]> git.proxmox.com Git - mirror_ovs.git/blame - vtep/vtep.xml
projects / mirror_ovs.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
cirrus: Use FreeBSD 12.2.
[mirror_ovs.git] / vtep / vtep.xml
CommitLineData
add17b69 1<?xml version="1.0" encoding="utf-8"?>
57ba0a77 2<database name="vtep" title="Hardware VTEP Database">
add17b69
BD		 3 <p>
4 This schema specifies relations that a VTEP can use to integrate
5 physical ports into logical switches maintained by a network
6 virtualization controller such as NSX.
7 </p>
f86f54a9 8
add17b69
BD		 9 <p>Glossary:</p>
10
11 <dl>
12 <dt>VTEP</dt>
13 <dd>
14 VXLAN Tunnel End Point, an entity which originates and/or terminates
15 VXLAN tunnels.
16 </dd>
17
18 <dt>HSC</dt>
19 <dd>
20 Hardware Switch Controller.
21 </dd>
22
23 <dt>NVC</dt>
24 <dd>
25 Network Virtualization Controller, e.g. NSX.
26 </dd>
27
28 <dt>VRF</dt>
29 <dd>
30 Virtual Routing and Forwarding instance.
31 </dd>
f86f54a9 32 </dl>
add17b69 33
3e769995
SS		 34 <h2>Common Column</h2>
35
36 <p>
37 Some tables contain a column, named <code>other_config</code>.
38 This column has the same form and purpose each place that it appears,
39 so we describe it here to save space later.
40 </p>
41
42 <dl>
43 <dt><code>other_config</code>: map of string-string pairs</dt>
44 <dd>
45 <p>
46 Key-value pairs for configuring rarely used or proprietary features.
47 </p>
48 <p>
49 Some tables do not have <code>other_config</code> column because no
50 key-value pairs have yet been defined for them.
51 </p>
52 </dd>
53 </dl>
54
add17b69
BD		 55 <table name="Global" title="Top-level configuration.">
56 Top-level configuration for a hardware VTEP. There must be
57 exactly one record in the <ref table="Global"/> table.
58
59 <column name="switches">
849222dd
BP		 60 <p>
61 The physical switch or switches managed by the VTEP.
62 </p>
63
64 <p>
65 When a physical switch integrates support for this VTEP schema, which
66 is expected to be the most common case, this column should point to one
67 <ref table="Physical_Switch"/> record that represents the switch
68 itself. In another possible implementation, a server or a VM presents
69 a VTEP schema front-end interface to one or more physical switches,
70 presumably communicating with those physical switches over a
71 proprietary protocol. In that case, this column would point to one
72 <ref table="Physical_Switch"/> for each physical switch, and the set
73 might change over time as the front-end server comes to represent a
74 differing set of switches.
75 </p>
add17b69
BD		 76 </column>
77
78 <group title="Database Configuration">
79 <p>
80 These columns primarily configure the database server
81 (<code>ovsdb-server</code>), not the hardware VTEP itself.
82 </p>
83
84 <column name="managers">
85 Database clients to which the database server should connect or
86 to which it should listen, along with options for how these
87 connection should be configured. See the <ref table="Manager"/>
88 table for more information.
89 </column>
90 </group>
ff35498b
DS		 91
92 <group title="Common Column">
93 The overall purpose of this column is described under <code>Common
94 Column</code> at the beginning of this document.
95
96 <column name="other_config"/>
97 </group>
98
add17b69
BD		 99 </table>
100
101 <table name="Manager" title="OVSDB management connection.">
102 <p>
103 Configuration for a database connection to an Open vSwitch Database
104 (OVSDB) client.
105 </p>
106
107 <p>
108 The database server can initiate and maintain active connections
109 to remote clients. It can also listen for database connections.
110 </p>
111
112 <group title="Core Features">
113 <column name="target">
114 <p>Connection method for managers.</p>
115 <p>
116 The following connection methods are currently supported:
117 </p>
118 <dl>
771680d9 119 <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
add17b69
BD		 120 <dd>
121 <p>
771680d9
YS		 122 The specified SSL <var>port</var> (default: 6640) on the given
123 <var>host</var>, which can either be a DNS name (if built with
124 unbound library) or an IP address.
add17b69
BD		 125 </p>
126 <p>
fdf059ff
BD		 127 SSL key and certificate configuration happens outside the
128 database.
add17b69
BD		 129 </p>
130 </dd>
131
771680d9 132 <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt>
add17b69 133 <dd>
771680d9
YS		 134 The specified TCP <var>port</var> (default: 6640) on the given
135 <var>host</var>, which can either be a DNS name (if built with
136 unbound library) or an IP address.
add17b69 137 </dd>
771680d9 138 <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
add17b69
BD		 139 <dd>
140 <p>
141 Listens for SSL connections on the specified TCP <var>port</var>
771680d9
YS		 142 (default: 6640). If <var>host</var>, which can either be a DNS
143 name (if built with unbound library) or an IP address, is
144 specified, then connections are restricted to the resolved or
145 specified local IP address.
add17b69
BD		 146 </p>
147 </dd>
771680d9 148 <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt>
add17b69
BD		 149 <dd>
150 Listens for connections on the specified TCP <var>port</var>
771680d9
YS		 151 (default: 6640). If <var>host</var>, which can either be a DNS
152 name (if built with unbound library) or an IP address, is
153 specified, then connections are restricted to the resolved or
154 specified local IP address.
add17b69
BD		 155 </dd>
156 </dl>
157 </column>
158 </group>
159
160 <group title="Client Failure Detection and Handling">
161 <column name="max_backoff">
162 Maximum number of milliseconds to wait between connection attempts.
163 Default is implementation-specific.
164 </column>
165
166 <column name="inactivity_probe">
167 Maximum number of milliseconds of idle time on connection to the
168 client before sending an inactivity probe message. If the Open
169 vSwitch database does not communicate with the client for the
170 specified number of seconds, it will send a probe. If a
171 response is not received for the same additional amount of time,
172 the database server assumes the connection has been broken
173 and attempts to reconnect. Default is implementation-specific.
174 A value of 0 disables inactivity probes.
175 </column>
176 </group>
177
178 <group title="Status">
179 <column name="is_connected">
180 <code>true</code> if currently connected to this manager,
181 <code>false</code> otherwise.
182 </column>
183
184 <column name="status" key="last_error">
185 A human-readable description of the last error on the connection
186 to the manager; i.e. <code>strerror(errno)</code>. This key
187 will exist only if an error has occurred.
