |
931 | <column name="ipaddr"> |
932 | The IP address to which this MAC corresponds. Optional field for | |
933 | the purpose of ARP supression. | |
934 | </column> | |
add17b69 BD |
935 | </table> |
936 | ||
937 | <table name="Mcast_Macs_Remote" title="Multicast MACs (remote)"> | |
938 | <p> | |
939 | Mapping of multicast MAC addresses to tunnels (physical | |
940 | locators). This table is written by the NVC, so it contains the | |
941 | MAC addresses that the NVC has learned. This | |
942 | table also specifies how to handle unknown unicast and broadcast | |
943 | packets. | |
944 | </p> | |
945 | <p> | |
946 | Multicast packet replication may be handled by a service node, | |
947 | in which case the physical locators will be IP addresses of | |
948 | service nodes. If the VTEP supports replication onto multiple | |
b351ac0c DB |
949 | tunnels, using source node replication, then this may be used to |
950 | replicate directly onto VTEP-hypervisor or VTEP-VTEP tunnels. | |
add17b69 BD |
951 | </p> |
952 | ||
953 | <column name="MAC"> | |
954 | <p> | |
fdf059ff | 955 | A MAC address that has been learned by the NVC. |
add17b69 BD |
956 | </p> |
957 | <p> | |
fdf059ff BD |
958 | The keyword <code>unknown-dst</code> is used as a special |
959 | ``Ethernet address'' that indicates the locations to which | |
960 | packets in a logical switch whose destination addresses do not | |
961 | otherwise appear in <ref table="Ucast_Macs_Remote"/> (for | |
962 | unicast addresses) or <ref table="Mcast_Macs_Remote"/> (for | |
963 | multicast addresses) should be sent. | |
add17b69 BD |
964 | </p> |
965 | </column> | |
966 | ||
967 | <column name="logical_switch"> | |
968 | The Logical switch to which this mapping applies. | |
969 | </column> | |
970 | ||
971 | <column name="locator_set"> | |
972 | The physical locator set to be used to reach this MAC address. In | |
b351ac0c DB |
973 | this table, the physical locator set will be either a set of service |
974 | nodes when service node replication is used or the set of transport | |
975 | nodes (defined as hypervisors or VTEPs) participating in the associated | |
976 | logical switch, when source node replication is used. When service node | |
977 | replication is used, the VTEP should send packets to one member of the | |
978 | locator set that is known to be healthy and reachable, which could be | |
979 | determined by BFD. When source node replication is used, the VTEP | |
980 | should send packets to all members of the locator set. | |
add17b69 BD |
981 | </column> |
982 | ||
983 | <column name="ipaddr"> | |
984 | The IP address to which this MAC corresponds. Optional field for | |
985 | the purpose of ARP supression. | |
986 | </column> | |
987 | ||
988 | </table> | |
989 | ||
990 | <table name="Logical_Router" title="A logical L3 router."> | |
991 | <p> | |
992 | A logical router, or VRF. A logical router may be connected to one or more | |
f86f54a9 | 993 | logical switches. Subnet addresses and interface addresses may be configured on the |
add17b69 BD |
994 | interfaces. |
995 | </p> | |
f86f54a9 | 996 | |
add17b69 BD |
997 | <column name="switch_binding"> |
998 | Maps from an IPv4 or IPv6 address prefix in CIDR notation to a | |
999 | logical switch. Multiple prefixes may map to the same switch. By | |
1000 | writing a 32-bit (or 128-bit for v6) address with a /N prefix | |
1001 | length, both the router's interface address and the subnet | |
1002 | prefix can be configured. For example, 192.68.1.1/24 creates a | |
1003 | /24 subnet for the logical switch attached to the interface and | |
1004 | assigns the address 192.68.1.1 to the router interface. | |
1005 | </column> | |
1006 | ||
1007 | <column name="static_routes"> | |
