]>
Commit | Line | Data |
---|---|---|
add17b69 | 1 | <?xml version="1.0" encoding="utf-8"?> |
57ba0a77 | 2 | <database name="vtep" title="Hardware VTEP Database"> |
add17b69 BD |
3 | <p> |
4 | This schema specifies relations that a VTEP can use to integrate | |
5 | physical ports into logical switches maintained by a network | |
6 | virtualization controller such as NSX. | |
7 | </p> | |
f86f54a9 | 8 | |
add17b69 BD |
9 | <p>Glossary:</p> |
10 | ||
11 | <dl> | |
12 | <dt>VTEP</dt> | |
13 | <dd> | |
14 | VXLAN Tunnel End Point, an entity which originates and/or terminates | |
15 | VXLAN tunnels. | |
16 | </dd> | |
17 | ||
18 | <dt>HSC</dt> | |
19 | <dd> | |
20 | Hardware Switch Controller. | |
21 | </dd> | |
22 | ||
23 | <dt>NVC</dt> | |
24 | <dd> | |
25 | Network Virtualization Controller, e.g. NSX. | |
26 | </dd> | |
27 | ||
28 | <dt>VRF</dt> | |
29 | <dd> | |
30 | Virtual Routing and Forwarding instance. | |
31 | </dd> | |
f86f54a9 | 32 | </dl> |
add17b69 | 33 | |
3e769995 SS |
34 | <h2>Common Column</h2> |
35 | ||
36 | <p> | |
37 | Some tables contain a column, named <code>other_config</code>. | |
38 | This column has the same form and purpose each place that it appears, | |
39 | so we describe it here to save space later. | |
40 | </p> | |
41 | ||
42 | <dl> | |
43 | <dt><code>other_config</code>: map of string-string pairs</dt> | |
44 | <dd> | |
45 | <p> | |
46 | Key-value pairs for configuring rarely used or proprietary features. | |
47 | </p> | |
48 | <p> | |
49 | Some tables do not have <code>other_config</code> column because no | |
50 | key-value pairs have yet been defined for them. | |
51 | </p> | |
52 | </dd> | |
53 | </dl> | |
54 | ||
add17b69 BD |
55 | <table name="Global" title="Top-level configuration."> |
56 | Top-level configuration for a hardware VTEP. There must be | |
57 | exactly one record in the <ref table="Global"/> table. | |
58 | ||
59 | <column name="switches"> | |
849222dd BP |
60 | <p> |
61 | The physical switch or switches managed by the VTEP. | |
62 | </p> | |
63 | ||
64 | <p> | |
65 | When a physical switch integrates support for this VTEP schema, which | |
66 | is expected to be the most common case, this column should point to one | |
67 | <ref table="Physical_Switch"/> record that represents the switch | |
68 | itself. In another possible implementation, a server or a VM presents | |
69 | a VTEP schema front-end interface to one or more physical switches, | |
70 | presumably communicating with those physical switches over a | |
71 | proprietary protocol. In that case, this column would point to one | |
72 | <ref table="Physical_Switch"/> for each physical switch, and the set | |
73 | might change over time as the front-end server comes to represent a | |
74 | differing set of switches. | |
75 | </p> | |
add17b69 BD |
76 | </column> |
77 | ||
78 | <group title="Database Configuration"> | |
79 | <p> | |
80 | These columns primarily configure the database server | |
81 | (<code>ovsdb-server</code>), not the hardware VTEP itself. | |
82 | </p> | |
83 | ||
84 | <column name="managers"> | |
85 | Database clients to which the database server should connect or | |
86 | to which it should listen, along with options for how these | |
87 | connection should be configured. See the <ref table="Manager"/> | |
88 | table for more information. | |
89 | </column> | |
90 | </group> | |
ff35498b DS |
91 | |
92 | <group title="Common Column"> | |
93 | The overall purpose of this column is described under <code>Common | |
94 | Column</code> at the beginning of this document. | |
95 | ||
96 | <column name="other_config"/> | |
97 | </group> | |
98 | ||
add17b69 BD |
99 | </table> |
100 | ||
101 | <table name="Manager" title="OVSDB management connection."> | |
102 | <p> | |
103 | Configuration for a database connection to an Open vSwitch Database | |
104 | (OVSDB) client. | |
105 | </p> | |
106 | ||
107 | <p> | |
108 | The database server can initiate and maintain active connections | |
109 | to remote clients. It can also listen for database connections. | |
110 | </p> | |
111 | ||
112 | <group title="Core Features"> | |
113 | <column name="target"> | |
114 | <p>Connection method for managers.</p> | |
115 | <p> | |
116 | The following connection methods are currently supported: | |
117 | </p> | |
118 | <dl> | |
771680d9 | 119 | <dt><code>ssl:<var>host</var></code>[<code>:<var>port</var></code>]</dt> |
add17b69 BD |
120 | <dd> |
121 | <p> | |
771680d9 YS |
122 | The specified SSL <var>port</var> (default: 6640) on the given |
123 | <var>host</var>, which can either be a DNS name (if built with | |
124 | unbound library) or an IP address. | |
add17b69 BD |
125 | </p> |
126 | <p> | |
fdf059ff BD |
127 | SSL key and certificate configuration happens outside the |
128 | database. | |
add17b69 BD |
129 | </p> |
130 | </dd> | |
131 | ||
771680d9 | 132 | <dt><code>tcp:<var>host</var></code>[<code>:<var>port</var></code>]</dt> |
add17b69 | 133 | <dd> |
771680d9 YS |
134 | The specified TCP <var>port</var> (default: 6640) on the given |
135 | <var>host</var>, which can either be a DNS name (if built with | |
136 | unbound library) or an IP address. | |
add17b69 | 137 | </dd> |
771680d9 | 138 | <dt><code>pssl:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt> |
add17b69 BD |
139 | <dd> |
140 | <p> | |
141 | Listens for SSL connections on the specified TCP <var>port</var> | |
771680d9 YS |
142 | (default: 6640). If <var>host</var>, which can either be a DNS |
143 | name (if built with unbound library) or an IP address, is | |
144 | specified, then connections are restricted to the resolved or | |
145 | specified local IP address. | |
add17b69 BD |
146 | </p> |
147 | </dd> | |
771680d9 | 148 | <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>host</var></code>]</dt> |
add17b69 BD |
149 | <dd> |
150 | Listens for connections on the specified TCP <var>port</var> | |
771680d9 YS |
151 | (default: 6640). If <var>host</var>, which can either be a DNS |
152 | name (if built with unbound library) or an IP address, is | |
153 | specified, then connections are restricted to the resolved or | |
154 | specified local IP address. | |
add17b69 BD |
155 | </dd> |
156 | </dl> | |
157 | </column> | |
158 | </group> | |
159 | ||
160 | <group title="Client Failure Detection and Handling"> | |
161 | <column name="max_backoff"> | |
162 | Maximum number of milliseconds to wait between connection attempts. | |
163 | Default is implementation-specific. | |
164 | </column> | |
165 | ||
166 | <column name="inactivity_probe"> | |
167 | Maximum number of milliseconds of idle time on connection to the | |
168 | client before sending an inactivity probe message. If the Open | |
169 | vSwitch database does not communicate with the client for the | |
170 | specified number of seconds, it will send a probe. If a | |
171 | response is not received for the same additional amount of time, | |
172 | the database server assumes the connection has been broken | |
173 | and attempts to reconnect. Default is implementation-specific. | |
174 | A value of 0 disables inactivity probes. | |
175 | </column> | |
176 | </group> | |
177 | ||
178 | <group title="Status"> | |
179 | <column name="is_connected"> | |
180 | <code>true</code> if currently connected to this manager, | |
181 | <code>false</code> otherwise. | |
182 | </column> | |
183 | ||
184 | <column name="status" key="last_error"> | |
185 | A human-readable description of the last error on the connection | |
186 | to the manager; i.e. <code>strerror(errno)</code>. This key | |
