X-Git-Url: http://git.onelab.eu/?p=sliver-openvswitch.git;a=blobdiff_plain;f=vswitchd%2Fvswitch.xml;h=7f2fd587d754afc469964b1111935851a2e01854;hp=b89d58c9927b73d1616fc456335a8aec5b1fdf0a;hb=34c88624ad02129a1b477717fe5d3928530dccbe;hpb=de8d2ef9dd141f4a96d4b79afbfadb3c4eb042c7

diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
index b89d58c99..7f2fd587d 100644
--- a/vswitchd/vswitch.xml
+++ b/vswitchd/vswitch.xml
@@ -123,39 +123,52 @@
         </p>
       </column>
 
-      <column name="other_config" key="flow-eviction-threshold"
+      <column name="other_config" key="flow-limit"
               type='{"type": "integer", "minInteger": 0}'>
         <p>
-          A number of flows as a nonnegative integer.  This sets number of
-          flows at which eviction from the datapath flow table will be
-          triggered.  If there are a large number of flows then increasing this
-          value to around the number of flows present can result in reduced CPU
-          usage and packet loss.
+          The maximum
+          number of flows allowed in the datapath flow table.  Internally OVS
+          will choose a flow limit which will likely be lower than this number,
+          based on real time network conditions.
         </p>
         <p>
-          The default is 2500.  Values below 100 will be rounded up to 100.
+          The default is 200000.
         </p>
       </column>
 
-      <column name="other_config" key="force-miss-model">
+      <column name="other_config" key="n-handler-threads"
+              type='{"type": "integer", "minInteger": 1}'>
+        <p>
+          Specifies the number of threads for software datapaths to use for
+          handling new flows.  The default the number of online CPU cores minus
+          the number of revalidators.
+        </p>
+        <p>
+          This configuration is per datapath.  If you have more than one
+          software datapath (e.g. some <code>system</code> bridges and some
+          <code>netdev</code> bridges), then the total number of threads is
+          <code>n-handler-threads</code> times the number of software
+          datapaths.
+        </p>
+      </column>
+
+      <column name="other_config" key="n-revalidator-threads"
+              type='{"type": "integer", "minInteger": 1}'>
         <p>
-          Specifies userspace behaviour for handling flow misses. This takes
-          precedence over flow-eviction-threshold.
+          Specifies the number of threads for software datapaths to use for
+          revalidating flows in the datapath.  Typically, there is a direct
+          correlation between the number of revalidator threads, and the number
+          of flows allowed in the datapath.  The default is the number of cpu
+          cores divided by four plus one.  If <code>n-handler-threads</code> is
+          set, the default changes to the number of cpu cores minus the number
+          of handler threads.
         </p>
         <p>
-          <dl>
-            <dt><code>auto</code></dt>
-            <dd>Handle automatically based on the flow-eviction-threshold and
-            the flow setup governer (default, recommended).</dd>
-            <dt><code>with-facets</code></dt>
-            <dd>Always create facets. Expensive kernel flow creation and
-            statistics tracking is always performed, even on flows with only
-            a small number of packets.</dd>
-            <dt><code>without-facets</code></dt>
-            <dd>Always handle without facets. Forces flow misses to be handled
-            in userspace. May cause an increase in CPU usage and packet loss
-            on high throughput.</dd>
-          </dl>
+          This configuration is per datapath.  If you have more than one
+          software datapath (e.g. some <code>system</code> bridges and some
+          <code>netdev</code> bridges), then the total number of threads is
+          <code>n-handler-threads</code> times the number of software
+          datapaths.
         </p>
       </column>
     </group>
@@ -552,9 +565,22 @@
       </column>
 
       <column name="protocols">
-        List of OpenFlow protocols that may be used when negotiating a
-        connection with a controller.  A default value of
-        <code>OpenFlow10</code> will be used if this column is empty.
+	<p>
+	  List of OpenFlow protocols that may be used when negotiating
+	  a connection with a controller.  OpenFlow 1.0, 1.1, 1.2, and
+	  1.3 are enabled by default if this column is empty.
+	</p>
+
+	<p>
+	  The current implementation of OpenFlow 1.4 support is not safe:
+	  <code>ovs-vswitchd</code> will abort when certain unimplemented
+	  features are tested.  Thus, for now it is suitable only for
+	  experimental use.  For this reason, OpenFlow 1.4 is supported only
+	  if, in addition to specifying <code>OpenFlow14</code> in this field,
+	  <code>ovs-vswitchd</code> is invoked with the
+	  <code>--enable-of14</code> option.  (When support becomes safe, this
+	  option will be removed.)
+	</p>
       </column>
     </group>
 
