Ethernet address to set for this interface. If unset then the
- default MAC address is used:
+ default MAC address is used:
- For the local interface, the default is the lowest-numbered MAC
- address among the other bridge ports, either the value of the
-
in its record,
- if set, or its actual MAC (for bonded ports, the MAC of its slave
- whose name is first in alphabetical order). Internal ports and
- bridge ports that are used as port mirroring destinations (see the
- table) are ignored.
+ address among the other bridge ports, either the value of the
+ in its record,
+ if set, or its actual MAC (for bonded ports, the MAC of its slave
+ whose name is first in alphabetical order). Internal ports and
+ bridge ports that are used as port mirroring destinations (see the
+ table) are ignored.
- For other internal interfaces, the default MAC is randomly
- generated.
+ generated.
- External interfaces typically have a MAC address associated with
- their hardware.
+ their hardware.
Some interfaces may not have a software-controllable MAC
address.
@@ -627,357 +1113,461 @@
OpenFlow port number for this interface. Unlike most columns, this
- column's value should be set only by Open vSwitch itself. Other
- clients should set this column to an empty set (the default) when
- creating an .
+ column's value should be set only by Open vSwitch itself. Other
+ clients should set this column to an empty set (the default) when
+ creating an .
Open vSwitch populates this column when the port number becomes
- known. If the interface is successfully added,
- will be set to a number between 1 and 65535
- (generally either in the range 1 to 65279, inclusive, or 65534, the
- port number for the OpenFlow ``local port''). If the interface
- cannot be added then Open vSwitch sets this column
- to -1.
+ known. If the interface is successfully added,
+ will be set to a number between 1 and 65535
+ (generally either in the range 1 to 65279, inclusive, or 65534, the
+ port number for the OpenFlow ``local port''). If the interface
+ cannot be added then Open vSwitch sets this column
+ to -1.
- The interface type, one of:
+
+ The interface type, one of:
+
+
system
- An ordinary network device, e.g.
eth0
on Linux.
- Sometimes referred to as ``external interfaces'' since they are
- generally connected to hardware external to that on which the Open
- vSwitch is running. The empty string is a synonym for
- system
.
+ Sometimes referred to as ``external interfaces'' since they are
+ generally connected to hardware external to that on which the Open
+ vSwitch is running. The empty string is a synonym for
+ system
.
+
internal
- A simulated network device that sends and receives traffic. An
- internal interface whose
is the same as its
- bridge's is called the
- ``local interface.'' It does not make sense to bond an internal
- interface, so the terms ``port'' and ``interface'' are often used
- imprecisely for internal interfaces.
+ internal interface whose is the same as its
+ bridge's is called the
+ ``local interface.'' It does not make sense to bond an internal
+ interface, so the terms ``port'' and ``interface'' are often used
+ imprecisely for internal interfaces.
+
tap
- A TUN/TAP device managed by Open vSwitch.
+
gre
- - An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4
- tunnel. Each tunnel must be uniquely identified by the
- combination of
remote_ip
, local_ip
, and
- in_key
. Note that if two ports are defined that are
- the same except one has an optional identifier and the other does
- not, the more specific one is matched first. in_key
- is considered more specific than local_ip
if a port
- defines one and another port defines the other. The following
- options may be specified in the column:
-
- remote_ip
- - Required. The tunnel endpoint.
-
-
- local_ip
- - Optional. The destination IP that received packets must
- match. Default is to match all addresses.
-
-
- in_key
- - Optional. The GRE key that received packets must contain.
- It may either be a 32-bit number (no key and a key of 0 are
- treated as equivalent) or the word
flow
. If
- flow
is specified then any key will be accepted
- and the key will be placed in the tun_id
field
- for matching in the flow table. The ovs-ofctl manual page
- contains additional information about matching fields in
- OpenFlow flows. Default is no key.
-
-
- out_key
- - Optional. The GRE key to be set on outgoing packets. It may
- either be a 32-bit number or the word
flow
. If
- flow
is specified then the key may be set using
- the set_tunnel
Nicira OpenFlow vendor extension (0
- is used in the absence of an action). The ovs-ofctl manual
- page contains additional information about the Nicira OpenFlow
- vendor extensions. Default is no key.
-
-
- key
- - Optional. Shorthand to set
in_key
and
- out_key
at the same time.
-
-
- tos
- - Optional. The value of the ToS bits to be set on the
- encapsulating packet. It may also be the word
-
inherit
, in which case the ToS will be copied from
- the inner packet if it is IPv4 or IPv6 (otherwise it will be
- 0). Note that the ECN fields are always inherited. Default is
- 0.
