]> git.proxmox.com Git - mirror_ovs.git/blob - ovn/ovn-sb.xml
projects / mirror_ovs.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
actions: Allow caller to specify output table.
[mirror_ovs.git] / ovn / ovn-sb.xml
1 <?xml version="1.0" encoding="utf-8"?>
2 <database name="ovn-sb" title="OVN Southbound Database">
3 <p>
4 This database holds logical and physical configuration and state for the
5 Open Virtual Network (OVN) system to support virtual network abstraction.
6 For an introduction to OVN, please see <code>ovn-architecture</code>(7).
7 </p>
8
9 <p>
10 The OVN Southbound database sits at the center of the OVN
11 architecture. It is the one component that speaks both southbound
12 directly to all the hypervisors and gateways, via
13 <code>ovn-controller</code>, and northbound to the Cloud Management
14 System, via <code>ovn-northd</code>:
15 </p>
16
17 <h2>Database Structure</h2>
18
19 <p>
20 The OVN Southbound database contains three classes of data with
21 different properties, as described in the sections below.
22 </p>
23
24 <h3>Physical Network (PN) data</h3>
25
26 <p>
27 PN tables contain information about the chassis nodes in the system. This
28 contains all the information necessary to wire the overlay, such as IP
29 addresses, supported tunnel types, and security keys.
30 </p>
31
32 <p>
33 The amount of PN data is small (O(n) in the number of chassis) and it
34 changes infrequently, so it can be replicated to every chassis.
35 </p>
36
37 <p>
38 The <ref table="Chassis"/> and <ref table="Gateway"/> tables comprise the
39 PN tables.
40 </p>
41
42 <h3>Logical Network (LN) data</h3>
43
44 <p>
45 LN tables contain the topology of logical switches and routers, ACLs,
46 firewall rules, and everything needed to describe how packets traverse a
47 logical network, represented as logical datapath flows (see Logical
48 Datapath Flows, below).
49 </p>
50
51 <p>
52 LN data may be large (O(n) in the number of logical ports, ACL rules,
53 etc.). Thus, to improve scaling, each chassis should receive only data
54 related to logical networks in which that chassis participates. Past
55 experience shows that in the presence of large logical networks, even
56 finer-grained partitioning of data, e.g. designing logical flows so that
57 only the chassis hosting a logical port needs related flows, pays off
58 scale-wise. (This is not necessary initially but it is worth bearing in
59 mind in the design.)
60 </p>
61
62 <p>
63 The LN is a slave of the cloud management system running northbound of OVN.
64 That CMS determines the entire OVN logical configuration and therefore the
65 LN's content at any given time is a deterministic function of the CMS's
66 configuration, although that happens indirectly via the OVN Northbound DB
67 and <code>ovn-northd</code>.
68 </p>
69
70 <p>
71 LN data is likely to change more quickly than PN data. This is especially
72 true in a container environment where VMs are created and destroyed (and
73 therefore added to and deleted from logical switches) quickly.
74 </p>
75
76 <p>
77 The <ref table="Logical_Flow"/> table is currently the only LN table.
78 </p>
79
80 <h3>Bindings data</h3>
81
82 <p>
83 The Binding tables contain the current placement of logical components
84 (such as VMs and VIFs) onto chassis and the bindings between logical ports
85 and MACs.
86 </p>
87
88 <p>
89 Bindings change frequently, at least every time a VM powers up or down
90 or migrates, and especially quickly in a container environment. The
91 amount of data per VM (or VIF) is small.
92 </p>
93
94 <p>
95 Each chassis is authoritative about the VMs and VIFs that it hosts at any
96 given time and can efficiently flood that state to a central location, so
97 the consistency needs are minimal.
98 </p>
99
100 <p>
101 The <ref table="Port_Binding"/> table is currently the only binding data.
102 </p>
103
104 <table name="Chassis" title="Physical Network Hypervisor and Gateway Information">
105 <p>
106 Each row in this table represents a hypervisor or gateway (a chassis) in
107 the physical network (PN). Each chassis, via
108 <code>ovn-controller</code>, adds and updates its own row, and keeps a
109 copy of the remaining rows to determine how to reach other hypervisors.
