1ovs-vswitchd.conf.db(5) Open vSwitch Manual ovs-vswitchd.conf.db(5)
2
6 ovs-vswitchd.conf.db - Open_vSwitch database schema
7 A database with this schema holds the configuration for one Open
9 vSwitch daemon. The top-level configuration for the daemon is the
10 Open_vSwitch table, which must have exactly one record. Records in
11 other tables are significant only when they can be reached directly or
12 indirectly from the Open_vSwitch table. Records that are not reachable
13 from the Open_vSwitch table are automatically deleted from the data‐
14 base, except for records in a few distinguished ``root set’’ tables.
15 Common Columns
17 Most tables contain two special columns, named other_config and exter‐
18 nal_ids. These columns have the same form and purpose each place that
19 they appear, so we describe them here to save space later.
20 other_config: map of string-string pairs
22 Key-value pairs for configuring rarely used features.
23 Supported keys, along with the forms taken by their val‐
24 ues, are documented individually for each table.
25 A few tables do not have other_config columns because no
27 key-value pairs have yet been defined for them.
28 external_ids: map of string-string pairs
30 Key-value pairs for use by external frameworks that inte‐
31 grate with Open vSwitch, rather than by Open vSwitch
32 itself. System integrators should either use the Open
33 vSwitch development mailing list to coordinate on common
34 key-value definitions, or choose key names that are
35 likely to be unique. In some cases, where key-value pairs
36 have been defined that are likely to be widely useful,
37 they are documented individually for each table.
38
40 The following list summarizes the purpose of each of the tables in the
41 Open_vSwitch database. Each table is described in more detail on a
42 later page.
43 Table Purpose
45 Open_vSwitch
46 Open vSwitch configuration.
47 Bridge Bridge configuration.
48 Port Port configuration.
49 Interface One physical network device in a Port.
50 Flow_Table
51 OpenFlow table configuration
52 QoS Quality of Service configuration
53 Queue QoS output queue.
54 Mirror Port mirroring.
55 Controller
56 OpenFlow controller configuration.
57 Manager OVSDB management connection.
58 NetFlow NetFlow configuration.
59 SSL SSL configuration.
60 sFlow sFlow configuration.
61 IPFIX IPFIX configuration.
62 Flow_Sample_Collector_Set
63 Flow_Sample_Collector_Set configuration.
64 AutoAttach
65 AutoAttach configuration.
66
68 Configuration for an Open vSwitch daemon. There must be exactly one
69 record in the Open_vSwitch table.
70 Summary:
72 Configuration:
73 bridges set of Bridges
74 ssl optional SSL
75 external_ids : system-id optional string
76 external_ids : xs-system-uuid
77 optional string
78 external_ids : hostname optional string
79 external_ids : rundir optional string
80 other_config : stats-update-interval
81 optional string, containing an integer,
82 at least 5,000
83 other_config : flow-restore-wait
84 optional string, either true or false
85 other_config : flow-limit optional string, containing an integer,
86 at least 0
87 other_config : max-idle optional string, containing an integer,
88 at least 500
89 other_config : hw-offload optional string, either true or false
90 other_config : tc-policy optional string, one of none, skip_hw, or
91 skip_sw
92 other_config : dpdk-init optional string, one of false, true, or
93 try
94 other_config : dpdk-lcore-mask
95 optional string, containing an integer,
96 at least 1
97 other_config : pmd-cpu-mask
98 optional string
99 other_config : dpdk-alloc-mem
100 optional string, containing an integer,
101 at least 0
102 other_config : dpdk-socket-mem
103 optional string
104 other_config : dpdk-hugepage-dir
105 optional string
106 other_config : dpdk-extra optional string
107 other_config : vhost-sock-dir
108 optional string
109 other_config : vhost-iommu-support
110 optional string, either true or false
111 other_config : per-port-memory
112 optional string, either true or false
113 other_config : tx-flush-interval
114 optional string, containing an integer,
115 in range 0 to 1,000,000
116 other_config : pmd-perf-metrics
117 optional string, either true or false
118 other_config : smc-enable optional string, either true or false
119 other_config : n-handler-threads
120 optional string, containing an integer,
121 at least 1
122 other_config : n-revalidator-threads
123 optional string, containing an integer,
124 at least 1
125 other_config : emc-insert-inv-prob
126 optional string, containing an integer,
127 in range 0 to 4,294,967,295
128 other_config : vlan-limit optional string, containing an integer,
129 at least 0
130 other_config : bundle-idle-timeout
131 optional string, containing an integer,
132 at least 1
133 Status:
134 next_cfg integer
135 cur_cfg integer
136 dpdk_initialized boolean
137 Statistics:
138 other_config : enable-statistics
139 optional string, either true or false
140 statistics : cpu optional string, containing an integer,
141 at least 1
142 statistics : load_average
143 optional string
144 statistics : memory optional string
145 statistics : process_NAME
146 optional string
147 statistics : file_systems
148 optional string
149 Version Reporting:
150 ovs_version optional string
151 db_version optional string
152 system_type optional string
153 system_version optional string
154 dpdk_version optional string
155 Capabilities:
156 datapath_types set of strings
157 iface_types set of strings
158 Database Configuration:
159 manager_options set of Managers
160 Common Columns:
161 other_config map of string-string pairs
162 external_ids map of string-string pairs
163 Details:
165 Configuration:
166 bridges: set of Bridges
168 Set of bridges managed by the daemon.
169 ssl: optional SSL
171 SSL used globally by the daemon.
172 external_ids : system-id: optional string
174 A unique identifier for the Open vSwitch’s physical host. The
175 form of the identifier depends on the type of the host. On a
176 Citrix XenServer, this will likely be the same as exter‐
177 nal_ids:xs-system-uuid.
178 external_ids : xs-system-uuid: optional string
180 The Citrix XenServer universally unique identifier for the phys‐
181 ical host as displayed by xe host-list.
182 external_ids : hostname: optional string
184 The hostname for the host running Open vSwitch. This is a fully
185 qualified domain name since version 2.6.2.
186 external_ids : rundir: optional string
188 In Open vSwitch 2.8 and later, the run directory of the running
189 Open vSwitch daemon. This directory is used for runtime state
190 such as control and management sockets. The value of other_con‐
191 fig:vhost-sock-dir is relative to this directory.
192 other_config : stats-update-interval: optional string, containing an
194 integer, at least 5,000
195 Interval for updating statistics to the database, in millisec‐
196 onds. This option will affect the update of the statistics col‐
197 umn in the following tables: Port, Interface , Mirror.
198 Default value is 5000 ms.
200 Getting statistics more frequently can be achieved via OpenFlow.
202 other_config : flow-restore-wait: optional string, either true or false
204 When ovs-vswitchd starts up, it has an empty flow table and
205 therefore it handles all arriving packets in its default fashion
206 according to its configuration, by dropping them or sending them
207 to an OpenFlow controller or switching them as a standalone
208 switch. This behavior is ordinarily desirable. However, if
209 ovs-vswitchd is restarting as part of a ``hot-upgrade,’’ then
210 this leads to a relatively long period during which packets are
211 mishandled.
212 This option allows for improvement. When ovs-vswitchd starts
214 with this value set as true, it will neither flush or expire
215 previously set datapath flows nor will it send and receive any
216 packets to or from the datapath. When this value is later set to
217 false, ovs-vswitchd will start receiving packets from the data‐
218 path and re-setup the flows.
219 Thus, with this option, the procedure for a hot-upgrade of
221 ovs-vswitchd becomes roughly the following:
222 1.
224 Stop ovs-vswitchd.
225 2.
227 Set other_config:flow-restore-wait to true.
228 3.
230 Start ovs-vswitchd.
231 4.
233 Use ovs-ofctl (or some other program, such as an OpenFlow con‐
234 troller) to restore the OpenFlow flow table to the desired
235 state.
236 5.
238 Set other_config:flow-restore-wait to false (or remove it
239 entirely from the database).
240 The ovs-ctl’s ``restart’’ and ``force-reload-kmod’’ functions
242 use the above config option during hot upgrades.
243 other_config : flow-limit: optional string, containing an integer, at
245 least 0
246 The maximum number of flows allowed in the datapath flow table.
247 Internally OVS will choose a flow limit which will likely be
248 lower than this number, based on real time network conditions.
249 Tweaking this value is discouraged unless you know exactly what
250 you’re doing.
251 The default is 200000.
253 other_config : max-idle: optional string, containing an integer, at
255 least 500
256 The maximum time (in ms) that idle flows will remain cached in
257 the datapath. Internally OVS will check the validity and activ‐
258 ity for datapath flows regularly and may expire flows quicker
259 than this number, based on real time network conditions. Tweak‐
260 ing this value is discouraged unless you know exactly what
261 you’re doing.
262 The default is 10000.
264 other_config : hw-offload: optional string, either true or false
266 Set this value to true to enable netdev flow offload.
267 The default value is false. Changing this value requires
269 restarting the daemon
270 Currently Open vSwitch supports hardware offloading on Linux
272 systems. On other systems, this value is ignored. This function‐
273 ality is considered ’experimental’. Depending on which OpenFlow
274 matches and actions are configured, which kernel version is
275 used, and what hardware is available, Open vSwitch may not be
276 able to offload functionality to hardware.
277 other_config : tc-policy: optional string, one of none, skip_hw, or
279 skip_sw
280 Specified the policy used with HW offloading. Options:
281 none Add software rule and offload rule to HW.
283 skip_sw
285 Offload rule to HW only.
286 skip_hw
288 Add software rule without offloading rule to HW.
289 This is only relevant if other_config:hw-offload is enabled.
291 The default value is none.
293 other_config : dpdk-init: optional string, one of false, true, or try
295 Set this value to true or try to enable runtime support for DPDK
296 ports. The vswitch must have compile-time support for DPDK as
297 well.
298 A value of true will cause the ovs-vswitchd process to abort if
300 DPDK cannot be initialized. A value of try will allow the ovs-
301 vswitchd process to continue running even if DPDK cannot be ini‐
302 tialized.
303 The default value is false. Changing this value requires
305 restarting the daemon
306 If this value is false at startup, any dpdk ports which are con‐
308 figured in the bridge will fail due to memory errors.
309 other_config : dpdk-lcore-mask: optional string, containing an integer,
311 at least 1
312 Specifies the CPU cores where dpdk lcore threads should be
313 spawned. The DPDK lcore threads are used for DPDK library tasks,
314 such as library internal message processing, logging, etc. Value
315 should be in the form of a hex string (so ’0x123’) similar to
316 the ’taskset’ mask input.
317 The lowest order bit corresponds to the first CPU core. A set
319 bit means the corresponding core is available and an lcore
320 thread will be created and pinned to it. If the input does not
321 cover all cores, those uncovered cores are considered not set.
322 For performance reasons, it is best to set this to a single core
324 on the system, rather than allow lcore threads to float.
325 If not specified, the value will be determined by choosing the
327 lowest CPU core from initial cpu affinity list. Otherwise, the
328 value will be passed directly to the DPDK library.
329 other_config : pmd-cpu-mask: optional string
331 Specifies CPU mask for setting the cpu affinity of PMD (Poll
332 Mode Driver) threads. Value should be in the form of hex string,
333 similar to the dpdk EAL ’-c COREMASK’ option input or the
334 ’taskset’ mask input.
335 The lowest order bit corresponds to the first CPU core. A set
337 bit means the corresponding core is available and a pmd thread
338 will be created and pinned to it. If the input does not cover
339 all cores, those uncovered cores are considered not set.
340 If not specified, one pmd thread will be created for each numa
342 node and pinned to any available core on the numa node by
343 default.
344 other_config : dpdk-alloc-mem: optional string, containing an integer,
346 at least 0
347 Specifies the amount of memory to preallocate from the hugepage
348 pool, regardless of socket. It is recommended that dpdk-socket-
349 mem is used instead.
350 other_config : dpdk-socket-mem: optional string
352 Specifies the amount of memory to preallocate from the hugepage
353 pool, on a per-socket basis.
354 The specifier is a comma-separated string, in ascending order of
356 CPU socket. E.g. On a four socket system 1024,0,2048 would set
357 socket 0 to preallocate 1024MB, socket 1 to preallocate 0MB,
358 socket 2 to preallocate 2048MB and socket 3 (no value given) to
359 preallocate 0MB.
360 If dpdk-socket-mem and dpdk-alloc-mem are not specified, dpdk-
362 socket-mem will be used and the default value is 1024 for each
363 numa node. If dpdk-socket-mem and dpdk-alloc-mem are specified
364 at same time, dpdk-socket-mem will be used as default. Changing
365 this value requires restarting the daemon.
366 other_config : dpdk-hugepage-dir: optional string
368 Specifies the path to the hugetlbfs mount point.
369 If not specified, this will be guessed by the DPDK library
371 (default is /dev/hugepages). Changing this value requires
372 restarting the daemon.
373 other_config : dpdk-extra: optional string
375 Specifies additional eal command line arguments for DPDK.
376 The default is empty. Changing this value requires restarting
378 the daemon
379 other_config : vhost-sock-dir: optional string
381 Specifies a relative path from external_ids:rundir to the vhost-
382 user unix domain socket files. If this value is unset, the sock‐
383 ets are put directly in external_ids:rundir.
384 Changing this value requires restarting the daemon.
386 other_config : vhost-iommu-support: optional string, either true or
388 false
389 vHost IOMMU is a security feature, which restricts the vhost
390 memory that a virtio device may access. vHost IOMMU support is
391 disabled by default, due to a bug in QEMU implementations of the
392 vhost REPLY_ACK protocol, (on which vHost IOMMU relies) prior to
393 v2.9.1. Setting this value to true enables vHost IOMMU support
394 for vHost User Client ports in OvS-DPDK, starting from DPDK
395 v17.11.
396 Changing this value requires restarting the daemon.
398 other_config : per-port-memory: optional string, either true or false
400 By default OVS DPDK uses a shared memory model wherein devices
401 that have the same MTU and socket values can share the same mem‐
402 pool. Setting this value to true changes this behaviour. Per
403 port memory allow DPDK devices to use private memory per device.
404 This can provide greater transparency as regards memory usage
405 but potentially at the cost of greater memory requirements.
406 Changing this value requires restarting the daemon if dpdk-init
408 has already been set to true.
409 other_config : tx-flush-interval: optional string, containing an inte‐
411 ger, in range 0 to 1,000,000
412 Specifies the time in microseconds that a packet can wait in
413 output batch for sending i.e. amount of time that packet can
414 spend in an intermediate output queue before sending to netdev.
415 This option can be used to configure balance between throughput
416 and latency. Lower values decreases latency while higher values
417 may be useful to achieve higher performance.
418 Defaults to 0 i.e. instant packet sending (latency optimized).
420 other_config : pmd-perf-metrics: optional string, either true or false
422 Enables recording of detailed PMD performance metrics for analy‐
423 sis and trouble-shooting. This can have a performance impact in
424 the order of 1%.
425 Defaults to false but can be changed at any time.
427 other_config : smc-enable: optional string, either true or false
429 Signature match cache or SMC is a cache between EMC and megaflow
430 cache. It does not store the full key of the flow, so it is more
431 memory efficient comparing to EMC cache. SMC is especially use‐
432 ful when flow count is larger than EMC capacity.
433 Defaults to false but can be changed at any time.
435 other_config : n-handler-threads: optional string, containing an inte‐
437 ger, at least 1
438 Specifies the number of threads for software datapaths to use
439 for handling new flows. The default the number of online CPU
440 cores minus the number of revalidators.
441 This configuration is per datapath. If you have more than one
443 software datapath (e.g. some system bridges and some netdev
444 bridges), then the total number of threads is n-handler-threads
445 times the number of software datapaths.
446 other_config : n-revalidator-threads: optional string, containing an
448 integer, at least 1
449 Specifies the number of threads for software datapaths to use
450 for revalidating flows in the datapath. Typically, there is a
451 direct correlation between the number of revalidator threads,
452 and the number of flows allowed in the datapath. The default is
453 the number of cpu cores divided by four plus one. If n-han‐
454 dler-threads is set, the default changes to the number of cpu
455 cores minus the number of handler threads.
456 This configuration is per datapath. If you have more than one
458 software datapath (e.g. some system bridges and some netdev
459 bridges), then the total number of threads is n-handler-threads
460 times the number of software datapaths.
461 other_config : emc-insert-inv-prob: optional string, containing an
463 integer, in range 0 to 4,294,967,295
464 Specifies the inverse probability (1/emc-insert-inv-prob) of a
465 flow being inserted into the Exact Match Cache (EMC). On average
466 one in every emc-insert-inv-prob packets that generate a unique
467 flow will cause an insertion into the EMC. A value of 1 will
468 result in an insertion for every flow (1/1 = 100%) whereas a
469 value of zero will result in no insertions and essentially dis‐
470 able the EMC.
471 Defaults to 100 ie. there is (1/100 =) 1% chance of EMC inser‐
473 tion.
474 other_config : vlan-limit: optional string, containing an integer, at
476 least 0
477 Limits the number of VLAN headers that can be matched to the
478 specified number. Further VLAN headers will be treated as pay‐
479 load, e.g. a packet with more 802.1q headers will match Ethernet
480 type 0x8100.
481 Value 0 means unlimited. The actual number of supported VLAN
483 headers is the smallest of vlan-limit, the number of VLANs sup‐
484 ported by Open vSwitch userspace (currently 2), and the number
485 supported by the datapath.
486 If this value is absent, the default is currently 1. This main‐
488 tains backward compatibility with controllers that were designed
489 for use with Open vSwitch versions earlier than 2.8, which only
490 supported one VLAN.
491 other_config : bundle-idle-timeout: optional string, containing an
493 integer, at least 1
494 The maximum time (in seconds) that idle bundles will wait to be
495 expired since it was either opened, modified or closed.
496 OpenFlow specification mandates the timeout to be at least one
498 second. The default is 10 seconds.
499 Status:
501 next_cfg: integer
503 Sequence number for client to increment. When a client modifies
504 any part of the database configuration and wishes to wait for
505 Open vSwitch to finish applying the changes, it may increment
506 this sequence number.
507 cur_cfg: integer
509 Sequence number that Open vSwitch sets to the current value of
510 next_cfg after it finishes applying a set of configuration
511 changes.
512 dpdk_initialized: boolean
514 True if other_config:dpdk-init is set to true and the DPDK
515 library is successfully initialized.
516 Statistics:
518 The statistics column contains key-value pairs that report statistics
520 about a system running an Open vSwitch. These are updated periodically
521 (currently, every 5 seconds). Key-value pairs that cannot be determined
522 or that do not apply to a platform are omitted.
523 other_config : enable-statistics: optional string, either true or false
525 Statistics are disabled by default to avoid overhead in the com‐
526 mon case when statistics gathering is not useful. Set this value
527 to true to enable populating the statistics column or to false
528 to explicitly disable it.
529 statistics : cpu: optional string, containing an integer, at least 1
531 Number of CPU processors, threads, or cores currently online and
532 available to the operating system on which Open vSwitch is run‐
533 ning, as an integer. This may be less than the number installed,
534 if some are not online or if they are not available to the oper‐
535 ating system.
536 Open vSwitch userspace processes are not multithreaded, but the
538 Linux kernel-based datapath is.
539 statistics : load_average: optional string
541 A comma-separated list of three floating-point numbers, repre‐
542 senting the system load average over the last 1, 5, and 15 min‐
543 utes, respectively.
544 statistics : memory: optional string
546 A comma-separated list of integers, each of which represents a
547 quantity of memory in kilobytes that describes the operating
548 system on which Open vSwitch is running. In respective order,
549 these values are:
550 1.
552 Total amount of RAM allocated to the OS.
553 2.
555 RAM allocated to the OS that is in use.
556 3.
558 RAM that can be flushed out to disk or otherwise discarded if
559 that space is needed for another purpose. This number is nec‐
560 essarily less than or equal to the previous value.
561 4.
563 Total disk space allocated for swap.
564 5.
566 Swap space currently in use.
567 On Linux, all five values can be determined and are included. On
569 other operating systems, only the first two values can be deter‐
570 mined, so the list will only have two values.
571 statistics : process_NAME: optional string
573 One such key-value pair, with NAME replaced by a process name,
574 will exist for each running Open vSwitch daemon process, with
575 name replaced by the daemon’s name (e.g. process_ovs-vswitchd).
576 The value is a comma-separated list of integers. The integers
577 represent the following, with memory measured in kilobytes and
578 durations in milliseconds:
579 1.
581 The process’s virtual memory size.
582 2.
584 The process’s resident set size.
585 3.
587 The amount of user and system CPU time consumed by the
588 process.
589 4.
591 The number of times that the process has crashed and been
592 automatically restarted by the monitor.
593 5.
595 The duration since the process was started.
596 6.
598 The duration for which the process has been running.
599 The interpretation of some of these values depends on whether
601 the process was started with the --monitor. If it was not, then
602 the crash count will always be 0 and the two durations will
603 always be the same. If --monitor was given, then the crash count
604 may be positive; if it is, the latter duration is the amount of
605 time since the most recent crash and restart.
606 There will be one key-value pair for each file in Open vSwitch’s
608 ``run directory’’ (usually /var/run/openvswitch) whose name ends
609 in .pid, whose contents are a process ID, and which is locked by
610 a running process. The name is taken from the pidfile’s name.
611 Currently Open vSwitch is only able to obtain all of the above
613 detail on Linux systems. On other systems, the same key-value
614 pairs will be present but the values will always be the empty
615 string.