-
-
- ttl
- - Optional. The TTL to be set on the encapsulating packet.
- It may also be the word
inherit
, in which case the
- TTL will be copied from the inner packet if it is IPv4 or IPv6
- (otherwise it will be the system default, typically 64).
- Default is the system default TTL.
-
-
- csum
- - Optional. Compute GRE checksums on outgoing packets.
- Checksums present on incoming packets will be validated
- regardless of this setting. Note that GRE checksums
- impose a significant performance penalty as they cover the
- entire packet. As the contents of the packet is typically
- covered by L3 and L4 checksums, this additional checksum only
- adds value for the GRE and encapsulated Ethernet headers.
- Default is disabled, set to
true
to enable.
-
-
- pmtud
- - Optional. Enable tunnel path MTU discovery. If enabled
- ``ICMP destination unreachable - fragmentation'' needed
- messages will be generated for IPv4 packets with the DF bit set
- and IPv6 packets above the minimum MTU if the packet size
- exceeds the path MTU minus the size of the tunnel headers. It
- also forces the encapsulating packet DF bit to be set (it is
- always set if the inner packet implies path MTU discovery).
- Note that this option causes behavior that is typically
- reserved for routers and therefore is not entirely in
- compliance with the IEEE 802.1D specification for bridges.
- Default is enabled, set to
false
to disable.
-
-
- header_cache
- - Optional. Enable caching of tunnel headers and the output
- path. This can lead to a significant performance increase
- without changing behavior. In general it should not be
- necessary to adjust this setting. However, the caching can
- bypass certain components of the IP stack (such as IP tables)
- and it may be useful to disable it if these features are
- required or as a debugging measure. Default is enabled, set to
-
false
to disable.
-
+ -
+ An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4
+ tunnel. See
for information on
+ configuring GRE tunnels.
+
ipsec_gre
- - An Ethernet over RFC 2890 Generic Routing Encapsulation
- over IPv4 IPsec tunnel. Each tunnel (including those of type
-
gre
) must be uniquely identified by the
- combination of remote_ip
and
- local_ip
. Note that if two ports are defined
- that are the same except one has an optional identifier and
- the other does not, the more specific one is matched first.
- An authentication method of peer_cert
or
- psk
must be defined. The following options may
- be specified in the column:
-
- remote_ip
- - Required. The tunnel endpoint.
-
-
- local_ip
- - Optional. The destination IP that received packets must
- match. Default is to match all addresses.
-
-
- peer_cert
- - Required for certificate authentication. A string
- containing the peer's certificate in PEM format.
- Additionally the host's certificate must be specified
- with the
certificate
option.
-
-
- certificate
- - Required for certificate authentication. The name of a
- PEM file containing a certificate that will be presented
- to the peer during authentication.
-
-
- private_key
- - Optional for certificate authentication. The name of
- a PEM file containing the private key associated with
-
certificate
. If certificate
- contains the private key, this option may be omitted.
-
-
- psk
- - Required for pre-shared key authentication. Specifies a
- pre-shared key for authentication that must be identical on
- both sides of the tunnel.
-
-
- in_key
- - Optional. The GRE key that received packets must contain.
- It may either be a 32-bit number (no key and a key of 0 are
- treated as equivalent) or the word
flow
. If
- flow
is specified then any key will be accepted
- and the key will be placed in the tun_id
field
- for matching in the flow table. The ovs-ofctl manual page
- contains additional information about matching fields in
- OpenFlow flows. Default is no key.
-
-
- out_key
- - Optional. The GRE key to be set on outgoing packets. It may
- either be a 32-bit number or the word
flow
. If
- flow
is specified then the key may be set using
- the set_tunnel
Nicira OpenFlow vendor extension (0
- is used in the absence of an action). The ovs-ofctl manual
- page contains additional information about the Nicira OpenFlow
- vendor extensions. Default is no key.
-
-
- key
- - Optional. Shorthand to set
in_key
and
- out_key
at the same time.
-
-
- tos
- - Optional. The value of the ToS bits to be set on the
- encapsulating packet. It may also be the word
-
inherit
, in which case the ToS will be copied from
- the inner packet if it is IPv4 or IPv6 (otherwise it will be
- 0). Note that the ECN fields are always inherited. Default is
- 0.
-
-
- ttl
- - Optional. The TTL to be set on the encapsulating packet.
- It may also be the word
inherit
, in which case the
- TTL will be copied from the inner packet if it is IPv4 or IPv6
- (otherwise it will be the system default, typically 64).
- Default is the system default TTL.
-
-
- csum
- - Optional. Compute GRE checksums on outgoing packets.
