<group title="Version Reporting">
<p>
- These columns report the types and versions of the hardware and
- software running Open vSwitch. We recommend in general that software
- should test whether specific features are supported instead of relying
- on version number checks. These values are primarily intended for
- reporting to human administrators.
+ These columns report the types and versions of the hardware and
+ software running Open vSwitch. We recommend in general that software
+ should test whether specific features are supported instead of relying
+ on version number checks. These values are primarily intended for
+ reporting to human administrators.
</p>
<column name="ovs_version">
- The Open vSwitch version number, e.g. <code>1.1.0pre2</code>.
- If Open vSwitch was configured with a build number, then it is
- also included, e.g. <code>1.1.0pre2+build4948</code>.
+ The Open vSwitch version number, e.g. <code>1.1.0pre2</code>.
+ If Open vSwitch was configured with a build number, then it is
+ also included, e.g. <code>1.1.0pre2+build4948</code>.
+ </column>
+
+ <column name="db_version">
+ <p>
+ The database schema version number in the form
+ <code><var>major</var>.<var>minor</var>.<var>tweak</var></code>,
+ e.g. <code>1.2.3</code>. Whenever the database schema is changed in
+ a non-backward compatible way (e.g. deleting a column or a table),
+ <var>major</var> is incremented. When the database schema is changed
+ in a backward compatible way (e.g. adding a new column),
+ <var>minor</var> is incremented. When the database schema is changed
+ cosmetically (e.g. reindenting its syntax), <var>tweak</var> is
+ incremented.
+ </p>
+
+ <p>
+ The schema version is part of the database schema, so it can also be
+ retrieved by fetching the schema using the Open vSwitch database
+ protocol.
+ </p>
</column>
<column name="system_type">
<p>
- An identifier for the type of system on top of which Open vSwitch
- runs, e.g. <code>XenServer</code> or <code>KVM</code>.
- </p>
- <p>
- System integrators are responsible for choosing and setting an
- appropriate value for this column.
- </p>
+ An identifier for the type of system on top of which Open vSwitch
+ runs, e.g. <code>XenServer</code> or <code>KVM</code>.
+ </p>
+ System integrators are responsible for choosing and setting an
+ appropriate value for this column.
+ </p>
</column>
<column name="system_version">
<p>
- The version of the system identified by <ref column="system_type"/>,
- e.g. <code>5.5.0-24648p</code> on XenServer 5.5.0 build 24648.
- </p>
- <p>
- System integrators are responsible for choosing and setting an
- appropriate value for this column.
- </p>
- </column>
-
+ The version of the system identified by <ref column="system_type"/>,
+ e.g. <code>5.5.0-24648p</code> on XenServer 5.5.0 build 24648.
+ </p>
+ System integrators are responsible for choosing and setting an
+ appropriate value for this column.
+ </p>
+ </column>
+
</group>
<group title="Database Configuration">
</group>
<group title="Bonding Configuration">
- <p>A port that has more than one interface is a ``bonded port.''
- Bonding allows for load balancing and fail-over. Open vSwitch
- supports ``source load balancing'' (SLB) bonding, which
- assigns flows to slaves based on source MAC address and output VLAN,
- with periodic rebalancing as traffic patterns change. This form of
- bonding does not require 802.3ad or other special support from the
- upstream switch to which the slave devices are connected.</p>
+ <p>A port that has more than one interface is a ``bonded port.'' Bonding
+ allows for load balancing and fail-over. Open vSwitch supports
+ ``source load balancing'' (SLB) and "active backup" bonding. SLB
+ bonding assigns flows to slaves based on source MAC address and output
+ VLAN, with periodic rebalancing as traffic patterns change. Active
+ backup bonding assigns all flows to one slave, failing over to a backup
+ slave when the active slave is disabled. Neither form of bonding
+ require 802.3ad or other special support from the upstream switch to
+ which the slave devices are connected.</p>
<p>These columns apply only to bonded ports. Their values are
otherwise ignored.</p>
+ <column name="bond_type">
+ <p>The type of bonding used for a bonded port. Currently supported
+ values are <code>slb</code> and <code>active-backup</code>. Defaults
+ to SLB if unset.</p>
+ </column>
+
<column name="bond_updelay">
<p>For a bonded port, the number of milliseconds for which carrier must
stay up on an interface before the interface is considered to be up.
