X-Git-Url: http://git.onelab.eu/?p=sliver-openvswitch.git;a=blobdiff_plain;f=vswitchd%2Fvswitch.xml;h=7f2fd587d754afc469964b1111935851a2e01854;hp=9da34d9f415e27650aae050d14ca4f71b9e1abbb;hb=34c88624ad02129a1b477717fe5d3928530dccbe;hpb=9dd165e0508143d36c73f258d8bcfdbbb356830a

diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index 9da34d9f4..7f2fd587d 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -123,48 +123,45 @@
         </p>
       </column>
 
-      <column name="other_config" key="flow-eviction-threshold"
+      <column name="other_config" key="flow-limit"
               type='{"type": "integer", "minInteger": 0}'>
         <p>
-          A number of flows as a nonnegative integer.  This sets number of
-          flows at which eviction from the datapath flow table will be
-          triggered.  If there are a large number of flows then increasing this
-          value to around the number of flows present can result in reduced CPU
-          usage and packet loss.
+          The maximum
+          number of flows allowed in the datapath flow table.  Internally OVS
+          will choose a flow limit which will likely be lower than this number,
+          based on real time network conditions.
         </p>
         <p>
-          The default is 2500.  Values below 100 will be rounded up to 100.
+          The default is 200000.
         </p>
       </column>
 
-      <column name="other_config" key="force-miss-model">
+      <column name="other_config" key="n-handler-threads"
+              type='{"type": "integer", "minInteger": 1}'>
         <p>
-          Specifies userspace behaviour for handling flow misses. This takes
-          precedence over flow-eviction-threshold.
+          Specifies the number of threads for software datapaths to use for
+          handling new flows.  The default the number of online CPU cores minus
+          the number of revalidators.
         </p>
         <p>
-          <dl>
-            <dt><code>auto</code></dt>
-            <dd>Handle automatically based on the flow-eviction-threshold and
-            the flow setup governer (default, recommended).</dd>
-            <dt><code>with-facets</code></dt>
-            <dd>Always create facets. Expensive kernel flow creation and
-            statistics tracking is always performed, even on flows with only
-            a small number of packets.</dd>
-            <dt><code>without-facets</code></dt>
-            <dd>Always handle without facets. Forces flow misses to be handled
-            in userspace. May cause an increase in CPU usage and packet loss
-            on high throughput.</dd>
-          </dl>
+          This configuration is per datapath.  If you have more than one
+          software datapath (e.g. some <code>system</code> bridges and some
+          <code>netdev</code> bridges), then the total number of threads is
+          <code>n-handler-threads</code> times the number of software
+          datapaths.
         </p>
       </column>
 
-      <column name="other_config" key="n-handler-threads"
+      <column name="other_config" key="n-revalidator-threads"
               type='{"type": "integer", "minInteger": 1}'>
         <p>
           Specifies the number of threads for software datapaths to use for
-          handling new flows.  The default is two less than the number of
-          online CPU cores (but at least 1).
+          revalidating flows in the datapath.  Typically, there is a direct
+          correlation between the number of revalidator threads, and the number
+          of flows allowed in the datapath.  The default is the number of cpu
+          cores divided by four plus one.  If <code>n-handler-threads</code> is
+          set, the default changes to the number of cpu cores minus the number
+          of handler threads.
         </p>
         <p>
           This configuration is per datapath.  If you have more than one
@@ -568,9 +565,22 @@
       </column>
 
       <column name="protocols">
-        List of OpenFlow protocols that may be used when negotiating a
-        connection with a controller.  A default value of
-        <code>OpenFlow10</code> will be used if this column is empty.
+	<p>
+	  List of OpenFlow protocols that may be used when negotiating
+	  a connection with a controller.  OpenFlow 1.0, 1.1, 1.2, and
+	  1.3 are enabled by default if this column is empty.
+	</p>
+
+	<p>
+	  The current implementation of OpenFlow 1.4 support is not safe:
+	  <code>ovs-vswitchd</code> will abort when certain unimplemented
+	  features are tested.  Thus, for now it is suitable only for
+	  experimental use.  For this reason, OpenFlow 1.4 is supported only
+	  if, in addition to specifying <code>OpenFlow14</code> in this field,
+	  <code>ovs-vswitchd</code> is invoked with the
+	  <code>--enable-of14</code> option.  (When support becomes safe, this
+	  option will be removed.)
+	</p>
       </column>
     </group>
 