- Checksums present on incoming packets will be validated
- regardless of this setting. Note that GRE checksums
- impose a significant performance penalty as they cover the
- entire packet. As the contents of the packet is typically
- covered by L3 and L4 checksums, this additional checksum only
- adds value for the GRE and encapsulated Ethernet headers.
- Default is disabled, set to
true
to enable.
-
-
- pmtud
- - Optional. Enable tunnel path MTU discovery. If enabled
- ``ICMP destination unreachable - fragmentation'' needed
- messages will be generated for IPv4 packets with the DF bit set
- and IPv6 packets above the minimum MTU if the packet size
- exceeds the path MTU minus the size of the tunnel headers. It
- also forces the encapsulating packet DF bit to be set (it is
- always set if the inner packet implies path MTU discovery).
- Note that this option causes behavior that is typically
- reserved for routers and therefore is not entirely in
- compliance with the IEEE 802.1D specification for bridges.
- Default is enabled, set to
false
to disable.
-
+ -
+ An Ethernet over RFC 2890 Generic Routing Encapsulation over IPv4
+ IPsec tunnel.
+
capwap
- - Ethernet tunneling over the UDP transport portion of CAPWAP
- (RFC 5415). This allows interoperability with certain switches
- where GRE is not available. Note that only the tunneling component
- of the protocol is implemented. Due to the non-standard use of
- CAPWAP, UDP ports 58881 and 58882 are used as the source and
- destinations ports respectivedly. Each tunnel must be uniquely
- identified by the combination of
remote_ip
and
- local_ip
. If two ports are defined that are the same
- except one includes local_ip
and the other does not,
- the more specific one is matched first. CAPWAP support is not
- available on all platforms. Currently it is only supported in the
- Linux kernel module with kernel versions >= 2.6.25. The following
- options may be specified in the column:
-
- remote_ip
- - Required. The tunnel endpoint.
-
-
- local_ip
- - Optional. The destination IP that received packets must
- match. Default is to match all addresses.
-
-
- tos
- - Optional. The value of the ToS bits to be set on the
- encapsulating packet. It may also be the word
-
inherit
, in which case the ToS will be copied from
- the inner packet if it is IPv4 or IPv6 (otherwise it will be
- 0). Note that the ECN fields are always inherited. Default is
- 0.
-
-
- ttl
- - Optional. The TTL to be set on the encapsulating packet.
- It may also be the word
inherit
, in which case the
- TTL will be copied from the inner packet if it is IPv4 or IPv6
- (otherwise it will be the system default, typically 64).
- Default is the system default TTL.
-
-
- pmtud
- - Optional. Enable tunnel path MTU discovery. If enabled
- ``ICMP destination unreachable - fragmentation'' needed
- messages will be generated for IPv4 packets with the DF bit set
- and IPv6 packets above the minimum MTU if the packet size
- exceeds the path MTU minus the size of the tunnel headers. It
- also forces the encapsulating packet DF bit to be set (it is
- always set if the inner packet implies path MTU discovery).
- Note that this option causes behavior that is typically
- reserved for routers and therefore is not entirely in
- compliance with the IEEE 802.1D specification for bridges.
- Default is enabled, set to
false
to disable.
-
-
- header_cache
- - Optional. Enable caching of tunnel headers and the output
- path. This can lead to a significant performance increase
- without changing behavior. In general it should not be
- necessary to adjust this setting. However, the caching can
- bypass certain components of the IP stack (such as IP tables)
- and it may be useful to disable it if these features are
- required or as a debugging measure. Default is enabled, set to
-
false
to disable.
-
+ -
+ An Ethernet tunnel over the UDP transport portion of CAPWAP (RFC
+ 5415). This allows interoperability with certain switches that do
+ not support GRE. Only the tunneling component of the protocol is
+ implemented. UDP ports 58881 and 58882 are used as the source and
+ destination ports respectively. CAPWAP is currently supported only
+ with the Linux kernel datapath with kernel version 2.6.26 or later.
+
patch
-
-
- A pair of virtual devices that act as a patch cable. The column must have the following key-value pair:
-
-
- peer
- -
- The
of the for
- the other side of the patch. The named 's own peer
option must specify
- this 's name. That is, the two patch
- interfaces must have reversed and
- peer
values.
-
-
+ A pair of virtual devices that act as a patch cable.
+
+ null
+ - An ignored interface.
+
+
+
+
+ These options apply to interfaces with of
+ gre
, ipsec_gre
, and capwap
.