188 </column>
189
190 <column name="status" key="state"
191 type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'>
192 <p>
193 The state of the connection to the manager:
194 </p>
195 <dl>
196 <dt><code>VOID</code></dt>
197 <dd>Connection is disabled.</dd>
198
199 <dt><code>BACKOFF</code></dt>
200 <dd>Attempting to reconnect at an increasing period.</dd>
201
202 <dt><code>CONNECTING</code></dt>
203 <dd>Attempting to connect.</dd>
204
205 <dt><code>ACTIVE</code></dt>
206 <dd>Connected, remote host responsive.</dd>
207
208 <dt><code>IDLE</code></dt>
209 <dd>Connection is idle. Waiting for response to keep-alive.</dd>
210 </dl>
211 <p>
212 These values may change in the future. They are provided only for
213 human consumption.
214 </p>
215 </column>
216
217 <column name="status" key="sec_since_connect"
218 type='{"type": "integer", "minInteger": 0}'>
219 The amount of time since this manager last successfully connected
220 to the database (in seconds). Value is empty if manager has never
221 successfully connected.
222 </column>
223
224 <column name="status" key="sec_since_disconnect"
225 type='{"type": "integer", "minInteger": 0}'>
226 The amount of time since this manager last disconnected from the
227 database (in seconds). Value is empty if manager has never
228 disconnected.
229 </column>
230
231 <column name="status" key="locks_held">
232 Space-separated list of the names of OVSDB locks that the connection
233 holds. Omitted if the connection does not hold any locks.
234 </column>
235
236 <column name="status" key="locks_waiting">
237 Space-separated list of the names of OVSDB locks that the connection is
238 currently waiting to acquire. Omitted if the connection is not waiting
239 for any locks.
240 </column>
241
242 <column name="status" key="locks_lost">
243 Space-separated list of the names of OVSDB locks that the connection
244 has had stolen by another OVSDB client. Omitted if no locks have been
245 stolen from this connection.
246 </column>
247
248 <column name="status" key="n_connections"
249 type='{"type": "integer", "minInteger": 2}'>
250 <p>
251 When <ref column="target"/> specifies a connection method that
252 listens for inbound connections (e.g. <code>ptcp:</code> or
253 <code>pssl:</code>) and more than one connection is actually active,
254 the value is the number of active connections. Otherwise, this
255 key-value pair is omitted.
256 </p>
257 <p>
258 When multiple connections are active, status columns and key-value
259 pairs (other than this one) report the status of one arbitrarily
260 chosen connection.
261 </p>
262 </column>
263 </group>
264
265 <group title="Connection Parameters">
266 <p>
267 Additional configuration for a connection between the manager
268 and the database server.
269 </p>
270
271 <column name="other_config" key="dscp"
f86f54a9 272 type='{"type": "integer"}'>
add17b69
BD		 273 The Differentiated Service Code Point (DSCP) is specified using 6 bits
274 in the Type of Service (TOS) field in the IP header. DSCP provides a
275 mechanism to classify the network traffic and provide Quality of
276 Service (QoS) on IP networks.
277
278 The DSCP value specified here is used when establishing the
279 connection between the manager and the database server. If no
280 value is specified, a default value of 48 is chosen. Valid DSCP
281 values must be in the range 0 to 63.
282 </column>
283 </group>
284 </table>
285
286 <table name="Physical_Switch" title="A physical switch.">
287 A physical switch that implements a VTEP.
288
289 <column name="ports">
290 The physical ports within the switch.
291 </column>
292
c8f4eed5
AS		 293 <column name="tunnels">
294 Tunnels created by this switch as instructed by the NVC.
295 </column>
296
add17b69
BD		 297 <group title="Network Status">
298 <column name="management_ips">
299 IPv4 or IPv6 addresses at which the switch may be contacted
300 for management purposes.
301 </column>
302
303 <column name="tunnel_ips">
304 <p>
305 IPv4 or IPv6 addresses on which the switch may originate or
306 terminate tunnels.
307 </p>
308
309 <p>
310 This column is intended to allow a <ref table="Manager"/> to
311 determine the <ref table="Physical_Switch"/> that terminates
312 the tunnel represented by a <ref table="Physical_Locator"/>.
313 </p>
314 </column>
315 </group>
316
317 <group title="Identification">
318 <column name="name">
fdf059ff 319 Symbolic name for the switch, such as its hostname.
add17b69 320 </column>
f86f54a9 321
add17b69 322 <column name="description">
fdf059ff
BD		 323 An extended description for the switch, such as its switch login
324 banner.
add17b69
BD		 325 </column>
326 </group>
255842d9
BD		 327 <group title="Error Notification">
328 <p>
fdf059ff
BD		 329 An entry in this column indicates to the NVC that this switch
330 has encountered a fault. The switch must clear this column
331 when the fault has been cleared.
255842d9
BD		 332 </p>
333
334 <column name="switch_fault_status" key="mac_table_exhaustion">
335 Indicates that the switch has been unable to process MAC
336 entries requested by the NVC due to lack of table resources.
337 </column>
338
339 <column name="switch_fault_status" key="tunnel_exhaustion">
340 Indicates that the switch has been unable to create tunnels
341 requested by the NVC due to lack of resources.
342 </column>
343
1f661ac7
DS		 344 <column name="switch_fault_status" key="lr_switch_bindings_fault">
345 Indicates that the switch has been unable to create the logical router
346 interfaces requested by the NVC due to conflicting configurations or a
347 lack of hardware resources.
348 </column>
349
350 <column name="switch_fault_status" key="lr_static_routes_fault">
351 Indicates that the switch has been unable to create the static routes
352 requested by the NVC due to conflicting configurations or a lack of
353 hardware resources.
354 </column>
355
356 <column name="switch_fault_status" key="lr_creation_fault">
357 Indicates that the switch has been unable to create the logical router
358 requested by the NVC due to conflicting configurations or a lack of
359 hardware resources.
360 </column>
361
362 <column name="switch_fault_status" key="lr_support_fault">
363 Indicates that the switch does not support logical routing.
364 </column>
365
255842d9
BD		 366 <column name="switch_fault_status" key="unspecified_fault">
367 Indicates that an error has occurred in the switch but that no
368 more specific information is available.
