X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=vswitchd%2Fvswitch.xml;h=a3518130f1fe204aaed90a6cf0adc79bf487e2c3;hb=12eb035b810ff9d537d6ff9f1eb8ad5564c1f644;hp=e9ea0c4c73a2d1e79eeaf946fa618c932daba3c4;hpb=b363bae4f802a07efec6e012075caf915e1e4fe5;p=sliver-openvswitch.git
diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index e9ea0c4c7..a3518130f 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -71,6 +71,122 @@
The Citrix XenServer universally unique identifier for the physical
host as displayed by
+ Interval for updating statistics to the database, in milliseconds.
+ This option will affect the update of the
+ Default value is 5000 ms.
+
+ Getting statistics more frequently can be achieved via OpenFlow.
+
+ When
+ This option allows for improvement. When
+ Thus, with this option, the procedure for a hot-upgrade of
+
+ The
+ The maximum
+ number of flows allowed in the datapath flow table. Internally OVS
+ will choose a flow limit which will likely be lower than this number,
+ based on real time network conditions.
+
+ The default is 200000.
+
+ Specifies the number of threads for software datapaths to use for
+ handling new flows. The default the number of online CPU cores minus
+ the number of revalidators.
+
+ This configuration is per datapath. If you have more than one
+ software datapath (e.g. some
+ Specifies the number of threads for software datapaths to use for
+ revalidating flows in the datapath. Typically, there is a direct
+ correlation between the number of revalidator threads, and the number
+ of flows allowed in the datapath. The default is the number of cpu
+ cores divided by four plus one. If
+ This configuration is per datapath. If you have more than one
+ software datapath (e.g. some
+ List of OpenFlow protocols that may be used when negotiating
+ a connection with a controller. OpenFlow 1.0, 1.1, 1.2, and
+ 1.3 are enabled by default if this column is empty.
+
+ The current implementation of OpenFlow 1.4 support is not safe:
+
- A number of flows as a nonnegative integer. This sets number of
- flows at which eviction from the kernel flow table will be triggered.
- If there are a large number of flows then increasing this value to
- around the number of flows present can result in reduced CPU usage
- and packet loss.
-
- The default is 1000. Values below 100 will be rounded up to 100.
- xe host-list
.
+
+ statistics
+ column in the following tables: Port
, Interface
+
, Mirror
.
+ ovs-vswitchd
starts up, it has an empty flow table
+ and therefore it handles all arriving packets in its default fashion
+ according to its configuration, by dropping them or sending them to
+ an OpenFlow controller or switching them as a standalone switch.
+ This behavior is ordinarily desirable. However, if
+ ovs-vswitchd
is restarting as part of a ``hot-upgrade,''
+ then this leads to a relatively long period during which packets are
+ mishandled.
+ ovs-vswitchd
+ starts with this value set as true
, it will neither
+ flush or expire previously set datapath flows nor will it send and
+ receive any packets to or from the datapath. When this value is
+ later set to false
, ovs-vswitchd
will
+ start receiving packets from the datapath and re-setup the flows.
+ ovs-vswitchd
becomes roughly the following:
+
+
+ ovs-vswitchd
.
+ true
.
+ ovs-vswitchd
.
+ ovs-ofctl
(or some other program, such as an
+ OpenFlow controller) to restore the OpenFlow flow table
+ to the desired state.
+ false
(or remove it entirely from the database).
+ ovs-ctl
's ``restart'' and ``force-reload-kmod''
+ functions use the above config option during hot upgrades.
+ system
bridges and some
+ netdev
bridges), then the total number of threads is
+ n-handler-threads
times the number of software
+ datapaths.
+ n-handler-threads
is
+ set, the default changes to the number of cpu cores minus the number
+ of handler threads.
+ system
bridges and some
+ netdev
bridges), then the total number of threads is
+ n-handler-threads
times the number of software
+ datapaths.
+ switch3 in room 3120
.
+ true
, disable in-band control on the bridge
@@ -453,6 +579,25 @@
QoS configured, or if the port does not have a queue with the specified
ID, the default queue is used instead.
ovs-vswitchd
will abort when certain unimplemented
+ features are tested. Thus, for now it is suitable only for
+ experimental use. For this reason, OpenFlow 1.4 is supported only
+ if, in addition to specifying OpenFlow14
in this field,
+ ovs-vswitchd
is invoked with the
+ --enable-of14
option. (When support becomes safe, this
+ option will be removed.)
