SSL used globally by the daemon.
</column>
+ <column name="other_config">
+ Key-value pairs for configuring rarely used Open vSwitch features. The
+ currently defined key-value pairs are:
+ <dl>
+ <dt><code>enable-statistics</code></dt>
+ <dd>
+ Set to <code>true</code> to enable populating the <ref
+ column="statistics"/> column or <code>false</code> (the default)
+ disable populating it.
+ </dd>
+ </dl>
+ </column>
+
<column name="external_ids">
Key-value pairs for use by external frameworks that integrate
with Open vSwitch, rather than by Open vSwitch itself. System
<dd>A unique identifier for the Open vSwitch's physical host.
The form of the identifier depends on the type of the host.
On a Citrix XenServer, this will likely be the same as
- <code>xs-system-uuid</code>.</dd>
+ <ref column="external_ids" key="xs-system-uuid"/>.</dd>
<dt><code>xs-system-uuid</code></dt>
<dd>The Citrix XenServer universally unique identifier for the
physical host as displayed by <code>xe host-list</code>.</dd>
apply to a platform are omitted.
</p>
+ <p>
+ Statistics are disabled unless <ref column="other-config"
+ key="enable-statistics"/> is set to <code>true</code>.
+ </p>
+
<dl>
<dt><code>cpu</code></dt>
<dd>
</column>
<column name="flood_vlans">
- VLAN IDs of VLANs on which MAC address learning should be disabled, so
- that packets are flooded instead of being sent to specific ports that
- are believed to contain packets' destination MACs. This should
- ordinarily be used to disable MAC learning on VLANs used for mirroring
- (RSPAN VLANs). It may also be useful for debugging.
+ <p>
+ VLAN IDs of VLANs on which MAC address learning should be disabled,
+ so that packets are flooded instead of being sent to specific ports
+ that are believed to contain packets' destination MACs. This should
+ ordinarily be used to disable MAC learning on VLANs used for
+ mirroring (RSPAN VLANs). It may also be useful for debugging.
+ </p>
+ <p>
+ SLB bonding (see the <ref table="Port" column="bond_mode"/> column in
+ the <ref table="Port"/> table) is incompatible with
+ <code>flood_vlans</code>. Consider using another bonding mode or
+ a different type of mirror instead.
+ </p>
</column>
</group>
defined key-value pairs are:
<dl>
<dt><code>bridge-id</code></dt>
- <dd>A unique identifier of the bridge. On Citrix XenServer this
- will commonly be the same as <code>xs-network-uuids</code>.</dd>
+ <dd>A unique identifier of the bridge. On Citrix XenServer this will
+ commonly be the same as
+ <ref column="external_ids" key="xs-network-uuids"/>.</dd>
<dt><code>xs-network-uuids</code></dt>
<dd>Semicolon-delimited set of universally unique identifier(s) for
the network with which this bridge is associated on a Citrix
does not have QoS configured, or if the port does not have a queue
with the specified ID, the default queue is used instead.
</dd>
+ <dt><code>flow-eviction-threshold</code></dt>
+ <dd>
+ A number of flows as a nonnegative integer. This sets number
+ of flows at which eviction from the kernel flow table will
+ be triggered.
+ If there are a large number of flows then increasing this
+ value to around the number of flows present
+ can result in reduced CPU usage and packet loss.
+ </dd>
+ <dd>
+ The default is 1000.
+ </dd>
+ <dd>
+ Values below 100 will be rounded up to 100.
+ </dd>
+ <dt><code>forward-bpdu</code></dt>
+ <dd>
+ Option to allow forwarding of BPDU frames when NORMAL
+ action if invoked. Frames with reserved Ethernet addresses
+ (e.g. STP BPDU) will be forwarded when this option is enabled.
+ If the Open vSwitch bridge is used to connect different
+ Ethernet networks, and if Open vSwitch node does not run STP,
+ then this option should be enabled.
+ Default is disabled, set to <code>true</code> to enable.