369 </column>
b351ac0c
DB		 370
371 <column name="switch_fault_status"
372 key="unsupported_source_node_replication">
373 Indicates that the requested source node replication mode cannot be
374 supported by the physical switch; this specifically means in this
375 context that the physical switch lacks the capability to support
376 source node replication mode. This error occurs when a controller
377 attempts to set source node replication mode for one of the logical
378 switches that the physical switch is keeping context for. An NVC
379 that observes this error should take appropriate action (for example
380 reverting the logical switch to service node replication mode).
381 It is recommended that an NVC be proactive and test for support of
382 source node replication by using a test logical switch on vtep
383 physical switch nodes and then trying to change the replication mode
384 to source node on this logical switch, checking for error. The NVC
385 could remember this capability per vtep physical switch. Using
386 mixed replication modes on a given logical switch is not recommended.
387 Service node replication mode is considered a basic requirement
388 since it only requires sending a packet to a single transport node,
389 hence it is not expected that a switch should report that service
390 node mode cannot be supported.
391 </column>
3e769995
SS		 392 </group>
393
394 <group title="Common Column">
395 The overall purpose of this column is described under <code>Common
396 Column</code> at the beginning of this document.
255842d9 397
3e769995 398 <column name="other_config"/>
255842d9 399 </group>
3e769995 400
add17b69
BD		 401 </table>
402
c8f4eed5
AS		 403 <table name="Tunnel" title="A tunnel created by a physical switch.">
404 A tunnel created by a <ref table="Physical_Switch"/>.
405
406 <column name="local">
407 Tunnel end-point local to the physical switch.
408 </column>
409
410 <column name="remote">
411 Tunnel end-point remote to the physical switch.
412 </column>
413
414 <group title="Bidirectional Forwarding Detection (BFD)">
415 <p>
416 BFD, defined in RFC 5880, allows point to point detection of
417 connectivity failures by occasional transmission of BFD control
418 messages. VTEPs are expected to implement BFD.
419 </p>
420
421 <p>
422 BFD operates by regularly transmitting BFD control messages at a
423 rate negotiated independently in each direction. Each endpoint
424 specifies the rate at which it expects to receive control messages,
425 and the rate at which it's willing to transmit them. An endpoint
426 which fails to receive BFD control messages for a period of three
427 times the expected reception rate will signal a connectivity
428 fault. In the case of a unidirectional connectivity issue, the
429 system not receiving BFD control messages will signal the problem
430 to its peer in the messages it transmits.
431 </p>
432
433 <p>
434 A hardware VTEP is expected to use BFD to determine reachability of
435 devices at the end of the tunnels with which it exchanges data. This
436 can enable the VTEP to choose a functioning service node among a set of
437 service nodes providing high availability. It also enables the NVC to
438 report the health status of tunnels.
439 </p>
440
441 <p>
19289787 442 In many cases the BFD peer of a hardware VTEP will be an Open vSwitch
c8f4eed5
AS		 443 instance. The Open vSwitch implementation of BFD aims to comply
444 faithfully with the requirements put forth in RFC 5880. Open vSwitch
445 does not implement the optional Authentication or ``Echo Mode''
446 features.
447 </p>
448
449 <group title="BFD Local Configuration">
450 <p>
451 The HSC writes the key-value pairs in the
07bb41a9 452 <ref column="bfd_config_local"/> column to specify the local
c8f4eed5
AS		 453 configurations to be used for BFD sessions on this tunnel.
454 </p>
455
456 <column name="bfd_config_local" key="bfd_dst_mac">
457 Set to an Ethernet address in the form
458 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
459 to set the MAC expected as destination for received BFD packets.
16ee1400 460 The default is <code>00:23:20:00:00:01</code>.
c8f4eed5
AS		 461 </column>
462
463 <column name="bfd_config_local" key="bfd_dst_ip">
464 Set to an IPv4 address to set the IP address that is expected as destination
465 for received BFD packets. The default is <code>169.254.1.0</code>.
466 </column>
467
468 </group>
469
470 <group title="BFD Remote Configuration">
471 <p>
472 The <ref column="bfd_config_remote"/> column is the remote
473 counterpart of the <ref column="bfd_config_local"/> column.
474 The NVC writes the key-value pairs in this column.
475 </p>
476
477 <column name="bfd_config_remote" key="bfd_dst_mac">
478 Set to an Ethernet address in the form
479 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
480 to set the destination MAC to be used for transmitted BFD packets.
481 The default is <code>00:23:20:00:00:01</code>.
482 </column>
483
484 <column name="bfd_config_remote" key="bfd_dst_ip">
485 Set to an IPv4 address to set the IP address used as destination
486 for transmitted BFD packets. The default is <code>169.254.1.1</code>.
487 </column>
488
489 </group>
490
491 <group title="BFD Parameters">
492 <p>
493 The NVC sets up key-value pairs in the <ref column="bfd_params"/>
494 column to enable and configure BFD.
495 </p>
496
497 <column name="bfd_params" key="enable" type='{"type": "boolean"}'>
19289787
AT		 498 True to enable BFD on this <ref table="Tunnel"/>. If not
499 specified, BFD will not be enabled by default.
c8f4eed5
AS		 500 </column>
501
502 <column name="bfd_params" key="min_rx"
503 type='{"type": "integer", "minInteger": 1}'>
504 The shortest interval, in milliseconds, at which this BFD session
505 offers to receive BFD control messages. The remote endpoint may
506 choose to send messages at a slower rate. Defaults to
507 <code>1000</code>.
508 </column>
509
510 <column name="bfd_params" key="min_tx"
511 type='{"type": "integer", "minInteger": 1}'>
512 The shortest interval, in milliseconds, at which this BFD session is
513 willing to transmit BFD control messages. Messages will actually be
514 transmitted at a slower rate if the remote endpoint is not willing to
515 receive as quickly as specified. Defaults to <code>100</code>.
516 </column>
517
518 <column name="bfd_params" key="decay_min_rx" type='{"type": "integer"}'>
519 An alternate receive interval, in milliseconds, that must be greater
19289787
AT		 520 than or equal to <ref column="bfd_params" key="min_rx"/>. The
521 implementation should switch from <ref column="bfd_params" key="min_rx"/>
522 to <ref column="bfd_params" key="decay_min_rx"/> when there is no obvious
523 incoming data traffic at the tunnel, to reduce the CPU and bandwidth
524 cost of monitoring an idle tunnel. This feature may be disabled by
525 setting a value of 0. This feature is reset whenever
526 <ref column="bfd_params" key="decay_min_rx"/> or
527 <ref column="bfd_params" key="min_rx"/> changes.
c8f4eed5
AS		 528 </column>
529
530 <column name="bfd_params" key="forwarding_if_rx" type='{"type": "boolean"}'>
19289787
AT		 531 When <code>true</code>, traffic received on the <ref table="Tunnel"/>
532 is used to indicate the capability of packet I/O.