@@ -1306,14 +1316,19 @@
 	  </p>
 
 	  <p>
-	    Open vSwitch currently assigns the OpenFlow port number for an
-	    interface once, when the client first adds the interface.  It does
-	    not change the port number later if the client sets or changes or
-	    clears <ref column="ofport_request"/>.  Therefore, to ensure that
-	    <ref column="ofport_request"/> takes effect, the client should set
-	    it in the same database transaction that creates the interface.
-	    (Future versions of Open vSwitch might honor changes to <ref
-	    column="ofport_request"/>.)
+	    A client should ideally set this column's value in the same
+	    database transaction that it uses to create the interface.  Open
+	    vSwitch version 2.1 and later will honor a later request for a
+	    specific port number, althuogh it might confuse some controllers:
+	    OpenFlow does not have a way to announce a port number change, so
+	    Open vSwitch represents it over OpenFlow as a port deletion
+	    followed immediately by a port addition.
+	  </p>
+
+	  <p>
+	    If <ref column="ofport_request"/> is set or changed to some other
+	    port's automatically assigned port number, Open vSwitch chooses a
+	    new port number for the latter port.
 	  </p>
 	</column>
       </group>
@@ -1387,8 +1402,18 @@
 
           <dt><code>lisp</code></dt>
           <dd>
-            A layer 3 tunnel over the experimental, UDP-based Locator/ID
-            Separation Protocol (RFC 6830).
+            <p>
+              A layer 3 tunnel over the experimental, UDP-based Locator/ID
+              Separation Protocol (RFC 6830).
+            </p>
+            <p>
+              Only IPv4 and IPv6 packets are supported by the protocol, and
+              they are sent and received without an Ethernet header.  Traffic
+              to/from LISP ports is expected to be configured explicitly, and
+              the ports are not intended to participate in learning based
+              switching.  As such, they are always excluded from packet
+              flooding.
+            </p>
           </dd>
 
           <dt><code>patch</code></dt>
@@ -1943,10 +1968,13 @@
 	</column>
 
 	<column name="bfd" key="forwarding_if_rx" type='{"type": "boolean"}'>
-          True to consider the interface capable of packet I/O as long as it
-          continues to receive any packets (not just BFD packets).  This
-          prevents link congestion that causes consecutive BFD control packets
-          to be lost from marking the interface down.
+          When <code>true</code>, traffic received on the
+          <ref table="Interface"/> is used to indicate the capability of packet
+          I/O.  BFD control packets are still transmitted and received.  At
+          least one BFD control packet must be received every 100 * <ref
+          column="bfd" key="min_rx"/> amount of time.  Otherwise, even if
+          traffic are received, the <ref column="bfd" key="forwarding"/>
+          will be <code>false</code>.
 	</column>
 
 	<column name="bfd" key="cpath_down" type='{"type": "boolean"}'>
@@ -1970,6 +1998,16 @@
 	  expected as destination for received BFD packets.  The default is
 	  <code>00:23:20:00:00:01</code>.
 	</column>
+
+	<column name="bfd" key="bfd_src_ip">
+          Set to an IPv4 address to set the IP address used as source for
+          transmitted BFD packets.  The default is <code>169.254.1.0</code>.
+	</column>
+
+	<column name="bfd" key="bfd_dst_ip">
+          Set to an IPv4 address to set the IP address used as destination
+          for transmitted BFD packets.  The default is <code>169.254.1.1</code>.
+	</column>
       </group>
 