+ </dd>
</dl>
</column>
</group>
balancing is done. Uses a similar hashing strategy to
<code>balance-tcp</code>, always taking into account L3 and L4
fields even if LACP negotiations are unsuccessful. </p>
- <p>Slave selection decisions are made based on
- <code>bond-stable-id</code> if set. Otherwise, OpenFlow port
- number is used. Decisions are consistent across all ovs-vswitchd
- instances with equivalent <code>bond-stable-id</code>s.</p>
+ <p>Slave selection decisions are made based on <ref table="Interface"
+ column="other_config" key="bond-stable-id"/> if set. Otherwise,
+ OpenFlow port number is used. Decisions are consistent across all
+ <code>ovs-vswitchd</code> instances with equivalent
+ <ref table="Interface" column="other_config" key="bond-stable-id"/>
+ values.</p>
</dd>
</dl>
connected to. <code>active</code> ports are allowed to initiate LACP
negotiations. <code>passive</code> ports are allowed to participate
in LACP negotiations initiated by a remote switch, but not allowed to
- initiate such negotiations themselves. If unset Open vSwitch will
- choose a reasonable default. </p>
+ initiate such negotiations themselves. Defaults to <code>off</code>
+ if unset. </p>
</column>
</group>
Key-value pairs for configuring rarely used port features. The
currently defined key-value pairs are:
<dl>
- <dt><code>hwaddr</code></dt>
- <dd>An Ethernet address in the form
- <code><var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var></code>.</dd>
<dt><code>bond-rebalance-interval</code></dt>
<dd>For an SLB bonded port, the number of milliseconds between
successive attempts to rebalance the bond, that is, to
<dd>A TUN/TAP device managed by Open vSwitch.</dd>
<dt><code>gre</code></dt>
<dd>An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4
- tunnel. Each tunnel must be uniquely identified by the
- combination of <code>remote_ip</code>, <code>local_ip</code>, and
- <code>in_key</code>. Note that if two ports are defined that are
- the same except one has an optional identifier and the other does
- not, the more specific one is matched first. <code>in_key</code>
- is considered more specific than <code>local_ip</code> if a port
- defines one and another port defines the other. The following
- options may be specified in the <ref column="options"/> column:
+ tunnel. Each tunnel must be uniquely identified by the
+ combination of <ref column="options" key="remote_ip"/>,
+ <ref column="options" key="local_ip"/>, and
+ <ref column="options" key="in_key"/>. Note that if two ports
+ are defined that are the same except one has an optional
+ identifier and the other does not, the more specific one is
+ matched first. <ref column="options" key="in_key"/> is considered
+ more specific than <ref column="options" key="local_ip"/> if a port
+ defines one and another port defines the other. The following
+ options may be specified in the <ref column="options"/> column:
<dl>
<dt><code>remote_ip</code></dt>
<dd>Required. The tunnel endpoint.</dd>
<dd>An Ethernet over RFC 2890 Generic Routing Encapsulation
over IPv4 IPsec tunnel. Each tunnel (including those of type
<code>gre</code>) must be uniquely identified by the
- combination of <code>remote_ip</code> and
- <code>local_ip</code>. Note that if two ports are defined
- that are the same except one has an optional identifier and
+ combination of <ref column="options" key="remote_ip"/> and
+ <ref column="options" key="local_ip"/>. Note that if two ports are
+ defined that are the same except one has an optional identifier and
the other does not, the more specific one is matched first.