533 BFD control packets are still transmitted and received. At least one
534 BFD control packet must be received every
535 100 * <ref column="bfd_params" key="min_rx"/> amount of time.
536 Otherwise, even if traffic is received, the
537 <ref column="bfd_params" key="forwarding"/> will be <code>false</code>.
c8f4eed5
AS		 538 </column>
539
540 <column name="bfd_params" key="cpath_down" type='{"type": "boolean"}'>
541 Set to true to notify the remote endpoint that traffic should not be
07bb41a9 542 forwarded to this system for some reason other than a connectivity
c8f4eed5
AS		 543 failure on the interface being monitored. The typical underlying
544 reason is ``concatenated path down,'' that is, that connectivity
545 beyond the local system is down. Defaults to false.
546 </column>
547
548 <column name="bfd_params" key="check_tnl_key" type='{"type": "boolean"}'>
549 Set to true to make BFD accept only control messages with a tunnel
550 key of zero. By default, BFD accepts control messages with any
551 tunnel key.
552 </column>
553
554 </group>
555
19289787
AT		 556 <group title="BFD Status">
557 <p>
558 The VTEP sets key-value pairs in the <ref column="bfd_status"/>
559 column to report the status of BFD on this tunnel. When BFD is
560 not enabled, with <ref column="bfd_params" key="enable"/>, the
561 HSC clears all key-value pairs from <ref column="bfd_status"/>.
562 </p>
c8f4eed5 563
19289787
AT		 564 <column name="bfd_status" key="enabled" type='{"type": "boolean"}'>
565 Set to true if the BFD session has been successfully enabled.
566 Set to false if the VTEP cannot support BFD or has insufficient
567 resources to enable BFD on this tunnel. The NVC will disable
568 the BFD monitoring on the other side of the tunnel once this
569 value is set to false.
570 </column>
16ee1400 571
19289787
AT		 572 <column name="bfd_status" key="state"
573 type='{"type": "string",
c8f4eed5 574 "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
19289787
AT		 575 Reports the state of the BFD session. The BFD session is fully
576 healthy and negotiated if <code>UP</code>.
577 </column>
c8f4eed5 578
19289787
AT		 579 <column name="bfd_status" key="forwarding" type='{"type": "boolean"}'>
580 Reports whether the BFD session believes this <ref table="Tunnel"/>
581 may be used to forward traffic. Typically this means the local session
582 is signaling <code>UP</code>, and the remote system isn't signaling a
583 problem such as concatenated path down.
584 </column>
c8f4eed5 585
19289787
AT		 586 <column name="bfd_status" key="diagnostic">
587 A diagnostic code specifying the local system's reason for the
588 last change in session state. The error messages are defined in
589 section 4.1 of [RFC 5880].
590 </column>
c8f4eed5 591
19289787
AT		 592 <column name="bfd_status" key="remote_state"
593 type='{"type": "string",
c8f4eed5 594 "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
19289787
AT		 595 Reports the state of the remote endpoint's BFD session.
596 </column>
c8f4eed5 597
19289787
AT		 598 <column name="bfd_status" key="remote_diagnostic">
599 A diagnostic code specifying the remote system's reason for the
600 last change in session state. The error messages are defined in
601 section 4.1 of [RFC 5880].
602 </column>
16ee1400 603
19289787
AT		 604 <column name="bfd_status" key="info">
605 A short message providing further information about the BFD status
606 (possibly including reasons why BFD could not be enabled).
607 </column>
c8f4eed5
AS		 608 </group>
609 </group>
610 </table>
611
add17b69
BD		 612 <table name="Physical_Port" title="A port within a physical switch.">
613 A port within a <ref table="Physical_Switch"/>.
614
615 <column name="vlan_bindings">
616 Identifies how VLANs on the physical port are bound to logical switches.
617 If, for example, the map contains a (VLAN, logical switch) pair, a packet
618 that arrives on the port in the VLAN is considered to belong to the
b49f5f7a
BD		 619 paired logical switch. A value of zero in the VLAN field means
620 that untagged traffic on the physical port is mapped to the
621 logical switch.
add17b69
BD		 622 </column>
623
c0c1dccb
BD		 624 <column name="acl_bindings">
625 <p>
626 Attach Access Control Lists (ACLs) to the physical port. The
627 column consists of a map of VLAN tags to <ref table="ACL"/>s. If the value of
628 the VLAN tag in the map is 0, this means that the ACL is
629 associated with the entire physical port. Non-zero values mean
630 that the ACL is to be applied only on packets carrying that VLAN
631 tag value. Switches will not necessarily support matching on the
632 VLAN tag for all ACLs, and unsupported ACL bindings will cause
633 errors to be reported. The binding of an ACL to a specific
634 VLAN and the binding of an ACL to the entire physical port
635 should not be combined on a single physical port. That is, a
636 mix of zero and non-zero keys in the map is not recommended.
637 </p>
638 </column>
639
add17b69
BD		 640 <column name="vlan_stats">
641 Statistics for VLANs bound to logical switches on the physical port. An
642 implementation that fully supports such statistics would populate this
643 column with a mapping for every VLAN that is bound in <ref
644 column="vlan_bindings"/>. An implementation that does not support such
645 statistics or only partially supports them would not populate this column
b49f5f7a
BD		 646 or partially populate it, respectively. A value of zero in the
647 VLAN field refers to untagged traffic on the physical port.
add17b69
BD		 648 </column>
649
650 <group title="Identification">
651 <column name="name">
fdf059ff
BD		 652 Symbolic name for the port. The name ought to be unique within a given
653 <ref table="Physical_Switch"/>, but the database is not capable of
654 enforcing this.
add17b69
BD		 655 </column>
656
657 <column name="description">
fdf059ff 658 An extended description for the port.
add17b69
BD		 659 </column>
660 </group>
255842d9
BD		 661 <group title="Error Notification">
662 <p>
fdf059ff 663 An entry in this column indicates to the NVC that the physical port has
07bb41a9 664 encountered a fault. The switch must clear this column when the error
fdf059ff 665 has been cleared.
255842d9
BD		 666 </p>
667 <column name="port_fault_status" key="invalid_vlan_map">
fdf059ff
BD		 668 <p>
669 Indicates that a VLAN-to-logical-switch mapping requested by
670 the controller could not be instantiated by the switch
671 because of a conflict with local configuration.
