. I "\\$1"
. RE
..
-.TH ovs\-vsctl 8 "November 2009" "Open vSwitch" "Open vSwitch Manual"
+.TH ovs\-vsctl 8 "@VERSION@" "Open vSwitch" "Open vSwitch Manual"
.\" This program's name:
.ds PN ovs\-vsctl
-.\" SSL peer program's name:
-.ds SN ovsdb\-server
.
.SH NAME
ovs\-vsctl \- utility for querying and configuring \fBovs\-vswitchd\fR
.
.SH DESCRIPTION
The \fBovs\-vsctl\fR program configures \fBovs\-vswitchd\fR(8) by
-providing a high\-level interface to its configuration
-database. This program is mainly intended for use when
-\fBovs\-vswitchd\fR is running. If it is used when
-\fBovs\-vswitchd\fR is not running, then \fB\-\-no\-wait\fR should be
-specified and configuration changes will only take effect when
-\fBovs\-vswitchd\fR is started.
-.PP
-By default, each time \fBovs\-vsctl\fR runs, it connects to an
-\fBovsdb\-server\fR process that maintains an Open vSwitch
-configuration database. Using this connection, it queries and
-possibly applies changes to the database, depending on the supplied
-commands. Then, if it applied any changes, it waits until
-\fBovs\-vswitchd\fR has finished reconfiguring itself before it exits.
+providing a high\-level interface to its configuration database.
+See \fBovs\-vswitchd.conf.db\fR(5) for comprehensive documentation of
+the database schema.
+.PP
+\fBovs\-vsctl\fR connects to an \fBovsdb\-server\fR process that
+maintains an Open vSwitch configuration database. Using this
+connection, it queries and possibly applies changes to the database,
+depending on the supplied commands. Then, if it applied any changes,
+by default it waits until \fBovs\-vswitchd\fR has finished
+reconfiguring itself before it exits. (If you use \fBovs\-vsctl\fR
+when \fBovs\-vswitchd\fR is not running, use \fB\-\-no\-wait\fR.)
.PP
\fBovs\-vsctl\fR can perform any number of commands in a single run,
implemented as a single atomic transaction against the database.
The \fBovs\-vsctl\fR command line begins with global options (see
\fBOPTIONS\fR below for details). The global options are followed by
one or more commands. Each command should begin with \fB\-\-\fR by
-itself as a command-line argument, to separate it from the global
-options and following commands. (If the first command does not have
-any options, then the first \fB\-\-\fR may be omitted.) The command
+itself as a command-line argument, to separate it from the following
+commands. (The \fB\-\-\fR before the first command is optional.) The
+command
itself starts with command-specific options, if any, followed by the
command name and any arguments. See \fBEXAMPLES\fR below for syntax
examples.
much like a bridge separate from its ``parent bridge,'' but the actual
implementation in Open vSwitch uses only a single bridge, with ports on
the fake bridge assigned the implicit VLAN of the fake bridge of which
-they are members.
+they are members. (A fake bridge for VLAN 0 receives packets that
+have no 802.1Q tag or a tag with VLAN 0.)
.
.SH OPTIONS
.
.
.IP "\fB\-\-db=\fIserver\fR"
Sets \fIserver\fR as the database server that \fBovs\-vsctl\fR
-contacts to query or modify configuration. The default is
-\fBunix:@RUNDIR@/db.sock\fR. \fIserver\fR must take one of the
-following forms:
-.RS
-.so ovsdb/remote-active.man
-.so ovsdb/remote-passive.man
-.RE
-.
+contacts to query or modify configuration. \fIserver\fR may be an
+OVSDB active or passive connection method, as described in
+\fBovsdb\fR(7). The default is \fBunix:@RUNDIR@/db.sock\fR.
.IP "\fB\-\-no\-wait\fR"
Prevents \fBovs\-vsctl\fR from waiting for \fBovs\-vswitchd\fR to
-reconfigure itself according to the the modified database. This
+reconfigure itself according to the modified database. This
option should be used if \fBovs\-vswitchd\fR is not running;
otherwise, \fBovs\-vsctl\fR will not exit until \fBovs\-vswitchd\fR
starts.
would normally happen only if the database cannot be contacted, or if
the system is overloaded.)
.
+.IP "\fB\-\-retry\fR"
+Without this option, if \fBovs\-vsctl\fR connects outward to the
+database server (the default) then \fBovs\-vsctl\fR will try to
+connect once and exit with an error if the connection fails (which
+usually means that \fBovsdb\-server\fR is not running).
+.IP
+With this option, or if \fB\-\-db\fR specifies that \fBovs\-vsctl\fR
+should listen for an incoming connection from the database server,
+then \fBovs\-vsctl\fR will wait for a connection to the database
+forever.
+.IP
+Regardless of this setting, \fB\-\-timeout\fR always limits how long
+\fBovs\-vsctl\fR will wait.
+.
.SS "Table Formatting Options"
These options control the format of output from the \fBlist\fR and
\fBfind\fR commands.
.so lib/ssl-bootstrap.man
.so lib/ssl-peer-ca-cert.man
.so lib/vlog.man
+.so lib/common.man
.
