1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <database name=
"ovs-vswitchd.conf.db" title=
"Open vSwitch Configuration Database">
4 A database with this schema holds the configuration for one Open
5 vSwitch daemon. The top-level configuration for the daemon is the
6 <ref table=
"Open_vSwitch"/> table, which must have exactly one
7 record. Records in other tables are significant only when they
8 can be reached directly or indirectly from the
<ref
9 table=
"Open_vSwitch"/> table. Records that are not reachable from
10 the
<ref table=
"Open_vSwitch"/> table are automatically deleted
11 from the database, except for records in a few distinguished
15 <h2>Common Columns
</h2>
18 Most tables contain two special columns, named
<code>other_config
</code>
19 and
<code>external_ids
</code>. These columns have the same form and
20 purpose each place that they appear, so we describe them here to save space
25 <dt><code>other_config
</code>: map of string-string pairs
</dt>
28 Key-value pairs for configuring rarely used features. Supported keys,
29 along with the forms taken by their values, are documented individually
33 A few tables do not have
<code>other_config
</code> columns because no
34 key-value pairs have yet been defined for them.
38 <dt><code>external_ids
</code>: map of string-string pairs
</dt>
40 Key-value pairs for use by external frameworks that integrate with Open
41 vSwitch, rather than by Open vSwitch itself. System integrators should
42 either use the Open vSwitch development mailing list to coordinate on
43 common key-value definitions, or choose key names that are likely to be
44 unique. In some cases, where key-value pairs have been defined that are
45 likely to be widely useful, they are documented individually for each
50 <table name=
"Open_vSwitch" title=
"Open vSwitch configuration.">
51 Configuration for an Open vSwitch daemon. There must be exactly
52 one record in the
<ref table=
"Open_vSwitch"/> table.
54 <group title=
"Configuration">
55 <column name=
"bridges">
56 Set of bridges managed by the daemon.
60 SSL used globally by the daemon.
63 <column name=
"external_ids" key=
"system-id">
64 A unique identifier for the Open vSwitch's physical host.
65 The form of the identifier depends on the type of the host.
66 On a Citrix XenServer, this will likely be the same as
67 <ref column=
"external_ids" key=
"xs-system-uuid"/>.
70 <column name=
"external_ids" key=
"xs-system-uuid">
71 The Citrix XenServer universally unique identifier for the physical
72 host as displayed by
<code>xe host-list
</code>.
75 <column name=
"other_config" key=
"stats-update-interval"
76 type='{
"type":
"integer",
"minInteger":
5000}'
>
78 Interval for updating statistics to the database, in milliseconds.
79 This option will affect the update of the
<code>statistics
</code>
80 column in the following tables:
<code>Port
</code>,
<code>Interface
81 </code>,
<code>Mirror
</code>.
84 Default value is
5000 ms.
87 Getting statistics more frequently can be achieved via OpenFlow.
91 <column name=
"other_config" key=
"flow-restore-wait"
92 type='{
"type":
"boolean"}'
>
94 When
<code>ovs-vswitchd
</code> starts up, it has an empty flow table
95 and therefore it handles all arriving packets in its default fashion
96 according to its configuration, by dropping them or sending them to
97 an OpenFlow controller or switching them as a standalone switch.
98 This behavior is ordinarily desirable. However, if
99 <code>ovs-vswitchd
</code> is restarting as part of a ``hot-upgrade,''
100 then this leads to a relatively long period during which packets are
104 This option allows for improvement. When
<code>ovs-vswitchd
</code>
105 starts with this value set as
<code>true
</code>, it will neither
106 flush or expire previously set datapath flows nor will it send and
107 receive any packets to or from the datapath. When this value is
108 later set to
<code>false
</code>,
<code>ovs-vswitchd
</code> will
109 start receiving packets from the datapath and re-setup the flows.
112 Thus, with this option, the procedure for a hot-upgrade of
113 <code>ovs-vswitchd
</code> becomes roughly the following:
117 Stop
<code>ovs-vswitchd
</code>.
120 Set
<ref column=
"other_config" key=
"flow-restore-wait"/>
121 to
<code>true
</code>.
124 Start
<code>ovs-vswitchd
</code>.
127 Use
<code>ovs-ofctl
</code> (or some other program, such as an
128 OpenFlow controller) to restore the OpenFlow flow table
129 to the desired state.
132 Set
<ref column=
"other_config" key=
"flow-restore-wait"/>
133 to
<code>false
</code> (or remove it entirely from the database).
137 The
<code>ovs-ctl
</code>'s ``restart'' and ``force-reload-kmod''
138 functions use the above config option during hot upgrades.
142 <column name=
"other_config" key=
"flow-limit"
143 type='{
"type":
"integer",
"minInteger":
0}'
>
146 number of flows allowed in the datapath flow table. Internally OVS
147 will choose a flow limit which will likely be lower than this number,
148 based on real time network conditions. Tweaking this value is
149 discouraged unless you know exactly what you're doing.
152 The default is
200000.
156 <column name=
"other_config" key=
"max-idle"
157 type='{
"type":
"integer",
"minInteger":
500}'
>
159 The maximum time (in ms) that idle flows will remain cached in the
160 datapath. Internally OVS will check the validity and activity for
161 datapath flows regularly and may expire flows quicker than this
162 number, based on real time network conditions. Tweaking this
163 value is discouraged unless you know exactly what you're doing.
166 The default is
10000.
170 <column name=
"other_config" key=
"n-dpdk-rxqs"
171 type='{
"type":
"integer",
"minInteger":
1}'
>
173 Specifies the maximum number of rx queues to be created for each dpdk
174 interface. If not specified or specified to
0, one rx queue will
175 be created for each dpdk interface by default.
179 <column name=
"other_config" key=
"pmd-cpu-mask">
181 Specifies CPU mask for setting the cpu affinity of PMD (Poll
182 Mode Driver) threads. Value should be in the form of hex string,
183 similar to the dpdk EAL '-c COREMASK' option input or the 'taskset'
187 The lowest order bit corresponds to the first CPU core. A set bit
188 means the corresponding core is available and a pmd thread will be
189 created and pinned to it. If the input does not cover all cores,
190 those uncovered cores are considered not set.
193 If not specified, one pmd thread will be created for each numa node
194 and pinned to any available core on the numa node by default.
198 <column name=
"other_config" key=
"n-handler-threads"
199 type='{
"type":
"integer",
"minInteger":
1}'
>
201 Specifies the number of threads for software datapaths to use for
202 handling new flows. The default the number of online CPU cores minus
203 the number of revalidators.
206 This configuration is per datapath. If you have more than one
207 software datapath (e.g. some
<code>system
</code> bridges and some
208 <code>netdev
</code> bridges), then the total number of threads is
209 <code>n-handler-threads
</code> times the number of software
214 <column name=
"other_config" key=
"n-revalidator-threads"
215 type='{
"type":
"integer",
"minInteger":
1}'
>
217 Specifies the number of threads for software datapaths to use for
218 revalidating flows in the datapath. Typically, there is a direct
219 correlation between the number of revalidator threads, and the number
220 of flows allowed in the datapath. The default is the number of cpu
221 cores divided by four plus one. If
<code>n-handler-threads
</code> is
222 set, the default changes to the number of cpu cores minus the number
226 This configuration is per datapath. If you have more than one
227 software datapath (e.g. some
<code>system
</code> bridges and some
228 <code>netdev
</code> bridges), then the total number of threads is
229 <code>n-handler-threads
</code> times the number of software
235 <group title=
"Status">
236 <column name=
"next_cfg">
237 Sequence number for client to increment. When a client modifies
238 any part of the database configuration and wishes to wait for
239 Open vSwitch to finish applying the changes, it may increment
240 this sequence number.
243 <column name=
"cur_cfg">
244 Sequence number that Open vSwitch sets to the current value of
245 <ref column=
"next_cfg"/> after it finishes applying a set of
246 configuration changes.
249 <group title=
"Statistics">
251 The
<code>statistics
</code> column contains key-value pairs that
252 report statistics about a system running an Open vSwitch. These are
253 updated periodically (currently, every
5 seconds). Key-value pairs
254 that cannot be determined or that do not apply to a platform are
258 <column name=
"other_config" key=
"enable-statistics"
259 type='{
"type":
"boolean"}'
>
260 Statistics are disabled by default to avoid overhead in the common
261 case when statistics gathering is not useful. Set this value to
262 <code>true
</code> to enable populating the
<ref column=
"statistics"/>
263 column or to
<code>false
</code> to explicitly disable it.
266 <column name=
"statistics" key=
"cpu"
267 type='{
"type":
"integer",
"minInteger":
1}'
>
269 Number of CPU processors, threads, or cores currently online and
270 available to the operating system on which Open vSwitch is running,
271 as an integer. This may be less than the number installed, if some
272 are not online or if they are not available to the operating
276 Open vSwitch userspace processes are not multithreaded, but the
277 Linux kernel-based datapath is.
281 <column name=
"statistics" key=
"load_average">
282 A comma-separated list of three floating-point numbers,
283 representing the system load average over the last
1,
5, and
15
284 minutes, respectively.
287 <column name=
"statistics" key=
"memory">
289 A comma-separated list of integers, each of which represents a
290 quantity of memory in kilobytes that describes the operating
291 system on which Open vSwitch is running. In respective order,
296 <li>Total amount of RAM allocated to the OS.
</li>
297 <li>RAM allocated to the OS that is in use.
</li>
298 <li>RAM that can be flushed out to disk or otherwise discarded
299 if that space is needed for another purpose. This number is
300 necessarily less than or equal to the previous value.
</li>
301 <li>Total disk space allocated for swap.
</li>
302 <li>Swap space currently in use.
</li>
306 On Linux, all five values can be determined and are included. On
307 other operating systems, only the first two values can be
308 determined, so the list will only have two values.
312 <column name=
"statistics" key=
"process_NAME">
314 One such key-value pair, with
<code>NAME
</code> replaced by
315 a process name, will exist for each running Open vSwitch
316 daemon process, with
<var>name
</var> replaced by the
317 daemon's name (e.g.
<code>process_ovs-vswitchd
</code>). The
318 value is a comma-separated list of integers. The integers
319 represent the following, with memory measured in kilobytes
320 and durations in milliseconds:
324 <li>The process's virtual memory size.
</li>
325 <li>The process's resident set size.
</li>
326 <li>The amount of user and system CPU time consumed by the
328 <li>The number of times that the process has crashed and been
329 automatically restarted by the monitor.
</li>
330 <li>The duration since the process was started.
</li>
331 <li>The duration for which the process has been running.
</li>
335 The interpretation of some of these values depends on whether the
336 process was started with the
<option>--monitor
</option>. If it
337 was not, then the crash count will always be
0 and the two
338 durations will always be the same. If
<option>--monitor
</option>
339 was given, then the crash count may be positive; if it is, the
340 latter duration is the amount of time since the most recent crash
345 There will be one key-value pair for each file in Open vSwitch's
346 ``run directory'' (usually
<code>/var/run/openvswitch
</code>)
347 whose name ends in
<code>.pid
</code>, whose contents are a
348 process ID, and which is locked by a running process. The
349 <var>name
</var> is taken from the pidfile's name.
353 Currently Open vSwitch is only able to obtain all of the above
354 detail on Linux systems. On other systems, the same key-value
355 pairs will be present but the values will always be the empty
360 <column name=
"statistics" key=
"file_systems">
362 A space-separated list of information on local, writable file
363 systems. Each item in the list describes one file system and
364 consists in turn of a comma-separated list of the following:
368 <li>Mount point, e.g.
<code>/
</code> or
<code>/var/log
</code>.
369 Any spaces or commas in the mount point are replaced by
371 <li>Total size, in kilobytes, as an integer.
</li>
372 <li>Amount of storage in use, in kilobytes, as an integer.
</li>
376 This key-value pair is omitted if there are no local, writable
377 file systems or if Open vSwitch cannot obtain the needed
384 <group title=
"Version Reporting">
386 These columns report the types and versions of the hardware and
387 software running Open vSwitch. We recommend in general that software
388 should test whether specific features are supported instead of relying
389 on version number checks. These values are primarily intended for
390 reporting to human administrators.
393 <column name=
"ovs_version">
394 The Open vSwitch version number, e.g.
<code>1.1.0</code>.
397 <column name=
"db_version">
399 The database schema version number in the form
400 <code><var>major
</var>.
<var>minor
</var>.
<var>tweak
</var></code>,
401 e.g.
<code>1.2.3</code>. Whenever the database schema is changed in
402 a non-backward compatible way (e.g. deleting a column or a table),
403 <var>major
</var> is incremented. When the database schema is changed
404 in a backward compatible way (e.g. adding a new column),
405 <var>minor
</var> is incremented. When the database schema is changed
406 cosmetically (e.g. reindenting its syntax),
<var>tweak
</var> is
411 The schema version is part of the database schema, so it can also be
412 retrieved by fetching the schema using the Open vSwitch database
417 <column name=
"system_type">
419 An identifier for the type of system on top of which Open vSwitch
420 runs, e.g.
<code>XenServer
</code> or
<code>KVM
</code>.
423 System integrators are responsible for choosing and setting an
424 appropriate value for this column.
428 <column name=
"system_version">
430 The version of the system identified by
<ref column=
"system_type"/>,
431 e.g.
<code>5.6.100-
39265p
</code> on XenServer
5.6.100 build
39265.
434 System integrators are responsible for choosing and setting an
435 appropriate value for this column.
441 <group title=
"Capabilities">
443 These columns report capabilities of the Open vSwitch instance.
445 <column name=
"datapath_types">
447 This column reports the different dpifs registered with the system.
448 These are the values that this instance supports in the
<ref
449 column=
"datapath_type" table=
"Bridge"/> column of the
<ref
450 table=
"Bridge"/> table.
453 <column name=
"iface_types">
455 This column reports the different netdevs registered with the system.
456 These are the values that this instance supports in the
<ref
457 column=
"type" table=
"Interface"/> column of the
<ref
458 table=
"Interface"/> table.
463 <group title=
"Database Configuration">
465 These columns primarily configure the Open vSwitch database
466 (
<code>ovsdb-server
</code>), not the Open vSwitch switch
467 (
<code>ovs-vswitchd
</code>). The OVSDB database also uses the
<ref
468 column=
"ssl"/> settings.
472 The Open vSwitch switch does read the database configuration to
473 determine remote IP addresses to which in-band control should apply.
476 <column name=
"manager_options">
477 Database clients to which the Open vSwitch database server should
478 connect or to which it should listen, along with options for how these
479 connection should be configured. See the
<ref table=
"Manager"/> table
480 for more information.
484 <group title=
"Common Columns">
485 The overall purpose of these columns is described under
<code>Common
486 Columns
</code> at the beginning of this document.
488 <column name=
"other_config"/>
489 <column name=
"external_ids"/>
493 <table name=
"Bridge">
495 Configuration for a bridge within an
496 <ref table=
"Open_vSwitch"/>.
499 A
<ref table=
"Bridge"/> record represents an Ethernet switch with one or
500 more ``ports,'' which are the
<ref table=
"Port"/> records pointed to by
501 the
<ref table=
"Bridge"/>'s
<ref column=
"ports"/> column.
504 <group title=
"Core Features">
507 Bridge identifier. Should be alphanumeric and no more than about
8
508 bytes long. Must be unique among the names of ports, interfaces, and
513 Forward and backward slashes are prohibited in bridge names.
517 <column name=
"ports">
518 Ports included in the bridge.
521 <column name=
"mirrors">
522 Port mirroring configuration.
525 <column name=
"netflow">
526 NetFlow configuration.
529 <column name=
"sflow">
530 sFlow(R) configuration.
533 <column name=
"ipfix">
537 <column name=
"flood_vlans">
539 VLAN IDs of VLANs on which MAC address learning should be disabled,
540 so that packets are flooded instead of being sent to specific ports
541 that are believed to contain packets' destination MACs. This should
542 ordinarily be used to disable MAC learning on VLANs used for
543 mirroring (RSPAN VLANs). It may also be useful for debugging.
546 SLB bonding (see the
<ref table=
"Port" column=
"bond_mode"/> column in
547 the
<ref table=
"Port"/> table) is incompatible with
548 <code>flood_vlans
</code>. Consider using another bonding mode or
549 a different type of mirror instead.
553 <column name=
"auto_attach">
554 Auto Attach configuration.
558 <group title=
"OpenFlow Configuration">
559 <column name=
"controller">
561 OpenFlow controller set. If unset, then no OpenFlow controllers
566 If there are primary controllers, removing all of them clears the
567 flow table. If there are no primary controllers, adding one also
568 clears the flow table. Other changes to the set of controllers, such
569 as adding or removing a service controller, adding another primary
570 controller to supplement an existing primary controller, or removing
571 only one of two primary controllers, have no effect on the flow
576 <column name=
"flow_tables">
577 Configuration for OpenFlow tables. Each pair maps from an OpenFlow
578 table ID to configuration for that table.
581 <column name=
"fail_mode">
582 <p>When a controller is configured, it is, ordinarily, responsible
583 for setting up all flows on the switch. Thus, if the connection to
584 the controller fails, no new network connections can be set up.
585 If the connection to the controller stays down long enough,
586 no packets can pass through the switch at all. This setting
587 determines the switch's response to such a situation. It may be set
588 to one of the following:
590 <dt><code>standalone
</code></dt>
591 <dd>If no message is received from the controller for three
592 times the inactivity probe interval
593 (see
<ref column=
"inactivity_probe"/>), then Open vSwitch
594 will take over responsibility for setting up flows. In
595 this mode, Open vSwitch causes the bridge to act like an
596 ordinary MAC-learning switch. Open vSwitch will continue
597 to retry connecting to the controller in the background
598 and, when the connection succeeds, it will discontinue its
599 standalone behavior.
</dd>
600 <dt><code>secure
</code></dt>
601 <dd>Open vSwitch will not set up flows on its own when the
602 controller connection fails or when no controllers are
603 defined. The bridge will continue to retry connecting to
604 any defined controllers forever.
</dd>
608 The default is
<code>standalone
</code> if the value is unset, but
609 future versions of Open vSwitch may change the default.
612 The
<code>standalone
</code> mode can create forwarding loops on a
613 bridge that has more than one uplink port unless STP is enabled. To
614 avoid loops on such a bridge, configure
<code>secure
</code> mode or
615 enable STP (see
<ref column=
"stp_enable"/>).
617 <p>When more than one controller is configured,
618 <ref column=
"fail_mode"/> is considered only when none of the
619 configured controllers can be contacted.
</p>
621 Changing
<ref column=
"fail_mode"/> when no primary controllers are
622 configured clears the flow table.
626 <column name=
"datapath_id">
627 Reports the OpenFlow datapath ID in use. Exactly
16 hex digits.
628 (Setting this column has no useful effect. Set
<ref
629 column=
"other-config" key=
"datapath-id"/> instead.)
632 <column name=
"datapath_version">
634 Reports the version number of the Open vSwitch datapath in use.
635 This allows management software to detect and report discrepancies
636 between Open vSwitch userspace and datapath versions. (The
<ref
637 column=
"ovs_version" table=
"Open_vSwitch"/> column in the
<ref
638 table=
"Open_vSwitch"/> reports the Open vSwitch userspace version.)
639 The version reported depends on the datapath in use:
644 When the kernel module included in the Open vSwitch source tree is
645 used, this column reports the Open vSwitch version from which the
650 When the kernel module that is part of the upstream Linux kernel is
651 used, this column reports
<code><unknown
></code>.
655 When the datapath is built into the
<code>ovs-vswitchd
</code>
656 binary, this column reports
<code><built-in
></code>. A
657 built-in datapath is by definition the same version as the rest of
658 the Open VSwitch userspace.
662 Other datapaths (such as the Hyper-V kernel datapath) currently
663 report
<code><unknown
></code>.
668 A version discrepancy between
<code>ovs-vswitchd
</code> and the
669 datapath in use is not normally cause for alarm. The Open vSwitch
670 kernel datapaths for Linux and Hyper-V, in particular, are designed
671 for maximum inter-version compatibility: any userspace version works
672 with with any kernel version. Some reasons do exist to insist on
673 particular user/kernel pairings. First, newer kernel versions add
674 new features, that can only be used by new-enough userspace, e.g.
675 VXLAN tunneling requires certain minimal userspace and kernel
676 versions. Second, as an extension to the first reason, some newer
677 kernel versions add new features for enhancing performance that only
678 new-enough userspace versions can take advantage of.
682 <column name=
"other_config" key=
"datapath-id">
683 Exactly
16 hex digits to set the OpenFlow datapath ID to a specific
684 value. May not be all-zero.