187 | will exist only if an error has occurred. | |
188 | </column> | |
189 | ||
190 | <column name="status" key="state" | |
191 | type='{"type": "string", "enum": ["set", ["VOID", "BACKOFF", "CONNECTING", "ACTIVE", "IDLE"]]}'> | |
192 | <p> | |
193 | The state of the connection to the manager: | |
194 | </p> | |
195 | <dl> | |
196 | <dt><code>VOID</code></dt> | |
197 | <dd>Connection is disabled.</dd> | |
198 | ||
199 | <dt><code>BACKOFF</code></dt> | |
200 | <dd>Attempting to reconnect at an increasing period.</dd> | |
201 | ||
202 | <dt><code>CONNECTING</code></dt> | |
203 | <dd>Attempting to connect.</dd> | |
204 | ||
205 | <dt><code>ACTIVE</code></dt> | |
206 | <dd>Connected, remote host responsive.</dd> | |
207 | ||
208 | <dt><code>IDLE</code></dt> | |
209 | <dd>Connection is idle. Waiting for response to keep-alive.</dd> | |
210 | </dl> | |
211 | <p> | |
212 | These values may change in the future. They are provided only for | |
213 | human consumption. | |
214 | </p> | |
215 | </column> | |
216 | ||
217 | <column name="status" key="sec_since_connect" | |
218 | type='{"type": "integer", "minInteger": 0}'> | |
219 | The amount of time since this manager last successfully connected | |
220 | to the database (in seconds). Value is empty if manager has never | |
221 | successfully connected. | |
222 | </column> | |
223 | ||
224 | <column name="status" key="sec_since_disconnect" | |
225 | type='{"type": "integer", "minInteger": 0}'> | |
226 | The amount of time since this manager last disconnected from the | |
227 | database (in seconds). Value is empty if manager has never | |
228 | disconnected. | |
229 | </column> | |
230 | ||
231 | <column name="status" key="locks_held"> | |
232 | Space-separated list of the names of OVSDB locks that the connection | |
233 | holds. Omitted if the connection does not hold any locks. | |
234 | </column> | |
235 | ||
236 | <column name="status" key="locks_waiting"> | |
237 | Space-separated list of the names of OVSDB locks that the connection is | |
238 | currently waiting to acquire. Omitted if the connection is not waiting | |
239 | for any locks. | |
240 | </column> | |
241 | ||
242 | <column name="status" key="locks_lost"> | |
243 | Space-separated list of the names of OVSDB locks that the connection | |
244 | has had stolen by another OVSDB client. Omitted if no locks have been | |
245 | stolen from this connection. | |
246 | </column> | |
247 | ||
248 | <column name="status" key="n_connections" | |
249 | type='{"type": "integer", "minInteger": 2}'> | |
250 | <p> | |
251 | When <ref column="target"/> specifies a connection method that | |
252 | listens for inbound connections (e.g. <code>ptcp:</code> or | |
253 | <code>pssl:</code>) and more than one connection is actually active, | |
254 | the value is the number of active connections. Otherwise, this | |
255 | key-value pair is omitted. | |
256 | </p> | |
257 | <p> | |
258 | When multiple connections are active, status columns and key-value | |
259 | pairs (other than this one) report the status of one arbitrarily | |
260 | chosen connection. | |
261 | </p> | |
262 | </column> | |
263 | </group> | |
264 | ||
265 | <group title="Connection Parameters"> | |
266 | <p> | |
267 | Additional configuration for a connection between the manager | |
268 | and the database server. | |
269 | </p> | |
270 | ||
271 | <column name="other_config" key="dscp" | |
f86f54a9 | 272 | type='{"type": "integer"}'> |
add17b69 BD |
273 | The Differentiated Service Code Point (DSCP) is specified using 6 bits |
274 | in the Type of Service (TOS) field in the IP header. DSCP provides a | |
275 | mechanism to classify the network traffic and provide Quality of | |
276 | Service (QoS) on IP networks. | |
277 | ||
278 | The DSCP value specified here is used when establishing the | |
279 | connection between the manager and the database server. If no | |
280 | value is specified, a default value of 48 is chosen. Valid DSCP | |
281 | values must be in the range 0 to 63. | |
282 | </column> | |
283 | </group> | |
284 | </table> | |
285 | ||
286 | <table name="Physical_Switch" title="A physical switch."> | |
287 | A physical switch that implements a VTEP. | |
288 | ||
289 | <column name="ports"> | |
290 | The physical ports within the switch. | |
291 | </column> | |
292 | ||
c8f4eed5 AS |
293 | <column name="tunnels"> |
294 | Tunnels created by this switch as instructed by the NVC. | |
295 | </column> | |
296 | ||
add17b69 BD |
297 | <group title="Network Status"> |
298 | <column name="management_ips"> | |
299 | IPv4 or IPv6 addresses at which the switch may be contacted | |
300 | for management purposes. | |
301 | </column> | |
302 | ||
303 | <column name="tunnel_ips"> | |
304 | <p> | |
305 | IPv4 or IPv6 addresses on which the switch may originate or | |
306 | terminate tunnels. | |
307 | </p> | |
308 | ||
309 | <p> | |
310 | This column is intended to allow a <ref table="Manager"/> to | |
311 | determine the <ref table="Physical_Switch"/> that terminates | |
312 | the tunnel represented by a <ref table="Physical_Locator"/>. | |
313 | </p> | |
314 | </column> | |
315 | </group> | |
316 | ||
317 | <group title="Identification"> | |
318 | <column name="name"> | |
fdf059ff | 319 | Symbolic name for the switch, such as its hostname. |
add17b69 | 320 | </column> |
f86f54a9 | 321 | |
add17b69 | 322 | <column name="description"> |
fdf059ff BD |
323 | An extended description for the switch, such as its switch login |
324 | banner. | |
add17b69 BD |
325 | </column> |
326 | </group> | |
255842d9 BD |
327 | <group title="Error Notification"> |
328 | <p> | |
fdf059ff BD |
329 | An entry in this column indicates to the NVC that this switch |
330 | has encountered a fault. The switch must clear this column | |
331 | when the fault has been cleared. | |
255842d9 BD |
332 | </p> |
333 | ||
334 | <column name="switch_fault_status" key="mac_table_exhaustion"> | |
335 | Indicates that the switch has been unable to process MAC | |
336 | entries requested by the NVC due to lack of table resources. | |
337 | </column> | |
338 | ||
339 | <column name="switch_fault_status" key="tunnel_exhaustion"> | |
340 | Indicates that the switch has been unable to create tunnels | |
341 | requested by the NVC due to lack of resources. | |
342 | </column> | |
343 | ||
1f661ac7 DS |
344 | <column name="switch_fault_status" key="lr_switch_bindings_fault"> |
345 | Indicates that the switch has been unable to create the logical router | |
346 | interfaces requested by the NVC due to conflicting configurations or a | |
347 | lack of hardware resources. | |
348 | </column> | |
349 | ||
350 | <column name="switch_fault_status" key="lr_static_routes_fault"> | |
351 | Indicates that the switch has been unable to create the static routes | |
352 | requested by the NVC due to conflicting configurations or a lack of | |
353 | hardware resources. | |
354 | </column> | |
355 | ||
356 | <column name="switch_fault_status" key="lr_creation_fault"> | |
357 | Indicates that the switch has been unable to create the logical router | |
358 | requested by the NVC due to conflicting configurations or a lack of | |
359 | hardware resources. | |
360 | </column> | |
361 | ||
362 | <column name="switch_fault_status" key="lr_support_fault"> | |
363 | Indicates that the switch does not support logical routing. | |
364 | </column> | |
365 | ||
255842d9 BD |
366 | <column name="switch_fault_status" key="unspecified_fault"> |
