</p>
</column>
- <column name="other_config" key="flow-eviction-threshold"
+ <column name="other_config" key="flow-limit"
type='{"type": "integer", "minInteger": 0}'>
<p>
- A number of flows as a nonnegative integer. This sets number of
- flows at which eviction from the datapath flow table will be
- triggered. If there are a large number of flows then increasing this
- value to around the number of flows present can result in reduced CPU
- usage and packet loss.
+ The maximum
+ number of flows allowed in the datapath flow table. Internally OVS
+ will choose a flow limit which will likely be lower than this number,
+ based on real time network conditions.
</p>
<p>
- The default is 2500. Values below 100 will be rounded up to 100.
+ The default is 200000.
</p>
</column>
- <column name="other_config" key="force-miss-model">
+ <column name="other_config" key="n-handler-threads"
+ type='{"type": "integer", "minInteger": 1}'>
<p>
- Specifies userspace behaviour for handling flow misses. This takes
- precedence over flow-eviction-threshold.
+ Specifies the number of threads for software datapaths to use for
+ handling new flows. The default the number of online CPU cores minus
+ the number of revalidators.
</p>
<p>
- <dl>
- <dt><code>auto</code></dt>
- <dd>Handle automatically based on the flow-eviction-threshold and
- the flow setup governer (default, recommended).</dd>
- <dt><code>with-facets</code></dt>
- <dd>Always create facets. Expensive kernel flow creation and
- statistics tracking is always performed, even on flows with only
- a small number of packets.</dd>
- <dt><code>without-facets</code></dt>
- <dd>Always handle without facets. Forces flow misses to be handled
- in userspace. May cause an increase in CPU usage and packet loss
- on high throughput.</dd>
- </dl>
+ This configuration is per datapath. If you have more than one
+ software datapath (e.g. some <code>system</code> bridges and some
+ <code>netdev</code> bridges), then the total number of threads is
+ <code>n-handler-threads</code> times the number of software
+ datapaths.
</p>
</column>
- <column name="other_config" key="n-handler-threads"
+ <column name="other_config" key="n-revalidator-threads"
type='{"type": "integer", "minInteger": 1}'>
<p>
Specifies the number of threads for software datapaths to use for
- handling new flows. The default is two less than the number of
- online CPU cores (but at least 1).
+ revalidating flows in the datapath. Typically, there is a direct
+ correlation between the number of revalidator threads, and the number
+ of flows allowed in the datapath. The default is the number of cpu
+ cores divided by four plus one. If <code>n-handler-threads</code> is
+ set, the default changes to the number of cpu cores minus the number
+ of handler threads.
</p>
<p>
This configuration is per datapath. If you have more than one
</column>
<column name="protocols">
- List of OpenFlow protocols that may be used when negotiating a
- connection with a controller. A default value of
- <code>OpenFlow10</code> will be used if this column is empty.
+ <p>
+ List of OpenFlow protocols that may be used when negotiating
+ a connection with a controller. OpenFlow 1.0, 1.1, 1.2, and
+ 1.3 are enabled by default if this column is empty.
+ </p>
+
+ <p>
+ The current implementation of OpenFlow 1.4 support is not safe:
+ <code>ovs-vswitchd</code> will abort when certain unimplemented
+ features are tested. Thus, for now it is suitable only for
+ experimental use. For this reason, OpenFlow 1.4 is supported only
+ if, in addition to specifying <code>OpenFlow14</code> in this field,
+ <code>ovs-vswitchd</code> is invoked with the
+ <code>--enable-of14</code> option. (When support becomes safe, this
+ option will be removed.)
+ </p>
</column>
</group>
<p>
The following modes require the upstream switch to support 802.3ad with
- successful LACP negotiation:
+ successful LACP negotiation. If LACP negotiation fails and
+ other-config:lacp-fallback-ab is true, then <code>active-backup</code>
+ mode is used:
</p>
<dl>
in LACP negotiations initiated by a remote switch, but not allowed to
initiate such negotiations themselves. If LACP is enabled on a port
whose partner switch does not support LACP, the bond will be
- disabled. Defaults to <code>off</code> if unset.
+ disabled, unless other-config:lacp-fallback-ab is set to true.
+ Defaults to <code>off</code> if unset.
</column>
<column name="other_config" key="lacp-system-id">
rate of once every 30 seconds.
