<group title="OpenFlow Configuration">
<column name="controller">
- OpenFlow controller set. If unset, then no OpenFlow controllers
- will be used.
+ <p>
+ OpenFlow controller set. If unset, then no OpenFlow controllers
+ will be used.
+ </p>
+
+ <p>
+ If there are primary controllers, removing all of them clears the
+ flow table. If there are no primary controllers, adding one also
+ clears the flow table. Other changes to the set of controllers, such
+ as adding or removing a service controller, adding another primary
+ controller to supplement an existing primary controller, or removing
+ only one of two primary controllers, have no effect on the flow
+ table.
+ </p>
+ </column>
+
+ <column name="flow_tables">
+ Configuration for OpenFlow tables. Each pair maps from an OpenFlow
+ table ID to configuration for that table.
</column>
<column name="fail_mode">
<p>When more than one controller is configured,
<ref column="fail_mode"/> is considered only when none of the
configured controllers can be contacted.</p>
+ <p>
+ Changing <ref column="fail_mode"/> when no primary controllers are
+ configured clears the flow table.
+ </p>
</column>
<column name="datapath_id">
VLAN). A packet that ingresses on a trunk port is in the VLAN
specified in its 802.1Q header, or VLAN 0 if the packet has no
802.1Q header. A packet that egresses through a trunk port will
- have a 802.1Q header if it has a nonzero VLAN ID (or a nonzero
- 802.1Q priority).
+ have an 802.1Q header if it has a nonzero VLAN ID.
</p>
<p>
<dd>
<p>
An access port carries packets on exactly one VLAN specified in the
- <ref column="tag"/> column. Packets ingressing and egressing on an
- access port have no 802.1Q header.
+ <ref column="tag"/> column. Packets egressing on an access port
+ have no 802.1Q header.
</p>
<p>
- Any packet with an 802.1Q header that ingresses on an access port
- is dropped, regardless of whether the VLAN ID in the header is the
- access port's VLAN ID.
+ Any packet with an 802.1Q header with a nonzero VLAN ID that
+ ingresses on an access port is dropped, regardless of whether the
+ VLAN ID in the header is the access port's VLAN ID.
</p>
</dd>
<dd>
A native-untagged port resembles a native-tagged port, with the
exception that a packet that egresses on a native-untagged port in
- the native VLAN not have an 802.1Q header.
+ the native VLAN will not have an 802.1Q header.
</dd>
</dl>
<p>
VLAN.
</p>
</column>
+
+ <column name="other_config" key="priority-tags"
+ type='{"type": "boolean"}'>
+ <p>
+ An 802.1Q header contains two important pieces of information: a VLAN
+ ID and a priority. A frame with a zero VLAN ID, called a
+ ``priority-tagged'' frame, is supposed to be treated the same way as
+ a frame without an 802.1Q header at all (except for the priority).
+ </p>
+
+ <p>
+ However, some network elements ignore any frame that has 802.1Q
+ header at all, even when the VLAN ID is zero. Therefore, by default
+ Open vSwitch does not output priority-tagged frames, instead omitting
+ the 802.1Q header entirely if the VLAN ID is zero. Set this key to
+ <code>true</code> to enable priority-tagged frames on a port.
+ </p>
+
+ <p>
+ Regardless of this setting, Open vSwitch omits the 802.1Q header on
+ output if both the VLAN ID and priority would be zero.
+ </p>
+
+ <p>
+ All frames output to native-tagged ports have a nonzero VLAN ID, so
+ this setting is not meaningful on native-tagged ports.
+ </p>
+ </column>
</group>
<group title="Bonding Configuration">
<p>
The following modes require the upstream switch to support 802.3ad with
- successful LACP negotiation. If LACP negotiation fails then
- <code>balance-slb</code> style flow hashing is used as a fallback:
+ successful LACP negotiation:
</p>
<dl>
<column name="bond_mode">
<p>The type of bonding used for a bonded port. Defaults to
- <code>balance-slb</code> if unset.
+ <code>active-backup</code> if unset.
</p>
</column>
+ <column name="other_config" key="bond-hash-basis"
+ type='{"type": "integer"}'>
+ An integer hashed along with flows when choosing output slaves in load
+ balanced bonds. When changed, all flows will be assigned different
+ hash values possibly causing slave selection decisions to change. Does
+ not affect bonding modes which do not employ load balancing such as
+ <code>active-backup</code>.
+ </column>
+
<group title="Link Failure Detection">
<p>
An important part of link bonding is detecting that links are down so
connected to. <code>active</code> ports are allowed to initiate LACP
negotiations. <code>passive</code> ports are allowed to participate
in LACP negotiations initiated by a remote switch, but not allowed to
- initiate such negotiations themselves. Defaults to <code>off</code>
- if unset.