367 | Indicates that an error has occurred in the switch but that no | |
368 | more specific information is available. | |
369 | </column> | |
b351ac0c DB |
370 | |
371 | <column name="switch_fault_status" | |
372 | key="unsupported_source_node_replication"> | |
373 | Indicates that the requested source node replication mode cannot be | |
374 | supported by the physical switch; this specifically means in this | |
375 | context that the physical switch lacks the capability to support | |
376 | source node replication mode. This error occurs when a controller | |
377 | attempts to set source node replication mode for one of the logical | |
378 | switches that the physical switch is keeping context for. An NVC | |
379 | that observes this error should take appropriate action (for example | |
380 | reverting the logical switch to service node replication mode). | |
381 | It is recommended that an NVC be proactive and test for support of | |
382 | source node replication by using a test logical switch on vtep | |
383 | physical switch nodes and then trying to change the replication mode | |
384 | to source node on this logical switch, checking for error. The NVC | |
385 | could remember this capability per vtep physical switch. Using | |
386 | mixed replication modes on a given logical switch is not recommended. | |
387 | Service node replication mode is considered a basic requirement | |
388 | since it only requires sending a packet to a single transport node, | |
389 | hence it is not expected that a switch should report that service | |
390 | node mode cannot be supported. | |
391 | </column> | |
3e769995 SS |
392 | </group> |
393 | ||
394 | <group title="Common Column"> | |
395 | The overall purpose of this column is described under <code>Common | |
396 | Column</code> at the beginning of this document. | |
255842d9 | 397 | |
3e769995 | 398 | <column name="other_config"/> |
255842d9 | 399 | </group> |
3e769995 | 400 | |
add17b69 BD |
401 | </table> |
402 | ||
c8f4eed5 AS |
403 | <table name="Tunnel" title="A tunnel created by a physical switch."> |
404 | A tunnel created by a <ref table="Physical_Switch"/>. | |
405 | ||
406 | <column name="local"> | |
407 | Tunnel end-point local to the physical switch. | |
408 | </column> | |
409 | ||
410 | <column name="remote"> | |
411 | Tunnel end-point remote to the physical switch. | |
412 | </column> | |
413 | ||
414 | <group title="Bidirectional Forwarding Detection (BFD)"> | |
415 | <p> | |
416 | BFD, defined in RFC 5880, allows point to point detection of | |
417 | connectivity failures by occasional transmission of BFD control | |
418 | messages. VTEPs are expected to implement BFD. | |
419 | </p> | |
420 | ||
421 | <p> | |
422 | BFD operates by regularly transmitting BFD control messages at a | |
423 | rate negotiated independently in each direction. Each endpoint | |
424 | specifies the rate at which it expects to receive control messages, | |
425 | and the rate at which it's willing to transmit them. An endpoint | |
426 | which fails to receive BFD control messages for a period of three | |
427 | times the expected reception rate will signal a connectivity | |
428 | fault. In the case of a unidirectional connectivity issue, the | |
429 | system not receiving BFD control messages will signal the problem | |
430 | to its peer in the messages it transmits. | |
431 | </p> | |
432 | ||
433 | <p> | |
434 | A hardware VTEP is expected to use BFD to determine reachability of | |
435 | devices at the end of the tunnels with which it exchanges data. This | |
436 | can enable the VTEP to choose a functioning service node among a set of | |
437 | service nodes providing high availability. It also enables the NVC to | |
438 | report the health status of tunnels. | |
439 | </p> | |
440 | ||
441 | <p> | |
19289787 | 442 | In many cases the BFD peer of a hardware VTEP will be an Open vSwitch |
c8f4eed5 AS |
443 | instance. The Open vSwitch implementation of BFD aims to comply |
444 | faithfully with the requirements put forth in RFC 5880. Open vSwitch | |
445 | does not implement the optional Authentication or ``Echo Mode'' | |
446 | features. | |
447 | </p> | |
448 | ||
449 | <group title="BFD Local Configuration"> | |
450 | <p> | |
451 | The HSC writes the key-value pairs in the | |
07bb41a9 | 452 | <ref column="bfd_config_local"/> column to specify the local |
c8f4eed5 AS |
453 | configurations to be used for BFD sessions on this tunnel. |
454 | </p> | |
455 | ||
456 | <column name="bfd_config_local" key="bfd_dst_mac"> | |
457 | Set to an Ethernet address in the form | |
458 | <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var> | |
459 | to set the MAC expected as destination for received BFD packets. | |
16ee1400 | 460 | The default is <code>00:23:20:00:00:01</code>. |
c8f4eed5 AS |
461 | </column> |
462 | ||
463 | <column name="bfd_config_local" key="bfd_dst_ip"> | |
464 | Set to an IPv4 address to set the IP address that is expected as destination | |
465 | for received BFD packets. The default is <code>169.254.1.0</code>. | |
466 | </column> | |
467 | ||
468 | </group> | |
469 | ||
470 | <group title="BFD Remote Configuration"> | |
471 | <p> | |
472 | The <ref column="bfd_config_remote"/> column is the remote | |
473 | counterpart of the <ref column="bfd_config_local"/> column. | |
474 | The NVC writes the key-value pairs in this column. | |
475 | </p> | |
476 | ||
477 | <column name="bfd_config_remote" key="bfd_dst_mac"> | |
478 | Set to an Ethernet address in the form | |
479 | <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var> | |
480 | to set the destination MAC to be used for transmitted BFD packets. | |
481 | The default is <code>00:23:20:00:00:01</code>. | |
482 | </column> | |
483 | ||
484 | <column name="bfd_config_remote" key="bfd_dst_ip"> | |
485 | Set to an IPv4 address to set the IP address used as destination | |
486 | for transmitted BFD packets. The default is <code>169.254.1.1</code>. | |
487 | </column> | |
488 | ||
489 | </group> | |
490 | ||
491 | <group title="BFD Parameters"> | |
492 | <p> | |
493 | The NVC sets up key-value pairs in the <ref column="bfd_params"/> | |
494 | column to enable and configure BFD. | |
495 | </p> | |
496 | ||
497 | <column name="bfd_params" key="enable" type='{"type": "boolean"}'> | |
19289787 AT |
498 | True to enable BFD on this <ref table="Tunnel"/>. If not |
499 | specified, BFD will not be enabled by default. | |
c8f4eed5 AS |
500 | </column> |
501 | ||
502 | <column name="bfd_params" key="min_rx" | |
503 | type='{"type": "integer", "minInteger": 1}'> | |
504 | The shortest interval, in milliseconds, at which this BFD session | |
505 | offers to receive BFD control messages. The remote endpoint may | |
506 | choose to send messages at a slower rate. Defaults to | |
507 | <code>1000</code>. | |
508 | </column> | |
509 | ||
510 | <column name="bfd_params" key="min_tx" | |
511 | type='{"type": "integer", "minInteger": 1}'> | |
512 | The shortest interval, in milliseconds, at which this BFD session is | |
513 | willing to transmit BFD control messages. Messages will actually be | |
514 | transmitted at a slower rate if the remote endpoint is not willing to | |
515 | receive as quickly as specified. Defaults to <code>100</code>. | |
516 | </column> | |
517 | ||
518 | <column name="bfd_params" key="decay_min_rx" type='{"type": "integer"}'> | |
519 | An alternate receive interval, in milliseconds, that must be greater | |
19289787 AT |
520 | than or equal to <ref column="bfd_params" key="min_rx"/>. The |