@@ -925,7 +951,9 @@
 
       <p>
         The following modes require the upstream switch to support 802.3ad with
-        successful LACP negotiation:
+        successful LACP negotiation. If LACP negotiation fails and
+        other-config:lacp-fallback-ab is true, then <code>active-backup</code>
+        mode is used:
       </p>
 
       <dl>
@@ -1015,7 +1043,8 @@
           in LACP negotiations initiated by a remote switch, but not allowed to
           initiate such negotiations themselves.  If LACP is enabled on a port
           whose partner switch does not support LACP, the bond will be
-          disabled.  Defaults to <code>off</code> if unset.
+          disabled, unless other-config:lacp-fallback-ab is set to true.
+          Defaults to <code>off</code> if unset.
         </column>
 
         <column name="other_config" key="lacp-system-id">
@@ -1043,6 +1072,18 @@
             rate of once every 30 seconds.
           </p>
         </column>
+
+        <column name="other_config" key="lacp-fallback-ab"
+          type='{"type": "boolean"}'>
+          <p>
+            Determines the behavior of openvswitch bond in LACP mode. If
+            the partner switch does not support LACP, setting this option
+            to <code>true</code> allows openvswitch to fallback to
+            active-backup. If the option is set to <code>false</code>, the
+            bond will be disabled. In both the cases, once the partner switch
+            is configured to LACP mode, the bond will use LACP.
+          </p>
+        </column>
       </group>
 
       <group title="Rebalancing Configuration">
@@ -1238,33 +1279,59 @@
         address.</p>
       </column>
 
-      <column name="ofport">
-        <p>OpenFlow port number for this interface.  Unlike most columns, this
-        column's value should be set only by Open vSwitch itself.  Other
-        clients should set this column to an empty set (the default) when
-        creating an <ref table="Interface"/>.</p>
-        <p>Open vSwitch populates this column when the port number becomes
-        known.  If the interface is successfully added,
-        <ref column="ofport"/> will be set to a number between 1 and 65535
-        (generally either in the range 1 to 65279, inclusive, or 65534, the
-        port number for the OpenFlow ``local port'').  If the interface
-        cannot be added then Open vSwitch sets this column
-        to -1.</p>
-        <p>When <ref column="ofport_request"/> is not set, Open vSwitch picks
-        an appropriate value for this column and then tries to keep the value
-        constant across restarts.</p>
-      </column>
-
-      <column name="ofport_request">
-        <p>Requested OpenFlow port number for this interface.  The port
-        number must be between 1 and 65279, inclusive.  Some datapaths
-        cannot satisfy all requests for particular port numbers.  When
-        this column is empty or the request cannot be fulfilled, the
-        system will choose a free port.  The <ref column="ofport"/>
-        column reports the assigned OpenFlow port number.</p>
-        <p>The port number must be requested in the same transaction
-        that creates the port.</p>
-      </column>
+      <group title="OpenFlow Port Number">
+	<p>
+	  When a client adds a new interface, Open vSwitch chooses an OpenFlow
+	  port number for the new port.  If the client that adds the port fills
+	  in <ref column="ofport_request"/>, then Open vSwitch tries to use its
+	  value as the OpenFlow port number.  Otherwise, or if the requested
+	  port number is already in use or cannot be used for another reason,
+	  Open vSwitch automatically assigns a free port number.  Regardless of
+	  how the port number was obtained, Open vSwitch then reports in <ref
+	  column="ofport"/> the port number actually assigned.
+	</p>
+
+	<p>
+	  Open vSwitch limits the port numbers that it automatically assigns to
+	  the range 1 through 32,767, inclusive.  Controllers therefore have
+	  free use of ports 32,768 and up.
+	</p>
+
+	<column name="ofport">
+	  <p>
+	    OpenFlow port number for this interface.  Open vSwitch sets this
+	    column's value, so other clients should treat it as read-only.
+	  </p>
+	  <p>
+	    The OpenFlow ``local'' port (<code>OFPP_LOCAL</code>) is 65,534.
+	    The other valid port numbers are in the range 1 to 65,279,
+	    inclusive.  Value -1 indicates an error adding the interface.
+	  </p>
+	</column>
+
+	<column name="ofport_request"
+		type='{"type": "integer", "minInteger": 1, "maxInteger": 65279}'>
+	  <p>
+	    Requested OpenFlow port number for this interface.
+	  </p>
+
+	  <p>
+	    A client should ideally set this column's value in the same
+	    database transaction that it uses to create the interface.  Open
+	    vSwitch version 2.1 and later will honor a later request for a
+	    specific port number, althuogh it might confuse some controllers:
+	    OpenFlow does not have a way to announce a port number change, so
+	    Open vSwitch represents it over OpenFlow as a port deletion
+	    followed immediately by a port addition.
+	  </p>
+
+	  <p>
+	    If <ref column="ofport_request"/> is set or changed to some other
+	    port's automatically assigned port number, Open vSwitch chooses a
+	    new port number for the latter port.
+	  </p>
+	</column>
+      </group>
     </group>
 
