static struct iface *iface_lookup(const struct bridge *, const char *name);
static struct iface *iface_from_dp_ifidx(const struct bridge *,
uint16_t dp_ifidx);
+static bool iface_is_internal(const struct bridge *, const char *name);
+static void iface_set_mac(struct iface *);
/* Hooks into ofproto processing. */
static struct ofhooks bridge_ofhooks;
bool internal;
int error;
- /* It's an internal interface if it's marked that way, or if
- * it's a bonded interface for which we're faking up a network
- * device. */
- internal = cfg_get_bool(0, "iface.%s.internal", if_name);
- if (cfg_get_bool(0, "bonding.%s.fake-iface", if_name)) {
- struct port *port = port_lookup(br, if_name);
- if (port && port->n_ifaces > 1) {
- internal = true;
- }
- }
-
/* Add to datapath. */
+ internal = iface_is_internal(br, if_name);
error = dpif_port_add(&br->dpif, if_name, next_port_no++,
internal ? ODP_PORT_INTERNAL : 0);
if (error != EEXIST) {
LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
for (i = 0; i < br->n_ports; i++) {
struct port *port = br->ports[i];
+
port_update_vlan_compat(port);
+
+ for (j = 0; j < port->n_ifaces; j++) {
+ struct iface *iface = port->ifaces[j];
+ if (iface->dp_ifidx != ODPP_LOCAL
+ && iface_is_internal(br, iface->name)) {
+ iface_set_mac(iface);
+ }
+ }
}
}
LIST_FOR_EACH (br, struct bridge, node, &all_bridges) {
memcpy(slave->mac, iface->mac, ETH_ADDR_LEN);
}
+ if (cfg_get_bool(0, "bonding.%s.fake-iface", port->name)) {
+ struct netdev *bond_netdev;
+
+ if (!netdev_open(port->name, NETDEV_ETH_TYPE_NONE, &bond_netdev)) {
+ if (bond.up) {
+ netdev_turn_flags_on(bond_netdev, NETDEV_UP, true);
+ } else {
+ netdev_turn_flags_off(bond_netdev, NETDEV_UP, true);
+ }
+ netdev_close(bond_netdev);
+ }
+ }
+
proc_net_compat_update_bond(port->name, &bond);
free(bond.slaves);
}
{
return port_array_get(&br->ifaces, dp_ifidx);
}
+
+/* Returns true if 'iface' is the name of an "internal" interface on bridge
+ * 'br', that is, an interface that is entirely simulated within the datapath.
+ * The local port (ODPP_LOCAL) is always an internal interface. Other local
+ * interfaces are created by setting "iface.<iface>.internal = true".
+ *
+ * In addition, we have a kluge-y feature that creates an internal port with
+ * the name of a bonded port if "bonding.<bondname>.fake-iface = true" is set.
+ * This feature needs to go away in the long term. Until then, this is one
+ * reason why this function takes a name instead of a struct iface: the fake
+ * interfaces created this way do not have a struct iface. */
+static bool
+iface_is_internal(const struct bridge *br, const char *iface)
+{
+ if (!strcmp(iface, br->name)
+ || cfg_get_bool(0, "iface.%s.internal", iface)) {
+ return true;
+ }
+
+ if (cfg_get_bool(0, "bonding.%s.fake-iface", iface)) {
+ struct port *port = port_lookup(br, iface);
+ if (port && port->n_ifaces > 1) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+/* Set Ethernet address of 'iface', if one is specified in the configuration
+ * file. */
+static void
+iface_set_mac(struct iface *iface)
+{
+ uint64_t mac = cfg_get_mac(0, "iface.%s.mac", iface->name);
+ if (mac) {
+ static uint8_t ea[ETH_ADDR_LEN];
+
+ eth_addr_from_uint64(mac, ea);
+ if (eth_addr_is_multicast(ea)) {
+ VLOG_ERR("interface %s: cannot set MAC to multicast address",
+ iface->name);
+ } else if (iface->dp_ifidx == ODPP_LOCAL) {
+ VLOG_ERR("ignoring iface.%s.mac; use bridge.%s.mac instead",
+ iface->name, iface->name);
+ } else {
+ int error = netdev_nodev_set_etheraddr(iface->name, ea);
+ if (error) {
+ VLOG_ERR("interface %s: setting MAC failed (%s)",
+ iface->name, strerror(error));
+ }
+ }
+ }
+}
\f
/* Port mirroring. */
ovs\-vswitchd.conf \- configuration file for \fBovs\-vswitchd\fR
.