616 statistics : file_systems: optional string
618 A space-separated list of information on local, writable file
619 systems. Each item in the list describes one file system and
620 consists in turn of a comma-separated list of the following:
621 1.
623 Mount point, e.g. / or /var/log. Any spaces or commas in the
624 mount point are replaced by underscores.
625 2.
627 Total size, in kilobytes, as an integer.
628 3.
630 Amount of storage in use, in kilobytes, as an integer.
631 This key-value pair is omitted if there are no local, writable
633 file systems or if Open vSwitch cannot obtain the needed infor‐
634 mation.
635 Version Reporting:
637 These columns report the types and versions of the hardware and soft‐
639 ware running Open vSwitch. We recommend in general that software should
640 test whether specific features are supported instead of relying on ver‐
641 sion number checks. These values are primarily intended for reporting
642 to human administrators.
643 ovs_version: optional string
645 The Open vSwitch version number, e.g. 1.1.0.
646 db_version: optional string
648 The database schema version number, e.g. 1.2.3. See ovsdb-
649 tool(1) for an explanation of the numbering scheme.
650 The schema version is part of the database schema, so it can
652 also be retrieved by fetching the schema using the Open vSwitch
653 database protocol.
654 system_type: optional string
656 An identifier for the type of system on top of which Open
657 vSwitch runs, e.g. XenServer or KVM.
658 System integrators are responsible for choosing and setting an
660 appropriate value for this column.
661 system_version: optional string
663 The version of the system identified by system_type, e.g.
664 5.6.100-39265p on XenServer 5.6.100 build 39265.
665 System integrators are responsible for choosing and setting an
667 appropriate value for this column.
668 dpdk_version: optional string
670 The version of the linked DPDK library.
671 Capabilities:
673 These columns report capabilities of the Open vSwitch instance.
675 datapath_types: set of strings
677 This column reports the different dpifs registered with the sys‐
678 tem. These are the values that this instance supports in the
679 datapath_type column of the Bridge table.
680 iface_types: set of strings
682 This column reports the different netdevs registered with the
683 system. These are the values that this instance supports in the
684 type column of the Interface table.
685 Database Configuration:
687 These columns primarily configure the Open vSwitch database
689 (ovsdb-server), not the Open vSwitch switch (ovs-vswitchd). The OVSDB
690 database also uses the ssl settings.
691 The Open vSwitch switch does read the database configuration to deter‐
693 mine remote IP addresses to which in-band control should apply.
694 manager_options: set of Managers
696 Database clients to which the Open vSwitch database server
697 should connect or to which it should listen, along with options
698 for how these connections should be configured. See the Manager
699 table for more information.
700 For this column to serve its purpose, ovsdb-server must be con‐
702 figured to honor it. The easiest way to do this is to invoke
703 ovsdb-server with the option
704 --remote=db:Open_vSwitch,Open_vSwitch,manager_options The
705 startup scripts that accompany Open vSwitch do this by default.
706 Common Columns:
708 The overall purpose of these columns is described under Common Columns
710 at the beginning of this document.
711 other_config: map of string-string pairs
713 external_ids: map of string-string pairs
715
717 Configuration for a bridge within an Open_vSwitch.
718 A Bridge record represents an Ethernet switch with one or more
720 ``ports,’’ which are the Port records pointed to by the Bridge’s ports
721 column.
722 Summary:
724 Core Features:
725 name immutable string (must be unique within
726 table)
727 ports set of Ports
728 mirrors set of Mirrors
729 netflow optional NetFlow
730 sflow optional sFlow
731 ipfix optional IPFIX
732 flood_vlans set of up to 4,096 integers, in range 0
733 to 4,095
734 auto_attach optional AutoAttach
735 OpenFlow Configuration:
736 controller set of Controllers
737 flow_tables map of integer-Flow_Table pairs, key in
738 range 0 to 254
739 fail_mode optional string, either secure or stand‐
740 alone
741 datapath_id optional string
742 datapath_version string
743 other_config : datapath-id optional string
744 other_config : dp-desc optional string
745 other_config : disable-in-band
746 optional string, either true or false
747 other_config : in-band-queue
748 optional string, containing an integer,
749 in range 0 to 4,294,967,295
750 protocols set of strings, one of OpenFlow10, Open‐
751 Flow11, OpenFlow12, OpenFlow13, Open‐
752 Flow14, OpenFlow15, or OpenFlow16
753 Spanning Tree Configuration:
754 STP Configuration:
755 stp_enable boolean
756 other_config : stp-system-id
757 optional string
758 other_config : stp-priority
759 optional string, containing an integer,
760 in range 0 to 65,535
761 other_config : stp-hello-time
762 optional string, containing an integer,
763 in range 1 to 10
764 other_config : stp-max-age
765 optional string, containing an integer,
766 in range 6 to 40
767 other_config : stp-forward-delay
768 optional string, containing an integer,
769 in range 4 to 30
770 other_config : mcast-snooping-aging-time
771 optional string, containing an integer,
772 at least 1
773 other_config : mcast-snooping-table-size
774 optional string, containing an integer,
775 at least 1
776 other_config : mcast-snooping-disable-flood-unregistered
777 optional string, either true or false
778 STP Status:
779 status : stp_bridge_id optional string
780 status : stp_designated_root
781 optional string
782 status : stp_root_path_cost
783 optional string
784 Rapid Spanning Tree:
785 RSTP Configuration:
786 rstp_enable boolean
787 other_config : rstp-address
788 optional string
789 other_config : rstp-priority
790 optional string, containing an integer,
791 in range 0 to 61,440
792 other_config : rstp-ageing-time
793 optional string, containing an integer,
794 in range 10 to 1,000,000
795 other_config : rstp-force-protocol-version
796 optional string, containing an integer
797 other_config : rstp-max-age
798 optional string, containing an integer,
799 in range 6 to 40
800 other_config : rstp-forward-delay
801 optional string, containing an integer,
802 in range 4 to 30
803 other_config : rstp-transmit-hold-count
804 optional string, containing an integer,
805 in range 1 to 10
806 RSTP Status:
807 rstp_status : rstp_bridge_id
808 optional string
809 rstp_status : rstp_root_id
810 optional string
811 rstp_status : rstp_root_path_cost
812 optional string, containing an integer,
813 at least 0
814 rstp_status : rstp_designated_id
815 optional string
816 rstp_status : rstp_designated_port_id
817 optional string
818 rstp_status : rstp_bridge_port_id
819 optional string
820 Multicast Snooping Configuration:
821 mcast_snooping_enable boolean
822 Other Features:
823 datapath_type string
824 external_ids : bridge-id optional string
825 external_ids : xs-network-uuids
826 optional string
827 other_config : hwaddr optional string
828 other_config : forward-bpdu
829 optional string, either true or false
830 other_config : mac-aging-time
831 optional string, containing an integer,
832 at least 1
833 other_config : mac-table-size
834 optional string, containing an integer,
835 at least 1
836 Common Columns:
837 other_config map of string-string pairs
838 external_ids map of string-string pairs
839 Details:
841 Core Features:
842 name: immutable string (must be unique within table)
844 Bridge identifier. Must be unique among the names of ports,
845 interfaces, and bridges on a host.
846 The name must be alphanumeric and must not contain forward or
848 backward slashes. The name of a bridge is also the name of an
849 Interface (and a Port) within the bridge, so the restrictions on
850 the name column in the Interface table, particularly on length,
851 also apply to bridge names. Refer to the documentation for
852 Interface names for details.
853 ports: set of Ports
855 Ports included in the bridge.
856 mirrors: set of Mirrors
858 Port mirroring configuration.
859 netflow: optional NetFlow
861 NetFlow configuration.
862 sflow: optional sFlow
864 sFlow(R) configuration.
865 ipfix: optional IPFIX
867 IPFIX configuration.
868 flood_vlans: set of up to 4,096 integers, in range 0 to 4,095
870 VLAN IDs of VLANs on which MAC address learning should be dis‐
871 abled, so that packets are flooded instead of being sent to spe‐
872 cific ports that are believed to contain packets’ destination
873 MACs. This should ordinarily be used to disable MAC learning on
874 VLANs used for mirroring (RSPAN VLANs). It may also be useful
875 for debugging.
876 SLB bonding (see the bond_mode column in the Port table) is
878 incompatible with flood_vlans. Consider using another bonding
879 mode or a different type of mirror instead.
880 auto_attach: optional AutoAttach
882 Auto Attach configuration.
883 OpenFlow Configuration:
885 controller: set of Controllers
887 OpenFlow controller set. If unset, then no OpenFlow controllers
888 will be used.
889 If there are primary controllers, removing all of them clears
891 the OpenFlow flow tables, group table, and meter table. If there
892 are no primary controllers, adding one also clears these tables.
893 Other changes to the set of controllers, such as adding or
894 removing a service controller, adding another primary controller
895 to supplement an existing primary controller, or removing only
896 one of two primary controllers, have no effect on these tables.
897 flow_tables: map of integer-Flow_Table pairs, key in range 0 to 254
899 Configuration for OpenFlow tables. Each pair maps from an Open‐
900 Flow table ID to configuration for that table.
901 fail_mode: optional string, either secure or standalone
903 When a controller is configured, it is, ordinarily, responsible
904 for setting up all flows on the switch. Thus, if the connection
905 to the controller fails, no new network connections can be set
906 up. If the connection to the controller stays down long enough,
907 no packets can pass through the switch at all. This setting
908 determines the switch’s response to such a situation. It may be
909 set to one of the following:
910 standalone
912 If no message is received from the controller for three
913 times the inactivity probe interval (see inactiv‐
914 ity_probe), then Open vSwitch will take over responsibil‐
915 ity for setting up flows. In this mode, Open vSwitch
916 causes the bridge to act like an ordinary MAC-learning
917 switch. Open vSwitch will continue to retry connecting to
918 the controller in the background and, when the connection
919 succeeds, it will discontinue its standalone behavior.
920 secure Open vSwitch will not set up flows on its own when the
922 controller connection fails or when no controllers are
923 defined. The bridge will continue to retry connecting to
924 any defined controllers forever.
925 The default is standalone if the value is unset, but future ver‐
927 sions of Open vSwitch may change the default.
928 The standalone mode can create forwarding loops on a bridge that
930 has more than one uplink port unless STP is enabled. To avoid
931 loops on such a bridge, configure secure mode or enable STP (see
932 stp_enable).
933 When more than one controller is configured, fail_mode is con‐
935 sidered only when none of the configured controllers can be con‐
936 tacted.
937 Changing fail_mode when no primary controllers are configured
939 clears the OpenFlow flow tables, group table, and meter table.
940 datapath_id: optional string
942 Reports the OpenFlow datapath ID in use. Exactly 16 hex digits.
943 (Setting this column has no useful effect. Set other-con‐
944 fig:datapath-id instead.)
945 datapath_version: string
947 Reports the version number of the Open vSwitch datapath in use.
948 This allows management software to detect and report discrepan‐
949 cies between Open vSwitch userspace and datapath versions. (The
950 ovs_version column in the Open_vSwitch reports the Open vSwitch
951 userspace version.) The version reported depends on the datapath
952 in use:
953 · When the kernel module included in the Open vSwitch
955 source tree is used, this column reports the Open vSwitch
956 version from which the module was taken.
957 · When the kernel module that is part of the upstream Linux
959 kernel is used, this column reports <unknown>.
960 · When the datapath is built into the ovs-vswitchd binary,
962 this column reports <built-in>. A built-in datapath is by
963 definition the same version as the rest of the Open
964 VSwitch userspace.
965 · Other datapaths (such as the Hyper-V kernel datapath)
967 currently report <unknown>.
968 A version discrepancy between ovs-vswitchd and the datapath in
970 use is not normally cause for alarm. The Open vSwitch kernel
971 datapaths for Linux and Hyper-V, in particular, are designed for
972 maximum inter-version compatibility: any userspace version works
973 with with any kernel version. Some reasons do exist to insist on
974 particular user/kernel pairings. First, newer kernel versions
975 add new features, that can only be used by new-enough userspace,
976 e.g. VXLAN tunneling requires certain minimal userspace and ker‐
977 nel versions. Second, as an extension to the first reason, some
978 newer kernel versions add new features for enhancing performance
979 that only new-enough userspace versions can take advantage of.
980 other_config : datapath-id: optional string
982 Overrides the default OpenFlow datapath ID, setting it to the
983 specified value specified in hex. The value must either have a
984 0x prefix or be exactly 16 hex digits long. May not be all-zero.
985 other_config : dp-desc: optional string
987 Human readable description of datapath. It is a maximum 256
988 byte-long free-form string to describe the datapath for debug‐
989 ging purposes, e.g. switch3 in room 3120.
990 other_config : disable-in-band: optional string, either true or false
992 If set to true, disable in-band control on the bridge regardless
993 of controller and manager settings.
994 other_config : in-band-queue: optional string, containing an integer,
996 in range 0 to 4,294,967,295
997 A queue ID as a nonnegative integer. This sets the OpenFlow
998 queue ID that will be used by flows set up by in-band control on
999 this bridge. If unset, or if the port used by an in-band control
1000 flow does not have QoS configured, or if the port does not have
1001 a queue with the specified ID, the default queue is used
1002 instead.
1003 protocols: set of strings, one of OpenFlow10, OpenFlow11, OpenFlow12,
1005 OpenFlow13, OpenFlow14, OpenFlow15, or OpenFlow16
1006 List of OpenFlow protocols that may be used when negotiating a
1007 connection with a controller. OpenFlow 1.0, 1.1, 1.2, 1.3, and
1008 1.4 are enabled by default if this column is empty.
1009 OpenFlow 1.5 and 1.6 are not enabled by default because their
1011 implementations are missing features. In addition, the OpenFlow
1012 1.6 specification is still under development and thus subject to
1013 change.
1014 Spanning Tree Configuration:
1016 The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol that
1018 ensures loop-free topologies. It allows redundant links to be included
1019 in the network to provide automatic backup paths if the active links
1020 fails.
1021 These settings configure the slower-to-converge but still widely sup‐
1023 ported version of Spanning Tree Protocol, sometimes known as
1024 802.1D-1998. Open vSwitch also supports the newer Rapid Spanning Tree
1025 Protocol (RSTP), documented later in the section titled Rapid Spanning
1026 Tree Configuration.
1027 STP Configuration:
1029 stp_enable: boolean
1031 Enable spanning tree on the bridge. By default, STP is disabled
1032 on bridges. Bond, internal, and mirror ports are not supported
1033 and will not participate in the spanning tree.
1034 STP and RSTP are mutually exclusive. If both are enabled, RSTP
1036 will be used.
1037 other_config : stp-system-id: optional string
1039 The bridge’s STP identifier (the lower 48 bits of the bridge-id)
1040 in the form xx:xx:xx:xx:xx:xx. By default, the identifier is the
1041 MAC address of the bridge.
1042 other_config : stp-priority: optional string, containing an integer, in
1044 range 0 to 65,535
1045 The bridge’s relative priority value for determining the root
1046 bridge (the upper 16 bits of the bridge-id). A bridge with the
1047 lowest bridge-id is elected the root. By default, the priority
1048 is 0x8000.
1049 other_config : stp-hello-time: optional string, containing an integer,
1051 in range 1 to 10
1052 The interval between transmissions of hello messages by desig‐
1053 nated ports, in seconds. By default the hello interval is 2 sec‐
1054 onds.
1055 other_config : stp-max-age: optional string, containing an integer, in
1057 range 6 to 40
1058 The maximum age of the information transmitted by the bridge
1059 when it is the root bridge, in seconds. By default, the maximum
1060 age is 20 seconds.
1061 other_config : stp-forward-delay: optional string, containing an inte‐
1063 ger, in range 4 to 30
1064 The delay to wait between transitioning root and designated
1065 ports to forwarding, in seconds. By default, the forwarding
1066 delay is 15 seconds.
1067 other_config : mcast-snooping-aging-time: optional string, containing
1069 an integer, at least 1
1070 The maximum number of seconds to retain a multicast snooping
1071 entry for which no packets have been seen. The default is cur‐
1072 rently 300 seconds (5 minutes). The value, if specified, is
1073 forced into a reasonable range, currently 15 to 3600 seconds.
1074 other_config : mcast-snooping-table-size: optional string, containing
1076 an integer, at least 1
1077 The maximum number of multicast snooping addresses to learn. The
1078 default is currently 2048. The value, if specified, is forced
1079 into a reasonable range, currently 10 to 1,000,000.
1080 other_config : mcast-snooping-disable-flood-unregistered: optional
1082 string, either true or false
1083 If set to false, unregistered multicast packets are forwarded to
1084 all ports. If set to true, unregistered multicast packets are
1085 forwarded to ports connected to multicast routers.
1086 STP Status:
1088 These key-value pairs report the status of 802.1D-1998. They are
1090 present only if STP is enabled (via the stp_enable column).
1091 status : stp_bridge_id: optional string
1093 The bridge ID used in spanning tree advertisements, in the form
1094 xxxx.yyyyyyyyyyyy where the xs are the STP priority, the ys are
1095 the STP system ID, and each x and y is a hex digit.
1096 status : stp_designated_root: optional string
1098 The designated root for this spanning tree, in the same form as
1099 status:stp_bridge_id. If this bridge is the root, this will have
1100 the same value as status:stp_bridge_id, otherwise it will dif‐
1101 fer.
1102 status : stp_root_path_cost: optional string
1104 The path cost of reaching the designated bridge. A lower number
1105 is better. The value is 0 if this bridge is the root, otherwise
1106 it is higher.
1107 Rapid Spanning Tree:
1109 Rapid Spanning Tree Protocol (RSTP), like STP, is a network protocol
1111 that ensures loop-free topologies. RSTP superseded STP with the publi‐
1112 cation of 802.1D-2004. Compared to STP, RSTP converges more quickly and
1113 recovers more quickly from failures.
1114 RSTP Configuration:
1116 rstp_enable: boolean
1118 Enable Rapid Spanning Tree on the bridge. By default, RSTP is
1119 disabled on bridges. Bond, internal, and mirror ports are not
1120 supported and will not participate in the spanning tree.
1121 STP and RSTP are mutually exclusive. If both are enabled, RSTP
1123 will be used.
1124 other_config : rstp-address: optional string
1126 The bridge’s RSTP address (the lower 48 bits of the bridge-id)
1127 in the form xx:xx:xx:xx:xx:xx. By default, the address is the
1128 MAC address of the bridge.
1129 other_config : rstp-priority: optional string, containing an integer,
1131 in range 0 to 61,440
1132 The bridge’s relative priority value for determining the root
1133 bridge (the upper 16 bits of the bridge-id). A bridge with the
1134 lowest bridge-id is elected the root. By default, the priority
1135 is 0x8000 (32768). This value needs to be a multiple of 4096,
1136 otherwise it’s rounded to the nearest inferior one.
1137 other_config : rstp-ageing-time: optional string, containing an inte‐
1139 ger, in range 10 to 1,000,000
1140 The Ageing Time parameter for the Bridge. The default value is
1141 300 seconds.
1142 other_config : rstp-force-protocol-version: optional string, containing
1144 an integer
1145 The Force Protocol Version parameter for the Bridge. This can
1146 take the value 0 (STP Compatibility mode) or 2 (the default,
1147 normal operation).
1148 other_config : rstp-max-age: optional string, containing an integer, in
1150 range 6 to 40
1151 The maximum age of the information transmitted by the Bridge
1152 when it is the Root Bridge. The default value is 20.
1153 other_config : rstp-forward-delay: optional string, containing an inte‐
1155 ger, in range 4 to 30
1156 The delay used by STP Bridges to transition Root and Designated
1157 Ports to Forwarding. The default value is 15.
1158 other_config : rstp-transmit-hold-count: optional string, containing an
1160 integer, in range 1 to 10
1161 The Transmit Hold Count used by the Port Transmit state machine
1162 to limit transmission rate. The default value is 6.
1163 RSTP Status:
1165 These key-value pairs report the status of 802.1D-2004. They are
1167 present only if RSTP is enabled (via the rstp_enable column).
1168 rstp_status : rstp_bridge_id: optional string
1170 The bridge ID used in rapid spanning tree advertisements, in the
1171 form x.yyy.zzzzzzzzzzzz where x is the RSTP priority, the ys are
1172 a locally assigned system ID extension, the zs are the STP sys‐
1173 tem ID, and each x, y, or z is a hex digit.
1174 rstp_status : rstp_root_id: optional string
1176 The root of this spanning tree, in the same form as rstp_sta‐
1177 tus:rstp_bridge_id. If this bridge is the root, this will have
1178 the same value as rstp_status:rstp_bridge_id, otherwise it will
1179 differ.
1180 rstp_status : rstp_root_path_cost: optional string, containing an inte‐
1182 ger, at least 0
1183 The path cost of reaching the root. A lower number is better.
1184 The value is 0 if this bridge is the root, otherwise it is
1185 higher.
1186 rstp_status : rstp_designated_id: optional string
1188 The RSTP designated ID, in the same form as rstp_sta‐
1189 tus:rstp_bridge_id.