</p>
</column>
+
+ <column name="other_config" key="lacp-fallback-ab"
+ type='{"type": "boolean"}'>
+ <p>
+ Determines the behavior of openvswitch bond in LACP mode. If
+ the partner switch does not support LACP, setting this option
+ to <code>true</code> allows openvswitch to fallback to
+ active-backup. If the option is set to <code>false</code>, the
+ bond will be disabled. In both the cases, once the partner switch
+ is configured to LACP mode, the bond will use LACP.
+ </p>
+ </column>
</group>
<group title="Rebalancing Configuration">
address.</p>
</column>
- <column name="ofport">
- <p>OpenFlow port number for this interface. Unlike most columns, this
- column's value should be set only by Open vSwitch itself. Other
- clients should set this column to an empty set (the default) when
- creating an <ref table="Interface"/>.</p>
- <p>Open vSwitch populates this column when the port number becomes
- known. If the interface is successfully added,
- <ref column="ofport"/> will be set to a number between 1 and 65535
- (generally either in the range 1 to 65279, inclusive, or 65534, the
- port number for the OpenFlow ``local port''). If the interface
- cannot be added then Open vSwitch sets this column
- to -1.</p>
- <p>When <ref column="ofport_request"/> is not set, Open vSwitch picks
- an appropriate value for this column and then tries to keep the value
- constant across restarts.</p>
- </column>
-
- <column name="ofport_request">
- <p>Requested OpenFlow port number for this interface. The port
- number must be between 1 and 65279, inclusive. Some datapaths
- cannot satisfy all requests for particular port numbers. When
- this column is empty or the request cannot be fulfilled, the
- system will choose a free port. The <ref column="ofport"/>
- column reports the assigned OpenFlow port number.</p>
- <p>The port number must be requested in the same transaction
- that creates the port.</p>
- </column>
+ <group title="OpenFlow Port Number">
+ <p>
+ When a client adds a new interface, Open vSwitch chooses an OpenFlow
+ port number for the new port. If the client that adds the port fills
+ in <ref column="ofport_request"/>, then Open vSwitch tries to use its
+ value as the OpenFlow port number. Otherwise, or if the requested
+ port number is already in use or cannot be used for another reason,
+ Open vSwitch automatically assigns a free port number. Regardless of
+ how the port number was obtained, Open vSwitch then reports in <ref
+ column="ofport"/> the port number actually assigned.
+ </p>
+
+ <p>
+ Open vSwitch limits the port numbers that it automatically assigns to
+ the range 1 through 32,767, inclusive. Controllers therefore have
+ free use of ports 32,768 and up.
+ </p>
+
+ <column name="ofport">
+ <p>
+ OpenFlow port number for this interface. Open vSwitch sets this
+ column's value, so other clients should treat it as read-only.
+ </p>
+ <p>
+ The OpenFlow ``local'' port (<code>OFPP_LOCAL</code>) is 65,534.
+ The other valid port numbers are in the range 1 to 65,279,
+ inclusive. Value -1 indicates an error adding the interface.
+ </p>
+ </column>
+
+ <column name="ofport_request"
+ type='{"type": "integer", "minInteger": 1, "maxInteger": 65279}'>
+ <p>
+ Requested OpenFlow port number for this interface.
+ </p>
+
+ <p>
+ A client should ideally set this column's value in the same
+ database transaction that it uses to create the interface. Open
+ vSwitch version 2.1 and later will honor a later request for a
+ specific port number, althuogh it might confuse some controllers:
+ OpenFlow does not have a way to announce a port number change, so
+ Open vSwitch represents it over OpenFlow as a port deletion
+ followed immediately by a port addition.
+ </p>
+
+ <p>
+ If <ref column="ofport_request"/> is set or changed to some other
+ port's automatically assigned port number, Open vSwitch chooses a
+ new port number for the latter port.
+ </p>
+ </column>
+ </group>
</group>
<group title="System-Specific Details">
<dt><code>lisp</code></dt>
<dd>
- A layer 3 tunnel over the experimental, UDP-based Locator/ID
- Separation Protocol (RFC 6830).
+ <p>
+ A layer 3 tunnel over the experimental, UDP-based Locator/ID
+ Separation Protocol (RFC 6830).