       <group title="BFD Status">
@@ -2009,6 +2047,13 @@
 	  In case of a problem, set to a short message that reports what the
 	  remote endpoint's BFD session thinks is wrong.
 	</column>
+
+        <column name="bfd_status" key="flap_count"
+          type='{"type": "integer", "minInteger": 0}'>
+          Counts the number of <ref column="bfd_status" key="forwarding" />
+          flaps since start.  A flap is considered as a change of the
+          <ref column="bfd_status" key="forwarding" /> value.
+        </column>
       </group>
     </group>
 
@@ -2038,11 +2083,18 @@
       </p>
 
       <column name="cfm_mpid">
-        A Maintenance Point ID (MPID) uniquely identifies each endpoint within
-        a Maintenance Association.  The MPID is used to identify this endpoint
-        to other Maintenance Points in the MA.  Each end of a link being
-        monitored should have a different MPID.  Must be configured to enable
-        CFM on this <ref table="Interface"/>.
+        <p>
+          A Maintenance Point ID (MPID) uniquely identifies each endpoint
+          within a Maintenance Association.  The MPID is used to identify this
+          endpoint to other Maintenance Points in the MA.  Each end of a link
+          being monitored should have a different MPID.  Must be configured to
+          enable CFM on this <ref table="Interface"/>.
+        </p>
+        <p>
+          According to the 802.1ag specification, MPIDs can only range between
+          [1, 8191].  However, extended mode (see <ref column="other_config"
+          key="cfm_extended"/>) supports eight byte MPIDs.
+        </p>
       </column>
 
       <column name="cfm_flap_count">
@@ -2172,8 +2224,8 @@
         with compliant implementations which may be running concurrently on the
         network. Furthermore, extended mode increases the accuracy of the
         <code>cfm_interval</code> configuration parameter by breaking wire
-        compatibility with 802.1ag compliant implementations.  Defaults to
-        <code>false</code>.
+        compatibility with 802.1ag compliant implementations.  And extended
+        mode allows eight byte MPIDs.  Defaults to <code>false</code>.
       </column>
 
       <column name="other_config" key="cfm_demand" type='{"type": "boolean"}'>
@@ -2182,9 +2234,10 @@
           <ref column="other_config" key="cfm_extended"/> is true, the CFM
           module operates in demand mode.  When in demand mode, traffic
           received on the <ref table="Interface"/> is used to indicate
-          liveness.  CCMs are still transmitted and received, but if the
-          <ref table="Interface"/> is receiving traffic, their absence does not
-          cause a connectivity fault.
+          liveness.  CCMs are still transmitted and received.  At least one
+          CCM must be received every 100 * <ref column="other_config"
+          key="cfm_interval"/> amount of time.  Otherwise, even if traffic
+          are received, the CFM module will raise the connectivity fault.
         </p>
 
         <p>
@@ -2517,6 +2570,75 @@
         column has no effect.
       </p>
     </column>
+
+    <column name="prefixes">
+      <p>
+        This string set specifies which fields should be used for
+        address prefix tracking.  Prefix tracking allows the
+        classifier to skip rules with longer than necessary prefixes,
+        resulting in better wildcarding for datapath flows.
+      </p>
+      <p>
+        Prefix tracking may be beneficial when a flow table contains
+        matches on IP address fields with different prefix lengths.
+        For example, when a flow table contains IP address matches on
+        both full addresses and proper prefixes, the full address
+        matches will typically cause the datapath flow to un-wildcard
+        the whole address field (depending on flow entry priorities).
+        In this case each packet with a different address gets handed
+        to the userspace for flow processing and generates its own
+        datapath flow.  With prefix tracking enabled for the address
+        field in question packets with addresses matching shorter
+        prefixes would generate datapath flows where the irrelevant
+        address bits are wildcarded, allowing the same datapath flow
+        to handle all the packets within the prefix in question.  In
+        this case many userspace upcalls can be avoided and the
+        overall performance can be better.
+      </p>
+      <p>
+        This is a performance optimization only, so packets will
+        receive the same treatment with or without prefix tracking.
+      </p>
+      <p>
+        The supported fields are: <code>tun_id</code>,
+        <code>tun_src</code>, <code>tun_dst</code>,
+        <code>nw_src</code>, <code>nw_dst</code> (or aliases
+        <code>ip_src</code> and <code>ip_dst</code>),
+        <code>ipv6_src</code>, and <code>ipv6_dst</code>.  (Using this
+        feature for <code>tun_id</code> would only make sense if the
+        tunnel IDs have prefix structure similar to IP addresses.)
+      </p>
+      <p>
+        For example, <code>prefixes=ip_dst,ip_src</code> instructs the
+        flow classifier to track the IP destination and source
+        addresses used by the rules in this specific flow table.  To
+        set the prefix fields, the flow table record needs to exist:
+      </p>
+      <dl>
+        <dt><code>ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create Flow_Table name=table0</code></dt>
+        <dd>
+          Creates a flow table record for the OpenFlow table number 0.
+        </dd>
+
+        <dt><code>ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src</code></dt>
+        <dd>
+          Enables prefix tracking for IP source and destination
+          address fields.
+        </dd>
+      </dl>
+
+      <p>
+        There is a maximum number of fields that can be enabled for any
+        one flow table.  Currently this limit is 3.
+      </p>
+    </column>
+
+    <group title="Common Columns">
+      The overall purpose of these columns is described under <code>Common
+      Columns</code> at the beginning of this document.
+
+      <column name="external_ids"/>
+    </group>
   </table>
 
