The Citrix XenServer universally unique identifier for the physical
host as displayed by <code>xe host-list</code>.
</column>
+
+ <column name="other_config" key="flow-restore-wait"
+ type='{"type": "boolean"}'>
+ <p>
+ When <code>ovs-vswitchd</code> starts up, it has an empty flow table
+ and therefore it handles all arriving packets in its default fashion
+ according to its configuration, by dropping them or sending them to
+ an OpenFlow controller or switching them as a standalone switch.
+ This behavior is ordinarily desirable. However, if
+ <code>ovs-vswitchd</code> is restarting as part of a ``hot-upgrade,''
+ then this leads to a relatively long period during which packets are
+ mishandled.
+ </p>
+ <p>
+ This option allows for improvement. When <code>ovs-vswitchd</code>
+ starts with this value set as <code>true</code>, it will neither
+ flush or expire previously set datapath flows nor will it send and
+ receive any packets to or from the datapath. When this value is
+ later set to <code>false</code>, <code>ovs-vswitchd</code> will
+ start receiving packets from the datapath and re-setup the flows.
+ </p>
+ <p>
+ Thus, with this option, the procedure for a hot-upgrade of
+ <code>ovs-vswitchd</code> becomes roughly the following:
+ </p>
+ <ol>
+ <li>
+ Stop <code>ovs-vswitchd</code>.
+ </li>
+ <li>
+ Set <ref column="other_config" key="flow-restore-wait"/>
+ to <code>true</code>.
+ </li>
+ <li>
+ Start <code>ovs-vswitchd</code>.
+ </li>
+ <li>
+ Use <code>ovs-ofctl</code> (or some other program, such as an
+ OpenFlow controller) to restore the OpenFlow flow table
+ to the desired state.
+ </li>
+ <li>
+ Set <ref column="other_config" key="flow-restore-wait"/>
+ to <code>false</code> (or remove it entirely from the database).
+ </li>
+ </ol>
+ <p>
+ The <code>ovs-ctl</code>'s ``restart'' and ``force-reload-kmod''
+ functions use the above config option during hot upgrades.
+ </p>
+ </column>
+
+ <column name="other_config" key="flow-eviction-threshold"
+ type='{"type": "integer", "minInteger": 0}'>
+ <p>
+ A number of flows as a nonnegative integer. This sets number of
+ flows at which eviction from the datapath flow table will be
+ triggered. If there are a large number of flows then increasing this
+ value to around the number of flows present can result in reduced CPU
+ usage and packet loss.
+ </p>
+ <p>
+ The default is 2500. Values below 100 will be rounded up to 100.
+ </p>
+ </column>
+
+ <column name="other_config" key="force-miss-model">
+ <p>
+ Specifies userspace behaviour for handling flow misses. This takes
+ precedence over flow-eviction-threshold.
+ </p>
+ <p>
+ <dl>
+ <dt><code>auto</code></dt>
+ <dd>Handle automatically based on the flow-eviction-threshold and
+ the flow setup governer (default, recommended).</dd>
+ <dt><code>with-facets</code></dt>
+ <dd>Always create facets. Expensive kernel flow creation and
+ statistics tracking is always performed, even on flows with only
+ a small number of packets.</dd>
+ <dt><code>without-facets</code></dt>
+ <dd>Always handle without facets. Forces flow misses to be handled
+ in userspace. May cause an increase in CPU usage and packet loss
+ on high throughput.</dd>
+ </dl>
+ </p>
+ </column>
</group>
<group title="Status">
</column>
<column name="sflow">
- sFlow configuration.
+ sFlow(R) configuration.
+ </column>
+
+ <column name="ipfix">
+ IPFIX configuration.
</column>
<column name="flood_vlans">
datapath ID.
</column>
- <column name="other_config" key="flow-eviction-threshold"
- type='{"type": "integer", "minInteger": 0}'>
- <p>
- A number of flows as a nonnegative integer. This sets number of
- flows at which eviction from the kernel flow table will be triggered.
- If there are a large number of flows then increasing this value to
- around the number of flows present can result in reduced CPU usage
- and packet loss.