+ </p>
+ <p>
+ Only IPv4 and IPv6 packets are supported by the protocol, and
+ they are sent and received without an Ethernet header. Traffic
+ to/from LISP ports is expected to be configured explicitly, and
+ the ports are not intended to participate in learning based
+ switching. As such, they are always excluded from packet
+ flooding.
+ </p>
</dd>
<dt><code>patch</code></dt>
</column>
<column name="bfd" key="forwarding_if_rx" type='{"type": "boolean"}'>
- True to consider the interface capable of packet I/O as long as it
- continues to receive any packets (not just BFD packets). This
- prevents link congestion that causes consecutive BFD control packets
- to be lost from marking the interface down.
+ When <code>true</code>, traffic received on the
+ <ref table="Interface"/> is used to indicate the capability of packet
+ I/O. BFD control packets are still transmitted and received. At
+ least one BFD control packet must be received every 100 * <ref
+ column="bfd" key="min_rx"/> amount of time. Otherwise, even if
+ traffic are received, the <ref column="bfd" key="forwarding"/>
+ will be <code>false</code>.
</column>
<column name="bfd" key="cpath_down" type='{"type": "boolean"}'>
expected as destination for received BFD packets. The default is
<code>00:23:20:00:00:01</code>.
</column>
+
+ <column name="bfd" key="bfd_src_ip">
+ Set to an IPv4 address to set the IP address used as source for
+ transmitted BFD packets. The default is <code>169.254.1.0</code>.
+ </column>
+
+ <column name="bfd" key="bfd_dst_ip">
+ Set to an IPv4 address to set the IP address used as destination
+ for transmitted BFD packets. The default is <code>169.254.1.1</code>.
+ </column>
</group>
<group title="BFD Status">
In case of a problem, set to a short message that reports what the
remote endpoint's BFD session thinks is wrong.
</column>
+
+ <column name="bfd_status" key="flap_count"
+ type='{"type": "integer", "minInteger": 0}'>
+ Counts the number of <ref column="bfd_status" key="forwarding" />
+ flaps since start. A flap is considered as a change of the
+ <ref column="bfd_status" key="forwarding" /> value.
+ </column>
</group>
</group>
</p>
<column name="cfm_mpid">
- A Maintenance Point ID (MPID) uniquely identifies each endpoint within
- a Maintenance Association. The MPID is used to identify this endpoint
- to other Maintenance Points in the MA. Each end of a link being
- monitored should have a different MPID. Must be configured to enable
- CFM on this <ref table="Interface"/>.
+ <p>
+ A Maintenance Point ID (MPID) uniquely identifies each endpoint
+ within a Maintenance Association. The MPID is used to identify this
+ endpoint to other Maintenance Points in the MA. Each end of a link
+ being monitored should have a different MPID. Must be configured to
+ enable CFM on this <ref table="Interface"/>.
+ </p>
+ <p>
+ According to the 802.1ag specification, MPIDs can only range between
+ [1, 8191]. However, extended mode (see <ref column="other_config"
+ key="cfm_extended"/>) supports eight byte MPIDs.
+ </p>
+ </column>
+
+ <column name="cfm_flap_count">
+ Counts the number of cfm fault flapps since boot. A flap is
+ considered to be a change of the <ref column="cfm_fault"/> value.
</column>
<column name="cfm_fault">
with compliant implementations which may be running concurrently on the
network. Furthermore, extended mode increases the accuracy of the
<code>cfm_interval</code> configuration parameter by breaking wire
- compatibility with 802.1ag compliant implementations. Defaults to
- <code>false</code>.
+ compatibility with 802.1ag compliant implementations. And extended
+ mode allows eight byte MPIDs. Defaults to <code>false</code>.
</column>
<column name="other_config" key="cfm_demand" type='{"type": "boolean"}'>
<ref column="other_config" key="cfm_extended"/> is true, the CFM
module operates in demand mode. When in demand mode, traffic
received on the <ref table="Interface"/> is used to indicate
- liveness. CCMs are still transmitted and received, but if the
- <ref table="Interface"/> is receiving traffic, their absence does not
- cause a connectivity fault.
+ liveness. CCMs are still transmitted and received. At least one
+ CCM must be received every 100 * <ref column="other_config"
+ key="cfm_interval"/> amount of time. Otherwise, even if traffic
+ are received, the CFM module will raise the connectivity fault.
</p>
<p>
column has no effect.