110 </p>
111
112 <p>
113 When a chassis shuts down gracefully, it should remove its own row.
114 (This is not critical because resources hosted on the chassis are equally
115 unreachable regardless of whether the row is present.) If a chassis
116 shuts down permanently without removing its row, some kind of manual or
117 automatic cleanup is eventually needed; we can devise a process for that
118 as necessary.
119 </p>
120
121 <column name="name">
122 A chassis name, taken from <ref key="system-id" table="Open_vSwitch"
123 column="external_ids" db="Open_vSwitch"/> in the Open_vSwitch
124 database's <ref table="Open_vSwitch" db="Open_vSwitch"/> table. OVN does
125 not prescribe a particular format for chassis names.
126 </column>
127
128 <group title="Encapsulation Configuration">
129 <p>
130 OVN uses encapsulation to transmit logical dataplane packets
131 between chassis.
132 </p>
133
134 <column name="encaps">
135 Points to supported encapsulation configurations to transmit
136 logical dataplane packets to this chassis. Each entry is a <ref
137 table="Encap"/> record that describes the configuration.
138 </column>
139 </group>
140
141 <group title="Gateway Configuration">
142 <p>
143 A <dfn>gateway</dfn> is a chassis that forwards traffic between a
144 logical network and a physical VLAN. Gateways are typically dedicated
145 nodes that do not host VMs.
146 </p>
147
148 <column name="gateway_ports">
149 Maps from the name of a port attached to the OVN integration bridge
150 (typically a physical port or an Open vSwitch patch port) to a <ref
151 table="Gateway"/> record that describes the details of the gatewaying
152 function.
153 </column>
154 </group>
155 </table>
156
157 <table name="Encap" title="Encapsulation Types">
158 <p>
159 The <ref column="encaps" table="Chassis"/> column in the <ref
160 table="Chassis"/> table refers to rows in this table to identify
161 how OVN may transmit logical dataplane packets to this chassis.
162 Each chassis, via <code>ovn-controller</code>(8), adds and updates
163 its own rows and keeps a copy of the remaining rows to determine
164 how to reach other chassis.
165 </p>
166
167 <column name="type">
168 The encapsulation to use to transmit packets to this chassis.
169 Hypervisors must use either <code>geneve</code> or
170 <code>stt</code>. Gateways may use <code>vxlan</code>,
171 <code>geneve</code>, or <code>stt</code>.
172 </column>
173
174 <column name="options">
175 Options for configuring the encapsulation, e.g. IPsec parameters when
176 IPsec support is introduced. No options are currently defined.
177 </column>
178
179 <column name="ip">
180 The IPv4 address of the encapsulation tunnel endpoint.
181 </column>
182 </table>
183
184 <table name="Gateway" title="Physical Network Gateway Ports">
185 <p>
186 The <ref column="gateway_ports" table="Chassis"/> column in the <ref
187 table="Chassis"/> table refers to rows in this table to connect a chassis
188 port to a gateway function. Each row in this table describes the logical
189 networks to which a gateway port is attached. Each chassis, via
190 <code>ovn-controller</code>(8), adds and updates its own rows, if any
191 (since most chassis are not gateways), and keeps a copy of the remaining
192 rows to determine how to reach other chassis.
193 </p>
194
195 <column name="vlan_map">
196 Maps from a VLAN ID to a logical port name. Thus, each named logical
197 port corresponds to one VLAN on the gateway port.
198 </column>
199 </table>
200
201 <table name="Logical_Flow" title="Logical Network Flow">
202 <p>
203 Each row in this table represents one logical flow. The cloud management
204 system, via its OVN integration, populates this table with logical flows
205 that implement the L2 and L3 topology specified in the CMS configuration.
206 Each hypervisor, via <code>ovn-controller</code>, translates the logical
207 flows into OpenFlow flows specific to its hypervisor and installs them
208 into Open vSwitch.
209 </p>
210
211 <p>
212 Logical flows are expressed in an OVN-specific format, described here. A
213 logical datapath flow is much like an OpenFlow flow, except that the
214 flows are written in terms of logical ports and logical datapaths instead
215 of physical ports and physical datapaths. Translation between logical
216 and physical flows helps to ensure isolation between logical datapaths.
217 (The logical flow abstraction also allows the CMS to do less work, since
218 it does not have to separately compute and push out physical flows to each
219 chassis.)