     <group title="System-Specific Details">
@@ -1325,8 +1392,6 @@
 	      An Ethernet tunnel over the experimental, UDP-based VXLAN
 	      protocol described at
 	      <code>http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-03</code>.
-	      VXLAN is currently supported only with the Linux kernel datapath
-	      with kernel version 2.6.26 or later.
 	    </p>
 	    <p>
 	      Open vSwitch uses UDP destination port 4789.  The source port used for
@@ -1337,9 +1402,18 @@
 
           <dt><code>lisp</code></dt>
           <dd>
-            A layer 3 tunnel over the experimental, UDP-based Locator/ID
-            Separation Protocol (RFC 6830). LISP is currently supported only
-            with the Linux kernel datapath with kernel version 2.6.26 or later.
+            <p>
+              A layer 3 tunnel over the experimental, UDP-based Locator/ID
+              Separation Protocol (RFC 6830).
+            </p>
+            <p>
+              Only IPv4 and IPv6 packets are supported by the protocol, and
+              they are sent and received without an Ethernet header.  Traffic
+              to/from LISP ports is expected to be configured explicitly, and
+              the ports are not intended to participate in learning based
+              switching.  As such, they are always excluded from packet
+              flooding.
+            </p>
           </dd>
 
           <dt><code>patch</code></dt>
@@ -1830,110 +1904,157 @@
     </group>
 
     <group title="Bidirectional Forwarding Detection (BFD)">
-        <p>
-            BFD, defined in RFC 5880 and RFC 5881, allows point to point
-            detection of connectivity failures by occasional transmission of
-            BFD control messages.  It is implemented in Open vSwitch to serve
-            as a more popular and standards compliant alternative to CFM.
-        </p>
-
-        <p>
-            BFD operates by regularly transmitting BFD control messages at a
-            rate negotiated independently in each direction.  Each endpoint
-            specifies the rate at which it expects to receive control messages,
-            and the rate at which it's willing to transmit them.  Open vSwitch
-            uses a detection multiplier of three, meaning that an endpoint
-            which fails to receive BFD control messages for a period of three
-            times the expected reception rate, will signal a connectivity
-            fault.  In the case of a unidirectional connectivity issue, the
-            system not receiving BFD control messages will signal the problem
-            to its peer in the messages it transmits.
-        </p>
-
-        <p>
-            The Open vSwitch implementation of BFD aims to comply faithfully
-            with the requirements put forth in RFC 5880.  Currently, the only
-            known omission is ``Demand Mode'', which we hope to include in
-            future.  Open vSwitch does not implement the optional
-            Authentication or ``Echo Mode'' features.
-        </p>
-
-      <column name="bfd" key="enable">
-          When <code>true</code> BFD is enabled on this
-          <ref table="Interface"/>, otherwise it's disabled.  Defaults to
-          <code>false</code>.
-      </column>
-
-      <column name="bfd" key="min_rx"
-          type='{"type": "integer", "minInteger": 1}'>
-          The fastest rate, in milliseconds, at which this BFD session is
-          willing to receive BFD control messages.  The actual rate may be
-          slower if the remote endpoint isn't willing to transmit as quickly as
-          specified.  Defaults to <code>1000</code>.
-      </column>
-
-      <column name="bfd" key="min_tx"
-          type='{"type": "integer", "minInteger": 1}'>
-          The fastest rate, in milliseconds, at which this BFD session is
-          willing to transmit BFD control messages.  The actual rate may be
-          slower if the remote endpoint isn't willing to receive as quickly as
-          specified.  Defaults to <code>100</code>.
-      </column>
-
-      <column name="bfd" key="cpath_down" type='{"type": "boolean"}'>
-          Concatenated path down may be used when the local system should not
-          have traffic forwarded to it for some reason other than a connectivty
-          failure on the interface being monitored.  When a controller thinks
-          this may be the case, it may set <code>cpath_down</code> to
-          <code>true</code> which may cause the remote BFD session not to
-          forward traffic to this <ref table="Interface"/>. Defaults to
-          <code>false</code>.
-      </column>
-
-      <column name="bfd" key="check_tnl_key" type='{"type": "boolean"}'>
-          When set to true, Check Tunnel Key will make BFD only accept control
-          messages with an <code>in_key</code> of zero. Defaults to
-          <code>false</code>.
-      </column>
-
-      <column name="bfd" key="bfd_dst_mac">
-        An Ethernet address in the form
-        <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
-        to set the destination mac address of the bfd packet. If this
-        field is set, it is assumed that all the bfd packets destined to this
-        interface also has the same destination mac address. If not set, a
-        default value of <code>00:23:20:00:00:01</code> is used.
-      </column>
-
-      <column name="bfd_status" key="state"
-          type='{"type": "string",
-          "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
-          State of the BFD session.  The BFD session is fully healthy and
-          negotiated if <code>UP</code>.
-      </column>
+      <p>
+	BFD, defined in RFC 5880 and RFC 5881, allows point-to-point
+	detection of connectivity failures by occasional transmission of
+	BFD control messages.  Open vSwitch implements BFD to serve
+	as a more popular and standards compliant alternative to CFM.
+      </p>
 