687 <column name=
"other_config" key=
"dp-desc">
688 Human readable description of datapath. It it a maximum
256
689 byte-long free-form string to describe the datapath for
690 debugging purposes, e.g.
<code>switch3 in room
3120</code>.
693 <column name=
"other_config" key=
"disable-in-band"
694 type='{
"type":
"boolean"}'
>
695 If set to
<code>true
</code>, disable in-band control on the bridge
696 regardless of controller and manager settings.
699 <column name=
"other_config" key=
"in-band-queue"
700 type='{
"type":
"integer",
"minInteger":
0,
"maxInteger":
4294967295}'
>
701 A queue ID as a nonnegative integer. This sets the OpenFlow queue ID
702 that will be used by flows set up by in-band control on this bridge.
703 If unset, or if the port used by an in-band control flow does not have
704 QoS configured, or if the port does not have a queue with the specified
705 ID, the default queue is used instead.
708 <column name=
"protocols">
710 List of OpenFlow protocols that may be used when negotiating
711 a connection with a controller. OpenFlow
1.0,
1.1,
1.2, and
712 1.3 are enabled by default if this column is empty.
716 OpenFlow
1.4 is not enabled by default because its implementation is
721 OpenFlow
1.5 has the same risks as OpenFlow
1.4, but it is even more
722 experimental because the OpenFlow
1.5 specification is still under
723 development and thus subject to change. Pass
724 <code>--enable-of15
</code> to
<code>ovs-vswitchd
</code> to allow
725 OpenFlow
1.5 to be enabled.
730 <group title=
"Spanning Tree Configuration">
732 The IEEE
802.1D Spanning Tree Protocol (STP) is a network protocol
733 that ensures loop-free topologies. It allows redundant links to
734 be included in the network to provide automatic backup paths if
735 the active links fails.
739 These settings configure the slower-to-converge but still widely
740 supported version of Spanning Tree Protocol, sometimes known as
741 802.1D-
1998. Open vSwitch also supports the newer Rapid Spanning Tree
742 Protocol (RSTP), documented later in the section titled
<code>Rapid
743 Spanning Tree Configuration
</code>.
746 <group title=
"STP Configuration">
747 <column name=
"stp_enable" type='{
"type":
"boolean"}'
>
749 Enable spanning tree on the bridge. By default, STP is disabled
750 on bridges. Bond, internal, and mirror ports are not supported
751 and will not participate in the spanning tree.
755 STP and RSTP are mutually exclusive. If both are enabled, RSTP
760 <column name=
"other_config" key=
"stp-system-id">
761 The bridge's STP identifier (the lower
48 bits of the bridge-id)
763 <var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>.
764 By default, the identifier is the MAC address of the bridge.
767 <column name=
"other_config" key=
"stp-priority"
768 type='{
"type":
"integer",
"minInteger":
0,
"maxInteger":
65535}'
>
769 The bridge's relative priority value for determining the root
770 bridge (the upper
16 bits of the bridge-id). A bridge with the
771 lowest bridge-id is elected the root. By default, the priority
775 <column name=
"other_config" key=
"stp-hello-time"
776 type='{
"type":
"integer",
"minInteger":
1,
"maxInteger":
10}'
>
777 The interval between transmissions of hello messages by
778 designated ports, in seconds. By default the hello interval is
782 <column name=
"other_config" key=
"stp-max-age"
783 type='{
"type":
"integer",
"minInteger":
6,
"maxInteger":
40}'
>
784 The maximum age of the information transmitted by the bridge
785 when it is the root bridge, in seconds. By default, the maximum
789 <column name=
"other_config" key=
"stp-forward-delay"
790 type='{
"type":
"integer",
"minInteger":
4,
"maxInteger":
30}'
>
791 The delay to wait between transitioning root and designated
792 ports to
<code>forwarding
</code>, in seconds. By default, the
793 forwarding delay is
15 seconds.
796 <column name=
"other_config" key=
"mcast-snooping-aging-time"
797 type='{
"type":
"integer",
"minInteger":
1}'
>
799 The maximum number of seconds to retain a multicast snooping entry for
800 which no packets have been seen. The default is currently
300
801 seconds (
5 minutes). The value, if specified, is forced into a
802 reasonable range, currently
15 to
3600 seconds.
806 <column name=
"other_config" key=
"mcast-snooping-table-size"
807 type='{
"type":
"integer",
"minInteger":
1}'
>
809 The maximum number of multicast snooping addresses to learn. The
810 default is currently
2048. The value, if specified, is forced into
811 a reasonable range, currently
10 to
1,
000,
000.
814 <column name=
"other_config" key=
"mcast-snooping-disable-flood-unregistered"
815 type='{
"type":
"boolean"}'
>
817 If set to
<code>false
</code>, unregistered multicast packets are forwarded
819 If set to
<code>true
</code>, unregistered multicast packets are forwarded
820 to ports connected to multicast routers.
825 <group title=
"STP Status">
827 These key-value pairs report the status of
802.1D-
1998. They are
828 present only if STP is enabled (via the
<ref column=
"stp_enable"/>
831 <column name=
"status" key=
"stp_bridge_id">
832 The bridge ID used in spanning tree advertisements, in the form
833 <var>xxxx
</var>.
<var>yyyyyyyyyyyy
</var> where the
<var>x
</var>s are
834 the STP priority, the
<var>y
</var>s are the STP system ID, and each
835 <var>x
</var> and
<var>y
</var> is a hex digit.
837 <column name=
"status" key=
"stp_designated_root">
838 The designated root for this spanning tree, in the same form as
<ref
839 column=
"status" key=
"stp_bridge_id"/>. If this bridge is the root,
840 this will have the same value as
<ref column=
"status"
841 key=
"stp_bridge_id"/>, otherwise it will differ.
843 <column name=
"status" key=
"stp_root_path_cost">
844 The path cost of reaching the designated bridge. A lower number is
845 better. The value is
0 if this bridge is the root, otherwise it is
851 <group title=
"Rapid Spanning Tree">
853 Rapid Spanning Tree Protocol (RSTP), like STP, is a network protocol
854 that ensures loop-free topologies. RSTP superseded STP with the
855 publication of
802.1D-
2004. Compared to STP, RSTP converges more
856 quickly and recovers more quickly from failures.
859 <group title=
"RSTP Configuration">
860 <column name=
"rstp_enable" type='{
"type":
"boolean"}'
>
862 Enable Rapid Spanning Tree on the bridge. By default, RSTP is disabled
863 on bridges. Bond, internal, and mirror ports are not supported
864 and will not participate in the spanning tree.
868 STP and RSTP are mutually exclusive. If both are enabled, RSTP
873 <column name=
"other_config" key=
"rstp-address">
874 The bridge's RSTP address (the lower
48 bits of the bridge-id)
876 <var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>.
877 By default, the address is the MAC address of the bridge.
880 <column name=
"other_config" key=
"rstp-priority"
881 type='{
"type":
"integer",
"minInteger":
0,
"maxInteger":
61440}'
>
882 The bridge's relative priority value for determining the root
883 bridge (the upper
16 bits of the bridge-id). A bridge with the
884 lowest bridge-id is elected the root. By default, the priority
885 is
0x8000 (
32768). This value needs to be a multiple of
4096,
886 otherwise it's rounded to the nearest inferior one.
889 <column name=
"other_config" key=
"rstp-ageing-time"
890 type='{
"type":
"integer",
"minInteger":
10,
"maxInteger":
1000000}'
>
891 The Ageing Time parameter for the Bridge. The default value
895 <column name=
"other_config" key=
"rstp-force-protocol-version"
896 type='{
"type":
"integer"}'
>
897 The Force Protocol Version parameter for the Bridge. This
898 can take the value
0 (STP Compatibility mode) or
2
899 (the default, normal operation).
902 <column name=
"other_config" key=
"rstp-max-age"
903 type='{
"type":
"integer",
"minInteger":
6,
"maxInteger":
40}'
>
904 The maximum age of the information transmitted by the Bridge
905 when it is the Root Bridge. The default value is
20.
908 <column name=
"other_config" key=
"rstp-forward-delay"
909 type='{
"type":
"integer",
"minInteger":
4,
"maxInteger":
30}'
>
910 The delay used by STP Bridges to transition Root and Designated
911 Ports to Forwarding. The default value is
15.
914 <column name=
"other_config" key=
"rstp-transmit-hold-count"
915 type='{
"type":
"integer",
"minInteger":
1,
"maxInteger":
10}'
>
916 The Transmit Hold Count used by the Port Transmit state machine
917 to limit transmission rate. The default value is
6.
921 <group title=
"RSTP Status">
923 These key-value pairs report the status of
802.1D-
2004. They are
924 present only if RSTP is enabled (via the
<ref column=
"rstp_enable"/>
927 <column name=
"rstp_status" key=
"rstp_bridge_id">
928 The bridge ID used in rapid spanning tree advertisements, in the form
929 <var>x
</var>.
<var>yyy
</var>.
<var>zzzzzzzzzzzz
</var> where
930 <var>x
</var> is the RSTP priority, the
<var>y
</var>s are a locally
931 assigned system ID extension, the
<var>z
</var>s are the STP system
932 ID, and each
<var>x
</var>,
<var>y
</var>, or
<var>z
</var> is a hex
935 <column name=
"rstp_status" key=
"rstp_root_id">
936 The root of this spanning tree, in the same form as
<ref
937 column=
"rstp_status" key=
"rstp_bridge_id"/>. If this bridge is the
938 root, this will have the same value as
<ref column=
"rstp_status"
939 key=
"rstp_bridge_id"/>, otherwise it will differ.
941 <column name=
"rstp_status" key=
"rstp_root_path_cost"
942 type='{
"type":
"integer",
"minInteger":
0}'
>
943 The path cost of reaching the root. A lower number is better. The
944 value is
0 if this bridge is the root, otherwise it is higher.
946 <column name=
"rstp_status" key=
"rstp_designated_id">
947 The RSTP designated ID, in the same form as
<ref column=
"rstp_status"
948 key=
"rstp_bridge_id"/>.
950 <column name=
"rstp_status" key=
"rstp_designated_port_id">
951 The RSTP designated port ID, as a
4-digit hex number.
953 <column name=
"rstp_status" key=
"rstp_bridge_port_id">
954 The RSTP bridge port ID, as a
4-digit hex number.
959 <group title=
"Multicast Snooping Configuration">
960 Multicast snooping (RFC
4541) monitors the Internet Group Management
961 Protocol (IGMP) and Multicast Listener Discovery traffic between hosts
962 and multicast routers. The switch uses what IGMP and MLD snooping
963 learns to forward multicast traffic only to interfaces that are connected
964 to interested receivers. Currently it supports IGMPv1, IGMPv2, IGMPv3,
965 MLDv1 and MLDv2 protocols.
967 <column name=
"mcast_snooping_enable">
968 Enable multicast snooping on the bridge. For now, the default
973 <group title=
"Other Features">
974 <column name=
"datapath_type">
975 Name of datapath provider. The kernel datapath has type
976 <code>system
</code>. The userspace datapath has type
977 <code>netdev
</code>. A manager may refer to the
<ref
978 table=
"Open_vSwitch" column=
"datapath_types"/> column of the
<ref
979 table=
"Open_vSwitch"/> table for a list of the types accepted by this
980 Open vSwitch instance.
983 <column name=
"external_ids" key=
"bridge-id">
984 A unique identifier of the bridge. On Citrix XenServer this will
985 commonly be the same as
986 <ref column=
"external_ids" key=
"xs-network-uuids"/>.
989 <column name=
"external_ids" key=
"xs-network-uuids">
990 Semicolon-delimited set of universally unique identifier(s) for the
991 network with which this bridge is associated on a Citrix XenServer
992 host. The network identifiers are RFC
4122 UUIDs as displayed by,
993 e.g.,
<code>xe network-list
</code>.
996 <column name=
"other_config" key=
"hwaddr">
997 An Ethernet address in the form
998 <var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>
999 to set the hardware address of the local port and influence the
1003 <column name=
"other_config" key=
"forward-bpdu"
1004 type='{
"type":
"boolean"}'
>
1007 Controls forwarding of BPDUs and other network control frames when
1008 NORMAL action is invoked. When this option is
<code>false
</code> or
1009 unset, frames with reserved Ethernet addresses (see table below) will
1010 not be forwarded. When this option is
<code>true
</code>, such frames
1011 will not be treated specially.
1015 The above general rule has the following exceptions:
1020 If STP is enabled on the bridge (see the
<ref column=
"stp_enable"
1021 table=
"Bridge"/> column in the
<ref table=
"Bridge"/> table), the
1022 bridge processes all received STP packets and never passes them to
1023 OpenFlow or forwards them. This is true even if STP is disabled on
1028 If LLDP is enabled on an interface (see the
<ref column=
"lldp"
1029 table=
"Interface"/> column in the
<ref table=
"Interface"/> table),
1030 the interface processes received LLDP packets and never passes them
1031 to OpenFlow or forwards them.
1036 Set this option to
<code>true
</code> if the Open vSwitch bridge
1037 connects different Ethernet networks and is not configured to
1042 This option affects packets with the following destination MAC
1047 <dt><code>01:
80:c2:
00:
00:
00</code></dt>
1048 <dd>IEEE
802.1D Spanning Tree Protocol (STP).
</dd>
1050 <dt><code>01:
80:c2:
00:
00:
01</code></dt>
1051 <dd>IEEE Pause frame.
</dd>
1053 <dt><code>01:
80:c2:
00:
00:
0<var>x
</var></code></dt>
1054 <dd>Other reserved protocols.
</dd>
1056 <dt><code>00:e0:
2b:
00:
00:
00</code></dt>
1057 <dd>Extreme Discovery Protocol (EDP).
</dd>
1060 <code>00:e0:
2b:
00:
00:
04</code> and
<code>00:e0:
2b:
00:
00:
06</code>
1062 <dd>Ethernet Automatic Protection Switching (EAPS).
</dd>
1064 <dt><code>01:
00:
0c:cc:cc:cc
</code></dt>
1066 Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP),
1067 Dynamic Trunking Protocol (DTP), Port Aggregation Protocol (PAgP),
1071 <dt><code>01:
00:
0c:cc:cc:cd
</code></dt>
1072 <dd>Cisco Shared Spanning Tree Protocol PVSTP+.
</dd>
1074 <dt><code>01:
00:
0c:cd:cd:cd
</code></dt>
1075 <dd>Cisco STP Uplink Fast.
</dd>
1077 <dt><code>01:
00:
0c:
00:
00:
00</code></dt>
1078 <dd>Cisco Inter Switch Link.
</dd>
1080 <dt><code>01:
00:
0c:cc:cc:c
<var>x
</var></code></dt>
1085 <column name=
"other_config" key=
"mac-aging-time"
1086 type='{
"type":
"integer",
"minInteger":
1}'
>
1088 The maximum number of seconds to retain a MAC learning entry for
1089 which no packets have been seen. The default is currently
300
1090 seconds (
5 minutes). The value, if specified, is forced into a
1091 reasonable range, currently
15 to
3600 seconds.
1095 A short MAC aging time allows a network to more quickly detect that a
1096 host is no longer connected to a switch port. However, it also makes
1097 it more likely that packets will be flooded unnecessarily, when they
1098 are addressed to a connected host that rarely transmits packets. To
1099 reduce the incidence of unnecessary flooding, use a MAC aging time
1100 longer than the maximum interval at which a host will ordinarily
1105 <column name=
"other_config" key=
"mac-table-size"
1106 type='{
"type":
"integer",
"minInteger":
1}'
>
1108 The maximum number of MAC addresses to learn. The default is
1109 currently
2048. The value, if specified, is forced into a reasonable
1110 range, currently
10 to
1,
000,
000.
1115 <group title=
"Common Columns">
1116 The overall purpose of these columns is described under
<code>Common
1117 Columns
</code> at the beginning of this document.
1119 <column name=
"other_config"/>
1120 <column name=
"external_ids"/>
1124 <table name=
"Port" table=
"Port or bond configuration.">
1125 <p>A port within a
<ref table=
"Bridge"/>.
</p>
1126 <p>Most commonly, a port has exactly one ``interface,'' pointed to by its
1127 <ref column=
"interfaces"/> column. Such a port logically
1128 corresponds to a port on a physical Ethernet switch. A port
1129 with more than one interface is a ``bonded port'' (see
1130 <ref group=
"Bonding Configuration"/>).
</p>
1131 <p>Some properties that one might think as belonging to a port are actually
1132 part of the port's
<ref table=
"Interface"/> members.
</p>
1134 <column name=
"name">
1135 Port name. Should be alphanumeric and no more than about
8
1136 bytes long. May be the same as the interface name, for
1137 non-bonded ports. Must otherwise be unique among the names of
1138 ports, interfaces, and bridges on a host.
1141 <column name=
"interfaces">
1142 The port's interfaces. If there is more than one, this is a
1146 <group title=
"VLAN Configuration">
1147 <p>Bridge ports support the following types of VLAN configuration:
</p>
1152 A trunk port carries packets on one or more specified VLANs
1153 specified in the
<ref column=
"trunks"/> column (often, on every
1154 VLAN). A packet that ingresses on a trunk port is in the VLAN
1155 specified in its
802.1Q header, or VLAN
0 if the packet has no
1156 802.1Q header. A packet that egresses through a trunk port will
1157 have an
802.1Q header if it has a nonzero VLAN ID.
1161 Any packet that ingresses on a trunk port tagged with a VLAN that
1162 the port does not trunk is dropped.
1169 An access port carries packets on exactly one VLAN specified in the
1170 <ref column=
"tag"/> column. Packets egressing on an access port
1171 have no
802.1Q header.
1175 Any packet with an
802.1Q header with a nonzero VLAN ID that
1176 ingresses on an access port is dropped, regardless of whether the
1177 VLAN ID in the header is the access port's VLAN ID.
1181 <dt>native-tagged
</dt>
1183 A native-tagged port resembles a trunk port, with the exception that
1184 a packet without an
802.1Q header that ingresses on a native-tagged
1185 port is in the ``native VLAN'' (specified in the
<ref column=
"tag"/>
1189 <dt>native-untagged
</dt>
1191 A native-untagged port resembles a native-tagged port, with the
1192 exception that a packet that egresses on a native-untagged port in
1193 the native VLAN will not have an
802.1Q header.
1197 A packet will only egress through bridge ports that carry the VLAN of
1198 the packet, as described by the rules above.
1201 <column name=
"vlan_mode">
1203 The VLAN mode of the port, as described above. When this column is
1204 empty, a default mode is selected as follows:
1208 If
<ref column=
"tag"/> contains a value, the port is an access
1209 port. The
<ref column=
"trunks"/> column should be empty.
1212 Otherwise, the port is a trunk port. The
<ref column=
"trunks"/>
1213 column value is honored if it is present.
1220 For an access port, the port's implicitly tagged VLAN. For a
1221 native-tagged or native-untagged port, the port's native VLAN. Must
1222 be empty if this is a trunk port.
1226 <column name=
"trunks">
1228 For a trunk, native-tagged, or native-untagged port, the
802.1Q VLAN
1229 or VLANs that this port trunks; if it is empty, then the port trunks
1230 all VLANs. Must be empty if this is an access port.
1233 A native-tagged or native-untagged port always trunks its native
1234 VLAN, regardless of whether
<ref column=
"trunks"/> includes that
1239 <column name=
"other_config" key=
"priority-tags"
1240 type='{
"type":
"boolean"}'
>
1242 An
802.1Q header contains two important pieces of information: a VLAN
1243 ID and a priority. A frame with a zero VLAN ID, called a
1244 ``priority-tagged'' frame, is supposed to be treated the same way as
1245 a frame without an
802.1Q header at all (except for the priority).
1249 However, some network elements ignore any frame that has
802.1Q
1250 header at all, even when the VLAN ID is zero. Therefore, by default
1251 Open vSwitch does not output priority-tagged frames, instead omitting
1252 the
802.1Q header entirely if the VLAN ID is zero. Set this key to
1253 <code>true
</code> to enable priority-tagged frames on a port.
1257 Regardless of this setting, Open vSwitch omits the
802.1Q header on
1258 output if both the VLAN ID and priority would be zero.
1262 All frames output to native-tagged ports have a nonzero VLAN ID, so
1263 this setting is not meaningful on native-tagged ports.
1268 <group title=
"Bonding Configuration">
1269 <p>A port that has more than one interface is a ``bonded port.'' Bonding
1270 allows for load balancing and fail-over.