220 </p>
221
222 <p>
223 The default action when no flow matches is to drop packets.
224 </p>
225
226 <column name="logical_datapath">
227 The logical datapath to which the logical flow belongs. A logical
228 datapath implements a logical pipeline among the ports in the <ref
229 table="Port_Binding"/> table associated with it. (No table represents a
230 logical datapath.) In practice, the pipeline in a given logical datapath
231 implements either a logical switch or a logical router, and
232 <code>ovn-northd</code> reuses the UUIDs for those logical entities from
233 the <code>OVN_Northbound</code> for logical datapaths.
234 </column>
235
236 <column name="table_id">
237 The stage in the logical pipeline, analogous to an OpenFlow table number.
238 </column>
239
240 <column name="priority">
241 The flow's priority. Flows with numerically higher priority take
242 precedence over those with lower. If two logical datapath flows with the
243 same priority both match, then the one actually applied to the packet is
244 undefined.
245 </column>
246
247 <column name="match">
248 <p>
249 A matching expression. OVN provides a superset of OpenFlow matching
250 capabilities, using a syntax similar to Boolean expressions in a
251 programming language.
252 </p>
253
254 <p>
255 The most important components of match expression are
256 <dfn>comparisons</dfn> between <dfn>symbols</dfn> and
257 <dfn>constants</dfn>, e.g. <code>ip4.dst == 192.168.0.1</code>,
258 <code>ip.proto == 6</code>, <code>arp.op == 1</code>, <code>eth.type ==
259 0x800</code>. The logical AND operator <code>&amp;&amp;</code> and
260 logical OR operator <code>||</code> can combine comparisons into a
261 larger expression.
262 </p>
263
264 <p>
265 Matching expressions also support parentheses for grouping, the logical
266 NOT prefix operator <code>!</code>, and literals <code>0</code> and
267 <code>1</code> to express ``false'' or ``true,'' respectively. The
268 latter is useful by itself as a catch-all expression that matches every
269 packet.
270 </p>
271
272 <p><em>Symbols</em></p>
273
274 <p>
275 <em>Type</em>. Symbols have <dfn>integer</dfn> or <dfn>string</dfn>
276 type. Integer symbols have a <dfn>width</dfn> in bits.
277 </p>
278
279 <p>
280 <em>Kinds</em>. There are three kinds of symbols:
281 </p>
282
283 <ul>
284 <li>
285 <p>
286 <dfn>Fields</dfn>. A field symbol represents a packet header or
287 metadata field. For example, a field
288 named <code>vlan.tci</code> might represent the VLAN TCI field in a
289 packet.
290 </p>
291
292 <p>
293 A field symbol can have integer or string type. Integer fields can
294 be nominal or ordinal (see <em>Level of Measurement</em>,
295 below).
296 </p>
297 </li>
298
299 <li>
300 <p>
301 <dfn>Subfields</dfn>. A subfield represents a subset of bits from
302 a larger field. For example, a field <code>vlan.vid</code> might
303 be defined as an alias for <code>vlan.tci[0..11]</code>. Subfields
304 are provided for syntactic convenience, because it is always
305 possible to instead refer to a subset of bits from a field
306 directly.
307 </p>
308
309 <p>
310 Only ordinal fields (see <em>Level of Measurement</em>,
311 below) may have subfields. Subfields are always ordinal.
312 </p>
313 </li>
314
315 <li>
316 <p>
317 <dfn>Predicates</dfn>. A predicate is shorthand for a Boolean
318 expression. Predicates may be used much like 1-bit fields. For
319 example, <code>ip4</code> might expand to <code>eth.type ==
320 0x800</code>. Predicates are provided for syntactic convenience,
321 because it is always possible to instead specify the underlying
322 expression directly.
323 </p>
324
325 <p>
326 A predicate whose expansion refers to any nominal field or
327 predicate (see <em>Level of Measurement</em>, below) is nominal;
328 other predicates have Boolean level of measurement.