- </p>
- <p>
- The default is 1000. Values below 100 will be rounded up to 100.
- </p>
- </column>
-
<column name="other_config" key="forward-bpdu"
type='{"type": "boolean"}'>
Option to allow forwarding of BPDU frames when NORMAL action is
information such as destination MAC address, IP address, and TCP
port.
</dd>
-
- <dt><code>stable</code></dt>
- <dd>
- <p>Deprecated and slated for removal in February 2013.</p>
- <p>Attempts to always assign a given flow to the same slave
- consistently. In an effort to maintain stability, no load
- balancing is done. Uses a similar hashing strategy to
- <code>balance-tcp</code>, always taking into account L3 and L4
- fields even if LACP negotiations are unsuccessful. </p>
- <p>Slave selection decisions are made based on <ref table="Interface"
- column="other_config" key="bond-stable-id"/> if set. Otherwise,
- OpenFlow port number is used. Decisions are consistent across all
- <code>ovs-vswitchd</code> instances with equivalent
- <ref table="Interface" column="other_config" key="bond-stable-id"/>
- values.</p>
- </dd>
</dl>
<p>These columns apply only to bonded ports. Their values are
on a host.
</column>
+ <column name="mac_in_use">
+ The MAC address in use by this interface.
+ </column>
+
<column name="mac">
<p>Ethernet address to set for this interface. If unset then the
default MAC address is used:</p>
Same as IPSEC_GRE except 64 bit key.
</dd>
- <dt><code>capwap</code></dt>
- <dd>
- An Ethernet tunnel over the UDP transport portion of CAPWAP (RFC
- 5415). This allows interoperability with certain switches that do
- not support GRE. Only the tunneling component of the protocol is
- implemented. UDP ports 58881 and 58882 are used as the source and
- destination ports respectively. CAPWAP is currently supported only
- with the Linux kernel datapath with kernel version 2.6.26 or later.
-
- CAPWAP support is deprecated and will be removed no earlier than
- February 2013.
- </dd>
-
<dt><code>vxlan</code></dt>
<dd>
<p>
An Ethernet tunnel over the experimental, UDP-based VXLAN
protocol described at
- <code>http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-02</code>.
+ <code>http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-03</code>.
VXLAN is currently supported only with the Linux kernel datapath
with kernel version 2.6.26 or later.
</p>
<p>
- As an experimental protocol, VXLAN has no officially assigned UDP
- port. Open vSwitch currently uses UDP destination port 8472.
- The source port used for VXLAN traffic varies on a per-flow basis
- and is in the ephemeral port range.
+ Open vSwitch uses UDP destination port 4789. The source port used for
+ VXLAN traffic varies on a per-flow basis and is in the ephemeral port
+ range.
</p>
</dd>
+ <dt><code>lisp</code></dt>
+ <dd>
+ A layer 3 tunnel over the experimental, UDP-based Locator/ID
+ Separation Protocol (RFC 6830). LISP is currently supported only
+ with the Linux kernel datapath with kernel version 2.6.26 or later.
+ </dd>
+
<dt><code>patch</code></dt>
<dd>
A pair of virtual devices that act as a patch cable.
<p>
These options apply to interfaces with <ref column="type"/> of
<code>gre</code>, <code>ipsec_gre</code>, <code>gre64</code>,
- <code>ipsec_gre64</code>, <code>capwap</code>, and
- <code>vxlan</code>.
+ <code>ipsec_gre64</code>, <code>vxlan</code>, and <code>lisp</code>.
</p>
<p>
</p>
<column name="options" key="remote_ip">
- <p>
- Required. The tunnel endpoint. Unicast and multicast endpoints are
- both supported.
- </p>
+ <p>Required. The remote tunnel endpoint, one of:</p>
+
+ <ul>
+ <li>
+ An IPv4 address (not a DNS name), e.g. <code>192.168.0.123</code>.
+ Only unicast endpoints are supported.
+ </li>
+ <li>
+ The word <code>flow</code>. The tunnel accepts packets from any
+ remote tunnel endpoint. To process only packets from a specific
+ remote tunnel endpoint, the flow entries may match on the
+ <code>tun_src</code> field. When sending packets to a
+ <code>remote_ip=flow</code> tunnel, the flow actions must
+ explicitly set the <code>tun_dst</code> field to the IP address of
+ the desired remote tunnel endpoint, e.g. with a
+ <code>set_field</code> action.