+
+ The maximum number of MAC addresses to learn. The default is + currently 2048. The value, if specified, is forced into a reasonable + range, currently 10 to 1,000,000. +
+
The following modes require the upstream switch to support 802.3ad with
- successful LACP negotiation:
+ successful LACP negotiation. If LACP negotiation fails and
+ other-config:lacp-fallback-ab is true, then active-backup
+ mode is used:
stable
Deprecated and slated for removal in February 2013.
-Attempts to always assign a given flow to the same slave
- consistently. In an effort to maintain stability, no load
- balancing is done. Uses a similar hashing strategy to
- balance-tcp
, always taking into account L3 and L4
- fields even if LACP negotiations are unsuccessful.
Slave selection decisions are made based on if set. Otherwise,
- OpenFlow port number is used. Decisions are consistent across all
- ovs-vswitchd
instances with equivalent
-
- values.
These columns apply only to bonded ports. Their values are
@@ -933,7 +1059,8 @@
in LACP negotiations initiated by a remote switch, but not allowed to
initiate such negotiations themselves. If LACP is enabled on a port
whose partner switch does not support LACP, the bond will be
- disabled. Defaults to off
if unset.
+ disabled, unless other-config:lacp-fallback-ab is set to true.
+ Defaults to off
if unset.
+ Determines the behavior of openvswitch bond in LACP mode. If
+ the partner switch does not support LACP, setting this option
+ to true
allows openvswitch to fallback to
+ active-backup. If the option is set to false
, the
+ bond will be disabled. In both the cases, once the partner switch
+ is configured to LACP mode, the bond will use LACP.
+
- Key-value pairs that report port statistics.
+ Key-value pairs that report port statistics. The update period
+ is controlled by in the Open_vSwitch
table.
Ethernet address to set for this interface. If unset then the default MAC address is used:
@@ -1146,19 +1297,59 @@ address.OpenFlow port number for this interface. Unlike most columns, this - column's value should be set only by Open vSwitch itself. Other - clients should set this column to an empty set (the default) when - creating an .
-Open vSwitch populates this column when the port number becomes - known. If the interface is successfully added, - will be set to a number between 1 and 65535 - (generally either in the range 1 to 65279, inclusive, or 65534, the - port number for the OpenFlow ``local port''). If the interface - cannot be added then Open vSwitch sets this column - to -1.
-+ When a client adds a new interface, Open vSwitch chooses an OpenFlow + port number for the new port. If the client that adds the port fills + in , then Open vSwitch tries to use its + value as the OpenFlow port number. Otherwise, or if the requested + port number is already in use or cannot be used for another reason, + Open vSwitch automatically assigns a free port number. Regardless of + how the port number was obtained, Open vSwitch then reports in the port number actually assigned. +
+ ++ Open vSwitch limits the port numbers that it automatically assigns to + the range 1 through 32,767, inclusive. Controllers therefore have + free use of ports 32,768 and up. +
+ ++ OpenFlow port number for this interface. Open vSwitch sets this + column's value, so other clients should treat it as read-only. +
+
+ The OpenFlow ``local'' port (OFPP_LOCAL
) is 65,534.
+ The other valid port numbers are in the range 1 to 65,279,
+ inclusive. Value -1 indicates an error adding the interface.
+
+ Requested OpenFlow port number for this interface. +
+ ++ A client should ideally set this column's value in the same + database transaction that it uses to create the interface. Open + vSwitch version 2.1 and later will honor a later request for a + specific port number, althuogh it might confuse some controllers: + OpenFlow does not have a way to announce a port number change, so + Open vSwitch represents it over OpenFlow as a port deletion + followed immediately by a port addition. +
+ ++ If is set or changed to some other + port's automatically assigned port number, Open vSwitch chooses a + new port number for the latter port. +
+gre
ipsec_gre
capwap
vxlan
+ An Ethernet tunnel over the experimental, UDP-based VXLAN
+ protocol described at
+ http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-03
.
+
+ Open vSwitch uses UDP destination port 4789. The source port used for + VXLAN traffic varies on a per-flow basis and is in the ephemeral port + range. +
+lisp
+ A layer 3 tunnel over the experimental, UDP-based Locator/ID + Separation Protocol (RFC 6830). +
++ Only IPv4 and IPv6 packets are supported by the protocol, and + they are sent and received without an Ethernet header. Traffic + to/from LISP ports is expected to be configured explicitly, and + the ports are not intended to participate in learning based + switching. As such, they are always excluded from packet + flooding. +
patch
These options apply to interfaces with of
gre
, ipsec_gre
, gre64
,
- ipsec_gre64
, and capwap
.
