Set of bridges managed by the daemon.
</column>
- <column name="managers">
- Remote database clients to which the Open vSwitch's database server
- should connect or to which it should listen.
- </column>
-
<column name="ssl">
SSL used globally by the daemon.
</column>
choose key names that are likely to be unique. The currently
defined common key-value pairs are:
<dl>
- <dt><code>system-type</code></dt>
- <dd>An identifier for the switch type, such as
- <code>XenServer</code> or <code>KVM</code>.</dd>
- <dt><code>system-version</code></dt>
- <dd>The version of the switch software, such as
- <code>5.6.0</code> on XenServer.</dd>
<dt><code>system-id</code></dt>
<dd>A unique identifier for the Open vSwitch's physical host.
The form of the identifier depends on the type of the host.
</dl>
</column>
</group>
+
+ <group title="Version Reporting">
+ <p>
+ These columns report the types and versions of the hardware and
+ software running Open vSwitch. We recommend in general that software
+ should test whether specific features are supported instead of relying
+ on version number checks. These values are primarily intended for
+ reporting to human administrators.
+ </p>
+
+ <column name="ovs_version">
+ The Open vSwitch version number, e.g. <code>1.1.0pre2</code>.
+ If Open vSwitch was configured with a build number, then it is
+ also included, e.g. <code>1.1.0pre2+build4948</code>.
+ </column>
+
+ <column name="db_version">
+ <p>
+ The database schema version number in the form
+ <code><var>major</var>.<var>minor</var>.<var>tweak</var></code>,
+ e.g. <code>1.2.3</code>. Whenever the database schema is changed in
+ a non-backward compatible way (e.g. deleting a column or a table),
+ <var>major</var> is incremented. When the database schema is changed
+ in a backward compatible way (e.g. adding a new column),
+ <var>minor</var> is incremented. When the database schema is changed
+ cosmetically (e.g. reindenting its syntax), <var>tweak</var> is
+ incremented.
+ </p>
+
+ <p>
+ The schema version is part of the database schema, so it can also be
+ retrieved by fetching the schema using the Open vSwitch database
+ protocol.
+ </p>
+ </column>
+
+ <column name="system_type">
+ <p>
+ An identifier for the type of system on top of which Open vSwitch
+ runs, e.g. <code>XenServer</code> or <code>KVM</code>.
+ </p>
+ <p>
+ System integrators are responsible for choosing and setting an
+ appropriate value for this column.
+ </p>
+ </column>
+
+ <column name="system_version">
+ <p>
+ The version of the system identified by <ref column="system_type"/>,
+ e.g. <code>5.5.0-24648p</code> on XenServer 5.5.0 build 24648.
+ </p>
+ <p>
+ System integrators are responsible for choosing and setting an
+ appropriate value for this column.
+ </p>
+ </column>
+
+ </group>
+
+ <group title="Database Configuration">
+ <p>
+ These columns primarily configure the Open vSwitch database
+ (<code>ovsdb-server</code>), not the Open vSwitch switch
+ (<code>ovs-vswitchd</code>). The OVSDB database also uses the <ref
+ column="ssl"/> settings.
+ </p>
+
+ <p>
+ The Open vSwitch switch does read the database configuration to
+ determine remote IP addresses to which in-band control should apply.
+ </p>
+
+ <column name="manager_options">
+ Database clients to which the Open vSwitch database server should
+ connect or to which it should listen, along with options for how these
+ connection should be configured. See the <ref table="Manager"/> table
+ for more information.
+ </column>
+
+ <column name="managers">
+ <p>
+ Remote database clients to which the Open vSwitch's database server
+ should connect or to which it should listen. Adding an OVSDB target
+ to this set is equivalent to adding it to <ref
+ column="manager_options"/> with all of the default options.
+ </p>
+
+ <p>
+ Use of this column is deprecated and may be removed sometime in the
+ future. New applications should use and set <ref
+ column="manager_options"/> instead.