1008 | One or more static routes, mapping IP prefixes to next hop IP addresses. | |
1009 | </column> | |
1010 | ||
c0c1dccb BD |
1011 | <column name="acl_binding"> |
1012 | Maps ACLs to logical router interfaces. The router interfaces | |
1013 | are indicated using IP address notation, and must be the same | |
1014 | interfaces created in the <ref column="switch_binding"/> | |
1015 | column. For example, an ACL could be associated with the logical | |
1016 | router interface with an address of 192.68.1.1 as defined in the | |
1017 | example above. | |
1018 | </column> | |
1019 | ||
add17b69 BD |
1020 | <group title="Identification"> |
1021 | <column name="name"> | |
fdf059ff | 1022 | Symbolic name for the logical router. |
add17b69 BD |
1023 | </column> |
1024 | ||
1025 | <column name="description"> | |
fdf059ff | 1026 | An extended description for the logical router. |
add17b69 BD |
1027 | </column> |
1028 | </group> | |
c0c1dccb BD |
1029 | |
1030 | <group title="Error Notification"> | |
1031 | <p> | |
1032 | An entry in this column indicates to the NVC that the HSC has | |
1033 | encountered a fault in configuring state related to the | |
1034 | logical router. | |
1035 | </p> | |
1036 | <column name="LR_fault_status" key="invalid_ACL_binding"> | |
1037 | <p> | |
1038 | Indicates that an error has occurred in associating an ACL | |
1039 | with a logical router port. | |
1040 | </p> | |
1041 | </column> | |
1042 | <column name="LR_fault_status" key="unspecified_fault"> | |
1043 | <p> | |
1044 | Indicates that an error has occurred in configuring the | |
1045 | logical router but that no | |
1046 | more specific information is available. | |
1047 | </p> | |
1048 | </column> | |
1049 | </group> | |
1050 | ||
3e769995 SS |
1051 | <group title="Common Column"> |
1052 | The overall purpose of this column is described under <code>Common | |
1053 | Column</code> at the beginning of this document. | |
1054 | ||
1055 | <column name="other_config"/> | |
1056 | </group> | |
1057 | ||
add17b69 BD |
1058 | </table> |
1059 | ||
7ae92590 BD |
1060 | <table name="Arp_Sources_Local" title="ARP source addresses for logical routers"> |
1061 | <p> | |
1062 | MAC address to be used when a VTEP issues ARP requests on behalf | |
1063 | of a logical router. | |
1064 | </p> | |
1065 | ||
1066 | <p> | |
1067 | A distributed logical router is implemented by a set of VTEPs | |
1068 | (both hardware VTEPs and vswitches). In order for a given VTEP | |
1069 | to populate the local ARP cache for a logical router, it issues | |
1070 | ARP requests with a source MAC address that is unique to the VTEP. A | |
1071 | single per-VTEP MAC can be re-used across all logical | |
1072 | networks. This table contains the MACs that are used by the | |
1073 | VTEPs of a given HSC. The table provides the mapping from MAC to | |
1074 | physical locator for each VTEP so that replies to the ARP | |
1075 | requests can be sent back to the correct VTEP using the | |
1076 | appropriate physical locator. | |
1077 | </p> | |
1078 | ||
1079 | <column name="src_mac"> | |
1080 | The source MAC to be used by a given VTEP. | |
1081 | </column> | |
1082 | ||
1083 | <column name="locator"> | |
1084 | The <ref table="Physical_Locator"/> to use for replies to ARP | |
1085 | requests from this MAC address. | |
1086 | </column> | |
1087 | </table> | |
1088 | ||
1089 | <table name="Arp_Sources_Remote" title="ARP source addresses for logical routers"> | |
1090 | <p> | |
1091 | MAC address to be used when a remote VTEP issues ARP requests on behalf | |
1092 | of a logical router. | |
1093 | </p> | |
1094 | ||
1095 | <p> | |
1096 | This table is the remote counterpart of <ref | |
1097 | table="Arp_sources_local"/>. The NVC writes this table to notify | |