1190 rstp_status : rstp_designated_port_id: optional string
1192 The RSTP designated port ID, as a 4-digit hex number.
1193 rstp_status : rstp_bridge_port_id: optional string
1195 The RSTP bridge port ID, as a 4-digit hex number.
1196 Multicast Snooping Configuration:
1198 Multicast snooping (RFC 4541) monitors the Internet Group Management
1200 Protocol (IGMP) and Multicast Listener Discovery traffic between hosts
1201 and multicast routers. The switch uses what IGMP and MLD snooping
1202 learns to forward multicast traffic only to interfaces that are con‐
1203 nected to interested receivers. Currently it supports IGMPv1, IGMPv2,
1204 IGMPv3, MLDv1 and MLDv2 protocols.
1205 mcast_snooping_enable: boolean
1207 Enable multicast snooping on the bridge. For now, the default is
1208 disabled.
1209 Other Features:
1211 datapath_type: string
1213 Name of datapath provider. The kernel datapath has type system.
1214 The userspace datapath has type netdev. A manager may refer to
1215 the datapath_types column of the Open_vSwitch table for a list
1216 of the types accepted by this Open vSwitch instance.
1217 external_ids : bridge-id: optional string
1219 A unique identifier of the bridge. On Citrix XenServer this will
1220 commonly be the same as external_ids:xs-network-uuids.
1221 external_ids : xs-network-uuids: optional string
1223 Semicolon-delimited set of universally unique identifier(s) for
1224 the network with which this bridge is associated on a Citrix
1225 XenServer host. The network identifiers are RFC 4122 UUIDs as
1226 displayed by, e.g., xe network-list.
1227 other_config : hwaddr: optional string
1229 An Ethernet address in the form xx:xx:xx:xx:xx:xx to set the
1230 hardware address of the local port and influence the datapath
1231 ID.
1232 other_config : forward-bpdu: optional string, either true or false
1234 Controls forwarding of BPDUs and other network control frames
1235 when NORMAL action is invoked. When this option is false or
1236 unset, frames with reserved Ethernet addresses (see table below)
1237 will not be forwarded. When this option is true, such frames
1238 will not be treated specially.
1239 The above general rule has the following exceptions:
1241 · If STP is enabled on the bridge (see the stp_enable col‐
1243 umn in the Bridge table), the bridge processes all
1244 received STP packets and never passes them to OpenFlow or
1245 forwards them. This is true even if STP is disabled on an
1246 individual port.
1247 · If LLDP is enabled on an interface (see the lldp column
1249 in the Interface table), the interface processes received
1250 LLDP packets and never passes them to OpenFlow or for‐
1251 wards them.
1252 Set this option to true if the Open vSwitch bridge connects dif‐
1254 ferent Ethernet networks and is not configured to participate in
1255 STP.
1256 This option affects packets with the following destination MAC
1258 addresses:
1259 01:80:c2:00:00:00
1261 IEEE 802.1D Spanning Tree Protocol (STP).
1262 01:80:c2:00:00:01
1264 IEEE Pause frame.
1265 01:80:c2:00:00:0x
1267 Other reserved protocols.
1268 00:e0:2b:00:00:00
1270 Extreme Discovery Protocol (EDP).
1271 00:e0:2b:00:00:04 and 00:e0:2b:00:00:06
1273 Ethernet Automatic Protection Switching (EAPS).
1274 01:00:0c:cc:cc:cc
1276 Cisco Discovery Protocol (CDP), VLAN Trunking Protocol
1277 (VTP), Dynamic Trunking Protocol (DTP), Port Aggregation
1278 Protocol (PAgP), and others.
1279 01:00:0c:cc:cc:cd
1281 Cisco Shared Spanning Tree Protocol PVSTP+.
1282 01:00:0c:cd:cd:cd
1284 Cisco STP Uplink Fast.
1285 01:00:0c:00:00:00
1287 Cisco Inter Switch Link.
1288 01:00:0c:cc:cc:cx
1290 Cisco CFM.
1291 other_config : mac-aging-time: optional string, containing an integer,
1293 at least 1
1294 The maximum number of seconds to retain a MAC learning entry for
1295 which no packets have been seen. The default is currently 300
1296 seconds (5 minutes). The value, if specified, is forced into a
1297 reasonable range, currently 15 to 3600 seconds.
1298 A short MAC aging time allows a network to more quickly detect
1300 that a host is no longer connected to a switch port. However, it
1301 also makes it more likely that packets will be flooded unneces‐
1302 sarily, when they are addressed to a connected host that rarely
1303 transmits packets. To reduce the incidence of unnecessary flood‐
1304 ing, use a MAC aging time longer than the maximum interval at
1305 which a host will ordinarily transmit packets.
1306 other_config : mac-table-size: optional string, containing an integer,
1308 at least 1
1309 The maximum number of MAC addresses to learn. The default is
1310 currently 8192. The value, if specified, is forced into a rea‐
1311 sonable range, currently 10 to 1,000,000.
1312 Common Columns:
1314 The overall purpose of these columns is described under Common Columns
1316 at the beginning of this document.
1317 other_config: map of string-string pairs
1319 external_ids: map of string-string pairs
1321
1323 A port within a Bridge.
1324 Most commonly, a port has exactly one ``interface,’’ pointed to by its
1326 interfaces column. Such a port logically corresponds to a port on a
1327 physical Ethernet switch. A port with more than one interface is a
1328 ``bonded port’’ (see Bonding Configuration).
1329 Some properties that one might think as belonging to a port are actu‐
1331 ally part of the port’s Interface members.
1332 Summary:
1334 name immutable string (must be unique within
1335 table)
1336 interfaces set of 1 or more Interfaces
1337 VLAN Configuration:
1338 vlan_mode optional string, one of access,
1339 dot1q-tunnel, native-tagged,
1340 native-untagged, or trunk
1341 tag optional integer, in range 0 to 4,095
1342 trunks set of up to 4,096 integers, in range 0
1343 to 4,095
1344 cvlans set of up to 4,096 integers, in range 0
1345 to 4,095
1346 other_config : qinq-ethtype
1347 optional string, either 802.1ad or 802.1q
1348 other_config : priority-tags
1349 optional string, either true or false
1350 Bonding Configuration:
1351 bond_mode optional string, one of active-backup,
1352 balance-slb, or balance-tcp
1353 other_config : bond-hash-basis
1354 optional string, containing an integer
1355 Link Failure Detection:
1356 other_config : bond-detect-mode
1357 optional string, either carrier or miimon
1358 other_config : bond-miimon-interval
1359 optional string, containing an integer
1360 bond_updelay integer
1361 bond_downdelay integer
1362 LACP Configuration:
1363 lacp optional string, one of active, off, or
1364 passive
1365 other_config : lacp-system-id
1366 optional string
1367 other_config : lacp-system-priority
1368 optional string, containing an integer,
1369 in range 1 to 65,535
1370 other_config : lacp-time optional string, either fast or slow
1371 other_config : lacp-fallback-ab
1372 optional string, either true or false
1373 Rebalancing Configuration:
1374 other_config : bond-rebalance-interval
1375 optional string, containing an integer,
1376 in range 0 to 10,000
1377 bond_fake_iface boolean
1378 Spanning Tree Protocol:
1379 STP Configuration:
1380 other_config : stp-enable
1381 optional string, either true or false
1382 other_config : stp-port-num
1383 optional string, containing an integer,
1384 in range 1 to 255
1385 other_config : stp-port-priority
1386 optional string, containing an integer,
1387 in range 0 to 255
1388 other_config : stp-path-cost
1389 optional string, containing an integer,
1390 in range 0 to 65,535
1391 STP Status:
1392 status : stp_port_id optional string
1393 status : stp_state optional string, one of blocking, dis‐
1394 abled, forwarding, learning, or listening
1395 status : stp_sec_in_state
1396 optional string, containing an integer,
1397 at least 0
1398 status : stp_role optional string, one of alternate, desig‐
1399 nated, or root
1400 Rapid Spanning Tree Protocol:
1401 RSTP Configuration:
1402 other_config : rstp-enable
1403 optional string, either true or false
1404 other_config : rstp-port-priority
1405 optional string, containing an integer,
1406 in range 0 to 240
1407 other_config : rstp-port-num
1408 optional string, containing an integer,
1409 in range 1 to 4,095
1410 other_config : rstp-port-path-cost
1411 optional string, containing an integer
1412 other_config : rstp-port-admin-edge
1413 optional string, either true or false
1414 other_config : rstp-port-auto-edge
1415 optional string, either true or false
1416 other_config : rstp-port-mcheck
1417 optional string, either true or false
1418 RSTP Status:
1419 rstp_status : rstp_port_id
1420 optional string
1421 rstp_status : rstp_port_role
1422 optional string, one of Alternate,
1423 Backup, Designated, Disabled, or Root
1424 rstp_status : rstp_port_state
1425 optional string, one of Disabled, Dis‐
1426 carding, Forwarding, or Learning
1427 rstp_status : rstp_designated_bridge_id
1428 optional string
1429 rstp_status : rstp_designated_port_id
1430 optional string
1431 rstp_status : rstp_designated_path_cost
1432 optional string, containing an integer
1433 RSTP Statistics:
1434 rstp_statistics : rstp_tx_count
1435 optional integer
1436 rstp_statistics : rstp_rx_count
1437 optional integer
1438 rstp_statistics : rstp_error_count
1439 optional integer
1440 rstp_statistics : rstp_uptime
1441 optional integer
1442 Multicast Snooping:
1443 other_config : mcast-snooping-flood
1444 optional string, either true or false
1445 other_config : mcast-snooping-flood-reports
1446 optional string, either true or false
1447 Other Features:
1448 qos optional QoS
1449 mac optional string
1450 fake_bridge boolean
1451 protected boolean
1452 external_ids : fake-bridge-id-*
1453 optional string
1454 other_config : transient optional string, either true or false
1455 bond_active_slave optional string
1456 Port Statistics:
1457 Statistics: STP transmit and receive counters:
1458 statistics : stp_tx_count
1459 optional integer
1460 statistics : stp_rx_count
1461 optional integer
1462 statistics : stp_error_count
1463 optional integer
1464 Common Columns:
1465 other_config map of string-string pairs
1466 external_ids map of string-string pairs
1467 Details:
1469 name: immutable string (must be unique within table)
1470 Port name. For a non-bonded port, this should be the same as its
1471 interface’s name. Port names must otherwise be unique among the
1472 names of ports, interfaces, and bridges on a host. Because port
1473 and interfaces names are usually the same, the restrictions on
1474 the name column in the Interface table, particularly on length,
1475 also apply to port names. Refer to the documentation for Inter‐
1476 face names for details.
1477 interfaces: set of 1 or more Interfaces
1479 The port’s interfaces. If there is more than one, this is a
1480 bonded Port.
1481 VLAN Configuration:
1483 In short, a VLAN (short for ``virtual LAN’’) is a way to partition a
1485 single switch into multiple switches. VLANs can be confusing, so for an
1486 introduction, please refer to the question ``What’s a VLAN?’’ in the
1487 Open vSwitch FAQ.
1488 A VLAN is sometimes encoded into a packet using a 802.1Q or 802.1ad
1490 VLAN header, but every packet is part of some VLAN whether or not it is
1491 encoded in the packet. (A packet that appears to have no VLAN is part
1492 of VLAN 0, by default.) As a result, it’s useful to think of a VLAN as
1493 a metadata property of a packet, separate from how the VLAN is encoded.
1494 For a given port, this column determines how the encoding of a packet
1495 that ingresses or egresses the port maps to the packet’s VLAN. When a
1496 packet enters the switch, its VLAN is determined based on its setting
1497 in this column and its VLAN headers, if any, and then, conceptually,
1498 the VLAN headers are then stripped off. Conversely, when a packet exits
1499 the switch, its VLAN and the settings in this column determine what
1500 VLAN headers, if any, are pushed onto the packet before it egresses the
1501 port.
1502 The VLAN configuration in this column affects Open vSwitch only when it
1504 is doing ``normal switching.’’ It does not affect flows set up by an
1505 OpenFlow controller, outside of the OpenFlow ``normal action.’’
1506 Bridge ports support the following types of VLAN configuration:
1508 trunk A trunk port carries packets on one or more specified
1510 VLANs specified in the trunks column (often, on every
1511 VLAN). A packet that ingresses on a trunk port is in the
1512 VLAN specified in its 802.1Q header, or VLAN 0 if the
1513 packet has no 802.1Q header. A packet that egresses
1514 through a trunk port will have an 802.1Q header if it has
1515 a nonzero VLAN ID.
1516 Any packet that ingresses on a trunk port tagged with a
1518 VLAN that the port does not trunk is dropped.
1519 access An access port carries packets on exactly one VLAN speci‐
1521 fied in the tag column. Packets egressing on an access
1522 port have no 802.1Q header.
1523 Any packet with an 802.1Q header with a nonzero VLAN ID
1525 that ingresses on an access port is dropped, regardless
1526 of whether the VLAN ID in the header is the access port’s
1527 VLAN ID.
1528 native-tagged
1530 A native-tagged port resembles a trunk port, with the
1531 exception that a packet without an 802.1Q header that
1532 ingresses on a native-tagged port is in the ``native
1533 VLAN’’ (specified in the tag column).
1534 native-untagged
1536 A native-untagged port resembles a native-tagged port,
1537 with the exception that a packet that egresses on a
1538 native-untagged port in the native VLAN will not have an
1539 802.1Q header.
1540 dot1q-tunnel
1542 A dot1q-tunnel port is somewhat like an access port. Like
1543 an access port, it carries packets on the single VLAN
1544 specified in the tag column and this VLAN, called the
1545 service VLAN, does not appear in an 802.1Q header for
1546 packets that ingress or egress on the port. The main dif‐
1547 ference lies in the behavior when packets that include a
1548 802.1Q header ingress on the port. Whereas an access port
1549 drops such packets, a dot1q-tunnel port treats these as
1550 double-tagged with the outer service VLAN tag and the
1551 inner customer VLAN taken from the 802.1Q header. Corre‐
1552 spondingly, to egress on the port, a packet outer VLAN
1553 (or only VLAN) must be tag, which is removed before
1554 egress, which exposes the inner (customer) VLAN if one is
1555 present.
1556 If cvlans is set, only allows packets in the specified
1558 customer VLANs.
1559 A packet will only egress through bridge ports that carry the VLAN of
1561 the packet, as described by the rules above.
1562 vlan_mode: optional string, one of access, dot1q-tunnel, native-tagged,
1564 native-untagged, or trunk
1565 The VLAN mode of the port, as described above. When this column
1566 is empty, a default mode is selected as follows:
1567 · If tag contains a value, the port is an access port. The
1569 trunks column should be empty.
1570 · Otherwise, the port is a trunk port. The trunks column
1572 value is honored if it is present.
1573 tag: optional integer, in range 0 to 4,095
1575 For an access port, the port’s implicitly tagged VLAN. For a
1576 native-tagged or native-untagged port, the port’s native VLAN.
1577 Must be empty if this is a trunk port.
1578 trunks: set of up to 4,096 integers, in range 0 to 4,095
1580 For a trunk, native-tagged, or native-untagged port, the 802.1Q
1581 VLAN or VLANs that this port trunks; if it is empty, then the
1582 port trunks all VLANs. Must be empty if this is an access port.
1583 A native-tagged or native-untagged port always trunks its native
1585 VLAN, regardless of whether trunks includes that VLAN.
1586 cvlans: set of up to 4,096 integers, in range 0 to 4,095
1588 For a dot1q-tunnel port, the customer VLANs that this port
1589 includes. If this is empty, the port includes all customer
1590 VLANs.
1591 For other kinds of ports, this setting is ignored.
1593 other_config : qinq-ethtype: optional string, either 802.1ad or 802.1q
1595 For a dot1q-tunnel port, this is the TPID for the service tag,
1596 that is, for the 802.1Q header that contains the service VLAN
1597 ID. Because packets that actually ingress and egress a dot1q-
1598 tunnel port do not include an 802.1Q header for the service
1599 VLAN, this does not affect packets on the dot1q-tunnel port
1600 itself. Rather, it determines the service VLAN for a packet that
1601 ingresses on a dot1q-tunnel port and egresses on a trunk port.
1602 The value 802.1ad specifies TPID 0x88a8, which is also the
1604 default if the setting is omitted. The value 802.1q specifies
1605 TPID 0x8100.
1606 For other kinds of ports, this setting is ignored.
1608 other_config : priority-tags: optional string, either true or false
1610 An 802.1Q header contains two important pieces of information: a
1611 VLAN ID and a priority. A frame with a zero VLAN ID, called a
1612 ``priority-tagged’’ frame, is supposed to be treated the same
1613 way as a frame without an 802.1Q header at all (except for the
1614 priority).
1615 However, some network elements ignore any frame that has 802.1Q
1617 header at all, even when the VLAN ID is zero. Therefore, by
1618 default Open vSwitch does not output priority-tagged frames,
1619 instead omitting the 802.1Q header entirely if the VLAN ID is
1620 zero. Set this key to true to enable priority-tagged frames on a
1621 port.
1622 Regardless of this setting, Open vSwitch omits the 802.1Q header
1624 on output if both the VLAN ID and priority would be zero.
1625 All frames output to native-tagged ports have a nonzero VLAN ID,
1627 so this setting is not meaningful on native-tagged ports.
1628 Bonding Configuration:
1630 A port that has more than one interface is a ``bonded port.’’ Bonding
1632 allows for load balancing and fail-over.
1633 The following types of bonding will work with any kind of upstream
1635 switch. On the upstream switch, do not configure the interfaces as a
1636 bond:
1637 balance-slb
1639 Balances flows among slaves based on source MAC address
1640 and output VLAN, with periodic rebalancing as traffic
1641 patterns change.
1642 active-backup
1644 Assigns all flows to one slave, failing over to a backup
1645 slave when the active slave is disabled. This is the only
1646 bonding mode in which interfaces may be plugged into dif‐
1647 ferent upstream switches.
1648 The following modes require the upstream switch to support 802.3ad with
1650 successful LACP negotiation. If LACP negotiation fails and other-con‐
1651 fig:lacp-fallback-ab is true, then active-backup mode is used:
1652 balance-tcp
1654 Balances flows among slaves based on L3 and L4 protocol
1655 information such as IP addresses and TCP/UDP ports.
1656 These columns apply only to bonded ports. Their values are otherwise
1658 ignored.
1659 bond_mode: optional string, one of active-backup, balance-slb, or bal‐
1661 ance-tcp
1662 The type of bonding used for a bonded port. Defaults to
1663 active-backup if unset.
1664 other_config : bond-hash-basis: optional string, containing an integer
1666 An integer hashed along with flows when choosing output slaves
1667 in load balanced bonds. When changed, all flows will be assigned
1668 different hash values possibly causing slave selection decisions
1669 to change. Does not affect bonding modes which do not employ
1670 load balancing such as active-backup.
1671 Link Failure Detection:
1673 An important part of link bonding is detecting that links are down so
1675 that they may be disabled. These settings determine how Open vSwitch
1676 detects link failure.
1677 other_config : bond-detect-mode: optional string, either carrier or
1679 miimon
1680 The means used to detect link failures. Defaults to carrier
1681 which uses each interface’s carrier to detect failures. When set
1682 to miimon, will check for failures by polling each interface’s
1683 MII.
1684 other_config : bond-miimon-interval: optional string, containing an
1686 integer
1687 The interval, in milliseconds, between successive attempts to
1688 poll each interface’s MII. Relevant only when other_config:bond-
1689 detect-mode is miimon.
1690 bond_updelay: integer
1692 The number of milliseconds for which the link must stay up on an
1693 interface before the interface is considered to be up. Specify 0
1694 to enable the interface immediately.
1695 This setting is honored only when at least one bonded interface
1697 is already enabled. When no interfaces are enabled, then the
1698 first bond interface to come up is enabled immediately.
1699 bond_downdelay: integer
1701 The number of milliseconds for which the link must stay down on
1702 an interface before the interface is considered to be down.
1703 Specify 0 to disable the interface immediately.
1704 LACP Configuration:
1706 LACP, the Link Aggregation Control Protocol, is an IEEE standard that
1708 allows switches to automatically detect that they are connected by mul‐
1709 tiple links and aggregate across those links. These settings control
1710 LACP behavior.
1711 lacp: optional string, one of active, off, or passive
1713 Configures LACP on this port. LACP allows directly connected
1714 switches to negotiate which links may be bonded. LACP may be
1715 enabled on non-bonded ports for the benefit of any switches they
1716 may be connected to. active ports are allowed to initiate LACP
1717 negotiations. passive ports are allowed to participate in LACP
1718 negotiations initiated by a remote switch, but not allowed to
1719 initiate such negotiations themselves. If LACP is enabled on a
1720 port whose partner switch does not support LACP, the bond will
1721 be disabled, unless other-config:lacp-fallback-ab is set to
1722 true. Defaults to off if unset.
1723 other_config : lacp-system-id: optional string
1725 The LACP system ID of this Port. The system ID of a LACP bond is
1726 used to identify itself to its partners. Must be a nonzero MAC
1727 address. Defaults to the bridge Ethernet address if unset.
1728 other_config : lacp-system-priority: optional string, containing an
1730 integer, in range 1 to 65,535
1731 The LACP system priority of this Port. In LACP negotiations,
1732 link status decisions are made by the system with the numeri‐
1733 cally lower priority.
1734 other_config : lacp-time: optional string, either fast or slow
1736 The LACP timing which should be used on this Port. By default
1737 slow is used. When configured to be fast LACP heartbeats are
1738 requested at a rate of once per second causing connectivity
1739 problems to be detected more quickly. In slow mode, heartbeats
1740 are requested at a rate of once every 30 seconds.