+ </p>
+ </column>
+ </group>
</table>
<table name="Bridge">
</dl>
</p>
<p>If this value is unset, the default is implementation-specific.</p>
- <p>When more than one controller is configured,
+ <p>When more than one controller is configured,
<ref column="fail_mode"/> is considered only when none of the
configured controllers can be contacted.</p>
</column>
defined key-value pairs are:
<dl>
<dt><code>bridge-id</code></dt>
- <dd>A unique identifier of the bridge. On Citrix XenServer this
+ <dd>A unique identifier of the bridge. On Citrix XenServer this
will commonly be the same as <code>xs-network-uuids</code>.</dd>
<dt><code>xs-network-uuids</code></dt>
<dd>Semicolon-delimited set of universally unique identifier(s) for
<dt><code>datapath-id</code></dt>
<dd>Exactly 16 hex
digits to set the OpenFlow datapath ID to a specific
- value.</dd>
+ value. May not be all-zero.</dd>
+ <dt><code>disable-in-band</code></dt>
+ <dd>If set to <code>true</code>, disable in-band control on
+ the bridge regardless of controller and manager settings.</dd>
<dt><code>hwaddr</code></dt>
<dd>An Ethernet address in the form
<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
to set the hardware address of the local port and influence the
datapath ID.</dd>
+ <dt><code>in-band-queue</code></dt>
+ <dd>
+ A queue ID as a nonnegative integer. This sets the OpenFlow queue
+ ID that will be used by flows set up by in-band control on this
+ bridge. If unset, or if the port used by an in-band control flow
+ does not have QoS configured, or if the port does not have a queue
+ with the specified ID, the default queue is used instead.
+ </dd>
</dl>
</column>
</group>
<p>A port that has more than one interface is a ``bonded port.''
Bonding allows for load balancing and fail-over. Open vSwitch
supports ``source load balancing'' (SLB) bonding, which
- assigns flows to slaves based on source MAC address, with
- periodic rebalancing as traffic patterns change. This form of
- bonding does not require 802.3ad or other special support from
- the upstream switch to which the slave devices are
- connected.</p>
+ assigns flows to slaves based on source MAC address and output VLAN,
+ with periodic rebalancing as traffic patterns change. This form of
+ bonding does not require 802.3ad or other special support from the
+ upstream switch to which the slave devices are connected.</p>
<p>These columns apply only to bonded ports. Their values are
otherwise ignored.</p>
<column name="qos">
Quality of Service configuration for this port.
</column>
-
+
<column name="mac">
The MAC address to use for this port for the purpose of choosing the
bridge's MAC address. This column does not necessarily reflect the
<p>Open vSwitch populates this column when the port number becomes
known. If the interface is successfully added,
<ref column="ofport"/> will be set to a number between 1 and 65535
- (generally either in the range 1 to 65280, exclusive, or 65534, the
+ (generally either in the range 1 to 65279, inclusive, or 65534, the
port number for the OpenFlow ``local port''). If the interface
cannot be added then Open vSwitch sets this column
to -1.</p>
the same except one has an optional identifier and the other does
not, the more specific one is matched first. <code>in_key</code>
is considered more specific than <code>local_ip</code> if a port
- defines one and another port defines the other. The following
+ defines one and another port defines the other. The following
options may be specified in the <ref column="options"/> column:
<dl>
<dt><code>remote_ip</code></dt>
bypass certain components of the IP stack (such as IP tables)
and it may be useful to disable it if these features are
required or as a debugging measure. Default is enabled, set to
- <code>false</code> to disable. If IPsec is enabled through the
- <ref column="other_config"/> parameters, header caching will be
- automatically disabled.</dd>
+ <code>false</code> to disable.</dd>
+ </dl>
+ </dd>
+ <dt><code>ipsec_gre</code></dt>
+ <dd>An Ethernet over RFC 2890 Generic Routing Encapsulation over
+ IPv4 IPsec tunnel. Each tunnel (including those of type
+ <code>gre</code>) must be uniquely identified by the
+ combination of <code>remote_ip</code> and
+ <code>local_ip</code>. Note that if two ports are defined
+ that are the same except one has an optional identifier and
+ the other does not, the more specific one is matched first.