329 </p>
330 </li>
331 </ul>
332
333 <p>
334 <em>Level of Measurement</em>. See
335 http://en.wikipedia.org/wiki/Level_of_measurement for the statistical
336 concept on which this classification is based. There are three
337 levels:
338 </p>
339
340 <ul>
341 <li>
342 <p>
343 <dfn>Ordinal</dfn>. In statistics, ordinal values can be ordered
344 on a scale. OVN considers a field (or subfield) to be ordinal if
345 its bits can be examined individually. This is true for the
346 OpenFlow fields that OpenFlow or Open vSwitch makes ``maskable.''
347 </p>
348
349 <p>
350 Any use of a nominal field may specify a single bit or a range of
351 bits, e.g. <code>vlan.tci[13..15]</code> refers to the PCP field
352 within the VLAN TCI, and <code>eth.dst[40]</code> refers to the
353 multicast bit in the Ethernet destination address.
354 </p>
355
356 <p>
357 OVN supports all the usual arithmetic relations (<code>==</code>,
358 <code>!=</code>, <code>&lt;</code>, <code>&lt;=</code>,
359 <code>&gt;</code>, and <code>&gt;=</code>) on ordinal fields and
360 their subfields, because OVN can implement these in OpenFlow and
361 Open vSwitch as collections of bitwise tests.
362 </p>
363 </li>
364
365 <li>
366 <p>
367 <dfn>Nominal</dfn>. In statistics, nominal values cannot be
368 usefully compared except for equality. This is true of OpenFlow
369 port numbers, Ethernet types, and IP protocols are examples: all of
370 these are just identifiers assigned arbitrarily with no deeper
371 meaning. In OpenFlow and Open vSwitch, bits in these fields
372 generally aren't individually addressable.
373 </p>
374
375 <p>
376 OVN only supports arithmetic tests for equality on nominal fields,
377 because OpenFlow and Open vSwitch provide no way for a flow to
378 efficiently implement other comparisons on them. (A test for
379 inequality can be sort of built out of two flows with different
380 priorities, but OVN matching expressions always generate flows with
381 a single priority.)
382 </p>
383
384 <p>
385 String fields are always nominal.
386 </p>
387 </li>
388
389 <li>
390 <p>
391 <dfn>Boolean</dfn>. A nominal field that has only two values, 0
392 and 1, is somewhat exceptional, since it is easy to support both
393 equality and inequality tests on such a field: either one can be
394 implemented as a test for 0 or 1.
395 </p>
396
397 <p>
398 Only predicates (see above) have a Boolean level of measurement.
399 </p>
400
401 <p>
402 This isn't a standard level of measurement.
403 </p>
404 </li>
405 </ul>
406
407 <p>
408 <em>Prerequisites</em>. Any symbol can have prerequisites, which are
409 additional condition implied by the use of the symbol. For example,
410 For example, <code>icmp4.type</code> symbol might have prerequisite
411 <code>icmp4</code>, which would cause an expression <code>icmp4.type ==
412 0</code> to be interpreted as <code>icmp4.type == 0 &amp;&amp;
413 icmp4</code>, which would in turn expand to <code>icmp4.type == 0
414 &amp;&amp; eth.type == 0x800 &amp;&amp; ip4.proto == 1</code> (assuming
415 <code>icmp4</code> is a predicate defined as suggested under
416 <em>Types</em> above).
417 </p>
418
419 <p><em>Relational operators</em></p>
420
421 <p>
422 All of the standard relational operators <code>==</code>,
423 <code>!=</code>, <code>&lt;</code>, <code>&lt;=</code>,
424 <code>&gt;</code>, and <code>&gt;=</code> are supported. Nominal
425 fields support only <code>==</code> and <code>!=</code>, and only in a
426 positive sense when outer <code>!</code> are taken into account,
427 e.g. given string field <code>inport</code>, <code>inport ==
428 "eth0"</code> and <code>!(inport != "eth0")</code> are acceptable, but
429 not <code>inport != "eth0"</code>.
430 </p>
431
432 <p>
433 The implementation of <code>==</code> (or <code>!=</code> when it is
434 negated), is more efficient than that of the other relational
435 operators.