-      <column name="bfd_status" key="forwarding" type='{"type": "boolean"}'>
-          True if the BFD session believes this <ref table="Interface"/> may be
-          used to forward traffic.  Typically this means the local session is
-          signaling <code>UP</code>, and the remote system isn't signaling a
-          problem such as concatenated path down.
-      </column>
+      <p>
+	BFD operates by regularly transmitting BFD control messages at a rate
+	negotiated independently in each direction.  Each endpoint specifies
+	the rate at which it expects to receive control messages, and the rate
+	at which it is willing to transmit them.  Open vSwitch uses a detection
+	multiplier of three, meaning that an endpoint signals a connectivity
+	fault if three consecutive BFD control messages fail to arrive.  In the
+	case of a unidirectional connectivity issue, the system not receiving
+	BFD control messages signals the problem to its peer in the messages it
+	transmits.
+      </p>
 
-      <column name="bfd_status" key="diagnostic">
-          A short message indicating what the BFD session thinks is wrong in
-          case of a problem.
-      </column>
+      <p>
+	The Open vSwitch implementation of BFD aims to comply faithfully
+	with RFC 5880 requirements.  Open vSwitch does not implement the
+	optional Authentication or ``Echo Mode'' features.
+      </p>
 
-      <column name="bfd_status" key="remote_state"
-          type='{"type": "string",
-          "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
-          State of the remote endpoint's BFD session.
-      </column>
+      <group title="BFD Configuration">
+	<p>
+	  A controller sets up key-value pairs in the <ref column="bfd"/>
+	  column to enable and configure BFD.
+	</p>
+
+	<column name="bfd" key="enable" type='{"type": "boolean"}'>
+          True to enable BFD on this <ref table="Interface"/>.
+	</column>
+
+	<column name="bfd" key="min_rx"
+		type='{"type": "integer", "minInteger": 1}'>
+          The shortest interval, in milliseconds, at which this BFD session
+          offers to receive BFD control messages.  The remote endpoint may
+          choose to send messages at a slower rate.  Defaults to
+          <code>1000</code>.
+	</column>
+
+	<column name="bfd" key="min_tx"
+		type='{"type": "integer", "minInteger": 1}'>
+          The shortest interval, in milliseconds, at which this BFD session is
+          willing to transmit BFD control messages.  Messages will actually be
+          transmitted at a slower rate if the remote endpoint is not willing to
+          receive as quickly as specified.  Defaults to <code>100</code>.
+	</column>
+
+	<column name="bfd" key="decay_min_rx" type='{"type": "integer"}'>
+	  An alternate receive interval, in milliseconds, that must be greater
+	  than or equal to <ref column="bfd" key="min_rx"/>.  The
+	  implementation switches from <ref column="bfd" key="min_rx"/> to <ref
+	  column="bfd" key="decay_min_rx"/> when there is no obvious incoming
+	  data traffic at the interface, to reduce the CPU and bandwidth cost
+	  of monitoring an idle interface.  This feature may be disabled by
+	  setting a value of 0.  This feature is reset whenever <ref
+	  column="bfd" key="decay_min_rx"/> or <ref column="bfd" key="min_rx"/>
+	  changes.
+	</column>
+
+	<column name="bfd" key="forwarding_if_rx" type='{"type": "boolean"}'>
+          When <code>true</code>, traffic received on the
+          <ref table="Interface"/> is used to indicate the capability of packet
+          I/O.  BFD control packets are still transmitted and received.  At
+          least one BFD control packet must be received every 100 * <ref
+          column="bfd" key="min_rx"/> amount of time.  Otherwise, even if
+          traffic are received, the <ref column="bfd" key="forwarding"/>
+          will be <code>false</code>.
+	</column>
+
+	<column name="bfd" key="cpath_down" type='{"type": "boolean"}'>
+	  Set to true to notify the remote endpoint that traffic should not be
+	  forwarded to this system for some reason other than a connectivty
+	  failure on the interface being monitored.  The typical underlying
+	  reason is ``concatenated path down,'' that is, that connectivity
+	  beyond the local system is down.  Defaults to false.
+	</column>
+
+	<column name="bfd" key="check_tnl_key" type='{"type": "boolean"}'>
+          Set to true to make BFD accept only control messages with a tunnel
+          key of zero.  By default, BFD accepts control messages with any
+          tunnel key.
+	</column>
+
+	<column name="bfd" key="bfd_dst_mac">
+	  Set to an Ethernet address in the form
+	  <var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>:<var>xx</var>
+	  to set the MAC used as destination for transmitted BFD packets and
+	  expected as destination for received BFD packets.  The default is
+	  <code>00:23:20:00:00:01</code>.
+	</column>
+
+	<column name="bfd" key="bfd_src_ip">
+          Set to an IPv4 address to set the IP address used as source for
+          transmitted BFD packets.  The default is <code>169.254.1.0</code>.
+	</column>
+
+	<column name="bfd" key="bfd_dst_ip">
+          Set to an IPv4 address to set the IP address used as destination
+          for transmitted BFD packets.  The default is <code>169.254.1.1</code>.
+	</column>
+      </group>
 