+
+
+
+ Each tunnel must be uniquely identified by the combination of , , , and . If two ports are defined that are the same except one
+ has an optional identifier and the other does not, the more specific
+ one is matched first. is
+ considered more specific than if
+ a port defines one and another port defines the other.
+
+
+
+
+ Required. The tunnel endpoint. Unicast and multicast endpoints are
+ both supported.
+
+
+
+ When a multicast endpoint is specified, a routing table lookup occurs
+ only when the tunnel is created. Following a routing change, delete
+ and then re-create the tunnel to force a new routing table lookup.
+
+
-
- Configuration options whose interpretation varies based on
- .
+
+ Optional. The destination IP that received packets must match.
+ Default is to match all addresses. Must be omitted when is a multicast address.
-
+
+ Optional. The key that received packets must contain, one of:
+
+
+ -
+
0
. The tunnel receives packets with no key or with a
+ key of 0. This is equivalent to specifying no at all.
+
+ -
+ A positive 32-bit (for GRE) or 64-bit (for CAPWAP) number. The
+ tunnel receives only packets with the specified key.
+
+ -
+ The word
flow
. The tunnel accepts packets with any
+ key. The key will be placed in the tun_id
field for
+ matching in the flow table. The ovs-ofctl
manual page
+ contains additional information about matching fields in OpenFlow
+ flows.
+
+
+
- Key-value pairs that report port status. Supported status
- values are type
-dependent.
- The only currently defined key-value pair is:
-
- source_ip
- - The source IP address used for an IPv4 tunnel end-point,
- such as
gre
or capwap
. Not
- supported by all implementations.
-
+
+
+ Optional. The key to be set on outgoing packets, one of:
+
+
+ -
+
0
. Packets sent through the tunnel will have no key.
+ This is equivalent to specifying no at all.
+
+ -
+ A positive 32-bit (for GRE) or 64-bit (for CAPWAP) number. Packets
+ sent through the tunnel will have the specified key.
+
+ -
+ The word
flow
. Packets sent through the tunnel will
+ have the key set using the set_tunnel
Nicira OpenFlow
+ vendor extension (0 is used in the absence of an action). The
+ ovs-ofctl
manual page contains additional information
+ about the Nicira OpenFlow vendor extensions.
+
+
+
+
+
+ Optional. Shorthand to set in_key
and
+ out_key
at the same time.
+
+
+
+ Optional. The value of the ToS bits to be set on the encapsulating
+ packet. It may also be the word inherit
, in which case
+ the ToS will be copied from the inner packet if it is IPv4 or IPv6
+ (otherwise it will be 0). The ECN fields are always inherited.
+ Default is 0.
+
+
+
+ Optional. The TTL to be set on the encapsulating packet. It may also
+ be the word inherit
, in which case the TTL will be copied
+ from the inner packet if it is IPv4 or IPv6 (otherwise it will be the
+ system default, typically 64). Default is the system default TTL.
+
+
+
+ Optional. If enabled, the Don't Fragment bit will be copied from the
+ inner IP headers (those of the encapsulated traffic) to the outer
+ (tunnel) headers. Default is disabled; set to true
to
+ enable.
+
+
+
+ Optional. If enabled, the Don't Fragment bit will be set by default on
+ tunnel headers if the df_inherit
option is not set, or if
+ the encapsulated packet is not IP. Default is enabled; set to
+ false
to disable.
+
+
+
+ Optional. Enable tunnel path MTU discovery. If enabled ``ICMP
+ Destination Unreachable - Fragmentation Needed'' messages will be
+ generated for IPv4 packets with the DF bit set and IPv6 packets above
+ the minimum MTU if the packet size exceeds the path MTU minus the size
+ of the tunnel headers. Note that this option causes behavior that is
+ typically reserved for routers and therefore is not entirely in
+ compliance with the IEEE 802.1D specification for bridges. Default is
+ enabled; set to false
to disable.
+
+
+
+
+ Only gre
interfaces support these options.
+
+
+
+ Enable caching of tunnel headers and the output path. This can lead
+ to a significant performance increase without changing behavior. In
+ general it should not be necessary to adjust this setting. However,
+ the caching can bypass certain components of the IP stack (such as
+ iptables
) and it may be useful to disable it if these
+ features are required or as a debugging measure. Default is enabled,
+ set to false
to disable.
+
+
+
+
+
+ Only gre
and ipsec_gre
interfaces support
+ these options.
+
+
+
+
+ Optional. Compute GRE checksums on outgoing packets. Default is
+ disabled, set to true
to enable. Checksums present on
+ incoming packets will be validated regardless of this setting.