.SH COMMANDS
The commands implemented by \fBovs\-vsctl\fR are described in the
.IP "\fBemer\-reset\fR"
Reset the configuration into a clean state. It deconfigures OpenFlow
controllers, OVSDB servers, and SSL, and deletes port mirroring,
-\fBfail_mode\fR, NetFlow, and sFlow configuration. This command also
-removes all \fBother\-config\fR keys from all database records, except
-that \fBother\-config:hwaddr\fR is preserved if it is present in a
-Bridge record. Other networking configuration is left as-is.
+\fBfail_mode\fR, NetFlow, sFlow, and IPFIX configuration. This
+command also removes all \fBother\-config\fR keys from all database
+records, except that \fBother\-config:hwaddr\fR is preserved if it is
+present in a Bridge record. Other networking configuration is left
+as-is.
.
.SS "Bridge Commands"
These commands examine and manipulate Open vSwitch bridges.
Creates a ``fake bridge'' named \fIbridge\fR within the existing Open
vSwitch bridge \fIparent\fR, which must already exist and must not
itself be a fake bridge. The new fake bridge will be on 802.1Q VLAN
-\fIvlan\fR, which must be an integer between 1 and 4095. Initially
+\fIvlan\fR, which must be an integer between 0 and 4095. The parent
+bridge must not already have a fake bridge for \fIvlan\fR. Initially
\fIbridge\fR will have no ports (other than \fIbridge\fR itself).
.IP
Without \fB\-\-may\-exist\fR, attempting to create a bridge that
not exist is an error. With \fB\-\-if\-exists\fR, attempting to
delete a bridge that does not exist has no effect.
.
-.IP "\fBlist\-br\fR"
+.IP "[\fB\-\-real\fR|\fB\-\-fake\fR] \fBlist\-br\fR"
Lists all existing real and fake bridges on standard output, one per
-line.
+line. With \fB\-\-real\fR or \fB\-\-fake\fR, only bridges of that type
+are returned.
.
.IP "\fBbr\-exists \fIbridge\fR"
Tests whether \fIbridge\fR exists as a real or fake bridge. If so,
is an error. With \fB\-\-may\-exist\fR, this command does nothing if
\fIport\fR already exists on \fIbridge\fR and is not a bonded port.
.
-.IP "[\fB\-\-fake\-iface\fR] \fBadd\-bond \fIbridge port iface\fR\&... [\fIcolumn\fR[\fB:\fIkey\fR]\fR=\fIvalue\fR]\&...\fR"
-Creates on \fIbridge\fR a new port named \fIport\fR that bonds
-together the network devices given as each \fIiface\fR. At least two
-interfaces must be named.
-.IP
-Optional arguments set values of column in the Port record created by
-the command. The syntax is the same as that for the \fBset\fR command
-(see \fBDatabase Commands\fR below).
-.IP
-With \fB\-\-fake\-iface\fR, a fake interface with the name \fIport\fR is
-created. This should only be used for compatibility with legacy
-software that requires it.
-.IP
-Without \fB\-\-may\-exist\fR, attempting to create a port that exists
-is an error. With \fB\-\-may\-exist\fR, this command does nothing if
-\fIport\fR already exists on \fIbridge\fR and bonds together exactly
-the specified interfaces.
-.
.IP "[\fB\-\-if\-exists\fR] \fBdel\-port \fR[\fIbridge\fR] \fIport\fR"
Deletes \fIport\fR. If \fIbridge\fR is omitted, \fIport\fR is removed
from whatever bridge contains it; if \fIbridge\fR is specified, it
Prints the name of the bridge that contains \fIport\fR on standard
output.
.
+.SS "Bond Commands"
+.
+These commands work with ports that have more than one interface,
+which Open vSwitch calls ``bonds.''
+.
+.IP "[\fB\-\-fake\-iface\fR] \fBadd\-bond \fIbridge port iface\fR\&... [\fIcolumn\fR[\fB:\fIkey\fR]\fR=\fIvalue\fR]\&...\fR"
+Creates on \fIbridge\fR a new port named \fIport\fR that bonds
+together the network devices given as each \fIiface\fR. At least two
+interfaces must be named. If the interfaces are DPDK enabled then
+the transaction will need to include operations to explicitly set the
+interface type to 'dpdk'.
+.IP
+Optional arguments set values of column in the Port record created by
+the command. The syntax is the same as that for the \fBset\fR command
+(see \fBDatabase Commands\fR below).
+.IP
+With \fB\-\-fake\-iface\fR, a fake interface with the name \fIport\fR is
+created. This should only be used for compatibility with legacy
+software that requires it.
+.IP
+Without \fB\-\-may\-exist\fR, attempting to create a port that exists
+is an error. With \fB\-\-may\-exist\fR, this command does nothing if
+\fIport\fR already exists on \fIbridge\fR and bonds together exactly
+the specified interfaces.
+.
+.IP "[\fB\-\-may\-exist\fR] \fBadd\-bond\-iface \fIbond iface\fR"
+Adds \fIiface\fR as a new bond interface to the existing port
+\fIbond\fR. If \fIbond\fR previously had only one port, this
+transforms it into a bond.
+.IP
+Without \fB\-\-may\-exist\fR, attempting to add an \fIiface\fR that is
+already part of \fIbond\fR is an error. With \fB\-\-may\-exist\fR,
+this command does nothing if \fIiface\fR is already part of
+\fIbond\fR. (It is still an error if \fIiface\fR is an interface of
+some other port or bond.)
+.