-      <column name="bfd_status" key="remote_diagnostic">
-          A short message indicating what the remote endpoint's BFD session
-          thinks is wrong in case of a problem.
-      </column>
+      <group title="BFD Status">
+	<p>
+	  The switch sets key-value pairs in the <ref column="bfd_status"/>
+	  column to report the status of BFD on this interface.  When BFD is
+	  not enabled, with <ref column="bfd" key="enable"/>, the switch clears
+	  all key-value pairs from <ref column="bfd_status"/>.
+	</p>
+
+	<column name="bfd_status" key="state"
+		type='{"type": "string",
+		      "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
+	  Reports the state of the BFD session.  The BFD session is fully
+	  healthy and negotiated if <code>UP</code>.
+	</column>
+
+	<column name="bfd_status" key="forwarding" type='{"type": "boolean"}'>
+	  Reports whether the BFD session believes this <ref
+	  table="Interface"/> may be used to forward traffic.  Typically this
+	  means the local session is signaling <code>UP</code>, and the remote
+	  system isn't signaling a problem such as concatenated path down.
+	</column>
+
+	<column name="bfd_status" key="diagnostic">
+	  In case of a problem, set to a short message that reports what the
+	  local BFD session thinks is wrong.
+	</column>
+
+	<column name="bfd_status" key="remote_state"
+		type='{"type": "string",
+		      "enum": ["set", ["admin_down", "down", "init", "up"]]}'>
+	  Reports the state of the remote endpoint's BFD session.
+	</column>
+
+	<column name="bfd_status" key="remote_diagnostic">
+	  In case of a problem, set to a short message that reports what the
+	  remote endpoint's BFD session thinks is wrong.
+	</column>
+
+        <column name="bfd_status" key="flap_count"
+          type='{"type": "integer", "minInteger": 0}'>
+          Counts the number of <ref column="bfd_status" key="forwarding" />
+          flaps since start.  A flap is considered as a change of the
+          <ref column="bfd_status" key="forwarding" /> value.
+        </column>
+      </group>
     </group>
 
     <group title="Connectivity Fault Management">
@@ -1962,11 +2083,23 @@
       </p>
 
       <column name="cfm_mpid">
-        A Maintenance Point ID (MPID) uniquely identifies each endpoint within
-        a Maintenance Association.  The MPID is used to identify this endpoint
-        to other Maintenance Points in the MA.  Each end of a link being
-        monitored should have a different MPID.  Must be configured to enable
-        CFM on this <ref table="Interface"/>.
+        <p>
+          A Maintenance Point ID (MPID) uniquely identifies each endpoint
+          within a Maintenance Association.  The MPID is used to identify this
+          endpoint to other Maintenance Points in the MA.  Each end of a link
+          being monitored should have a different MPID.  Must be configured to
+          enable CFM on this <ref table="Interface"/>.
+        </p>
+        <p>
+          According to the 802.1ag specification, MPIDs can only range between
+          [1, 8191].  However, extended mode (see <ref column="other_config"
+          key="cfm_extended"/>) supports eight byte MPIDs.
+        </p>
+      </column>
+
+      <column name="cfm_flap_count">
+        Counts the number of cfm fault flapps since boot.  A flap is
+        considered to be a change of the <ref column="cfm_fault"/> value.
       </column>
 
       <column name="cfm_fault">
@@ -2091,8 +2224,8 @@
         with compliant implementations which may be running concurrently on the
         network. Furthermore, extended mode increases the accuracy of the
         <code>cfm_interval</code> configuration parameter by breaking wire
-        compatibility with 802.1ag compliant implementations.  Defaults to
-        <code>false</code>.
+        compatibility with 802.1ag compliant implementations.  And extended
+        mode allows eight byte MPIDs.  Defaults to <code>false</code>.
       </column>
 