1741 other_config : lacp-fallback-ab: optional string, either true or false
1743 Determines the behavior of openvswitch bond in LACP mode. If the
1744 partner switch does not support LACP, setting this option to
1745 true allows openvswitch to fallback to active-backup. If the
1746 option is set to false, the bond will be disabled. In both the
1747 cases, once the partner switch is configured to LACP mode, the
1748 bond will use LACP.
1749 Rebalancing Configuration:
1751 These settings control behavior when a bond is in balance-slb or bal‐
1753 ance-tcp mode.
1754 other_config : bond-rebalance-interval: optional string, containing an
1756 integer, in range 0 to 10,000
1757 For a load balanced bonded port, the number of milliseconds
1758 between successive attempts to rebalance the bond, that is, to
1759 move flows from one interface on the bond to another in an
1760 attempt to keep usage of each interface roughly equal. If zero,
1761 load balancing is disabled on the bond (link failure still cause
1762 flows to move). If less than 1000ms, the rebalance interval will
1763 be 1000ms.
1764 bond_fake_iface: boolean
1766 For a bonded port, whether to create a fake internal interface
1767 with the name of the port. Use only for compatibility with
1768 legacy software that requires this.
1769 Spanning Tree Protocol:
1771 The configuration here is only meaningful, and the status is only popu‐
1773 lated, when 802.1D-1998 Spanning Tree Protocol is enabled on the port’s
1774 Bridge with its stp_enable column.
1775 STP Configuration:
1777 other_config : stp-enable: optional string, either true or false
1779 When STP is enabled on a bridge, it is enabled by default on all
1780 of the bridge’s ports except bond, internal, and mirror ports
1781 (which do not work with STP). If this column’s value is false,
1782 STP is disabled on the port.
1783 other_config : stp-port-num: optional string, containing an integer, in
1785 range 1 to 255
1786 The port number used for the lower 8 bits of the port-id. By
1787 default, the numbers will be assigned automatically. If any
1788 port’s number is manually configured on a bridge, then they must
1789 all be.
1790 other_config : stp-port-priority: optional string, containing an inte‐
1792 ger, in range 0 to 255
1793 The port’s relative priority value for determining the root port
1794 (the upper 8 bits of the port-id). A port with a lower port-id
1795 will be chosen as the root port. By default, the priority is
1796 0x80.
1797 other_config : stp-path-cost: optional string, containing an integer,
1799 in range 0 to 65,535
1800 Spanning tree path cost for the port. A lower number indicates a
1801 faster link. By default, the cost is based on the maximum speed
1802 of the link.
1803 STP Status:
1805 status : stp_port_id: optional string
1807 The port ID used in spanning tree advertisements for this port,
1808 as 4 hex digits. Configuring the port ID is described in the
1809 stp-port-num and stp-port-priority keys of the other_config sec‐
1810 tion earlier.
1811 status : stp_state: optional string, one of blocking, disabled, for‐
1813 warding, learning, or listening
1814 STP state of the port.
1815 status : stp_sec_in_state: optional string, containing an integer, at
1817 least 0
1818 The amount of time this port has been in the current STP state,
1819 in seconds.
1820 status : stp_role: optional string, one of alternate, designated, or
1822 root
1823 STP role of the port.
1824 Rapid Spanning Tree Protocol:
1826 The configuration here is only meaningful, and the status and statis‐
1828 tics are only populated, when 802.1D-1998 Spanning Tree Protocol is
1829 enabled on the port’s Bridge with its stp_enable column.
1830 RSTP Configuration:
1832 other_config : rstp-enable: optional string, either true or false
1834 When RSTP is enabled on a bridge, it is enabled by default on
1835 all of the bridge’s ports except bond, internal, and mirror
1836 ports (which do not work with RSTP). If this column’s value is
1837 false, RSTP is disabled on the port.
1838 other_config : rstp-port-priority: optional string, containing an inte‐
1840 ger, in range 0 to 240
1841 The port’s relative priority value for determining the root
1842 port, in multiples of 16. By default, the port priority is 0x80
1843 (128). Any value in the lower 4 bits is rounded off. The signif‐
1844 icant upper 4 bits become the upper 4 bits of the port-id. A
1845 port with the lowest port-id is elected as the root.
1846 other_config : rstp-port-num: optional string, containing an integer,
1848 in range 1 to 4,095
1849 The local RSTP port number, used as the lower 12 bits of the
1850 port-id. By default the port numbers are assigned automatically,
1851 and typically may not correspond to the OpenFlow port numbers. A
1852 port with the lowest port-id is elected as the root.
1853 other_config : rstp-port-path-cost: optional string, containing an
1855 integer
1856 The port path cost. The Port’s contribution, when it is the Root
1857 Port, to the Root Path Cost for the Bridge. By default the cost
1858 is automatically calculated from the port’s speed.
1859 other_config : rstp-port-admin-edge: optional string, either true or
1861 false
1862 The admin edge port parameter for the Port. Default is false.
1863 other_config : rstp-port-auto-edge: optional string, either true or
1865 false
1866 The auto edge port parameter for the Port. Default is true.
1867 other_config : rstp-port-mcheck: optional string, either true or false
1869 The mcheck port parameter for the Port. Default is false. May be
1870 set to force the Port Protocol Migration state machine to trans‐
1871 mit RST BPDUs for a MigrateTime period, to test whether all STP
1872 Bridges on the attached LAN have been removed and the Port can
1873 continue to transmit RSTP BPDUs. Setting mcheck has no effect if
1874 the Bridge is operating in STP Compatibility mode.
1875 Changing the value from true to false has no effect, but needs
1877 to be done if this behavior is to be triggered again by subse‐
1878 quently changing the value from false to true.
1879 RSTP Status:
1881 rstp_status : rstp_port_id: optional string
1883 The port ID used in spanning tree advertisements for this port,
1884 as 4 hex digits. Configuring the port ID is described in the
1885 rstp-port-num and rstp-port-priority keys of the other_config
1886 section earlier.
1887 rstp_status : rstp_port_role: optional string, one of Alternate,
1889 Backup, Designated, Disabled, or Root
1890 RSTP role of the port.
1891 rstp_status : rstp_port_state: optional string, one of Disabled, Dis‐
1893 carding, Forwarding, or Learning
1894 RSTP state of the port.
1895 rstp_status : rstp_designated_bridge_id: optional string
1897 The port’s RSTP designated bridge ID, in the same form as
1898 rstp_status:rstp_bridge_id in the Bridge table.
1899 rstp_status : rstp_designated_port_id: optional string
1901 The port’s RSTP designated port ID, as 4 hex digits.
1902 rstp_status : rstp_designated_path_cost: optional string, containing an
1904 integer
1905 The port’s RSTP designated path cost. Lower is better.
1906 RSTP Statistics:
1908 rstp_statistics : rstp_tx_count: optional integer
1910 Number of RSTP BPDUs transmitted through this port.
1911 rstp_statistics : rstp_rx_count: optional integer
1913 Number of valid RSTP BPDUs received by this port.
1914 rstp_statistics : rstp_error_count: optional integer
1916 Number of invalid RSTP BPDUs received by this port.
1917 rstp_statistics : rstp_uptime: optional integer
1919 The duration covered by the other RSTP statistics, in seconds.
1920 Multicast Snooping:
1922 other_config : mcast-snooping-flood: optional string, either true or
1924 false
1925 If set to true, multicast packets (except Reports) are uncondi‐
1926 tionally forwarded to the specific port.
1927 other_config : mcast-snooping-flood-reports: optional string, either
1929 true or false
1930 If set to true, multicast Reports are unconditionally forwarded
1931 to the specific port.
1932 Other Features:
1934 qos: optional QoS
1936 Quality of Service configuration for this port.
1937 mac: optional string
1939 The MAC address to use for this port for the purpose of choosing
1940 the bridge’s MAC address. This column does not necessarily
1941 reflect the port’s actual MAC address, nor will setting it
1942 change the port’s actual MAC address.
1943 fake_bridge: boolean
1945 Does this port represent a sub-bridge for its tagged VLAN within
1946 the Bridge? See ovs-vsctl(8) for more information.
1947 protected: boolean
1949 The protected ports feature allows certain ports to be desig‐
1950 nated as protected. Traffic between protected ports is blocked.
1951 Protected ports can send traffic to unprotected ports. Unpro‐
1952 tected ports can send traffic to any port. Default is false.
1953 external_ids : fake-bridge-id-*: optional string
1955 External IDs for a fake bridge (see the fake_bridge column) are
1956 defined by prefixing a Bridge external_ids key with
1957 fake-bridge-, e.g. fake-bridge-xs-network-uuids.
1958 other_config : transient: optional string, either true or false
1960 If set to true, the port will be removed when ovs-ctl start
1961 --delete-transient-ports is used.
1962 bond_active_slave: optional string
1964 For a bonded port, record the mac address of the current active
1965 slave.
1966 Port Statistics:
1968 Key-value pairs that report port statistics. The update period is con‐
1970 trolled by other_config:stats-update-interval in the Open_vSwitch ta‐
1971 ble.
1972 Statistics: STP transmit and receive counters:
1974 statistics : stp_tx_count: optional integer
1976 Number of STP BPDUs sent on this port by the spanning tree
1977 library.
1978 statistics : stp_rx_count: optional integer
1980 Number of STP BPDUs received on this port and accepted by the
1981 spanning tree library.
1982 statistics : stp_error_count: optional integer
1984 Number of bad STP BPDUs received on this port. Bad BPDUs include
1985 runt packets and those with an unexpected protocol ID.
1986 Common Columns:
1988 The overall purpose of these columns is described under Common Columns
1990 at the beginning of this document.
1991 other_config: map of string-string pairs
1993 external_ids: map of string-string pairs
1995
1997 An interface within a Port.
1998 Summary:
2000 Core Features:
2001 name immutable string (must be unique within
2002 table)
2003 ifindex optional integer, in range 0 to
2004 4,294,967,295
2005 mac_in_use optional string
2006 mac optional string
2007 error optional string
2008 OpenFlow Port Number:
2009 ofport optional integer
2010 ofport_request optional integer, in range 1 to 65,279
2011 System-Specific Details:
2012 type string
2013 Tunnel Options:
2014 options : remote_ip optional string
2015 options : local_ip optional string
2016 options : in_key optional string
2017 options : out_key optional string
2018 options : dst_port optional string
2019 options : key optional string
2020 options : tos optional string
2021 options : ttl optional string
2022 options : df_default optional string, either true or false
2023 options : egress_pkt_mark optional string
2024 Tunnel Options: lisp only:
2025 options : packet_type optional string, either legacy_l3 or ptap
2026 Tunnel Options: vxlan only:
2027 options : exts optional string
2028 options : packet_type optional string, one of legacy_l2,
2029 legacy_l3, or ptap
2030 Tunnel Options: gre only:
2031 options : packet_type optional string, one of legacy_l2,
2032 legacy_l3, or ptap
2033 options : seq optional string, either true or false
2034 Tunnel Options: gre, geneve, and vxlan:
2035 options : csum optional string, either true or false
2036 Tunnel Options: erspan only:
2037 options : erspan_idx optional string
2038 options : erspan_ver optional string
2039 options : erspan_dir optional string
2040 options : erspan_hwid optional string
2041 Patch Options:
2042 options : peer optional string
2043 PMD (Poll Mode Driver) Options:
2044 options : n_rxq optional string, containing an integer,
2045 at least 1
2046 options : dpdk-devargs optional string
2047 other_config : pmd-rxq-affinity
2048 optional string
2049 options : vhost-server-path
2050 optional string
2051 options : dq-zero-copy optional string, either true or false
2052 options : n_rxq_desc optional string, containing an integer,
2053 in range 1 to 4,096
2054 options : n_txq_desc optional string, containing an integer,
2055 in range 1 to 4,096
2056 MTU:
2057 mtu optional integer
2058 mtu_request optional integer, at least 1
2059 Interface Status:
2060 admin_state optional string, either down or up
2061 link_state optional string, either down or up
2062 link_resets optional integer
2063 link_speed optional integer
2064 duplex optional string, either full or half
2065 lacp_current optional boolean
2066 status map of string-string pairs
2067 status : driver_name optional string
2068 status : driver_version optional string
2069 status : firmware_version optional string
2070 status : source_ip optional string
2071 status : tunnel_egress_iface
2072 optional string
2073 status : tunnel_egress_iface_carrier
2074 optional string, either down or up
2075 dpdk:
2076 status : port_no optional string
2077 status : numa_id optional string
2078 status : min_rx_bufsize optional string
2079 status : max_rx_pktlen optional string
2080 status : max_rx_queues optional string
2081 status : max_tx_queues optional string
2082 status : max_mac_addrs optional string
2083 status : max_hash_mac_addrs
2084 optional string
2085 status : max_vfs optional string
2086 status : max_vmdq_pools optional string
2087 status : if_type optional string
2088 status : if_descr optional string
2089 status : pci-vendor_id optional string
2090 status : pci-device_id optional string
2091 Statistics:
2092 Statistics: Successful transmit and receive counters:
2093 statistics : rx_packets optional integer
2094 statistics : rx_bytes optional integer
2095 statistics : tx_packets optional integer
2096 statistics : tx_bytes optional integer
2097 Statistics: Receive errors:
2098 statistics : rx_dropped optional integer
2099 statistics : rx_frame_err
2100 optional integer
2101 statistics : rx_over_err optional integer
2102 statistics : rx_crc_err optional integer
2103 statistics : rx_errors optional integer
2104 Statistics: Transmit errors:
2105 statistics : tx_dropped optional integer
2106 statistics : collisions optional integer
2107 statistics : tx_errors optional integer
2108 Ingress Policing:
2109 ingress_policing_rate integer, at least 0
2110 ingress_policing_burst integer, at least 0
2111 Bidirectional Forwarding Detection (BFD):
2112 BFD Configuration:
2113 bfd : enable optional string, either true or false
2114 bfd : min_rx optional string, containing an integer,
2115 at least 1
2116 bfd : min_tx optional string, containing an integer,
2117 at least 1
2118 bfd : decay_min_rx optional string, containing an integer
2119 bfd : forwarding_if_rx optional string, either true or false
2120 bfd : cpath_down optional string, either true or false
2121 bfd : check_tnl_key optional string, either true or false
2122 bfd : bfd_local_src_mac optional string
2123 bfd : bfd_local_dst_mac optional string
2124 bfd : bfd_remote_dst_mac optional string
2125 bfd : bfd_src_ip optional string
2126 bfd : bfd_dst_ip optional string
2127 bfd : oam optional string
2128 bfd : mult optional string, containing an integer,
2129 in range 1 to 255
2130 BFD Status:
2131 bfd_status : state optional string, one of admin_down, down,
2132 init, or up
2133 bfd_status : forwarding optional string, either true or false
2134 bfd_status : diagnostic optional string
2135 bfd_status : remote_state
2136 optional string, one of admin_down, down,
2137 init, or up
2138 bfd_status : remote_diagnostic
2139 optional string
2140 bfd_status : flap_count optional string, containing an integer,
2141 at least 0
2142 Connectivity Fault Management:
2143 cfm_mpid optional integer
2144 cfm_flap_count optional integer
2145 cfm_fault optional boolean
2146 cfm_fault_status : recv none
2147 cfm_fault_status : rdi none
2148 cfm_fault_status : maid none
2149 cfm_fault_status : loopback
2150 none
2151 cfm_fault_status : overflow
2152 none
2153 cfm_fault_status : override
2154 none
2155 cfm_fault_status : interval
2156 none
2157 cfm_remote_opstate optional string, either down or up
2158 cfm_health optional integer, in range 0 to 100
2159 cfm_remote_mpids set of integers
2160 other_config : cfm_interval
2161 optional string, containing an integer
2162 other_config : cfm_extended
2163 optional string, either true or false
2164 other_config : cfm_demand optional string, either true or false
2165 other_config : cfm_opstate optional string, either down or up
2166 other_config : cfm_ccm_vlan
2167 optional string, containing an integer,
2168 in range 1 to 4,095
2169 other_config : cfm_ccm_pcp optional string, containing an integer,
2170 in range 1 to 7
2171 Bonding Configuration:
2172 other_config : lacp-port-id
2173 optional string, containing an integer,
2174 in range 1 to 65,535
2175 other_config : lacp-port-priority
2176 optional string, containing an integer,
2177 in range 1 to 65,535
2178 other_config : lacp-aggregation-key
2179 optional string, containing an integer,
2180 in range 1 to 65,535
2181 Virtual Machine Identifiers:
2182 external_ids : attached-mac
2183 optional string
2184 external_ids : iface-id optional string
2185 external_ids : iface-status
2186 optional string, either active or inac‐
2187 tive
2188 external_ids : xs-vif-uuid optional string
2189 external_ids : xs-network-uuid
2190 optional string
2191 external_ids : vm-id optional string
2192 external_ids : xs-vm-uuid optional string
2193 Auto Attach Configuration:
2194 lldp : enable optional string, either true or false
2195 Flow control Configuration:
2196 options : rx-flow-ctrl optional string, either true or false
2197 options : tx-flow-ctrl optional string, either true or false
2198 options : flow-ctrl-autoneg
2199 optional string, either true or false
2200 Link State Change detection mode:
2201 options : dpdk-lsc-interrupt
2202 optional string, either true or false
2203 Common Columns:
2204 other_config map of string-string pairs
2205 external_ids map of string-string pairs
2206 Details:
2208 Core Features:
2209 name: immutable string (must be unique within table)
2211 Interface name. Should be alphanumeric. For non-bonded port,
2212 this should be the same as the port name. It must otherwise be
2213 unique among the names of ports, interfaces, and bridges on a
2214 host.
2215 The maximum length of an interface name depends on the underly‐
2217 ing datapath:
2218 · The names of interfaces implemented as Linux and BSD net‐
2220 work devices, including interfaces with type internal,
2221 tap, or system plus the different types of tunnel ports,
2222 are limited to 15 bytes. Windows limits these names to
2223 255 bytes.
2224 · The names of patch ports are not used in the underlying
2226 datapath, so operating system restrictions do not apply.
2227 Thus, they may have arbitrary length.
2228 Regardless of other restrictions, OpenFlow only supports 15-byte
2230 names, which means that ovs-ofctl and OpenFlow controllers will
2231 show names truncated to 15 bytes.
2232 ifindex: optional integer, in range 0 to 4,294,967,295
2234 A positive interface index as defined for SNMP MIB-II in RFCs
2235 1213 and 2863, if the interface has one, otherwise 0. The
2236 ifindex is useful for seamless integration with protocols such
2237 as SNMP and sFlow.
2238 mac_in_use: optional string
2240 The MAC address in use by this interface.
2241 mac: optional string
2243 Ethernet address to set for this interface. If unset then the
2244 default MAC address is used:
2245 · For the local interface, the default is the lowest-num‐
2247 bered MAC address among the other bridge ports, either
2248 the value of the mac in its Port record, if set, or its
2249 actual MAC (for bonded ports, the MAC of its slave whose
2250 name is first in alphabetical order). Internal ports and
2251 bridge ports that are used as port mirroring destinations
2252 (see the Mirror table) are ignored.
2253 · For other internal interfaces, the default MAC is ran‐
2255 domly generated.
2256 · External interfaces typically have a MAC address associ‐
2258 ated with their hardware.
2259 Some interfaces may not have a software-controllable MAC
2261 address. This option only affects internal ports. For other type
2262 ports, you can change the MAC address outside Open vSwitch,
2263 using ip command.
2264 error: optional string
2266 If the configuration of the port failed, as indicated by -1 in
2267 ofport, Open vSwitch sets this column to an error description in
2268 human readable form. Otherwise, Open vSwitch clears this column.
2269 OpenFlow Port Number:
2271 When a client adds a new interface, Open vSwitch chooses an OpenFlow
2273 port number for the new port. If the client that adds the port fills in
2274 ofport_request, then Open vSwitch tries to use its value as the Open‐
2275 Flow port number. Otherwise, or if the requested port number is already
2276 in use or cannot be used for another reason, Open vSwitch automatically
2277 assigns a free port number. Regardless of how the port number was
2278 obtained, Open vSwitch then reports in ofport the port number actually
2279 assigned.
2280 Open vSwitch limits the port numbers that it automatically assigns to
2282 the range 1 through 32,767, inclusive. Controllers therefore have free
2283 use of ports 32,768 and up.
2284 ofport: optional integer
2286 OpenFlow port number for this interface. Open vSwitch sets this
2287 column’s value, so other clients should treat it as read-only.
2288 The OpenFlow ``local’’ port (OFPP_LOCAL) is 65,534. The other
2290 valid port numbers are in the range 1 to 65,279, inclusive.
2291 Value -1 indicates an error adding the interface.
2292 ofport_request: optional integer, in range 1 to 65,279
2294 Requested OpenFlow port number for this interface.
2295 A client should ideally set this column’s value in the same
2297 database transaction that it uses to create the interface. Open
2298 vSwitch version 2.1 and later will honor a later request for a
2299 specific port number, althuogh it might confuse some con‐
2300 trollers: OpenFlow does not have a way to announce a port number
2301 change, so Open vSwitch represents it over OpenFlow as a port
2302 deletion followed immediately by a port addition.
2303 If ofport_request is set or changed to some other port’s auto‐
2305 matically assigned port number, Open vSwitch chooses a new port
2306 number for the latter port.
2307 System-Specific Details:
2309 type: string
2311 The interface type. The types supported by a particular instance
2312 of Open vSwitch are listed in the iface_types column in the
2313 Open_vSwitch table. The following types are defined:
2314 system An ordinary network device, e.g. eth0 on Linux. Sometimes
2316 referred to as ``external interfaces’’ since they are
2317 generally connected to hardware external to that on which
2318 the Open vSwitch is running. The empty string is a syn‐
2319 onym for system.