+.IP "[\fB\-\-if\-exists\fR] \fBdel\-bond\-iface\fR [\fIbond\fR] \fIiface\fR"
+Removes \fIiface\fR from its port. If \fIbond\fR is omitted,
+\fIiface\fR is removed from whatever port contains it; if \fIbond\fR
+is specified, it must be the port that contains \fIbond\fR.
+.IP
+If removing \fIiface\fR causes its port to have only a single
+interface, then that port transforms from a bond into an ordinary
+port. It is an error if \fIiface\fR is the only interface in its
+port.
+.IP
+Without \fB\-\-if\-exists\fR, attempting to delete an interface that
+does not exist is an error. With \fB\-\-if\-exists\fR, attempting to
+delete an interface that does not exist has no effect.
+.
.SS "Interface Commands"
.
These commands examine the interfaces attached to an Open vSwitch
These commands manipulate the \fBmanager_options\fR column in the
\fBOpen_vSwitch\fR table and rows in the \fBManagers\fR table. When
\fBovsdb\-server\fR is configured to use the \fBmanager_options\fR column for
-OVSDB connections (as described in \fBINSTALL.Linux\fR and in the startup
-scripts provided with Open vSwitch), this allows the administrator to use
-\fBovs\-vsctl\fR to configure database connections.
+OVSDB connections (as described in the startup scripts provided with
+Open vSwitch; the corresponding \fBovsdb\-server\fR command option is
+\fB--remote=db:Open_vSwitch,Open_vSwitch,manager_options\fR), this allows the
+administrator to use \fBovs\-vsctl\fR to configure database connections.
.
.IP "\fBget\-manager\fR"
Prints the configured manager(s).
Deletes the configured manager(s).
.
.IP "\fBset\-manager\fR \fItarget\fR\&..."
-Sets the configured manager target or targets. Each \fItarget\fR may
-use any of the following forms:
-.
-.RS
-.so ovsdb/remote-active.man
-.so ovsdb/remote-passive.man
-.RE
+Sets the configured manager target or targets.
+Each \fItarget\fR may be an OVSDB active or passive connection method,
+e.g. \fBpssl:6640\fR, as described in \fBovsdb\fR(7).
.
.SS "SSL Configuration"
When \fBovs\-vswitchd\fR is configured to connect over SSL for management or
Deletes the current SSL configuration.
.
.IP "[\fB\-\-bootstrap\fR] \fBset\-ssl\fR \fIprivate-key\fR \fIcertificate\fR \fIca-cert\fR"
-Sets the SSL configuration. The \fB\-\-bootstrap\fR option is described
+Sets the SSL configuration. The \fB\-\-bootstrap\fR option is described
below.
.
.ST "CA Certificate Bootstrap"
.PP
This option is only useful if the controller sends its CA certificate
as part of the SSL certificate chain. The SSL protocol does not
-require the controller to send the CA certificate, but
-\fBovs\-controller\fR(8) can be configured to do so with the
-\fB\-\-peer\-ca\-cert\fR option.
+require the controller to send the CA certificate.
+.
+.SS "Auto-Attach Commands"
+.
+The IETF Auto-Attach SPBM draft standard describes a compact method of using
+IEEE 802.1AB Link Layer Discovery Protocol (LLDP) together with a IEEE 802.1aq
+Shortest Path Bridging (SPB) network to automatically attach network devices to
+individual services in a SPB network. The intent here is to allow network
+applications and devices using OVS to be able to easily take advantage of
+features offered by industry standard SPB networks. A fundamental element of
+the Auto-Attach feature is to map traditional VLANs onto SPB I_SIDs. These
+commands manage the Auto-Attach I-SID/VLAN mappings.
+.
+.IP "\fBadd\-aa\-mapping \fIbridge i-sid vlan\fR"
+Creates a new Auto-Attach mapping on \fIbridge\fR for \fIi-sid\fR
+and \fIvlan\fR.
+.
+.IP "\fBdel\-aa\-mapping \fIbridge i-sid vlan\fR"
+Deletes an Auto-Attach mapping on \fIbridge\fR for \fIi-sid\fR
+and \fIvlan\fR.
+.IP "\fBget\-aa\-mapping \fIbridge\fR"
+Lists all of the Auto-Attach mappings within \fIbridge\fR on standard output.
.
.SS "Database Commands"
.
\fIcolumn\fR parameters that identify a particular field within the
records in a table.
.PP
-The following tables are currently defined:
-.IP "\fBOpen_vSwitch\fR"
-Global configuration for an \fBovs\-vswitchd\fR. This table contains
-exactly one record, identified by specifying \fB.\fR as the record
-name.
-.IP "\fBBridge\fR"
-Configuration for a bridge within an Open vSwitch. Records may be
-identified by bridge name.
-.IP "\fBPort\fR"
-A bridge port. Records may be identified by port name.
-.IP "\fBInterface\fR"
-A network device attached to a port. Records may be identified by
-name.
-.IP "\fBQoS\fR"
-Quality-of-service configuration for a \fBPort\fR. Records may be
-identified by port name.
-.IP "\fBQueue\fR"
-Configuration for one queue within a \fBQoS\fR configuration. Records
-may only be identified by UUID.
-.IP "\fBMirror\fR"
-A port mirroring configuration attached to a bridge. Records may be
-identified by mirror name.
-.IP "\fBController\fR"
-Configuration for an OpenFlow controller. A controller attached to a
-particular bridge may be identified by the bridge's name.