       <column name="other_config" key="cfm_demand" type='{"type": "boolean"}'>
@@ -2101,9 +2234,10 @@
           <ref column="other_config" key="cfm_extended"/> is true, the CFM
           module operates in demand mode.  When in demand mode, traffic
           received on the <ref table="Interface"/> is used to indicate
-          liveness.  CCMs are still transmitted and received, but if the
-          <ref table="Interface"/> is receiving traffic, their absence does not
-          cause a connectivity fault.
+          liveness.  CCMs are still transmitted and received.  At least one
+          CCM must be received every 100 * <ref column="other_config"
+          key="cfm_interval"/> amount of time.  Otherwise, even if traffic
+          are received, the CFM module will raise the connectivity fault.
         </p>
 
         <p>
@@ -2111,8 +2245,9 @@
           <ul>
             <li>
               To ensure that ovs-vswitchd has enough time to pull statistics
-              from the datapath, the minimum
-              <ref column="other_config" key="cfm_interval"/> is 500ms.
+              from the datapath, the fault detection interval is set to
+              3.5 * MAX(<ref column="other_config" key="cfm_interval"/>, 500)
+              ms.
             </li>
 
             <li>
@@ -2435,6 +2570,75 @@
         column has no effect.
       </p>
     </column>
+
+    <column name="prefixes">
+      <p>
+        This string set specifies which fields should be used for
+        address prefix tracking.  Prefix tracking allows the
+        classifier to skip rules with longer than necessary prefixes,
+        resulting in better wildcarding for datapath flows.
+      </p>
+      <p>
+        Prefix tracking may be beneficial when a flow table contains
+        matches on IP address fields with different prefix lengths.
+        For example, when a flow table contains IP address matches on
+        both full addresses and proper prefixes, the full address
+        matches will typically cause the datapath flow to un-wildcard
+        the whole address field (depending on flow entry priorities).
+        In this case each packet with a different address gets handed
+        to the userspace for flow processing and generates its own
+        datapath flow.  With prefix tracking enabled for the address
+        field in question packets with addresses matching shorter
+        prefixes would generate datapath flows where the irrelevant
+        address bits are wildcarded, allowing the same datapath flow
+        to handle all the packets within the prefix in question.  In
+        this case many userspace upcalls can be avoided and the
+        overall performance can be better.
+      </p>
+      <p>
+        This is a performance optimization only, so packets will
+        receive the same treatment with or without prefix tracking.
+      </p>
+      <p>
+        The supported fields are: <code>tun_id</code>,
+        <code>tun_src</code>, <code>tun_dst</code>,
+        <code>nw_src</code>, <code>nw_dst</code> (or aliases
+        <code>ip_src</code> and <code>ip_dst</code>),
+        <code>ipv6_src</code>, and <code>ipv6_dst</code>.  (Using this
+        feature for <code>tun_id</code> would only make sense if the
+        tunnel IDs have prefix structure similar to IP addresses.)
+      </p>
+      <p>
+        For example, <code>prefixes=ip_dst,ip_src</code> instructs the
+        flow classifier to track the IP destination and source
+        addresses used by the rules in this specific flow table.  To
+        set the prefix fields, the flow table record needs to exist:
+      </p>
+      <dl>
+        <dt><code>ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create Flow_Table name=table0</code></dt>
+        <dd>
+          Creates a flow table record for the OpenFlow table number 0.
+        </dd>
+
+        <dt><code>ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src</code></dt>
+        <dd>
+          Enables prefix tracking for IP source and destination
+          address fields.
+        </dd>
+      </dl>
+
+      <p>
+        There is a maximum number of fields that can be enabled for any
+        one flow table.  Currently this limit is 3.
+      </p>
+    </column>
+
+    <group title="Common Columns">
+      The overall purpose of these columns is described under <code>Common
+      Columns</code> at the beginning of this document.
+
+      <column name="external_ids"/>
+    </group>
   </table>
 