+ </li>
+ </ul>
<p>
- When a multicast endpoint is specified, a routing table lookup occurs
- only when the tunnel is created. Following a routing change, delete
- and then re-create the tunnel to force a new routing table lookup.
+ The remote tunnel endpoint for any packet received from a tunnel
+ is available in the <code>tun_src</code> field for matching in the
+ flow table.
</p>
</column>
<column name="options" key="local_ip">
- Optional. The destination IP that received packets must match.
- Default is to match all addresses. Must be omitted when <ref
- column="options" key="remote_ip"/> is a multicast address.
+ <p>
+ Optional. The tunnel destination IP that received packets must
+ match. Default is to match all addresses. If specified, may be one
+ of:
+ </p>
+
+ <ul>
+ <li>
+ An IPv4 address (not a DNS name), e.g. <code>192.168.12.3</code>.
+ </li>
+ <li>
+ The word <code>flow</code>. The tunnel accepts packets sent to any
+ of the local IP addresses of the system running OVS. To process
+ only packets sent to a specific IP address, the flow entries may
+ match on the <code>tun_dst</code> field. When sending packets to a
+ <code>local_ip=flow</code> tunnel, the flow actions may
+ explicitly set the <code>tun_src</code> field to the desired IP
+ address, e.g. with a <code>set_field</code> action. However, while
+ routing the tunneled packet out, the local system may override the
+ specified address with the local IP address configured for the
+ outgoing system interface.
+
+ <p>
+ This option is valid only for tunnels also configured with the
+ <code>remote_ip=flow</code> option.
+ </p>
+ </li>
+ </ul>
+
+ <p>
+ The tunnel destination IP address for any packet received from a
+ tunnel is available in the <code>tun_dst</code> field for matching in
+ the flow table.
+ </p>
</column>
<column name="options" key="in_key">
key="in_key"/> at all.
</li>
<li>
- A positive 24-bit (for VXLAN), 32-bit (for GRE) or 64-bit (for
- CAPWAP) number. The tunnel receives only packets with the
+ A positive 24-bit (for VXLAN and LISP), 32-bit (for GRE) or 64-bit
+ (for GRE64) number. The tunnel receives only packets with the
specified key.
</li>
<li>
key="out_key"/> at all.
</li>
<li>
- A positive 24-bit (for VXLAN), 32-bit (for GRE) or 64-bit (for
- CAPWAP) number. Packets sent through the tunnel will have the
+ A positive 24-bit (for VXLAN and LISP), 32-bit (for GRE) or 64-bit
+ (for GRE64) number. Packets sent through the tunnel will have the
specified key.
</li>
<li>
system default, typically 64). Default is the system default TTL.
</column>
- <column name="options" key="df_inherit" type='{"type": "boolean"}'>
- Optional. If enabled, the Don't Fragment bit will be copied from the
- inner IP headers (those of the encapsulated traffic) to the outer
- (tunnel) headers. Default is disabled; set to <code>true</code> to
- enable.
- </column>
-
<column name="options" key="df_default"
type='{"type": "boolean"}'>
- Optional. If enabled, the Don't Fragment bit will be set by default on
- tunnel headers if the <code>df_inherit</code> option is not set, or if
- the encapsulated packet is not IP. Default is enabled; set to
- <code>false</code> to disable.
- </column>
-
- <column name="options" key="pmtud" type='{"type": "boolean"}'>
- Optional. Enable tunnel path MTU discovery. If enabled ``ICMP
- Destination Unreachable - Fragmentation Needed'' messages will be
- generated for IPv4 packets with the DF bit set and IPv6 packets above
- the minimum MTU if the packet size exceeds the path MTU minus the size
- of the tunnel headers. Note that this option causes behavior that is
- typically reserved for routers and therefore is not entirely in
- compliance with the IEEE 802.1D specification for bridges. Default is
- disabled; set to <code>true</code> to enable. This feature is
- deprecated and will be removed soon.