<dd>An Ethernet address in the form
<code><var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var></code>.</dd>
<dt><code>bond-rebalance-interval</code></dt>
- <dd>For a bonded port, the number of milliseconds between
+ <dd>For an SLB bonded port, the number of milliseconds between
successive attempts to rebalance the bond, that is, to
move source MACs and their flows from one interface on
the bond to another in an attempt to keep usage of each
bypass certain components of the IP stack (such as IP tables)
and it may be useful to disable it if these features are
required or as a debugging measure. Default is enabled, set to
- <code>false</code> to disable. If IPsec is enabled through the
- <ref column="other_config"/> parameters, header caching will be
- automatically disabled.</dd>
+ <code>false</code> to disable.</dd>
+ </dl>
+ </dd>
+ <dt><code>ipsec_gre</code></dt>
+ <dd>An Ethernet over RFC 2890 Generic Routing Encapsulation
+ over IPv4 IPsec tunnel. Each tunnel (including those of type
+ <code>gre</code>) must be uniquely identified by the
+ combination of <code>remote_ip</code> and
+ <code>local_ip</code>. Note that if two ports are defined
+ that are the same except one has an optional identifier and
+ the other does not, the more specific one is matched first.
+ An authentication method of <code>peer_cert</code> or
+ <code>psk</code> must be defined. The following options may
+ be specified in the <ref column="options"/> column:
+ <dl>
+ <dt><code>remote_ip</code></dt>
+ <dd>Required. The tunnel endpoint.</dd>
+ </dl>
+ <dl>
+ <dt><code>local_ip</code></dt>
+ <dd>Optional. The destination IP that received packets must
+ match. Default is to match all addresses.</dd>
+ </dl>
+ <dl>
+ <dt><code>peer_cert</code></dt>
+ <dd>Required for certificate authentication. A string
+ containing the peer's certificate in PEM format.
+ Additionally the host's certificate must be specified
+ with the <code>certificate</code> option.</dd>
+ </dl>
+ <dl>
+ <dt><code>certificate</code></dt>
+ <dd>Required for certificate authentication. The name of a
+ PEM file containing a certificate that will be presented
+ to the peer during authentication.</dd>
+ </dl>
+ <dl>
+ <dt><code>private_key</code></dt>
+ <dd>Optional for certificate authentication. The name of
+ a PEM file containing the private key associated with
+ <code>certificate</code>. If <code>certificate</code>
+ contains the private key, this option may be omitted.</dd>
+ </dl>
+ <dl>
+ <dt><code>psk</code></dt>
+ <dd>Required for pre-shared key authentication. Specifies a
+ pre-shared key for authentication that must be identical on
+ both sides of the tunnel.</dd>
+ </dl>
+ <dl>
+ <dt><code>in_key</code></dt>
+ <dd>Optional. The GRE key that received packets must contain.
+ It may either be a 32-bit number (no key and a key of 0 are
+ treated as equivalent) or the word <code>flow</code>. If
+ <code>flow</code> is specified then any key will be accepted
+ and the key will be placed in the <code>tun_id</code> field
+ for matching in the flow table. The ovs-ofctl manual page
+ contains additional information about matching fields in
+ OpenFlow flows. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>out_key</code></dt>
+ <dd>Optional. The GRE key to be set on outgoing packets. It may
+ either be a 32-bit number or the word <code>flow</code>. If
+ <code>flow</code> is specified then the key may be set using
+ the <code>set_tunnel</code> Nicira OpenFlow vendor extension (0
+ is used in the absence of an action). The ovs-ofctl manual
+ page contains additional information about the Nicira OpenFlow
+ vendor extensions. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>key</code></dt>
+ <dd>Optional. Shorthand to set <code>in_key</code> and
+ <code>out_key</code> at the same time.</dd>
+ </dl>
+ <dl>
+ <dt><code>tos</code></dt>
+ <dd>Optional. The value of the ToS bits to be set on the
+ encapsulating packet. It may also be the word
+ <code>inherit</code>, in which case the ToS will be copied from
+ the inner packet if it is IPv4 or IPv6 (otherwise it will be
+ 0). Note that the ECN fields are always inherited. Default is
+ 0.</dd>
+ </dl>
+ <dl>
+ <dt><code>ttl</code></dt>
+ <dd>Optional. The TTL to be set on the encapsulating packet.