+
+
+
+ GRE checksums impose a significant performance penalty because they
+ cover the entire packet. The encapsulated L3, L4, and L7 packet
+ contents typically have their own checksums, so this additional
+ checksum only adds value for the GRE and encapsulated L2 headers.
+
+
+
+ This option is supported for ipsec_gre
, but not useful
+ because GRE checksums are weaker than, and redundant with, IPsec
+ payload authentication.
+
+
+
+
+
+
+ Only ipsec_gre
interfaces support these options.
+
+
+
+ Required for certificate authentication. A string containing the
+ peer's certificate in PEM format. Additionally the host's
+ certificate must be specified with the certificate
+ option.
+
+
+
+ Required for certificate authentication. The name of a PEM file
+ containing a certificate that will be presented to the peer during
+ authentication.
+
+
+
+ Optional for certificate authentication. The name of a PEM file
+ containing the private key associated with certificate
.
+ If certificate
contains the private key, this option may
+ be omitted.
+
+
+
+ Required for pre-shared key authentication. Specifies a pre-shared
+ key for authentication that must be identical on both sides of the
+ tunnel.
+
+
+
+
+
+
+ Only patch
interfaces support these options.
+
+
+
+ The of the for the other
+ side of the patch. The named 's own
+ peer
option must specify this 's
+ name. That is, the two patch interfaces must have reversed and peer
values.
+
+
+
+
+
+ Status information about interfaces attached to bridges, updated every
+ 5 seconds. Not all interfaces have all of these properties; virtual
+ interfaces don't have a link speed, for example. Non-applicable
+ columns will have empty values.
+
+
+
+ The administrative state of the physical network link.
+
+
+
+
+
+ The observed state of the physical network link. This is ordinarily
+ the link's carrier status. If the interface's is
+ a bond configured for miimon monitoring, it is instead the network
+ link's miimon status.
+
+
+
+
+
+ The number of times Open vSwitch has observed the
+ of this change.
+
+
+
+
+
+ The negotiated speed of the physical network link.
+ Valid values are positive integers greater than 0.
+
+
+
+
+
+ The duplex mode of the physical network link.
+
+
+
+
+
+ The MTU (maximum transmission unit); i.e. the largest
+ amount of data that can fit into a single Ethernet frame.
+ The standard Ethernet MTU is 1500 bytes. Some physical media
+ and many kinds of virtual interfaces can be configured with
+ higher MTUs.
+
+
+ This column will be empty for an interface that does not
+ have an MTU as, for example, some kinds of tunnels do not.
+
+
+
+
+ Boolean value indicating LACP status for this interface. If true, this
+ interface has current LACP information about its LACP partner. This
+ information may be used to monitor the health of interfaces in a LACP
+ enabled port. This column will be empty if LACP is not enabled.
+
+
+
+ Key-value pairs that report port status. Supported status values are
+ -dependent; some interfaces may not have a valid
+ , for example.
+
+
+
+ The name of the device driver controlling the network adapter.
+
+
+
+ The version string of the device driver controlling the network
+ adapter.
+
+
+
+ The version string of the network adapter's firmware, if available.
+
+
+
+ The source IP address used for an IPv4 tunnel end-point, such as
+ gre
or capwap
.
+
+
+
+ Egress interface for tunnels. Currently only relevant for GRE and
+ CAPWAP tunnels. On Linux systems, this column will show the name of
+ the interface which is responsible for routing traffic destined for the
+ configured . This could be an
+ internal interface such as a bridge port.
+
+
+
+ Whether carrier is detected on .
+
+
+
+
+
+ Key-value pairs that report interface statistics. The current
+ implementation updates these counters periodically. Future
+ implementations may update them when an interface is created, when they
+ are queried (e.g. using an OVSDB select
operation), and
+ just before an interface is deleted due to virtual interface hot-unplug
+ or VM shutdown, and perhaps at other times, but not on any regular
+ periodic basis.
+
+
+ These are the same statistics reported by OpenFlow in its struct
+ ofp_port_stats
structure. If an interface does not support a
+ given statistic, then that pair is omitted.
+
+
+
+ Number of received packets.
+
+
+ Number of received bytes.
+
+
+ Number of transmitted packets.
+
+
+ Number of transmitted bytes.
+
+
+
+
+ Number of packets dropped by RX.
+
+
+ Number of frame alignment errors.
+
+
+ Number of packets with RX overrun.
+
+
+ Number of CRC errors.
+
+
+ Total number of receive errors, greater than or equal to the sum of
+ the above.
+
+
+
+
+ Number of packets dropped by TX.
+
+
+ Number of collisions.
+
+
+ Total number of transmit errors, greater than or equal to the sum of
+ the above.