+ Optional. If enabled, the Don't Fragment bit will be set on tunnel
+ outer headers to allow path MTU discovery. Default is enabled; set
+ to <code>false</code> to disable.
</column>
<group title="Tunnel Options: gre and ipsec_gre only">
<column name="status" key="source_ip">
The source IP address used for an IPv4 tunnel end-point, such as
- <code>gre</code> or <code>capwap</code>.
+ <code>gre</code>.
</column>
<column name="status" key="tunnel_egress_iface">
- Egress interface for tunnels. Currently only relevant for GRE and
- CAPWAP tunnels. On Linux systems, this column will show the name of
- the interface which is responsible for routing traffic destined for the
- configured <ref column="options" key="remote_ip"/>. This could be an
- internal interface such as a bridge port.
+ Egress interface for tunnels. Currently only relevant for GRE tunnels
+ On Linux systems, this column will show the name of the interface
+ which is responsible for routing traffic destined for the configured
+ <ref column="options" key="remote_ip"/>. This could be an internal
+ interface such as a bridge port.
</column>
<column name="status" key="tunnel_egress_iface_carrier"
</column>
</group>
+ <group title="Bidirectional Forwarding Detection (BFD)">
+ <p>
+ BFD, defined in RFC 5880 and RFC 5881, allows point to point
+ detection of connectivity failures by occasional transmission of
+ BFD control messages. It is implemented in Open vSwitch to serve
+ as a more popular and standards compliant alternative to CFM.
+ </p>
+
+ <p>
+ BFD operates by regularly transmitting BFD control messages at a
+ rate negotiated independently in each direction. Each endpoint
+ specifies the rate at which it expects to receive control messages,
+ and the rate at which it's willing to transmit them. Open vSwitch
+ uses a detection multiplier of three, meaning that an endpoint
+ which fails to receive BFD control messages for a period of three
+ times the expected reception rate, will signal a connectivity
+ fault. In the case of a unidirectional connectivity issue, the
+ system not receiving BFD control messages will signal the problem
+ to its peer in the messages is transmists.
+ </p>
+
+ <p>
+ The Open vSwitch implementation of BFD aims to comply faithfully
+ with the requirements put forth in RFC 5880. Currently, the only
+ known omission is ``Demand Mode'', which we hope to include in
+ future. Open vSwitch does not implement the optional
+ Authentication or ``Echo Mode'' features.
+ </p>
+
+ <column name="bfd" key="enable">
+ When <code>true</code> BFD is enabled on this
+ <ref table="Interface"/>, otherwise it's disabled. Defaults to
+ <code>false</code>.
+ </column>
+
+ <column name="bfd" key="min_rx"
+ type='{"type": "integer", "minInteger": 1}'>
+ The fastest rate, in milliseconds, at which this BFD session is
+ willing to receive BFD control messages. The actual rate may be
+ slower if the remote endpoint isn't willing to transmit as quickly as
+ specified. Defaults to <code>1000</code>.
+ </column>
+
+ <column name="bfd" key="min_tx"
+ type='{"type": "integer", "minInteger": 1}'>
+ The fastest rate, in milliseconds, at which this BFD session is
+ willing to transmit BFD control messages. The actual rate may be
+ slower if the remote endpoint isn't willing to receive as quickly as
+ specified. Defaults to <code>100</code>.
+ </column>
+
+ <column name="bfd" key="cpath_down" type='{"type": "boolean"}'>
+ Concatenated path down may be used when the local system should not
+ have traffic forwarded to it for some reason other than a connectivty
+ failure on the interface being monitored. When a controller thinks
+ this may be the case, it may set <code>cpath_down</code> to
+ <code>true</code> which may cause the remote BFD session not to
+ forward traffic to this <ref table="Interface"/>. Defaults to
+ <code>false</code>.
+ </column>
+
+ <column name="bfd_status" key="state"
+ type='{"type": "string",
+ "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
+ State of the BFD session. The BFD session is fully healthy and
+ negotiated if <code>UP</code>.