521 | implementation should switch from <ref column="bfd_params" key="min_rx"/> | |
522 | to <ref column="bfd_params" key="decay_min_rx"/> when there is no obvious | |
523 | incoming data traffic at the tunnel, to reduce the CPU and bandwidth | |
524 | cost of monitoring an idle tunnel. This feature may be disabled by | |
525 | setting a value of 0. This feature is reset whenever | |
526 | <ref column="bfd_params" key="decay_min_rx"/> or | |
527 | <ref column="bfd_params" key="min_rx"/> changes. | |
c8f4eed5 AS |
528 | </column> |
529 | ||
530 | <column name="bfd_params" key="forwarding_if_rx" type='{"type": "boolean"}'> | |
19289787 AT |
531 | When <code>true</code>, traffic received on the <ref table="Tunnel"/> |
532 | is used to indicate the capability of packet I/O. | |
533 | BFD control packets are still transmitted and received. At least one | |
534 | BFD control packet must be received every | |
535 | 100 * <ref column="bfd_params" key="min_rx"/> amount of time. | |
536 | Otherwise, even if traffic is received, the | |
537 | <ref column="bfd_params" key="forwarding"/> will be <code>false</code>. | |
c8f4eed5 AS |
538 | </column> |
539 | ||
540 | <column name="bfd_params" key="cpath_down" type='{"type": "boolean"}'> | |
541 | Set to true to notify the remote endpoint that traffic should not be | |
07bb41a9 | 542 | forwarded to this system for some reason other than a connectivity |
c8f4eed5 AS |
543 | failure on the interface being monitored. The typical underlying |
544 | reason is ``concatenated path down,'' that is, that connectivity | |
545 | beyond the local system is down. Defaults to false. | |
546 | </column> | |
547 | ||
548 | <column name="bfd_params" key="check_tnl_key" type='{"type": "boolean"}'> | |
549 | Set to true to make BFD accept only control messages with a tunnel | |
550 | key of zero. By default, BFD accepts control messages with any | |
551 | tunnel key. | |
552 | </column> | |
553 | ||
554 | </group> | |
555 | ||
19289787 AT |
556 | <group title="BFD Status"> |
557 | <p> | |
558 | The VTEP sets key-value pairs in the <ref column="bfd_status"/> | |
559 | column to report the status of BFD on this tunnel. When BFD is | |
560 | not enabled, with <ref column="bfd_params" key="enable"/>, the | |
561 | HSC clears all key-value pairs from <ref column="bfd_status"/>. | |
562 | </p> | |
c8f4eed5 | 563 | |
19289787 AT |
564 | <column name="bfd_status" key="enabled" type='{"type": "boolean"}'> |
565 | Set to true if the BFD session has been successfully enabled. | |
566 | Set to false if the VTEP cannot support BFD or has insufficient | |
567 | resources to enable BFD on this tunnel. The NVC will disable | |
568 | the BFD monitoring on the other side of the tunnel once this | |
569 | value is set to false. | |
570 | </column> | |
16ee1400 | 571 | |
19289787 AT |
572 | <column name="bfd_status" key="state" |
573 | type='{"type": "string", | |
c8f4eed5 | 574 | "enum": ["set", ["admin_down", "down", "init", "up"]]}'> |
19289787 AT |
575 | Reports the state of the BFD session. The BFD session is fully |
576 | healthy and negotiated if <code>UP</code>. | |
577 | </column> | |
c8f4eed5 | 578 | |
19289787 AT |
579 | <column name="bfd_status" key="forwarding" type='{"type": "boolean"}'> |
580 | Reports whether the BFD session believes this <ref table="Tunnel"/> | |
581 | may be used to forward traffic. Typically this means the local session | |
582 | is signaling <code>UP</code>, and the remote system isn't signaling a | |
583 | problem such as concatenated path down. | |
584 | </column> | |
c8f4eed5 | 585 | |
19289787 AT |
586 | <column name="bfd_status" key="diagnostic"> |
587 | A diagnostic code specifying the local system's reason for the | |
588 | last change in session state. The error messages are defined in | |
589 | section 4.1 of [RFC 5880]. | |
590 | </column> | |
c8f4eed5 | 591 | |
19289787 AT |
592 | <column name="bfd_status" key="remote_state" |
593 | type='{"type": "string", | |
c8f4eed5 | 594 | "enum": ["set", ["admin_down", "down", "init", "up"]]}'> |
19289787 AT |
595 | Reports the state of the remote endpoint's BFD session. |
596 | </column> | |
c8f4eed5 | 597 | |
19289787 AT |
598 | <column name="bfd_status" key="remote_diagnostic"> |
599 | A diagnostic code specifying the remote system's reason for the | |
600 | last change in session state. The error messages are defined in | |
601 | section 4.1 of [RFC 5880]. | |
602 | </column> | |
16ee1400 | 603 | |
19289787 AT |
604 | <column name="bfd_status" key="info"> |
605 | A short message providing further information about the BFD status | |
606 | (possibly including reasons why BFD could not be enabled). | |
607 | </column> | |
c8f4eed5 AS |
608 | </group> |
609 | </group> | |
610 | </table> | |
611 | ||
add17b69 BD |
612 | <table name="Physical_Port" title="A port within a physical switch."> |
613 | A port within a <ref table="Physical_Switch"/>. | |
614 | ||
615 | <column name="vlan_bindings"> | |
616 | Identifies how VLANs on the physical port are bound to logical switches. | |
617 | If, for example, the map contains a (VLAN, logical switch) pair, a packet | |
618 | that arrives on the port in the VLAN is considered to belong to the | |
b49f5f7a BD |
619 | paired logical switch. A value of zero in the VLAN field means |
620 | that untagged traffic on the physical port is mapped to the | |
621 | logical switch. | |
add17b69 BD |
622 | </column> |
623 | ||
c0c1dccb BD |
624 | <column name="acl_bindings"> |
625 | <p> | |
626 | Attach Access Control Lists (ACLs) to the physical port. The | |
627 | column consists of a map of VLAN tags to <ref table="ACL"/>s. If the value of | |
628 | the VLAN tag in the map is 0, this means that the ACL is | |
629 | associated with the entire physical port. Non-zero values mean | |
630 | that the ACL is to be applied only on packets carrying that VLAN | |
631 | tag value. Switches will not necessarily support matching on the | |
632 | VLAN tag for all ACLs, and unsupported ACL bindings will cause | |
633 | errors to be reported. The binding of an ACL to a specific | |
634 | VLAN and the binding of an ACL to the entire physical port | |
635 | should not be combined on a single physical port. That is, a | |
636 | mix of zero and non-zero keys in the map is not recommended. | |
637 | </p> | |
638 | </column> | |
639 | ||
add17b69 BD |
640 | <column name="vlan_stats"> |
641 | Statistics for VLANs bound to logical switches on the physical port. An | |
642 | implementation that fully supports such statistics would populate this | |
643 | column with a mapping for every VLAN that is bound in <ref | |
644 | column="vlan_bindings"/>. An implementation that does not support such | |
645 | statistics or only partially supports them would not populate this column | |
b49f5f7a BD |
646 | or partially populate it, respectively. A value of zero in the |
647 | VLAN field refers to untagged traffic on the physical port. | |
add17b69 BD |
648 | </column> |
649 | ||
650 | <group title="Identification"> | |
651 | <column name="name"> | |
fdf059ff BD |
652 | Symbolic name for the port. The name ought to be unique within a given |
653 | <ref table="Physical_Switch"/>, but the database is not capable of | |
654 | enforcing this. | |
add17b69 BD |
655 | </column> |
656 | ||
657 | <column name="description"> | |
fdf059ff | 658 | An extended description for the port. |
add17b69 BD |
659 | </column> |
660 | </group> | |
255842d9 BD |
661 | <group title="Error Notification"> |
