</column>
<column name="sflow">
- sFlow configuration.
+ sFlow(R) configuration.
+ </column>
+
+ <column name="ipfix">
+ IPFIX configuration.
</column>
<column name="flood_vlans">
with kernel version 2.6.26 or later.
</p>
<p>
- As an experimental protocol, VXLAN has no officially assigned UDP
- port. Open vSwitch currently uses UDP destination port 8472.
- The source port used for VXLAN traffic varies on a per-flow basis
- and is in the ephemeral port range.
+ Open vSwitch uses UDP destination port 4789. The source port used for
+ VXLAN traffic varies on a per-flow basis and is in the ephemeral port
+ range.
</p>
</dd>
</p>
<column name="options" key="remote_ip">
- Required. The tunnel endpoint. Only unicast endpoints are supported.
+ <p>Required. The remote tunnel endpoint, one of:</p>
+
+ <ul>
+ <li>
+ An IPv4 address (not a DNS name), e.g. <code>192.168.0.123</code>.
+ Only unicast endpoints are supported.
+ </li>
+ <li>
+ The word <code>flow</code>. The tunnel accepts packets from any
+ remote tunnel endpoint. To process only packets from a specific
+ remote tunnel endpoint, the flow entries may match on the
+ <code>tun_src</code> field. When sending packets to a
+ <code>remote_ip=flow</code> tunnel, the flow actions must
+ explicitly set the <code>tun_dst</code> field to the IP address of
+ the desired remote tunnel endpoint, e.g. with a
+ <code>set_field</code> action.
+ </li>
+ </ul>
+
+ <p>
+ The remote tunnel endpoint for any packet received from a tunnel
+ is available in the <code>tun_src</code> field for matching in the
+ flow table.
+ </p>
</column>
<column name="options" key="local_ip">
- Optional. The destination IP that received packets must match.
- Default is to match all addresses.
+ <p>
+ Optional. The tunnel destination IP that received packets must
+ match. Default is to match all addresses. If specified, may be one
+ of:
+ </p>
+
+ <ul>
+ <li>
+ An IPv4 address (not a DNS name), e.g. <code>192.168.12.3</code>.
+ </li>
+ <li>
+ The word <code>flow</code>. The tunnel accepts packets sent to any
+ of the local IP addresses of the system running OVS. To process
+ only packets sent to a specific IP address, the flow entries may
+ match on the <code>tun_dst</code> field. When sending packets to a
+ <code>local_ip=flow</code> tunnel, the flow actions may
+ explicitly set the <code>tun_src</code> field to the desired IP
+ address, e.g. with a <code>set_field</code> action. However, while
+ routing the tunneled packet out, the local system may override the
+ specified address with the local IP address configured for the
+ outgoing system interface.
+
+ <p>
+ This option is valid only for tunnels also configured with the
+ <code>remote_ip=flow</code> option.
+ </p>
+ </li>
+ </ul>
+
+ <p>
+ The tunnel destination IP address for any packet received from a
+ tunnel is available in the <code>tun_dst</code> field for matching in
+ the flow table.
+ </p>
</column>
<column name="options" key="in_key">
</column>
</group>
+ <group title="Bidirectional Forwarding Detection (BFD)">
+ <p>
+ BFD, defined in RFC 5880 and RFC 5881, allows point to point
+ detection of connectivity failures by occasional transmission of
+ BFD control messages. It is implemented in Open vSwitch to serve
+ as a more popular and standards compliant alternative to CFM.
+ </p>
+
+ <p>
+ BFD operates by regularly transmitting BFD control messages at a
+ rate negotiated independently in each direction. Each endpoint
+ specifies the rate at which it expects to receive control messages,
+ and the rate at which it's willing to transmit them. Open vSwitch
+ uses a detection multiplier of three, meaning that an endpoint
+ which fails to receive BFD control messages for a period of three
+ times the expected reception rate, will signal a connectivity
+ fault. In the case of a unidirectional connectivity issue, the
+ system not receiving BFD control messages will signal the problem
+ to its peer in the messages is transmists.
+ </p>
+
+ <p>
+ The Open vSwitch implementation of BFD aims to comply faithfully
+ with the requirements put forth in RFC 5880. Currently, the only
+ known omission is ``Demand Mode'', which we hope to include in
+ future. Open vSwitch does not implement the optional
+ Authentication or ``Echo Mode'' features.
+ </p>
+
+ <column name="bfd" key="enable">
+ When <code>true</code> BFD is enabled on this
+ <ref table="Interface"/>, otherwise it's disabled. Defaults to
+ <code>false</code>.
+ </column>
+
+ <column name="bfd" key="min_rx"
+ type='{"type": "integer", "minInteger": 1}'>
+ The fastest rate, in milliseconds, at which this BFD session is
+ willing to receive BFD control messages. The actual rate may be
+ slower if the remote endpoint isn't willing to transmit as quickly as
+ specified. Defaults to <code>1000</code>.
+ </column>
+
+ <column name="bfd" key="min_tx"
+ type='{"type": "integer", "minInteger": 1}'>
+ The fastest rate, in milliseconds, at which this BFD session is
+ willing to transmit BFD control messages. The actual rate may be
+ slower if the remote endpoint isn't willing to receive as quickly as
+ specified. Defaults to <code>100</code>.
+ </column>
+
+ <column name="bfd" key="cpath_down" type='{"type": "boolean"}'>
+ Concatenated path down may be used when the local system should not
+ have traffic forwarded to it for some reason other than a connectivty
+ failure on the interface being monitored. When a controller thinks
+ this may be the case, it may set <code>cpath_down</code> to
+ <code>true</code> which may cause the remote BFD session not to
+ forward traffic to this <ref table="Interface"/>. Defaults to
+ <code>false</code>.