672 </p>
255842d9 673 </column>
c0c1dccb
BD		 674 <column name="port_fault_status" key="invalid_ACL_binding">
675 <p>
676 Indicates that an error has occurred in associating an ACL
677 with a port.
678 </p>
679 </column>
255842d9 680 <column name="port_fault_status" key="unspecified_fault">
fdf059ff
BD		 681 <p>
682 Indicates that an error has occurred on the port but that no
683 more specific information is available.
684 </p>
255842d9
BD		 685 </column>
686 </group>
687
3e769995
SS		 688 <group title="Common Column">
689 The overall purpose of this column is described under <code>Common
690 Column</code> at the beginning of this document.
691
692 <column name="other_config"/>
693 </group>
694
add17b69
BD		 695 </table>
696
697 <table name="Logical_Binding_Stats" title="Statistics for a VLAN on a physical port bound to a logical network.">
698 Reports statistics for the <ref table="Logical_Switch"/> with which a VLAN
699 on a <ref table="Physical_Port"/> is associated.
700
701 <group title="Statistics">
702 These statistics count only packets to which the binding applies.
703
704 <column name="packets_from_local">
705 Number of packets sent by the <ref table="Physical_Switch"/>.
706 </column>
707
708 <column name="bytes_from_local">
709 Number of bytes in packets sent by the <ref table="Physical_Switch"/>.
710 </column>
711
712 <column name="packets_to_local">
713 Number of packets received by the <ref table="Physical_Switch"/>.
714 </column>
715
716 <column name="bytes_to_local">
717 Number of bytes in packets received by the <ref
718 table="Physical_Switch"/>.
719 </column>
720 </group>
721 </table>
722
723 <table name="Logical_Switch" title="A layer-2 domain.">
724 A logical Ethernet switch, whose implementation may span physical and
725 virtual media, possibly crossing L3 domains via tunnels; a logical layer-2
726 domain; an Ethernet broadcast domain.
727
728
729
730 <group title="Per Logical-Switch Tunnel Key">
731 <p>
732 Tunnel protocols tend to have a field that allows the tunnel
733 to be partitioned into sub-tunnels: VXLAN has a VNI, GRE and
734 STT have a key, CAPWAP has a WSI, and so on. We call these
735 generically ``tunnel keys.'' Given that one needs to use a
736 tunnel key at all, there are at least two reasonable ways to
737 assign their values:
738 </p>
739
740 <ul>
741 <li>
742 <p>
743 Per <ref table="Logical_Switch"/>+<ref table="Physical_Locator"/>
744 pair. That is, each logical switch may be assigned a different
745 tunnel key on every <ref table="Physical_Locator"/>. This model is
746 especially flexible.
747 </p>
748
749 <p>
750 In this model, <ref table="Physical_Locator"/> carries the tunnel
751 key. Therefore, one <ref table="Physical_Locator"/> record will
752 exist for each logical switch carried at a given IP destination.
753 </p>
754 </li>
755
756 <li>
757 <p>
758 Per <ref table="Logical_Switch"/>. That is, every tunnel
759 associated with a particular logical switch carries the same tunnel
760 key, regardless of the <ref table="Physical_Locator"/> to which the
761 tunnel is addressed. This model may ease switch implementation
762 because it imposes fewer requirements on the hardware datapath.
763 </p>
764
765 <p>
766 In this model, <ref table="Logical_Switch"/> carries the tunnel
767 key. Therefore, one <ref table="Physical_Locator"/> record will
768 exist for each IP destination.
769 </p>
770 </li>
771 </ul>
772
773 <column name="tunnel_key">
774 <p>
775 This column is used only in the tunnel key per <ref
776 table="Logical_Switch"/> model (see above), because only in that
777 model is there a tunnel key associated with a logical switch.
778 </p>
779
780 <p>
c2cd1902
OBY		 781 For <code>vxlan_over_ipv4</code> encapsulation, when the tunnel key
782 per <ref table="Logical_Switch"/> model is in use, this column is the
783 VXLAN VNI that identifies a logical switch. It must be in the range
784 0 to 16,777,215.
add17b69
BD		 785 </p>
786 </column>
787 </group>
788
b351ac0c
DB		 789 <group title="Replication Mode">
790 <p>
791 For handling L2 broadcast, multicast and unknown unicast traffic,
792 packets can be sent to all members of a logical switch referenced by
793 a physical switch. There are different modes to replicate the
794 packets. The default mode of replication is to send the traffic to
795 a service node, which can be a hypervisor, server or appliance, and
796 let the service node handle replication to other transport nodes
797 (hypervisors or other VTEP physical switches). This mode is called
798 service node replication. An alternate mode of replication, called
799 source node replication involves the source node sending to all
800 other transport nodes. Hypervisors are always responsible for doing
801 their own replication for locally attached VMs in both modes.
802 Service node replication mode is the default and considered a
803 basic requirement because it only requires sending the packet to
804 a single transport node.
805 </p>
806
807 <column name="replication_mode">
808 <p>
809 This optional column defines the replication mode per
810 <ref table="Logical_Switch"/>. There are 2 valid values,
811 <code>service_node</code> and <code>source_node</code>. If the
812 column is not set, the replication mode defaults to service_node.
813 </p>
814
815 </column>
816 </group>
817
add17b69
BD		 818 <group title="Identification">
819 <column name="name">
fdf059ff 820 Symbolic name for the logical switch.
add17b69 821 </column>
f86f54a9 822
add17b69 823 <column name="description">
fdf059ff
BD		 824 An extended description for the logical switch, such as its switch
825 login banner.
add17b69
BD		 826 </column>
827 </group>
3e769995
SS		 828
829 <group title="Common Column">
830 The overall purpose of this column is described under <code>Common
831 Column</code> at the beginning of this document.
832
833 <column name="other_config"/>
834 </group>
835
add17b69
BD		 836 </table>
837
838 <table name="Ucast_Macs_Local" title="Unicast MACs (local)">
839 <p>
840 Mapping of unicast MAC addresses to tunnels (physical
841 locators). This table is written by the HSC, so it contains the
842 MAC addresses that have been learned on physical ports by a
843 VTEP.
844 </p>
845
846 <column name="MAC">
847 A MAC address that has been learned by the VTEP.
848 </column>
849
850 <column name="logical_switch">
851 The Logical switch to which this mapping applies.
852 </column>
853
854 <column name="locator">
855 The physical locator to be used to reach this MAC address. In
856 this table, the physical locator will be one of the tunnel IP
857 addresses of the appropriate VTEP.