662 | <p> | |
fdf059ff | 663 | An entry in this column indicates to the NVC that the physical port has |
07bb41a9 | 664 | encountered a fault. The switch must clear this column when the error |
fdf059ff | 665 | has been cleared. |
255842d9 BD |
666 | </p> |
667 | <column name="port_fault_status" key="invalid_vlan_map"> | |
fdf059ff BD |
668 | <p> |
669 | Indicates that a VLAN-to-logical-switch mapping requested by | |
670 | the controller could not be instantiated by the switch | |
671 | because of a conflict with local configuration. | |
672 | </p> | |
255842d9 | 673 | </column> |
c0c1dccb BD |
674 | <column name="port_fault_status" key="invalid_ACL_binding"> |
675 | <p> | |
676 | Indicates that an error has occurred in associating an ACL | |
677 | with a port. | |
678 | </p> | |
679 | </column> | |
255842d9 | 680 | <column name="port_fault_status" key="unspecified_fault"> |
fdf059ff BD |
681 | <p> |
682 | Indicates that an error has occurred on the port but that no | |
683 | more specific information is available. | |
684 | </p> | |
255842d9 BD |
685 | </column> |
686 | </group> | |
687 | ||
3e769995 SS |
688 | <group title="Common Column"> |
689 | The overall purpose of this column is described under <code>Common | |
690 | Column</code> at the beginning of this document. | |
691 | ||
692 | <column name="other_config"/> | |
693 | </group> | |
694 | ||
add17b69 BD |
695 | </table> |
696 | ||
697 | <table name="Logical_Binding_Stats" title="Statistics for a VLAN on a physical port bound to a logical network."> | |
698 | Reports statistics for the <ref table="Logical_Switch"/> with which a VLAN | |
699 | on a <ref table="Physical_Port"/> is associated. | |
700 | ||
701 | <group title="Statistics"> | |
702 | These statistics count only packets to which the binding applies. | |
703 | ||
704 | <column name="packets_from_local"> | |
705 | Number of packets sent by the <ref table="Physical_Switch"/>. | |
706 | </column> | |
707 | ||
708 | <column name="bytes_from_local"> | |
709 | Number of bytes in packets sent by the <ref table="Physical_Switch"/>. | |
710 | </column> | |
711 | ||
712 | <column name="packets_to_local"> | |
713 | Number of packets received by the <ref table="Physical_Switch"/>. | |
714 | </column> | |
715 | ||
716 | <column name="bytes_to_local"> | |
717 | Number of bytes in packets received by the <ref | |
718 | table="Physical_Switch"/>. | |
719 | </column> | |
720 | </group> | |
721 | </table> | |
722 | ||
723 | <table name="Logical_Switch" title="A layer-2 domain."> | |
724 | A logical Ethernet switch, whose implementation may span physical and | |
725 | virtual media, possibly crossing L3 domains via tunnels; a logical layer-2 | |
726 | domain; an Ethernet broadcast domain. | |
727 | ||
728 | ||
729 | ||
730 | <group title="Per Logical-Switch Tunnel Key"> | |
731 | <p> | |
732 | Tunnel protocols tend to have a field that allows the tunnel | |
733 | to be partitioned into sub-tunnels: VXLAN has a VNI, GRE and | |
734 | STT have a key, CAPWAP has a WSI, and so on. We call these | |
735 | generically ``tunnel keys.'' Given that one needs to use a | |
736 | tunnel key at all, there are at least two reasonable ways to | |
737 | assign their values: | |
738 | </p> | |
739 | ||
740 | <ul> | |
741 | <li> | |
742 | <p> | |
743 | Per <ref table="Logical_Switch"/>+<ref table="Physical_Locator"/> | |
744 | pair. That is, each logical switch may be assigned a different | |
745 | tunnel key on every <ref table="Physical_Locator"/>. This model is | |
746 | especially flexible. | |
747 | </p> | |
748 | ||
749 | <p> | |
750 | In this model, <ref table="Physical_Locator"/> carries the tunnel | |
751 | key. Therefore, one <ref table="Physical_Locator"/> record will | |
752 | exist for each logical switch carried at a given IP destination. | |
753 | </p> | |
754 | </li> | |
755 | ||
756 | <li> | |
757 | <p> | |
758 | Per <ref table="Logical_Switch"/>. That is, every tunnel | |
759 | associated with a particular logical switch carries the same tunnel | |
760 | key, regardless of the <ref table="Physical_Locator"/> to which the | |
761 | tunnel is addressed. This model may ease switch implementation | |
762 | because it imposes fewer requirements on the hardware datapath. | |
763 | </p> | |
764 | ||
765 | <p> | |
766 | In this model, <ref table="Logical_Switch"/> carries the tunnel | |
767 | key. Therefore, one <ref table="Physical_Locator"/> record will | |
768 | exist for each IP destination. | |
769 | </p> | |
770 | </li> | |
771 | </ul> | |
772 | ||
773 | <column name="tunnel_key"> | |
774 | <p> | |
775 | This column is used only in the tunnel key per <ref | |
776 | table="Logical_Switch"/> model (see above), because only in that | |
777 | model is there a tunnel key associated with a logical switch. | |
778 | </p> | |
779 | ||
780 | <p> | |
c2cd1902 OBY |
781 | For <code>vxlan_over_ipv4</code> encapsulation, when the tunnel key |
782 | per <ref table="Logical_Switch"/> model is in use, this column is the | |
783 | VXLAN VNI that identifies a logical switch. It must be in the range | |
784 | 0 to 16,777,215. | |
add17b69 BD |
785 | </p> |
786 | </column> | |
787 | </group> | |
788 | ||
b351ac0c DB |
789 | <group title="Replication Mode"> |
790 | <p> | |
791 | For handling L2 broadcast, multicast and unknown unicast traffic, | |
792 | packets can be sent to all members of a logical switch referenced by | |
793 | a physical switch. There are different modes to replicate the | |
794 | packets. The default mode of replication is to send the traffic to | |
795 | a service node, which can be a hypervisor, server or appliance, and | |
796 | let the service node handle replication to other transport nodes | |
797 | (hypervisors or other VTEP physical switches). This mode is called | |
798 | service node replication. An alternate mode of replication, called | |
799 | source node replication involves the source node sending to all | |
800 | other transport nodes. Hypervisors are always responsible for doing | |
801 | their own replication for locally attached VMs in both modes. | |
802 | Service node replication mode is the default and considered a | |
803 | basic requirement because it only requires sending the packet to | |
804 | a single transport node. | |
805 | </p> | |
806 | ||
807 | <column name="replication_mode"> | |
808 | <p> | |
809 | This optional column defines the replication mode per | |
810 | <ref table="Logical_Switch"/>. There are 2 valid values, | |
811 | <code>service_node</code> and <code>source_node</code>. If the | |
812 | column is not set, the replication mode defaults to service_node. | |
813 | </p> | |
814 | ||
815 | </column> | |
816 | </group> | |
817 | ||
add17b69 BD |
818 | <group title="Identification"> |
819 | <column name="name"> | |
fdf059ff | 820 | Symbolic name for the logical switch. |
add17b69 | 821 | </column> |
f86f54a9 | 822 | |
add17b69 | 823 | <column name="description"> |
fdf059ff BD |
824 | An extended description for the logical switch, such as its switch |
825 | login banner. | |
add17b69 BD |
826 | </column> |
827 | </group> | |
3e769995 SS |
828 | |
829 | <group title="Common Column"> | |
830 | The overall purpose of this column is described under <code>Common | |
831 | Column</code> at the beginning of this document. | |
832 | ||
833 | <column name="other_config"/> | |
834 | </group> | |
835 | ||
add17b69 BD |
836 | </table> |
837 | ||
838 | <table name="Ucast_Macs_Local" title="Unicast MACs (local)"> | |
839 | <p> | |