+
+
@@ -996,199 +1586,322 @@
table="Queue"/> tables).
- Policing is currently implemented only on Linux. The Linux
- implementation uses a simple ``token bucket'' approach:
+ Policing is currently implemented only on Linux. The Linux
+ implementation uses a simple ``token bucket'' approach:
+
+
+ -
+ The size of the bucket corresponds to
. Initially the bucket is full.
+
+ -
+ Whenever a packet is received, its size (converted to tokens) is
+ compared to the number of tokens currently in the bucket. If the
+ required number of tokens are available, they are removed and the
+ packet is forwarded. Otherwise, the packet is dropped.
+
+ -
+ Whenever it is not full, the bucket is refilled with tokens at the
+ rate specified by
.
+
+
+
+ Policing interacts badly with some network protocols, and especially
+ with fragmented IP packets. Suppose that there is enough network
+ activity to keep the bucket nearly empty all the time. Then this token
+ bucket algorithm will forward a single packet every so often, with the
+ period depending on packet size and on the configured rate. All of the
+ fragments of an IP packets are normally transmitted back-to-back, as a
+ group. In such a situation, therefore, only one of these fragments
+ will be forwarded and the rest will be dropped. IP does not provide
+ any way for the intended recipient to ask for only the remaining
+ fragments. In such a case there are two likely possibilities for what
+ will happen next: either all of the fragments will eventually be
+ retransmitted (as TCP will do), in which case the same problem will
+ recur, or the sender will not realize that its packet has been dropped
+ and data will simply be lost (as some UDP-based protocols will do).
+ Either way, it is possible that no forward progress will ever occur.
+
+
+
+ Maximum rate for data received on this interface, in kbps. Data
+ received faster than this rate is dropped. Set to 0
+ (the default) to disable policing.
+
+
+
+
+ Maximum burst size for data received on this interface, in kb. The
+ default burst size if set to 0
is 1000 kb. This value
+ has no effect if
+ is 0
.
+
+ Specifying a larger burst size lets the algorithm be more forgiving,
+ which is important for protocols like TCP that react severely to
+ dropped packets. The burst size should be at least the size of the
+ interface's MTU. Specifying a value that is numerically at least as
+ large as 10% of helps TCP come
+ closer to achieving the full rate.
+
+
+
+
+
+
+ 802.1ag Connectivity Fault Management (CFM) allows a group of
+ Maintenance Points (MPs) called a Maintenance Association (MA) to
+ detect connectivity problems with each other. MPs within a MA should
+ have complete and exclusive interconnectivity. This is verified by
+ occasionally broadcasting Continuity Check Messages (CCMs) at a
+ configurable transmission interval.
+
+
+
+ According to the 802.1ag specification, each Maintenance Point should
+ be configured out-of-band with a list of Remote Maintenance Points it
+ should have connectivity to. Open vSwitch differs from the
+ specification in this area. It simply assumes the link is faulted if
+ no Remote Maintenance Points are reachable, and considers it not
+ faulted otherwise.
+
+
+
+ A Maintenance Point ID (MPID) uniquely identifies each endpoint within
+ a Maintenance Association. The MPID is used to identify this endpoint
+ to other Maintenance Points in the MA. Each end of a link being
+ monitored should have a different MPID. Must be configured to enable
+ CFM on this .
+
+
+
+
+ Indicates a connectivity fault triggered by an inability to receive
+ heartbeats from any remote endpoint. When a fault is triggered on
+ s participating in bonds, they will be
+ disabled.
+
+
+ Faults can be triggered for several reasons. Most importantly they
+ are triggered when no CCMs are received for a period of 3.5 times the
+ transmission interval. Faults are also triggered when any CCMs
+ indicate that a Remote Maintenance Point is not receiving CCMs but
+ able to send them. Finally, a fault is triggered if a CCM is
+ received which indicates unexpected configuration. Notably, this
+ case arises when a CCM is received which advertises the local MPID.
+
+
+
+
+ When CFM is properly configured, Open vSwitch will occasionally
+ receive CCM broadcasts. These broadcasts contain the MPID of the
+ sending Maintenance Point. The list of MPIDs from which this
+ is receiving broadcasts from is regularly
+ collected and written to this column.
+
+
+
+ The interval, in milliseconds, between transmissions of CFM heartbeats.
+ Three missed heartbeat receptions indicate a connectivity fault.
+ Defaults to 1000.
+
+
+
+ When true
, the CFM module operates in extended mode. This
+ causes it to use a nonstandard destination address to avoid conflicting
+ with compliant implementations which may be running concurrently on the
+ network. Furthermore, extended mode increases the accuracy of the
+ cfm_interval
configuration parameter by breaking wire
+ compatibility with 802.1ag compliant implementations. Defaults to
+ false
.