.SH DESCRIPTION
-This manual page describes the syntax for the configuration file used
-by \fBovs\-vswitchd\fR(8), the virtual switch daemon.
-.PP
-The configuration file is based on key-value pairs, which are given
+This manual page explains how to configure \fBovs\-vswitchd\fR, the
+Open vSwitch virtual switch daemon. Refer to \fBovs\-vswitchd\fR(8)
+for instructions on how to start, stop, and control the virtual switch
+daemon and for an overview of its features.
+.SS "Overview"
+\fBovs\-vswitchd\fR configuration is hierarchical.
+.ST "Global Configuration"
+A few aspects of configuration apply to the entire \fBovs\-vswitchd\fR
+process:
+.IP \(bu
+Remote management (see \fBRemote Management\fR below).
+.IP \(bu
+SSL key and certificate configuration (see \fBSSL Configuration\fR
+below).
+.ST "Bridge Configuration"
+\fBovs\-vswitchd\fR manages one or more ``bridges.'' A bridge is,
+conceptually, an Ethernet switch. Properties configurable at the
+bridge level include:
+.
+.IP \(bu
+The set of bridge ports (see \fBBridge Configuration\fR below).
+.IP \(bu
+Mirroring of packets across ports and VLANs (see \fBPort mirroring
+(SPAN and RSPAN)\fR below).
+.IP \(bu
+Flow logging via NetFlow (see \fBNetFlow v5 Flow Logging\fR below).
+.IP \(bu
+Connectivity to an OpenFlow controller (see \fBOpenFlow Controller
+Connectivity\fR below).
+.IP \(bu
+Addresses on which to listen for OpenFlow management connections (see
+\fBOpenFlow Management Connections\fR below) or for snooping on the
+connection to the primary OpenFlow controller (see \fBOpenFlow
+Controller Connection Snooping\fR below).
+.PP
+.ST "Port Configuration"
+Each bridge has one or more ``ports.'' The main configurable property
+of a port is its 802.1Q VLAN configuration (see \fB802.1Q VLAN
+support\fR below).
+.PP
+Most commonly, a port has exactly one ``interface.'' Such a port
+logically corresponds to a port on a physical Ethernet switch.
+.PP
+A port that has more than one interface is a ``bonded port.'' Bonding
+allows for load balancing and fail-over (see \fBNetwork Device
+Bonding\fR below).
+.ST "Interface Configuration"
+There are two different kinds of interfaces:
+.IP "``external interfaces''"
+These interfaces are ordinary network devices, e.g. \fBeth0\fR on
+Linux.
+.IP "``internal interfaces''"
+These interfaces are simulated network device that sent and receive
+traffic. Every bridge has one internal interface called the ``local
+interface'' and may also have additional internal interfaces. It does
+not make sense to bond an internal interface, so the terms ``port''
+and ``interface'' are often used imprecisely for internal interfaces.
+.PP
+Interfaces have a few configurable properties of their own:
+.IP \(bu
+Ingress rate-limiting (see \fBInterface Rate-Limiting\fR below).
+.IP \(bu
+Ethernet address (internal interfaces only, see \fBBridge
+Configuration\fR below).
+.SS "Configuration File Syntax"
+The \fBovs\-vswitchd\fR configuration file syntax is based on
+key-value pairs, which are given
one per line in the form \fIkey\fB=\fIvalue\fR. Each \fIkey\fR
consists of one or more parts separated by dots,
e.g. \fIpart1\fB.\fIpart2\fB.\fIpart3\fR. Each \fIpart\fR may consist
\fBbridge.\fIname\fB.port\fR. (The specified \fIname\fR may not begin
with \fBdp\fR or \fBnl:\fR followed by a digit.)