+ The following options may be specified in the
+ <ref column="options"/> column:
+ <dl>
+ <dt><code>remote_ip</code></dt>
+ <dd>Required. The tunnel endpoint.</dd>
+ </dl>
+ <dl>
+ <dt><code>local_ip</code></dt>
+ <dd>Optional. The destination IP that received packets must
+ match. Default is to match all addresses.</dd>
+ </dl>
+ <dl>
+ <dt><code>ipsec_psk</code></dt>
+ <dd>Required. Specifies a pre-shared key for authentication
+ that must be identical on both sides of the tunnel.</dd>
+ </dl>
+ <dl>
+ <dt><code>in_key</code></dt>
+ <dd>Optional. The GRE key that received packets must contain.
+ It may either be a 32-bit number (no key and a key of 0 are
+ treated as equivalent) or the word <code>flow</code>. If
+ <code>flow</code> is specified then any key will be accepted
+ and the key will be placed in the <code>tun_id</code> field
+ for matching in the flow table. The ovs-ofctl manual page
+ contains additional information about matching fields in
+ OpenFlow flows. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>out_key</code></dt>
+ <dd>Optional. The GRE key to be set on outgoing packets. It may
+ either be a 32-bit number or the word <code>flow</code>. If
+ <code>flow</code> is specified then the key may be set using
+ the <code>set_tunnel</code> Nicira OpenFlow vendor extension (0
+ is used in the absence of an action). The ovs-ofctl manual
+ page contains additional information about the Nicira OpenFlow
+ vendor extensions. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>key</code></dt>
+ <dd>Optional. Shorthand to set <code>in_key</code> and
+ <code>out_key</code> at the same time.</dd>
+ </dl>
+ <dl>
+ <dt><code>tos</code></dt>
+ <dd>Optional. The value of the ToS bits to be set on the
+ encapsulating packet. It may also be the word
+ <code>inherit</code>, in which case the ToS will be copied from
+ the inner packet if it is IPv4 or IPv6 (otherwise it will be
+ 0). Note that the ECN fields are always inherited. Default is
+ 0.</dd>
+ </dl>
+ <dl>
+ <dt><code>ttl</code></dt>
+ <dd>Optional. The TTL to be set on the encapsulating packet.
+ It may also be the word <code>inherit</code>, in which case the
+ TTL will be copied from the inner packet if it is IPv4 or IPv6
+ (otherwise it will be the system default, typically 64).
+ Default is the system default TTL.</dd>
+ </dl>
+ <dl>
+ <dt><code>csum</code></dt>
+ <dd>Optional. Compute GRE checksums on outgoing packets.
+ Checksums present on incoming packets will be validated
+ regardless of this setting. Note that GRE checksums
+ impose a significant performance penalty as they cover the
+ entire packet. As the contents of the packet is typically
+ covered by L3 and L4 checksums, this additional checksum only
+ adds value for the GRE and encapsulated Ethernet headers.
+ Default is disabled, set to <code>true</code> to enable.</dd>
+ </dl>
+ <dl>
+ <dt><code>pmtud</code></dt>
+ <dd>Optional. Enable tunnel path MTU discovery. If enabled
+ ``ICMP destination unreachable - fragmentation'' needed
+ messages will be generated for IPv4 packets with the DF bit set
+ and IPv6 packets above the minimum MTU if the packet size
+ exceeds the path MTU minus the size of the tunnel headers. It
+ also forces the encapsulating packet DF bit to be set (it is
+ always set if the inner packet implies path MTU discovery).
+ Note that this option causes behavior that is typically
+ reserved for routers and therefore is not entirely in
+ compliance with the IEEE 802.1D specification for bridges.
+ Default is enabled, set to <code>false</code> to disable.</dd>
</dl>
</dd>
<dt><code>capwap</code></dt>
</group>
<group title="Other Features">
+
+ <column name="monitor">
+ Connectivity monitor configuration for this interface.