858 </column>
859
860 <column name="ipaddr">
861 The IP address to which this MAC corresponds. Optional field for
862 the purpose of ARP supression.
863 </column>
864
865 </table>
866
f86f54a9 867 <table name="Ucast_Macs_Remote" title="Unicast MACs (remote)">
add17b69
BD		 868 <p>
869 Mapping of unicast MAC addresses to tunnels (physical
870 locators). This table is written by the NVC, so it contains the
871 MAC addresses that the NVC has learned. These include VM MAC
872 addresses, in which case the physical locators will be
873 hypervisor IP addresses. The NVC will also report MACs that it
874 has learned from other HSCs in the network, in which case the
875 physical locators will be tunnel IP addresses of the
876 corresponding VTEPs.
877 </p>
878
879 <column name="MAC">
255842d9 880 A MAC address that has been learned by the NVC.
add17b69
BD		 881 </column>
882
883 <column name="logical_switch">
884 The Logical switch to which this mapping applies.
885 </column>
886
887 <column name="locator">
888 The physical locator to be used to reach this MAC address. In
889 this table, the physical locator will be either a hypervisor IP
890 address or a tunnel IP addresses of another VTEP.
891 </column>
892
893 <column name="ipaddr">
894 The IP address to which this MAC corresponds. Optional field for
895 the purpose of ARP supression.
896 </column>
897
898 </table>
899
900 <table name="Mcast_Macs_Local" title="Multicast MACs (local)">
901 <p>
902 Mapping of multicast MAC addresses to tunnels (physical
903 locators). This table is written by the HSC, so it contains the
904 MAC addresses that have been learned on physical ports by a
905 VTEP. These may be learned by IGMP snooping, for example. This
906 table also specifies how to handle unknown unicast and broadcast packets.
907 </p>
908
909 <column name="MAC">
910 <p>
f86f54a9 911 A MAC address that has been learned by the VTEP.
add17b69
BD		 912 </p>
913 <p>
fdf059ff
BD		 914 The keyword <code>unknown-dst</code> is used as a special
915 ``Ethernet address'' that indicates the locations to which
916 packets in a logical switch whose destination addresses do not
917 otherwise appear in <ref table="Ucast_Macs_Local"/> (for
918 unicast addresses) or <ref table="Mcast_Macs_Local"/> (for
919 multicast addresses) should be sent.
add17b69
BD		 920 </p>
921 </column>
922
923 <column name="logical_switch">
924 The Logical switch to which this mapping applies.
925 </column>
926
927 <column name="locator_set">
928 The physical locator set to be used to reach this MAC address. In
929 this table, the physical locator set will be contain one or more tunnel IP
930 addresses of the appropriate VTEP(s).
931 </column>
932
19368978
BP		 933 <column name="ipaddr">
934 The IP address to which this MAC corresponds. Optional field for
935 the purpose of ARP supression.
936 </column>
add17b69
BD		 937 </table>
938
939 <table name="Mcast_Macs_Remote" title="Multicast MACs (remote)">
940 <p>
941 Mapping of multicast MAC addresses to tunnels (physical
942 locators). This table is written by the NVC, so it contains the
943 MAC addresses that the NVC has learned. This
944 table also specifies how to handle unknown unicast and broadcast
945 packets.
946 </p>
947 <p>
948 Multicast packet replication may be handled by a service node,
949 in which case the physical locators will be IP addresses of
950 service nodes. If the VTEP supports replication onto multiple
b351ac0c
DB		 951 tunnels, using source node replication, then this may be used to
952 replicate directly onto VTEP-hypervisor or VTEP-VTEP tunnels.
add17b69
BD		 953 </p>
954
955 <column name="MAC">
956 <p>
fdf059ff 957 A MAC address that has been learned by the NVC.
add17b69
BD		 958 </p>
959 <p>
fdf059ff
BD		 960 The keyword <code>unknown-dst</code> is used as a special
961 ``Ethernet address'' that indicates the locations to which
962 packets in a logical switch whose destination addresses do not
963 otherwise appear in <ref table="Ucast_Macs_Remote"/> (for
964 unicast addresses) or <ref table="Mcast_Macs_Remote"/> (for
965 multicast addresses) should be sent.
add17b69
BD		 966 </p>
967 </column>
968
969 <column name="logical_switch">
970 The Logical switch to which this mapping applies.
971 </column>
972
973 <column name="locator_set">
974 The physical locator set to be used to reach this MAC address. In
b351ac0c
DB		 975 this table, the physical locator set will be either a set of service
976 nodes when service node replication is used or the set of transport
977 nodes (defined as hypervisors or VTEPs) participating in the associated
978 logical switch, when source node replication is used. When service node
979 replication is used, the VTEP should send packets to one member of the
980 locator set that is known to be healthy and reachable, which could be
981 determined by BFD. When source node replication is used, the VTEP
982 should send packets to all members of the locator set.
add17b69
BD		 983 </column>
984
985 <column name="ipaddr">
986 The IP address to which this MAC corresponds. Optional field for
987 the purpose of ARP supression.
988 </column>
989
990 </table>
991
992 <table name="Logical_Router" title="A logical L3 router.">
993 <p>
994 A logical router, or VRF. A logical router may be connected to one or more
f86f54a9 995 logical switches. Subnet addresses and interface addresses may be configured on the
add17b69
BD		 996 interfaces.
997 </p>
f86f54a9 998
add17b69
BD		 999 <column name="switch_binding">
1000 Maps from an IPv4 or IPv6 address prefix in CIDR notation to a
1001 logical switch. Multiple prefixes may map to the same switch. By
1002 writing a 32-bit (or 128-bit for v6) address with a /N prefix
1003 length, both the router's interface address and the subnet
1004 prefix can be configured. For example, 192.68.1.1/24 creates a
1005 /24 subnet for the logical switch attached to the interface and
1006 assigns the address 192.68.1.1 to the router interface.
1007 </column>
1008
1009 <column name="static_routes">
1010 One or more static routes, mapping IP prefixes to next hop IP addresses.
1011 </column>
1012
c0c1dccb
BD		 1013 <column name="acl_binding">
1014 Maps ACLs to logical router interfaces. The router interfaces
1015 are indicated using IP address notation, and must be the same
1016 interfaces created in the <ref column="switch_binding"/>
1017 column. For example, an ACL could be associated with the logical
1018 router interface with an address of 192.68.1.1 as defined in the
1019 example above.