436 </p>
437
438 <p><em>Constants</em></p>
439
440 <p>
441 Integer constants may be expressed in decimal, hexadecimal prefixed by
442 <code>0x</code>, or as dotted-quad IPv4 addresses, IPv6 addresses in
443 their standard forms, or Ethernet addresses as colon-separated hex
444 digits. A constant in any of these forms may be followed by a slash
445 and a second constant (the mask) in the same form, to form a masked
446 constant. IPv4 and IPv6 masks may be given as integers, to express
447 CIDR prefixes.
448 </p>
449
450 <p>
451 String constants have the same syntax as quoted strings in JSON (thus,
452 they are Unicode strings). String constants are used for naming
453 logical ports. Thus, the useful values are <ref
454 column="logical_port"/> names from the <ref column="Port_Binding"/> and
455 <ref column="Gateway"/> tables in a logical flow's <ref
456 column="logical_datapath"/>.
457 </p>
458
459 <p>
460 Some operators support sets of constants written inside curly braces
461 <code>{</code> ... <code>}</code>. Commas between elements of a set,
462 and after the last elements, are optional. With <code>==</code>,
463 ``<code><var>field</var> == { <var>constant1</var>,
464 <var>constant2</var>,</code> ... <code>}</code>'' is syntactic sugar
465 for ``<code><var>field</var> == <var>constant1</var> ||
466 <var>field</var> == <var>constant2</var> || </code>...<code></code>.
467 Similarly, ``<code><var>field</var> != { <var>constant1</var>,
468 <var>constant2</var>, </code>...<code> }</code>'' is equivalent to
469 ``<code><var>field</var> != <var>constant1</var> &amp;&amp;
470 <var>field</var> != <var>constant2</var> &amp;&amp;
471 </code>...<code></code>''.
472 </p>
473
474 <p><em>Miscellaneous</em></p>
475
476 <p>
477 Comparisons may name the symbol or the constant first,
478 e.g. <code>tcp.src == 80</code> and <code>80 == tcp.src</code> are both
479 acceptable.
480 </p>
481
482 <p>
483 Tests for a range may be expressed using a syntax like <code>1024 &lt;=
484 tcp.src &lt;= 49151</code>, which is equivalent to <code>1024 &lt;=
485 tcp.src &amp;&amp; tcp.src &lt;= 49151</code>.
486 </p>
487
488 <p>
489 For a one-bit field or predicate, a mention of its name is equivalent
490 to <code><var>symobl</var> == 1</code>, e.g. <code>vlan.present</code>
491 is equivalent to <code>vlan.present == 1</code>. The same is true for
492 one-bit subfields, e.g. <code>vlan.tci[12]</code>. There is no
493 technical limitation to implementing the same for ordinal fields of all
494 widths, but the implementation is expensive enough that the syntax
495 parser requires writing an explicit comparison against zero to make
496 mistakes less likely, e.g. in <code>tcp.src != 0</code> the comparison
497 against 0 is required.
498 </p>
499
500 <p>
501 <em>Operator precedence</em> is as shown below, from highest to lowest.
502 There are two exceptions where parentheses are required even though the
503 table would suggest that they are not: <code>&amp;&amp;</code> and
504 <code>||</code> require parentheses when used together, and
505 <code>!</code> requires parentheses when applied to a relational
506 expression. Thus, in <code>(eth.type == 0x800 || eth.type == 0x86dd)
507 &amp;&amp; ip.proto == 6</code> or <code>!(arp.op == 1)</code>, the
508 parentheses are mandatory.
509 </p>
510
511 <ul>
512 <li><code>()</code></li>
513 <li><code>== != &lt; &lt;= &gt; &gt;=</code></li>
514 <li><code>!</code></li>
515 <li><code>&amp;&amp; ||</code></li>
516 </ul>
517
518 <p>
519 <em>Comments</em> may be introduced by <code>//</code>, which extends
520 to the next new-line. Comments within a line may be bracketed by
521 <code>/*</code> and <code>*/</code>. Multiline comments are not
522 supported.