+ </column>
+
<column name="external_ids">
Key-value pairs for use by external frameworks that integrate
with Open vSwitch, rather than by Open vSwitch itself. System
For Citrix XenServer, this is the value of the <code>MAC</code>
field in the VIF record for this interface.</dd>
<dt><code>iface-id</code></dt>
- <dd>A system-unique identifier for the interface. On XenServer,
+ <dd>A system-unique identifier for the interface. On XenServer,
this will commonly be the same as <code>xs-vif-uuid</code>.</dd>
</dl>
<p>
<column name="other_config">
Key-value pairs for rarely used interface features. Currently,
- the only keys are for configuring GRE-over-IPsec, which is only
- available through the <code>openvswitch-ipsec</code> package for
- Debian. The currently defined key-value pairs are:
- <dl>
- <dt><code>ipsec_local_ip</code></dt>
- <dd>Required key for GRE-over-IPsec interfaces. Additionally,
- the <ref column="type"/> must be <code>gre</code> and the
- <code>ipsec_psk</code> <ref column="other_config"/> key must
- be set. The <code>in_key</code>, <code>out_key</code>, and
- <code>key</code> <ref column="options"/> must not be
- set.</dd>
- <dt><code>ipsec_psk</code></dt>
- <dd>Required key for GRE-over-IPsec interfaces. Specifies a
- pre-shared key for authentication that must be identical on
- both sides of the tunnel. Additionally, the
- <code>ipsec_local_ip</code> key must also be set.</dd>
- </dl>
+ there are none defined.
</column>
<column name="statistics">
for information on how this classifier works and how to configure it.
</dd>
</dl>
+ <dl>
+ <dt><code>linux-hfsc</code></dt>
+ <dd>
+ Linux "Hierarchical Fair Service Curve" classifier.
+ See <code>http://linux-ip.net/articles/hfsc.en/</code> for
+ information on how this classifier works.
+ </dd>
+ </dl>
</column>
<column name="queues">
<column name="other_config">
<p>Key-value pairs for configuring QoS features that depend on
<ref column="type"/>.</p>
- <p>The <code>linux-htb</code> class supports the following key-value
- pairs:</p>
+ <p>The <code>linux-htb</code> and <code>linux-hfsc</code> classes support
+ the following key-value pairs:</p>
<dl>
<dt><code>max-rate</code></dt>
<dd>Maximum rate shared by all queued traffic, in bit/s.
a queue with a larger value receives any. Specific priority
values are unimportant; only relative ordering matters.</dd>
</dl>
+ <p>The key-value pairs defined for <ref table="QoS"/> <ref table="QoS"
+ column="type"/> of <code>linux-hfsc</code> are:</p>
+ <dl>
+ <dt><code>min-rate</code></dt>
+ <dd>Minimum guaranteed bandwidth, in bit/s. Required.</dd>
+ <dt><code>max-rate</code></dt>
+ <dd>Maximum allowed bandwidth, in bit/s. Optional. If specified, the
+ queue's rate will not be allowed to exceed the specified value, even
+ if excess bandwidth is available. If unspecified, defaults to no
+ limit.</dd>
+ </dl>
</column>
<column name="external_ids">
</column>
</table>
+ <table name="Monitor" title="Connectivity Monitor configuration">
+ <p>
+ A <ref table="Monitor"/> attaches to an <ref table="Interface"/> to
+ implement 802.1ag Connectivity Fault Management (CFM). CFM allows a
+ group of Maintenance Points (MPs) called a Maintenance Association (MA)
+ to detect connectivity problems with each other. MPs within a MA should
+ have complete and exclusive interconnectivity. This is verified by
+ occasionally broadcasting Continuity Check Messages (CCMs) at a
+ configurable transmission interval. A <ref table="Monitor"/> is
+ responsible for collecting data about other MPs in its MA and
+ broadcasting CCMs.
+ </p>
+
+ <group title="Monitor Configuration">
+ <column name="mpid">
+ A Maintenance Point ID (MPID) uniquely identifies each endpoint within
+ a Maintenance Association (see <ref column="ma_name"/>). The MPID is
+ used to identify this <ref table="Monitor"/> to other endpoints in the
+ MA.