-.IP "\fBManager\fR"
-Configuration for an OVSDB connection. Records may be identified
-by target (e.g. \fBtcp:1.2.3.4\fR).
-.IP "\fBNetFlow\fR"
-A NetFlow configuration attached to a bridge. Records may be
-identified by bridge name.
-.IP "\fBSSL\fR"
-The global SSL configuration for \fBovs\-vswitchd\fR. The record
-attached to the \fBOpen_vSwitch\fR table may be identified by
-specifying \fB.\fR as the record name.
-.IP "\fBsFlow\fR"
-An sFlow configuration attached to a bridge. Records may be
-identified by bridge name.
+For a list of tables and their columns, see \fBovs-vswitchd.conf.db\fR(5) or
+see the table listing from the \fB--help\fR option.
.PP
Record names must be specified in full and with correct
-capitalization. Names of tables and columns are not case-sensitive,
-and \fB\-\-\fR and \fB_\fR are treated interchangeably. Unique
-abbreviations are acceptable, e.g. \fBnet\fR or \fBn\fR is sufficient
-to identify the \fBNetFlow\fR table.
-.
-.ST "Database Values"
-.PP
-Each column in the database accepts a fixed type of data. The
-currently defined basic types, and their representations, are:
-.IP "integer"
-A decimal integer in the range \-2**63 to 2**63\-1, inclusive.
-.IP "real"
-A floating-point number.
-.IP "Boolean"
-True or false, written \fBtrue\fR or \fBfalse\fR, respectively.
-.IP "string"
-An arbitrary Unicode string, except that null bytes are not allowed.
-Quotes are optional for most strings that begin with an English letter
-or underscore and consist only of letters, underscores, hyphens, and
-periods. However, \fBtrue\fR and \fBfalse\fR and strings that match
-the syntax of UUIDs (see below) must be enclosed in double quotes to
-distinguish them from other basic types. When double quotes are used,
-the syntax is that of strings in JSON, e.g. backslashes may be used to
-escape special characters. The empty string must be represented as a
-pair of double quotes (\fB""\fR).
-.IP "UUID"
-Either a universally unique identifier in the style of RFC 4122,
-e.g. \fBf81d4fae\-7dec\-11d0\-a765\-00a0c91e6bf6\fR, or an \fB@\fIname\fR
-defined by a \fBget\fR or \fBcreate\fR command within the same \fBovs\-vsctl\fR
-invocation.
-.PP
-Multiple values in a single column may be separated by spaces or a
-single comma. When multiple values are present, duplicates are not
-allowed, and order is not important. Conversely, some database
-columns can have an empty set of values, represented as \fB[]\fR, and
-square brackets may optionally enclose other non-empty sets or single
-values as well.
-.PP
-A few database columns are ``maps'' of key-value pairs, where the key
-and the value are each some fixed database type. These are specified
-in the form \fIkey\fB=\fIvalue\fR, where \fIkey\fR and \fIvalue\fR
-follow the syntax for the column's key type and value type,
-respectively. When multiple pairs are present (separated by spaces or
-a comma), duplicate keys are not allowed, and again the order is not
-important. Duplicate values are allowed. An empty map is represented
-as \fB{}\fR, and curly braces may be optionally enclose non-empty maps
-as well.
-.
-.ST "Database Command Syntax"
-.IP "[\fB\-\-columns=\fIcolumn\fR[\fB,\fIcolumn\fR]...] \fBlist \fItable \fR[\fIrecord\fR]..."
-Lists the data in each specified \fIrecord\fR. If no
-records are specified, lists all the records in \fItable\fR.
-.IP
-If \fB\-\-columns\fR is specified, only the requested columns are
-listed, in the specified order. Otherwise, all columns are listed, in
-alphabetical order by column name.
-.
-.IP "[\fB\-\-columns=\fIcolumn\fR[\fB,\fIcolumn\fR]...] \fBfind \fItable \fR[\fIcolumn\fR[\fB:\fIkey\fR]\fB=\fIvalue\fR]..."
-Lists the data in each record in \fItable\fR whose \fIcolumn\fR equals
-\fIvalue\fR or, if \fIkey\fR is specified, whose \fIcolumn\fR contains
-a \fIkey\fR with the specified \fIvalue\fR. The following operators
-may be used where \fB=\fR is written in the syntax summary:
-.RS
-.IP "\fB= != < > <= >=\fR"
-Selects records in which \fIcolumn\fR[\fB:\fIkey\fR] equals, does not
-equal, is less than, is greater than, is less than or equal to, or is
-greater than or equal to \fIvalue\fR, respectively.
-.IP
-Consider \fIcolumn\fR[\fB:\fIkey\fR] and \fIvalue\fR as sets of
-elements. Identical sets are considered equal. Otherwise, if the
-sets have different numbers of elements, then the set with more
-elements is considered to be larger. Otherwise, consider a element
-from each set pairwise, in increasing order within each set. The
-first pair that differs determines the result. (For a column that
-contains key-value pairs, first all the keys are compared, and values
-are considered only if the two sets contain identical keys.)
-.IP "\fB{=} {!=}\fR"
-Test for set equality or inequality, respectively.
-.IP "\fB{<=}\fR"
-Selects records in which \fIcolumn\fR[\fB:\fIkey\fR] is a subset of
-\fIvalue\fR. For example, \fBflood-vlans{<=}1,2\fR selects records in
-which the \fBflood-vlans\fR column is the empty set or contains 1 or 2
-or both.