840 | Mapping of unicast MAC addresses to tunnels (physical | |
841 | locators). This table is written by the HSC, so it contains the | |
842 | MAC addresses that have been learned on physical ports by a | |
843 | VTEP. | |
844 | </p> | |
845 | ||
846 | <column name="MAC"> | |
847 | A MAC address that has been learned by the VTEP. | |
848 | </column> | |
849 | ||
850 | <column name="logical_switch"> | |
851 | The Logical switch to which this mapping applies. | |
852 | </column> | |
853 | ||
854 | <column name="locator"> | |
855 | The physical locator to be used to reach this MAC address. In | |
856 | this table, the physical locator will be one of the tunnel IP | |
857 | addresses of the appropriate VTEP. | |
858 | </column> | |
859 | ||
860 | <column name="ipaddr"> | |
861 | The IP address to which this MAC corresponds. Optional field for | |
862 | the purpose of ARP supression. | |
863 | </column> | |
864 | ||
865 | </table> | |
866 | ||
f86f54a9 | 867 | <table name="Ucast_Macs_Remote" title="Unicast MACs (remote)"> |
add17b69 BD |
868 | <p> |
869 | Mapping of unicast MAC addresses to tunnels (physical | |
870 | locators). This table is written by the NVC, so it contains the | |
871 | MAC addresses that the NVC has learned. These include VM MAC | |
872 | addresses, in which case the physical locators will be | |
873 | hypervisor IP addresses. The NVC will also report MACs that it | |
874 | has learned from other HSCs in the network, in which case the | |
875 | physical locators will be tunnel IP addresses of the | |
876 | corresponding VTEPs. | |
877 | </p> | |
878 | ||
879 | <column name="MAC"> | |
255842d9 | 880 | A MAC address that has been learned by the NVC. |
add17b69 BD |
881 | </column> |
882 | ||
883 | <column name="logical_switch"> | |
884 | The Logical switch to which this mapping applies. | |
885 | </column> | |
886 | ||
887 | <column name="locator"> | |
888 | The physical locator to be used to reach this MAC address. In | |
889 | this table, the physical locator will be either a hypervisor IP | |
890 | address or a tunnel IP addresses of another VTEP. | |
891 | </column> | |
892 | ||
893 | <column name="ipaddr"> | |
894 | The IP address to which this MAC corresponds. Optional field for | |
895 | the purpose of ARP supression. | |
896 | </column> | |
897 | ||
898 | </table> | |
899 | ||
900 | <table name="Mcast_Macs_Local" title="Multicast MACs (local)"> | |
901 | <p> | |
902 | Mapping of multicast MAC addresses to tunnels (physical | |
903 | locators). This table is written by the HSC, so it contains the | |
904 | MAC addresses that have been learned on physical ports by a | |
905 | VTEP. These may be learned by IGMP snooping, for example. This | |
906 | table also specifies how to handle unknown unicast and broadcast packets. | |
907 | </p> | |
908 | ||
909 | <column name="MAC"> | |
910 | <p> | |
f86f54a9 | 911 | A MAC address that has been learned by the VTEP. |
add17b69 BD |
912 | </p> |
913 | <p> | |
fdf059ff BD |
914 | The keyword <code>unknown-dst</code> is used as a special |
915 | ``Ethernet address'' that indicates the locations to which | |
916 | packets in a logical switch whose destination addresses do not | |
917 | otherwise appear in <ref table="Ucast_Macs_Local"/> (for | |
918 | unicast addresses) or <ref table="Mcast_Macs_Local"/> (for | |
919 | multicast addresses) should be sent. | |
add17b69 BD |
920 | </p> |
921 | </column> | |
922 | ||
923 | <column name="logical_switch"> | |
924 | The Logical switch to which this mapping applies. | |
925 | </column> | |
926 | ||
927 | <column name="locator_set"> | |
928 | The physical locator set to be used to reach this MAC address. In | |
929 | this table, the physical locator set will be contain one or more tunnel IP | |
930 | addresses of the appropriate VTEP(s). | |
931 | </column> | |
932 | ||
19368978 BP |
933 | <column name="ipaddr"> |
934 | The IP address to which this MAC corresponds. Optional field for | |
935 | the purpose of ARP supression. | |
936 | </column> | |
add17b69 BD |
937 | </table> |
938 | ||
939 | <table name="Mcast_Macs_Remote" title="Multicast MACs (remote)"> | |
940 | <p> | |
941 | Mapping of multicast MAC addresses to tunnels (physical | |
942 | locators). This table is written by the NVC, so it contains the | |
943 | MAC addresses that the NVC has learned. This | |
944 | table also specifies how to handle unknown unicast and broadcast | |
945 | packets. | |
946 | </p> | |
947 | <p> | |
948 | Multicast packet replication may be handled by a service node, | |
949 | in which case the physical locators will be IP addresses of | |
950 | service nodes. If the VTEP supports replication onto multiple | |
b351ac0c DB |
951 | tunnels, using source node replication, then this may be used to |
952 | replicate directly onto VTEP-hypervisor or VTEP-VTEP tunnels. | |
add17b69 BD |
953 | </p> |
954 | ||
955 | <column name="MAC"> | |
956 | <p> | |
fdf059ff | 957 | A MAC address that has been learned by the NVC. |
add17b69 BD |
958 | </p> |
959 | <p> | |
fdf059ff BD |
960 | The keyword <code>unknown-dst</code> is used as a special |
961 | ``Ethernet address'' that indicates the locations to which | |
962 | packets in a logical switch whose destination addresses do not | |
963 | otherwise appear in <ref table="Ucast_Macs_Remote"/> (for | |
964 | unicast addresses) or <ref table="Mcast_Macs_Remote"/> (for | |
965 | multicast addresses) should be sent. | |
add17b69 BD |
966 | </p> |
967 | </column> | |
968 | ||
969 | <column name="logical_switch"> | |
970 | The Logical switch to which this mapping applies. | |
971 | </column> | |
972 | ||
973 | <column name="locator_set"> | |
974 | The physical locator set to be used to reach this MAC address. In | |
b351ac0c DB |
975 | this table, the physical locator set will be either a set of service |
976 | nodes when service node replication is used or the set of transport | |
977 | nodes (defined as hypervisors or VTEPs) participating in the associated | |
978 | logical switch, when source node replication is used. When service node | |
979 | replication is used, the VTEP should send packets to one member of the | |
980 | locator set that is known to be healthy and reachable, which could be | |
981 | determined by BFD. When source node replication is used, the VTEP | |
982 | should send packets to all members of the locator set. | |
add17b69 BD |
983 | </column> |
984 | ||
985 | <column name="ipaddr"> | |
986 | The IP address to which this MAC corresponds. Optional field for | |
987 | the purpose of ARP supression. | |
988 | </column> | |
989 | ||
990 | </table> | |
991 | ||
992 | <table name="Logical_Router" title="A logical L3 router."> | |
993 | <p> | |
994 | A logical router, or VRF. A logical router may be connected to one or more | |
f86f54a9 | 995 | logical switches. Subnet addresses and interface addresses may be configured on the |
add17b69 BD |
996 | interfaces. |
997 | </p> | |
f86f54a9 | 998 | |
add17b69 BD |
999 | <column name="switch_binding"> |
1000 | Maps from an IPv4 or IPv6 address prefix in CIDR notation to a | |
1001 | logical switch. Multiple prefixes may map to the same switch. By | |
1002 | writing a 32-bit (or 128-bit for v6) address with a /N prefix | |
1003 | length, both the router's interface address and the subnet | |
1004 | prefix can be configured. For example, 192.68.1.1/24 creates a | |
1005 | /24 subnet for the logical switch attached to the interface and | |
1006 | assigns the address 192.68.1.1 to the router interface. | |
1007 | </column> | |