2320 internal
2322 A simulated network device that sends and receives traf‐
2323 fic. An internal interface whose name is the same as its
2324 bridge’s name is called the ``local interface.’’ It does
2325 not make sense to bond an internal interface, so the
2326 terms ``port’’ and ``interface’’ are often used impre‐
2327 cisely for internal interfaces.
2328 tap A TUN/TAP device managed by Open vSwitch.
2330 Open vSwitch checks the interface state before send pack‐
2332 ets to the device. When it is down, the packets are
2333 dropped and the tx_dropped statistic is updated accord‐
2334 ingly. Older versions of Open vSwitch did not check the
2335 interface state and then the tx_packets was incremented
2336 along with tx_dropped.
2337 geneve An Ethernet over Geneve
2339 (http://tools.ietf.org/html/draft-ietf-nvo3-geneve)
2340 IPv4/IPv6 tunnel. A description of how to match and set
2341 Geneve options can be found in the ovs-ofctl manual page.
2342 gre Generic Routing Encapsulation (GRE) over IPv4/IPv6 tun‐
2344 nel, configurable to encapsulate layer 2 or layer 3 traf‐
2345 fic.
2346 vxlan An Ethernet tunnel over the UDP-based VXLAN protocol
2348 described in RFC 7348.
2349 Open vSwitch uses IANA-assigned UDP destination port
2351 4789. The source port used for VXLAN traffic varies on a
2352 per-flow basis and is in the ephemeral port range.
2353 lisp A layer 3 tunnel over the experimental, UDP-based Loca‐
2355 tor/ID Separation Protocol (RFC 6830).
2356 Only IPv4 and IPv6 packets are supported by the protocol,
2358 and they are sent and received without an Ethernet
2359 header. Traffic to/from LISP ports is expected to be con‐
2360 figured explicitly, and the ports are not intended to
2361 participate in learning based switching. As such, they
2362 are always excluded from packet flooding.
2363 stt The Stateless TCP Tunnel (STT) is particularly useful
2365 when tunnel endpoints are in end-systems, as it utilizes
2366 the capabilities of standard network interface cards to
2367 improve performance. STT utilizes a TCP-like header
2368 inside the IP header. It is stateless, i.e., there is no
2369 TCP connection state of any kind associated with the tun‐
2370 nel. The TCP-like header is used to leverage the capabil‐
2371 ities of existing network interface cards, but should not
2372 be interpreted as implying any sort of connection state
2373 between endpoints. Since the STT protocol does not engage
2374 in the usual TCP 3-way handshake, so it will have diffi‐
2375 culty traversing stateful firewalls. The protocol is doc‐
2376 umented at https://tools.ietf.org/html/draft-davie-stt
2377 All traffic uses a default destination port of 7471.
2378 patch A pair of virtual devices that act as a patch cable.
2380 Tunnel Options:
2382 These options apply to interfaces with type of geneve, gre, vxlan, lisp
2384 and stt.
2385 Each tunnel must be uniquely identified by the combination of type,
2387 options:remote_ip, options:local_ip, and options:in_key. If two ports
2388 are defined that are the same except one has an optional identifier and
2389 the other does not, the more specific one is matched first.
2390 options:in_key is considered more specific than options:local_ip if a
2391 port defines one and another port defines the other.
2392 options : remote_ip: optional string
2394 Required. The remote tunnel endpoint, one of:
2395 · An IPv4 or IPv6 address (not a DNS name), e.g.
2397 192.168.0.123. Only unicast endpoints are supported.
2398 · The word flow. The tunnel accepts packets from any remote
2400 tunnel endpoint. To process only packets from a specific
2401 remote tunnel endpoint, the flow entries may match on the
2402 tun_src or tun_ipv6_srcfield. When sending packets to a
2403 remote_ip=flow tunnel, the flow actions must explicitly
2404 set the tun_dst or tun_ipv6_dst field to the IP address
2405 of the desired remote tunnel endpoint, e.g. with a
2406 set_field action.
2407 The remote tunnel endpoint for any packet received from a tunnel
2409 is available in the tun_src field for matching in the flow ta‐
2410 ble.
2411 options : local_ip: optional string
2413 Optional. The tunnel destination IP that received packets must
2414 match. Default is to match all addresses. If specified, may be
2415 one of:
2416 · An IPv4/IPv6 address (not a DNS name), e.g. 192.168.12.3.
2418 · The word flow. The tunnel accepts packets sent to any of
2420 the local IP addresses of the system running OVS. To
2421 process only packets sent to a specific IP address, the
2422 flow entries may match on the tun_dst or tun_ipv6_dst
2423 field. When sending packets to a local_ip=flow tunnel,
2424 the flow actions may explicitly set the tun_src or
2425 tun_ipv6_src field to the desired IP address, e.g. with a
2426 set_field action. However, while routing the tunneled
2427 packet out, the local system may override the specified
2428 address with the local IP address configured for the out‐
2429 going system interface.
2430 This option is valid only for tunnels also configured
2432 with the remote_ip=flow option.
2433 The tunnel destination IP address for any packet received from a
2435 tunnel is available in the tun_dst or tun_ipv6_dst field for
2436 matching in the flow table.
2437 options : in_key: optional string
2439 Optional. The key that received packets must contain, one of:
2440 · 0. The tunnel receives packets with no key or with a key
2442 of 0. This is equivalent to specifying no options:in_key
2443 at all.
2444 · A positive 24-bit (for Geneve, VXLAN, and LISP), 32-bit
2446 (for GRE) or 64-bit (for STT) number. The tunnel receives
2447 only packets with the specified key.
2448 · The word flow. The tunnel accepts packets with any key.
2450 The key will be placed in the tun_id field for matching
2451 in the flow table. The ovs-ofctl manual page contains
2452 additional information about matching fields in OpenFlow
2453 flows.
2454 options : out_key: optional string
2456 Optional. The key to be set on outgoing packets, one of:
2457 · 0. Packets sent through the tunnel will have no key. This
2459 is equivalent to specifying no options:out_key at all.
2460 · A positive 24-bit (for Geneve, VXLAN and LISP), 32-bit
2462 (for GRE) or 64-bit (for STT) number. Packets sent
2463 through the tunnel will have the specified key.
2464 · The word flow. Packets sent through the tunnel will have
2466 the key set using the set_tunnel Nicira OpenFlow vendor
2467 extension (0 is used in the absence of an action). The
2468 ovs-ofctl manual page contains additional information
2469 about the Nicira OpenFlow vendor extensions.
2470 options : dst_port: optional string
2472 Optional. The tunnel transport layer destination port, for UDP
2473 and TCP based tunnel protocols (Geneve, VXLAN, LISP, and STT).
2474 options : key: optional string
2476 Optional. Shorthand to set in_key and out_key at the same time.
2477 options : tos: optional string
2479 Optional. The value of the ToS bits to be set on the encapsulat‐
2480 ing packet. ToS is interpreted as DSCP and ECN bits, ECN part
2481 must be zero. It may also be the word inherit, in which case the
2482 ToS will be copied from the inner packet if it is IPv4 or IPv6
2483 (otherwise it will be 0). The ECN fields are always inherited.
2484 Default is 0.
2485 options : ttl: optional string
2487 Optional. The TTL to be set on the encapsulating packet. It may
2488 also be the word inherit, in which case the TTL will be copied
2489 from the inner packet if it is IPv4 or IPv6 (otherwise it will
2490 be the system default, typically 64). Default is the system
2491 default TTL.
2492 options : df_default: optional string, either true or false
2494 Optional. If enabled, the Don’t Fragment bit will be set on tun‐
2495 nel outer headers to allow path MTU discovery. Default is
2496 enabled; set to false to disable.
2497 options : egress_pkt_mark: optional string
2499 Optional. The pkt_mark to be set on the encapsulating packet.
2500 This option sets packet mark for the tunnel endpoint for all
2501 tunnel packets including tunnel monitoring.
2502 Tunnel Options: lisp only:
2504 options : packet_type: optional string, either legacy_l3 or ptap
2506 A LISP tunnel sends and receives only IPv4 and IPv6 packets.
2507 This option controls what how the tunnel represents the packets
2508 that it sends and receives:
2509 · By default, or if this option is legacy_l3, the tunnel
2511 represents packets as Ethernet frames for compatibility
2512 with legacy OpenFlow controllers that expect this behav‐
2513 ior.
2514 · If this option is ptap, the tunnel represents packets
2516 using the packet_type mechanism introduced in OpenFlow
2517 1.5.
2518 Tunnel Options: vxlan only:
2520 options : exts: optional string
2522 Optional. Comma separated list of optional VXLAN extensions to
2523 enable. The following extensions are supported:
2524 · gbp: VXLAN-GBP allows to transport the group policy con‐
2526 text of a packet across the VXLAN tunnel to other network
2527 peers. See the description of tun_gbp_id and
2528 tun_gbp_flags in ovs-fields(7) for additional informa‐
2529 tion.
2530 (https://tools.ietf.org/html/draft-smith-vxlan-group-pol‐
2531 icy)
2532 · gpe: Support for Generic Protocol Encapsulation in accor‐
2534 dance with IETF draft
2535 https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe.
2536 Without this option, a VXLAN packet always encapsulates
2537 an Ethernet frame. With this option, an VXLAN packet may
2538 also encapsulate an IPv4, IPv6, NSH, or MPLS packet.
2539 options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2541 ptap
2542 This option controls what types of packets the tunnel sends and
2543 receives and how it represents them:
2544 · By default, or if this option is legacy_l2, the tunnel
2546 sends and receives only Ethernet frames.
2547 · If this option is legacy_l3, the tunnel sends and
2549 receives only non-Ethernet (L3) packet, but the packets
2550 are represented as Ethernet frames for compatibility with
2551 legacy OpenFlow controllers that expect this behavior.
2552 This requires enabling gpe in options:exts.
2553 · If this option is ptap, Open vSwitch represents packets
2555 in the tunnel using the packet_type mechanism introduced
2556 in OpenFlow 1.5. This mechanism supports any kind of
2557 packet, but actually sending and receiving non-Ethernet
2558 packets requires additionally enabling gpe in
2559 options:exts.
2560 Tunnel Options: gre only:
2562 gre interfaces support these options.
2564 options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2566 ptap
2567 This option controls what types of packets the tunnel sends and
2568 receives and how it represents them:
2569 · By default, or if this option is legacy_l2, the tunnel
2571 sends and receives only Ethernet frames.
2572 · If this option is legacy_l3, the tunnel sends and
2574 receives only non-Ethernet (L3) packet, but the packets
2575 are represented as Ethernet frames for compatibility with
2576 legacy OpenFlow controllers that expect this behavior.
2577 · If this option is ptap, the tunnel sends and receives any
2579 kind of packet. Open vSwitch represents packets in the
2580 tunnel using the packet_type mechanism introduced in
2581 OpenFlow 1.5.
2582 options : seq: optional string, either true or false
2584 Optional. A 4-byte sequence number field for GRE tunnel only.
2585 Default is disabled, set to true to enable. Sequence number is
2586 incremented by one on each outgoing packet.
2587 Tunnel Options: gre, geneve, and vxlan:
2589 gre, geneve, and vxlan interfaces support these options.
2591 options : csum: optional string, either true or false
2593 Optional. Compute encapsulation header (either GRE or UDP)
2594 checksums on outgoing packets. Default is disabled, set to true
2595 to enable. Checksums present on incoming packets will be vali‐
2596 dated regardless of this setting.
2597 When using the upstream Linux kernel module, computation of
2599 checksums for geneve and vxlan requires Linux kernel version 4.0
2600 or higher. gre supports checksums for all versions of Open
2601 vSwitch that support GRE. The out of tree kernel module distrib‐
2602 uted as part of OVS can compute all tunnel checksums on any ker‐
2603 nel version that it is compatible with.
2604 Tunnel Options: erspan only:
2606 Only erspan interfaces support these options.
2608 options : erspan_idx: optional string
2610 20 bit index/port number associated with the ERSPAN traffic’s
2611 source port and direction (ingress/egress). This field is plat‐
2612 form dependent.
2613 options : erspan_ver: optional string
2615 ERSPAN version: 1 for version 1 (type II) or 2 for version 2
2616 (type III).
2617 options : erspan_dir: optional string
2619 Specifies the ERSPAN v2 mirrored traffic’s direction. 1 for
2620 egress traffic, and 0 for ingress traffic.
2621 options : erspan_hwid: optional string
2623 ERSPAN hardware ID is a 6-bit unique identifier of an ERSPAN v2
2624 engine within a system.
2625 Patch Options:
2627 These options apply only to patch ports, that is, interfaces whose type
2629 column is patch. Patch ports are mainly a way to connect otherwise
2630 independent bridges to one another, similar to how one might plug an
2631 Ethernet cable (a ``patch cable’’) into two physical switches to con‐
2632 nect those switches. The effect of plugging a patch port into two
2633 switches is conceptually similar to that of plugging the two ends of a
2634 Linux veth device into those switches, but the implementation of patch
2635 ports makes them much more efficient.
2636 Patch ports may connect two different bridges (the usual case) or the
2638 same bridge. In the latter case, take special care to avoid loops, e.g.
2639 by programming appropriate flows with OpenFlow. Patch ports do not work
2640 if its ends are attached to bridges on different datapaths, e.g. to
2641 connect bridges in system and netdev datapaths.
2642 The following command creates and connects patch ports p0 and p1 and
2644 adds them to bridges br0 and br1, respectively:
2645 ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
2647 -- add-port br1 p1 -- set Interface p1 type=patch options:peer=p0
2648 options : peer: optional string
2651 The name of the Interface for the other side of the patch. The
2652 named Interface’s own peer option must specify this Interface’s
2653 name. That is, the two patch interfaces must have reversed name
2654 and peer values.
2655 PMD (Poll Mode Driver) Options:
2657 Only PMD netdevs support these options.
2659 options : n_rxq: optional string, containing an integer, at least 1
2661 Specifies the maximum number of rx queues to be created for PMD
2662 netdev. If not specified or specified to 0, one rx queue will be
2663 created by default. Not supported by DPDK vHost interfaces.
2664 options : dpdk-devargs: optional string
2666 Specifies the PCI address associated with the port for physical
2667 devices, or the virtual driver to be used for the port when a
2668 virtual PMD is intended to be used. For the latter, the argument
2669 string typically takes the form of eth_driver_namex, where
2670 driver_name is a valid virtual DPDK PMD driver name and x is a
2671 unique identifier of your choice for the given port. Only sup‐
2672 ported by the dpdk port type.
2673 other_config : pmd-rxq-affinity: optional string
2675 Specifies mapping of RX queues of this interface to CPU cores.
2676 Value should be set in the following form:
2678 other_config:pmd-rxq-affinity=<rxq-affinity-list>
2680 where
2682 · <rxq-affinity-list> ::= NULL | <non-empty-list>
2684 · <non-empty-list> ::= <affinity-pair> | <affinity-pair> ,
2686 <non-empty-list>
2687 · <affinity-pair> ::= <queue-id> : <core-id>
2689 options : vhost-server-path: optional string
2691 The value specifies the path to the socket associated with a
2692 vHost User client mode device that has been or will be created
2693 by QEMU. Only supported by dpdkvhostuserclient interfaces.
2694 options : dq-zero-copy: optional string, either true or false
2696 The value specifies whether or not to enable dequeue zero copy
2697 on the given interface. Must be set before vhost-server-path is
2698 specified. Only supported by dpdkvhostuserclient interfaces. The
2699 feature is considered experimental.
2700 options : n_rxq_desc: optional string, containing an integer, in range
2702 1 to 4,096
2703 Specifies the rx queue size (number rx descriptors) for dpdk
2704 ports. The value must be a power of 2, less than 4096 and sup‐
2705 ported by the hardware of the device being configured. If not
2706 specified or an incorrect value is specified, 2048 rx descrip‐
2707 tors will be used by default.
2708 options : n_txq_desc: optional string, containing an integer, in range
2710 1 to 4,096
2711 Specifies the tx queue size (number tx descriptors) for dpdk
2712 ports. The value must be a power of 2, less than 4096 and sup‐
2713 ported by the hardware of the device being configured. If not
2714 specified or an incorrect value is specified, 2048 tx descrip‐
2715 tors will be used by default.
2716 MTU:
2718 The MTU (maximum transmission unit) is the largest amount of data that
2720 can fit into a single Ethernet frame. The standard Ethernet MTU is 1500
2721 bytes. Some physical media and many kinds of virtual interfaces can be
2722 configured with higher MTUs.
2723 A client may change an interface MTU by filling in mtu_request. Open
2725 vSwitch then reports in mtu the currently configured value.
2726 mtu: optional integer
2728 The currently configured MTU for the interface.
2729 This column will be empty for an interface that does not have an
2731 MTU as, for example, some kinds of tunnels do not.
2732 Open vSwitch sets this column’s value, so other clients should
2734 treat it as read-only.
2735 mtu_request: optional integer, at least 1
2737 Requested MTU (Maximum Transmission Unit) for the interface. A
2738 client can fill this column to change the MTU of an interface.
2739 RFC 791 requires every internet module to be able to forward a
2741 datagram of 68 octets without further fragmentation. The maximum
2742 size of an IP packet is 65535 bytes.
2743 If this is not set and if the interface has internal type, Open
2745 vSwitch will change the MTU to match the minimum of the other
2746 interfaces in the bridge.
2747 Interface Status:
2749 Status information about interfaces attached to bridges, updated every
2751 5 seconds. Not all interfaces have all of these properties; virtual
2752 interfaces don’t have a link speed, for example. Non-applicable columns
2753 will have empty values.
2754 admin_state: optional string, either down or up
2756 The administrative state of the physical network link.
2757 link_state: optional string, either down or up
2759 The observed state of the physical network link. This is ordi‐
2760 narily the link’s carrier status. If the interface’s Port is a
2761 bond configured for miimon monitoring, it is instead the network
2762 link’s miimon status.
2763 link_resets: optional integer
2765 The number of times Open vSwitch has observed the link_state of
2766 this Interface change.
2767 link_speed: optional integer
2769 The negotiated speed of the physical network link. Valid values
2770 are positive integers greater than 0.
2771 duplex: optional string, either full or half
2773 The duplex mode of the physical network link.
2774 lacp_current: optional boolean
2776 Boolean value indicating LACP status for this interface. If
2777 true, this interface has current LACP information about its LACP
2778 partner. This information may be used to monitor the health of
2779 interfaces in a LACP enabled port. This column will be empty if
2780 LACP is not enabled.
2781 status: map of string-string pairs
2783 Key-value pairs that report port status. Supported status values
2784 are type-dependent; some interfaces may not have a valid sta‐
2785 tus:driver_name, for example.
2786 status : driver_name: optional string
2788 The name of the device driver controlling the network adapter.
2789 status : driver_version: optional string
2791 The version string of the device driver controlling the network
2792 adapter.
2793 status : firmware_version: optional string
2795 The version string of the network adapter’s firmware, if avail‐
2796 able.
2797 status : source_ip: optional string
2799 The source IP address used for an IPv4/IPv6 tunnel end-point,
2800 such as gre.
2801 status : tunnel_egress_iface: optional string
2803 Egress interface for tunnels. Currently only relevant for tun‐
2804 nels on Linux systems, this column will show the name of the
2805 interface which is responsible for routing traffic destined for
2806 the configured options:remote_ip. This could be an internal
2807 interface such as a bridge port.
2808 status : tunnel_egress_iface_carrier: optional string, either down or
2810 up
2811 Whether carrier is detected on status:tunnel_egress_iface.
2812 dpdk:
2814 DPDK specific interface status options.
2816 status : port_no: optional string
2818 DPDK port ID.
2819 status : numa_id: optional string
2821 NUMA socket ID to which an Ethernet device is connected.
2822 status : min_rx_bufsize: optional string
2824 Minimum size of RX buffer.
2825 status : max_rx_pktlen: optional string
2827 Maximum configurable length of RX pkt.
2828 status : max_rx_queues: optional string
2830 Maximum number of RX queues.
2831 status : max_tx_queues: optional string
2833 Maximum number of TX queues.
2834 status : max_mac_addrs: optional string
2836 Maximum number of MAC addresses.
2837 status : max_hash_mac_addrs: optional string
2839 Maximum number of hash MAC addresses for MTA and UTA.
2840 status : max_vfs: optional string
2842 Maximum number of hash MAC addresses for MTA and UTA. Maximum
2843 number of VFs.
2844 status : max_vmdq_pools: optional string
2846 Maximum number of VMDq pools.
2847 status : if_type: optional string
2849 Interface type ID according to IANA ifTYPE MIB definitions.
2850 status : if_descr: optional string
2852 Interface description string.
2853 status : pci-vendor_id: optional string
2855 Vendor ID of PCI device.
2856 status : pci-device_id: optional string
2858 Device ID of PCI device.
2859 Statistics:
2861 Key-value pairs that report interface statistics. The current implemen‐
2863 tation updates these counters periodically. The update period is con‐
2864 trolled by other_config:stats-update-interval in the Open_vSwitch ta‐
2865 ble. Future implementations may update them when an interface is cre‐
2866 ated, when they are queried (e.g. using an OVSDB select operation), and
2867 just before an interface is deleted due to virtual interface hot-unplug
2868 or VM shutdown, and perhaps at other times, but not on any regular
2869 periodic basis.