+ ipsec_gre64
, vxlan
, and lisp
.
@@ -1255,22 +1465,67 @@
- Required. The tunnel endpoint. Unicast and multicast endpoints are - both supported. -
+Required. The remote tunnel endpoint, one of:
+ +192.168.0.123
.
+ Only unicast endpoints are supported.
+ flow
. The tunnel accepts packets from any
+ remote tunnel endpoint. To process only packets from a specific
+ remote tunnel endpoint, the flow entries may match on the
+ tun_src
field. When sending packets to a
+ remote_ip=flow
tunnel, the flow actions must
+ explicitly set the tun_dst
field to the IP address of
+ the desired remote tunnel endpoint, e.g. with a
+ set_field
action.
+
- When a multicast endpoint is specified, a routing table lookup occurs
- only when the tunnel is created. Following a routing change, delete
- and then re-create the tunnel to force a new routing table lookup.
+ The remote tunnel endpoint for any packet received from a tunnel
+ is available in the tun_src
field for matching in the
+ flow table.
+ Optional. The tunnel destination IP that received packets must + match. Default is to match all addresses. If specified, may be one + of: +
+ +192.168.12.3
.
+ flow
. The tunnel accepts packets sent to any
+ of the local IP addresses of the system running OVS. To process
+ only packets sent to a specific IP address, the flow entries may
+ match on the tun_dst
field. When sending packets to a
+ local_ip=flow
tunnel, the flow actions may
+ explicitly set the tun_src
field to the desired IP
+ address, e.g. with a set_field
action. However, while
+ routing the tunneled packet out, the local system may override the
+ specified address with the local IP address configured for the
+ outgoing system interface.
+
+
+ This option is valid only for tunnels also configured with the
+ remote_ip=flow
option.
+
+ The tunnel destination IP address for any packet received from a
+ tunnel is available in the tun_dst
field for matching in
+ the flow table.
+
flow
. The tunnel accepts packets with any
@@ -1309,8 +1565,9 @@
key="out_key"/> at all.
flow
. Packets sent through the tunnel will
@@ -1343,48 +1600,13 @@
system default, typically 64). Default is the system default TTL.
true
to
- enable.
- df_inherit
option is not set, or if
- the encapsulated packet is not IP. Default is enabled; set to
- false
to disable.
+ Optional. If enabled, the Don't Fragment bit will be set on tunnel
+ outer headers to allow path MTU discovery. Default is enabled; set
+ to false
to disable.
false
to disable.
-
- Only gre
interfaces support these options.
-
iptables
) and it may be useful to disable it if these
- features are required or as a debugging measure. Default is enabled,
- set to false
to disable.
-
Only
Key-value pairs that report interface statistics. The current
- implementation updates these counters periodically. Future
- implementations may update them when an interface is created, when they
- are queried (e.g. using an OVSDB
These are the same statistics reported by OpenFlow in its gre
and ipsec_gre
interfaces support
@@ -1544,15 +1766,15 @@
gre
or capwap
.
+ gre
.
select
operation), and
- just before an interface is deleted due to virtual interface hot-unplug
- or VM shutdown, and perhaps at other times, but not on any regular
- periodic basis.
+ implementation updates these counters periodically. The update period
+ is controlled by in the Open_vSwitch
table.
+ Future implementations may update them when an interface is created,
+ when they are queried (e.g. using an OVSDB select
+ operation), and just before an interface is deleted due to virtual
+ interface hot-unplug or VM shutdown, and perhaps at other times, but
+ not on any regular periodic basis.
struct
@@ -1699,6 +1923,160 @@
+ BFD, defined in RFC 5880 and RFC 5881, allows point-to-point + detection of connectivity failures by occasional transmission of + BFD control messages. Open vSwitch implements BFD to serve + as a more popular and standards compliant alternative to CFM. +
+ ++ BFD operates by regularly transmitting BFD control messages at a rate + negotiated independently in each direction. Each endpoint specifies + the rate at which it expects to receive control messages, and the rate + at which it is willing to transmit them. Open vSwitch uses a detection + multiplier of three, meaning that an endpoint signals a connectivity + fault if three consecutive BFD control messages fail to arrive. In the + case of a unidirectional connectivity issue, the system not receiving + BFD control messages signals the problem to its peer in the messages it + transmits. +
+ ++ The Open vSwitch implementation of BFD aims to comply faithfully + with RFC 5880 requirements. Open vSwitch does not implement the + optional Authentication or ``Echo Mode'' features. +
+ ++ A controller sets up key-value pairs in the + column to enable and configure BFD. +
+ +1000
.