+ initiate such negotiations themselves. If LACP is enabled on a port
+ whose partner switch does not support LACP, the bond will be
+ disabled. Defaults to <code>off</code> if unset.
</column>
<column name="other_config" key="lacp-system-id">
The LACP system ID of this <ref table="Port"/>. The system ID of a
LACP bond is used to identify itself to its partners. Must be a
- nonzero MAC address.
+ nonzero MAC address. Defaults to the bridge Ethernet address if
+ unset.
</column>
<column name="other_config" key="lacp-system-priority"
when this mode is in use. The default if not specified is
<code>false</code>.
</column>
-
- <column name="other_config" key="bond-hash-basis"
- type='{"type": "integer"}'>
- An integer hashed along with flows when choosing output slaves. When
- changed, all flows will be assigned different hash values possibly
- causing slave selection decisions to change.
- </column>
</group>
<group title="SLB Configuration">
</p>
<column name="other_config" key="bond-rebalance-interval"
- type='{"type": "integer", "minInteger": 1000, "maxInteger": 10000}'>
- For an SLB bonded port, the number of milliseconds between successive
- attempts to rebalance the bond, that is, to move source MACs and
- their flows from one interface on the bond to another in an attempt
- to keep usage of each interface roughly equal.
+ type='{"type": "integer", "minInteger": 0, "maxInteger": 10000}'>
+ For a load balanced bonded port, the number of milliseconds between
+ successive attempts to rebalance the bond, that is, to move flows
+ from one interface on the bond to another in an attempt to keep usage
+ of each interface roughly equal. If zero, load balancing is disabled
+ on the bond (carrier status changes still cause flows to move). If
+ less than 1000ms, the rebalance interval will be 1000ms.
</column>
</group>
</column>
</group>
+ <group title="Port Statistics">
+ <p>
+ Key-value pairs that report port statistics.
+ </p>
+ <group title="Statistics: STP transmit and receive counters">
+ <column name="statistics" key="stp_tx_count">
+ Number of STP BPDUs sent on this port by the spanning
+ tree library.
+ </column>
+ <column name="statistics" key="stp_rx_count">
+ Number of STP BPDUs received on this port and accepted by the
+ spanning tree library.
+ </column>
+ <column name="statistics" key="stp_error_count">
+ Number of bad STP BPDUs received on this port. Bad BPDUs
+ include runt packets and those with an unexpected protocol ID.
+ </column>
+ </group>
+ </group>
+
<group title="Common Columns">
The overall purpose of these columns is described under <code>Common
Columns</code> at the beginning of this document.
</p>
<column name="options" key="remote_ip">
- Required. The tunnel endpoint.
+ <p>
+ Required. The tunnel endpoint. Unicast and multicast endpoints are
+ both supported.
+ </p>
+
+ <p>
+ When a multicast endpoint is specified, a routing table lookup occurs
+ only when the tunnel is created. Following a routing change, delete
+ and then re-create the tunnel to force a new routing table lookup.
+ </p>
</column>
<column name="options" key="local_ip">
- Optional. The destination IP that received packets must
- match. Default is to match all addresses.
+ Optional. The destination IP that received packets must match.
+ Default is to match all addresses. Must be omitted when <ref
+ column="options" key="remote_ip"/> is a multicast address.
</column>
<column name="options" key="in_key">
OpenFlow action. This setting is ignored when CFM is not in extended
mode. Defaults to <code>up</code>.
</column>
+
+ <column name="other_config" key="cfm_ccm_vlan"
+ type='{"type": "integer", "minInteger": 1, "maxInteger": 4095}'>
+ When set, the CFM module will apply a VLAN tag to all CCMs it generates
+ with the given value.
+ </column>
+
</group>
<group title="Bonding Configuration">
</column>
</group>
+ <group title="VLAN Splinters">
+ <p>
+ The ``VLAN splinters'' feature increases Open vSwitch compatibility
+ with buggy network drivers in old versions of Linux that do not
+ properly support VLANs when VLAN devices are not used, at some cost
+ in memory and performance.
+ </p>
+
+ <p>
+ When VLAN splinters are enabled on a particular interface, Open vSwitch
+ creates a VLAN device for each in-use VLAN. For sending traffic tagged
+ with a VLAN on the interface, it substitutes the VLAN device. Traffic
+ received on the VLAN device is treated as if it had been received on
+ the interface on the particular VLAN.