</p>
</column>
+
+ <column name="prefixes">
+ <p>
+ This string set specifies which fields should be used for
+ address prefix tracking. Prefix tracking allows the
+ classifier to skip rules with longer than necessary prefixes,
+ resulting in better wildcarding for datapath flows.
+ </p>
+ <p>
+ Prefix tracking may be beneficial when a flow table contains
+ matches on IP address fields with different prefix lengths.
+ For example, when a flow table contains IP address matches on
+ both full addresses and proper prefixes, the full address
+ matches will typically cause the datapath flow to un-wildcard
+ the whole address field (depending on flow entry priorities).
+ In this case each packet with a different address gets handed
+ to the userspace for flow processing and generates its own
+ datapath flow. With prefix tracking enabled for the address
+ field in question packets with addresses matching shorter
+ prefixes would generate datapath flows where the irrelevant
+ address bits are wildcarded, allowing the same datapath flow
+ to handle all the packets within the prefix in question. In
+ this case many userspace upcalls can be avoided and the
+ overall performance can be better.
+ </p>
+ <p>
+ This is a performance optimization only, so packets will
+ receive the same treatment with or without prefix tracking.
+ </p>
+ <p>
+ The supported fields are: <code>tun_id</code>,
+ <code>tun_src</code>, <code>tun_dst</code>,
+ <code>nw_src</code>, <code>nw_dst</code> (or aliases
+ <code>ip_src</code> and <code>ip_dst</code>),
+ <code>ipv6_src</code>, and <code>ipv6_dst</code>. (Using this
+ feature for <code>tun_id</code> would only make sense if the
+ tunnel IDs have prefix structure similar to IP addresses.)
+ </p>
+ <p>
+ For example, <code>prefixes=ip_dst,ip_src</code> instructs the
+ flow classifier to track the IP destination and source
+ addresses used by the rules in this specific flow table. To
+ set the prefix fields, the flow table record needs to exist:
+ </p>
+ <dl>
+ <dt><code>ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create Flow_Table name=table0</code></dt>
+ <dd>
+ Creates a flow table record for the OpenFlow table number 0.
+ </dd>
+
+ <dt><code>ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src</code></dt>
+ <dd>
+ Enables prefix tracking for IP source and destination
+ address fields.
+ </dd>
+ </dl>
+
+ <p>
+ There is a maximum number of fields that can be enabled for any
+ one flow table. Currently this limit is 3.
+ </p>
+ </column>
+
+ <group title="Common Columns">
+ The overall purpose of these columns is described under <code>Common
+ Columns</code> at the beginning of this document.
+
+ <column name="external_ids"/>
+ </group>
</table>
<table name="QoS" title="Quality of Service configuration">
</dd>
<dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
<dd>
- <p>The specified TCP <var>port</var> on the host at the
- given <var>ip</var>, which must be expressed as an IP
- address (not a DNS name).</p>
- <p>If <var>port</var> is not specified, it currently
- defaults to 6633. In the future, the default will change to
- 6653, which is the IANA-defined value.</p>
+ <p>
+ The specified TCP <var>port</var> on the host at the given
+ <var>ip</var>, which must be expressed as an IP address (not a
+ DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
+ <var>ip</var> is an IPv6 address, wrap it in square brackets,
+ e.g. <code>tcp:[::1]:6632</code>.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it currently defaults to
+ 6633. In the future, the default will change to 6653, which is
+ the IANA-defined value.
+ </p>
</dd>
</dl>
<p>
<dl>
<dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
<dd>
- <p> Listens for SSL connections on the specified TCP
- <var>port</var>. If <var>ip</var>, which must be expressed
- as an IP address (not a DNS name), is specified, then
- connections are restricted to the specified local IP
- address. The <ref table="Open_vSwitch" column="ssl"/>
- column in the <ref table="Open_vSwitch"/> table must point
- to a valid SSL configuration when this form is used.</p>
- <p>If <var>port</var> is not specified, it currently
- defaults to 6633. In the future, the default will change to
- 6653, which is the IANA-defined value.</p>
- <p>SSL support is an optional feature that is not always built as
- part of Open vSwitch.</p>
+ <p>
+ Listens for SSL connections on the specified TCP <var>port</var>.