+ 100
.
+ true
, traffic received on the
+ is used to indicate the capability of packet
+ I/O. BFD control packets are still transmitted and received. At
+ least one BFD control packet must be received every 100 * amount of time. Otherwise, even if
+ traffic are received, the
+ will be false
.
+ 00:23:20:00:00:01
.
+ 169.254.1.0
.
+ 169.254.1.1
.
+ + The switch sets key-value pairs in the + column to report the status of BFD on this interface. When BFD is + not enabled, with , the switch clears + all key-value pairs from . +
+ +UP
.
+ UP
, and the remote
+ system isn't signaling a problem such as concatenated path down.
+ 802.1ag Connectivity Fault Management (CFM) allows a group of @@ -1725,11 +2103,23 @@
+ A Maintenance Point ID (MPID) uniquely identifies each endpoint + within a Maintenance Association. The MPID is used to identify this + endpoint to other Maintenance Points in the MA. Each end of a link + being monitored should have a different MPID. Must be configured to + enable CFM on this . +
++ According to the 802.1ag specification, MPIDs can only range between + [1, 8191]. However, extended mode (see ) supports eight byte MPIDs. +
+cfm_interval
configuration parameter by breaking wire
- compatibility with 802.1ag compliant implementations. Defaults to
- false
.
+ compatibility with 802.1ag compliant implementations. And extended
+ mode allows eight byte MPIDs. Defaults to false
.
+ When true
, and
+ is true, the CFM
+ module operates in demand mode. When in demand mode, traffic
+ received on the is used to indicate
+ liveness. CCMs are still transmitted and received. At least one
+ CCM must be received every 100 * amount of time. Otherwise, even if traffic
+ are received, the CFM module will raise the connectivity fault.
+
+ Demand mode has a couple of caveats: +
down
, the CFM module marks all CCMs it generates as
@@ -1888,16 +2317,6 @@
stable
bond mode to make slave
- selection decisions. Allocating values consistently across interfaces
- participating in a bond will guarantee consistent slave selection
- decisions across ovs-vswitchd
instances when using
- stable
bonding mode.
- active
means that
this is the active
instance within a single hypervisor, not in a broader scope.
+ There is one exception: some hypervisors support ``migration'' from a
+ given hypervisor to itself (most often for test purposes). During
+ such a ``migration,'' two instances of a single might both be briefly marked
+ active
on a single hypervisor.
+ This string set specifies which fields should be used for + address prefix tracking. Prefix tracking allows the + classifier to skip rules with longer than necessary prefixes, + resulting in better wildcarding for datapath flows. +
++ Prefix tracking may be beneficial when a flow table contains + matches on IP address fields with different prefix lengths. + For example, when a flow table contains IP address matches on + both full addresses and proper prefixes, the full address + matches will typically cause the datapath flow to un-wildcard + the whole address field (depending on flow entry priorities). + In this case each packet with a different address gets handed + to the userspace for flow processing and generates its own + datapath flow. With prefix tracking enabled for the address + field in question packets with addresses matching shorter + prefixes would generate datapath flows where the irrelevant + address bits are wildcarded, allowing the same datapath flow + to handle all the packets within the prefix in question. In + this case many userspace upcalls can be avoided and the + overall performance can be better. +
++ This is a performance optimization only, so packets will + receive the same treatment with or without prefix tracking. +
+
+ The supported fields are: tun_id
,
+ tun_src
, tun_dst
,
+ nw_src
, nw_dst
(or aliases
+ ip_src
and ip_dst
),
+ ipv6_src
, and ipv6_dst
. (Using this
+ feature for tun_id
would only make sense if the
+ tunnel IDs have prefix structure similar to IP addresses.)
+
+ For example, prefixes=ip_dst,ip_src
instructs the
+ flow classifier to track the IP destination and source
+ addresses used by the rules in this specific flow table. To
+ set the prefix fields, the flow table record needs to exist:
+
ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create Flow_Table name=table0
ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
+ There is a maximum number of fields that can be enabled for any + one flow table. Currently this limit is 3. +
+Common
+ Columns
at the beginning of this document.
+
+