+ </p>
+
+ <p>
+ VLAN splinters consider a VLAN to be in use if:
+ </p>
+
+ <ul>
+ <li>
+ The VLAN is the <ref table="Port" column="tag"/> value in any <ref
+ table="Port"/> record.
+ </li>
+
+ <li>
+ The VLAN is listed within the <ref table="Port" column="trunks"/>
+ column of the <ref table="Port"/> record of an interface on which
+ VLAN splinters are enabled.
+
+ An empty <ref table="Port" column="trunks"/> does not influence the
+ in-use VLANs: creating 4,096 VLAN devices is impractical because it
+ will exceed the current 1,024 port per datapath limit.
+ </li>
+
+ <li>
+ An OpenFlow flow within any bridge matches the VLAN.
+ </li>
+ </ul>
+
+ <p>
+ The same set of in-use VLANs applies to every interface on which VLAN
+ splinters are enabled. That is, the set is not chosen separately for
+ each interface but selected once as the union of all in-use VLANs based
+ on the rules above.
+ </p>
+
+ <p>
+ It does not make sense to enable VLAN splinters on an interface for an
+ access port, or on an interface that is not a physical port.
+ </p>
+
+ <p>
+ VLAN splinters are deprecated. When broken device drivers are no
+ longer in widespread use, we will delete this feature.
+ </p>
+
+ <column name="other_config" key="enable-vlan-splinters"
+ type='{"type": "boolean"}'>
+ <p>
+ Set to <code>true</code> to enable VLAN splinters on this interface.
+ Defaults to <code>false</code>.
+ </p>
+
+ <p>
+ VLAN splinters increase kernel and userspace memory overhead, so do
+ not use them unless they are needed.
+ </p>
+ </column>
+ </group>
+
<group title="Common Columns">
The overall purpose of these columns is described under <code>Common
Columns</code> at the beginning of this document.
</group>
</table>
+ <table name="Flow_Table" title="OpenFlow table configuration">
+ <p>Configuration for a particular OpenFlow table.</p>
+
+ <column name="name">
+ The table's name. Set this column to change the name that controllers
+ will receive when they request table statistics, e.g. <code>ovs-ofctl
+ dump-tables</code>. The name does not affect switch behavior.
+ </column>
+
+ <column name="flow_limit">
+ If set, limits the number of flows that may be added to the table. Open
+ vSwitch may limit the number of flows in a table for other reasons,
+ e.g. due to hardware limitations or for resource availability or
+ performance reasons.
+ </column>
+
+ <column name="overflow_policy">
+ <p>
+ Controls the switch's behavior when an OpenFlow flow table modification
+ request would add flows in excess of <ref column="flow_limit"/>. The
+ supported values are:
+ </p>
+
+ <dl>
+ <dt><code>refuse</code></dt>
+ <dd>
+ Refuse to add the flow or flows. This is also the default policy
+ when <ref column="overflow_policy"/> is unset.
+ </dd>
+
+ <dt><code>evict</code></dt>
+ <dd>
+ Delete the flow that will expire soonest. See <ref column="groups"/>
+ for details.
+ </dd>
+ </dl>
+ </column>
+
+ <column name="groups">
+ <p>
+ When <ref column="overflow_policy"/> is <code>evict</code>, this
+ controls how flows are chosen for eviction when the flow table would
+ otherwise exceed <ref column="flow_limit"/> flows. Its value is a set
+ of NXM fields or sub-fields, each of which takes one of the forms
+ <code><var>field</var>[]</code> or
+ <code><var>field</var>[<var>start</var>..<var>end</var>]</code>,
+ e.g. <code>NXM_OF_IN_PORT[]</code>. Please see
+ <code>nicira-ext.h</code> for a complete list of NXM field names.
+ </p>
+
+ <p>
+ When a flow must be evicted due to overflow, the flow to evict is
+ chosen through an approximation of the following algorithm:
+ </p>
+
+ <ol>
+ <li>
+ Divide the flows in the table into groups based on the values of the
+ specified fields or subfields, so that all of the flows in a given
+ group have the same values for those fields. If a flow does not
+ specify a given field, that field's value is treated as 0.
+ </li>
+
+ <li>
+ Consider the flows in the largest group, that is, the group that
+ contains the greatest number of flows. If two or more groups all
+ have the same largest number of flows, consider the flows in all of
+ those groups.
+ </li>
+
+ <li>
+ Among the flows under consideration, choose the flow that expires
+ soonest for eviction.
+ </li>
+ </ol>
+
+ <p>
+ The eviction process only considers flows that have an idle timeout or
+ a hard timeout. That is, eviction never deletes permanent flows.