+ </column>
+
+ <column name="bfd_status" key="forwarding" type='{"type": "boolean"}'>
+ True if the BFD session believes this <ref table="Interface"/> may be
+ used to forward traffic. Typically this means the local session is
+ signaling <code>UP</code>, and the remote system isn't signaling a
+ problem such as concatenated path down.
+ </column>
+
+ <column name="bfd_status" key="diagnostic">
+ A short message indicating what the BFD session thinks is wrong in
+ case of a problem.
+ </column>
+
+ <column name="bfd_status" key="remote_state"
+ type='{"type": "string",
+ "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
+ State of the remote endpoint's BFD session.
+ </column>
+
+ <column name="bfd_status" key="remote_diagnostic">
+ A short message indicating what the remote endpoint's BFD session
+ thinks is wrong in case of a problem.
+ </column>
+ </group>
+
<group title="Connectivity Fault Management">
<p>
802.1ag Connectivity Fault Management (CFM) allows a group of
compatibility with 802.1ag compliant implementations. Defaults to
<code>false</code>.
</column>
+
+ <column name="other_config" key="cfm_demand" type='{"type": "boolean"}'>
+ <p>
+ When <code>true</code>, and
+ <ref column="other_config" key="cfm_extended"/> is true, the CFM
+ module operates in demand mode. When in demand mode, traffic
+ received on the <ref table="Interface"/> is used to indicate
+ liveness. CCMs are still transmitted and received, but if the
+ <ref table="Interface"/> is receiving traffic, their absence does not
+ cause a connectivity fault.
+ </p>
+
+ <p>
+ Demand mode has a couple of caveats:
+ <ul>
+ <li>
+ To ensure that ovs-vswitchd has enough time to pull statistics
+ from the datapath, the minimum
+ <ref column="other_config" key="cfm_interval"/> is 500ms.
+ </li>
+
+ <li>
+ To avoid ambiguity, demand mode disables itself when there are
+ multiple remote maintenance points.
+ </li>
+
+ <li>
+ If the <ref table="Interface"/> is heavily congested, CCMs
+ containing the <ref column="other_config" key="cfm_opstate"/>
+ status may be dropped causing changes in the operational state to
+ be delayed. Similarly, if CCMs containing the RDI bit are not
+ received, unidirectional link failures may not be detected.
+ </li>
+ </ul>
+ </p>
+ </column>
+
<column name="other_config" key="cfm_opstate"
type='{"type": "string", "enum": ["set", ["down", "up"]]}'>
When <code>down</code>, the CFM module marks all CCMs it generates as
</group>
<group title="Bonding Configuration">
- <column name="other_config" key="bond-stable-id"
- type='{"type": "integer", "minInteger": 1}'>
- Used in <code>stable</code> bond mode to make slave
- selection decisions. Allocating <ref column="other_config"
- key="bond-stable-id"/> values consistently across interfaces
- participating in a bond will guarantee consistent slave selection
- decisions across <code>ovs-vswitchd</code> instances when using
- <code>stable</code> bonding mode.
- </column>
-
<column name="other_config" key="lacp-port-id"
type='{"type": "integer", "minInteger": 1, "maxInteger": 65535}'>
The LACP port ID of this <ref table="Interface"/>. Port IDs are
two different hypervisors. That is, <code>active</code> means that
this <ref column="external_ids" key="iface-id"/> is the active
instance within a single hypervisor, not in a broader scope.
+ There is one exception: some hypervisors support ``migration'' from a
+ given hypervisor to itself (most often for test purposes). During
+ such a ``migration,'' two instances of a single <ref
+ column="external_ids" key="iface-id"/> might both be briefly marked
+ <code>active</code> on a single hypervisor.
</p>
</column>
<dd>
<p>
Listens for SSL connections on the specified TCP <var>port</var>
- (default: 6632). If <var>ip</var>, which must be expressed as an
- IP address (not a DNS name), is specified, then connections are
- restricted to the specified local IP address.
+ (default: 6632). Specify 0 for <var>port</var> to have the
+ kernel automatically choose an available port. If <var>ip</var>,
+ which must be expressed as an IP address (not a DNS name), is
+ specified, then connections are restricted to the specified local
+ IP address.