523 </p>
524
525 <p><em>Symbols</em></p>
526
527 <ul>
528 <li>
529 <code>metadata</code> <code>reg0</code> ... <code>reg7</code>
530 <code>xreg0</code> ... <code>xreg3</code>
531 </li>
532 <li><code>inport</code> <code>outport</code> <code>queue</code></li>
533 <li><code>eth.src</code> <code>eth.dst</code> <code>eth.type</code></li>
534 <li><code>vlan.tci</code> <code>vlan.vid</code> <code>vlan.pcp</code> <code>vlan.present</code></li>
535 <li><code>ip.proto</code> <code>ip.dscp</code> <code>ip.ecn</code> <code>ip.ttl</code> <code>ip.frag</code></li>
536 <li><code>ip4.src</code> <code>ip4.dst</code></li>
537 <li><code>ip6.src</code> <code>ip6.dst</code> <code>ip6.label</code></li>
538 <li><code>arp.op</code> <code>arp.spa</code> <code>arp.tpa</code> <code>arp.sha</code> <code>arp.tha</code></li>
539 <li><code>tcp.src</code> <code>tcp.dst</code> <code>tcp.flags</code></li>
540 <li><code>udp.src</code> <code>udp.dst</code></li>
541 <li><code>sctp.src</code> <code>sctp.dst</code></li>
542 <li><code>icmp4.type</code> <code>icmp4.code</code></li>
543 <li><code>icmp6.type</code> <code>icmp6.code</code></li>
544 <li><code>nd.target</code> <code>nd.sll</code> <code>nd.tll</code></li>
545 </ul>
546
547 </column>
548
549 <column name="actions">
550 <p>
551 Logical datapath actions, to be executed when the logical flow
552 represented by this row is the highest-priority match.
553 </p>
554
555 <p>
556 Actions share lexical syntax with the <ref column="match"/> column. An
557 empty set of actions (or one that contains just white space or
558 comments), or a set of actions that consists of just
559 <code>drop;</code>, causes the matched packets to be dropped.
560 Otherwise, the column should contain a sequence of actions, each
561 terminated by a semicolon.
562 </p>
563
564 <p>
565 The following actions will be initially supported:
566 </p>
567
568 <dl>
569 <dt><code>output;</code></dt>
570 <dd>
571 Outputs the packet to the logical port current designated by
572 <code>outport</code>. Output to the ingress port is implicitly
573 dropped, that is, <code>output</code> becomes a no-op if
574 <code>outport</code> == <code>inport</code>.
575 </dd>
576
577 <dt><code>next;</code></dt>
578 <dd>
579 Executes the next logical datapath table as a subroutine.
580 </dd>
581
582 <dt><code><var>field</var> = <var>constant</var>;</code></dt>
583 <dd>
584 Sets data or metadata field <var>field</var> to constant value
585 <var>constant</var>, e.g. <code>outport = "vif0";</code> to set the
586 logical output port. Assigning to a field with prerequisites
587 implicitly adds those prerequisites to <ref column="match"/>; thus,
588 for example, a flow that sets <code>tcp.dst</code> applies only to
589 TCP flows, regardless of whether its <ref column="match"/> mentions
590 any TCP field. To set only a subset of bits in a field,
591 <var>field</var> may be a subfield or <var>constant</var> may be
592 masked, e.g. <code>vlan.pcp[2] = 1;</code> and <code>vlan.pcp =
593 4/4;</code> both set the most sigificant bit of the VLAN PCP. Not
594 all fields are modifiable (e.g. <code>eth.type</code> and
595 <code>ip.proto</code> are read-only), and not all modifiable fields
596 may be partially modified (e.g. <code>ip.ttl</code> must assigned as
597 a whole).
598 </dd>
599 </dl>
600
601 <p>
602 The following actions will likely be useful later, but they have not
603 been thought out carefully.
604 </p>
605
606 <dl>
607 <dt><code><var>field1</var> = <var>field2</var>;</code></dt>
608 <dd>
609 Extends the assignment action to allow copying between fields.
610 </dd>
611
612 <dt><code>learn</code></dt>
613
614 <dt><code>conntrack</code></dt>
615
616 <dt><code>dec_ttl { <var>action</var>, </code>...<code> } { <var>action</var>; </code>...<code>};</code></dt>
617 <dd>
618 decrement TTL; execute first set of actions if
619 successful, second set if TTL decrement fails
620 </dd>
621
622 <dt><code>icmp_reply { <var>action</var>, </code>...<code> };</code></dt>
623 <dd>generate ICMP reply from packet, execute <var>action</var>s</dd>
624
625 <dt><code>arp { <var>action</var>, </code>...<code> }</code></dt>
626 <dd>generate ARP from packet, execute <var>action</var>s</dd>
627 </dl>
628 </column>
629 </table>
630
631 <table name="Port_Binding" title="Physical-Logical Port Bindings">
632 <p>
633 Each row in this table identifies the physical location of a logical
634 port.