</p>
1273 The following types of bonding will work with any kind of upstream
1274 switch. On the upstream switch, do not configure the interfaces as a
1279 <dt><code>balance-slb
</code></dt>
1281 Balances flows among slaves based on source MAC address and output
1282 VLAN, with periodic rebalancing as traffic patterns change.
1285 <dt><code>active-backup
</code></dt>
1287 Assigns all flows to one slave, failing over to a backup slave when
1288 the active slave is disabled. This is the only bonding mode in which
1289 interfaces may be plugged into different upstream switches.
1294 The following modes require the upstream switch to support
802.3ad with
1295 successful LACP negotiation. If LACP negotiation fails and
1296 other-config:lacp-fallback-ab is true, then
<code>active-backup
</code>
1301 <dt><code>balance-tcp
</code></dt>
1303 Balances flows among slaves based on L2, L3, and L4 protocol
1304 information such as destination MAC address, IP address, and TCP
1309 <p>These columns apply only to bonded ports. Their values are
1310 otherwise ignored.
</p>
1312 <column name=
"bond_mode">
1313 <p>The type of bonding used for a bonded port. Defaults to
1314 <code>active-backup
</code> if unset.
1318 <column name=
"other_config" key=
"bond-hash-basis"
1319 type='{
"type":
"integer"}'
>
1320 An integer hashed along with flows when choosing output slaves in load
1321 balanced bonds. When changed, all flows will be assigned different
1322 hash values possibly causing slave selection decisions to change. Does
1323 not affect bonding modes which do not employ load balancing such as
1324 <code>active-backup
</code>.
1327 <group title=
"Link Failure Detection">
1329 An important part of link bonding is detecting that links are down so
1330 that they may be disabled. These settings determine how Open vSwitch
1331 detects link failure.
1334 <column name=
"other_config" key=
"bond-detect-mode"
1335 type='{
"type":
"string",
"enum": [
"set", [
"carrier",
"miimon"]]}'
>
1336 The means used to detect link failures. Defaults to
1337 <code>carrier
</code> which uses each interface's carrier to detect
1338 failures. When set to
<code>miimon
</code>, will check for failures
1339 by polling each interface's MII.
1342 <column name=
"other_config" key=
"bond-miimon-interval"
1343 type='{
"type":
"integer"}'
>
1344 The interval, in milliseconds, between successive attempts to poll
1345 each interface's MII. Relevant only when
<ref column=
"other_config"
1346 key=
"bond-detect-mode"/> is
<code>miimon
</code>.
1349 <column name=
"bond_updelay">
1351 The number of milliseconds for which the link must stay up on an
1352 interface before the interface is considered to be up. Specify
1353 <code>0</code> to enable the interface immediately.
1357 This setting is honored only when at least one bonded interface is
1358 already enabled. When no interfaces are enabled, then the first
1359 bond interface to come up is enabled immediately.
1363 <column name=
"bond_downdelay">
1364 The number of milliseconds for which the link must stay down on an
1365 interface before the interface is considered to be down. Specify
1366 <code>0</code> to disable the interface immediately.
1370 <group title=
"LACP Configuration">
1372 LACP, the Link Aggregation Control Protocol, is an IEEE standard that
1373 allows switches to automatically detect that they are connected by
1374 multiple links and aggregate across those links. These settings
1375 control LACP behavior.
1378 <column name=
"lacp">
1379 Configures LACP on this port. LACP allows directly connected
1380 switches to negotiate which links may be bonded. LACP may be enabled
1381 on non-bonded ports for the benefit of any switches they may be
1382 connected to.
<code>active
</code> ports are allowed to initiate LACP
1383 negotiations.
<code>passive
</code> ports are allowed to participate
1384 in LACP negotiations initiated by a remote switch, but not allowed to
1385 initiate such negotiations themselves. If LACP is enabled on a port
1386 whose partner switch does not support LACP, the bond will be
1387 disabled, unless other-config:lacp-fallback-ab is set to true.
1388 Defaults to
<code>off
</code> if unset.
1391 <column name=
"other_config" key=
"lacp-system-id">
1392 The LACP system ID of this
<ref table=
"Port"/>. The system ID of a
1393 LACP bond is used to identify itself to its partners. Must be a
1394 nonzero MAC address. Defaults to the bridge Ethernet address if
1398 <column name=
"other_config" key=
"lacp-system-priority"
1399 type='{
"type":
"integer",
"minInteger":
1,
"maxInteger":
65535}'
>
1400 The LACP system priority of this
<ref table=
"Port"/>. In LACP
1401 negotiations, link status decisions are made by the system with the
1402 numerically lower priority.
1405 <column name=
"other_config" key=
"lacp-time"
1406 type='{
"type":
"string",
"enum": [
"set", [
"fast",
"slow"]]}'
>
1408 The LACP timing which should be used on this
<ref table=
"Port"/>.
1409 By default
<code>slow
</code> is used. When configured to be
1410 <code>fast
</code> LACP heartbeats are requested at a rate of once
1411 per second causing connectivity problems to be detected more
1412 quickly. In
<code>slow
</code> mode, heartbeats are requested at a
1413 rate of once every
30 seconds.
1417 <column name=
"other_config" key=
"lacp-fallback-ab"
1418 type='{
"type":
"boolean"}'
>
1420 Determines the behavior of openvswitch bond in LACP mode. If
1421 the partner switch does not support LACP, setting this option
1422 to
<code>true
</code> allows openvswitch to fallback to
1423 active-backup. If the option is set to
<code>false
</code>, the
1424 bond will be disabled. In both the cases, once the partner switch
1425 is configured to LACP mode, the bond will use LACP.
1430 <group title=
"Rebalancing Configuration">
1432 These settings control behavior when a bond is in
1433 <code>balance-slb
</code> or
<code>balance-tcp
</code> mode.
1436 <column name=
"other_config" key=
"bond-rebalance-interval"
1437 type='{
"type":
"integer",
"minInteger":
0,
"maxInteger":
10000}'
>
1438 For a load balanced bonded port, the number of milliseconds between
1439 successive attempts to rebalance the bond, that is, to move flows
1440 from one interface on the bond to another in an attempt to keep usage
1441 of each interface roughly equal. If zero, load balancing is disabled
1442 on the bond (link failure still cause flows to move). If
1443 less than
1000ms, the rebalance interval will be
1000ms.
1447 <column name=
"bond_fake_iface">
1448 For a bonded port, whether to create a fake internal interface with the
1449 name of the port. Use only for compatibility with legacy software that
1454 <group title=
"Spanning Tree Protocol">
1456 The configuration here is only meaningful, and the status is only
1457 populated, when
802.1D-
1998 Spanning Tree Protocol is enabled on the
1458 port's
<ref column=
"Bridge"/> with its
<ref column=
"stp_enable"/>
1462 <group title=
"STP Configuration">
1463 <column name=
"other_config" key=
"stp-enable"
1464 type='{
"type":
"boolean"}'
>
1465 When STP is enabled on a bridge, it is enabled by default on all of
1466 the bridge's ports except bond, internal, and mirror ports (which do
1467 not work with STP). If this column's value is
<code>false
</code>,
1468 STP is disabled on the port.
1471 <column name=
"other_config" key=
"stp-port-num"
1472 type='{
"type":
"integer",
"minInteger":
1,
"maxInteger":
255}'
>
1473 The port number used for the lower
8 bits of the port-id. By
1474 default, the numbers will be assigned automatically. If any
1475 port's number is manually configured on a bridge, then they
1479 <column name=
"other_config" key=
"stp-port-priority"
1480 type='{
"type":
"integer",
"minInteger":
0,
"maxInteger":
255}'
>
1481 The port's relative priority value for determining the root
1482 port (the upper
8 bits of the port-id). A port with a lower
1483 port-id will be chosen as the root port. By default, the
1487 <column name=
"other_config" key=
"stp-path-cost"
1488 type='{
"type":
"integer",
"minInteger":
0,
"maxInteger":
65535}'
>
1489 Spanning tree path cost for the port. A lower number indicates
1490 a faster link. By default, the cost is based on the maximum
1495 <group title=
"STP Status">
1496 <column name=
"status" key=
"stp_port_id">
1497 The port ID used in spanning tree advertisements for this port, as
4
1498 hex digits. Configuring the port ID is described in the
1499 <code>stp-port-num
</code> and
<code>stp-port-priority
</code> keys of
1500 the
<code>other_config
</code> section earlier.
1502 <column name=
"status" key=
"stp_state"
1503 type='{
"type":
"string",
"enum": [
"set",
1504 [
"disabled",
"listening",
"learning",
1505 "forwarding",
"blocking"]]}'
>
1506 STP state of the port.
1508 <column name=
"status" key=
"stp_sec_in_state"
1509 type='{
"type":
"integer",
"minInteger":
0}'
>
1510 The amount of time this port has been in the current STP state, in
1513 <column name=
"status" key=
"stp_role"
1514 type='{
"type":
"string",
"enum": [
"set",
1515 [
"root",
"designated",
"alternate"]]}'
>
1516 STP role of the port.
1521 <group title=
"Rapid Spanning Tree Protocol">
1523 The configuration here is only meaningful, and the status and
1524 statistics are only populated, when
802.1D-
1998 Spanning Tree Protocol
1525 is enabled on the port's
<ref column=
"Bridge"/> with its
<ref
1526 column=
"stp_enable"/> column.
1529 <group title=
"RSTP Configuration">
1530 <column name=
"other_config" key=
"rstp-enable"
1531 type='{
"type":
"boolean"}'
>
1532 When RSTP is enabled on a bridge, it is enabled by default on all of
1533 the bridge's ports except bond, internal, and mirror ports (which do
1534 not work with RSTP). If this column's value is
<code>false
</code>,
1535 RSTP is disabled on the port.
1538 <column name=
"other_config" key=
"rstp-port-priority"
1539 type='{
"type":
"integer",
"minInteger":
0,
"maxInteger":
240}'
>
1540 The port's relative priority value for determining the root port, in
1541 multiples of
16. By default, the port priority is
0x80 (
128). Any
1542 value in the lower
4 bits is rounded off. The significant upper
4
1543 bits become the upper
4 bits of the port-id. A port with the lowest
1544 port-id is elected as the root.
1547 <column name=
"other_config" key=
"rstp-port-num"
1548 type='{
"type":
"integer",
"minInteger":
1,
"maxInteger":
4095}'
>
1549 The local RSTP port number, used as the lower
12 bits of the port-id.
1550 By default the port numbers are assigned automatically, and typically
1551 may not correspond to the OpenFlow port numbers. A port with the
1552 lowest port-id is elected as the root.
1555 <column name=
"other_config" key=
"rstp-port-path-cost"
1556 type='{
"type":
"integer"}'
>
1557 The port path cost. The Port's contribution, when it is
1558 the Root Port, to the Root Path Cost for the Bridge. By default the
1559 cost is automatically calculated from the port's speed.
1562 <column name=
"other_config" key=
"rstp-port-admin-edge"
1563 type='{
"type":
"boolean"}'
>
1564 The admin edge port parameter for the Port. Default is
1568 <column name=
"other_config" key=
"rstp-port-auto-edge"
1569 type='{
"type":
"boolean"}'
>
1570 The auto edge port parameter for the Port. Default is
1574 <column name=
"other_config" key=
"rstp-port-mcheck"
1575 type='{
"type":
"boolean"}'
>
1577 The mcheck port parameter for the Port. Default is
1578 <code>false
</code>. May be set to force the Port Protocol
1579 Migration state machine to transmit RST BPDUs for a
1580 MigrateTime period, to test whether all STP Bridges on the
1581 attached LAN have been removed and the Port can continue to
1582 transmit RSTP BPDUs. Setting mcheck has no effect if the
1583 Bridge is operating in STP Compatibility mode.
1586 Changing the value from
<code>true
</code> to
1587 <code>false
</code> has no effect, but needs to be done if
1588 this behavior is to be triggered again by subsequently
1589 changing the value from
<code>false
</code> to
1595 <group title=
"RSTP Status">
1596 <column name=
"rstp_status" key=
"rstp_port_id">
1597 The port ID used in spanning tree advertisements for this port, as
4
1598 hex digits. Configuring the port ID is described in the
1599 <code>rstp-port-num
</code> and
<code>rstp-port-priority
</code> keys
1600 of the
<code>other_config
</code> section earlier.
1602 <column name=
"rstp_status" key=
"rstp_port_role"
1603 type='{
"type":
"string",
"enum": [
"set",
1604 [
"Root",
"Designated",
"Alternate",
"Backup",
"Disabled"]]}'
>
1605 RSTP role of the port.
1607 <column name=
"rstp_status" key=
"rstp_port_state"
1608 type='{
"type":
"string",
"enum": [
"set",
1609 [
"Disabled",
"Learning",
"Forwarding",
"Discarding"]]}'
>
1610 RSTP state of the port.
1612 <column name=
"rstp_status" key=
"rstp_designated_bridge_id">
1613 The port's RSTP designated bridge ID, in the same form as
<ref
1614 column=
"rstp_status" key=
"rstp_bridge_id"/> in the
<ref
1615 table=
"Bridge"/> table.
1617 <column name=
"rstp_status" key=
"rstp_designated_port_id">
1618 The port's RSTP designated port ID, as
4 hex digits.
1620 <column name=
"rstp_status" key=
"rstp_designated_path_cost"
1621 type='{
"type":
"integer"}'
>
1622 The port's RSTP designated path cost. Lower is better.
1626 <group title=
"RSTP Statistics">
1627 <column name=
"rstp_statistics" key=
"rstp_tx_count">
1628 Number of RSTP BPDUs transmitted through this port.
1630 <column name=
"rstp_statistics" key=
"rstp_rx_count">
1631 Number of valid RSTP BPDUs received by this port.
1633 <column name=
"rstp_statistics" key=
"rstp_error_count">
1634 Number of invalid RSTP BPDUs received by this port.
1636 <column name=
"rstp_statistics" key=
"rstp_uptime">
1637 The duration covered by the other RSTP statistics, in seconds.
1642 <group title=
"Multicast Snooping">
1643 <column name=
"other_config" key=
"mcast-snooping-flood"
1644 type='{
"type":
"boolean"}'
>
1646 If set to
<code>true
</code>, multicast packets (except Reports) are
1647 unconditionally forwarded to the specific port.
1650 <column name=
"other_config" key=
"mcast-snooping-flood-reports"
1651 type='{
"type":
"boolean"}'
>
1653 If set to
<code>true
</code>, multicast Reports are unconditionally
1654 forwarded to the specific port.
1659 <group title=
"Other Features">
1661 Quality of Service configuration for this port.
1665 The MAC address to use for this port for the purpose of choosing the
1666 bridge's MAC address. This column does not necessarily reflect the
1667 port's actual MAC address, nor will setting it change the port's actual
1671 <column name=
"fake_bridge">
1672 Does this port represent a sub-bridge for its tagged VLAN within the
1673 Bridge? See ovs-vsctl(
8) for more information.
1676 <column name=
"external_ids" key=
"fake-bridge-id-*">
1677 External IDs for a fake bridge (see the
<ref column=
"fake_bridge"/>
1678 column) are defined by prefixing a
<ref table=
"Bridge"/> <ref
1679 table=
"Bridge" column=
"external_ids"/> key with
1680 <code>fake-bridge-
</code>,
1681 e.g.
<code>fake-bridge-xs-network-uuids
</code>.
1684 <column name=
"other_config" key=
"transient"
1685 type='{
"type":
"boolean"}'
>
1687 If set to
<code>true
</code>, the port will be removed when
1688 <code>ovs-ctl start --delete-transient-ports
</code> is used.
1693 <column name=
"bond_active_slave">
1694 For a bonded port, record the mac address of the current active slave.
1697 <group title=
"Port Statistics">
1699 Key-value pairs that report port statistics. The update period
1700 is controlled by
<ref column=
"other_config"
1701 key=
"stats-update-interval"/> in the
<code>Open_vSwitch
</code> table.
1703 <group title=
"Statistics: STP transmit and receive counters">
1704 <column name=
"statistics" key=
"stp_tx_count">
1705 Number of STP BPDUs sent on this port by the spanning
1708 <column name=
"statistics" key=
"stp_rx_count">
1709 Number of STP BPDUs received on this port and accepted by the
1710 spanning tree library.
1712 <column name=
"statistics" key=
"stp_error_count">
1713 Number of bad STP BPDUs received on this port. Bad BPDUs
1714 include runt packets and those with an unexpected protocol ID.
1719 <group title=
"Common Columns">
1720 The overall purpose of these columns is described under
<code>Common
1721 Columns
</code> at the beginning of this document.
1723 <column name=
"other_config"/>
1724 <column name=
"external_ids"/>
1728 <table name=
"Interface" title=
"One physical network device in a Port.">
1729 An interface within a
<ref table=
"Port"/>.
1731 <group title=
"Core Features">
1732 <column name=
"name">
1733 Interface name. Should be alphanumeric and no more than about
8 bytes
1734 long. May be the same as the port name, for non-bonded ports. Must
1735 otherwise be unique among the names of ports, interfaces, and bridges
1739 <column name=
"ifindex">
1740 A positive interface index as defined for SNMP MIB-II in RFCs
1213 and
1741 2863, if the interface has one, otherwise
0. The ifindex is useful for
1742 seamless integration with protocols such as SNMP and sFlow.
1745 <column name=
"mac_in_use">
1746 The MAC address in use by this interface.
1750 <p>Ethernet address to set for this interface. If unset then the
1751 default MAC address is used:
</p>
1753 <li>For the local interface, the default is the lowest-numbered MAC
1754 address among the other bridge ports, either the value of the
1755 <ref table=
"Port" column=
"mac"/> in its
<ref table=
"Port"/> record,
1756 if set, or its actual MAC (for bonded ports, the MAC of its slave
1757 whose name is first in alphabetical order). Internal ports and
1758 bridge ports that are used as port mirroring destinations (see the
1759 <ref table=
"Mirror"/> table) are ignored.
</li>
1760 <li>For other internal interfaces, the default MAC is randomly
1762 <li>External interfaces typically have a MAC address associated with
1763 their hardware.
</li>
1765 <p>Some interfaces may not have a software-controllable MAC
1769 <column name=
"error">
1770 If the configuration of the port failed, as indicated by -
1 in
<ref
1771 column=
"ofport"/>, Open vSwitch sets this column to an error
1772 description in human readable form. Otherwise, Open vSwitch clears
1776 <group title=
"OpenFlow Port Number">
1778 When a client adds a new interface, Open vSwitch chooses an OpenFlow
1779 port number for the new port. If the client that adds the port fills
1780 in
<ref column=
"ofport_request"/>, then Open vSwitch tries to use its
1781 value as the OpenFlow port number. Otherwise, or if the requested
1782 port number is already in use or cannot be used for another reason,
1783 Open vSwitch automatically assigns a free port number. Regardless of
1784 how the port number was obtained, Open vSwitch then reports in
<ref
1785 column=
"ofport"/> the port number actually assigned.
1789 Open vSwitch limits the port numbers that it automatically assigns to
1790 the range
1 through
32,
767, inclusive. Controllers therefore have
1791 free use of ports
32,
768 and up.
1794 <column name=
"ofport">
1796 OpenFlow port number for this interface. Open vSwitch sets this
1797 column's value, so other clients should treat it as read-only.
1800 The OpenFlow ``local'' port (
<code>OFPP_LOCAL
</code>) is
65,
534.
1801 The other valid port numbers are in the range
1 to
65,
279,
1802 inclusive. Value -
1 indicates an error adding the interface.
1806 <column name=
"ofport_request"
1807 type='{
"type":
"integer",
"minInteger":
1,
"maxInteger":
65279}'
>
1809 Requested OpenFlow port number for this interface.
1813 A client should ideally set this column's value in the same
1814 database transaction that it uses to create the interface. Open
1815 vSwitch version
2.1 and later will honor a later request for a
1816 specific port number, althuogh it might confuse some controllers:
1817 OpenFlow does not have a way to announce a port number change, so
1818 Open vSwitch represents it over OpenFlow as a port deletion
1819 followed immediately by a port addition.
1823 If
<ref column=
"ofport_request"/> is set or changed to some other
1824 port's automatically assigned port number, Open vSwitch chooses a
1825 new port number for the latter port.
1831 <group title=
"System-Specific Details">
1832 <column name=
"type">
1834 The interface type. The types supported by a particular instance of
1835 Open vSwitch are listed in the
<ref table=
"Open_vSwitch"
1836 column=
"iface_types"/> column in the
<ref table=
"Open_vSwitch"/>
1837 table. The following types are defined:
1841 <dt><code>system
</code></dt>
1842 <dd>An ordinary network device, e.g.
<code>eth0
</code> on Linux.