1008 | ||
1009 | <column name="static_routes"> | |
1010 | One or more static routes, mapping IP prefixes to next hop IP addresses. | |
1011 | </column> | |
1012 | ||
c0c1dccb BD |
1013 | <column name="acl_binding"> |
1014 | Maps ACLs to logical router interfaces. The router interfaces | |
1015 | are indicated using IP address notation, and must be the same | |
1016 | interfaces created in the <ref column="switch_binding"/> | |
1017 | column. For example, an ACL could be associated with the logical | |
1018 | router interface with an address of 192.68.1.1 as defined in the | |
1019 | example above. | |
1020 | </column> | |
1021 | ||
add17b69 BD |
1022 | <group title="Identification"> |
1023 | <column name="name"> | |
fdf059ff | 1024 | Symbolic name for the logical router. |
add17b69 BD |
1025 | </column> |
1026 | ||
1027 | <column name="description"> | |
fdf059ff | 1028 | An extended description for the logical router. |
add17b69 BD |
1029 | </column> |
1030 | </group> | |
c0c1dccb BD |
1031 | |
1032 | <group title="Error Notification"> | |
1033 | <p> | |
1034 | An entry in this column indicates to the NVC that the HSC has | |
1035 | encountered a fault in configuring state related to the | |
1036 | logical router. | |
1037 | </p> | |
1038 | <column name="LR_fault_status" key="invalid_ACL_binding"> | |
1039 | <p> | |
1040 | Indicates that an error has occurred in associating an ACL | |
1041 | with a logical router port. | |
1042 | </p> | |
1043 | </column> | |
1044 | <column name="LR_fault_status" key="unspecified_fault"> | |
1045 | <p> | |
1046 | Indicates that an error has occurred in configuring the | |
1047 | logical router but that no | |
1048 | more specific information is available. | |
1049 | </p> | |
1050 | </column> | |
1051 | </group> | |
1052 | ||
3e769995 SS |
1053 | <group title="Common Column"> |
1054 | The overall purpose of this column is described under <code>Common | |
1055 | Column</code> at the beginning of this document. | |
1056 | ||
1057 | <column name="other_config"/> | |
1058 | </group> | |
1059 | ||
add17b69 BD |
1060 | </table> |
1061 | ||
7ae92590 BD |
1062 | <table name="Arp_Sources_Local" title="ARP source addresses for logical routers"> |
1063 | <p> | |
1064 | MAC address to be used when a VTEP issues ARP requests on behalf | |
1065 | of a logical router. | |
1066 | </p> | |
1067 | ||
1068 | <p> | |
1069 | A distributed logical router is implemented by a set of VTEPs | |
1070 | (both hardware VTEPs and vswitches). In order for a given VTEP | |
1071 | to populate the local ARP cache for a logical router, it issues | |
1072 | ARP requests with a source MAC address that is unique to the VTEP. A | |
1073 | single per-VTEP MAC can be re-used across all logical | |
1074 | networks. This table contains the MACs that are used by the | |
1075 | VTEPs of a given HSC. The table provides the mapping from MAC to | |
1076 | physical locator for each VTEP so that replies to the ARP | |
1077 | requests can be sent back to the correct VTEP using the | |
1078 | appropriate physical locator. | |
1079 | </p> | |
1080 | ||
1081 | <column name="src_mac"> | |
1082 | The source MAC to be used by a given VTEP. | |
1083 | </column> | |
1084 | ||
1085 | <column name="locator"> | |
1086 | The <ref table="Physical_Locator"/> to use for replies to ARP | |
1087 | requests from this MAC address. | |
1088 | </column> | |
1089 | </table> | |
1090 | ||
1091 | <table name="Arp_Sources_Remote" title="ARP source addresses for logical routers"> | |
1092 | <p> | |
1093 | MAC address to be used when a remote VTEP issues ARP requests on behalf | |
1094 | of a logical router. | |
1095 | </p> | |
1096 | ||
1097 | <p> | |
1098 | This table is the remote counterpart of <ref | |
1099 | table="Arp_sources_local"/>. The NVC writes this table to notify | |
1100 | the HSC of the MACs that will be used by remote VTEPs when they | |
1101 | issue ARP requests on behalf of a distributed logical router. | |
1102 | </p> | |
1103 | ||
1104 | <column name="src_mac"> | |
1105 | The source MAC to be used by a given VTEP. | |
1106 | </column> | |
1107 | ||
1108 | <column name="locator"> | |
1109 | The <ref table="Physical_Locator"/> to use for replies to ARP | |
1110 | requests from this MAC address. | |
1111 | </column> | |
1112 | </table> | |
1113 | ||
add17b69 BD |
1114 | <table name="Physical_Locator_Set"> |
1115 | <p> | |
1116 | A set of one or more <ref table="Physical_Locator"/>s. | |
1117 | </p> | |
1118 | ||
1119 | <p> | |
1120 | This table exists only because OVSDB does not have a way to | |
1121 | express the type ``map from string to one or more <ref | |
1122 | table="Physical_Locator"/> records.'' | |
1123 | </p> | |
1124 | ||
f86f54a9 | 1125 | <column name="locators"/> |
add17b69 BD |
1126 | </table> |
1127 | ||
1128 | <table name="Physical_Locator"> | |
1129 | <p> | |
1130 | Identifies an endpoint to which logical switch traffic may be | |
1131 | encapsulated and forwarded. | |
1132 | </p> | |
1133 | ||
1134 | <p> | |
c2cd1902 OBY |
1135 | The <code>vxlan_over_ipv4</code> encapsulation, the only encapsulation |
1136 | defined so far, can use either tunnel key model described in the ``Per | |
1137 | Logical-Switch Tunnel Key'' section in the <ref table="Logical_Switch"/> | |
1138 | table. When the tunnel key per <ref table="Logical_Switch"/> model is in | |
1139 | use, the <ref table="Logical_Switch" column="tunnel_key"/> column in the | |
1140 | <ref table="Logical_Switch"/> table is filled with a VNI and the <ref | |
1141 | column="tunnel_key"/> column in this table is empty; in the | |
1142 | key-per-tunnel model, the opposite is true. The former model is older, | |
1143 | and thus likely to be more widely supported. See the ``Per | |
1144 | Logical-Switch Tunnel Key'' section in the <ref table="Logical_Switch"/> | |
1145 | table for further discussion of the model. | |
add17b69 BD |
1146 | </p> |
1147 | ||
1148 | <column name="encapsulation_type"> | |
1149 | The type of tunneling encapsulation. | |
1150 | </column> | |
1151 | ||
1152 | <column name="dst_ip"> | |
1153 | <p> | |
1154 | For <code>vxlan_over_ipv4</code> encapsulation, the IPv4 address of the | |
1155 | VXLAN tunnel endpoint. | |
1156 | </p> | |
1157 | ||
1158 | <p> | |
1159 | We expect that this column could be used for IPv4 or IPv6 addresses in | |
1160 | encapsulations to be introduced later. | |
1161 | </p> | |
1162 | </column> | |
23f781e4 | 1163 | |
c2cd1902 OBY |
1164 | <column name="tunnel_key"> |
1165 | <p> | |
1166 | This column is used only in the tunnel key per <ref | |
1167 | table="Logical_Switch"/>+<ref table="Physical_Locator"/> model (see | |
1168 | above). | |
1169 | </p> | |
1170 | ||
1171 | <p> | |
1172 | For <code>vxlan_over_ipv4</code> encapsulation, when the <ref | |
1173 | table="Logical_Switch"/>+<ref table="Physical_Locator"/> model is in | |
1174 | use, this column is the VXLAN VNI. It must be in the range 0 to | |
1175 | 16,777,215. | |
1176 | </p> | |
1177 | </column> | |
1178 | ||
add17b69 | 1179 | </table> |
c0c1dccb BD |
1180 | <table name="ACL_entry"> |
1181 | <p> | |
1182 | Describes the individual entries that comprise an Access Control List. | |
1183 | </p> | |
1184 | <p> | |
1185 | Each entry in the table is a single rule to match on certain | |
1186 | header fields. While there are a large number of fields that can | |
1187 | be matched on, most hardware cannot match on arbitrary | |
1188 | combinations of fields. It is common to match on either L2 | |