+ It may also be the word <code>inherit</code>, in which case the
+ TTL will be copied from the inner packet if it is IPv4 or IPv6
+ (otherwise it will be the system default, typically 64).
+ Default is the system default TTL.</dd>
+ </dl>
+ <dl>
+ <dt><code>csum</code></dt>
+ <dd>Optional. Compute GRE checksums on outgoing packets.
+ Checksums present on incoming packets will be validated
+ regardless of this setting. Note that GRE checksums
+ impose a significant performance penalty as they cover the
+ entire packet. As the contents of the packet is typically
+ covered by L3 and L4 checksums, this additional checksum only
+ adds value for the GRE and encapsulated Ethernet headers.
+ Default is disabled, set to <code>true</code> to enable.</dd>
+ </dl>
+ <dl>
+ <dt><code>pmtud</code></dt>
+ <dd>Optional. Enable tunnel path MTU discovery. If enabled
+ ``ICMP destination unreachable - fragmentation'' needed
+ messages will be generated for IPv4 packets with the DF bit set
+ and IPv6 packets above the minimum MTU if the packet size
+ exceeds the path MTU minus the size of the tunnel headers. It
+ also forces the encapsulating packet DF bit to be set (it is
+ always set if the inner packet implies path MTU discovery).
+ Note that this option causes behavior that is typically
+ reserved for routers and therefore is not entirely in
+ compliance with the IEEE 802.1D specification for bridges.
+ Default is enabled, set to <code>false</code> to disable.</dd>
</dl>
</dd>
<dt><code>capwap</code></dt>
Key-value pairs that report port status. Supported status
values are <code>type</code>-dependent.
</p>
- <p>The only currently defined key-value pair is:</p>
+ <p>The currently defined key-value pairs are:</p>
<dl>
<dt><code>source_ip</code></dt>
<dd>The source IP address used for an IPv4 tunnel end-point,
such as <code>gre</code> or <code>capwap</code>. Not
supported by all implementations.</dd>
</dl>
+ <dl>
+ <dt><code>tunnel_egress_iface</code></dt>
+ <dd>Egress interface for tunnels. Currently only relevant for GRE
+ and CAPWAP tunnels. On Linux systems, this column will show
+ the name of the interface which is responsible for routing
+ traffic destined for the configured <code>remote_ip</code>.
+ This could be an internal interface such as a bridge port.</dd>
+ </dl>
</column>
</group>
<column name="other_config">
Key-value pairs for rarely used interface features. Currently,
- the only keys are for configuring GRE-over-IPsec, which is only
- available through the <code>openvswitch-ipsec</code> package for
- Debian. The currently defined key-value pairs are:
- <dl>
- <dt><code>ipsec_local_ip</code></dt>
- <dd>Required key for GRE-over-IPsec interfaces. Additionally,
- the <ref column="type"/> must be <code>gre</code> and the
- <code>ipsec_psk</code> <ref column="other_config"/> key must
- be set. The <code>in_key</code>, <code>out_key</code>, and
- <code>key</code> <ref column="options"/> must not be
- set.</dd>
- <dt><code>ipsec_psk</code></dt>
- <dd>Required key for GRE-over-IPsec interfaces. Specifies a
- pre-shared key for authentication that must be identical on
- both sides of the tunnel. Additionally, the
- <code>ipsec_local_ip</code> key must also be set.</dd>
- </dl>
+ there are none defined.
</column>
<column name="statistics">
git://git.onelab.eu / sliver-openvswitch.git / blobdiff