1098 | the HSC of the MACs that will be used by remote VTEPs when they | |
1099 | issue ARP requests on behalf of a distributed logical router. | |
1100 | </p> | |
1101 | ||
1102 | <column name="src_mac"> | |
1103 | The source MAC to be used by a given VTEP. | |
1104 | </column> | |
1105 | ||
1106 | <column name="locator"> | |
1107 | The <ref table="Physical_Locator"/> to use for replies to ARP | |
1108 | requests from this MAC address. | |
1109 | </column> | |
1110 | </table> | |
1111 | ||
add17b69 BD |
1112 | <table name="Physical_Locator_Set"> |
1113 | <p> | |
1114 | A set of one or more <ref table="Physical_Locator"/>s. | |
1115 | </p> | |
1116 | ||
1117 | <p> | |
1118 | This table exists only because OVSDB does not have a way to | |
1119 | express the type ``map from string to one or more <ref | |
1120 | table="Physical_Locator"/> records.'' | |
1121 | </p> | |
1122 | ||
f86f54a9 | 1123 | <column name="locators"/> |
add17b69 BD |
1124 | </table> |
1125 | ||
1126 | <table name="Physical_Locator"> | |
1127 | <p> | |
1128 | Identifies an endpoint to which logical switch traffic may be | |
1129 | encapsulated and forwarded. | |
1130 | </p> | |
1131 | ||
1132 | <p> | |
c2cd1902 OBY |
1133 | The <code>vxlan_over_ipv4</code> encapsulation, the only encapsulation |
1134 | defined so far, can use either tunnel key model described in the ``Per | |
1135 | Logical-Switch Tunnel Key'' section in the <ref table="Logical_Switch"/> | |
1136 | table. When the tunnel key per <ref table="Logical_Switch"/> model is in | |
1137 | use, the <ref table="Logical_Switch" column="tunnel_key"/> column in the | |
1138 | <ref table="Logical_Switch"/> table is filled with a VNI and the <ref | |
1139 | column="tunnel_key"/> column in this table is empty; in the | |
1140 | key-per-tunnel model, the opposite is true. The former model is older, | |
1141 | and thus likely to be more widely supported. See the ``Per | |
1142 | Logical-Switch Tunnel Key'' section in the <ref table="Logical_Switch"/> | |
1143 | table for further discussion of the model. | |
add17b69 BD |
1144 | </p> |
1145 | ||
1146 | <column name="encapsulation_type"> | |
1147 | The type of tunneling encapsulation. | |
1148 | </column> | |
1149 | ||
1150 | <column name="dst_ip"> | |
1151 | <p> | |
1152 | For <code>vxlan_over_ipv4</code> encapsulation, the IPv4 address of the | |
1153 | VXLAN tunnel endpoint. | |
1154 | </p> | |
1155 | ||
1156 | <p> | |
1157 | We expect that this column could be used for IPv4 or IPv6 addresses in | |
1158 | encapsulations to be introduced later. | |
1159 | </p> | |
1160 | </column> | |
23f781e4 | 1161 | |
c2cd1902 OBY |
1162 | <column name="tunnel_key"> |
1163 | <p> | |
1164 | This column is used only in the tunnel key per <ref | |
1165 | table="Logical_Switch"/>+<ref table="Physical_Locator"/> model (see | |
1166 | above). | |
1167 | </p> | |
1168 | ||
1169 | <p> | |
1170 | For <code>vxlan_over_ipv4</code> encapsulation, when the <ref | |
1171 | table="Logical_Switch"/>+<ref table="Physical_Locator"/> model is in | |
1172 | use, this column is the VXLAN VNI. It must be in the range 0 to | |
1173 | 16,777,215. | |
1174 | </p> | |
1175 | </column> | |
1176 | ||
add17b69 | 1177 | </table> |
c0c1dccb BD |
1178 | <table name="ACL_entry"> |
1179 | <p> | |
1180 | Describes the individual entries that comprise an Access Control List. | |
1181 | </p> | |
1182 | <p> | |
1183 | Each entry in the table is a single rule to match on certain | |
1184 | header fields. While there are a large number of fields that can | |
1185 | be matched on, most hardware cannot match on arbitrary | |
1186 | combinations of fields. It is common to match on either L2 | |
1187 | fields (described below in the L2 group of columns) or L3/L4 fields | |