-.IP "\fB{<}\fR"
-Selects records in which \fIcolumn\fR[\fB:\fIkey\fR] is a proper
-subset of \fIvalue\fR. For example, \fBflood-vlans{<}1,2\fR selects
-records in which the \fBflood-vlans\fR column is the empty set or
-contains 1 or 2 but not both.
-.IP "\fB{>=} {>}\fR"
-Same as \fB{<=}\fR and \fB{<}\fR, respectively, except that the
-relationship is reversed. For example, \fBflood-vlans{>=}1,2\fR
-selects records in which the \fBflood-vlans\fR column contains both 1
-and 2.
-.RE
-.IP
-For arithmetic operators (\fB= != < > <= >=\fR), when \fIkey\fR is
-specified but a particular record's \fIcolumn\fR does not contain
-\fIkey\fR, the record is always omitted from the results. Thus, the
-condition \fBother-config:mtu!=1500\fR matches records that have a
-\fBmtu\fR key whose value is not 1500, but not those that lack an
-\fBmtu\fR key.
-.IP
-For the set operators, when \fIkey\fR is specified but a particular
-record's \fIcolumn\fR does not contain \fIkey\fR, the comparison is
-done against an empty set. Thus, the condition
-\fBother-config:mtu{!=}1500\fR matches records that have a \fBmtu\fR
-key whose value is not 1500 and those that lack an \fBmtu\fR key.
-.IP
-Don't forget to escape \fB<\fR or \fB>\fR from interpretation by the
-shell.
-.IP
-If \fB\-\-columns\fR is specified, only the requested columns are
-listed, in the specified order. Otherwise all columns are listed, in
-alphabetical order by column name.
-.IP
-The UUIDs shown for rows created in the same \fBovs\-vsctl\fR
-invocation will be wrong.
-.
-.IP "[\fB\-\-id=@\fIname\fR] [\fB\-\-if\-exists\fR] \fBget \fItable record \fR[\fIcolumn\fR[\fB:\fIkey\fR]]..."
-Prints the value of each specified \fIcolumn\fR in the given
-\fIrecord\fR in \fItable\fR. For map columns, a \fIkey\fR may
-optionally be specified, in which case the value associated with
-\fIkey\fR in the column is printed, instead of the entire map.
-.IP
-For a map column, without \fB\-\-if\-exists\fR it is an error if
-\fIkey\fR does not exist; with it, a blank line is printed. If
-\fIcolumn\fR is not a map column or if \fIkey\fR is not specified,
-\fB\-\-if\-exists\fR has no effect.
-.IP
-If \fB@\fIname\fR is specified, then the UUID for \fIrecord\fR may be
-referred to by that name later in the same \fBovs\-vsctl\fR
-invocation in contexts where a UUID is expected.
-.IP
-Both \fB\-\-id\fR and the \fIcolumn\fR arguments are optional, but
-usually at least one or the other should be specified. If both are
-omitted, then \fBget\fR has no effect except to verify that
-\fIrecord\fR exists in \fItable\fR.
-.
-.IP "\fBset \fItable record column\fR[\fB:\fIkey\fR]\fB=\fIvalue\fR..."
-Sets the value of each specified \fIcolumn\fR in the given
-\fIrecord\fR in \fItable\fR to \fIvalue\fR. For map columns, a
-\fIkey\fR may optionally be specified, in which case the value
-associated with \fIkey\fR in that column is changed (or added, if none
-exists), instead of the entire map.
-.
-.IP "\fBadd \fItable record column \fR[\fIkey\fB=\fR]\fIvalue\fR..."
-Adds the specified value or key-value pair to \fIcolumn\fR in
-\fIrecord\fR in \fItable\fR. If \fIcolumn\fR is a map, then \fIkey\fR
-is required, otherwise it is prohibited. If \fIkey\fR already exists
-in a map column, then the current \fIvalue\fR is not replaced (use the
-\fBset\fR command to replace an existing value).
-.
-.IP "\fBremove \fItable record column \fR\fIvalue\fR..."
-.IQ "\fBremove \fItable record column \fR\fIkey\fR..."
-.IQ "\fBremove \fItable record column \fR\fIkey\fB=\fR\fIvalue\fR..."
-Removes the specified values or key-value pairs from \fIcolumn\fR in
-\fIrecord\fR in \fItable\fR. The first form applies to columns that
-are not maps: each specified \fIvalue\fR is removed from the column.
-The second and third forms apply to map columns: if only a \fIkey\fR
-is specified, then any key-value pair with the given \fIkey\fR is
-removed, regardless of its value; if a \fIvalue\fR is given then a
-pair is removed only if both key and value match.
-.IP
-It is not an error if the column does not contain the specified key or
-value or pair.
-.
-.IP "\fBclear\fR \fItable record column\fR..."
-Sets each \fIcolumn\fR in \fIrecord\fR in \fItable\fR to the empty set
-or empty map, as appropriate. This command applies only to columns
-that are allowed to be empty.
-.
-.IP "[\fB\-\-id=@\fIname\fR] \fBcreate\fR \fItable column\fR[\fB:\fIkey\fR]\fB=\fIvalue\fR..."
-Creates a new record in \fItable\fR and sets the initial values of
-each \fIcolumn\fR. Columns not explicitly set will receive their
-default values. Outputs the UUID of the new row.