1843 Sometimes referred to as ``external interfaces'' since they are
1844 generally connected to hardware external to that on which the Open
1845 vSwitch is running. The empty string is a synonym for
1846 <code>system
</code>.
</dd>
1848 <dt><code>internal
</code></dt>
1849 <dd>A simulated network device that sends and receives traffic. An
1850 internal interface whose
<ref column=
"name"/> is the same as its
1851 bridge's
<ref table=
"Open_vSwitch" column=
"name"/> is called the
1852 ``local interface.'' It does not make sense to bond an internal
1853 interface, so the terms ``port'' and ``interface'' are often used
1854 imprecisely for internal interfaces.
</dd>
1856 <dt><code>tap
</code></dt>
1857 <dd>A TUN/TAP device managed by Open vSwitch.
</dd>
1859 <dt><code>geneve
</code></dt>
1861 An Ethernet over Geneve (
<code>http://tools.ietf.org/html/draft-ietf-nvo3-geneve-
00</code>)
1864 A description of how to match and set Geneve options can be found
1865 in the
<code>ovs-ofctl
</code> manual page.
1868 <dt><code>gre
</code></dt>
1870 An Ethernet over RFC
2890 Generic Routing Encapsulation over IPv4
1874 <dt><code>ipsec_gre
</code></dt>
1876 An Ethernet over RFC
2890 Generic Routing Encapsulation over IPv4
1880 <dt><code>vxlan
</code></dt>
1883 An Ethernet tunnel over the UDP-based VXLAN protocol described in
1887 Open vSwitch uses UDP destination port
4789. The source port used for
1888 VXLAN traffic varies on a per-flow basis and is in the ephemeral port
1893 <dt><code>lisp
</code></dt>
1896 A layer
3 tunnel over the experimental, UDP-based Locator/ID
1897 Separation Protocol (RFC
6830).
1900 Only IPv4 and IPv6 packets are supported by the protocol, and
1901 they are sent and received without an Ethernet header. Traffic
1902 to/from LISP ports is expected to be configured explicitly, and
1903 the ports are not intended to participate in learning based
1904 switching. As such, they are always excluded from packet
1909 <dt><code>stt
</code></dt>
1911 The Stateless TCP Tunnel (STT) is particularly useful when tunnel
1912 endpoints are in end-systems, as it utilizes the capabilities of
1913 standard network interface cards to improve performance. STT utilizes
1914 a TCP-like header inside the IP header. It is stateless, i.e., there is
1915 no TCP connection state of any kind associated with the tunnel. The
1916 TCP-like header is used to leverage the capabilities of existing
1917 network interface cards, but should not be interpreted as implying
1918 any sort of connection state between endpoints.
1919 Since the STT protocol does not engage in the usual TCP
3-way handshake,
1920 so it will have difficulty traversing stateful firewalls.
1921 The protocol is documented at
1922 http://www.ietf.org/archive/id/draft-davie-stt-
06.txt
1924 All traffic uses a default destination port of
7471. STT is only
1925 available in kernel datapath on kernel
3.5 or newer.
1928 <dt><code>patch
</code></dt>
1930 A pair of virtual devices that act as a patch cable.
1933 <dt><code>null
</code></dt>
1934 <dd>An ignored interface. Deprecated and slated for removal in
1940 <group title=
"Tunnel Options">
1942 These options apply to interfaces with
<ref column=
"type"/> of
1943 <code>geneve
</code>,
<code>gre
</code>,
<code>ipsec_gre
</code>,
1944 <code>vxlan
</code>,
<code>lisp
</code> and
<code>stt
</code>.
1948 Each tunnel must be uniquely identified by the combination of
<ref
1949 column=
"type"/>,
<ref column=
"options" key=
"remote_ip"/>,
<ref
1950 column=
"options" key=
"local_ip"/>, and
<ref column=
"options"
1951 key=
"in_key"/>. If two ports are defined that are the same except one
1952 has an optional identifier and the other does not, the more specific
1953 one is matched first.
<ref column=
"options" key=
"in_key"/> is
1954 considered more specific than
<ref column=
"options" key=
"local_ip"/> if
1955 a port defines one and another port defines the other.
1958 <column name=
"options" key=
"remote_ip">
1959 <p>Required. The remote tunnel endpoint, one of:
</p>
1963 An IPv4 address (not a DNS name), e.g.
<code>192.168.0.123</code>.
1964 Only unicast endpoints are supported.
1967 The word
<code>flow
</code>. The tunnel accepts packets from any
1968 remote tunnel endpoint. To process only packets from a specific
1969 remote tunnel endpoint, the flow entries may match on the
1970 <code>tun_src
</code> field. When sending packets to a
1971 <code>remote_ip=flow
</code> tunnel, the flow actions must
1972 explicitly set the
<code>tun_dst
</code> field to the IP address of
1973 the desired remote tunnel endpoint, e.g. with a
1974 <code>set_field
</code> action.
1979 The remote tunnel endpoint for any packet received from a tunnel
1980 is available in the
<code>tun_src
</code> field for matching in the
1985 <column name=
"options" key=
"local_ip">
1987 Optional. The tunnel destination IP that received packets must
1988 match. Default is to match all addresses. If specified, may be one
1994 An IPv4 address (not a DNS name), e.g.
<code>192.168.12.3</code>.
1997 The word
<code>flow
</code>. The tunnel accepts packets sent to any
1998 of the local IP addresses of the system running OVS. To process
1999 only packets sent to a specific IP address, the flow entries may
2000 match on the
<code>tun_dst
</code> field. When sending packets to a
2001 <code>local_ip=flow
</code> tunnel, the flow actions may
2002 explicitly set the
<code>tun_src
</code> field to the desired IP
2003 address, e.g. with a
<code>set_field
</code> action. However, while
2004 routing the tunneled packet out, the local system may override the
2005 specified address with the local IP address configured for the
2006 outgoing system interface.
2009 This option is valid only for tunnels also configured with the
2010 <code>remote_ip=flow
</code> option.
2016 The tunnel destination IP address for any packet received from a
2017 tunnel is available in the
<code>tun_dst
</code> field for matching in
2022 <column name=
"options" key=
"in_key">
2023 <p>Optional. The key that received packets must contain, one of:
</p>
2027 <code>0</code>. The tunnel receives packets with no key or with a
2028 key of
0. This is equivalent to specifying no
<ref column=
"options"
2029 key=
"in_key"/> at all.
2032 A positive
24-bit (for Geneve, VXLAN, and LISP),
32-bit (for GRE)
2033 or
64-bit (for STT) number. The tunnel receives only
2034 packets with the specified key.
2037 The word
<code>flow
</code>. The tunnel accepts packets with any
2038 key. The key will be placed in the
<code>tun_id
</code> field for
2039 matching in the flow table. The
<code>ovs-ofctl
</code> manual page
2040 contains additional information about matching fields in OpenFlow
2049 <column name=
"options" key=
"out_key">
2050 <p>Optional. The key to be set on outgoing packets, one of:
</p>
2054 <code>0</code>. Packets sent through the tunnel will have no key.
2055 This is equivalent to specifying no
<ref column=
"options"
2056 key=
"out_key"/> at all.
2059 A positive
24-bit (for Geneve, VXLAN and LISP),
32-bit (for GRE) or
2060 64-bit (for STT) number. Packets sent through the tunnel
2061 will have the specified key.
2064 The word
<code>flow
</code>. Packets sent through the tunnel will
2065 have the key set using the
<code>set_tunnel
</code> Nicira OpenFlow
2066 vendor extension (
0 is used in the absence of an action). The
2067 <code>ovs-ofctl
</code> manual page contains additional information
2068 about the Nicira OpenFlow vendor extensions.
2073 <column name=
"options" key=
"key">
2074 Optional. Shorthand to set
<code>in_key
</code> and
2075 <code>out_key
</code> at the same time.
2078 <column name=
"options" key=
"tos">
2079 Optional. The value of the ToS bits to be set on the encapsulating
2080 packet. ToS is interpreted as DSCP and ECN bits, ECN part must be
2081 zero. It may also be the word
<code>inherit
</code>, in which case
2082 the ToS will be copied from the inner packet if it is IPv4 or IPv6
2083 (otherwise it will be
0). The ECN fields are always inherited.
2087 <column name=
"options" key=
"ttl">
2088 Optional. The TTL to be set on the encapsulating packet. It may also
2089 be the word
<code>inherit
</code>, in which case the TTL will be copied
2090 from the inner packet if it is IPv4 or IPv6 (otherwise it will be the
2091 system default, typically
64). Default is the system default TTL.
2094 <column name=
"options" key=
"df_default"
2095 type='{
"type":
"boolean"}'
>
2096 Optional. If enabled, the Don't Fragment bit will be set on tunnel
2097 outer headers to allow path MTU discovery. Default is enabled; set
2098 to
<code>false
</code> to disable.
2101 <group title=
"Tunnel Options: vxlan only">
2103 <column name=
"options" key=
"exts">
2104 <p>Optional. Comma separated list of optional VXLAN extensions to
2105 enable. The following extensions are supported:
</p>
2109 <code>gbp
</code>: VXLAN-GBP allows to transport the group policy
2110 context of a packet across the VXLAN tunnel to other network
2111 peers. See the field description of
<code>tun_gbp_id
</code> and
2112 <code>tun_gbp_flags
</code> in ovs-ofctl(
8) for additional
2114 (
<code>https://tools.ietf.org/html/draft-smith-vxlan-group-policy
</code>)
2121 <group title=
"Tunnel Options: gre, ipsec_gre, geneve, and vxlan">
2123 <code>gre
</code>,
<code>ipsec_gre
</code>,
<code>geneve
</code>, and
2124 <code>vxlan
</code> interfaces support these options.
2127 <column name=
"options" key=
"csum" type='{
"type":
"boolean"}'
>
2129 Optional. Compute encapsulation header (either GRE or UDP)
2130 checksums on outgoing packets. Default is disabled, set to
2131 <code>true
</code> to enable. Checksums present on incoming
2132 packets will be validated regardless of this setting.
2136 When using the upstream Linux kernel module, computation of
2137 checksums for
<code>geneve
</code> and
<code>vxlan
</code> requires
2138 Linux kernel version
4.0 or higher.
<code>gre
</code> supports
2139 checksums for all versions of Open vSwitch that support GRE.
2140 The out of tree kernel module distributed as part of OVS
2141 can compute all tunnel checksums on any kernel version that it
2146 This option is supported for
<code>ipsec_gre
</code>, but not useful
2147 because GRE checksums are weaker than, and redundant with, IPsec
2148 payload authentication.
2153 <group title=
"Tunnel Options: ipsec_gre only">
2155 Only
<code>ipsec_gre
</code> interfaces support these options.
2158 <column name=
"options" key=
"peer_cert">
2159 Required for certificate authentication. A string containing the
2160 peer's certificate in PEM format. Additionally the host's
2161 certificate must be specified with the
<code>certificate
</code>
2165 <column name=
"options" key=
"certificate">
2166 Required for certificate authentication. The name of a PEM file
2167 containing a certificate that will be presented to the peer during
2171 <column name=
"options" key=
"private_key">
2172 Optional for certificate authentication. The name of a PEM file
2173 containing the private key associated with
<code>certificate
</code>.
2174 If
<code>certificate
</code> contains the private key, this option may
2178 <column name=
"options" key=
"psk">
2179 Required for pre-shared key authentication. Specifies a pre-shared
2180 key for authentication that must be identical on both sides of the
2186 <group title=
"Patch Options">
2188 Only
<code>patch
</code> interfaces support these options.
2191 <column name=
"options" key=
"peer">
2192 The
<ref column=
"name"/> of the
<ref table=
"Interface"/> for the other
2193 side of the patch. The named
<ref table=
"Interface"/>'s own
2194 <code>peer
</code> option must specify this
<ref table=
"Interface"/>'s
2195 name. That is, the two patch interfaces must have reversed
<ref
2196 column=
"name"/> and
<code>peer
</code> values.
2200 <group title=
"Interface Status">
2202 Status information about interfaces attached to bridges, updated every
2203 5 seconds. Not all interfaces have all of these properties; virtual
2204 interfaces don't have a link speed, for example. Non-applicable
2205 columns will have empty values.
2207 <column name=
"admin_state">
2209 The administrative state of the physical network link.
2213 <column name=
"link_state">
2215 The observed state of the physical network link. This is ordinarily
2216 the link's carrier status. If the interface's
<ref table=
"Port"/> is
2217 a bond configured for miimon monitoring, it is instead the network
2218 link's miimon status.
2222 <column name=
"link_resets">
2224 The number of times Open vSwitch has observed the
2225 <ref column=
"link_state"/> of this
<ref table=
"Interface"/> change.
2229 <column name=
"link_speed">
2231 The negotiated speed of the physical network link.
2232 Valid values are positive integers greater than
0.
2236 <column name=
"duplex">
2238 The duplex mode of the physical network link.
2244 The MTU (maximum transmission unit); i.e. the largest
2245 amount of data that can fit into a single Ethernet frame.
2246 The standard Ethernet MTU is
1500 bytes. Some physical media
2247 and many kinds of virtual interfaces can be configured with
2251 This column will be empty for an interface that does not
2252 have an MTU as, for example, some kinds of tunnels do not.
2256 <column name=
"lacp_current">
2257 Boolean value indicating LACP status for this interface. If true, this
2258 interface has current LACP information about its LACP partner. This
2259 information may be used to monitor the health of interfaces in a LACP
2260 enabled port. This column will be empty if LACP is not enabled.
2263 <column name=
"status">
2264 Key-value pairs that report port status. Supported status values are
2265 <ref column=
"type"/>-dependent; some interfaces may not have a valid
2266 <ref column=
"status" key=
"driver_name"/>, for example.
2269 <column name=
"status" key=
"driver_name">
2270 The name of the device driver controlling the network adapter.
2273 <column name=
"status" key=
"driver_version">
2274 The version string of the device driver controlling the network
2278 <column name=
"status" key=
"firmware_version">
2279 The version string of the network adapter's firmware, if available.
2282 <column name=
"status" key=
"source_ip">
2283 The source IP address used for an IPv4 tunnel end-point, such as
2287 <column name=
"status" key=
"tunnel_egress_iface">
2288 Egress interface for tunnels. Currently only relevant for tunnels
2289 on Linux systems, this column will show the name of the interface
2290 which is responsible for routing traffic destined for the configured
2291 <ref column=
"options" key=
"remote_ip"/>. This could be an internal
2292 interface such as a bridge port.
2295 <column name=
"status" key=
"tunnel_egress_iface_carrier"
2296 type='{
"type":
"string",
"enum": [
"set", [
"down",
"up"]]}'
>
2297 Whether carrier is detected on
<ref column=
"status"
2298 key=
"tunnel_egress_iface"/>.
2302 <group title=
"Statistics">
2304 Key-value pairs that report interface statistics. The current
2305 implementation updates these counters periodically. The update period
2306 is controlled by
<ref column=
"other_config"
2307 key=
"stats-update-interval"/> in the
<code>Open_vSwitch
</code> table.
2308 Future implementations may update them when an interface is created,
2309 when they are queried (e.g. using an OVSDB
<code>select
</code>
2310 operation), and just before an interface is deleted due to virtual
2311 interface hot-unplug or VM shutdown, and perhaps at other times, but
2312 not on any regular periodic basis.
2315 These are the same statistics reported by OpenFlow in its
<code>struct
2316 ofp_port_stats
</code> structure. If an interface does not support a
2317 given statistic, then that pair is omitted.
2319 <group title=
"Statistics: Successful transmit and receive counters">
2320 <column name=
"statistics" key=
"rx_packets">
2321 Number of received packets.
2323 <column name=
"statistics" key=
"rx_bytes">
2324 Number of received bytes.
2326 <column name=
"statistics" key=
"tx_packets">
2327 Number of transmitted packets.
2329 <column name=
"statistics" key=
"tx_bytes">
2330 Number of transmitted bytes.
2333 <group title=
"Statistics: Receive errors">
2334 <column name=
"statistics" key=
"rx_dropped">
2335 Number of packets dropped by RX.
2337 <column name=
"statistics" key=
"rx_frame_err">
2338 Number of frame alignment errors.
2340 <column name=
"statistics" key=
"rx_over_err">
2341 Number of packets with RX overrun.
2343 <column name=
"statistics" key=
"rx_crc_err">
2344 Number of CRC errors.
2346 <column name=
"statistics" key=
"rx_errors">
2347 Total number of receive errors, greater than or equal to the sum of
2351 <group title=
"Statistics: Transmit errors">
2352 <column name=
"statistics" key=
"tx_dropped">
2353 Number of packets dropped by TX.
2355 <column name=
"statistics" key=
"collisions">
2356 Number of collisions.
2358 <column name=
"statistics" key=
"tx_errors">
2359 Total number of transmit errors, greater than or equal to the sum of
2365 <group title=
"Ingress Policing">
2367 These settings control ingress policing for packets received on this
2368 interface. On a physical interface, this limits the rate at which
2369 traffic is allowed into the system from the outside; on a virtual
2370 interface (one connected to a virtual machine), this limits the rate at
2371 which the VM is able to transmit.
2374 Policing is a simple form of quality-of-service that simply drops
2375 packets received in excess of the configured rate. Due to its
2376 simplicity, policing is usually less accurate and less effective than
2377 egress QoS (which is configured using the
<ref table=
"QoS"/> and
<ref
2378 table=
"Queue"/> tables).
2381 Policing is currently implemented only on Linux. The Linux
2382 implementation uses a simple ``token bucket'' approach:
2386 The size of the bucket corresponds to
<ref
2387 column=
"ingress_policing_burst"/>. Initially the bucket is full.
2390 Whenever a packet is received, its size (converted to tokens) is
2391 compared to the number of tokens currently in the bucket. If the
2392 required number of tokens are available, they are removed and the
2393 packet is forwarded. Otherwise, the packet is dropped.
2396 Whenever it is not full, the bucket is refilled with tokens at the
2397 rate specified by
<ref column=
"ingress_policing_rate"/>.
2401 Policing interacts badly with some network protocols, and especially
2402 with fragmented IP packets. Suppose that there is enough network
2403 activity to keep the bucket nearly empty all the time. Then this token
2404 bucket algorithm will forward a single packet every so often, with the
2405 period depending on packet size and on the configured rate. All of the
2406 fragments of an IP packets are normally transmitted back-to-back, as a
2407 group. In such a situation, therefore, only one of these fragments
2408 will be forwarded and the rest will be dropped. IP does not provide
2409 any way for the intended recipient to ask for only the remaining
2410 fragments. In such a case there are two likely possibilities for what
2411 will happen next: either all of the fragments will eventually be
2412 retransmitted (as TCP will do), in which case the same problem will
2413 recur, or the sender will not realize that its packet has been dropped
2414 and data will simply be lost (as some UDP-based protocols will do).
2415 Either way, it is possible that no forward progress will ever occur.
2417 <column name=
"ingress_policing_rate">
2419 Maximum rate for data received on this interface, in kbps. Data
2420 received faster than this rate is dropped. Set to
<code>0</code>
2421 (the default) to disable policing.
2425 <column name=
"ingress_policing_burst">
2426 <p>Maximum burst size for data received on this interface, in kb. The
2427 default burst size if set to
<code>0</code> is
1000 kb. This value
2428 has no effect if
<ref column=
"ingress_policing_rate"/>
2429 is
<code>0</code>.
</p>
2431 Specifying a larger burst size lets the algorithm be more forgiving,
2432 which is important for protocols like TCP that react severely to
2433 dropped packets. The burst size should be at least the size of the
2434 interface's MTU. Specifying a value that is numerically at least as
2435 large as
10% of
<ref column=
"ingress_policing_rate"/> helps TCP come
2436 closer to achieving the full rate.
2441 <group title=
"Bidirectional Forwarding Detection (BFD)">
2443 BFD, defined in RFC
5880 and RFC
5881, allows point-to-point
2444 detection of connectivity failures by occasional transmission of
2445 BFD control messages. Open vSwitch implements BFD to serve
2446 as a more popular and standards compliant alternative to CFM.
2450 BFD operates by regularly transmitting BFD control messages at a rate
2451 negotiated independently in each direction. Each endpoint specifies
2452 the rate at which it expects to receive control messages, and the rate
2453 at which it is willing to transmit them. Open vSwitch uses a detection
2454 multiplier of three, meaning that an endpoint signals a connectivity
2455 fault if three consecutive BFD control messages fail to arrive. In the
2456 case of a unidirectional connectivity issue, the system not receiving
2457 BFD control messages signals the problem to its peer in the messages it
2462 The Open vSwitch implementation of BFD aims to comply faithfully
2463 with RFC
5880 requirements. Open vSwitch does not implement the
2464 optional Authentication or ``Echo Mode'' features.