.PP
-The names given on \fBbridge.\fIname\fB.port\fR must be the names of
-existing network devices, except for ``internal ports.'' An internal
-port is a simulated network device that receives traffic only
-through the virtual switch and switches any traffic sent it through
-virtual switch. An internal port may configured with an IP address,
-etc. using the usual system tools (e.g. \fBifconfig\fR, \fBip\fR). To
-designate network device \fInetdev\fR as an internal port, add
-\fBiface.\fInetdev\fB.internal=true\fR to the configuration file.
-\fBovs\-vswitchd\fR will honor this configuration setting by automatically
-creating the named internal port.
+To designate network device \fInetdev\fR as an internal port, add
+\fBiface.\fInetdev\fB.internal=true\fR to the configuration file,
+which causes \fBovs\-vswitchd\fR to automatically creates
+\fInetdev\fR, which may then be configured using the usual system
+tools (e.g. \fBifconfig\fR, \fBip\fR). An internal interface by
+default has a random Ethernet address, but you may configure a
+specific address by setting \fBiface.\fInetdev\fB.mac\fR to a MAC
+address in the format
+\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fB:\fIxx\fR, where each
+\fIx\fR is a hex digit.
.PP
A bridge with a given \fIname\fR always has an internal port with the
same \fIname\fR, called the ``local port.'' This network device may
the end host to the Open vSwitch on port 2, instead of to the end host
on port 1, disrupting connectivity. If mirroring to a VLAN is desired
in this scenario, then the physical switch must be replaced by one
-that learns Ethernet addresses on a per-VLAN basis.
+that learns Ethernet addresses on a per-VLAN basis. In addition,
+learning should be disabled on the VLAN containing mirrored traffic.
+If this is not done then the intermediate switch will learn the MAC
+address of each end host from the mirrored traffic. If packets being
+sent to that end host are also mirrored, then they will be dropped
+since the switch will attempt to send them out the input port.
+Disabling learning for the VLAN will cause the switch to correctly
+send the packet out all ports configured for that VLAN.
.ST "Example"
The following \fBovs\-vswitchd\fR configuration copies all frames received
on \fBeth1\fR or \fBeth2\fR to \fBeth3\fR.
.fi
.RE
-.SS "Port Rate-Limiting"
-Traffic policing and shaping are configured on physical ports. Policing
+.SS "Interface Rate-Limiting"
+Traffic policing and shaping are configured on interfaces. Policing
defines a hard limit at which traffic that exceeds the specified rate is
dropped. Shaping uses queues to delay packets so that egress traffic
leaves at the specified rate.
.ST "Ingress Policing"
-The rate at which traffic is allowed to enter through a port may be
+The rate at which traffic is allowed to enter through a interface may be
configured with ingress policing. Note that "ingress" is from the
-perspective of \fBovs\-vswitchd\fR. If configured on a physical port,
+perspective of \fBovs\-vswitchd\fR. If configured on a physical interface,
then it limits the rate at which traffic is allowed into the system from
the outside. If configured on a virtual interface that is connected to
a virtual machine, then it limits the rate at which the guest is able to
burst size specified in kilobits (1000 bits). The burst size should be at
least the size of the interface's MTU.
-A port may be configured to enforce ingress policing by defining the
+An interface may be configured to enforce ingress policing by defining the
key \fBport.\fIname\fB.ingress.policing-rate\fR with an integer
-indicating the rate. The port \fIname\fR will only allow traffic to be
+indicating the rate. The interface \fIname\fR will only allow traffic to be
received at the rate specified in kilobits per second. If the rate is zero
or the key is not defined, then ingress policing is disabled.
zero, then the default burst is 10 kilobits.
.PP
-The following syntax limits port \fBeth1\fR to receiving traffic at
+The following syntax limits interface \fBeth1\fR to receiving traffic at
\fB512\fR kilobits per second with a burst of \fB20\fR kilobits:
.PP
.RS
git://git.onelab.eu / sliver-openvswitch.git / commitdiff