2870 These are the same statistics reported by OpenFlow in its struct
2872 ofp_port_stats structure. If an interface does not support a given
2873 statistic, then that pair is omitted.
2874 Statistics: Successful transmit and receive counters:
2876 statistics : rx_packets: optional integer
2878 Number of received packets.
2879 statistics : rx_bytes: optional integer
2881 Number of received bytes.
2882 statistics : tx_packets: optional integer
2884 Number of transmitted packets.
2885 statistics : tx_bytes: optional integer
2887 Number of transmitted bytes.
2888 Statistics: Receive errors:
2890 statistics : rx_dropped: optional integer
2892 Number of packets dropped by RX.
2893 statistics : rx_frame_err: optional integer
2895 Number of frame alignment errors.
2896 statistics : rx_over_err: optional integer
2898 Number of packets with RX overrun.
2899 statistics : rx_crc_err: optional integer
2901 Number of CRC errors.
2902 statistics : rx_errors: optional integer
2904 Total number of receive errors, greater than or equal to the sum
2905 of the above.
2906 Statistics: Transmit errors:
2908 statistics : tx_dropped: optional integer
2910 Number of packets dropped by TX.
2911 statistics : collisions: optional integer
2913 Number of collisions.
2914 statistics : tx_errors: optional integer
2916 Total number of transmit errors, greater than or equal to the
2917 sum of the above.
2918 Ingress Policing:
2920 These settings control ingress policing for packets received on this
2922 interface. On a physical interface, this limits the rate at which traf‐
2923 fic is allowed into the system from the outside; on a virtual interface
2924 (one connected to a virtual machine), this limits the rate at which the
2925 VM is able to transmit.
2926 Policing is a simple form of quality-of-service that simply drops pack‐
2928 ets received in excess of the configured rate. Due to its simplicity,
2929 policing is usually less accurate and less effective than egress QoS
2930 (which is configured using the QoS and Queue tables).
2931 Policing is currently implemented on Linux and OVS with DPDK. Both
2933 implementations use a simple ``token bucket’’ approach:
2934 · The size of the bucket corresponds to ingress_polic‐
2936 ing_burst. Initially the bucket is full.
2937 · Whenever a packet is received, its size (converted to
2939 tokens) is compared to the number of tokens currently in
2940 the bucket. If the required number of tokens are avail‐
2941 able, they are removed and the packet is forwarded. Oth‐
2942 erwise, the packet is dropped.
2943 · Whenever it is not full, the bucket is refilled with
2945 tokens at the rate specified by ingress_policing_rate.
2946 Policing interacts badly with some network protocols, and especially
2948 with fragmented IP packets. Suppose that there is enough network activ‐
2949 ity to keep the bucket nearly empty all the time. Then this token
2950 bucket algorithm will forward a single packet every so often, with the
2951 period depending on packet size and on the configured rate. All of the
2952 fragments of an IP packets are normally transmitted back-to-back, as a
2953 group. In such a situation, therefore, only one of these fragments will
2954 be forwarded and the rest will be dropped. IP does not provide any way
2955 for the intended recipient to ask for only the remaining fragments. In
2956 such a case there are two likely possibilities for what will happen
2957 next: either all of the fragments will eventually be retransmitted (as
2958 TCP will do), in which case the same problem will recur, or the sender
2959 will not realize that its packet has been dropped and data will simply
2960 be lost (as some UDP-based protocols will do). Either way, it is possi‐
2961 ble that no forward progress will ever occur.
2962 ingress_policing_rate: integer, at least 0
2964 Maximum rate for data received on this interface, in kbps. Data
2965 received faster than this rate is dropped. Set to 0 (the
2966 default) to disable policing.
2967 ingress_policing_burst: integer, at least 0
2969 Maximum burst size for data received on this interface, in kb.
2970 The default burst size if set to 0 is 8000 kbit. This value has
2971 no effect if ingress_policing_rate is 0.
2972 Specifying a larger burst size lets the algorithm be more for‐
2974 giving, which is important for protocols like TCP that react se‐
2975 verely to dropped packets. The burst size should be at least the
2976 size of the interface’s MTU. Specifying a value that is numeri‐
2977 cally at least as large as 80% of ingress_policing_rate helps
2978 TCP come closer to achieving the full rate.
2979 Bidirectional Forwarding Detection (BFD):
2981 BFD, defined in RFC 5880 and RFC 5881, allows point-to-point detection
2983 of connectivity failures by occasional transmission of BFD control mes‐
2984 sages. Open vSwitch implements BFD to serve as a more popular and stan‐
2985 dards compliant alternative to CFM.
2986 BFD operates by regularly transmitting BFD control messages at a rate
2988 negotiated independently in each direction. Each endpoint specifies the
2989 rate at which it expects to receive control messages, and the rate at
2990 which it is willing to transmit them. By default, Open vSwitch uses a
2991 detection multiplier of three, meaning that an endpoint signals a con‐
2992 nectivity fault if three consecutive BFD control messages fail to
2993 arrive. In the case of a unidirectional connectivity issue, the system
2994 not receiving BFD control messages signals the problem to its peer in
2995 the messages it transmits.
2996 The Open vSwitch implementation of BFD aims to comply faithfully with
2998 RFC 5880 requirements. Open vSwitch does not implement the optional
2999 Authentication or ``Echo Mode’’ features.
3000 BFD Configuration:
3002 A controller sets up key-value pairs in the bfd column to enable and
3004 configure BFD.
3005 bfd : enable: optional string, either true or false
3007 True to enable BFD on this Interface. If not specified, BFD will
3008 not be enabled by default.
3009 bfd : min_rx: optional string, containing an integer, at least 1
3011 The shortest interval, in milliseconds, at which this BFD ses‐
3012 sion offers to receive BFD control messages. The remote endpoint
3013 may choose to send messages at a slower rate. Defaults to 1000.
3014 bfd : min_tx: optional string, containing an integer, at least 1
3016 The shortest interval, in milliseconds, at which this BFD ses‐
3017 sion is willing to transmit BFD control messages. Messages will
3018 actually be transmitted at a slower rate if the remote endpoint
3019 is not willing to receive as quickly as specified. Defaults to
3020 100.
3021 bfd : decay_min_rx: optional string, containing an integer
3023 An alternate receive interval, in milliseconds, that must be
3024 greater than or equal to bfd:min_rx. The implementation switches
3025 from bfd:min_rx to bfd:decay_min_rx when there is no obvious
3026 incoming data traffic at the interface, to reduce the CPU and
3027 bandwidth cost of monitoring an idle interface. This feature may
3028 be disabled by setting a value of 0. This feature is reset when‐
3029 ever bfd:decay_min_rx or bfd:min_rx changes.
3030 bfd : forwarding_if_rx: optional string, either true or false
3032 When true, traffic received on the Interface is used to indicate
3033 the capability of packet I/O. BFD control packets are still
3034 transmitted and received. At least one BFD control packet must
3035 be received every 100 * bfd:min_rx amount of time. Otherwise,
3036 even if traffic are received, the bfd:forwarding will be false.
3037 bfd : cpath_down: optional string, either true or false
3039 Set to true to notify the remote endpoint that traffic should
3040 not be forwarded to this system for some reason other than a
3041 connectivty failure on the interface being monitored. The typi‐
3042 cal underlying reason is ``concatenated path down,’’ that is,
3043 that connectivity beyond the local system is down. Defaults to
3044 false.
3045 bfd : check_tnl_key: optional string, either true or false
3047 Set to true to make BFD accept only control messages with a tun‐
3048 nel key of zero. By default, BFD accepts control messages with
3049 any tunnel key.
3050 bfd : bfd_local_src_mac: optional string
3052 Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3053 the MAC used as source for transmitted BFD packets. The default
3054 is the mac address of the BFD enabled interface.
3055 bfd : bfd_local_dst_mac: optional string
3057 Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3058 the MAC used as destination for transmitted BFD packets. The
3059 default is 00:23:20:00:00:01.
3060 bfd : bfd_remote_dst_mac: optional string
3062 Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3063 the MAC used for checking the destination of received BFD pack‐
3064 ets. Packets with different destination MAC will not be consid‐
3065 ered as BFD packets. If not specified the destination MAC
3066 address of received BFD packets are not checked.
3067 bfd : bfd_src_ip: optional string
3069 Set to an IPv4 address to set the IP address used as source for
3070 transmitted BFD packets. The default is 169.254.1.1.
3071 bfd : bfd_dst_ip: optional string
3073 Set to an IPv4 address to set the IP address used as destination
3074 for transmitted BFD packets. The default is 169.254.1.0.
3075 bfd : oam: optional string
3077 Some tunnel protocols (such as Geneve) include a bit in the
3078 header to indicate that the encapsulated packet is an OAM frame.
3079 By setting this to true, BFD packets will be marked as OAM if
3080 encapsulated in one of these tunnels.
3081 bfd : mult: optional string, containing an integer, in range 1 to 255
3083 The BFD detection multiplier, which defaults to 3. An endpoint
3084 signals a connectivity fault if the given number of consecutive
3085 BFD control messages fail to arrive.
3086 BFD Status:
3088 The switch sets key-value pairs in the bfd_status column to report the
3090 status of BFD on this interface. When BFD is not enabled, with
3091 bfd:enable, the switch clears all key-value pairs from bfd_status.
3092 bfd_status : state: optional string, one of admin_down, down, init, or
3094 up
3095 Reports the state of the BFD session. The BFD session is fully
3096 healthy and negotiated if UP.
3097 bfd_status : forwarding: optional string, either true or false
3099 Reports whether the BFD session believes this Interface may be
3100 used to forward traffic. Typically this means the local session
3101 is signaling UP, and the remote system isn’t signaling a problem
3102 such as concatenated path down.
3103 bfd_status : diagnostic: optional string
3105 A diagnostic code specifying the local system’s reason for the
3106 last change in session state. The error messages are defined in
3107 section 4.1 of [RFC 5880].
3108 bfd_status : remote_state: optional string, one of admin_down, down,
3110 init, or up
3111 Reports the state of the remote endpoint’s BFD session.
3112 bfd_status : remote_diagnostic: optional string
3114 A diagnostic code specifying the remote system’s reason for the
3115 last change in session state. The error messages are defined in
3116 section 4.1 of [RFC 5880].
3117 bfd_status : flap_count: optional string, containing an integer, at
3119 least 0
3120 Counts the number of bfd_status:forwarding flaps since start. A
3121 flap is considered as a change of the bfd_status:forwarding
3122 value.
3123 Connectivity Fault Management:
3125 802.1ag Connectivity Fault Management (CFM) allows a group of Mainte‐
3127 nance Points (MPs) called a Maintenance Association (MA) to detect con‐
3128 nectivity problems with each other. MPs within a MA should have com‐
3129 plete and exclusive interconnectivity. This is verified by occasionally
3130 broadcasting Continuity Check Messages (CCMs) at a configurable trans‐
3131 mission interval.
3132 According to the 802.1ag specification, each Maintenance Point should
3134 be configured out-of-band with a list of Remote Maintenance Points it
3135 should have connectivity to. Open vSwitch differs from the specifica‐
3136 tion in this area. It simply assumes the link is faulted if no Remote
3137 Maintenance Points are reachable, and considers it not faulted other‐
3138 wise.
3139 When operating over tunnels which have no in_key, or an in_key of flow.
3141 CFM will only accept CCMs with a tunnel key of zero.
3142 cfm_mpid: optional integer
3144 A Maintenance Point ID (MPID) uniquely identifies each endpoint
3145 within a Maintenance Association. The MPID is used to identify
3146 this endpoint to other Maintenance Points in the MA. Each end of
3147 a link being monitored should have a different MPID. Must be
3148 configured to enable CFM on this Interface.
3149 According to the 802.1ag specification, MPIDs can only range
3151 between [1, 8191]. However, extended mode (see other_con‐
3152 fig:cfm_extended) supports eight byte MPIDs.
3153 cfm_flap_count: optional integer
3155 Counts the number of cfm fault flapps since boot. A flap is con‐
3156 sidered to be a change of the cfm_fault value.
3157 cfm_fault: optional boolean
3159 Indicates a connectivity fault triggered by an inability to
3160 receive heartbeats from any remote endpoint. When a fault is
3161 triggered on Interfaces participating in bonds, they will be
3162 disabled.
3163 Faults can be triggered for several reasons. Most importantly
3165 they are triggered when no CCMs are received for a period of 3.5
3166 times the transmission interval. Faults are also triggered when
3167 any CCMs indicate that a Remote Maintenance Point is not receiv‐
3168 ing CCMs but able to send them. Finally, a fault is triggered if
3169 a CCM is received which indicates unexpected configuration.
3170 Notably, this case arises when a CCM is received which adver‐
3171 tises the local MPID.
3172 cfm_fault_status : recv: none
3174 Indicates a CFM fault was triggered due to a lack of CCMs
3175 received on the Interface.
3176 cfm_fault_status : rdi: none
3178 Indicates a CFM fault was triggered due to the reception of a
3179 CCM with the RDI bit flagged. Endpoints set the RDI bit in their
3180 CCMs when they are not receiving CCMs themselves. This typically
3181 indicates a unidirectional connectivity failure.
3182 cfm_fault_status : maid: none
3184 Indicates a CFM fault was triggered due to the reception of a
3185 CCM with a MAID other than the one Open vSwitch uses. CFM broad‐
3186 casts are tagged with an identification number in addition to
3187 the MPID called the MAID. Open vSwitch only supports receiving
3188 CCM broadcasts tagged with the MAID it uses internally.
3189 cfm_fault_status : loopback: none
3191 Indicates a CFM fault was triggered due to the reception of a
3192 CCM advertising the same MPID configured in the cfm_mpid column
3193 of this Interface. This may indicate a loop in the network.
3194 cfm_fault_status : overflow: none
3196 Indicates a CFM fault was triggered because the CFM module
3197 received CCMs from more remote endpoints than it can keep track
3198 of.
3199 cfm_fault_status : override: none
3201 Indicates a CFM fault was manually triggered by an administrator
3202 using an ovs-appctl command.
3203 cfm_fault_status : interval: none
3205 Indicates a CFM fault was triggered due to the reception of a
3206 CCM frame having an invalid interval.
3207 cfm_remote_opstate: optional string, either down or up
3209 When in extended mode, indicates the operational state of the
3210 remote endpoint as either up or down. See other_con‐
3211 fig:cfm_opstate.
3212 cfm_health: optional integer, in range 0 to 100
3214 Indicates the health of the interface as a percentage of CCM
3215 frames received over 21 other_config:cfm_intervals. The health
3216 of an interface is undefined if it is communicating with more
3217 than one cfm_remote_mpids. It reduces if healthy heartbeats are
3218 not received at the expected rate, and gradually improves as
3219 healthy heartbeats are received at the desired rate. Every 21
3220 other_config:cfm_intervals, the health of the interface is
3221 refreshed.
3222 As mentioned above, the faults can be triggered for several rea‐
3224 sons. The link health will deteriorate even if heartbeats are
3225 received but they are reported to be unhealthy. An unhealthy
3226 heartbeat in this context is a heartbeat for which either some
3227 fault is set or is out of sequence. The interface health can be
3228 100 only on receiving healthy heartbeats at the desired rate.
3229 cfm_remote_mpids: set of integers
3231 When CFM is properly configured, Open vSwitch will occasionally
3232 receive CCM broadcasts. These broadcasts contain the MPID of the
3233 sending Maintenance Point. The list of MPIDs from which this
3234 Interface is receiving broadcasts from is regularly collected
3235 and written to this column.
3236 other_config : cfm_interval: optional string, containing an integer
3238 The interval, in milliseconds, between transmissions of CFM
3239 heartbeats. Three missed heartbeat receptions indicate a connec‐
3240 tivity fault.
3241 In standard operation only intervals of 3, 10, 100, 1,000,
3243 10,000, 60,000, or 600,000 ms are supported. Other values will
3244 be rounded down to the nearest value on the list. Extended mode
3245 (see other_config:cfm_extended) supports any interval up to
3246 65,535 ms. In either mode, the default is 1000 ms.
3247 We do not recommend using intervals less than 100 ms.
3249 other_config : cfm_extended: optional string, either true or false
3251 When true, the CFM module operates in extended mode. This causes
3252 it to use a nonstandard destination address to avoid conflicting
3253 with compliant implementations which may be running concurrently
3254 on the network. Furthermore, extended mode increases the accu‐
3255 racy of the cfm_interval configuration parameter by breaking
3256 wire compatibility with 802.1ag compliant implementations. And
3257 extended mode allows eight byte MPIDs. Defaults to false.
3258 other_config : cfm_demand: optional string, either true or false
3260 When true, and other_config:cfm_extended is true, the CFM module
3261 operates in demand mode. When in demand mode, traffic received
3262 on the Interface is used to indicate liveness. CCMs are still
3263 transmitted and received. At least one CCM must be received
3264 every 100 * other_config:cfm_interval amount of time. Otherwise,
3265 even if traffic are received, the CFM module will raise the con‐
3266 nectivity fault.
3267 Demand mode has a couple of caveats:
3269 · To ensure that ovs-vswitchd has enough time to pull sta‐
3271 tistics from the datapath, the fault detection interval
3272 is set to 3.5 * MAX(other_config:cfm_interval, 500) ms.
3273 · To avoid ambiguity, demand mode disables itself when
3275 there are multiple remote maintenance points.
3276 · If the Interface is heavily congested, CCMs containing
3278 the other_config:cfm_opstate status may be dropped caus‐
3279 ing changes in the operational state to be delayed. Simi‐
3280 larly, if CCMs containing the RDI bit are not received,
3281 unidirectional link failures may not be detected.
3282 other_config : cfm_opstate: optional string, either down or up
3284 When down, the CFM module marks all CCMs it generates as opera‐
3285 tionally down without triggering a fault. This allows remote
3286 maintenance points to choose not to forward traffic to the
3287 Interface on which this CFM module is running. Currently, in
3288 Open vSwitch, the opdown bit of CCMs affects Interfaces partici‐
3289 pating in bonds, and the bundle OpenFlow action. This setting is
3290 ignored when CFM is not in extended mode. Defaults to up.
3291 other_config : cfm_ccm_vlan: optional string, containing an integer, in
3293 range 1 to 4,095
3294 When set, the CFM module will apply a VLAN tag to all CCMs it
3295 generates with the given value. May be the string random in
3296 which case each CCM will be tagged with a different randomly
3297 generated VLAN.
3298 other_config : cfm_ccm_pcp: optional string, containing an integer, in
3300 range 1 to 7
3301 When set, the CFM module will apply a VLAN tag to all CCMs it
3302 generates with the given PCP value, the VLAN ID of the tag is
3303 governed by the value of other_config:cfm_ccm_vlan. If
3304 other_config:cfm_ccm_vlan is unset, a VLAN ID of zero is used.
3305 Bonding Configuration:
3307 other_config : lacp-port-id: optional string, containing an integer, in
3309 range 1 to 65,535
3310 The LACP port ID of this Interface. Port IDs are used in LACP
3311 negotiations to identify individual ports participating in a
3312 bond.
3313 other_config : lacp-port-priority: optional string, containing an inte‐
3315 ger, in range 1 to 65,535
3316 The LACP port priority of this Interface. In LACP negotiations
3317 Interfaces with numerically lower priorities are preferred for
3318 aggregation.
3319 other_config : lacp-aggregation-key: optional string, containing an
3321 integer, in range 1 to 65,535
3322 The LACP aggregation key of this Interface. Interfaces with dif‐
3323 ferent aggregation keys may not be active within a given Port at
3324 the same time.
3325 Virtual Machine Identifiers:
3327 These key-value pairs specifically apply to an interface that repre‐
3329 sents a virtual Ethernet interface connected to a virtual machine.
3330 These key-value pairs should not be present for other types of inter‐
3331 faces. Keys whose names end in -uuid have values that uniquely identify
3332 the entity in question. For a Citrix XenServer hypervisor, these values
3333 are UUIDs in RFC 4122 format. Other hypervisors may use other formats.
3334 external_ids : attached-mac: optional string
3336 The MAC address programmed into the ``virtual hardware’’ for
3337 this interface, in the form xx:xx:xx:xx:xx:xx. For Citrix
3338 XenServer, this is the value of the MAC field in the VIF record
3339 for this interface.
3340 external_ids : iface-id: optional string
3342 A system-unique identifier for the interface. On XenServer, this
3343 will commonly be the same as external_ids:xs-vif-uuid.
3344 external_ids : iface-status: optional string, either active or inactive
3346 Hypervisors may sometimes have more than one interface associ‐
3347 ated with a given external_ids:iface-id, only one of which is
3348 actually in use at a given time. For example, in some circum‐
3349 stances XenServer has both a ``tap’’ and a ``vif’’ interface for
3350 a single external_ids:iface-id, but only uses one of them at a
3351 time. A hypervisor that behaves this way must mark the currently
3352 in use interface active and the others inactive. A hypervisor
3353 that never has more than one interface for a given exter‐
3354 nal_ids:iface-id may mark that interface active or omit exter‐
3355 nal_ids:iface-status entirely.
3356 During VM migration, a given external_ids:iface-id might tran‐
3358 siently be marked active on two different hypervisors. That is,
3359 active means that this external_ids:iface-id is the active
3360 instance within a single hypervisor, not in a broader scope.