- An authentication method of <code>peer_cert</code> or
- <code>psk</code> must be defined. The following options may
- be specified in the <ref column="options"/> column:
+ An authentication method of <ref column="options" key="peer_cert"/>
+ or <ref column="options" key="psk"/> must be defined. The
+ following options may be specified in the <ref column="options"/>
+ column:
<dl>
<dt><code>remote_ip</code></dt>
<dd>Required. The tunnel endpoint.</dd>
of the protocol is implemented. Due to the non-standard use of
CAPWAP, UDP ports 58881 and 58882 are used as the source and
destination ports respectively. Each tunnel must be uniquely
- identified by the combination of <code>remote_ip</code> and
- <code>local_ip</code>. If two ports are defined that are the same
- except one includes <code>local_ip</code> and the other does not,
- the more specific one is matched first. CAPWAP support is not
+ identified by the combination of
+ <ref column="options" key="remote_ip"/> and
+ <ref column="options" key="local_ip"/>. If two ports are defined
+ that are the same except one includes
+ <ref column="options" key="local_ip"/> and the other does not, the
+ more specific one is matched first. CAPWAP support is not
available on all platforms. Currently it is only supported in the
Linux kernel module with kernel versions >= 2.6.25. The following
options may be specified in the <ref column="options"/> column:
(otherwise it will be the system default, typically 64).
Default is the system default TTL.</dd>
</dl>
+ <dl>
+ <dt><code>in_key</code></dt>
+ <dd>Optional. The WSI key that received packets must contain.
+ It may either be a 64-bit number (no key and a key of 0 are
+ treated as equivalent) or the word <code>flow</code>. If
+ <code>flow</code> is specified then any key will be accepted
+ and the key will be placed in the <code>tun_id</code> field
+ for matching in the flow table. The ovs-ofctl manual page
+ contains additional information about matching fields in
+ OpenFlow flows. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>out_key</code></dt>
+ <dd>Optional. The WSI key to be set on outgoing packets. It may
+ either be a 64-bit number or the word <code>flow</code>. If
+ <code>flow</code> is specified then the key may be set using
+ the <code>set_tunnel</code> Nicira OpenFlow vendor extension (0
+ is used in the absence of an action). The ovs-ofctl manual
+ page contains additional information about the Nicira OpenFlow
+ vendor extensions. Default is no key.</dd>
+ </dl>
+ <dl>
+ <dt><code>key</code></dt>
+ <dd>Optional. Shorthand to set <code>in_key</code> and
+ <code>out_key</code> at the same time.</dd>
+ </dl>
<dl>
<dt><code>df_inherit</code></dt>
<dd>Optional. If enabled, the Don't Fragment bit will be copied
<column name="status">
<p>
- Key-value pairs that report port status. Supported status
- values are <code>type</code>-dependent; some interfaces may not have
- a valid <code>driver_name</code>, for example.
+ Key-value pairs that report port status. Supported status values are
+ <ref column="type"/>-dependent; some interfaces may not have a valid
+ <ref column="status" key="driver_name"/>, for example.
</p>
<p>The currently defined key-value pairs are:</p>
<dl>
<dd>Egress interface for tunnels. Currently only relevant for GRE
and CAPWAP tunnels. On Linux systems, this column will show
the name of the interface which is responsible for routing
- traffic destined for the configured <code>remote_ip</code>.
- This could be an internal interface such as a bridge port.</dd>
+ traffic destined for the configured
+ <ref column="options" key="remote_ip"/>. This could be an
+ internal interface such as a bridge port.</dd>
</dl>
<dl>
<dt><code>tunnel_egress_iface_carrier</code></dt>
- <dd>Whether a carrier is detected on <ref
- column="tunnel_egress_iface"/>. Valid values are <code>down</code>
- and <code>up</code>.</dd>
+ <dd>Whether a carrier is detected on
+ <ref column="status" key="tunnel_egress_iface"/>. Valid values
+ are <code>down</code> and <code>up</code>.</dd>
</dl>
</column>
</group>
configurable transmission interval.
</p>
+ <p>
+ According to the 802.1ag specification, each Maintenance Point should
+ be configured out-of-band with a list of Remote Maintenance Points it
+ should have connectivity to. Open vSwitch differs from the
+ specification in this area. It simply assumes the link is faulted if
+ no Remote Maintenance Points are reachable, and considers it not
+ faulted otherwise.
+ </p>
+
<column name="cfm_mpid">
A Maintenance Point ID (MPID) uniquely identifies each endpoint within
a Maintenance Association. The MPID is used to identify this endpoint
CFM on this <ref table="Interface"/>.