+ (Permanent flows do count against <ref column="flow_limit"/>.
+ </p>
+
+ <p>
+ Open vSwitch ignores any invalid or unknown field specifications.
+ </p>
+
+ <p>
+ When <ref column="overflow_policy"/> is not <code>evict</code>, this
+ column has no effect.
+ </p>
+ </column>
+ </table>
+
<table name="QoS" title="Quality of Service configuration">
<p>Quality of Service (QoS) configuration for each Port that
references it.</p>
Service (QoS) features. May be referenced by <ref column="queues"
table="QoS"/> column in <ref table="QoS"/> table.</p>
- <group title="Configuration for min-rate QoS">
- <p>
- These key-value pairs are defined for <ref table="QoS"/> <ref
- table="QoS" column="type"/> of <code>min-rate</code>.
- </p>
-
- <column name="other_config" key="min-rate"
- type='{"type": "integer", "minInteger": 12000}'>
- Minimum guaranteed bandwidth, in bit/s. Required. The floor value is
- 1500 bytes/s (12,000 bit/s).
- </column>
- </group>
+ <column name="dscp">
+ If set, Open vSwitch will mark all traffic egressing this
+ <ref table="Queue"/> with the given DSCP bits. Traffic egressing the
+ default <ref table="Queue"/> is only marked if it was explicitly selected
+ as the <ref table="Queue"/> at the time the packet was output. If unset,
+ the DSCP bits of traffic egressing this <ref table="Queue"/> will remain
+ unchanged.
+ </column>
<group title="Configuration for linux-htb QoS">
<p>
- These key-value pairs are defined for <ref table="QoS"/> <ref
- table="QoS" column="type"/> of <code>linux-htb</code>.
+ <ref table="QoS"/> <ref table="QoS" column="type"/>
+ <code>linux-htb</code> may use <code>queue_id</code>s less than 61440.
+ It has the following key-value pairs defined.
</p>
<column name="other_config" key="min-rate"
<group title="Configuration for linux-hfsc QoS">
<p>
- These key-value pairs are defined for <ref table="QoS"/> <ref
- table="QoS" column="type"/> of <code>linux-hfsc</code>.
+ <ref table="QoS"/> <ref table="QoS" column="type"/>
+ <code>linux-hfsc</code> may use <code>queue_id</code>s less than 61440.
+ It has the following key-value pairs defined.
</p>
<column name="other_config" key="min-rate"
</group>
</table>
- <table name="Mirror" title="Port mirroring (SPAN/RSPAN/ERSPAN).">
+ <table name="Mirror" title="Port mirroring.">
<p>A port mirror within a <ref table="Bridge"/>.</p>
<p>A port mirror configures a bridge to send selected frames to special
``mirrored'' ports, in addition to their normal destinations. Mirroring
- traffic may also be referred to as SPAN, RSPAN, or ERSPAN, depending on how
+ traffic may also be referred to as SPAN or RSPAN, depending on how
the mirrored traffic is sent.</p>
<column name="name">
<p>Output port for selected packets, if nonempty.</p>
<p>Specifying a port for mirror output reserves that port exclusively
for mirroring. No frames other than those selected for mirroring
+ via this column
will be forwarded to the port, and any frames received on the port
will be discarded.</p>
<p>
The output port may be any kind of port supported by Open vSwitch.
- It may be, for example, a physical port (sometimes called SPAN), or a
- GRE tunnel (sometimes called ERSPAN).
+ It may be, for example, a physical port (sometimes called SPAN) or a
+ GRE tunnel.
</p>
</column>
</column>
</group>
+ <group title="Statistics: Mirror counters">
+ <p>
+ Key-value pairs that report mirror statistics.
+ </p>
+ <column name="statistics" key="tx_packets">
+ Number of packets transmitted through this mirror.
+ </column>
+ <column name="statistics" key="tx_bytes">
+ Number of bytes transmitted through this mirror.
+ </column>
+ </group>
+
<group title="Common Columns">
The overall purpose of these columns is described under <code>Common
Columns</code> at the beginning of this document.
<column name="agent">
Name of the network device whose IP address should be reported as the
- ``agent address'' to collectors. If not specified, the IP address
+ ``agent address'' to collectors. If not specified, the agent device is
+ figured from the first target address and the routing table. If the
+ routing table does not contain a route to the target, the IP address
defaults to the <ref table="Controller" column="local_ip"/> in the
collector's <ref table="Controller"/>. If an agent IP address cannot be
- determined either way, sFlow is disabled.
+ determined any of these ways, sFlow is disabled.
</column>
<column name="header">