1020 </column>
1021
add17b69
BD		 1022 <group title="Identification">
1023 <column name="name">
fdf059ff 1024 Symbolic name for the logical router.
add17b69
BD		 1025 </column>
1026
1027 <column name="description">
fdf059ff 1028 An extended description for the logical router.
add17b69
BD		 1029 </column>
1030 </group>
c0c1dccb
BD		 1031
1032 <group title="Error Notification">
1033 <p>
1034 An entry in this column indicates to the NVC that the HSC has
1035 encountered a fault in configuring state related to the
1036 logical router.
1037 </p>
1038 <column name="LR_fault_status" key="invalid_ACL_binding">
1039 <p>
1040 Indicates that an error has occurred in associating an ACL
1041 with a logical router port.
1042 </p>
1043 </column>
1044 <column name="LR_fault_status" key="unspecified_fault">
1045 <p>
1046 Indicates that an error has occurred in configuring the
1047 logical router but that no
1048 more specific information is available.
1049 </p>
1050 </column>
1051 </group>
1052
3e769995
SS		 1053 <group title="Common Column">
1054 The overall purpose of this column is described under <code>Common
1055 Column</code> at the beginning of this document.
1056
1057 <column name="other_config"/>
1058 </group>
1059
add17b69
BD		 1060 </table>
1061
7ae92590
BD		 1062 <table name="Arp_Sources_Local" title="ARP source addresses for logical routers">
1063 <p>
1064 MAC address to be used when a VTEP issues ARP requests on behalf
1065 of a logical router.
1066 </p>
1067
1068 <p>
1069 A distributed logical router is implemented by a set of VTEPs
1070 (both hardware VTEPs and vswitches). In order for a given VTEP
1071 to populate the local ARP cache for a logical router, it issues
1072 ARP requests with a source MAC address that is unique to the VTEP. A
1073 single per-VTEP MAC can be re-used across all logical
1074 networks. This table contains the MACs that are used by the
1075 VTEPs of a given HSC. The table provides the mapping from MAC to
1076 physical locator for each VTEP so that replies to the ARP
1077 requests can be sent back to the correct VTEP using the
1078 appropriate physical locator.
1079 </p>
1080
1081 <column name="src_mac">
1082 The source MAC to be used by a given VTEP.
1083 </column>
1084
1085 <column name="locator">
1086 The <ref table="Physical_Locator"/> to use for replies to ARP
1087 requests from this MAC address.
1088 </column>
1089 </table>
1090
1091 <table name="Arp_Sources_Remote" title="ARP source addresses for logical routers">
1092 <p>
1093 MAC address to be used when a remote VTEP issues ARP requests on behalf
1094 of a logical router.
1095 </p>
1096
1097 <p>
1098 This table is the remote counterpart of <ref
1099 table="Arp_sources_local"/>. The NVC writes this table to notify
1100 the HSC of the MACs that will be used by remote VTEPs when they
1101 issue ARP requests on behalf of a distributed logical router.
1102 </p>
1103
1104 <column name="src_mac">
1105 The source MAC to be used by a given VTEP.
1106 </column>
1107
1108 <column name="locator">
1109 The <ref table="Physical_Locator"/> to use for replies to ARP
1110 requests from this MAC address.
1111 </column>
1112 </table>
1113
add17b69
BD		 1114 <table name="Physical_Locator_Set">
1115 <p>
1116 A set of one or more <ref table="Physical_Locator"/>s.
1117 </p>
1118
1119 <p>
1120 This table exists only because OVSDB does not have a way to
1121 express the type ``map from string to one or more <ref
1122 table="Physical_Locator"/> records.''
1123 </p>
1124
f86f54a9 1125 <column name="locators"/>
add17b69
BD		 1126 </table>
1127
1128 <table name="Physical_Locator">
1129 <p>
1130 Identifies an endpoint to which logical switch traffic may be
1131 encapsulated and forwarded.
1132 </p>
1133
1134 <p>
c2cd1902
OBY		 1135 The <code>vxlan_over_ipv4</code> encapsulation, the only encapsulation
1136 defined so far, can use either tunnel key model described in the ``Per
1137 Logical-Switch Tunnel Key'' section in the <ref table="Logical_Switch"/>
1138 table. When the tunnel key per <ref table="Logical_Switch"/> model is in
1139 use, the <ref table="Logical_Switch" column="tunnel_key"/> column in the
1140 <ref table="Logical_Switch"/> table is filled with a VNI and the <ref
1141 column="tunnel_key"/> column in this table is empty; in the
1142 key-per-tunnel model, the opposite is true. The former model is older,
1143 and thus likely to be more widely supported. See the ``Per
1144 Logical-Switch Tunnel Key'' section in the <ref table="Logical_Switch"/>
1145 table for further discussion of the model.
add17b69
BD		 1146 </p>
1147
1148 <column name="encapsulation_type">
1149 The type of tunneling encapsulation.
1150 </column>
1151
1152 <column name="dst_ip">
1153 <p>
1154 For <code>vxlan_over_ipv4</code> encapsulation, the IPv4 address of the
1155 VXLAN tunnel endpoint.
1156 </p>
1157
1158 <p>
1159 We expect that this column could be used for IPv4 or IPv6 addresses in
1160 encapsulations to be introduced later.
1161 </p>
1162 </column>
23f781e4 1163
c2cd1902
OBY		 1164 <column name="tunnel_key">
1165 <p>
1166 This column is used only in the tunnel key per <ref
1167 table="Logical_Switch"/>+<ref table="Physical_Locator"/> model (see
1168 above).
1169 </p>
1170
1171 <p>
1172 For <code>vxlan_over_ipv4</code> encapsulation, when the <ref
1173 table="Logical_Switch"/>+<ref table="Physical_Locator"/> model is in
1174 use, this column is the VXLAN VNI. It must be in the range 0 to
1175 16,777,215.
1176 </p>
1177 </column>
1178
add17b69 1179 </table>
c0c1dccb
BD		 1180 <table name="ACL_entry">
1181 <p>
1182 Describes the individual entries that comprise an Access Control List.
1183 </p>
1184 <p>
1185 Each entry in the table is a single rule to match on certain
1186 header fields. While there are a large number of fields that can
1187 be matched on, most hardware cannot match on arbitrary
1188 combinations of fields. It is common to match on either L2
1189 fields (described below in the L2 group of columns) or L3/L4 fields
1190 (the L3/L4 group of columns) but not both. The hardware switch
1191 controller may log an error if an ACL entry requires it to match
1192 on an incompatible mixture of fields.