+
+
+ When down
, the CFM module marks all CCMs it generates as
+ operationally down without triggering a fault. This allows remote
+ maintenance points to choose not to forward traffic to the
+ on which this CFM module is running.
+ Currently, in Open vSwitch, the opdown bit of CCMs affects
+ s participating in bonds, and the bundle
+ OpenFlow action. This setting is ignored when CFM is not in extended
+ mode. Defaults to up
.
+
+
+
+ When set, the CFM module will apply a VLAN tag to all CCMs it generates
+ with the given value.
+
+
+
+
+
+
+ Used in stable
bond mode to make slave
+ selection decisions. Allocating values consistently across interfaces
+ participating in a bond will guarantee consistent slave selection
+ decisions across ovs-vswitchd
instances when using
+ stable
bonding mode.
+
+
+
+ The LACP port ID of this . Port IDs are
+ used in LACP negotiations to identify individual ports
+ participating in a bond.
+
+
+
+ The LACP port priority of this . In LACP
+ negotiations s with numerically lower
+ priorities are preferred for aggregation.
+
+
+
+ The LACP aggregation key of this . s with different aggregation keys may not be active
+ within a given at the same time.
+
+
+
+
+
+ These key-value pairs specifically apply to an interface that
+ represents a virtual Ethernet interface connected to a virtual
+ machine. These key-value pairs should not be present for other types
+ of interfaces. Keys whose names end in -uuid
have
+ values that uniquely identify the entity in question. For a Citrix
+ XenServer hypervisor, these values are UUIDs in RFC 4122 format.
+ Other hypervisors may use other formats.
+
+
+
+ The MAC address programmed into the ``virtual hardware'' for this
+ interface, in the form
+ xx:xx:xx:xx:xx:xx.
+ For Citrix XenServer, this is the value of the MAC
field
+ in the VIF record for this interface.
+
+
+
+ A system-unique identifier for the interface. On XenServer, this will
+ commonly be the same as .
+
+
+
+ The virtual interface associated with this interface.
+
+
+
+ The virtual network to which this interface is attached.
+
+
+
+ The VM to which this interface belongs.
+
+
+
+
+
+ The ``VLAN splinters'' feature increases Open vSwitch compatibility
+ with buggy network drivers in old versions of Linux that do not
+ properly support VLANs when VLAN devices are not used, at some cost
+ in memory and performance.
+
+
+
+ When VLAN splinters are enabled on a particular interface, Open vSwitch
+ creates a VLAN device for each in-use VLAN. For sending traffic tagged
+ with a VLAN on the interface, it substitutes the VLAN device. Traffic
+ received on the VLAN device is treated as if it had been received on
+ the interface on the particular VLAN.
+
+
+
+ VLAN splinters consider a VLAN to be in use if:
+
-
- The size of the bucket corresponds to
. Initially the bucket is full.
+ The VLAN is the value in any record.
+
-
- Whenever a packet is received, its size (converted to tokens) is
- compared to the number of tokens currently in the bucket. If the
- required number of tokens are available, they are removed and the
- packet is forwarded. Otherwise, the packet is dropped.
+ The VLAN is listed within the
+ column of the record of an interface on which
+ VLAN splinters are enabled.
+
+ An empty does not influence the
+ in-use VLANs: creating 4,096 VLAN devices is impractical because it
+ will exceed the current 1,024 port per datapath limit.
+
-
- Whenever it is not full, the bucket is refilled with tokens at the
- rate specified by
.
+ An OpenFlow flow within any bridge matches the VLAN.
+
- Policing interacts badly with some network protocols, and especially
- with fragmented IP packets. Suppose that there is enough network
- activity to keep the bucket nearly empty all the time. Then this token
- bucket algorithm will forward a single packet every so often, with the
- period depending on packet size and on the configured rate. All of the
- fragments of an IP packets are normally transmitted back-to-back, as a
- group. In such a situation, therefore, only one of these fragments
- will be forwarded and the rest will be dropped. IP does not provide
- any way for the intended recipient to ask for only the remaining
- fragments. In such a case there are two likely possibilities for what
- will happen next: either all of the fragments will eventually be
- retransmitted (as TCP will do), in which case the same problem will
- recur, or the sender will not realize that its packet has been dropped
- and data will simply be lost (as some UDP-based protocols will do).
- Either way, it is possible that no forward progress will ever occur.
+ The same set of in-use VLANs applies to every interface on which VLAN
+ splinters are enabled. That is, the set is not chosen separately for
+ each interface but selected once as the union of all in-use VLANs based
+ on the rules above.