+ </column>
+
+ <column name="remote_mps">
+ A set of <ref table="Maintenance_Points"/> which this
+ <ref table="Monitor"/> should have connectivity to. If this
+ <ref table="Monitor"/> does not have connectivity to any MPs in this
+ set, or has connectivity to any MPs not in this set, a fault is
+ signaled.
+ </column>
+
+ <column name="ma_name">
+ A Maintenance Association (MA) name pairs with a Maintenance Domain
+ (MD) name to uniquely identify a MA. A MA is a group of endpoints who
+ have complete and exclusive interconnectivity. Defaults to
+ <code>ovs</code> if unset.
+ </column>
+
+ <column name="md_name">
+ A Maintenance Domain name pairs with a Maintenance Association name to
+ uniquely identify a MA. Defaults to <code>ovs</code> if unset.
+ </column>
+
+ <column name="interval">
+ The transmission interval of CCMs in milliseconds. Three missed CCMs
+ indicate a connectivity fault. Defaults to 1000ms.
+ </column>
+ </group>
+
+ <group title="Monitor Status">
+ <column name="unexpected_remote_mpids">
+ A set of MPIDs representing MPs to which this <ref table="Monitor"/>
+ has detected connectivity that are not in the
+ <ref column="remote_mps"/> set. This <ref table="Monitor"/> should not
+ have connectivity to any MPs not listed in <ref column="remote_mps"/>.
+ Thus, if this set is non-empty a fault is indicated.
+ </column>
+
+ <column name="unexpected_remote_maids">
+ A set of MAIDs representing foreign Maintenance Associations (MAs)
+ which this <ref table="Monitor"/> has detected connectivity to. A
+ <ref table="Monitor"/> should not have connectivity to a Maintenance
+ Association other than its own. Thus, if this set is non-empty a fault
+ is indicated.
+ </column>
+
+ <column name="fault">
+ Indicates a Connectivity Fault caused by a configuration error, a down
+ remote MP, or unexpected connectivity to a remote MAID or remote MP.
+ </column>
+ </group>
+ </table>
+
+ <table name="Maintenance_Point" title="Maintenance Point configuration">
+ <p>
+ A <ref table="Maintenance_Point"/> represents a MP which a
+ <ref table="Monitor"/> has or should have connectivity to.
+ </p>
+
+ <group title="Maintenance_Point Configuration">
+ <column name="mpid">
+ A Maintenance Point ID (MPID) uniquely identifies each endpoint within
+ a Maintenance Association. All MPs within a MA should have a unique
+ MPID.
+ </column>
+ </group>
+
+ <group title="Maintenance_Point Status">
+ <column name="fault">
+ Indicates a connectivity fault.
+ </column>
+ </group>
+ </table>
+
<table name="Mirror" title="Port mirroring (SPAN/RSPAN).">
<p>A port mirror within a <ref table="Bridge"/>.</p>
<p>A port mirror configures a bridge to send selected frames to special
<p>
Open vSwitch supports two kinds of OpenFlow controllers:
</p>
-
+
<dl>
<dt>Primary controllers</dt>
<dd>
</group>
</table>
+ <table name="Manager" title="OVSDB management connection.">
+ <p>
+ Configuration for a database connection to an Open vSwitch database
+ (OVSDB) client.
+ </p>
+
+ <p>
+ This table primarily configures the Open vSwitch database
+ (<code>ovsdb-server</code>), not the Open vSwitch switch
+ (<code>ovs-vswitchd</code>). The switch does read the table to determine
+ what connections should be treated as in-band.
+ </p>
+
+ <p>
+ The Open vSwitch database server can initiate and maintain active
+ connections to remote clients. It can also listen for database
+ connections.
+ </p>
+
+ <group title="Core Features">
+ <column name="target">
+ <p>Connection method for managers.</p>
+ <p>
+ The following connection methods are currently supported:
+ </p>
+ <dl>
+ <dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
+ <dd>
+ <p>
+ The specified SSL <var>port</var> (default: 6632) on the host at
+ the given <var>ip</var>, which must be expressed as an IP address
+ (not a DNS name). The <ref table="Open_vSwitch" column="ssl"/>
+ column in the <ref table="Open_vSwitch"/> table must point to a
+ valid SSL configuration when this form is used.