1189 | fields (described below in the L2 group of columns) or L3/L4 fields | |
1190 | (the L3/L4 group of columns) but not both. The hardware switch | |
1191 | controller may log an error if an ACL entry requires it to match | |
1192 | on an incompatible mixture of fields. | |
1193 | </p> | |
1194 | <column name="sequence"> | |
1195 | <p> | |
1196 | The sequence number for the ACL entry for the purpose of | |
1197 | ordering entries in an ACL. Lower numbered entries are matched | |
1198 | before higher numbered entries. | |
1199 | </p> | |
1200 | </column> | |
1201 | <group title="L2 fields"> | |
1202 | <column name="source_mac"> | |
1203 | <p> | |
1204 | Source MAC address, in the form | |
1205 | <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var> | |
1206 | </p> | |
1207 | </column> | |
1208 | <column name="dest_mac"> | |
1209 | <p> | |
1210 | Destination MAC address, in the form | |
1211 | <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var> | |
1212 | </p> | |
1213 | </column> | |
f86f54a9 | 1214 | <column name="ethertype"> |
c0c1dccb BD |
1215 | <p> |
1216 | Ethertype in hexadecimal, in the form | |
1217 | <var>0xAAAA</var> | |
1218 | </p> | |
1219 | </column> | |
1220 | </group> | |
1221 | <group title="L3/L4 fields"> | |
1222 | <column name="source_ip"> | |
1223 | <p> | |
1224 | Source IP address, in the form | |
1225 | <var>xx.xx.xx.xx</var> for IPv4 or appropriate | |
1226 | colon-separated hexadecimal notation for IPv6. | |
1227 | </p> | |
1228 | </column> | |
1229 | <column name="source_mask"> | |
1230 | <p> | |
1231 | Mask that determines which bits of source_ip to match on, in the form | |
1232 | <var>xx.xx.xx.xx</var> for IPv4 or appropriate | |
1233 | colon-separated hexadecimal notation for IPv6. | |
1234 | </p> | |
1235 | </column> | |
1236 | <column name="dest_ip"> | |
1237 | <p> | |
1238 | Destination IP address, in the form | |
1239 | <var>xx.xx.xx.xx</var> for IPv4 or appropriate | |
1240 | colon-separated hexadecimal notation for IPv6. | |
1241 | </p> | |
1242 | </column> | |
1243 | <column name="dest_mask"> | |
1244 | <p> | |
1245 | Mask that determines which bits of dest_ip to match on, in the form | |
1246 | <var>xx.xx.xx.xx</var> for IPv4 or appropriate | |
1247 | colon-separated hexadecimal notation for IPv6. | |
1248 | </p> | |
1249 | </column> | |
1250 | <column name="protocol"> | |
1251 | <p> | |
1252 | Protocol number in the IPv4 header, or value of the "next | |
1253 | header" field in the IPv6 header. | |
1254 | </p> | |
1255 | </column> | |
1256 | <column name="source_port_min"> | |
1257 | <p> | |
1258 | Lower end of the range of source port values. The value | |
1259 | specified is included in the range. | |
1260 | </p> | |
1261 | </column> | |
1262 | <column name="source_port_max"> | |
1263 | <p> | |
1264 | Upper end of the range of source port values. The value | |
1265 | specified is included in the range. | |
1266 | </p> | |
1267 | </column> | |
1268 | <column name="dest_port_min"> | |
1269 | <p> | |
1270 | Lower end of the range of destination port values. The value | |
1271 | specified is included in the range. | |
1272 | </p> | |
1273 | </column> | |
1274 | <column name="dest_port_max"> | |
1275 | <p> | |
1276 | Upper end of the range of destination port values. The value | |
1277 | specified is included in the range. | |
1278 | </p> | |
1279 | </column> | |
1280 | <column name="tcp_flags"> | |
1281 | <p> | |
1282 | Integer representing the value of TCP flags to match. For | |
1283 | example, the SYN flag is the second least significant bit in | |
1284 | the TCP flags. Hence a value of 2 would indicate that the "SYN" | |
1285 | flag should be set (assuming an appropriate mask). | |
1286 | </p> | |
1287 | </column> | |
1288 | <column name="tcp_flags_mask"> | |
1289 | <p> | |
1290 | Integer representing the mask to apply when matching TCP | |
1291 | flags. For example, a value of 2 would imply that the "SYN" | |
1292 | flag should be matched and all other flags ignored. | |
1293 | </p> | |
1294 | </column> | |
1295 | <column name="icmp_type"> | |
1296 | <p> | |
1297 | ICMP type to be matched. | |
1298 | </p> | |
1299 | </column> | |
1300 | <column name="icmp_code"> | |
1301 | <p> | |
1302 | ICMP code to be matched. | |
1303 | </p> | |
1304 | </column> | |
1305 | </group> | |
1306 | <column name="direction"> | |
1307 | <p> | |
1308 | Direction of traffic to match on the specified port, either | |
1309 | "ingress" (toward the logical switch or router) or "egress" | |
1310 | (leaving the logical switch or router). | |
1311 | </p> | |
1312 | </column> | |
1313 | <column name="action"> | |
1314 | <p> | |
1315 | Action to take for this rule, either "permit" or "deny". | |
1316 | </p> | |
1317 | </column> | |
1318 | <group title="Error Notification"> | |
1319 | <p> | |
1320 | An entry in this column indicates to the NVC that the ACL | |
1321 | could not be configured as requested. The switch must clear this column when the error | |
1322 | has been cleared. | |
1323 | </p> | |
1324 | <column name="acle_fault_status" key="invalid_acl_entry"> | |
1325 | <p> | |
1326 | Indicates that an ACL entry requested by | |
1327 | the controller could not be instantiated by the switch, | |
1328 | e.g. because it requires an unsupported combination of | |
1329 | fields to be matched. | |
1330 | </p> | |
1331 | </column> | |
1332 | <column name="acle_fault_status" key="unspecified_fault"> | |
1333 | <p> | |
1334 | Indicates that an error has occurred in configuring the ACL | |
1335 | entry but no | |
1336 | more specific information is available. | |
1337 | </p> | |
1338 | </column> | |
1339 | </group> | |
1340 | </table> | |
1341 | <table name="ACL"> | |
1342 | <p> | |
1343 | Access Control List table. Each ACL is constructed as a set of | |
1344 | entries from the <ref table="ACL_entry"/> table. Packets that | |
1345 | are not matched by any entry in the ACL are allowed by default. | |
1346 | </p> | |
1347 | <column name="acl_entries"> | |
1348 | <p> | |
1349 | A set of references to entries in the <ref table="ACL_entry"/> table. | |
1350 | </p> | |
1351 | </column> | |
1352 | <column name="acl_name"> | |
1353 | <p> | |
1354 | A human readable name for the ACL, which may (for example) be displayed on | |
1355 | the switch CLI. | |
1356 | </p> | |
1357 | </column> | |
1358 | <group title="Error Notification"> | |
1359 | <p> | |
1360 | An entry in this column indicates to the NVC that the ACL | |
1361 | could not be configured as requested. The switch must clear this column when the error | |
1362 | has been cleared. | |
1363 | </p> | |
1364 | <column name="acl_fault_status" key="invalid_acl"> | |
1365 | <p> | |
1366 | Indicates that an ACL requested by | |
1367 | the controller could not be instantiated by the switch, | |
1368 | e.g., because it requires an unsupported combination of | |
1369 | fields to be matched. | |
1370 | </p> | |
1371 | </column> | |
1372 | <column name="acl_fault_status" key="resource_shortage"> | |
1373 | <p> | |
1374 | Indicates that an ACL requested by | |
1375 | the controller could not be instantiated by the switch due | |
1376 | to a shortage of resources (e.g. TCAM space). | |
1377 | </p> | |
1378 | </column> | |
1379 | <column name="acl_fault_status" key="unspecified_fault"> | |
1380 | <p> | |
1381 | Indicates that an error has occurred in configuring the ACL | |
1382 | but no | |
1383 | more specific information is available. | |
1384 | </p> | |
1385 | </column> | |
1386 | </group> | |
1387 | </table> | |
add17b69 | 1388 | </database> |