</column>
- <column name="cfm_remote_mpid">
- The MPID of the remote endpoint being monitored. If this
- <ref table="Interface"/> does not have connectivity to an endpoint
- advertising the configured MPID, a fault is signalled. Must be
- configured to enable CFM on this <ref table="Interface"/>
- </column>
-
<column name="cfm_fault">
- Indicates a connectivity fault triggered by an inability to receive
- heartbeats from the remote endpoint. When a fault is triggered on
- <ref table="Interface"/>s participating in bonds, they will be
- disabled.
+ <p>
+ Indicates a connectivity fault triggered by an inability to receive
+ heartbeats from any remote endpoint. When a fault is triggered on
+ <ref table="Interface"/>s participating in bonds, they will be
+ disabled.
+ </p>
+ <p>
+ Faults can be triggered for several reasons. Most importantly they
+ are triggered when no CCMs are received for a period of 3.5 times the
+ transmission interval. Faults are also triggered when any CCMs
+ indicate that a Remote Maintenance Point is not receiving CCMs but
+ able to send them. Finally, a fault is triggered if a CCM is
+ received which indicates unexpected configuration. Notably, this
+ case arises when a CCM is received which advertises the local MPID.
+ </p>
</column>
</group>
field in the VIF record for this interface.</dd>
<dt><code>iface-id</code></dt>
<dd>A system-unique identifier for the interface. On XenServer,
- this will commonly be the same as <code>xs-vif-uuid</code>.</dd>
+ this will commonly be the same as
+ <ref column="external_ids" key="xs-vif-uuid"/>.</dd>
</dl>
<p>
Additionally the following key-value pairs specifically
<dd> The transmission interval of CFM heartbeats in milliseconds.
Three missed heartbeat receptions indicate a connectivity fault.
Defaults to 1000ms. </dd>
+ <dt><code>cfm_extended</code></dt>
+ <dd> When true, the CFM module operates in extended mode. This causes
+ it to use a nonstandard destination address to avoid conflicting
+ with compliant implementations which may be running concurrently on
+ the network. Furthermore, extended mode increases the accuracy of
+ the <code>cfm_interval</code> configuration parameter by breaking
+ wire compatibility with 802.1ag compliant implementations.
+ Defaults to false.</dd>
<dt><code>bond-stable-id</code></dt>
<dd> A positive integer using in <code>stable</code> bond mode to
make slave selection decisions. Allocating
- <code>bond-stable-id</code>s consistently across interfaces
- participating in a bond will guarantee consistent slave selection
- decisions across ovs-vswitchd instances when using
- <code>stable</code> bonding mode.</dd>
+ <ref column="other_config" key="bond-stable-id"/> values
+ consistently across interfaces participating in a bond will
+ guarantee consistent slave selection decisions across
+ <code>ovs-vswitchd</code> instances when using <code>stable</code>
+ bonding mode.</dd>
<dt><code>lacp-port-id</code></dt>
<dd> The LACP port ID of this <ref table="Interface"/>. Port IDs are
used in LACP negotiations to identify individual ports
</column>
</table>
- <table name="Mirror" title="Port mirroring (SPAN/RSPAN).">
+ <table name="Mirror" title="Port mirroring (SPAN/RSPAN/ERSPAN).">
<p>A port mirror within a <ref table="Bridge"/>.</p>
<p>A port mirror configures a bridge to send selected frames to special
- ``mirrored'' ports, in addition to their normal destinations. Mirroring
- traffic may also be referred to as SPAN or RSPAN, depending on the
- mechanism used for delivery.</p>
+ ``mirrored'' ports, in addition to their normal destinations. Mirroring
+ traffic may also be referred to as SPAN, RSPAN, or ERSPAN, depending on how
+ the mirrored traffic is sent.</p>
<column name="name">
Arbitrary identifier for the <ref table="Mirror"/>.