   <table name="QoS" title="Quality of Service configuration">
@@ -2880,12 +3002,18 @@
           </dd>
           <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
           <dd>
-            <p>The specified TCP <var>port</var> on the host at the
-            given <var>ip</var>, which must be expressed as an IP
-            address (not a DNS name).</p>
-            <p>If <var>port</var> is not specified, it currently
-            defaults to 6633.  In the future, the default will change to
-            6653, which is the IANA-defined value.</p>
+            <p>
+              The specified TCP <var>port</var> on the host at the given
+              <var>ip</var>, which must be expressed as an IP address (not a
+              DNS name), where <var>ip</var> can be IPv4 or IPv6 address.  If
+              <var>ip</var> is an IPv6 address, wrap it in square brackets,
+              e.g. <code>tcp:[::1]:6632</code>.
+            </p>
+            <p>
+              If <var>port</var> is not specified, it currently defaults to
+              6633.  In the future, the default will change to 6653, which is
+              the IANA-defined value.
+            </p>
           </dd>
         </dl>
         <p>
@@ -2895,29 +3023,48 @@
         <dl>
           <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
           <dd>
-            <p> Listens for SSL connections on the specified TCP
-            <var>port</var>.  If <var>ip</var>, which must be expressed
-            as an IP address (not a DNS name), is specified, then
-            connections are restricted to the specified local IP
-            address.  The <ref table="Open_vSwitch" column="ssl"/>
-            column in the <ref table="Open_vSwitch"/> table must point
-            to a valid SSL configuration when this form is used.</p>
-            <p>If <var>port</var> is not specified, it currently
-            defaults to 6633.  In the future, the default will change to
-            6653, which is the IANA-defined value.</p>
-            <p>SSL support is an optional feature that is not always built as
-            part of Open vSwitch.</p>
+            <p>
+              Listens for SSL connections on the specified TCP <var>port</var>.
+              If <var>ip</var>, which must be expressed as an IP address (not a
+              DNS name), is specified, then connections are restricted to the
+              specified local IP address (either IPv4 or IPv6).  If
+              <var>ip</var> is an IPv6 address, wrap it in square brackets,
+              e.g. <code>pssl:6632:[::1]</code>.
+            </p>
+            <p>
+              If <var>port</var> is not specified, it currently defaults to
+              6633.  If <var>ip</var> is not specified then it listens only on
+              IPv4 (but not IPv6) addresses.  The
+              <ref table="Open_vSwitch" column="ssl"/>
+              column in the <ref table="Open_vSwitch"/> table must point to a
+              valid SSL configuration when this form is used.
+            </p>
+            <p>
+              If <var>port</var> is not specified, it currently defaults to
+              6633.  In the future, the default will change to 6653, which is
+              the IANA-defined value.
+            </p>
+            <p>
+              SSL support is an optional feature that is not always built as
+              part of Open vSwitch.
+            </p>
           </dd>
           <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
           <dd>
-            <p>Listens for connections on the specified TCP
-            <var>port</var>.  If <var>ip</var>, which must be expressed
-            as an IP address (not a DNS name), is specified, then
-            connections are restricted to the specified local IP
-            address.</p>
-            <p>If <var>port</var> is not specified, it currently
-            defaults to 6633.  In the future, the default will change to
-            6653, which is the IANA-defined value.</p>
+            <p>
+              Listens for connections on the specified TCP <var>port</var>.  If