</p>
<p>
The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
<dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
<dd>
Listens for connections on the specified TCP <var>port</var>
- (default: 6632). If <var>ip</var>, which must be expressed as an
- IP address (not a DNS name), is specified, then connections are
- restricted to the specified local IP address.
+ (default: 6632). Specify 0 for <var>port</var> to have the kernel
+ automatically choose an available port. If <var>ip</var>, which
+ must be expressed as an IP address (not a DNS name), is specified,
+ then connections are restricted to the specified local IP address.
</dd>
</dl>
<p>When multiple managers are configured, the <ref column="target"/>
chosen connection.
</p>
</column>
+
+ <column name="status" key="bound_port" type='{"type": "integer"}'>
+ When <ref column="target"/> is <code>ptcp:</code> or
+ <code>pssl:</code>, this is the TCP port on which the OVSDB server is
+ listening. (This is is particularly useful when <ref
+ column="target"/> specifies a port of 0, allowing the kernel to
+ choose any available port.)
+ </column>
</group>
<group title="Connection Parameters">
</table>
<table name="sFlow">
- <p>An sFlow(R) target. sFlow is a protocol for remote monitoring
- of switches.</p>
+ <p>A set of sFlow(R) targets. sFlow is a protocol for remote
+ monitoring of switches.</p>
<column name="agent">
Name of the network device whose IP address should be reported as the
</group>
</table>
+ <table name="IPFIX">
+ <p>A set of IPFIX collectors. IPFIX is a protocol that exports a
+ number of details about flows.</p>
+
+ <column name="targets">
+ IPFIX target collectors in the form
+ <code><var>ip</var>:<var>port</var></code>.
+ </column>
+
+ <column name="sampling">
+ For per-bridge packet sampling, i.e. when this row is referenced
+ from a <ref table="Bridge"/>, the rate at which packets should
+ be sampled and sent to each target collector. If not specified,
+ defaults to 400, which means one out of 400 packets, on average,
+ will be sent to each target collector. Ignored for per-flow
+ sampling, i.e. when this row is referenced from a <ref
+ table="Flow_Sample_Collector_Set"/>.
+ </column>
+
+ <column name="obs_domain_id">
+ For per-bridge packet sampling, i.e. when this row is referenced
+ from a <ref table="Bridge"/>, the IPFIX Observation Domain ID
+ sent in each IPFIX packet. If not specified, defaults to 0.
+ Ignored for per-flow sampling, i.e. when this row is referenced
+ from a <ref table="Flow_Sample_Collector_Set"/>.
+ </column>
+
+ <column name="obs_point_id">
+ For per-bridge packet sampling, i.e. when this row is referenced
+ from a <ref table="Bridge"/>, the IPFIX Observation Point ID
+ sent in each IPFIX flow record. If not specified, defaults to
+ 0. Ignored for per-flow sampling, i.e. when this row is
+ referenced from a <ref table="Flow_Sample_Collector_Set"/>.
+ </column>
+
+ <group title="Common Columns">
+ The overall purpose of these columns is described under <code>Common
+ Columns</code> at the beginning of this document.
+
+ <column name="external_ids"/>
+ </group>
+ </table>
+
+ <table name="Flow_Sample_Collector_Set">
+ <p>A set of IPFIX collectors of packet samples generated by
+ OpenFlow <code>sample</code> actions.</p>
+
+ <column name="id">
+ The ID of this collector set, unique among the bridge's
+ collector sets, to be used as the <code>collector_set_id</code>
+ in OpenFlow <code>sample</code> actions.
+ </column>
+
+ <column name="bridge">
+ The bridge into which OpenFlow <code>sample</code> actions can
+ be added to send packet samples to this set of IPFIX collectors.
+ </column>
+
+ <column name="ipfix">
+ Configuration of the set of IPFIX collectors to send one flow
+ record per sampled packet to.
+ </column>
+
+ <group title="Common Columns">
+ The overall purpose of these columns is described under <code>Common
+ Columns</code> at the beginning of this document.
+
+ <column name="external_ids"/>
+ </group>
+ </table>
+
</database>
git://git.onelab.eu / sliver-openvswitch.git / blobdiff