3361 There is one exception: some hypervisors support ``migration’’
3362 from a given hypervisor to itself (most often for test pur‐
3363 poses). During such a ``migration,’’ two instances of a single
3364 external_ids:iface-id might both be briefly marked active on a
3365 single hypervisor.
3366 external_ids : xs-vif-uuid: optional string
3368 The virtual interface associated with this interface.
3369 external_ids : xs-network-uuid: optional string
3371 The virtual network to which this interface is attached.
3372 external_ids : vm-id: optional string
3374 The VM to which this interface belongs. On XenServer, this will
3375 be the same as external_ids:xs-vm-uuid.
3376 external_ids : xs-vm-uuid: optional string
3378 The VM to which this interface belongs.
3379 Auto Attach Configuration:
3381 Auto Attach configuration for a particular interface.
3383 lldp : enable: optional string, either true or false
3385 True to enable LLDP on this Interface. If not specified, LLDP
3386 will be disabled by default.
3387 Flow control Configuration:
3389 Ethernet flow control defined in IEEE 802.1Qbb provides link level flow
3391 control using MAC pause frames. Implemented only for interfaces with
3392 type dpdk.
3393 options : rx-flow-ctrl: optional string, either true or false
3395 Set to true to enable Rx flow control on physical ports. By
3396 default, Rx flow control is disabled.
3397 options : tx-flow-ctrl: optional string, either true or false
3399 Set to true to enable Tx flow control on physical ports. By
3400 default, Tx flow control is disabled.
3401 options : flow-ctrl-autoneg: optional string, either true or false
3403 Set to true to enable flow control auto negotiation on physical
3404 ports. By default, auto-neg is disabled.
3405 Link State Change detection mode:
3407 options : dpdk-lsc-interrupt: optional string, either true or false
3409 Set this value to true to configure interrupt mode for Link
3410 State Change (LSC) detection instead of poll mode for the DPDK
3411 interface.
3412 If this value is not set, poll mode is configured.
3414 This parameter has an effect only on netdev dpdk interfaces.
3416 Common Columns:
3418 The overall purpose of these columns is described under Common Columns
3420 at the beginning of this document.
3421 other_config: map of string-string pairs
3423 external_ids: map of string-string pairs
3425
3427 Configuration for a particular OpenFlow table.
3428 Summary:
3430 name optional string
3431 Eviction Policy:
3432 flow_limit optional integer, at least 0
3433 overflow_policy optional string, either evict or refuse
3434 groups set of strings
3435 Classifier Optimization:
3436 prefixes set of up to 3 strings
3437 Common Columns:
3438 external_ids map of string-string pairs
3439 Details:
3441 name: optional string
3442 The table’s name. Set this column to change the name that con‐
3443 trollers will receive when they request table statistics, e.g.
3444 ovs-ofctl dump-tables. The name does not affect switch behavior.
3445 Eviction Policy:
3447 Open vSwitch supports limiting the number of flows that may be
3449 installed in a flow table, via the flow_limit column. When adding a
3450 flow would exceed this limit, by default Open vSwitch reports an error,
3451 but there are two ways to configure Open vSwitch to instead delete
3452 (``evict’’) a flow to make room for the new one:
3453 · Set the overflow_policy column to evict.
3455 · Send an OpenFlow 1.4+ ``table mod request’’ to enable
3457 eviction for the flow table (e.g. ovs-ofctl -O OpenFlow14
3458 mod-table br0 0 evict to enable eviction on flow table 0
3459 of bridge br0).
3460 When a flow must be evicted due to overflow, the flow to evict is cho‐
3462 sen through an approximation of the following algorithm. This algorithm
3463 is used regardless of how eviction was enabled:
3464 1.
3466 Divide the flows in the table into groups based on the values
3467 of the fields or subfields specified in the groups column, so
3468 that all of the flows in a given group have the same values
3469 for those fields. If a flow does not specify a given field,
3470 that field’s value is treated as 0. If groups is empty, then
3471 all of the flows in the flow table are treated as a single
3472 group.
3473 2.
3475 Consider the flows in the largest group, that is, the group
3476 that contains the greatest number of flows. If two or more
3477 groups all have the same largest number of flows, consider the
3478 flows in all of those groups.
3479 3.
3481 If the flows under consideration have different importance
3482 values, eliminate from consideration any flows except those
3483 with the lowest importance. (``Importance,’’ a 16-bit integer
3484 value attached to each flow, was introduced in OpenFlow 1.4.
3485 Flows inserted with older versions of OpenFlow always have an
3486 importance of 0.)
3487 4.
3489 Among the flows under consideration, choose the flow that
3490 expires soonest for eviction.
3491 The eviction process only considers flows that have an idle timeout or
3493 a hard timeout. That is, eviction never deletes permanent flows. (Per‐
3494 manent flows do count against flow_limit.)
3495 flow_limit: optional integer, at least 0
3497 If set, limits the number of flows that may be added to the ta‐
3498 ble. Open vSwitch may limit the number of flows in a table for
3499 other reasons, e.g. due to hardware limitations or for resource
3500 availability or performance reasons.
3501 overflow_policy: optional string, either evict or refuse
3503 Controls the switch’s behavior when an OpenFlow flow table modi‐
3504 fication request would add flows in excess of flow_limit. The
3505 supported values are:
3506 refuse Refuse to add the flow or flows. This is also the default
3508 policy when overflow_policy is unset.
3509 evict Delete a flow chosen according to the algorithm described
3511 above.
3512 groups: set of strings
3514 When overflow_policy is evict, this controls how flows are cho‐
3515 sen for eviction when the flow table would otherwise exceed
3516 flow_limit flows. Its value is a set of NXM fields or sub-
3517 fields, each of which takes one of the forms field[] or
3518 field[start..end], e.g. NXM_OF_IN_PORT[]. Please see meta-flow.h
3519 for a complete list of NXM field names.
3520 Open vSwitch ignores any invalid or unknown field specifica‐
3522 tions.
3523 When eviction is not enabled, via overflow_policy or an OpenFlow
3525 1.4+ ``table mod,’’ this column has no effect.
3526 Classifier Optimization:
3528 prefixes: set of up to 3 strings
3530 This string set specifies which fields should be used for
3531 address prefix tracking. Prefix tracking allows the classifier
3532 to skip rules with longer than necessary prefixes, resulting in
3533 better wildcarding for datapath flows.
3534 Prefix tracking may be beneficial when a flow table contains
3536 matches on IP address fields with different prefix lengths. For
3537 example, when a flow table contains IP address matches on both
3538 full addresses and proper prefixes, the full address matches
3539 will typically cause the datapath flow to un-wildcard the whole
3540 address field (depending on flow entry priorities). In this case
3541 each packet with a different address gets handed to the
3542 userspace for flow processing and generates its own datapath
3543 flow. With prefix tracking enabled for the address field in
3544 question packets with addresses matching shorter prefixes would
3545 generate datapath flows where the irrelevant address bits are
3546 wildcarded, allowing the same datapath flow to handle all the
3547 packets within the prefix in question. In this case many
3548 userspace upcalls can be avoided and the overall performance can
3549 be better.
3550 This is a performance optimization only, so packets will receive
3552 the same treatment with or without prefix tracking.
3553 The supported fields are: tun_id, tun_src, tun_dst,
3555 tun_ipv6_src, tun_ipv6_dst, nw_src, nw_dst (or aliases ip_src
3556 and ip_dst), ipv6_src, and ipv6_dst. (Using this feature for
3557 tun_id would only make sense if the tunnel IDs have prefix
3558 structure similar to IP addresses.)
3559 By default, the prefixes=ip_dst,ip_src are used on each flow ta‐
3561 ble. This instructs the flow classifier to track the IP destina‐
3562 tion and source addresses used by the rules in this specific
3563 flow table.
3564 The keyword none is recognized as an explicit override of the
3566 default values, causing no prefix fields to be tracked.
3567 To set the prefix fields, the flow table record needs to exist:
3569 ovs-vsctl set Bridge br0 flow_tables:0=@N1 -- --id=@N1 create
3571 Flow_Table name=table0
3572 Creates a flow table record for the OpenFlow table number
3573 0.
3574 ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
3576 Enables prefix tracking for IP source and destination
3577 address fields.
3578 There is a maximum number of fields that can be enabled for any
3580 one flow table. Currently this limit is 3.
3581 Common Columns:
3583 The overall purpose of these columns is described under Common Columns
3585 at the beginning of this document.
3586 external_ids: map of string-string pairs
3588
3590 Quality of Service (QoS) configuration for each Port that references
3591 it.
3592 Summary:
3594 type string
3595 queues map of integer-Queue pairs, key in range
3596 0 to 4,294,967,295
3597 Configuration for linux-htb and linux-hfsc:
3598 other_config : max-rate optional string, containing an integer
3599 Configuration for egress-policer QoS:
3600 other_config : cir optional string, containing an integer
3601 other_config : cbs optional string, containing an integer
3602 Configuration for linux-sfq:
3603 other_config : perturb optional string, containing an integer
3604 other_config : quantum optional string, containing an integer
3605 Common Columns:
3606 other_config map of string-string pairs
3607 external_ids map of string-string pairs
3608 Details:
3610 type: string
3611 The type of QoS to implement. The currently defined types are
3612 listed below:
3613 linux-htb
3615 Linux ``hierarchy token bucket’’ classifier. See tc-
3616 htb(8) (also at http://linux.die.net/man/8/tc-htb) and
3617 the HTB manual (http://luxik.cdi.cz/~devik/qos/htb/man‐
3618 ual/userg.htm) for information on how this classifier
3619 works and how to configure it.
3620 linux-hfsc
3622 Linux "Hierarchical Fair Service Curve" classifier. See
3623 http://linux-ip.net/articles/hfsc.en/ for information on
3624 how this classifier works.
3625 linux-sfq
3627 Linux ``Stochastic Fairness Queueing’’ classifier. See
3628 tc-sfq(8) (also at http://linux.die.net/man/8/tc-sfq) for
3629 information on how this classifier works.
3630 linux-codel
3632 Linux ``Controlled Delay’’ classifier. See tc-codel(8)
3633 (also at
3634 http://man7.org/linux/man-pages/man8/tc-codel.8.html) for
3635 information on how this classifier works.
3636 linux-fq_codel
3638 Linux ``Fair Queuing with Controlled Delay’’ classifier.
3639 See tc-fq_codel(8) (also at
3640 http://man7.org/linux/man-pages/man8/tc-fq_codel.8.html)
3641 for information on how this classifier works.
3642 linux-noop
3644 Linux ``No operation.’’ By default, Open vSwitch manages
3645 quality of service on all of its configured ports. This
3646 can be helpful, but sometimes administrators prefer to
3647 use other software to manage QoS. This type prevents Open
3648 vSwitch from changing the QoS configuration for a port.
3649 egress-policer
3651 A DPDK egress policer algorithm using the DPDK rte_meter
3652 library. The rte_meter library provides an implementation
3653 which allows the metering and policing of traffic. The
3654 implementation in OVS essentially creates a single token
3655 bucket used to police traffic. It should be noted that
3656 when the rte_meter is configured as part of QoS there
3657 will be a performance overhead as the rte_meter itself
3658 will consume CPU cycles in order to police traffic. These
3659 CPU cycles ordinarily are used for packet proccessing. As
3660 such the drop in performance will be noticed in terms of
3661 overall aggregate traffic throughput.
3662 queues: map of integer-Queue pairs, key in range 0 to 4,294,967,295
3664 A map from queue numbers to Queue records. The supported range
3665 of queue numbers depend on type. The queue numbers are the same
3666 as the queue_id used in OpenFlow in struct ofp_action_enqueue
3667 and other structures.
3668 Queue 0 is the ``default queue.’’ It is used by OpenFlow output
3670 actions when no specific queue has been set. When no configura‐
3671 tion for queue 0 is present, it is automatically configured as
3672 if a Queue record with empty dscp and other_config columns had
3673 been specified. (Before version 1.6, Open vSwitch would leave
3674 queue 0 unconfigured in this case. With some queuing disci‐
3675 plines, this dropped all packets destined for the default
3676 queue.)
3677 Configuration for linux-htb and linux-hfsc:
3679 The linux-htb and linux-hfsc classes support the following key-value
3681 pair:
3682 other_config : max-rate: optional string, containing an integer
3684 Maximum rate shared by all queued traffic, in bit/s. Optional.
3685 If not specified, for physical interfaces, the default is the
3686 link rate. For other interfaces or if the link rate cannot be
3687 determined, the default is currently 100 Mbps.
3688 Configuration for egress-policer QoS:
3690 QoS type egress-policer provides egress policing for userspace port
3692 types with DPDK. It has the following key-value pairs defined.
3693 other_config : cir: optional string, containing an integer
3695 The Committed Information Rate (CIR) is measured in bytes of IP
3696 packets per second, i.e. it includes the IP header, but not link
3697 specific (e.g. Ethernet) headers. This represents the bytes per
3698 second rate at which the token bucket will be updated. The cir
3699 value is calculated by (pps x packet data size). For example
3700 assuming a user wishes to limit a stream consisting of 64 byte
3701 packets to 1 million packets per second the CIR would be set to
3702 to to 46000000. This value can be broken into ’1,000,000 x 46’.
3703 Where 1,000,000 is the policing rate for the number of packets
3704 per second and 46 represents the size of the packet data for a
3705 64 byte ip packet.
3706 other_config : cbs: optional string, containing an integer
3708 The Committed Burst Size (CBS) is measured in bytes and repre‐
3709 sents a token bucket. At a minimum this value should be be set
3710 to the expected largest size packet in the traffic stream. In
3711 practice larger values may be used to increase the size of the
3712 token bucket. If a packet can be transmitted then the cbs will
3713 be decremented by the number of bytes/tokens of the packet. If
3714 there are not enough tokens in the cbs bucket the packet will be
3715 dropped.
3716 Configuration for linux-sfq:
3718 The linux-sfq QoS supports the following key-value pairs:
3720 other_config : perturb: optional string, containing an integer
3722 Number of seconds between consecutive perturbations in hashing
3723 algorithm. Different flows can end up in the same hash bucket
3724 causing unfairness. Perturbation’s goal is to remove possible
3725 unfairness. The default and recommended value is 10. Too low a
3726 value is discouraged because each perturbation can cause packet
3727 reordering.
3728 other_config : quantum: optional string, containing an integer
3730 Number of bytes linux-sfq QoS can dequeue in one turn in round-
3731 robin from one flow. The default and recommended value is equal
3732 to interface’s MTU.
3733 Common Columns:
3735 The overall purpose of these columns is described under Common Columns
3737 at the beginning of this document.
3738 other_config: map of string-string pairs
3740 external_ids: map of string-string pairs
3742
3744 A configuration for a port output queue, used in configuring Quality of
3745 Service (QoS) features. May be referenced by queues column in QoS ta‐
3746 ble.
3747 Summary:
3749 dscp optional integer, in range 0 to 63
3750 Configuration for linux-htb QoS:
3751 other_config : min-rate optional string, containing an integer,
3752 at least 1
3753 other_config : max-rate optional string, containing an integer,
3754 at least 1
3755 other_config : burst optional string, containing an integer,
3756 at least 1
3757 other_config : priority optional string, containing an integer,
3758 in range 0 to 4,294,967,295
3759 Configuration for linux-hfsc QoS:
3760 other_config : min-rate optional string, containing an integer,
3761 at least 1
3762 other_config : max-rate optional string, containing an integer,
3763 at least 1
3764 Common Columns:
3765 other_config map of string-string pairs
3766 external_ids map of string-string pairs
3767 Details:
3769 dscp: optional integer, in range 0 to 63
3770 If set, Open vSwitch will mark all traffic egressing this Queue
3771 with the given DSCP bits. Traffic egressing the default Queue is
3772 only marked if it was explicitly selected as the Queue at the
3773 time the packet was output. If unset, the DSCP bits of traffic
3774 egressing this Queue will remain unchanged.
3775 Configuration for linux-htb QoS:
3777 QoS type linux-htb may use queue_ids less than 61440. It has the fol‐
3779 lowing key-value pairs defined.
3780 other_config : min-rate: optional string, containing an integer, at
3782 least 1
3783 Minimum guaranteed bandwidth, in bit/s.
3784 other_config : max-rate: optional string, containing an integer, at
3786 least 1
3787 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
3788 queue’s rate will not be allowed to exceed the specified value,
3789 even if excess bandwidth is available. If unspecified, defaults
3790 to no limit.
3791 other_config : burst: optional string, containing an integer, at least
3793 1
3794 Burst size, in bits. This is the maximum amount of ``credits’’
3795 that a queue can accumulate while it is idle. Optional. Details
3796 of the linux-htb implementation require a minimum burst size, so
3797 a too-small burst will be silently ignored.
3798 other_config : priority: optional string, containing an integer, in
3800 range 0 to 4,294,967,295
3801 A queue with a smaller priority will receive all the excess
3802 bandwidth that it can use before a queue with a larger value
3803 receives any. Specific priority values are unimportant; only
3804 relative ordering matters. Defaults to 0 if unspecified.
3805 Configuration for linux-hfsc QoS:
3807 QoS type linux-hfsc may use queue_ids less than 61440. It has the fol‐
3809 lowing key-value pairs defined.
3810 other_config : min-rate: optional string, containing an integer, at
3812 least 1
3813 Minimum guaranteed bandwidth, in bit/s.
3814 other_config : max-rate: optional string, containing an integer, at
3816 least 1
3817 Maximum allowed bandwidth, in bit/s. Optional. If specified, the
3818 queue’s rate will not be allowed to exceed the specified value,
3819 even if excess bandwidth is available. If unspecified, defaults
3820 to no limit.
3821 Common Columns:
3823 The overall purpose of these columns is described under Common Columns
3825 at the beginning of this document.
3826 other_config: map of string-string pairs
3828 external_ids: map of string-string pairs
3830
3832 A port mirror within a Bridge.
3833 A port mirror configures a bridge to send selected frames to special
3835 ``mirrored’’ ports, in addition to their normal destinations. Mirroring
3836 traffic may also be referred to as SPAN or RSPAN, depending on how the
3837 mirrored traffic is sent.
3838 When a packet enters an Open vSwitch bridge, it becomes eligible for
3840 mirroring based on its ingress port and VLAN. As the packet travels
3841 through the flow tables, each time it is output to a port, it becomes
3842 eligible for mirroring based on the egress port and VLAN. In Open
3843 vSwitch 2.5 and later, mirroring occurs just after a packet first
3844 becomes eligible, using the packet as it exists at that point; in Open
3845 vSwitch 2.4 and earlier, mirroring occurs only after a packet has tra‐
3846 versed all the flow tables, using the original packet as it entered the
3847 bridge. This makes a difference only when the flow table modifies the
3848 packet: in Open vSwitch 2.4, the modifications are never visible to
3849 mirrors, whereas in Open vSwitch 2.5 and later modifications made
3850 before the first output that makes it eligible for mirroring to a par‐
3851 ticular destination are visible.
3852 A packet that enters an Open vSwitch bridge is mirrored to a particular
3854 destination only once, even if it is eligible for multiple reasons. For
3855 example, a packet would be mirrored to a particular output_port only
3856 once, even if it is selected for mirroring to that port by
3857 select_dst_port and select_src_port in the same or different Mirror
3858 records.
3859 Summary:
3861 name string
3862 Selecting Packets for Mirroring:
3863 select_all boolean
3864 select_dst_port set of weak reference to Ports
3865 select_src_port set of weak reference to Ports
3866 select_vlan set of up to 4,096 integers, in range 0
3867 to 4,095
3868 Mirroring Destination Configuration:
3869 output_port optional weak reference to Port
3870 output_vlan optional integer, in range 1 to 4,095
3871 snaplen optional integer, in range 14 to 65,535
3872 Statistics: Mirror counters:
3873 statistics : tx_packets optional integer
3874 statistics : tx_bytes optional integer
3875 Common Columns:
3876 external_ids map of string-string pairs
3877 Details:
3879 name: string
3880 Arbitrary identifier for the Mirror.
3881 Selecting Packets for Mirroring:
3883 To be selected for mirroring, a given packet must enter or leave the
3885 bridge through a selected port and it must also be in one of the
3886 selected VLANs.
3887 select_all: boolean
3889 If true, every packet arriving or departing on any port is
3890 selected for mirroring.
3891 select_dst_port: set of weak reference to Ports
3893 Ports on which departing packets are selected for mirroring.
3894 select_src_port: set of weak reference to Ports
3896 Ports on which arriving packets are selected for mirroring.
3897 select_vlan: set of up to 4,096 integers, in range 0 to 4,095
3899 VLANs on which packets are selected for mirroring. An empty set
3900 selects packets on all VLANs.
3901 Mirroring Destination Configuration:
3903 These columns are mutually exclusive. Exactly one of them must be
3905 nonempty.
3906 output_port: optional weak reference to Port
3908 Output port for selected packets, if nonempty.
3909 Specifying a port for mirror output reserves that port exclu‐
3911 sively for mirroring. No frames other than those selected for
3912 mirroring via this column will be forwarded to the port, and any
3913 frames received on the port will be discarded.
3914 The output port may be any kind of port supported by Open
3916 vSwitch. It may be, for example, a physical port (sometimes
3917 called SPAN) or a GRE tunnel.
3918 output_vlan: optional integer, in range 1 to 4,095
3920 Output VLAN for selected packets, if nonempty.
3921 The frames will be sent out all ports that trunk output_vlan, as
3923 well as any ports with implicit VLAN output_vlan. When a mir‐
3924 rored frame is sent out a trunk port, the frame’s VLAN tag will
3925 be set to output_vlan, replacing any existing tag; when it is
3926 sent out an implicit VLAN port, the frame will not be tagged.