+ </p>
+ <p>
+ SSL support is an optional feature that is not always built as
+ part of Open vSwitch.
+ </p>
+ </dd>
+
+ <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
+ <dd>
+ The specified TCP <var>port</var> (default: 6632) on the host at
+ the given <var>ip</var>, which must be expressed as an IP address
+ (not a DNS name).
+ </dd>
+ <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
+ <dd>
+ <p>
+ Listens for SSL connections on the specified TCP <var>port</var>
+ (default: 6632). If <var>ip</var>, which must be expressed as an
+ IP address (not a DNS name), is specified, then connections are
+ restricted to the specified local IP address.
+ </p>
+ <p>
+ The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
+ table="Open_vSwitch"/> table must point to a valid SSL
+ configuration when this form is used.
+ </p>
+ <p>
+ SSL support is an optional feature that is not always built as
+ part of Open vSwitch.
+ </p>
+ </dd>
+ <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
+ <dd>
+ Listens for connections on the specified TCP <var>port</var>
+ (default: 6632). If <var>ip</var>, which must be expressed as an
+ IP address (not a DNS name), is specified, then connections are
+ restricted to the specified local IP address.
+ </dd>
+ </dl>
+ <p>When multiple managers are configured, the <ref column="target"/>
+ values must be unique. Duplicate <ref column="target"/> values yield
+ unspecified results.</p>
+ </column>
+
+ <column name="connection_mode">
+ <p>
+ If it is specified, this setting must be one of the following strings
+ that describes how Open vSwitch contacts this OVSDB client over the
+ network:
+ </p>
+
+ <dl>
+ <dt><code>in-band</code></dt>
+ <dd>
+ In this mode, this connection's traffic travels over a bridge
+ managed by Open vSwitch. With this setting, Open vSwitch allows
+ traffic to and from the client regardless of the contents of the
+ OpenFlow flow table. (Otherwise, Open vSwitch would never be able
+ to connect to the client, because it did not have a flow to enable
+ it.) This is the most common connection mode because it is not
+ necessary to maintain two independent networks.
+ </dd>
+ <dt><code>out-of-band</code></dt>
+ <dd>
+ In this mode, the client's traffic uses a control network separate
+ from that managed by Open vSwitch, that is, Open vSwitch does not
+ use any of its own network devices to communicate with the client.
+ The control network must be configured separately, before or after
+ <code>ovs-vswitchd</code> is started.
+ </dd>
+ </dl>
+
+ <p>
+ If not specified, the default is implementation-specific.
+ </p>
+ </column>
+ </group>
+
+ <group title="Client Failure Detection and Handling">
+ <column name="max_backoff">
+ Maximum number of milliseconds to wait between connection attempts.
+ Default is implementation-specific.
+ </column>
+
+ <column name="inactivity_probe">
+ Maximum number of milliseconds of idle time on connection to the client
+ before sending an inactivity probe message. If Open vSwitch does not
+ communicate with the client for the specified number of seconds, it
+ will send a probe. If a response is not received for the same
+ additional amount of time, Open vSwitch assumes the connection has been
+ broken and attempts to reconnect. Default is implementation-specific.
+ </column>
+ </group>
+
+ <group title="Other Features">
+ <column name="external_ids">
+ Key-value pairs for use by external frameworks that integrate with Open
+ vSwitch, rather than by Open vSwitch itself. System integrators should
+ either use the Open vSwitch development mailing list to coordinate on
+ common key-value definitions, or choose key names that are likely to be
+ unique. No common key-value pairs are currently defined.
+ </column>
+ </group>
+ </table>
+
<table name="NetFlow">
A NetFlow target. NetFlow is a protocol that exports a number of
details about terminating IP flows, such as the principals involved
git://git.onelab.eu / sliver-openvswitch.git / blobdiff