-.IP
-If \fB@\fIname\fR is specified, then the UUID for the new row may be
-referred to by that name elsewhere in the same \fBovs\-vsctl\fR
-invocation in contexts where a UUID is expected. Such references may
-precede or follow the \fBcreate\fR command.
-.IP
-Records in the Open vSwitch database are significant only when they
-can be reached directly or indirectly from the \fBOpen_vSwitch\fR
-table. Except for records in the \fBQoS\fR or \fBQueue\fR tables,
-records that are not reachable from the \fBOpen_vSwitch\fR table are
-automatically deleted from the database. This deletion happens
-immediately, without waiting for additional \fBovs\-vsctl\fR commands
-or other database activity. Thus, a \fBcreate\fR command must
-generally be accompanied by additional commands \fIwithin the same
-\fBovs\-vsctl\fI invocation\fR to add a chain of references to the
-newly created record from the top-level \fBOpen_vSwitch\fR record.
-The \fBEXAMPLES\fR section gives some examples that show how to do
-this.
-.
-.IP "\fR[\fB\-\-if\-exists\fR] \fBdestroy \fItable record\fR..."
-Deletes each specified \fIrecord\fR from \fItable\fR. Unless
-\fB\-\-if\-exists\fR is specified, each \fIrecord\fRs must exist.
-.IP
-The \fBdestroy\fR command is only useful for records in the \fBQoS\fR
-or \fBQueue\fR tables. Records in other tables are automatically
-deleted from the database when they become unreachable from the
-\fBOpen_vSwitch\fR table. This means that deleting the last reference
-to a record is sufficient for deleting the record itself. For records
-in these tables, \fBdestroy\fR is silently ignored. See the
-\fBEXAMPLES\fR section below for more information.
-.
-.IP "\fBwait\-until \fItable record \fR[\fIcolumn\fR[\fB:\fIkey\fR]\fB=\fIvalue\fR]..."
-Waits until \fItable\fR contains a record named \fIrecord\fR whose
-\fIcolumn\fR equals \fIvalue\fR or, if \fIkey\fR is specified, whose
-\fIcolumn\fR contains a \fIkey\fR with the specified \fIvalue\fR. Any
-of the operators \fB!=\fR, \fB<\fR, \fB>\fR, \fB<=\fR, or \fB>=\fR may
-be substituted for \fB=\fR to test for inequality, less than, greater
-than, less than or equal to, or greater than or equal to,
-respectively. (Don't forget to escape \fB<\fR or \fB>\fR from
-interpretation by the shell.)
-.IP
-If no \fIcolumn\fR[\fB:\fIkey\fR]\fB=\fIvalue\fR arguments are given,
-this command waits only until \fIrecord\fR exists. If more than one
-such argument is given, the command waits until all of them are
-satisfied.
-.IP
-Usually \fBwait\-until\fR should be placed at the beginning of a set
-of \fBovs\-vsctl\fR commands. For example, \fBwait\-until bridge br0
-\-\- get bridge br0 datapath_id\fR waits until a bridge named
-\fBbr0\fR is created, then prints its \fBdatapath_id\fR column,
-whereas \fBget bridge br0 datapath_id \-\- wait\-until bridge br0\fR
-will abort if no bridge named \fBbr0\fR exists when \fBovs\-vsctl\fR
-initially connects to the database.
-.IP
-Consider specifying \fB\-\-timeout=0\fR along with
-\fB\-\-wait\-until\fR, to prevent \fBovs\-vsctl\fR from terminating
-after waiting only at most 5 seconds.
-.IP "\fBcomment \fR[\fIarg\fR]..."
-This command has no effect on behavior, but any database log record
-created by the command will include the command and its arguments.
+capitalization, except that UUIDs may be abbreviated to their first 4
+(or more) hex digits, as long as that is unique within the table.
+Names of tables and columns are not case-sensitive, and \fB\-\fR and
+\fB_\fR are treated interchangeably. Unique abbreviations of table
+and column names are acceptable, e.g. \fBnet\fR or \fBn\fR is
+sufficient to identify the \fBNetFlow\fR table.
+.
+.so lib/db-ctl-base.man
.SH "EXAMPLES"
Create a new bridge named br0 and add port eth0 to it:
.IP
.B "ovs\-vsctl add\-port br0 eth0"
.PP
Alternatively, perform both operations in a single atomic transaction:
-.IP
+.IP
.B "ovs\-vsctl add\-br br0 \-\- add\-port br0 eth0"
.PP
Delete bridge \fBbr0\fR, reporting an error if it does not exist:
.IP
.B "ovs\-vsctl del\-br br0"
.PP
-Delete bridge \fBbr0\fR if it exists (the \fB\-\-\fR is required to
-separate \fBdel\-br\fR's options from the global options):
+Delete bridge \fBbr0\fR if it exists:
.IP
-.B "ovs\-vsctl \-\- \-\-if\-exists del\-br br0"
+.B "ovs\-vsctl \-\-if\-exists del\-br br0"
.PP
Set the \fBqos\fR column of the \fBPort\fR record for \fBeth0\fR to
point to a new \fBQoS\fR record, which in turn points with its queue 0
.IP
.B "ovs\-vsctl add\-port br0 vlan10 tag=10 \-\- set Interface vlan10 type=internal"
.IP
-.B "ifconfig vlan10 192.168.0.123"
+.B "ip addr add 192.168.0.123/24 dev vlan10"
+.