   <table name="QoS" title="Quality of Service configuration">
@@ -2784,18 +2988,33 @@
         <dl>
           <dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
           <dd>
-            <p>The specified SSL <var>port</var> (default: 6633) on the host at
-            the given <var>ip</var>, which must be expressed as an IP address
-            (not a DNS name).  The <ref table="Open_vSwitch" column="ssl"/>
-            column in the <ref table="Open_vSwitch"/> table must point to a
-            valid SSL configuration when this form is used.</p>
+            <p>The specified SSL <var>port</var> on the host at the
+            given <var>ip</var>, which must be expressed as an IP
+            address (not a DNS name).  The <ref table="Open_vSwitch"
+            column="ssl"/> column in the <ref table="Open_vSwitch"/>
+            table must point to a valid SSL configuration when this form
+            is used.</p>
+            <p>If <var>port</var> is not specified, it currently
+            defaults to 6633.  In the future, the default will change to
+            6653, which is the IANA-defined value.</p>
             <p>SSL support is an optional feature that is not always built as
             part of Open vSwitch.</p>
           </dd>
           <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
-          <dd>The specified TCP <var>port</var> (default: 6633) on the host at
-          the given <var>ip</var>, which must be expressed as an IP address
-          (not a DNS name).</dd>
+          <dd>
+            <p>
+              The specified TCP <var>port</var> on the host at the given
+              <var>ip</var>, which must be expressed as an IP address (not a
+              DNS name), where <var>ip</var> can be IPv4 or IPv6 address.  If
+              <var>ip</var> is an IPv6 address, wrap it in square brackets,
+              e.g. <code>tcp:[::1]:6632</code>.
+            </p>
+            <p>
+              If <var>port</var> is not specified, it currently defaults to
+              6633.  In the future, the default will change to 6653, which is
+              the IANA-defined value.
+            </p>
+          </dd>
         </dl>
         <p>
           The following connection methods are currently supported for service
@@ -2805,25 +3024,47 @@
           <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
           <dd>
             <p>
-              Listens for SSL connections on the specified TCP <var>port</var>
-              (default: 6633).  If <var>ip</var>, which must be expressed as an
-              IP address (not a DNS name), is specified, then connections are
-              restricted to the specified local IP address.
+              Listens for SSL connections on the specified TCP <var>port</var>.
+              If <var>ip</var>, which must be expressed as an IP address (not a
+              DNS name), is specified, then connections are restricted to the
+              specified local IP address (either IPv4 or IPv6).  If
+              <var>ip</var> is an IPv6 address, wrap it in square brackets,
+              e.g. <code>pssl:6632:[::1]</code>.
             </p>
             <p>
-              The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
-              table="Open_vSwitch"/> table must point to a valid SSL
-              configuration when this form is used.
+              If <var>port</var> is not specified, it currently defaults to
+              6633.  If <var>ip</var> is not specified then it listens only on
+              IPv4 (but not IPv6) addresses.  The
+              <ref table="Open_vSwitch" column="ssl"/>
+              column in the <ref table="Open_vSwitch"/> table must point to a
+              valid SSL configuration when this form is used.
+            </p>
+            <p>
+              If <var>port</var> is not specified, it currently defaults to
+              6633.  In the future, the default will change to 6653, which is
+              the IANA-defined value.
+            </p>
+            <p>
+              SSL support is an optional feature that is not always built as
+              part of Open vSwitch.
             </p>
-            <p>SSL support is an optional feature that is not always built as
-            part of Open vSwitch.</p>
           </dd>
           <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
           <dd>
-            Listens for connections on the specified TCP <var>port</var>
-            (default: 6633).  If <var>ip</var>, which must be expressed as an
-            IP address (not a DNS name), is specified, then connections are
-            restricted to the specified local IP address.
+            <p>
+              Listens for connections on the specified TCP <var>port</var>.  If
+              <var>ip</var>, which must be expressed as an IP address (not a
+              DNS name), is specified, then connections are restricted to the
+              specified local IP address (either IPv4 or IPv6).  If
+              <var>ip</var> is an IPv6 address, wrap it in square brackets,
+              e.g. <code>ptcp:6632:[::1]</code>. If <var>ip</var> is not
+              specified then it listens only on IPv4 addresses.
+            </p>
+            <p>
+              If <var>port</var> is not specified, it currently defaults to
+              6633.  In the future, the default will change to 6653, which is
+              the IANA-defined value.
+            </p>
           </dd>
         </dl>
         <p>When multiple controllers are configured for a single bridge, the
@@ -3095,39 +3336,60 @@
           <dt><code>ssl:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
           <dd>
             <p>
-              The specified SSL <var>port</var> (default: 6632) on the host at
-              the given <var>ip</var>, which must be expressed as an IP address
-              (not a DNS name).  The <ref table="Open_vSwitch" column="ssl"/>
-              column in the <ref table="Open_vSwitch"/> table must point to a
-              valid SSL configuration when this form is used.
+              The specified SSL <var>port</var> on the host at the given
+              <var>ip</var>, which must be expressed as an IP address
+              (not a DNS name).  The <ref table="Open_vSwitch"
+              column="ssl"/> column in the <ref table="Open_vSwitch"/>
+              table must point to a valid SSL configuration when this
+              form is used.
             </p>
             <p>
-              SSL support is an optional feature that is not always built as
-              part of Open vSwitch.
+              If <var>port</var> is not specified, it currently defaults
+              to 6632.  In the future, the default will change to 6640,
+              which is the IANA-defined value.
+            </p>
+            <p>
+              SSL support is an optional feature that is not always
+              built as part of Open vSwitch.
             </p>
           </dd>
 