-
+
+
+ It does not make sense to enable VLAN splinters on an interface for an
+ access port, or on an interface that is not a physical port.
+
+
+
+ VLAN splinters are deprecated. When broken device drivers are no
+ longer in widespread use, we will delete this feature.
+
+
+
- Maximum rate for data received on this interface, in kbps. Data
- received faster than this rate is dropped. Set to 0
- (the default) to disable policing.
+ Set to true
to enable VLAN splinters on this interface.
+ Defaults to false
.
-
-
- Maximum burst size for data received on this interface, in kb. The
- default burst size if set to 0
is 1000 kb. This value
- has no effect if
- is 0
.
- Specifying a larger burst size lets the algorithm be more forgiving,
- which is important for protocols like TCP that react severely to
- dropped packets. The burst size should be at least the size of the
- interface's MTU. Specifying a value that is numerically at least as
- large as 10% of helps TCP come
- closer to achieving the full rate.
+ VLAN splinters increase kernel and userspace memory overhead, so do
+ not use them unless they are needed.
-
-
-
-
-
-
- Connectivity monitor configuration for this interface.
-
-
- Key-value pairs for use by external frameworks that integrate
- with Open vSwitch, rather than by Open vSwitch itself. System
- integrators should either use the Open vSwitch development
- mailing list to coordinate on common key-value definitions, or
- choose key names that are likely to be unique. The currently
- defined common key-value pairs are:
-
- attached-mac
- -
- The MAC address programmed into the ``virtual hardware'' for this
- interface, in the form
- xx:xx:xx:xx:xx:xx.
- For Citrix XenServer, this is the value of the
MAC
- field in the VIF record for this interface.
- iface-id
- - A system-unique identifier for the interface. On XenServer,
- this will commonly be the same as
xs-vif-uuid
.
-
- Additionally the following key-value pairs specifically
- apply to an interface that represents a virtual Ethernet interface
- connected to a virtual machine. These key-value pairs should not be
- present for other types of interfaces. Keys whose names end
- in -uuid
have values that uniquely identify the entity
- in question. For a Citrix XenServer hypervisor, these values are
- UUIDs in RFC 4122 format. Other hypervisors may use other
- formats.
+ VLAN splinters do not support 802.1p priority tags. Received
+ priorities will appear to be 0, regardless of their actual values,
+ and priorities on transmitted packets will also be cleared to 0.
- The currently defined key-value pairs for XenServer are:
-
- xs-vif-uuid
- - The virtual interface associated with this interface.
- xs-network-uuid
- - The virtual network to which this interface is attached.
- xs-vm-uuid
- - The VM to which this interface belongs.
-
-
-
-
- Egress interface for tunnels. Currently only relevant for GRE and
- CAPWAP tunnels. On Linux systems, this column will show the name of
- the interface which is responsible for routing traffic destined for the
- configured remote_ip
. This could be an internal interface
- such as a bridge port.
+
-
- Key-value pairs for rarely used interface features. Currently,
- there are none defined.
-
+
+ The overall purpose of these columns is described under Common
+ Columns
at the beginning of this document.
-
-
- Key-value pairs that report interface statistics. The current
- implementation updates these counters periodically. In the future,
- we plan to, instead, update them when an interface is created, when
- they are queried (e.g. using an OVSDB select
operation),
- and just before an interface is deleted due to virtual interface
- hot-unplug or VM shutdown, and perhaps at other times, but not on any
- regular periodic basis.
-
- The currently defined key-value pairs are listed below. These are
- the same statistics reported by OpenFlow in its struct
- ofp_port_stats
structure. If an interface does not support a
- given statistic, then that pair is omitted.
-
- -
- Successful transmit and receive counters:
-
- rx_packets
- - Number of received packets.
- rx_bytes
- - Number of received bytes.
- tx_packets
- - Number of transmitted packets.
- tx_bytes
- - Number of transmitted bytes.
-
-
- -
- Receive errors:
-
- rx_dropped
- - Number of packets dropped by RX.
- rx_frame_err
- - Number of frame alignment errors.
- rx_over_err
- - Number of packets with RX overrun.
- rx_crc_err
- - Number of CRC errors.
- rx_errors
- -
- Total number of receive errors, greater than or equal
- to the sum of the above.
-
-
-
- -
- Transmit errors:
-
- tx_dropped
- - Number of packets dropped by TX.
- collisions
- - Number of collisions.
- tx_errors
- -
- Total number of transmit errors, greater
- than or equal to the sum of the above.
-
-
-
-
-
+
+