1193 </p>
1194 <column name="sequence">
1195 <p>
1196 The sequence number for the ACL entry for the purpose of
1197 ordering entries in an ACL. Lower numbered entries are matched
1198 before higher numbered entries.
1199 </p>
1200 </column>
1201 <group title="L2 fields">
1202 <column name="source_mac">
1203 <p>
1204 Source MAC address, in the form
1205 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
1206 </p>
1207 </column>
1208 <column name="dest_mac">
1209 <p>
1210 Destination MAC address, in the form
1211 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
1212 </p>
1213 </column>
f86f54a9 1214 <column name="ethertype">
c0c1dccb
BD		 1215 <p>
1216 Ethertype in hexadecimal, in the form
1217 <var>0xAAAA</var>
1218 </p>
1219 </column>
1220 </group>
1221 <group title="L3/L4 fields">
1222 <column name="source_ip">
1223 <p>
1224 Source IP address, in the form
1225 <var>xx.xx.xx.xx</var> for IPv4 or appropriate
1226 colon-separated hexadecimal notation for IPv6.
1227 </p>
1228 </column>
1229 <column name="source_mask">
1230 <p>
1231 Mask that determines which bits of source_ip to match on, in the form
1232 <var>xx.xx.xx.xx</var> for IPv4 or appropriate
1233 colon-separated hexadecimal notation for IPv6.
1234 </p>
1235 </column>
1236 <column name="dest_ip">
1237 <p>
1238 Destination IP address, in the form
1239 <var>xx.xx.xx.xx</var> for IPv4 or appropriate
1240 colon-separated hexadecimal notation for IPv6.
1241 </p>
1242 </column>
1243 <column name="dest_mask">
1244 <p>
1245 Mask that determines which bits of dest_ip to match on, in the form
1246 <var>xx.xx.xx.xx</var> for IPv4 or appropriate
1247 colon-separated hexadecimal notation for IPv6.
1248 </p>
1249 </column>
1250 <column name="protocol">
1251 <p>
1252 Protocol number in the IPv4 header, or value of the "next
1253 header" field in the IPv6 header.
1254 </p>
1255 </column>
1256 <column name="source_port_min">
1257 <p>
1258 Lower end of the range of source port values. The value
1259 specified is included in the range.
1260 </p>
1261 </column>
1262 <column name="source_port_max">
1263 <p>
1264 Upper end of the range of source port values. The value
1265 specified is included in the range.
1266 </p>
1267 </column>
1268 <column name="dest_port_min">
1269 <p>
1270 Lower end of the range of destination port values. The value
1271 specified is included in the range.
1272 </p>
1273 </column>
1274 <column name="dest_port_max">
1275 <p>
1276 Upper end of the range of destination port values. The value
1277 specified is included in the range.
1278 </p>
1279 </column>
1280 <column name="tcp_flags">
1281 <p>
1282 Integer representing the value of TCP flags to match. For
1283 example, the SYN flag is the second least significant bit in
1284 the TCP flags. Hence a value of 2 would indicate that the "SYN"
1285 flag should be set (assuming an appropriate mask).
1286 </p>
1287 </column>
1288 <column name="tcp_flags_mask">
1289 <p>
1290 Integer representing the mask to apply when matching TCP
1291 flags. For example, a value of 2 would imply that the "SYN"
1292 flag should be matched and all other flags ignored.
1293 </p>
1294 </column>
1295 <column name="icmp_type">
1296 <p>
1297 ICMP type to be matched.
1298 </p>
1299 </column>
1300 <column name="icmp_code">
1301 <p>
1302 ICMP code to be matched.
1303 </p>
1304 </column>
1305 </group>
1306 <column name="direction">
1307 <p>
1308 Direction of traffic to match on the specified port, either
1309 "ingress" (toward the logical switch or router) or "egress"
1310 (leaving the logical switch or router).
1311 </p>
1312 </column>
1313 <column name="action">
1314 <p>
1315 Action to take for this rule, either "permit" or "deny".
1316 </p>
1317 </column>
1318 <group title="Error Notification">
1319 <p>
1320 An entry in this column indicates to the NVC that the ACL
1321 could not be configured as requested. The switch must clear this column when the error
1322 has been cleared.
1323 </p>
1324 <column name="acle_fault_status" key="invalid_acl_entry">
1325 <p>
1326 Indicates that an ACL entry requested by
1327 the controller could not be instantiated by the switch,
1328 e.g. because it requires an unsupported combination of
1329 fields to be matched.
1330 </p>
1331 </column>
1332 <column name="acle_fault_status" key="unspecified_fault">
1333 <p>
1334 Indicates that an error has occurred in configuring the ACL
1335 entry but no
1336 more specific information is available.
1337 </p>
1338 </column>
1339 </group>
1340 </table>
1341 <table name="ACL">
1342 <p>
1343 Access Control List table. Each ACL is constructed as a set of
1344 entries from the <ref table="ACL_entry"/> table. Packets that
1345 are not matched by any entry in the ACL are allowed by default.
1346 </p>
1347 <column name="acl_entries">
1348 <p>
1349 A set of references to entries in the <ref table="ACL_entry"/> table.
1350 </p>
1351 </column>
1352 <column name="acl_name">
1353 <p>
1354 A human readable name for the ACL, which may (for example) be displayed on
1355 the switch CLI.
1356 </p>
1357 </column>
1358 <group title="Error Notification">
1359 <p>
1360 An entry in this column indicates to the NVC that the ACL
1361 could not be configured as requested. The switch must clear this column when the error
1362 has been cleared.
1363 </p>
1364 <column name="acl_fault_status" key="invalid_acl">
1365 <p>
1366 Indicates that an ACL requested by
1367 the controller could not be instantiated by the switch,
1368 e.g., because it requires an unsupported combination of
1369 fields to be matched.
1370 </p>
1371 </column>
1372 <column name="acl_fault_status" key="resource_shortage">
1373 <p>
1374 Indicates that an ACL requested by
1375 the controller could not be instantiated by the switch due
1376 to a shortage of resources (e.g. TCAM space).
1377 </p>
1378 </column>
1379 <column name="acl_fault_status" key="unspecified_fault">
1380 <p>
1381 Indicates that an error has occurred in configuring the ACL
1382 but no
1383 more specific information is available.
1384 </p>
1385 </column>
1386 </group>
1387 </table>
add17b69 1388</database>
openvswitch mirror