2467 <group title=
"BFD Configuration">
2469 A controller sets up key-value pairs in the
<ref column=
"bfd"/>
2470 column to enable and configure BFD.
2473 <column name=
"bfd" key=
"enable" type='{
"type":
"boolean"}'
>
2474 True to enable BFD on this
<ref table=
"Interface"/>. If not
2475 specified, BFD will not be enabled by default.
2478 <column name=
"bfd" key=
"min_rx"
2479 type='{
"type":
"integer",
"minInteger":
1}'
>
2480 The shortest interval, in milliseconds, at which this BFD session
2481 offers to receive BFD control messages. The remote endpoint may
2482 choose to send messages at a slower rate. Defaults to
2486 <column name=
"bfd" key=
"min_tx"
2487 type='{
"type":
"integer",
"minInteger":
1}'
>
2488 The shortest interval, in milliseconds, at which this BFD session is
2489 willing to transmit BFD control messages. Messages will actually be
2490 transmitted at a slower rate if the remote endpoint is not willing to
2491 receive as quickly as specified. Defaults to
<code>100</code>.
2494 <column name=
"bfd" key=
"decay_min_rx" type='{
"type":
"integer"}'
>
2495 An alternate receive interval, in milliseconds, that must be greater
2496 than or equal to
<ref column=
"bfd" key=
"min_rx"/>. The
2497 implementation switches from
<ref column=
"bfd" key=
"min_rx"/> to
<ref
2498 column=
"bfd" key=
"decay_min_rx"/> when there is no obvious incoming
2499 data traffic at the interface, to reduce the CPU and bandwidth cost
2500 of monitoring an idle interface. This feature may be disabled by
2501 setting a value of
0. This feature is reset whenever
<ref
2502 column=
"bfd" key=
"decay_min_rx"/> or
<ref column=
"bfd" key=
"min_rx"/>
2506 <column name=
"bfd" key=
"forwarding_if_rx" type='{
"type":
"boolean"}'
>
2507 When
<code>true
</code>, traffic received on the
2508 <ref table=
"Interface"/> is used to indicate the capability of packet
2509 I/O. BFD control packets are still transmitted and received. At
2510 least one BFD control packet must be received every
100 *
<ref
2511 column=
"bfd" key=
"min_rx"/> amount of time. Otherwise, even if
2512 traffic are received, the
<ref column=
"bfd" key=
"forwarding"/>
2513 will be
<code>false
</code>.
2516 <column name=
"bfd" key=
"cpath_down" type='{
"type":
"boolean"}'
>
2517 Set to true to notify the remote endpoint that traffic should not be
2518 forwarded to this system for some reason other than a connectivty
2519 failure on the interface being monitored. The typical underlying
2520 reason is ``concatenated path down,'' that is, that connectivity
2521 beyond the local system is down. Defaults to false.
2524 <column name=
"bfd" key=
"check_tnl_key" type='{
"type":
"boolean"}'
>
2525 Set to true to make BFD accept only control messages with a tunnel
2526 key of zero. By default, BFD accepts control messages with any
2530 <column name=
"bfd" key=
"bfd_local_src_mac">
2531 Set to an Ethernet address in the form
2532 <var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>
2533 to set the MAC used as source for transmitted BFD packets. The
2534 default is the mac address of the BFD enabled interface.
2537 <column name=
"bfd" key=
"bfd_local_dst_mac">
2538 Set to an Ethernet address in the form
2539 <var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>
2540 to set the MAC used as destination for transmitted BFD packets. The
2541 default is
<code>00:
23:
20:
00:
00:
01</code>.
2544 <column name=
"bfd" key=
"bfd_remote_dst_mac">
2545 Set to an Ethernet address in the form
2546 <var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>
2547 to set the MAC used for checking the destination of received BFD packets.
2548 Packets with different destination MAC will not be considered as BFD packets.
2549 If not specified the destination MAC address of received BFD packets
2553 <column name=
"bfd" key=
"bfd_src_ip">
2554 Set to an IPv4 address to set the IP address used as source for
2555 transmitted BFD packets. The default is
<code>169.254.1.1</code>.
2558 <column name=
"bfd" key=
"bfd_dst_ip">
2559 Set to an IPv4 address to set the IP address used as destination
2560 for transmitted BFD packets. The default is
<code>169.254.1.0</code>.
2564 <group title=
"BFD Status">
2566 The switch sets key-value pairs in the
<ref column=
"bfd_status"/>
2567 column to report the status of BFD on this interface. When BFD is
2568 not enabled, with
<ref column=
"bfd" key=
"enable"/>, the switch clears
2569 all key-value pairs from
<ref column=
"bfd_status"/>.
2572 <column name=
"bfd_status" key=
"state"
2573 type='{
"type":
"string",
2574 "enum": [
"set", [
"admin_down",
"down",
"init",
"up"]]}'
>
2575 Reports the state of the BFD session. The BFD session is fully
2576 healthy and negotiated if
<code>UP
</code>.
2579 <column name=
"bfd_status" key=
"forwarding" type='{
"type":
"boolean"}'
>
2580 Reports whether the BFD session believes this
<ref
2581 table=
"Interface"/> may be used to forward traffic. Typically this
2582 means the local session is signaling
<code>UP
</code>, and the remote
2583 system isn't signaling a problem such as concatenated path down.
2586 <column name=
"bfd_status" key=
"diagnostic">
2587 A diagnostic code specifying the local system's reason for the
2588 last change in session state. The error messages are defined in
2589 section
4.1 of [RFC
5880].
2592 <column name=
"bfd_status" key=
"remote_state"
2593 type='{
"type":
"string",
2594 "enum": [
"set", [
"admin_down",
"down",
"init",
"up"]]}'
>
2595 Reports the state of the remote endpoint's BFD session.
2598 <column name=
"bfd_status" key=
"remote_diagnostic">
2599 A diagnostic code specifying the remote system's reason for the
2600 last change in session state. The error messages are defined in
2601 section
4.1 of [RFC
5880].
2604 <column name=
"bfd_status" key=
"flap_count"
2605 type='{
"type":
"integer",
"minInteger":
0}'
>
2606 Counts the number of
<ref column=
"bfd_status" key=
"forwarding" />
2607 flaps since start. A flap is considered as a change of the
2608 <ref column=
"bfd_status" key=
"forwarding" /> value.
2613 <group title=
"Connectivity Fault Management">
2615 802.1ag Connectivity Fault Management (CFM) allows a group of
2616 Maintenance Points (MPs) called a Maintenance Association (MA) to
2617 detect connectivity problems with each other. MPs within a MA should
2618 have complete and exclusive interconnectivity. This is verified by
2619 occasionally broadcasting Continuity Check Messages (CCMs) at a
2620 configurable transmission interval.
2624 According to the
802.1ag specification, each Maintenance Point should
2625 be configured out-of-band with a list of Remote Maintenance Points it
2626 should have connectivity to. Open vSwitch differs from the
2627 specification in this area. It simply assumes the link is faulted if
2628 no Remote Maintenance Points are reachable, and considers it not
2633 When operating over tunnels which have no
<code>in_key
</code>, or an
2634 <code>in_key
</code> of
<code>flow
</code>. CFM will only accept CCMs
2635 with a tunnel key of zero.
2638 <column name=
"cfm_mpid">
2640 A Maintenance Point ID (MPID) uniquely identifies each endpoint
2641 within a Maintenance Association. The MPID is used to identify this
2642 endpoint to other Maintenance Points in the MA. Each end of a link
2643 being monitored should have a different MPID. Must be configured to
2644 enable CFM on this
<ref table=
"Interface"/>.
2647 According to the
802.1ag specification, MPIDs can only range between
2648 [
1,
8191]. However, extended mode (see
<ref column=
"other_config"
2649 key=
"cfm_extended"/>) supports eight byte MPIDs.
2653 <column name=
"cfm_flap_count">
2654 Counts the number of cfm fault flapps since boot. A flap is
2655 considered to be a change of the
<ref column=
"cfm_fault"/> value.
2658 <column name=
"cfm_fault">
2660 Indicates a connectivity fault triggered by an inability to receive
2661 heartbeats from any remote endpoint. When a fault is triggered on
2662 <ref table=
"Interface"/>s participating in bonds, they will be
2666 Faults can be triggered for several reasons. Most importantly they
2667 are triggered when no CCMs are received for a period of
3.5 times the
2668 transmission interval. Faults are also triggered when any CCMs
2669 indicate that a Remote Maintenance Point is not receiving CCMs but
2670 able to send them. Finally, a fault is triggered if a CCM is
2671 received which indicates unexpected configuration. Notably, this
2672 case arises when a CCM is received which advertises the local MPID.
2676 <column name=
"cfm_fault_status" key=
"recv">
2677 Indicates a CFM fault was triggered due to a lack of CCMs received on
2678 the
<ref table=
"Interface"/>.
2681 <column name=
"cfm_fault_status" key=
"rdi">
2682 Indicates a CFM fault was triggered due to the reception of a CCM with
2683 the RDI bit flagged. Endpoints set the RDI bit in their CCMs when they
2684 are not receiving CCMs themselves. This typically indicates a
2685 unidirectional connectivity failure.
2688 <column name=
"cfm_fault_status" key=
"maid">
2689 Indicates a CFM fault was triggered due to the reception of a CCM with
2690 a MAID other than the one Open vSwitch uses. CFM broadcasts are tagged
2691 with an identification number in addition to the MPID called the MAID.
2692 Open vSwitch only supports receiving CCM broadcasts tagged with the
2693 MAID it uses internally.
2696 <column name=
"cfm_fault_status" key=
"loopback">
2697 Indicates a CFM fault was triggered due to the reception of a CCM
2698 advertising the same MPID configured in the
<ref column=
"cfm_mpid"/>
2699 column of this
<ref table=
"Interface"/>. This may indicate a loop in
2703 <column name=
"cfm_fault_status" key=
"overflow">
2704 Indicates a CFM fault was triggered because the CFM module received
2705 CCMs from more remote endpoints than it can keep track of.
2708 <column name=
"cfm_fault_status" key=
"override">
2709 Indicates a CFM fault was manually triggered by an administrator using
2710 an
<code>ovs-appctl
</code> command.
2713 <column name=
"cfm_fault_status" key=
"interval">
2714 Indicates a CFM fault was triggered due to the reception of a CCM
2715 frame having an invalid interval.
2718 <column name=
"cfm_remote_opstate">
2719 <p>When in extended mode, indicates the operational state of the
2720 remote endpoint as either
<code>up
</code> or
<code>down
</code>. See
2721 <ref column=
"other_config" key=
"cfm_opstate"/>.
2725 <column name=
"cfm_health">
2727 Indicates the health of the interface as a percentage of CCM frames
2728 received over
21 <ref column=
"other_config" key=
"cfm_interval"/>s.
2729 The health of an interface is undefined if it is communicating with
2730 more than one
<ref column=
"cfm_remote_mpids"/>. It reduces if
2731 healthy heartbeats are not received at the expected rate, and
2732 gradually improves as healthy heartbeats are received at the desired
2733 rate. Every
21 <ref column=
"other_config" key=
"cfm_interval"/>s, the
2734 health of the interface is refreshed.
2737 As mentioned above, the faults can be triggered for several reasons.
2738 The link health will deteriorate even if heartbeats are received but
2739 they are reported to be unhealthy. An unhealthy heartbeat in this
2740 context is a heartbeat for which either some fault is set or is out
2741 of sequence. The interface health can be
100 only on receiving
2742 healthy heartbeats at the desired rate.
2746 <column name=
"cfm_remote_mpids">
2747 When CFM is properly configured, Open vSwitch will occasionally
2748 receive CCM broadcasts. These broadcasts contain the MPID of the
2749 sending Maintenance Point. The list of MPIDs from which this
2750 <ref table=
"Interface"/> is receiving broadcasts from is regularly
2751 collected and written to this column.
2754 <column name=
"other_config" key=
"cfm_interval"
2755 type='{
"type":
"integer"}'
>
2757 The interval, in milliseconds, between transmissions of CFM
2758 heartbeats. Three missed heartbeat receptions indicate a
2763 In standard operation only intervals of
3,
10,
100,
1,
000,
10,
000,
2764 60,
000, or
600,
000 ms are supported. Other values will be rounded
2765 down to the nearest value on the list. Extended mode (see
<ref
2766 column=
"other_config" key=
"cfm_extended"/>) supports any interval up
2767 to
65,
535 ms. In either mode, the default is
1000 ms.
2770 <p>We do not recommend using intervals less than
100 ms.
</p>
2773 <column name=
"other_config" key=
"cfm_extended"
2774 type='{
"type":
"boolean"}'
>
2775 When
<code>true
</code>, the CFM module operates in extended mode. This
2776 causes it to use a nonstandard destination address to avoid conflicting
2777 with compliant implementations which may be running concurrently on the
2778 network. Furthermore, extended mode increases the accuracy of the
2779 <code>cfm_interval
</code> configuration parameter by breaking wire
2780 compatibility with
802.1ag compliant implementations. And extended
2781 mode allows eight byte MPIDs. Defaults to
<code>false
</code>.
2784 <column name=
"other_config" key=
"cfm_demand" type='{
"type":
"boolean"}'
>
2786 When
<code>true
</code>, and
2787 <ref column=
"other_config" key=
"cfm_extended"/> is true, the CFM
2788 module operates in demand mode. When in demand mode, traffic
2789 received on the
<ref table=
"Interface"/> is used to indicate
2790 liveness. CCMs are still transmitted and received. At least one
2791 CCM must be received every
100 *
<ref column=
"other_config"
2792 key=
"cfm_interval"/> amount of time. Otherwise, even if traffic
2793 are received, the CFM module will raise the connectivity fault.
2797 Demand mode has a couple of caveats:
2800 To ensure that ovs-vswitchd has enough time to pull statistics
2801 from the datapath, the fault detection interval is set to
2802 3.5 * MAX(
<ref column=
"other_config" key=
"cfm_interval"/>,
500)
2807 To avoid ambiguity, demand mode disables itself when there are
2808 multiple remote maintenance points.
2812 If the
<ref table=
"Interface"/> is heavily congested, CCMs
2813 containing the
<ref column=
"other_config" key=
"cfm_opstate"/>
2814 status may be dropped causing changes in the operational state to
2815 be delayed. Similarly, if CCMs containing the RDI bit are not
2816 received, unidirectional link failures may not be detected.
2822 <column name=
"other_config" key=
"cfm_opstate"
2823 type='{
"type":
"string",
"enum": [
"set", [
"down",
"up"]]}'
>
2824 When
<code>down
</code>, the CFM module marks all CCMs it generates as
2825 operationally down without triggering a fault. This allows remote
2826 maintenance points to choose not to forward traffic to the
2827 <ref table=
"Interface"/> on which this CFM module is running.
2828 Currently, in Open vSwitch, the opdown bit of CCMs affects
2829 <ref table=
"Interface"/>s participating in bonds, and the bundle
2830 OpenFlow action. This setting is ignored when CFM is not in extended
2831 mode. Defaults to
<code>up
</code>.
2834 <column name=
"other_config" key=
"cfm_ccm_vlan"
2835 type='{
"type":
"integer",
"minInteger":
1,
"maxInteger":
4095}'
>
2836 When set, the CFM module will apply a VLAN tag to all CCMs it generates
2837 with the given value. May be the string
<code>random
</code> in which
2838 case each CCM will be tagged with a different randomly generated VLAN.
2841 <column name=
"other_config" key=
"cfm_ccm_pcp"
2842 type='{
"type":
"integer",
"minInteger":
1,
"maxInteger":
7}'
>
2843 When set, the CFM module will apply a VLAN tag to all CCMs it generates
2844 with the given PCP value, the VLAN ID of the tag is governed by the
2845 value of
<ref column=
"other_config" key=
"cfm_ccm_vlan"/>. If
2846 <ref column=
"other_config" key=
"cfm_ccm_vlan"/> is unset, a VLAN ID of
2852 <group title=
"Bonding Configuration">
2853 <column name=
"other_config" key=
"lacp-port-id"
2854 type='{
"type":
"integer",
"minInteger":
1,
"maxInteger":
65535}'
>
2855 The LACP port ID of this
<ref table=
"Interface"/>. Port IDs are
2856 used in LACP negotiations to identify individual ports
2857 participating in a bond.
2860 <column name=
"other_config" key=
"lacp-port-priority"
2861 type='{
"type":
"integer",
"minInteger":
1,
"maxInteger":
65535}'
>
2862 The LACP port priority of this
<ref table=
"Interface"/>. In LACP
2863 negotiations
<ref table=
"Interface"/>s with numerically lower
2864 priorities are preferred for aggregation.
2867 <column name=
"other_config" key=
"lacp-aggregation-key"
2868 type='{
"type":
"integer",
"minInteger":
1,
"maxInteger":
65535}'
>
2869 The LACP aggregation key of this
<ref table=
"Interface"/>.
<ref
2870 table=
"Interface"/>s with different aggregation keys may not be active
2871 within a given
<ref table=
"Port"/> at the same time.
2875 <group title=
"Virtual Machine Identifiers">
2877 These key-value pairs specifically apply to an interface that
2878 represents a virtual Ethernet interface connected to a virtual
2879 machine. These key-value pairs should not be present for other types
2880 of interfaces. Keys whose names end in
<code>-uuid
</code> have
2881 values that uniquely identify the entity in question. For a Citrix
2882 XenServer hypervisor, these values are UUIDs in RFC
4122 format.
2883 Other hypervisors may use other formats.
2886 <column name=
"external_ids" key=
"attached-mac">
2887 The MAC address programmed into the ``virtual hardware'' for this
2888 interface, in the form
2889 <var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>:
<var>xx
</var>.
2890 For Citrix XenServer, this is the value of the
<code>MAC
</code> field
2891 in the VIF record for this interface.
2894 <column name=
"external_ids" key=
"iface-id">
2895 A system-unique identifier for the interface. On XenServer, this will
2896 commonly be the same as
<ref column=
"external_ids" key=
"xs-vif-uuid"/>.
2899 <column name=
"external_ids" key=
"iface-status"
2900 type='{
"type":
"string",
2901 "enum": [
"set", [
"active",
"inactive"]]}'
>
2903 Hypervisors may sometimes have more than one interface associated
2904 with a given
<ref column=
"external_ids" key=
"iface-id"/>, only one of
2905 which is actually in use at a given time. For example, in some
2906 circumstances XenServer has both a ``tap'' and a ``vif'' interface
2907 for a single
<ref column=
"external_ids" key=
"iface-id"/>, but only
2908 uses one of them at a time. A hypervisor that behaves this way must
2909 mark the currently in use interface
<code>active
</code> and the
2910 others
<code>inactive
</code>. A hypervisor that never has more than
2911 one interface for a given
<ref column=
"external_ids" key=
"iface-id"/>
2912 may mark that interface
<code>active
</code> or omit
<ref
2913 column=
"external_ids" key=
"iface-status"/> entirely.
2917 During VM migration, a given
<ref column=
"external_ids"
2918 key=
"iface-id"/> might transiently be marked
<code>active
</code> on
2919 two different hypervisors. That is,
<code>active
</code> means that
2920 this
<ref column=
"external_ids" key=
"iface-id"/> is the active
2921 instance within a single hypervisor, not in a broader scope.
2922 There is one exception: some hypervisors support ``migration'' from a
2923 given hypervisor to itself (most often for test purposes). During
2924 such a ``migration,'' two instances of a single
<ref
2925 column=
"external_ids" key=
"iface-id"/> might both be briefly marked
2926 <code>active
</code> on a single hypervisor.
2930 <column name=
"external_ids" key=
"xs-vif-uuid">
2931 The virtual interface associated with this interface.
2934 <column name=
"external_ids" key=
"xs-network-uuid">
2935 The virtual network to which this interface is attached.
2938 <column name=
"external_ids" key=
"vm-id">
2939 The VM to which this interface belongs. On XenServer, this will be the
2940 same as
<ref column=
"external_ids" key=
"xs-vm-uuid"/>.
2943 <column name=
"external_ids" key=
"xs-vm-uuid">
2944 The VM to which this interface belongs.
2948 <group title=
"VLAN Splinters">
2950 The ``VLAN splinters'' feature increases Open vSwitch compatibility
2951 with buggy network drivers in old versions of Linux that do not
2952 properly support VLANs when VLAN devices are not used, at some cost
2953 in memory and performance.