635 </p>
636
637 <p>
638 For every <code>Logical_Port</code> record in <code>OVN_Northbound</code>
639 database, <code>ovn-northd</code> creates a record in this table.
640 <code>ovn-northd</code> populates and maintains every column except
641 the <code>chassis</code> column, which it leaves empty in new records.
642 </p>
643
644 <p>
645 <code>ovn-controller</code> populates the <code>chassis</code> column
646 for the records that identify the logical ports that are located on its
647 hypervisor, which <code>ovn-controller</code> in turn finds out by
648 monitoring the local hypervisor's Open_vSwitch database, which
649 identifies logical ports via the conventions described in
650 <code>IntegrationGuide.md</code>.
651 </p>
652
653 <p>
654 When a chassis shuts down gracefully, it should cleanup the
655 <code>chassis</code> column that it previously had populated.
656 (This is not critical because resources hosted on the chassis are equally
657 unreachable regardless of whether their rows are present.) To handle the
658 case where a VM is shut down abruptly on one chassis, then brought up
659 again on a different one, <code>ovn-controller</code> must overwrite the
660 <code>chassis</code> column with new information.
661 </p>
662
663 <column name="logical_datapath">
664 The logical datapath to which the logical port belongs. A logical
665 datapath implements a logical pipeline via logical flows in the <ref
666 table="Logical_Flow"/> table. (No table represents a logical datapath.)
667 </column>
668
669 <column name="logical_port">
670 A logical port, taken from <ref table="Logical_Port" column="name"
671 db="OVN_Northbound"/> in the OVN_Northbound database's
672 <ref table="Logical_Port" db="OVN_Northbound"/> table. OVN does not
673 prescribe a particular format for the logical port ID.
674 </column>
675
676 <column name="type">
677 <p>
678 A type for this logical port. Logical ports can be used to model
679 other types of connectivity into an OVN logical switch. Leaving this column
680 blank maintains the default logical port behavior.
681 </p>
682
683 <p>
684 There are no other logical port types implemented yet.
685 </p>
686 </column>
687
688 <column name="options">
689 This column provides key/value settings specific to the logical port
690 <ref column="type"/>.
691 </column>
692
693 <column name="tunnel_key">
694 <p>
695 A number that represents the logical port in the key (e.g. VXLAN VNI or
696 STT key) field carried within tunnel protocol packets. (This avoids
697 wasting space for a whole UUID in tunneled packets. It also allows OVN
698 to support encapsulations that cannot fit an entire UUID in their
699 tunnel keys.)
700 </p>
701
702 <p>
703 Tunnel ID 0 is reserved for internal use within OVN.
704 </p>
705 </column>
706
707 <column name="parent_port">
708 For containers created inside a VM, this is taken from
709 <ref table="Logical_Port" column="parent_name" db="OVN_Northbound"/>
710 in the OVN_Northbound database's <ref table="Logical_Port"
711 db="OVN_Northbound"/> table. It is left empty if
712 <ref column="logical_port"/> belongs to a VM or a container created
713 in the hypervisor.
714 </column>
715
716 <column name="tag">
717 When <ref column="logical_port"/> identifies the interface of a container
718 spawned inside a VM, this column identifies the VLAN tag in
719 the network traffic associated with that container's network interface.
720 It is left empty if <ref column="logical_port"/> belongs to a VM or a
721 container created in the hypervisor.
722 </column>
723
724 <column name="chassis">
725 The physical location of the logical port. To successfully identify a
726 chassis, this column must be a <ref table="Chassis"/> record. This is
727 populated by <code>ovn-controller</code>.
728 </column>
729
730 <column name="mac">
731 <p>
732 The Ethernet address or addresses used as a source address on the
733 logical port, each in the form
734 <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>.
735 The string <code>unknown</code> is also allowed to indicate that the
736 logical port has an unknown set of (additional) source addresses.
737 </p>
738
739 <p>
740 A VM interface would ordinarily have a single Ethernet address. A
741 gateway port might initially only have <code>unknown</code>, and then
742 add MAC addresses to the set as it learns new source addresses.
743 </p>
744 </column>
745 </table>
746 </database>
openvswitch mirror