<column name="output_port">
<p>Output port for selected packets, if nonempty.</p>
<p>Specifying a port for mirror output reserves that port exclusively
- for mirroring. No frames other than those selected for mirroring
- will be forwarded to the port, and any frames received on the port
- will be discarded.</p>
- <p>This type of mirroring is sometimes called SPAN.</p>
+ for mirroring. No frames other than those selected for mirroring
+ will be forwarded to the port, and any frames received on the port
+ will be discarded.</p>
+ <p>
+ The output port may be any kind of port supported by Open vSwitch.
+ It may be, for example, a physical port (sometimes called SPAN), or a
+ GRE tunnel (sometimes called ERSPAN).
+ </p>
</column>
<column name="output_vlan">
<ref column="output_vlan"/>, replacing any existing tag; when it is
sent out an implicit VLAN port, the frame will not be tagged. This
type of mirroring is sometimes called RSPAN.</p>
+ <p>
+ The following destination MAC addresses will not be mirrored to a
+ VLAN to avoid confusing switches that interpret the protocols that
+ they represent:
+ </p>
+ <dl>
+ <dt><code>01:80:c2:00:00:00</code></dt>
+ <dd>IEEE 802.1D Spanning Tree Protocol (STP).</dd>
+
+ <dt><code>01:80:c2:00:00:01</code></dt>
+ <dd>IEEE Pause frame.</dd>
+
+ <dt><code>01:80:c2:00:00:0<var>x</var></code></dt>
+ <dd>Other reserved protocols.</dd>
+
+ <dt><code>01:00:0c:cc:cc:cc</code></dt>
+ <dd>
+ Cisco Discovery Protocol (CDP), VLAN Trunking Protocol (VTP),
+ Dynamic Trunking Protocol (DTP), Port Aggregation Protocol (PAgP),
+ and others.
+ </dd>
+
+ <dt><code>01:00:0c:cc:cc:cd</code></dt>
+ <dd>Cisco Shared Spanning Tree Protocol PVSTP+.</dd>
+
+ <dt><code>01:00:0c:cd:cd:cd</code></dt>
+ <dd>Cisco STP Uplink Fast.</dd>
+
+ <dt><code>01:00:0c:00:00:00</code></dt>
+ <dd>Cisco Inter Switch Link.</dd>
+ </dl>
<p><em>Please note:</em> Mirroring to a VLAN can disrupt a network that
contains unmanaged switches. Consider an unmanaged physical switch
with two ports: port 1, connected to an end host, and port 2,
Open vSwitch is being used as an intermediate switch, learning can be
disabled by adding the mirrored VLAN to <ref column="flood_vlans"/>
in the appropriate <ref table="Bridge"/> table or tables.</p>
+ <p>
+ Mirroring to a GRE tunnel has fewer caveats than mirroring to a
+ VLAN and should generally be preferred.
+ </p>
</column>
</group>
database (in seconds). Value is empty if manager has never
disconnected.</dd>
</dl>
+ <dl>
+ <dt><code>locks_held</code></dt>
+ <dt><code>locks_waiting</code></dt>
+ <dt><code>locks_lost</code></dt>
+ <dd>
+ Space-separated lists of the names of OVSDB locks that the
+ connection holds, is currently waiting to acquire, or has had
+ stolen by another OVSDB client, respectively. Key-value pairs for
+ lists that would be empty are omitted.
+ </dd>
+ </dl>
+ <dl>
+ <dt><code>n_connections</code></dt>
+ <dd>
+ <p>
+ When <ref column="target"/> specifies a connection method that
+ listens for inbound connections (e.g. <code>ptcp:</code> or
+ <code>pssl:</code>) and more than one connection is actually
+ active, the value is the number of active connections.
+ Otherwise, this key-value pair is omitted.
+ </p>
+ <p>
+ When multiple connections are active, status columns and
+ key-value pairs (other than this one) report the status of one
+ arbitrarily chosen connection.
+ </p>
+ </dd>
+ </dl>
</column>
</group>
</table>