1188 | (the L3/L4 group of columns) but not both. The hardware switch | |
1189 | controller may log an error if an ACL entry requires it to match | |
1190 | on an incompatible mixture of fields. | |
1191 | </p> | |
1192 | <column name="sequence"> | |
1193 | <p> | |
1194 | The sequence number for the ACL entry for the purpose of | |
1195 | ordering entries in an ACL. Lower numbered entries are matched | |
1196 | before higher numbered entries. | |
1197 | </p> | |
1198 | </column> | |
1199 | <group title="L2 fields"> | |
1200 | <column name="source_mac"> | |
1201 | <p> | |
1202 | Source MAC address, in the form | |
1203 | <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var> | |
1204 | </p> | |
1205 | </column> | |
1206 | <column name="dest_mac"> | |
1207 | <p> | |
1208 | Destination MAC address, in the form | |
1209 | <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var> | |
1210 | </p> | |
1211 | </column> | |
f86f54a9 | 1212 | <column name="ethertype"> |
c0c1dccb BD |
1213 | <p> |
1214 | Ethertype in hexadecimal, in the form | |
1215 | <var>0xAAAA</var> | |
1216 | </p> | |
1217 | </column> | |
1218 | </group> | |
1219 | <group title="L3/L4 fields"> | |
1220 | <column name="source_ip"> | |
1221 | <p> | |
1222 | Source IP address, in the form | |
1223 | <var>xx.xx.xx.xx</var> for IPv4 or appropriate | |
1224 | colon-separated hexadecimal notation for IPv6. | |
1225 | </p> | |
1226 | </column> | |
1227 | <column name="source_mask"> | |
1228 | <p> | |
1229 | Mask that determines which bits of source_ip to match on, in the form | |
1230 | <var>xx.xx.xx.xx</var> for IPv4 or appropriate | |
1231 | colon-separated hexadecimal notation for IPv6. | |
1232 | </p> | |
1233 | </column> | |
1234 | <column name="dest_ip"> | |
1235 | <p> | |
1236 | Destination IP address, in the form | |
1237 | <var>xx.xx.xx.xx</var> for IPv4 or appropriate | |
1238 | colon-separated hexadecimal notation for IPv6. | |
1239 | </p> | |
1240 | </column> | |
1241 | <column name="dest_mask"> | |
1242 | <p> | |
1243 | Mask that determines which bits of dest_ip to match on, in the form | |
1244 | <var>xx.xx.xx.xx</var> for IPv4 or appropriate | |
1245 | colon-separated hexadecimal notation for IPv6. | |
1246 | </p> | |
1247 | </column> | |
1248 | <column name="protocol"> | |
1249 | <p> | |
1250 | Protocol number in the IPv4 header, or value of the "next | |
1251 | header" field in the IPv6 header. | |
1252 | </p> | |
1253 | </column> | |
1254 | <column name="source_port_min"> | |
1255 | <p> | |
1256 | Lower end of the range of source port values. The value | |
1257 | specified is included in the range. | |
1258 | </p> | |
1259 | </column> | |
1260 | <column name="source_port_max"> | |
1261 | <p> | |
1262 | Upper end of the range of source port values. The value | |
1263 | specified is included in the range. | |
1264 | </p> | |
1265 | </column> | |
1266 | <column name="dest_port_min"> | |
1267 | <p> | |
1268 | Lower end of the range of destination port values. The value | |
1269 | specified is included in the range. | |
1270 | </p> | |
1271 | </column> | |
1272 | <column name="dest_port_max"> | |
1273 | <p> | |
1274 | Upper end of the range of destination port values. The value | |
1275 | specified is included in the range. | |
1276 | </p> | |
1277 | </column> | |
1278 | <column name="tcp_flags"> | |
1279 | <p> | |
1280 | Integer representing the value of TCP flags to match. For | |
1281 | example, the SYN flag is the second least significant bit in | |
1282 | the TCP flags. Hence a value of 2 would indicate that the "SYN" | |
1283 | flag should be set (assuming an appropriate mask). | |
1284 | </p> | |
1285 | </column> | |
1286 | <column name="tcp_flags_mask"> | |
1287 | <p> | |