+.PP
+Add a GRE tunnel port \fBgre0\fR to remote IP address 1.2.3.4 to
+bridge \fBbr0\fR:
+.IP
+.B "ovs\-vsctl add\-port br0 gre0 \-\- set Interface gre0 type=gre options:remote_ip=1.2.3.4"
.
.SS "Port Mirroring"
.PP
Remove the mirror created above from \fBbr0\fR, which also destroys
the Mirror record (since it is now unreferenced):
.IP
-.B "remove Bridge br0 mirrors mymirror"
+.B "ovs\-vsctl \-\- \-\-id=@rec get Mirror mymirror \(rs"
+.IP
+.B "\-\- remove Bridge br0 mirrors @rec"
+.PP
+The following simpler command also works:
+.IP
+.B "ovs\-vsctl clear Bridge br0 mirrors"
.SS "Quality of Service (QoS)"
.PP
Create a \fBlinux\-htb\fR QoS record that points to a few queues and
(This command will leave two unreferenced Queue records in the
database. To delete them, use "\fBovs\-vsctl list Queue\fR" to find
their UUIDs, then "\fBovs\-vsctl destroy Queue \fIuuid1\fR
-\fIuuid2\fR" to destroy each of them.)
+\fIuuid2\fR" to destroy each of them or use
+"\fBovs\-vsctl -- --all destroy Queue\fR" to delete all records.)
.SS "Connectivity Monitoring"
.PP
Monitor connectivity to a remote maintenance point on eth0.
(since it is now unreferenced):
.IP
.B "ovs\-vsctl \-\- clear Bridge br0 sflow"
+.SS "IPFIX"
+.PP
+Configure bridge \fBbr0\fR to send one IPFIX flow record per packet
+sample to UDP port 4739 on host 192.168.0.34, with Observation Domain
+ID 123 and Observation Point ID 456, a flow cache active timeout of 1
+minute (60 seconds), maximum flow cache size of 13 flows, and flows
+sampled on output port with tunnel info(sampling on input and output
+port is enabled by default if not disabled) :
+.IP
+.B "ovs\-vsctl \-\- set Bridge br0 ipfix=@i \(rs"
+.IP
+.B "\-\- \-\-id=@i create IPFIX targets=\(rs\(dq192.168.0.34:4739\(rs\(dq obs_domain_id=123 obs_point_id=456 cache_active_timeout=60 cache_max_flows=13 \(rs"
+.IP
+.B "other_config:enable-input-sampling=false other_config:enable-tunnel-sampling=true"
+.PP
+Deconfigure the IPFIX settings from \fBbr0\fR, which also destroys the
+IPFIX record (since it is now unreferenced):
+.IP
+.B "ovs\-vsctl clear Bridge br0 ipfix"
.SS "802.1D Spanning Tree Protocol (STP)"
.PP
Configure bridge \fBbr0\fR to participate in an 802.1D spanning tree:
.PP
Deconfigure STP from above:
.IP
-.B "ovs\-vsctl clear Bridge br0 stp_enable"
+.B "ovs\-vsctl set Bridge br0 stp_enable=false"
+.PP
+.SS "Multicast Snooping"
+.PP
+Configure bridge \fBbr0\fR to enable multicast snooping:
+.IP
+.B "ovs\-vsctl set Bridge br0 mcast_snooping_enable=true"
+.PP
+Set the multicast snooping aging time \fBbr0\fR to 300 seconds:
+.IP
+.B "ovs\-vsctl set Bridge br0 other_config:mcast-snooping-aging-time=300"
+.PP
+Set the multicast snooping table size \fBbr0\fR to 2048 entries:
+.IP
+.B "ovs\-vsctl set Bridge br0 other_config:mcast-snooping-table-size=2048"
+.PP
+Disable flooding of unregistered multicast packets to all ports. When
+set to \fBtrue\fR, the switch will send unregistered multicast packets only
+to ports connected to multicast routers. When it is set to \fBfalse\fR, the
+switch will send them to all ports. This command disables the flood of
+unregistered packets on bridge \fBbr0\fR.
+.IP
+.B "ovs\-vsctl set Bridge br0 other_config:mcast-snooping-disable-flood-unregistered=true"
+.PP
+Enable flooding of multicast packets (except Reports) on a specific port.
+.IP
+.B "ovs\-vsctl set Port eth1 other_config:mcast-snooping-flood=true"
+.PP
+Enable flooding of Reports on a specific port.
+.IP
+.B "ovs\-vsctl set Port eth1 other_config:mcast-snooping-flood-reports=true"
+.PP
+Deconfigure multicasting snooping from above:
+.IP
+.B "ovs\-vsctl set Bridge br0 mcast_snooping_enable=false"
+.PP
+.SS "802.1D-2004 Rapid Spanning Tree Protocol (RSTP)"
+.PP
+Configure bridge \fBbr0\fR to participate in an 802.1D-2004 Rapid Spanning Tree:
+.IP
+.B "ovs\-vsctl set Bridge br0 rstp_enable=true"
+.PP
+Set the bridge address of \fBbr0\fR to 00:aa:aa:aa:aa:aa :
+.IP
+.B "ovs\-vsctl set Bridge br0 other_config:rstp-address=00:aa:aa:aa:aa:aa"
+.PP
+Set the bridge priority of \fBbr0\fR to 0x7000. The value must be specified in
+decimal notation and should be a multiple of 4096 (if not, it is rounded down to
+the nearest multiple of 4096). The default priority value is 0x800 (32768).