2957 When VLAN splinters are enabled on a particular interface, Open vSwitch
2958 creates a VLAN device for each in-use VLAN. For sending traffic tagged
2959 with a VLAN on the interface, it substitutes the VLAN device. Traffic
2960 received on the VLAN device is treated as if it had been received on
2961 the interface on the particular VLAN.
2965 VLAN splinters consider a VLAN to be in use if:
2970 The VLAN is the
<ref table=
"Port" column=
"tag"/> value in any
<ref
2971 table=
"Port"/> record.
2975 The VLAN is listed within the
<ref table=
"Port" column=
"trunks"/>
2976 column of the
<ref table=
"Port"/> record of an interface on which
2977 VLAN splinters are enabled.
2979 An empty
<ref table=
"Port" column=
"trunks"/> does not influence the
2980 in-use VLANs: creating
4,
096 VLAN devices is impractical because it
2981 will exceed the current
1,
024 port per datapath limit.
2985 An OpenFlow flow within any bridge matches the VLAN.
2990 The same set of in-use VLANs applies to every interface on which VLAN
2991 splinters are enabled. That is, the set is not chosen separately for
2992 each interface but selected once as the union of all in-use VLANs based
2997 It does not make sense to enable VLAN splinters on an interface for an
2998 access port, or on an interface that is not a physical port.
3002 VLAN splinters are deprecated. When broken device drivers are no
3003 longer in widespread use, we will delete this feature.
3006 <column name=
"other_config" key=
"enable-vlan-splinters"
3007 type='{
"type":
"boolean"}'
>
3009 Set to
<code>true
</code> to enable VLAN splinters on this interface.
3010 Defaults to
<code>false
</code>.
3014 VLAN splinters increase kernel and userspace memory overhead, so do
3015 not use them unless they are needed.
3019 VLAN splinters do not support
802.1p priority tags. Received
3020 priorities will appear to be
0, regardless of their actual values,
3021 and priorities on transmitted packets will also be cleared to
0.
3026 <group title=
"Auto Attach Configuration">
3028 Auto Attach configuration for a particular interface.
3031 <column name=
"lldp" key=
"enable" type='{
"type":
"boolean"}'
>
3032 True to enable LLDP on this
<ref table=
"Interface"/>. If not
3033 specified, LLDP will be disabled by default.
3037 <group title=
"Common Columns">
3038 The overall purpose of these columns is described under
<code>Common
3039 Columns
</code> at the beginning of this document.
3041 <column name=
"other_config"/>
3042 <column name=
"external_ids"/>
3046 <table name=
"Flow_Table" title=
"OpenFlow table configuration">
3047 <p>Configuration for a particular OpenFlow table.
</p>
3049 <column name=
"name">
3050 The table's name. Set this column to change the name that controllers
3051 will receive when they request table statistics, e.g.
<code>ovs-ofctl
3052 dump-tables
</code>. The name does not affect switch behavior.
3055 <group title=
"Eviction Policy">
3057 Open vSwitch supports limiting the number of flows that may be
3058 installed in a flow table, via the
<ref column=
"flow_limit"/> column.
3059 When adding a flow would exceed this limit, by default Open vSwitch
3060 reports an error, but there are two ways to configure Open vSwitch to
3061 instead delete (``evict'') a flow to make room for the new one:
3066 Set the
<ref column=
"overflow_policy"/> column to
<code>evict
</code>.
3070 Send an OpenFlow
1.4+ ``table mod request'' to enable eviction for
3071 the flow table (e.g.
<code>ovs-ofctl -O OpenFlow14 mod-table br0
0
3072 evict
</code> to enable eviction on flow table
0 of bridge
3078 When a flow must be evicted due to overflow, the flow to evict is
3079 chosen through an approximation of the following algorithm. This
3080 algorithm is used regardless of how eviction was enabled:
3085 Divide the flows in the table into groups based on the values of the
3086 fields or subfields specified in the
<ref column=
"groups"/> column,
3087 so that all of the flows in a given group have the same values for
3088 those fields. If a flow does not specify a given field, that field's
3089 value is treated as
0. If
<ref column=
"groups"/> is empty, then all
3090 of the flows in the flow table are treated as a single group.
3094 Consider the flows in the largest group, that is, the group that
3095 contains the greatest number of flows. If two or more groups all
3096 have the same largest number of flows, consider the flows in all of
3101 If the flows under consideration have different importance values,
3102 eliminate from consideration any flows except those with the lowest
3103 importance. (``Importance,'' a
16-bit integer value attached to each
3104 flow, was introduced in OpenFlow
1.4. Flows inserted with older
3105 versions of OpenFlow always have an importance of
0.)
3109 Among the flows under consideration, choose the flow that expires
3110 soonest for eviction.
3115 The eviction process only considers flows that have an idle timeout
3116 or a hard timeout. That is, eviction never deletes permanent flows.
3117 (Permanent flows do count against
<ref column=
"flow_limit"/>.)
3120 <column name=
"flow_limit">
3121 If set, limits the number of flows that may be added to the table.
3122 Open vSwitch may limit the number of flows in a table for other
3123 reasons, e.g. due to hardware limitations or for resource availability
3124 or performance reasons.
3127 <column name=
"overflow_policy">
3129 Controls the switch's behavior when an OpenFlow flow table
3130 modification request would add flows in excess of
<ref
3131 column=
"flow_limit"/>. The supported values are:
3135 <dt><code>refuse
</code></dt>
3137 Refuse to add the flow or flows. This is also the default policy
3138 when
<ref column=
"overflow_policy"/> is unset.
3141 <dt><code>evict
</code></dt>
3143 Delete a flow chosen according to the algorithm described above.
3148 <column name=
"groups">
3150 When
<ref column=
"overflow_policy"/> is
<code>evict
</code>, this
3151 controls how flows are chosen for eviction when the flow table would
3152 otherwise exceed
<ref column=
"flow_limit"/> flows. Its value is a
3153 set of NXM fields or sub-fields, each of which takes one of the forms
3154 <code><var>field
</var>[]
</code> or
3155 <code><var>field
</var>[
<var>start
</var>..
<var>end
</var>]
</code>,
3156 e.g.
<code>NXM_OF_IN_PORT[]
</code>. Please see
3157 <code>nicira-ext.h
</code> for a complete list of NXM field names.
3161 Open vSwitch ignores any invalid or unknown field specifications.
3165 When eviction is not enabled, via
<ref column=
"overflow_policy"/> or
3166 an OpenFlow
1.4+ ``table mod,'' this column has no effect.
3171 <group title=
"Classifier Optimization">
3172 <column name=
"prefixes">
3174 This string set specifies which fields should be used for
3175 address prefix tracking. Prefix tracking allows the
3176 classifier to skip rules with longer than necessary prefixes,
3177 resulting in better wildcarding for datapath flows.
3180 Prefix tracking may be beneficial when a flow table contains
3181 matches on IP address fields with different prefix lengths.
3182 For example, when a flow table contains IP address matches on
3183 both full addresses and proper prefixes, the full address
3184 matches will typically cause the datapath flow to un-wildcard
3185 the whole address field (depending on flow entry priorities).
3186 In this case each packet with a different address gets handed
3187 to the userspace for flow processing and generates its own
3188 datapath flow. With prefix tracking enabled for the address
3189 field in question packets with addresses matching shorter
3190 prefixes would generate datapath flows where the irrelevant
3191 address bits are wildcarded, allowing the same datapath flow
3192 to handle all the packets within the prefix in question. In
3193 this case many userspace upcalls can be avoided and the
3194 overall performance can be better.
3197 This is a performance optimization only, so packets will
3198 receive the same treatment with or without prefix tracking.
3201 The supported fields are:
<code>tun_id
</code>,
3202 <code>tun_src
</code>,
<code>tun_dst
</code>,
3203 <code>nw_src
</code>,
<code>nw_dst
</code> (or aliases
3204 <code>ip_src
</code> and
<code>ip_dst
</code>),
3205 <code>ipv6_src
</code>, and
<code>ipv6_dst
</code>. (Using this
3206 feature for
<code>tun_id
</code> would only make sense if the
3207 tunnel IDs have prefix structure similar to IP addresses.)
3211 By default, the
<code>prefixes=ip_dst,ip_src
</code> are used
3212 on each flow table. This instructs the flow classifier to
3213 track the IP destination and source addresses used by the
3214 rules in this specific flow table.
3218 The keyword
<code>none
</code> is recognized as an explicit
3219 override of the default values, causing no prefix fields to be
3224 To set the prefix fields, the flow table record needs to
3229 <dt><code>ovs-vsctl set Bridge br0 flow_tables:
0=@N1 -- --id=@N1 create Flow_Table name=table0
</code></dt>
3231 Creates a flow table record for the OpenFlow table number
0.
3234 <dt><code>ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
</code></dt>
3236 Enables prefix tracking for IP source and destination
3242 There is a maximum number of fields that can be enabled for any
3243 one flow table. Currently this limit is
3.
3248 <group title=
"Common Columns">
3249 The overall purpose of these columns is described under
<code>Common
3250 Columns
</code> at the beginning of this document.
3252 <column name=
"external_ids"/>
3256 <table name=
"QoS" title=
"Quality of Service configuration">
3257 <p>Quality of Service (QoS) configuration for each Port that
3260 <column name=
"type">
3261 <p>The type of QoS to implement. The currently defined types are
3264 <dt><code>linux-htb
</code></dt>
3266 Linux ``hierarchy token bucket'' classifier. See tc-htb(
8) (also at
3267 <code>http://linux.die.net/man/
8/tc-htb
</code>) and the HTB manual
3268 (
<code>http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm
</code>)
3269 for information on how this classifier works and how to configure it.
3273 <dt><code>linux-hfsc
</code></dt>
3275 Linux
"Hierarchical Fair Service Curve" classifier.
3276 See
<code>http://linux-ip.net/articles/hfsc.en/
</code> for
3277 information on how this classifier works.
3281 <dt><code>linux-sfq
</code></dt>
3283 Linux ``Stochastic Fairness Queueing'' classifier. See
3284 <code>tc-sfq
</code>(
8) (also at
3285 <code>http://linux.die.net/man/
8/tc-sfq
</code>) for information on
3286 how this classifier works.
3290 <dt><code>linux-codel
</code></dt>
3292 Linux ``Controlled Delay'' classifier. See
<code>tc-codel
</code>(
8)
3294 <code>http://man7.org/linux/man-pages/man8/tc-codel
.8.html
</code>)
3295 for information on how this classifier works.
3299 <dt><code>linux-fq_codel
</code></dt>
3301 Linux ``Fair Queuing with Controlled Delay'' classifier. See
3302 <code>tc-fq_codel
</code>(
8) (also at
3303 <code>http://man7.org/linux/man-pages/man8/tc-fq_codel
.8.html
</code>)
3304 for information on how this classifier works.
3309 <column name=
"queues">
3310 <p>A map from queue numbers to
<ref table=
"Queue"/> records. The
3311 supported range of queue numbers depend on
<ref column=
"type"/>. The
3312 queue numbers are the same as the
<code>queue_id
</code> used in
3313 OpenFlow in
<code>struct ofp_action_enqueue
</code> and other
3317 Queue
0 is the ``default queue.'' It is used by OpenFlow output
3318 actions when no specific queue has been set. When no configuration for
3319 queue
0 is present, it is automatically configured as if a
<ref
3320 table=
"Queue"/> record with empty
<ref table=
"Queue" column=
"dscp"/>
3321 and
<ref table=
"Queue" column=
"other_config"/> columns had been
3323 (Before version
1.6, Open vSwitch would leave queue
0 unconfigured in
3324 this case. With some queuing disciplines, this dropped all packets
3325 destined for the default queue.)
3329 <group title=
"Configuration for linux-htb and linux-hfsc">
3331 The
<code>linux-htb
</code> and
<code>linux-hfsc
</code> classes support
3332 the following key-value pair:
3335 <column name=
"other_config" key=
"max-rate" type='{
"type":
"integer"}'
>
3336 Maximum rate shared by all queued traffic, in bit/s. Optional. If not
3337 specified, for physical interfaces, the default is the link rate. For
3338 other interfaces or if the link rate cannot be determined, the default
3339 is currently
100 Mbps.
3343 <group title=
"Common Columns">
3344 The overall purpose of these columns is described under
<code>Common
3345 Columns
</code> at the beginning of this document.
3347 <column name=
"other_config"/>
3348 <column name=
"external_ids"/>
3352 <table name=
"Queue" title=
"QoS output queue.">
3353 <p>A configuration for a port output queue, used in configuring Quality of
3354 Service (QoS) features. May be referenced by
<ref column=
"queues"
3355 table=
"QoS"/> column in
<ref table=
"QoS"/> table.
</p>
3357 <column name=
"dscp">
3358 If set, Open vSwitch will mark all traffic egressing this
3359 <ref table=
"Queue"/> with the given DSCP bits. Traffic egressing the
3360 default
<ref table=
"Queue"/> is only marked if it was explicitly selected
3361 as the
<ref table=
"Queue"/> at the time the packet was output. If unset,
3362 the DSCP bits of traffic egressing this
<ref table=
"Queue"/> will remain
3366 <group title=
"Configuration for linux-htb QoS">
3368 <ref table=
"QoS"/> <ref table=
"QoS" column=
"type"/>
3369 <code>linux-htb
</code> may use
<code>queue_id
</code>s less than
61440.
3370 It has the following key-value pairs defined.
3373 <column name=
"other_config" key=
"min-rate"
3374 type='{
"type":
"integer",
"minInteger":
1}'
>
3375 Minimum guaranteed bandwidth, in bit/s.
3378 <column name=
"other_config" key=
"max-rate"
3379 type='{
"type":
"integer",
"minInteger":
1}'
>
3380 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
3381 queue's rate will not be allowed to exceed the specified value, even
3382 if excess bandwidth is available. If unspecified, defaults to no
3386 <column name=
"other_config" key=
"burst"
3387 type='{
"type":
"integer",
"minInteger":
1}'
>
3388 Burst size, in bits. This is the maximum amount of ``credits'' that a
3389 queue can accumulate while it is idle. Optional. Details of the
3390 <code>linux-htb
</code> implementation require a minimum burst size, so
3391 a too-small
<code>burst
</code> will be silently ignored.
3394 <column name=
"other_config" key=
"priority"
3395 type='{
"type":
"integer",
"minInteger":
0,
"maxInteger":
4294967295}'
>
3396 A queue with a smaller
<code>priority
</code> will receive all the
3397 excess bandwidth that it can use before a queue with a larger value
3398 receives any. Specific priority values are unimportant; only relative
3399 ordering matters. Defaults to
0 if unspecified.
3403 <group title=
"Configuration for linux-hfsc QoS">
3405 <ref table=
"QoS"/> <ref table=
"QoS" column=
"type"/>
3406 <code>linux-hfsc
</code> may use
<code>queue_id
</code>s less than
61440.
3407 It has the following key-value pairs defined.
3410 <column name=
"other_config" key=
"min-rate"
3411 type='{
"type":
"integer",
"minInteger":
1}'
>
3412 Minimum guaranteed bandwidth, in bit/s.
3415 <column name=
"other_config" key=
"max-rate"
3416 type='{
"type":
"integer",
"minInteger":
1}'
>
3417 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
3418 queue's rate will not be allowed to exceed the specified value, even if
3419 excess bandwidth is available. If unspecified, defaults to no
3424 <group title=
"Common Columns">
3425 The overall purpose of these columns is described under
<code>Common
3426 Columns
</code> at the beginning of this document.
3428 <column name=
"other_config"/>
3429 <column name=
"external_ids"/>
3433 <table name=
"Mirror" title=
"Port mirroring.">
3434 <p>A port mirror within a
<ref table=
"Bridge"/>.
</p>
3435 <p>A port mirror configures a bridge to send selected frames to special
3436 ``mirrored'' ports, in addition to their normal destinations. Mirroring
3437 traffic may also be referred to as SPAN or RSPAN, depending on how
3438 the mirrored traffic is sent.
</p>
3441 When a packet enters an Open vSwitch bridge, it becomes eligible for
3442 mirroring based on its ingress port and VLAN. As the packet travels
3443 through the flow tables, each time it is output to a port, it becomes
3444 eligible for mirroring based on the egress port and VLAN. In Open
3445 vSwitch
2.5 and later, mirroring occurs just after a packet first becomes
3446 eligible, using the packet as it exists at that point; in Open vSwitch
3447 2.4 and earlier, mirroring occurs only after a packet has traversed all
3448 the flow tables, using the original packet as it entered the bridge.
3449 This makes a difference only when the flow table modifies the packet: in
3450 Open vSwitch
2.4, the modifications are never visible to mirrors, whereas
3451 in Open vSwitch
2.5 and later modifications made before the first output
3452 that makes it eligible for mirroring to a particular destination are
3457 A packet that enters an Open vSwitch bridge is mirrored to a particular
3458 destination only once, even if it is eligible for multiple reasons. For
3459 example, a packet would be mirrored to a particular
<ref
3460 column=
"output_port"/> only once, even if it is selected for mirroring to
3461 that port by
<ref column=
"select_dst_port"/> and
<ref
3462 column=
"select_src_port"/> in the same or different
<ref table=
"Mirror"/>
3466 <column name=
"name">
3467 Arbitrary identifier for the
<ref table=
"Mirror"/>.
3470 <group title=
"Selecting Packets for Mirroring">
3472 To be selected for mirroring, a given packet must enter or leave the
3473 bridge through a selected port and it must also be in one of the
3477 <column name=
"select_all">
3478 If true, every packet arriving or departing on any port is
3479 selected for mirroring.
3482 <column name=
"select_dst_port">
3483 Ports on which departing packets are selected for mirroring.
3486 <column name=
"select_src_port">
3487 Ports on which arriving packets are selected for mirroring.
3490 <column name=
"select_vlan">
3491 VLANs on which packets are selected for mirroring. An empty set
3492 selects packets on all VLANs.
3496 <group title=
"Mirroring Destination Configuration">
3498 These columns are mutually exclusive. Exactly one of them must be
3502 <column name=
"output_port">
3503 <p>Output port for selected packets, if nonempty.
</p>
3504 <p>Specifying a port for mirror output reserves that port exclusively
3505 for mirroring. No frames other than those selected for mirroring
3507 will be forwarded to the port, and any frames received on the port
3508 will be discarded.
</p>
3510 The output port may be any kind of port supported by Open vSwitch.
3511 It may be, for example, a physical port (sometimes called SPAN) or a
3516 <column name=
"output_vlan">
3517 <p>Output VLAN for selected packets, if nonempty.
</p>
3518 <p>The frames will be sent out all ports that trunk
3519 <ref column=
"output_vlan"/>, as well as any ports with implicit VLAN
3520 <ref column=
"output_vlan"/>. When a mirrored frame is sent out a
3521 trunk port, the frame's VLAN tag will be set to
3522 <ref column=
"output_vlan"/>, replacing any existing tag; when it is
3523 sent out an implicit VLAN port, the frame will not be tagged. This
3524 type of mirroring is sometimes called RSPAN.
</p>
3526 See the documentation for
3527 <ref column=
"other_config" key=
"forward-bpdu"/> in the
3528 <ref table=
"Interface"/> table for a list of destination MAC
3529 addresses which will not be mirrored to a VLAN to avoid confusing
3530 switches that interpret the protocols that they represent.
3532 <p><em>Please note:
</em> Mirroring to a VLAN can disrupt a network that
3533 contains unmanaged switches. Consider an unmanaged physical switch
3534 with two ports: port
1, connected to an end host, and port
2,
3535 connected to an Open vSwitch configured to mirror received packets
3536 into VLAN
123 on port
2. Suppose that the end host sends a packet on
3537 port
1 that the physical switch forwards to port
2. The Open vSwitch
3538 forwards this packet to its destination and then reflects it back on
3539 port
2 in VLAN
123. This reflected packet causes the unmanaged
3540 physical switch to replace the MAC learning table entry, which
3541 correctly pointed to port
1, with one that incorrectly points to port
3542 2. Afterward, the physical switch will direct packets destined for
3543 the end host to the Open vSwitch on port
2, instead of to the end
3544 host on port
1, disrupting connectivity. If mirroring to a VLAN is
3545 desired in this scenario, then the physical switch must be replaced
3546 by one that learns Ethernet addresses on a per-VLAN basis. In
3547 addition, learning should be disabled on the VLAN containing mirrored
3548 traffic. If this is not done then intermediate switches will learn
3549 the MAC address of each end host from the mirrored traffic. If
3550 packets being sent to that end host are also mirrored, then they will
3551 be dropped since the switch will attempt to send them out the input
3552 port. Disabling learning for the VLAN will cause the switch to
3553 correctly send the packet out all ports configured for that VLAN. If
3554 Open vSwitch is being used as an intermediate switch, learning can be
3555 disabled by adding the mirrored VLAN to
<ref column=
"flood_vlans"/>
3556 in the appropriate
<ref table=
"Bridge"/> table or tables.