           <dt><code>tcp:<var>ip</var></code>[<code>:<var>port</var></code>]</dt>
           <dd>
-            The specified TCP <var>port</var> (default: 6632) on the host at
-            the given <var>ip</var>, which must be expressed as an IP address
-            (not a DNS name).
+            <p>
+              The specified TCP <var>port</var> on the host at the given
+              <var>ip</var>, which must be expressed as an IP address (not a
+              DNS name), where <var>ip</var> can be IPv4 or IPv6 address.  If
+              <var>ip</var> is an IPv6 address, wrap it in square brackets,
+              e.g. <code>tcp:[::1]:6632</code>.
+            </p>
+            <p>
+              If <var>port</var> is not specified, it currently defaults
+              to 6632.  In the future, the default will change to 6640,
+              which is the IANA-defined value.
+            </p>
           </dd>
           <dt><code>pssl:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
           <dd>
             <p>
-              Listens for SSL connections on the specified TCP <var>port</var>
-              (default: 6632).  Specify 0 for <var>port</var> to have the
-              kernel automatically choose an available port.  If <var>ip</var>,
-              which must be expressed as an IP address (not a DNS name), is
-              specified, then connections are restricted to the specified local
-              IP address.
-            </p>
-            <p>
+              Listens for SSL connections on the specified TCP <var>port</var>.
+              Specify 0 for <var>port</var> to have the kernel automatically
+              choose an available port.  If <var>ip</var>, which must be
+              expressed as an IP address (not a DNS name), is specified, then
+              connections are restricted to the specified local IP address
+              (either IPv4 or IPv6 address).  If <var>ip</var> is an IPv6
+              address, wrap in square brackets,
+              e.g. <code>pssl:6632:[::1]</code>.  If <var>ip</var> is not
+              specified then it listens only on IPv4 (but not IPv6) addresses.
               The <ref table="Open_vSwitch" column="ssl"/> column in the <ref
               table="Open_vSwitch"/> table must point to a valid SSL
               configuration when this form is used.
             </p>
+            <p>
+              If <var>port</var> is not specified, it currently defaults
+              to 6632.  In the future, the default will change to 6640,
+              which is the IANA-defined value.
+            </p>
             <p>
               SSL support is an optional feature that is not always built as
               part of Open vSwitch.
@@ -3135,11 +3397,22 @@
           </dd>
           <dt><code>ptcp:</code>[<var>port</var>][<code>:<var>ip</var></code>]</dt>
           <dd>
-            Listens for connections on the specified TCP <var>port</var>
-            (default: 6632).  Specify 0 for <var>port</var> to have the kernel
-            automatically choose an available port.  If <var>ip</var>, which
-            must be expressed as an IP address (not a DNS name), is specified,
-            then connections are restricted to the specified local IP address.
+            <p>
+              Listens for connections on the specified TCP <var>port</var>.
+              Specify 0 for <var>port</var> to have the kernel automatically
+              choose an available port.  If <var>ip</var>, which must be
+              expressed as an IP address (not a DNS name), is specified, then
+              connections are restricted to the specified local IP address
+              (either IPv4 or IPv6 address).  If <var>ip</var> is an IPv6
+              address, wrap it in square brackets,
+              e.g. <code>ptcp:6632:[::1]</code>.  If <var>ip</var> is not
+              specified then it listens only on IPv4 addresses.
+            </p>
+            <p>
+              If <var>port</var> is not specified, it currently defaults
+              to 6632.  In the future, the default will change to 6640,
+              which is the IANA-defined value.
+            </p>
           </dd>
         </dl>
         <p>When multiple managers are configured, the <ref column="target"/>
@@ -3487,6 +3760,18 @@
       referenced from a <ref table="Flow_Sample_Collector_Set"/>.
     </column>
 
+    <column name="cache_active_timeout">
+      The maximum period in seconds for which an IPFIX flow record is
+      cached and aggregated before being sent.  If not specified,
+      defaults to 0.  If 0, caching is disabled.
+    </column>
+
+    <column name="cache_max_flows">
+      The maximum number of IPFIX flow records that can be cached at a
+      time.  If not specified, defaults to 0.  If 0, caching is
+      disabled.
+    </column>
+
     <group title="Common Columns">
       The overall purpose of these columns is described under <code>Common
       Columns</code> at the beginning of this document.