+.IP
+.B "ovs\-vsctl set Bridge br0 other_config:rstp-priority=28672"
+.PP
+Set the bridge ageing time of \fBbr0\fR to 1000 s. The ageing time value should be
+between 10 s and 1000000 s. The default value is 300 s.
+.IP
+.B "ovs\-vsctl set Bridge br0 other_config:rstp-ageing-time=1000"
+.PP
+Set the bridge force protocol version of \fBbr0\fR to 0. The force protocol version
+has two acceptable values: 0 (STP compatibility mode) and 2 (normal operation).
+.IP
+.B "ovs\-vsctl set Bridge br0 other_config:rstp-force-protocol-version=0"
+.PP
+Set the bridge max age of \fBbr0\fR to 10 s. The max age value should be between 6 s
+and 40 s. The default value is 20 s.
+.IP
+.B "ovs\-vsctl set Bridge br0 other_config:rstp-max-age=10"
+.PP
+Set the bridge forward delay of \fBbr0\fR to 15 s.
+This value should be between 4 s and 30 s. The default value is 15 s.
+.IP
+.B "ovs\-vsctl set Bridge br0 other_config:rstp-forward-delay=15"
+.PP
+Set the bridge transmit hold count of \fBbr0\fR to 7 s. This value should be between
+1 s and 10 s. The default value is 6 s.
+.IP
+.B "ovs\-vsctl set Bridge br0 other_config:rstp-transmit-hold-count=7"
+.PP
+Enable RSTP on the Port \fBeth0\fR:
+.IP
+.B "ovs\-vsctl set Port eth0 other_config:rstp-enable=true"
+.PP
+Disable RSTP on the Port \fBeth0\fR:
+.IP
+.B "ovs\-vsctl set Port eth0 other_config:rstp-enable=false"
+.PP
+Set the priority of port \fBeth0\fR to 32. The value must be specified in
+decimal notation and should be a multiple of 16 (if not, it is rounded down to the
+nearest multiple of 16). The default priority value is 0x80 (128).
+.IP
+.B "ovs\-vsctl set Port eth0 other_config:rstp-port-priority=32"
+.PP
+Set the port number of port \fBeth0\fR to 3:
+.IP
+.B "ovs\-vsctl set Port eth0 other_config:rstp-port-num=3"
+.PP
+Set the path cost of port \fBeth0\fR to 150:
+.IP
+.B "ovs\-vsctl set Port eth0 other_config:rstp-path-cost=150"
+.PP
+Set the admin edge value of port \fBeth0\fR:
+.IP
+.B "ovs\-vsctl set Port eth0 other_config:rstp-port-admin-edge=true"
+.PP
+Set the auto edge value of port \fBeth0\fR:
+.IP
+.B "ovs\-vsctl set Port eth0 other_config:rstp-port-auto-edge=true"
.PP
+Set the admin point to point MAC value of port \fBeth0\fR. Acceptable
+values are \fB0\fR (not point-to-point), \fB1\fR (point-to-point, the
+default value) or \fB2\fR (automatic detection). The auto-detection
+mode is not currently implemented, and the value \fB2\fR has the same
+effect of \fB0\fR (not point-to-point).
+.IP
+.B "ovs\-vsctl set Port eth0 other_config:rstp-admin-p2p-mac=1"
+.PP
+Set the admin port state value of port \fBeth0\fR. \fBtrue\fR is the
+default value.
+.IP
+.B "ovs\-vsctl set Port eth0 other_config:rstp-admin-port-state=false"
+.PP
+Set the mcheck value of port \fBeth0\fR:
+.IP
+.B "ovs\-vsctl set Port eth0 other_config:rstp-port-mcheck=true"
+.PP
+Deconfigure RSTP from above:
+.IP
+.B "ovs\-vsctl set Bridge br0 rstp_enable=false"
+.PP
+.SS "OpenFlow Version"
+.PP
+Configure bridge \fBbr0\fR to support OpenFlow versions 1.0, 1.2, and
+1.3:
+.IP
+.B "ovs\-vsctl set bridge br0 protocols=OpenFlow10,OpenFlow12,OpenFlow13"
+.
+.SS "Flow Table Configuration"
+Make flow table 0 on bridge br0 refuse to accept more than 100 flows:
+.IP
+.B "ovs\-vsctl \-\- \-\-id=@ft create Flow_Table flow_limit=100 overflow_policy=refuse \-\- set Bridge br0 flow_tables=0=@ft"
+.
+.PP
+Make flow table 0 on bridge br0 evict flows, with fairness based on
+the matched ingress port, when there are more than 100:
+.
+.IP
+.B "ovs\-vsctl \-\- \-\-id=@ft create Flow_Table flow_limit=100 overflow_policy=evict groups='\(dqNXM_OF_IN_PORT[]\(dq' \-\- set Bridge br0 flow_tables:0=@ft"
.SH "EXIT STATUS"
.IP "0"
Successful program execution.
.SH "SEE ALSO"
.
.BR ovsdb\-server (1),
-.BR ovs\-vswitchd (8).
+.BR ovs\-vswitchd (8),
+.BR ovs\-vswitchd.conf.db (5).