+ </column>
+
+ <column name="bfd_status" key="state"
+ type='{"type": "string",
+ "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
+ State of the BFD session. The BFD session is fully healthy and
+ negotiated if <code>UP</code>.
+ </column>
+
+ <column name="bfd_status" key="forwarding" type='{"type": "boolean"}'>
+ True if the BFD session believes this <ref table="Interface"/> may be
+ used to forward traffic. Typically this means the local session is
+ signaling <code>UP</code>, and the remote system isn't signaling a
+ problem such as concatenated path down.
+ </column>
+
+ <column name="bfd_status" key="diagnostic">
+ A short message indicating what the BFD session thinks is wrong in
+ case of a problem.
+ </column>
+
+ <column name="bfd_status" key="remote_state"
+ type='{"type": "string",
+ "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
+ State of the remote endpoint's BFD session.
+ </column>
+
+ <column name="bfd_status" key="remote_diagnostic">
+ A short message indicating what the remote endpoint's BFD session
+ thinks is wrong in case of a problem.
+ </column>
+ </group>
+
<group title="Connectivity Fault Management">
<p>
802.1ag Connectivity Fault Management (CFM) allows a group of
<dd>
<p>
Listens for SSL connections on the specified TCP <var>port</var>
- (default: 6632). If <var>ip</var>, which must be expressed as an
- IP address (not a DNS name), is specified, then connections are
- restricted to the specified local IP address.
+ (default: 6632). Specify 0 for <var>port</var> to have the
+ kernel automatically choose an available port. If <var>ip</var>,
+ which must be expressed as an IP address (not a DNS name), is
+ specified, then connections are restricted to the specified local
+ IP address.
</p>
<p>
The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
<dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
<dd>
Listens for connections on the specified TCP <var>port</var>
- (default: 6632). If <var>ip</var>, which must be expressed as an
- IP address (not a DNS name), is specified, then connections are
- restricted to the specified local IP address.
+ (default: 6632). Specify 0 for <var>port</var> to have the kernel
+ automatically choose an available port. If <var>ip</var>, which
+ must be expressed as an IP address (not a DNS name), is specified,
+ then connections are restricted to the specified local IP address.
</dd>
</dl>
<p>When multiple managers are configured, the <ref column="target"/>
chosen connection.
</p>
</column>
+
+ <column name="status" key="bound_port" type='{"type": "integer"}'>
+ When <ref column="target"/> is <code>ptcp:</code> or
+ <code>pssl:</code>, this is the TCP port on which the OVSDB server is
+ listening. (This is is particularly useful when <ref
+ column="target"/> specifies a port of 0, allowing the kernel to
+ choose any available port.)
+ </column>
</group>
<group title="Connection Parameters">
</table>
<table name="sFlow">
- <p>An sFlow(R) target. sFlow is a protocol for remote monitoring
- of switches.</p>
+ <p>A set of sFlow(R) targets. sFlow is a protocol for remote
+ monitoring of switches.</p>
<column name="agent">
Name of the network device whose IP address should be reported as the
</group>
</table>
+ <table name="IPFIX">
+ <p>A set of IPFIX collectors. IPFIX is a protocol that exports a
+ number of details about flows.</p>
+
+ <column name="targets">
+ IPFIX target collectors in the form
+ <code><var>ip</var>:<var>port</var></code>.
+ </column>
+
+ <column name="sampling">
+ For per-bridge packet sampling, i.e. when this row is referenced
+ from a <ref table="Bridge"/>, the rate at which packets should
+ be sampled and sent to each target collector. If not specified,
+ defaults to 400, which means one out of 400 packets, on average,
+ will be sent to each target collector. Ignored for per-flow
+ sampling, i.e. when this row is referenced from a <ref
+ table="Flow_Sample_Collector_Set"/>.
+ </column>
+
+ <column name="obs_domain_id">
+ For per-bridge packet sampling, i.e. when this row is referenced
+ from a <ref table="Bridge"/>, the IPFIX Observation Domain ID
+ sent in each IPFIX packet. If not specified, defaults to 0.
+ Ignored for per-flow sampling, i.e. when this row is referenced
+ from a <ref table="Flow_Sample_Collector_Set"/>.
+ </column>
+
+ <column name="obs_point_id">
+ For per-bridge packet sampling, i.e. when this row is referenced
+ from a <ref table="Bridge"/>, the IPFIX Observation Point ID
+ sent in each IPFIX flow record. If not specified, defaults to
+ 0. Ignored for per-flow sampling, i.e. when this row is
+ referenced from a <ref table="Flow_Sample_Collector_Set"/>.
+ </column>
+
+ <group title="Common Columns">
+ The overall purpose of these columns is described under <code>Common
+ Columns</code> at the beginning of this document.
+
+ <column name="external_ids"/>
+ </group>
+ </table>
+
+ <table name="Flow_Sample_Collector_Set">
+ <p>A set of IPFIX collectors of packet samples generated by
+ OpenFlow <code>sample</code> actions.</p>
+
+ <column name="id">
+ The ID of this collector set, unique among the bridge's
+ collector sets, to be used as the <code>collector_set_id</code>
+ in OpenFlow <code>sample</code> actions.
+ </column>
+
+ <column name="bridge">
+ The bridge into which OpenFlow <code>sample</code> actions can
+ be added to send packet samples to this set of IPFIX collectors.
+ </column>
+
+ <column name="ipfix">
+ Configuration of the set of IPFIX collectors to send one flow
+ record per sampled packet to.
+ </column>
+
+ <group title="Common Columns">
+ The overall purpose of these columns is described under <code>Common
+ Columns</code> at the beginning of this document.
+
+ <column name="external_ids"/>
+ </group>
+ </table>
+
</database>