+              <var>ip</var>, which must be expressed as an IP address (not a
+              DNS name), is specified, then connections are restricted to the
+              specified local IP address (either IPv4 or IPv6).  If
+              <var>ip</var> is an IPv6 address, wrap it in square brackets,
+              e.g. <code>ptcp:6632:[::1]</code>. If <var>ip</var> is not
+              specified then it listens only on IPv4 addresses.
+            </p>
+            <p>
+              If <var>port</var> is not specified, it currently defaults to
+              6633.  In the future, the default will change to 6653, which is
+              the IANA-defined value.
+            </p>
           </dd>
         </dl>
         <p>When multiple controllers are configured for a single bridge, the
@@ -3211,8 +3358,10 @@
           <dd>
             <p>
               The specified TCP <var>port</var> on the host at the given
-              <var>ip</var>, which must be expressed as an IP address
-              (not a DNS name).
+              <var>ip</var>, which must be expressed as an IP address (not a
+              DNS name), where <var>ip</var> can be IPv4 or IPv6 address.  If
+              <var>ip</var> is an IPv6 address, wrap it in square brackets,
+              e.g. <code>tcp:[::1]:6632</code>.
             </p>
             <p>
               If <var>port</var> is not specified, it currently defaults
@@ -3223,13 +3372,16 @@
           <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
           <dd>
             <p>
-              Listens for SSL connections on the specified TCP
-              <var>port</var>.  Specify 0 for <var>port</var> to have
-              the kernel automatically choose an available port.  If
-              <var>ip</var>, which must be expressed as an IP address
-              (not a DNS name), is specified, then connections are
-              restricted to the specified local IP address.  The <ref
-              table="Open_vSwitch" column="ssl"/> column in the <ref
+              Listens for SSL connections on the specified TCP <var>port</var>.
+              Specify 0 for <var>port</var> to have the kernel automatically
+              choose an available port.  If <var>ip</var>, which must be
+              expressed as an IP address (not a DNS name), is specified, then
+              connections are restricted to the specified local IP address
+              (either IPv4 or IPv6 address).  If <var>ip</var> is an IPv6
+              address, wrap in square brackets,
+              e.g. <code>pssl:6632:[::1]</code>.  If <var>ip</var> is not
+              specified then it listens only on IPv4 (but not IPv6) addresses.
+              The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
               table="Open_vSwitch"/> table must point to a valid SSL
               configuration when this form is used.
             </p>
@@ -3246,12 +3398,15 @@
           <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
           <dd>
             <p>
-              Listens for connections on the specified TCP
-              <var>port</var>.  Specify 0 for <var>port</var> to have
-              the kernel automatically choose an available port.  If
-              <var>ip</var>, which must be expressed as an IP address
-              (not a DNS name), is specified, then connections are
-              restricted to the specified local IP address.
+              Listens for connections on the specified TCP <var>port</var>.
+              Specify 0 for <var>port</var> to have the kernel automatically
+              choose an available port.  If <var>ip</var>, which must be
+              expressed as an IP address (not a DNS name), is specified, then
+              connections are restricted to the specified local IP address
+              (either IPv4 or IPv6 address).  If <var>ip</var> is an IPv6
+              address, wrap it in square brackets,
+              e.g. <code>ptcp:6632:[::1]</code>.  If <var>ip</var> is not
+              specified then it listens only on IPv4 addresses.
             </p>
             <p>
               If <var>port</var> is not specified, it currently defaults