1288 | Integer representing the mask to apply when matching TCP | |
1289 | flags. For example, a value of 2 would imply that the "SYN" | |
1290 | flag should be matched and all other flags ignored. | |
1291 | </p> | |
1292 | </column> | |
1293 | <column name="icmp_type"> | |
1294 | <p> | |
1295 | ICMP type to be matched. | |
1296 | </p> | |
1297 | </column> | |
1298 | <column name="icmp_code"> | |
1299 | <p> | |
1300 | ICMP code to be matched. | |
1301 | </p> | |
1302 | </column> | |
1303 | </group> | |
1304 | <column name="direction"> | |
1305 | <p> | |
1306 | Direction of traffic to match on the specified port, either | |
1307 | "ingress" (toward the logical switch or router) or "egress" | |
1308 | (leaving the logical switch or router). | |
1309 | </p> | |
1310 | </column> | |
1311 | <column name="action"> | |
1312 | <p> | |
1313 | Action to take for this rule, either "permit" or "deny". | |
1314 | </p> | |
1315 | </column> | |
1316 | <group title="Error Notification"> | |
1317 | <p> | |
1318 | An entry in this column indicates to the NVC that the ACL | |
1319 | could not be configured as requested. The switch must clear this column when the error | |
1320 | has been cleared. | |
1321 | </p> | |
1322 | <column name="acle_fault_status" key="invalid_acl_entry"> | |
1323 | <p> | |
1324 | Indicates that an ACL entry requested by | |
1325 | the controller could not be instantiated by the switch, | |
1326 | e.g. because it requires an unsupported combination of | |
1327 | fields to be matched. | |
1328 | </p> | |
1329 | </column> | |
1330 | <column name="acle_fault_status" key="unspecified_fault"> | |
1331 | <p> | |
1332 | Indicates that an error has occurred in configuring the ACL | |
1333 | entry but no | |
1334 | more specific information is available. | |
1335 | </p> | |
1336 | </column> | |
1337 | </group> | |
1338 | </table> | |
1339 | <table name="ACL"> | |
1340 | <p> | |
1341 | Access Control List table. Each ACL is constructed as a set of | |
1342 | entries from the <ref table="ACL_entry"/> table. Packets that | |
1343 | are not matched by any entry in the ACL are allowed by default. | |
1344 | </p> | |
1345 | <column name="acl_entries"> | |
1346 | <p> | |
1347 | A set of references to entries in the <ref table="ACL_entry"/> table. | |
1348 | </p> | |
1349 | </column> | |
1350 | <column name="acl_name"> | |
1351 | <p> | |
1352 | A human readable name for the ACL, which may (for example) be displayed on | |
1353 | the switch CLI. | |
1354 | </p> | |
1355 | </column> | |
1356 | <group title="Error Notification"> | |
1357 | <p> | |
1358 | An entry in this column indicates to the NVC that the ACL | |
1359 | could not be configured as requested. The switch must clear this column when the error | |
1360 | has been cleared. | |
1361 | </p> | |
1362 | <column name="acl_fault_status" key="invalid_acl"> | |
1363 | <p> | |
1364 | Indicates that an ACL requested by | |
1365 | the controller could not be instantiated by the switch, | |
1366 | e.g., because it requires an unsupported combination of | |
1367 | fields to be matched. | |
1368 | </p> | |
1369 | </column> | |
1370 | <column name="acl_fault_status" key="resource_shortage"> | |
1371 | <p> | |
1372 | Indicates that an ACL requested by | |
1373 | the controller could not be instantiated by the switch due | |
1374 | to a shortage of resources (e.g. TCAM space). | |
1375 | </p> | |
1376 | </column> | |
1377 | <column name="acl_fault_status" key="unspecified_fault"> | |
1378 | <p> | |
1379 | Indicates that an error has occurred in configuring the ACL | |
1380 | but no | |
1381 | more specific information is available. | |
1382 | </p> | |
1383 | </column> | |
1384 | </group> | |
1385 | </table> | |
add17b69 | 1386 | </database> |