</p>
3558 Mirroring to a GRE tunnel has fewer caveats than mirroring to a
3559 VLAN and should generally be preferred.
3564 <group title=
"Statistics: Mirror counters">
3566 Key-value pairs that report mirror statistics. The update period
3567 is controlled by
<ref column=
"other_config"
3568 key=
"stats-update-interval"/> in the
<code>Open_vSwitch
</code> table.
3570 <column name=
"statistics" key=
"tx_packets">
3571 Number of packets transmitted through this mirror.
3573 <column name=
"statistics" key=
"tx_bytes">
3574 Number of bytes transmitted through this mirror.
3578 <group title=
"Common Columns">
3579 The overall purpose of these columns is described under
<code>Common
3580 Columns
</code> at the beginning of this document.
3582 <column name=
"external_ids"/>
3586 <table name=
"Controller" title=
"OpenFlow controller configuration.">
3587 <p>An OpenFlow controller.
</p>
3590 Open vSwitch supports two kinds of OpenFlow controllers:
3594 <dt>Primary controllers
</dt>
3597 This is the kind of controller envisioned by the OpenFlow
1.0
3598 specification. Usually, a primary controller implements a network
3599 policy by taking charge of the switch's flow table.
3603 Open vSwitch initiates and maintains persistent connections to
3604 primary controllers, retrying the connection each time it fails or
3605 drops. The
<ref table=
"Bridge" column=
"fail_mode"/> column in the
3606 <ref table=
"Bridge"/> table applies to primary controllers.
3610 Open vSwitch permits a bridge to have any number of primary
3611 controllers. When multiple controllers are configured, Open
3612 vSwitch connects to all of them simultaneously. Because
3613 OpenFlow
1.0 does not specify how multiple controllers
3614 coordinate in interacting with a single switch, more than
3615 one primary controller should be specified only if the
3616 controllers are themselves designed to coordinate with each
3617 other. (The Nicira-defined
<code>NXT_ROLE
</code> OpenFlow
3618 vendor extension may be useful for this.)
3621 <dt>Service controllers
</dt>
3624 These kinds of OpenFlow controller connections are intended for
3625 occasional support and maintenance use, e.g. with
3626 <code>ovs-ofctl
</code>. Usually a service controller connects only
3627 briefly to inspect or modify some of a switch's state.
3631 Open vSwitch listens for incoming connections from service
3632 controllers. The service controllers initiate and, if necessary,
3633 maintain the connections from their end. The
<ref table=
"Bridge"
3634 column=
"fail_mode"/> column in the
<ref table=
"Bridge"/> table does
3635 not apply to service controllers.
3639 Open vSwitch supports configuring any number of service controllers.
3645 The
<ref column=
"target"/> determines the type of controller.
3648 <group title=
"Core Features">
3649 <column name=
"target">
3650 <p>Connection method for controller.
</p>
3652 The following connection methods are currently supported for primary
3656 <dt><code>ssl:
<var>ip
</var></code>[
<code>:
<var>port
</var></code>]
</dt>
3658 <p>The specified SSL
<var>port
</var> on the host at the
3659 given
<var>ip
</var>, which must be expressed as an IP
3660 address (not a DNS name). The
<ref table=
"Open_vSwitch"
3661 column=
"ssl"/> column in the
<ref table=
"Open_vSwitch"/>
3662 table must point to a valid SSL configuration when this form
3664 <p>If
<var>port
</var> is not specified, it defaults to
6653.
</p>
3665 <p>SSL support is an optional feature that is not always built as
3666 part of Open vSwitch.
</p>
3668 <dt><code>tcp:
<var>ip
</var></code>[
<code>:
<var>port
</var></code>]
</dt>
3671 The specified TCP
<var>port
</var> on the host at the given
3672 <var>ip
</var>, which must be expressed as an IP address (not a
3673 DNS name), where
<var>ip
</var> can be IPv4 or IPv6 address. If
3674 <var>ip
</var> is an IPv6 address, wrap it in square brackets,
3675 e.g.
<code>tcp:[::
1]:
6653</code>.
3678 If
<var>port
</var> is not specified, it defaults to
6653.
3683 The following connection methods are currently supported for service
3687 <dt><code>pssl:
</code>[
<var>port
</var>][
<code>:
<var>ip
</var></code>]
</dt>
3690 Listens for SSL connections on the specified TCP
<var>port
</var>.
3691 If
<var>ip
</var>, which must be expressed as an IP address (not a
3692 DNS name), is specified, then connections are restricted to the
3693 specified local IP address (either IPv4 or IPv6). If
3694 <var>ip
</var> is an IPv6 address, wrap it in square brackets,
3695 e.g.
<code>pssl:
6653:[::
1]
</code>.
3698 If
<var>port
</var> is not specified, it defaults to
3699 6653. If
<var>ip
</var> is not specified then it listens only on
3700 IPv4 (but not IPv6) addresses. The
3701 <ref table=
"Open_vSwitch" column=
"ssl"/>
3702 column in the
<ref table=
"Open_vSwitch"/> table must point to a
3703 valid SSL configuration when this form is used.
3706 If
<var>port
</var> is not specified, it currently to
6653.
3709 SSL support is an optional feature that is not always built as
3710 part of Open vSwitch.
3713 <dt><code>ptcp:
</code>[
<var>port
</var>][
<code>:
<var>ip
</var></code>]
</dt>
3716 Listens for connections on the specified TCP
<var>port
</var>. If
3717 <var>ip
</var>, which must be expressed as an IP address (not a
3718 DNS name), is specified, then connections are restricted to the
3719 specified local IP address (either IPv4 or IPv6). If
3720 <var>ip
</var> is an IPv6 address, wrap it in square brackets,
3721 e.g.
<code>ptcp:
6653:[::
1]
</code>. If
<var>ip
</var> is not
3722 specified then it listens only on IPv4 addresses.
3725 If
<var>port
</var> is not specified, it defaults to
6653.
3729 <p>When multiple controllers are configured for a single bridge, the
3730 <ref column=
"target"/> values must be unique. Duplicate
3731 <ref column=
"target"/> values yield unspecified results.
</p>
3734 <column name=
"connection_mode">
3735 <p>If it is specified, this setting must be one of the following
3736 strings that describes how Open vSwitch contacts this OpenFlow
3737 controller over the network:
</p>
3740 <dt><code>in-band
</code></dt>
3741 <dd>In this mode, this controller's OpenFlow traffic travels over the
3742 bridge associated with the controller. With this setting, Open
3743 vSwitch allows traffic to and from the controller regardless of the
3744 contents of the OpenFlow flow table. (Otherwise, Open vSwitch
3745 would never be able to connect to the controller, because it did
3746 not have a flow to enable it.) This is the most common connection
3747 mode because it is not necessary to maintain two independent
3749 <dt><code>out-of-band
</code></dt>
3750 <dd>In this mode, OpenFlow traffic uses a control network separate
3751 from the bridge associated with this controller, that is, the
3752 bridge does not use any of its own network devices to communicate
3753 with the controller. The control network must be configured
3754 separately, before or after
<code>ovs-vswitchd
</code> is started.
3758 <p>If not specified, the default is implementation-specific.
</p>
3762 <group title=
"Controller Failure Detection and Handling">
3763 <column name=
"max_backoff">
3764 Maximum number of milliseconds to wait between connection attempts.
3765 Default is implementation-specific.
3768 <column name=
"inactivity_probe">
3769 Maximum number of milliseconds of idle time on connection to
3770 controller before sending an inactivity probe message. If Open
3771 vSwitch does not communicate with the controller for the specified
3772 number of seconds, it will send a probe. If a response is not
3773 received for the same additional amount of time, Open vSwitch
3774 assumes the connection has been broken and attempts to reconnect.
3775 Default is implementation-specific. A value of
0 disables
3780 <group title=
"Asynchronous Messages">
3782 OpenFlow switches send certain messages to controllers spontanenously,
3783 that is, not in response to any request from the controller. These
3784 messages are called ``asynchronous messages.'' These columns allow
3785 asynchronous messages to be limited or disabled to ensure the best use
3786 of network resources.
3789 <column name=
"enable_async_messages">
3790 The OpenFlow protocol enables asynchronous messages at time of
3791 connection establishment, which means that a controller can receive
3792 asynchronous messages, potentially many of them, even if it turns them
3793 off immediately after connecting. Set this column to
3794 <code>false
</code> to change Open vSwitch behavior to disable, by
3795 default, all asynchronous messages. The controller can use the
3796 <code>NXT_SET_ASYNC_CONFIG
</code> Nicira extension to OpenFlow to turn
3797 on any messages that it does want to receive, if any.
3800 <group title=
"Controller Rate Limiting">
3802 A switch can forward packets to a controller over the OpenFlow
3803 protocol. Forwarding packets this way at too high a rate can
3804 overwhelm a controller, frustrate use of the OpenFlow connection for
3805 other purposes, increase the latency of flow setup, and use an
3806 unreasonable amount of bandwidth. Therefore, Open vSwitch supports
3807 limiting the rate of packet forwarding to a controller.
3811 There are two main reasons in OpenFlow for a packet to be sent to a
3812 controller: either the packet ``misses'' in the flow table, that is,
3813 there is no matching flow, or a flow table action says to send the
3814 packet to the controller. Open vSwitch limits the rate of each kind
3815 of packet separately at the configured rate. Therefore, the actual
3816 rate that packets are sent to the controller can be up to twice the
3817 configured rate, when packets are sent for both reasons.
3821 This feature is specific to forwarding packets over an OpenFlow
3822 connection. It is not general-purpose QoS. See the
<ref
3823 table=
"QoS"/> table for quality of service configuration, and
<ref
3824 column=
"ingress_policing_rate" table=
"Interface"/> in the
<ref
3825 table=
"Interface"/> table for ingress policing configuration.
3828 <column name=
"controller_rate_limit">
3830 The maximum rate at which the switch will forward packets to the
3831 OpenFlow controller, in packets per second. If no value is
3832 specified, rate limiting is disabled.
3836 <column name=
"controller_burst_limit">
3838 When a high rate triggers rate-limiting, Open vSwitch queues
3839 packets to the controller for each port and transmits them to the
3840 controller at the configured rate. This value limits the number of
3841 queued packets. Ports on a bridge share the packet queue fairly.
3845 This value has no effect unless
<ref
3846 column=
"controller_rate_limit"/> is configured. The current
3847 default when this value is not specified is one-quarter of
<ref
3848 column=
"controller_rate_limit"/>, meaning that queuing can delay
3849 forwarding a packet to the controller by up to
250 ms.
3853 <group title=
"Controller Rate Limiting Statistics">
3855 These values report the effects of rate limiting. Their values are
3856 relative to establishment of the most recent OpenFlow connection,
3857 or since rate limiting was enabled, whichever happened more
3858 recently. Each consists of two values, one with
<code>TYPE
</code>
3859 replaced by
<code>miss
</code> for rate limiting flow table misses,
3860 and the other with
<code>TYPE
</code> replaced by
3861 <code>action
</code> for rate limiting packets sent by OpenFlow
3866 These statistics are reported only when controller rate limiting is
3870 <column name=
"status" key=
"packet-in-TYPE-bypassed"
3871 type='{
"type":
"integer",
"minInteger":
0}'
>
3872 Number of packets sent directly to the controller, without queuing,
3873 because the rate did not exceed the configured maximum.
3876 <column name=
"status" key=
"packet-in-TYPE-queued"
3877 type='{
"type":
"integer",
"minInteger":
0}'
>
3878 Number of packets added to the queue to send later.
3881 <column name=
"status" key=
"packet-in-TYPE-dropped"
3882 type='{
"type":
"integer",
"minInteger":
0}'
>
3883 Number of packets added to the queue that were later dropped due to
3884 overflow. This value is less than or equal to
<ref column=
"status"
3885 key=
"packet-in-TYPE-queued"/>.
3888 <column name=
"status" key=
"packet-in-TYPE-backlog"
3889 type='{
"type":
"integer",
"minInteger":
0}'
>
3890 Number of packets currently queued. The other statistics increase
3891 monotonically, but this one fluctuates between
0 and the
<ref
3892 column=
"controller_burst_limit"/> as conditions change.
3898 <group title=
"Additional In-Band Configuration">
3899 <p>These values are considered only in in-band control mode (see
3900 <ref column=
"connection_mode"/>).
</p>
3902 <p>When multiple controllers are configured on a single bridge, there
3903 should be only one set of unique values in these columns. If different
3904 values are set for these columns in different controllers, the effect
3907 <column name=
"local_ip">
3908 The IP address to configure on the local port,
3909 e.g.
<code>192.168.0.123</code>. If this value is unset, then
3910 <ref column=
"local_netmask"/> and
<ref column=
"local_gateway"/> are
3914 <column name=
"local_netmask">
3915 The IP netmask to configure on the local port,
3916 e.g.
<code>255.255.255.0</code>. If
<ref column=
"local_ip"/> is set
3917 but this value is unset, then the default is chosen based on whether
3918 the IP address is class A, B, or C.
3921 <column name=
"local_gateway">
3922 The IP address of the gateway to configure on the local port, as a
3923 string, e.g.
<code>192.168.0.1</code>. Leave this column unset if
3924 this network has no gateway.
3928 <group title=
"Controller Status">
3929 <column name=
"is_connected">
3930 <code>true
</code> if currently connected to this controller,
3931 <code>false
</code> otherwise.
3935 type='{
"type":
"string",
"enum": [
"set", [
"other",
"master",
"slave"]]}'
>
3936 <p>The level of authority this controller has on the associated
3937 bridge. Possible values are:
</p>
3939 <dt><code>other
</code></dt>
3940 <dd>Allows the controller access to all OpenFlow features.
</dd>
3941 <dt><code>master
</code></dt>
3942 <dd>Equivalent to
<code>other
</code>, except that there may be at
3943 most one master controller at a time. When a controller configures
3944 itself as
<code>master
</code>, any existing master is demoted to
3945 the
<code>slave
</code> role.
</dd>
3946 <dt><code>slave
</code></dt>
3947 <dd>Allows the controller read-only access to OpenFlow features.
3948 Attempts to modify the flow table will be rejected with an
3949 error. Slave controllers do not receive OFPT_PACKET_IN or
3950 OFPT_FLOW_REMOVED messages, but they do receive OFPT_PORT_STATUS
3955 <column name=
"status" key=
"last_error">
3956 A human-readable description of the last error on the connection
3957 to the controller; i.e.
<code>strerror(errno)
</code>. This key
3958 will exist only if an error has occurred.
3961 <column name=
"status" key=
"state"
3962 type='{
"type":
"string",
"enum": [
"set", [
"VOID",
"BACKOFF",
"CONNECTING",
"ACTIVE",
"IDLE"]]}'
>
3964 The state of the connection to the controller:
3967 <dt><code>VOID
</code></dt>
3968 <dd>Connection is disabled.
</dd>
3970 <dt><code>BACKOFF
</code></dt>
3971 <dd>Attempting to reconnect at an increasing period.
</dd>
3973 <dt><code>CONNECTING
</code></dt>
3974 <dd>Attempting to connect.
</dd>
3976 <dt><code>ACTIVE
</code></dt>
3977 <dd>Connected, remote host responsive.
</dd>
3979 <dt><code>IDLE
</code></dt>
3980 <dd>Connection is idle. Waiting for response to keep-alive.
</dd>
3983 These values may change in the future. They are provided only for
3988 <column name=
"status" key=
"sec_since_connect"
3989 type='{
"type":
"integer",
"minInteger":
0}'
>
3990 The amount of time since this controller last successfully connected to
3991 the switch (in seconds). Value is empty if controller has never
3992 successfully connected.
3995 <column name=
"status" key=
"sec_since_disconnect"
3996 type='{
"type":
"integer",
"minInteger":
1}'
>
3997 The amount of time since this controller last disconnected from
3998 the switch (in seconds). Value is empty if controller has never
4003 <group title=
"Connection Parameters">
4005 Additional configuration for a connection between the controller
4006 and the Open vSwitch.
4009 <column name=
"other_config" key=
"dscp"
4010 type='{
"type":
"integer"}'
>
4011 The Differentiated Service Code Point (DSCP) is specified using
6 bits
4012 in the Type of Service (TOS) field in the IP header. DSCP provides a
4013 mechanism to classify the network traffic and provide Quality of
4014 Service (QoS) on IP networks.
4016 The DSCP value specified here is used when establishing the connection
4017 between the controller and the Open vSwitch. If no value is specified,
4018 a default value of
48 is chosen. Valid DSCP values must be in the
4024 <group title=
"Common Columns">
4025 The overall purpose of these columns is described under
<code>Common
4026 Columns
</code> at the beginning of this document.
4028 <column name=
"external_ids"/>
4029 <column name=
"other_config"/>
4033 <table name=
"Manager" title=
"OVSDB management connection.">
4035 Configuration for a database connection to an Open vSwitch database
4040 This table primarily configures the Open vSwitch database
4041 (
<code>ovsdb-server
</code>), not the Open vSwitch switch
4042 (
<code>ovs-vswitchd
</code>). The switch does read the table to determine
4043 what connections should be treated as in-band.
4047 The Open vSwitch database server can initiate and maintain active
4048 connections to remote clients. It can also listen for database
4052 <group title=
"Core Features">
4053 <column name=
"target">
4054 <p>Connection method for managers.
</p>
4056 The following connection methods are currently supported:
4059 <dt><code>ssl:
<var>ip
</var></code>[
<code>:
<var>port
</var></code>]
</dt>
4062 The specified SSL
<var>port
</var> on the host at the given
4063 <var>ip
</var>, which must be expressed as an IP address
4064 (not a DNS name). The
<ref table=
"Open_vSwitch"
4065 column=
"ssl"/> column in the
<ref table=
"Open_vSwitch"/>
4066 table must point to a valid SSL configuration when this
4070 If
<var>port
</var> is not specified, it defaults to
6640.
4073 SSL support is an optional feature that is not always
4074 built as part of Open vSwitch.
4078 <dt><code>tcp:
<var>ip
</var></code>[
<code>:
<var>port
</var></code>]
</dt>
4081 The specified TCP
<var>port
</var> on the host at the given
4082 <var>ip
</var>, which must be expressed as an IP address (not a
4083 DNS name), where
<var>ip
</var> can be IPv4 or IPv6 address. If
4084 <var>ip
</var> is an IPv6 address, wrap it in square brackets,
4085 e.g.
<code>tcp:[::
1]:
6640</code>.
4088 If
<var>port
</var> is not specified, it defaults to
6640.
4091 <dt><code>pssl:
</code>[
<var>port
</var>][
<code>:
<var>ip
</var></code>]
</dt>
4094 Listens for SSL connections on the specified TCP
<var>port
</var>.
4095 Specify
0 for
<var>port
</var> to have the kernel automatically
4096 choose an available port. If
<var>ip
</var>, which must be
4097 expressed as an IP address (not a DNS name), is specified, then
4098 connections are restricted to the specified local IP address
4099 (either IPv4 or IPv6 address). If
<var>ip
</var> is an IPv6
4100 address, wrap in square brackets,
4101 e.g.
<code>pssl:
6640:[::
1]
</code>. If
<var>ip
</var> is not
4102 specified then it listens only on IPv4 (but not IPv6) addresses.
4103 The
<ref table=
"Open_vSwitch" column=
"ssl"/> column in the
<ref
4104 table=
"Open_vSwitch"/> table must point to a valid SSL
4105 configuration when this form is used.
4108 If
<var>port
</var> is not specified, it defaults to
6640.
4111 SSL support is an optional feature that is not always built as
4112 part of Open vSwitch.
4115 <dt><code>ptcp:
</code>[
<var>port
</var>][
<code>:
<var>ip
</var></code>]
</dt>
4118 Listens for connections on the specified TCP
<var>port
</var>.
4119 Specify
0 for
<var>port
</var> to have the kernel automatically
4120 choose an available port. If
<var>ip
</var>, which must be
4121 expressed as an IP address (not a DNS name), is specified, then
4122 connections are restricted to the specified local IP address
4123 (either IPv4 or IPv6 address). If
<var>ip
</var> is an IPv6
4124 address, wrap it in square brackets,
4125 e.g.
<code>ptcp:
6640:[::
1]
</code>. If
<var>ip
</var> is not
4126 specified then it listens only on IPv4 addresses.
4129 If
<var>port
</var> is not specified, it defaults to
6640.