+ If <var>ip</var>, which must be expressed as an IP address (not a
+ DNS name), is specified, then connections are restricted to the
+ specified local IP address (either IPv4 or IPv6). If
+ <var>ip</var> is an IPv6 address, wrap it in square brackets,
+ e.g. <code>pssl:6632:[::1]</code>.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it currently defaults to
+ 6633. If <var>ip</var> is not specified then it listens only on
+ IPv4 (but not IPv6) addresses. The
+ <ref table="Open_vSwitch" column="ssl"/>
+ column in the <ref table="Open_vSwitch"/> table must point to a
+ valid SSL configuration when this form is used.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it currently defaults to
+ 6633. In the future, the default will change to 6653, which is
+ the IANA-defined value.
+ </p>
+ <p>
+ SSL support is an optional feature that is not always built as
+ part of Open vSwitch.
+ </p>
</dd>
<dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
<dd>
- <p>Listens for connections on the specified TCP
- <var>port</var>. If <var>ip</var>, which must be expressed
- as an IP address (not a DNS name), is specified, then
- connections are restricted to the specified local IP
- address.</p>
- <p>If <var>port</var> is not specified, it currently
- defaults to 6633. In the future, the default will change to
- 6653, which is the IANA-defined value.</p>
+ <p>
+ Listens for connections on the specified TCP <var>port</var>. If
+ <var>ip</var>, which must be expressed as an IP address (not a
+ DNS name), is specified, then connections are restricted to the
+ specified local IP address (either IPv4 or IPv6). If
+ <var>ip</var> is an IPv6 address, wrap it in square brackets,
+ e.g. <code>ptcp:6632:[::1]</code>. If <var>ip</var> is not
+ specified then it listens only on IPv4 addresses.
+ </p>
+ <p>
+ If <var>port</var> is not specified, it currently defaults to
+ 6633. In the future, the default will change to 6653, which is
+ the IANA-defined value.
+ </p>
</dd>
</dl>
<p>When multiple controllers are configured for a single bridge, the
<dd>
<p>
The specified TCP <var>port</var> on the host at the given
- <var>ip</var>, which must be expressed as an IP address
- (not a DNS name).
+ <var>ip</var>, which must be expressed as an IP address (not a
+ DNS name), where <var>ip</var> can be IPv4 or IPv6 address. If
+ <var>ip</var> is an IPv6 address, wrap it in square brackets,
+ e.g. <code>tcp:[::1]:6632</code>.
</p>
<p>
If <var>port</var> is not specified, it currently defaults
<dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
<dd>
<p>
- Listens for SSL connections on the specified TCP
- <var>port</var>. Specify 0 for <var>port</var> to have
- the kernel automatically choose an available port. If
- <var>ip</var>, which must be expressed as an IP address
- (not a DNS name), is specified, then connections are
- restricted to the specified local IP address. The <ref
- table="Open_vSwitch" column="ssl"/> column in the <ref
+ Listens for SSL connections on the specified TCP <var>port</var>.
+ Specify 0 for <var>port</var> to have the kernel automatically
+ choose an available port. If <var>ip</var>, which must be
+ expressed as an IP address (not a DNS name), is specified, then
+ connections are restricted to the specified local IP address
+ (either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
+ address, wrap in square brackets,
+ e.g. <code>pssl:6632:[::1]</code>. If <var>ip</var> is not
+ specified then it listens only on IPv4 (but not IPv6) addresses.
+ The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
table="Open_vSwitch"/> table must point to a valid SSL
configuration when this form is used.
</p>
<dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
<dd>
<p>
- Listens for connections on the specified TCP
- <var>port</var>. Specify 0 for <var>port</var> to have
- the kernel automatically choose an available port. If
- <var>ip</var>, which must be expressed as an IP address
- (not a DNS name), is specified, then connections are
- restricted to the specified local IP address.
+ Listens for connections on the specified TCP <var>port</var>.
+ Specify 0 for <var>port</var> to have the kernel automatically
+ choose an available port. If <var>ip</var>, which must be
+ expressed as an IP address (not a DNS name), is specified, then
+ connections are restricted to the specified local IP address
+ (either IPv4 or IPv6 address). If <var>ip</var> is an IPv6
+ address, wrap it in square brackets,
+ e.g. <code>ptcp:6632:[::1]</code>. If <var>ip</var> is not
+ specified then it listens only on IPv4 addresses.
</p>
<p>
If <var>port</var> is not specified, it currently defaults
git://git.onelab.eu / sliver-openvswitch.git / blobdiff