4133 <p>When multiple managers are configured, the
<ref column=
"target"/>
4134 values must be unique. Duplicate
<ref column=
"target"/> values yield
4135 unspecified results.
</p>
4138 <column name=
"connection_mode">
4140 If it is specified, this setting must be one of the following strings
4141 that describes how Open vSwitch contacts this OVSDB client over the
4146 <dt><code>in-band
</code></dt>
4148 In this mode, this connection's traffic travels over a bridge
4149 managed by Open vSwitch. With this setting, Open vSwitch allows
4150 traffic to and from the client regardless of the contents of the
4151 OpenFlow flow table. (Otherwise, Open vSwitch would never be able
4152 to connect to the client, because it did not have a flow to enable
4153 it.) This is the most common connection mode because it is not
4154 necessary to maintain two independent networks.
4156 <dt><code>out-of-band
</code></dt>
4158 In this mode, the client's traffic uses a control network separate
4159 from that managed by Open vSwitch, that is, Open vSwitch does not
4160 use any of its own network devices to communicate with the client.
4161 The control network must be configured separately, before or after
4162 <code>ovs-vswitchd
</code> is started.
4167 If not specified, the default is implementation-specific.
4172 <group title=
"Client Failure Detection and Handling">
4173 <column name=
"max_backoff">
4174 Maximum number of milliseconds to wait between connection attempts.
4175 Default is implementation-specific.
4178 <column name=
"inactivity_probe">
4179 Maximum number of milliseconds of idle time on connection to the client
4180 before sending an inactivity probe message. If Open vSwitch does not
4181 communicate with the client for the specified number of seconds, it
4182 will send a probe. If a response is not received for the same
4183 additional amount of time, Open vSwitch assumes the connection has been
4184 broken and attempts to reconnect. Default is implementation-specific.
4185 A value of
0 disables inactivity probes.
4189 <group title=
"Status">
4190 <column name=
"is_connected">
4191 <code>true
</code> if currently connected to this manager,
4192 <code>false
</code> otherwise.
4195 <column name=
"status" key=
"last_error">
4196 A human-readable description of the last error on the connection
4197 to the manager; i.e.
<code>strerror(errno)
</code>. This key
4198 will exist only if an error has occurred.
4201 <column name=
"status" key=
"state"
4202 type='{
"type":
"string",
"enum": [
"set", [
"VOID",
"BACKOFF",
"CONNECTING",
"ACTIVE",
"IDLE"]]}'
>
4204 The state of the connection to the manager:
4207 <dt><code>VOID
</code></dt>
4208 <dd>Connection is disabled.
</dd>
4210 <dt><code>BACKOFF
</code></dt>
4211 <dd>Attempting to reconnect at an increasing period.
</dd>
4213 <dt><code>CONNECTING
</code></dt>
4214 <dd>Attempting to connect.
</dd>
4216 <dt><code>ACTIVE
</code></dt>
4217 <dd>Connected, remote host responsive.
</dd>
4219 <dt><code>IDLE
</code></dt>
4220 <dd>Connection is idle. Waiting for response to keep-alive.
</dd>
4223 These values may change in the future. They are provided only for
4228 <column name=
"status" key=
"sec_since_connect"
4229 type='{
"type":
"integer",
"minInteger":
0}'
>
4230 The amount of time since this manager last successfully connected
4231 to the database (in seconds). Value is empty if manager has never
4232 successfully connected.
4235 <column name=
"status" key=
"sec_since_disconnect"
4236 type='{
"type":
"integer",
"minInteger":
0}'
>
4237 The amount of time since this manager last disconnected from the
4238 database (in seconds). Value is empty if manager has never
4242 <column name=
"status" key=
"locks_held">
4243 Space-separated list of the names of OVSDB locks that the connection
4244 holds. Omitted if the connection does not hold any locks.
4247 <column name=
"status" key=
"locks_waiting">
4248 Space-separated list of the names of OVSDB locks that the connection is
4249 currently waiting to acquire. Omitted if the connection is not waiting
4253 <column name=
"status" key=
"locks_lost">
4254 Space-separated list of the names of OVSDB locks that the connection
4255 has had stolen by another OVSDB client. Omitted if no locks have been
4256 stolen from this connection.
4259 <column name=
"status" key=
"n_connections"
4260 type='{
"type":
"integer",
"minInteger":
2}'
>
4262 When
<ref column=
"target"/> specifies a connection method that
4263 listens for inbound connections (e.g.
<code>ptcp:
</code> or
4264 <code>pssl:
</code>) and more than one connection is actually active,
4265 the value is the number of active connections. Otherwise, this
4266 key-value pair is omitted.
4269 When multiple connections are active, status columns and key-value
4270 pairs (other than this one) report the status of one arbitrarily
4275 <column name=
"status" key=
"bound_port" type='{
"type":
"integer"}'
>
4276 When
<ref column=
"target"/> is
<code>ptcp:
</code> or
4277 <code>pssl:
</code>, this is the TCP port on which the OVSDB server is
4278 listening. (This is is particularly useful when
<ref
4279 column=
"target"/> specifies a port of
0, allowing the kernel to
4280 choose any available port.)
4284 <group title=
"Connection Parameters">
4286 Additional configuration for a connection between the manager
4287 and the Open vSwitch Database.
4290 <column name=
"other_config" key=
"dscp"
4291 type='{
"type":
"integer"}'
>
4292 The Differentiated Service Code Point (DSCP) is specified using
6 bits
4293 in the Type of Service (TOS) field in the IP header. DSCP provides a
4294 mechanism to classify the network traffic and provide Quality of
4295 Service (QoS) on IP networks.
4297 The DSCP value specified here is used when establishing the connection
4298 between the manager and the Open vSwitch. If no value is specified, a
4299 default value of
48 is chosen. Valid DSCP values must be in the range
4304 <group title=
"Common Columns">
4305 The overall purpose of these columns is described under
<code>Common
4306 Columns
</code> at the beginning of this document.
4308 <column name=
"external_ids"/>
4309 <column name=
"other_config"/>
4313 <table name=
"NetFlow">
4314 A NetFlow target. NetFlow is a protocol that exports a number of
4315 details about terminating IP flows, such as the principals involved
4318 <column name=
"targets">
4319 NetFlow targets in the form
4320 <code><var>ip
</var>:
<var>port
</var></code>. The
<var>ip
</var>
4321 must be specified numerically, not as a DNS name.
4324 <column name=
"engine_id">
4325 Engine ID to use in NetFlow messages. Defaults to datapath index
4329 <column name=
"engine_type">
4330 Engine type to use in NetFlow messages. Defaults to datapath
4331 index if not specified.
4334 <column name=
"active_timeout">
4336 The interval at which NetFlow records are sent for flows that
4337 are still active, in seconds. A value of
<code>0</code>
4338 requests the default timeout (currently
600 seconds); a value
4339 of
<code>-
1</code> disables active timeouts.
4343 The NetFlow passive timeout, for flows that become inactive,
4344 is not configurable. It will vary depending on the Open
4345 vSwitch version, the forms and contents of the OpenFlow flow
4346 tables, CPU and memory usage, and network activity. A typical
4347 passive timeout is about a second.
4351 <column name=
"add_id_to_interface">
4352 <p>If this column's value is
<code>false
</code>, the ingress and egress
4353 interface fields of NetFlow flow records are derived from OpenFlow port
4354 numbers. When it is
<code>true
</code>, the
7 most significant bits of
4355 these fields will be replaced by the least significant
7 bits of the
4356 engine id. This is useful because many NetFlow collectors do not
4357 expect multiple switches to be sending messages from the same host, so
4358 they do not store the engine information which could be used to
4359 disambiguate the traffic.
</p>
4360 <p>When this option is enabled, a maximum of
508 ports are supported.
</p>
4363 <group title=
"Common Columns">
4364 The overall purpose of these columns is described under
<code>Common
4365 Columns
</code> at the beginning of this document.
4367 <column name=
"external_ids"/>
4372 SSL configuration for an Open_vSwitch.
4374 <column name=
"private_key">
4375 Name of a PEM file containing the private key used as the switch's
4376 identity for SSL connections to the controller.
4379 <column name=
"certificate">
4380 Name of a PEM file containing a certificate, signed by the
4381 certificate authority (CA) used by the controller and manager,
4382 that certifies the switch's private key, identifying a trustworthy
4386 <column name=
"ca_cert">
4387 Name of a PEM file containing the CA certificate used to verify
4388 that the switch is connected to a trustworthy controller.
4391 <column name=
"bootstrap_ca_cert">
4392 If set to
<code>true
</code>, then Open vSwitch will attempt to
4393 obtain the CA certificate from the controller on its first SSL
4394 connection and save it to the named PEM file. If it is successful,
4395 it will immediately drop the connection and reconnect, and from then
4396 on all SSL connections must be authenticated by a certificate signed
4397 by the CA certificate thus obtained.
<em>This option exposes the
4398 SSL connection to a man-in-the-middle attack obtaining the initial
4399 CA certificate.
</em> It may still be useful for bootstrapping.
4402 <group title=
"Common Columns">
4403 The overall purpose of these columns is described under
<code>Common
4404 Columns
</code> at the beginning of this document.
4406 <column name=
"external_ids"/>
4410 <table name=
"sFlow">
4411 <p>A set of sFlow(R) targets. sFlow is a protocol for remote
4412 monitoring of switches.
</p>
4414 <column name=
"agent">
4415 Name of the network device whose IP address should be reported as the
4416 ``agent address'' to collectors. If not specified, the agent device is
4417 figured from the first target address and the routing table. If the
4418 routing table does not contain a route to the target, the IP address
4419 defaults to the
<ref table=
"Controller" column=
"local_ip"/> in the
4420 collector's
<ref table=
"Controller"/>. If an agent IP address cannot be
4421 determined any of these ways, sFlow is disabled.
4424 <column name=
"header">
4425 Number of bytes of a sampled packet to send to the collector.
4426 If not specified, the default is
128 bytes.
4429 <column name=
"polling">
4430 Polling rate in seconds to send port statistics to the collector.
4431 If not specified, defaults to
30 seconds.
4434 <column name=
"sampling">
4435 Rate at which packets should be sampled and sent to the collector.
4436 If not specified, defaults to
400, which means one out of
400
4437 packets, on average, will be sent to the collector.
4440 <column name=
"targets">
4441 sFlow targets in the form
4442 <code><var>ip
</var>:
<var>port
</var></code>.
4445 <group title=
"Common Columns">
4446 The overall purpose of these columns is described under
<code>Common
4447 Columns
</code> at the beginning of this document.
4449 <column name=
"external_ids"/>
4453 <table name=
"IPFIX">
4454 <p>Configuration for sending packets to IPFIX collectors.
</p>
4457 IPFIX is a protocol that exports a number of details about flows. The
4458 IPFIX implementation in Open vSwitch samples packets at a configurable
4459 rate, extracts flow information from those packets, optionally caches and
4460 aggregates the flow information, and sends the result to one or more
4465 IPFIX in Open vSwitch can be configured two different ways:
4470 With
<em>per-bridge sampling
</em>, Open vSwitch performs IPFIX sampling
4471 automatically on all packets that pass through a bridge. To configure
4472 per-bridge sampling, create an
<ref table=
"IPFIX"/> record and point a
4473 <ref table=
"Bridge"/> table's
<ref table=
"Bridge" column=
"ipfix"/>
4474 column to it. The
<ref table=
"Flow_Sample_Collector_Set"/> table is
4475 not used for per-bridge sampling.
4480 With
<em>flow-based sampling
</em>,
<code>sample
</code> actions in the
4481 OpenFlow flow table drive IPFIX sampling. See
4482 <code>ovs-ofctl
</code>(
8) for a description of the
4483 <code>sample
</code> action.
4487 Flow-based sampling also requires database configuration: create a
4488 <ref table=
"IPFIX"/> record that describes the IPFIX configuration
4489 and a
<ref table=
"Flow_Sample_Collector_Set"/> record that points to
4490 the
<ref table=
"Bridge"/> whose flow table holds the
4491 <code>sample
</code> actions and to
<ref table=
"IPFIX"/> record. The
4492 <ref table=
"Bridge" column=
"ipfix"/> in the
<ref table=
"Bridge"/>
4493 table is not used for flow-based sampling.
4498 <column name=
"targets">
4499 IPFIX target collectors in the form
4500 <code><var>ip
</var>:
<var>port
</var></code>.
4503 <column name=
"cache_active_timeout">
4504 The maximum period in seconds for which an IPFIX flow record is
4505 cached and aggregated before being sent. If not specified,
4506 defaults to
0. If
0, caching is disabled.
4509 <column name=
"cache_max_flows">
4510 The maximum number of IPFIX flow records that can be cached at a
4511 time. If not specified, defaults to
0. If
0, caching is
4515 <group title=
"Per-Bridge Sampling">
4517 These values affect only per-bridge sampling. See above for a
4518 description of the differences between per-bridge and flow-based
4522 <column name=
"sampling">
4523 The rate at which packets should be sampled and sent to each target
4524 collector. If not specified, defaults to
400, which means one out of
4525 400 packets, on average, will be sent to each target collector.
4528 <column name=
"obs_domain_id">
4529 The IPFIX Observation Domain ID sent in each IPFIX packet. If not
4530 specified, defaults to
0.
4533 <column name=
"obs_point_id">
4534 The IPFIX Observation Point ID sent in each IPFIX flow record. If not
4535 specified, defaults to
0.
4538 <column name=
"other_config" key=
"enable-tunnel-sampling"
4539 type='{
"type":
"boolean"}'
>
4541 Set to
<code>true
</code> to enable sampling and reporting tunnel
4542 header
7-tuples in IPFIX flow records. Tunnel sampling is disabled
4547 The following enterprise entities report the sampled tunnel info:
4551 <dt>tunnelType:
</dt>
4553 <p>ID:
891, and enterprise ID
6876 (VMware).
</p>
4554 <p>type: unsigned
8-bit integer.
</p>
4555 <p>data type semantics: identifier.
</p>
4556 <p>description: Identifier of the layer
2 network overlay network
4557 encapsulation type:
0x01 VxLAN,
0x02 GRE,
0x03 LISP,
0x05 IPsec+GRE,
4562 <p>ID:
892, and enterprise ID
6876 (VMware).
</p>
4563 <p>type: variable-length octetarray.
</p>
4564 <p>data type semantics: identifier.
</p>
4565 <p>description: Key which is used for identifying an individual
4566 traffic flow within a VxLAN (
24-bit VNI), GENEVE (
24-bit VNI),
4567 GRE (
32-bit key), or LISP (
24-bit instance ID) tunnel. The
4568 key is encoded in this octetarray as a
3-,
4-, or
8-byte integer
4569 ID in network byte order.
</p>
4571 <dt>tunnelSourceIPv4Address:
</dt>
4573 <p>ID:
893, and enterprise ID
6876 (VMware).
</p>
4574 <p>type: unsigned
32-bit integer.
</p>
4575 <p>data type semantics: identifier.
</p>
4576 <p>description: The IPv4 source address in the tunnel IP packet
4579 <dt>tunnelDestinationIPv4Address:
</dt>
4581 <p>ID:
894, and enterprise ID
6876 (VMware).
</p>
4582 <p>type: unsigned
32-bit integer.
</p>
4583 <p>data type semantics: identifier.
</p>
4584 <p>description: The IPv4 destination address in the tunnel IP
4587 <dt>tunnelProtocolIdentifier:
</dt>
4589 <p>ID:
895, and enterprise ID
6876 (VMware).
</p>
4590 <p>type: unsigned
8-bit integer.
</p>
4591 <p>data type semantics: identifier.
</p>
4592 <p>description: The value of the protocol number in the tunnel
4593 IP packet header. The protocol number identifies the tunnel IP
4594 packet payload type.
</p>
4596 <dt>tunnelSourceTransportPort:
</dt>
4598 <p>ID:
896, and enterprise ID
6876 (VMware).
</p>
4599 <p>type: unsigned
16-bit integer.
</p>
4600 <p>data type semantics: identifier.
</p>
4601 <p>description: The source port identifier in the tunnel transport
4602 header. For the transport protocols UDP, TCP, and SCTP, this is
4603 the source port number given in the respective header.
</p>
4605 <dt>tunnelDestinationTransportPort:
</dt>
4607 <p>ID:
897, and enterprise ID
6876 (VMware).
</p>
4608 <p>type: unsigned
16-bit integer.
</p>
4609 <p>data type semantics: identifier.
</p>
4610 <p>description: The destination port identifier in the tunnel
4611 transport header. For the transport protocols UDP, TCP, and SCTP,
4612 this is the destination port number given in the respective header.
4618 <column name=
"other_config" key=
"enable-input-sampling"
4619 type='{
"type":
"boolean"}'
>
4620 By default, Open vSwitch samples and reports flows at bridge port input
4621 in IPFIX flow records. Set this column to
<code>false
</code> to
4622 disable input sampling.
4625 <column name=
"other_config" key=
"enable-output-sampling"
4626 type='{
"type":
"boolean"}'
>
4627 By default, Open vSwitch samples and reports flows at bridge port
4628 output in IPFIX flow records. Set this column to
<code>false
</code> to
4629 disable output sampling.
4633 <group title=
"Common Columns">
4634 The overall purpose of these columns is described under
<code>Common
4635 Columns
</code> at the beginning of this document.
4637 <column name=
"external_ids"/>
4641 <table name=
"Flow_Sample_Collector_Set">
4643 A set of IPFIX collectors of packet samples generated by OpenFlow
4644 <code>sample
</code> actions. This table is used only for IPFIX
4645 flow-based sampling, not for per-bridge sampling (see the
<ref
4646 table=
"IPFIX"/> table for a description of the two forms).
4650 The ID of this collector set, unique among the bridge's
4651 collector sets, to be used as the
<code>collector_set_id
</code>
4652 in OpenFlow
<code>sample
</code> actions.
4655 <column name=
"bridge">
4656 The bridge into which OpenFlow
<code>sample
</code> actions can
4657 be added to send packet samples to this set of IPFIX collectors.
4660 <column name=
"ipfix">
4661 Configuration of the set of IPFIX collectors to send one flow
4662 record per sampled packet to.
4665 <group title=
"Common Columns">
4666 The overall purpose of these columns is described under
<code>Common
4667 Columns
</code> at the beginning of this document.
4669 <column name=
"external_ids"/>
4673 <table name=
"AutoAttach">
4675 Auto Attach configuration within a bridge. The IETF Auto-Attach SPBM
4676 draft standard describes a compact method of using IEEE
802.1AB Link
4677 Layer Discovery Protocol (LLDP) together with a IEEE
802.1aq Shortest
4678 Path Bridging (SPB) network to automatically attach network devices
4679 to individual services in a SPB network. The intent here is to allow
4680 network applications and devices using OVS to be able to easily take
4681 advantage of features offered by industry standard SPB networks.
4685 Auto Attach (AA) uses LLDP to communicate between a directly connected
4686 Auto Attach Client (AAC) and Auto Attach Server (AAS). The LLDP protocol
4687 is extended to add two new Type-Length-Value tuples (TLVs). The first
4688 new TLV supports the ongoing discovery of directly connected AA
4689 correspondents. Auto Attach operates by regularly transmitting AA
4690 discovery TLVs between the AA client and AA server. By exchanging these
4691 discovery messages, both the AAC and AAS learn the system name and
4692 system description of their peer. In the OVS context, OVS operates as
4693 the AA client and the AA server resides on a switch at the edge of the
4698 Once AA discovery has been completed the AAC then uses the second new TLV
4699 to deliver identifier mappings from the AAC to the AAS. A primary feature
4700 of Auto Attach is to facilitate the mapping of VLANs defined outside the
4701 SPB network onto service ids (ISIDs) defined within the SPM network. By
4702 doing so individual external VLANs can be mapped onto specific SPB
4703 network services. These VLAN id to ISID mappings can be configured and
4704 managed locally using new options added to the ovs-vsctl command.
4708 The Auto Attach OVS feature does not provide a full implementation of
4709 the LLDP protocol. Support for the mandatory TLVs as defined by the LLDP
4710 standard and support for the AA TLV extensions is provided. LLDP
4711 protocol support in OVS can be enabled or disabled on a port by port
4712 basis. LLDP support is disabled by default.
4715 <column name=
"system_name">
4716 The system_name string is exported in LLDP messages. It should uniquely
4717 identify the bridge in the network.
4720 <column name=
"system_description">
4721 The system_description string is exported in LLDP messages. It should
4722 describe the type of software and hardware.
4725 <column name=
"mappings">
4726 A mapping from SPB network Individual Service Identifier (ISID) to VLAN
projects / ovs.git / blob