3927 This type of mirroring is sometimes called RSPAN.
3928 See the documentation for other_config:forward-bpdu in the
3930 Interface table for a list of destination MAC addresses which
3931 will not be mirrored to a VLAN to avoid confusing switches that
3932 interpret the protocols that they represent.
3933 Please note: Mirroring to a VLAN can disrupt a network that con‐
3935 tains unmanaged switches. Consider an unmanaged physical switch
3936 with two ports: port 1, connected to an end host, and port 2,
3937 connected to an Open vSwitch configured to mirror received pack‐
3938 ets into VLAN 123 on port 2. Suppose that the end host sends a
3939 packet on port 1 that the physical switch forwards to port 2.
3940 The Open vSwitch forwards this packet to its destination and
3941 then reflects it back on port 2 in VLAN 123. This reflected
3942 packet causes the unmanaged physical switch to replace the MAC
3943 learning table entry, which correctly pointed to port 1, with
3944 one that incorrectly points to port 2. Afterward, the physical
3945 switch will direct packets destined for the end host to the Open
3946 vSwitch on port 2, instead of to the end host on port 1, dis‐
3947 rupting connectivity. If mirroring to a VLAN is desired in this
3948 scenario, then the physical switch must be replaced by one that
3949 learns Ethernet addresses on a per-VLAN basis. In addition,
3950 learning should be disabled on the VLAN containing mirrored
3951 traffic. If this is not done then intermediate switches will
3952 learn the MAC address of each end host from the mirrored traf‐
3953 fic. If packets being sent to that end host are also mirrored,
3954 then they will be dropped since the switch will attempt to send
3955 them out the input port. Disabling learning for the VLAN will
3956 cause the switch to correctly send the packet out all ports con‐
3957 figured for that VLAN. If Open vSwitch is being used as an
3958 intermediate switch, learning can be disabled by adding the mir‐
3959 rored VLAN to flood_vlans in the appropriate Bridge table or
3960 tables.
3961 Mirroring to a GRE tunnel has fewer caveats than mirroring to a
3963 VLAN and should generally be preferred.
3964 snaplen: optional integer, in range 14 to 65,535
3966 Maximum per-packet number of bytes to mirror.
3967 A mirrored packet with size larger than snaplen will be trun‐
3969 cated in datapath to snaplen bytes before sending to the mirror
3970 output port. If omitted, packets are not truncated.
3971 Statistics: Mirror counters:
3973 Key-value pairs that report mirror statistics. The update period is
3975 controlled by other_config:stats-update-interval in the Open_vSwitch
3976 table.
3977 statistics : tx_packets: optional integer
3979 Number of packets transmitted through this mirror.
3980 statistics : tx_bytes: optional integer
3982 Number of bytes transmitted through this mirror.
3983 Common Columns:
3985 The overall purpose of these columns is described under Common Columns
3987 at the beginning of this document.
3988 external_ids: map of string-string pairs
3990
3992 An OpenFlow controller.
3993 Open vSwitch supports two kinds of OpenFlow controllers:
3995 Primary controllers
3997 This is the kind of controller envisioned by the OpenFlow
3998 1.0 specification. Usually, a primary controller imple‐
3999 ments a network policy by taking charge of the switch’s
4000 flow table.
4001 Open vSwitch initiates and maintains persistent connec‐
4003 tions to primary controllers, retrying the connection
4004 each time it fails or drops. The fail_mode column in the
4005 Bridge table applies to primary controllers.
4006 Open vSwitch permits a bridge to have any number of pri‐
4008 mary controllers. When multiple controllers are config‐
4009 ured, Open vSwitch connects to all of them simultane‐
4010 ously. Because OpenFlow 1.0 does not specify how multiple
4011 controllers coordinate in interacting with a single
4012 switch, more than one primary controller should be speci‐
4013 fied only if the controllers are themselves designed to
4014 coordinate with each other. (The Nicira-defined NXT_ROLE
4015 OpenFlow vendor extension may be useful for this.)
4016 Service controllers
4018 These kinds of OpenFlow controller connections are
4019 intended for occasional support and maintenance use, e.g.
4020 with ovs-ofctl. Usually a service controller connects
4021 only briefly to inspect or modify some of a switch’s
4022 state.
4023 Open vSwitch listens for incoming connections from ser‐
4025 vice controllers. The service controllers initiate and,
4026 if necessary, maintain the connections from their end.
4027 The fail_mode column in the Bridge table does not apply
4028 to service controllers.
4029 Open vSwitch supports configuring any number of service
4031 controllers.
4032 The target determines the type of controller.
4034 Summary:
4036 Core Features:
4037 target string
4038 connection_mode optional string, either in-band or
4039 out-of-band
4040 Controller Failure Detection and Handling:
4041 max_backoff optional integer, at least 1,000
4042 inactivity_probe optional integer
4043 Asynchronous Messages:
4044 enable_async_messages optional boolean
4045 Controller Rate Limiting:
4046 controller_rate_limit optional integer, at least 100
4047 controller_burst_limit optional integer, at least 25
4048 Controller Rate Limiting Statistics:
4049 status : packet-in-TYPE-bypassed
4050 optional string, containing an integer,
4051 at least 0
4052 status : packet-in-TYPE-queued
4053 optional string, containing an integer,
4054 at least 0
4055 status : packet-in-TYPE-dropped
4056 optional string, containing an integer,
4057 at least 0
4058 status : packet-in-TYPE-backlog
4059 optional string, containing an integer,
4060 at least 0
4061 Additional In-Band Configuration:
4062 local_ip optional string
4063 local_netmask optional string
4064 local_gateway optional string
4065 Controller Status:
4066 is_connected boolean
4067 role optional string, one of master, other, or
4068 slave
4069 status : last_error optional string
4070 status : state optional string, one of ACTIVE, BACKOFF,
4071 CONNECTING, IDLE, or VOID
4072 status : sec_since_connect optional string, containing an integer,
4073 at least 0
4074 status : sec_since_disconnect
4075 optional string, containing an integer,
4076 at least 1
4077 Connection Parameters:
4078 other_config : dscp optional string, containing an integer
4079 Common Columns:
4080 external_ids map of string-string pairs
4081 other_config map of string-string pairs
4082 Details:
4084 Core Features:
4085 target: string
4087 Connection method for controller.
4088 The following connection methods are currently supported for
4090 primary controllers:
4091 ssl:host[:port]
4093 The specified SSL port on the host at the given host,
4094 which can either be a DNS name (if built with unbound
4095 library) or an IP address. The ssl column in the
4096 Open_vSwitch table must point to a valid SSL configura‐
4097 tion when this form is used.
4098 If port is not specified, it defaults to 6653.
4100 SSL support is an optional feature that is not always
4102 built as part of Open vSwitch.
4103 tcp:host[:port]
4105 The specified TCP port on the host at the given host,
4106 which can either be a DNS name (if built with unbound
4107 library) or an IP address (IPv4 or IPv6). If host is an
4108 IPv6 address, wrap it in square brackets, e.g.
4109 tcp:[::1]:6653.
4110 If port is not specified, it defaults to 6653.
4112 The following connection methods are currently supported for
4114 service controllers:
4115 pssl:[port][:host]
4117 Listens for SSL connections on the specified TCP port. If
4118 host, which can either be a DNS name (if built with
4119 unbound library) or an IP address, is specified, then
4120 connections are restricted to the resolved or specified
4121 local IP address (either IPv4 or IPv6). If host is an
4122 IPv6 address, wrap it in square brackets, e.g.
4123 pssl:6653:[::1].
4124 If port is not specified, it defaults to 6653. If host is
4126 not specified then it listens only on IPv4 (but not IPv6)
4127 addresses. The ssl column in the Open_vSwitch table must
4128 point to a valid SSL configuration when this form is
4129 used.
4130 If port is not specified, it currently to 6653.
4132 SSL support is an optional feature that is not always
4134 built as part of Open vSwitch.
4135 ptcp:[port][:host]
4137 Listens for connections on the specified TCP port. If
4138 host, which can either be a DNS name (if built with
4139 unbound library) or an IP address, is specified, then
4140 connections are restricted to the resolved or specified
4141 local IP address (either IPv4 or IPv6). If host is an
4142 IPv6 address, wrap it in square brackets, e.g.
4143 ptcp:6653:[::1]. If host is not specified then it listens
4144 only on IPv4 addresses.
4145 If port is not specified, it defaults to 6653.
4147 When multiple controllers are configured for a single bridge,
4149 the target values must be unique. Duplicate target values yield
4150 unspecified results.
4151 connection_mode: optional string, either in-band or out-of-band
4153 If it is specified, this setting must be one of the following
4154 strings that describes how Open vSwitch contacts this OpenFlow
4155 controller over the network:
4156 in-band
4158 In this mode, this controller’s OpenFlow traffic travels
4159 over the bridge associated with the controller. With this
4160 setting, Open vSwitch allows traffic to and from the con‐
4161 troller regardless of the contents of the OpenFlow flow
4162 table. (Otherwise, Open vSwitch would never be able to
4163 connect to the controller, because it did not have a flow
4164 to enable it.) This is the most common connection mode
4165 because it is not necessary to maintain two independent
4166 networks.
4167 out-of-band
4169 In this mode, OpenFlow traffic uses a control network
4170 separate from the bridge associated with this controller,
4171 that is, the bridge does not use any of its own network
4172 devices to communicate with the controller. The control
4173 network must be configured separately, before or after
4174 ovs-vswitchd is started.
4175 If not specified, the default is implementation-specific.
4177 Controller Failure Detection and Handling:
4179 max_backoff: optional integer, at least 1,000
4181 Maximum number of milliseconds to wait between connection
4182 attempts. Default is implementation-specific.
4183 inactivity_probe: optional integer
4185 Maximum number of milliseconds of idle time on connection to
4186 controller before sending an inactivity probe message. If Open
4187 vSwitch does not communicate with the controller for the speci‐
4188 fied number of seconds, it will send a probe. If a response is
4189 not received for the same additional amount of time, Open
4190 vSwitch assumes the connection has been broken and attempts to
4191 reconnect. Default is implementation-specific. A value of 0 dis‐
4192 ables inactivity probes.
4193 Asynchronous Messages:
4195 OpenFlow switches send certain messages to controllers spontanenously,
4197 that is, not in response to any request from the controller. These mes‐
4198 sages are called ``asynchronous messages.’’ These columns allow asyn‐
4199 chronous messages to be limited or disabled to ensure the best use of
4200 network resources.
4201 enable_async_messages: optional boolean
4203 The OpenFlow protocol enables asynchronous messages at time of
4204 connection establishment, which means that a controller can
4205 receive asynchronous messages, potentially many of them, even if
4206 it turns them off immediately after connecting. Set this column
4207 to false to change Open vSwitch behavior to disable, by default,
4208 all asynchronous messages. The controller can use the
4209 NXT_SET_ASYNC_CONFIG Nicira extension to OpenFlow to turn on any
4210 messages that it does want to receive, if any.
4211 Controller Rate Limiting:
4213 A switch can forward packets to a controller over the OpenFlow proto‐
4215 col. Forwarding packets this way at too high a rate can overwhelm a
4216 controller, frustrate use of the OpenFlow connection for other pur‐
4217 poses, increase the latency of flow setup, and use an unreasonable
4218 amount of bandwidth. Therefore, Open vSwitch supports limiting the rate
4219 of packet forwarding to a controller.
4220 There are two main reasons in OpenFlow for a packet to be sent to a
4222 controller: either the packet ``misses’’ in the flow table, that is,
4223 there is no matching flow, or a flow table action says to send the
4224 packet to the controller. Open vSwitch limits the rate of each kind of
4225 packet separately at the configured rate. Therefore, the actual rate
4226 that packets are sent to the controller can be up to twice the config‐
4227 ured rate, when packets are sent for both reasons.
4228 This feature is specific to forwarding packets over an OpenFlow connec‐
4230 tion. It is not general-purpose QoS. See the QoS table for quality of
4231 service configuration, and ingress_policing_rate in the Interface table
4232 for ingress policing configuration.
4233 controller_rate_limit: optional integer, at least 100
4235 The maximum rate at which the switch will forward packets to the
4236 OpenFlow controller, in packets per second. If no value is spec‐
4237 ified, rate limiting is disabled.
4238 controller_burst_limit: optional integer, at least 25
4240 When a high rate triggers rate-limiting, Open vSwitch queues
4241 packets to the controller for each port and transmits them to
4242 the controller at the configured rate. This value limits the
4243 number of queued packets. Ports on a bridge share the packet
4244 queue fairly.
4245 This value has no effect unless controller_rate_limit is config‐
4247 ured. The current default when this value is not specified is
4248 one-quarter of controller_rate_limit, meaning that queuing can
4249 delay forwarding a packet to the controller by up to 250 ms.
4250 Controller Rate Limiting Statistics:
4252 These values report the effects of rate limiting. Their values are rel‐
4254 ative to establishment of the most recent OpenFlow connection, or since
4255 rate limiting was enabled, whichever happened more recently. Each con‐
4256 sists of two values, one with TYPE replaced by miss for rate limiting
4257 flow table misses, and the other with TYPE replaced by action for rate
4258 limiting packets sent by OpenFlow actions.
4259 These statistics are reported only when controller rate limiting is
4261 enabled.
4262 status : packet-in-TYPE-bypassed: optional string, containing an inte‐
4264 ger, at least 0
4265 Number of packets sent directly to the controller, without queu‐
4266 ing, because the rate did not exceed the configured maximum.
4267 status : packet-in-TYPE-queued: optional string, containing an integer,
4269 at least 0
4270 Number of packets added to the queue to send later.
4271 status : packet-in-TYPE-dropped: optional string, containing an inte‐
4273 ger, at least 0
4274 Number of packets added to the queue that were later dropped due
4275 to overflow. This value is less than or equal to status:packet-
4276 in-TYPE-queued.
4277 status : packet-in-TYPE-backlog: optional string, containing an inte‐
4279 ger, at least 0
4280 Number of packets currently queued. The other statistics
4281 increase monotonically, but this one fluctuates between 0 and
4282 the controller_burst_limit as conditions change.
4283 Additional In-Band Configuration:
4285 These values are considered only in in-band control mode (see connec‐
4287 tion_mode).
4288 When multiple controllers are configured on a single bridge, there
4290 should be only one set of unique values in these columns. If different
4291 values are set for these columns in different controllers, the effect
4292 is unspecified.
4293 local_ip: optional string
4295 The IP address to configure on the local port, e.g.
4296 192.168.0.123. If this value is unset, then local_netmask and
4297 local_gateway are ignored.
4298 local_netmask: optional string
4300 The IP netmask to configure on the local port, e.g.
4301 255.255.255.0. If local_ip is set but this value is unset, then
4302 the default is chosen based on whether the IP address is class
4303 A, B, or C.
4304 local_gateway: optional string
4306 The IP address of the gateway to configure on the local port, as
4307 a string, e.g. 192.168.0.1. Leave this column unset if this net‐
4308 work has no gateway.
4309 Controller Status:
4311 is_connected: boolean
4313 true if currently connected to this controller, false otherwise.
4314 role: optional string, one of master, other, or slave
4316 The level of authority this controller has on the associated
4317 bridge. Possible values are:
4318 other Allows the controller access to all OpenFlow features.
4320 master Equivalent to other, except that there may be at most one
4322 master controller at a time. When a controller configures
4323 itself as master, any existing master is demoted to the
4324 slave role.
4325 slave Allows the controller read-only access to OpenFlow fea‐
4327 tures. Attempts to modify the flow table will be rejected
4328 with an error. Slave controllers do not receive
4329 OFPT_PACKET_IN or OFPT_FLOW_REMOVED messages, but they do
4330 receive OFPT_PORT_STATUS messages.
4331 status : last_error: optional string
4333 A human-readable description of the last error on the connection
4334 to the controller; i.e. strerror(errno). This key will exist
4335 only if an error has occurred.
4336 status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING,
4338 IDLE, or VOID
4339 The state of the connection to the controller:
4340 VOID Connection is disabled.
4342 BACKOFF
4344 Attempting to reconnect at an increasing period.
4345 CONNECTING
4347 Attempting to connect.
4348 ACTIVE Connected, remote host responsive.
4350 IDLE Connection is idle. Waiting for response to keep-alive.
4352 These values may change in the future. They are provided only
4354 for human consumption.
4355 status : sec_since_connect: optional string, containing an integer, at
4357 least 0
4358 The amount of time since this controller last successfully con‐
4359 nected to the switch (in seconds). Value is empty if controller
4360 has never successfully connected.
4361 status : sec_since_disconnect: optional string, containing an integer,
4363 at least 1
4364 The amount of time since this controller last disconnected from
4365 the switch (in seconds). Value is empty if controller has never
4366 disconnected.
4367 Connection Parameters:
4369 Additional configuration for a connection between the controller and
4371 the Open vSwitch.
4372 other_config : dscp: optional string, containing an integer
4374 The Differentiated Service Code Point (DSCP) is specified using
4375 6 bits in the Type of Service (TOS) field in the IP header. DSCP
4376 provides a mechanism to classify the network traffic and provide
4377 Quality of Service (QoS) on IP networks. The DSCP value speci‐
4378 fied here is used when establishing the connection between the
4379 controller and the Open vSwitch. If no value is specified, a
4380 default value of 48 is chosen. Valid DSCP values must be in the
4381 range 0 to 63.
4382 Common Columns:
4384 The overall purpose of these columns is described under Common Columns
4386 at the beginning of this document.
4387 external_ids: map of string-string pairs
4389 other_config: map of string-string pairs
4391
4393 Configuration for a database connection to an Open vSwitch database
4394 (OVSDB) client.
4395 This table primarily configures the Open vSwitch database
4397 (ovsdb-server), not the Open vSwitch switch (ovs-vswitchd). The switch
4398 does read the table to determine what connections should be treated as
4399 in-band.
4400 The Open vSwitch database server can initiate and maintain active con‐
4402 nections to remote clients. It can also listen for database connec‐
4403 tions.
4404 Summary:
4406 Core Features:
4407 target string (must be unique within table)
4408 connection_mode optional string, either in-band or
4409 out-of-band
4410 Client Failure Detection and Handling:
4411 max_backoff optional integer, at least 1,000
4412 inactivity_probe optional integer
4413 Status:
4414 is_connected boolean
4415 status : last_error optional string
4416 status : state optional string, one of ACTIVE, BACKOFF,
4417 CONNECTING, IDLE, or VOID
4418 status : sec_since_connect optional string, containing an integer,
4419 at least 0
4420 status : sec_since_disconnect
4421 optional string, containing an integer,
4422 at least 0
4423 status : locks_held optional string
4424 status : locks_waiting optional string
4425 status : locks_lost optional string
4426 status : n_connections optional string, containing an integer,
4427 at least 2
4428 status : bound_port optional string, containing an integer
4429 Connection Parameters:
4430 other_config : dscp optional string, containing an integer
4431 Common Columns:
4432 external_ids map of string-string pairs
4433 other_config map of string-string pairs
4434 Details:
4436 Core Features:
4437 target: string (must be unique within table)
4439 Connection method for managers.
4440 The following connection methods are currently supported:
4442 ssl:host[:port]
4444 The specified SSL port on the host at the given host,
4445 which can either be a DNS name (if built with unbound
4446 library) or an IP address. The ssl column in the
4447 Open_vSwitch table must point to a valid SSL configura‐
4448 tion when this form is used.
4449 If port is not specified, it defaults to 6640.
4451 SSL support is an optional feature that is not always
4453 built as part of Open vSwitch.
4454 tcp:host[:port]
4456 The specified TCP port on the host at the given host,
4457 which can either be a DNS name (if built with unbound
4458 library) or an IP address (IPv4 or IPv6). If host is an
4459 IPv6 address, wrap it in square brackets, e.g.
4460 tcp:[::1]:6640.
4461 If port is not specified, it defaults to 6640.
4463 pssl:[port][:host]
4465 Listens for SSL connections on the specified TCP port.
4466 Specify 0 for port to have the kernel automatically
4467 choose an available port. If host, which can either be a
4468 DNS name (if built with unbound library) or an IP
4469 address, is specified, then connections are restricted to
4470 the resolved or specified local IP address (either IPv4
4471 or IPv6 address). If host is an IPv6 address, wrap in
4472 square brackets, e.g. pssl:6640:[::1]. If host is not
4473 specified then it listens only on IPv4 (but not IPv6)
4474 addresses. The ssl column in the Open_vSwitch table must
4475 point to a valid SSL configuration when this form is
4476 used.
4477 If port is not specified, it defaults to 6640.
4479 SSL support is an optional feature that is not always
4481 built as part of Open vSwitch.
4482 ptcp:[port][:host]
4484 Listens for connections on the specified TCP port. Spec‐
4485 ify 0 for port to have the kernel automatically choose an
4486 available port. If host, which can either be a DNS name
4487 (if built with unbound library) or an IP address, is
4488 specified, then connections are restricted to the
4489 resolved or specified local IP address (either IPv4 or
4490 IPv6 address). If host is an IPv6 address, wrap it in
4491 square brackets, e.g. ptcp:6640:[::1]. If host is not
4492 specified then it listens only on IPv4 addresses.
4493 If port is not specified, it defaults to 6640.
4495 When multiple managers are configured, the target values must be
4497 unique. Duplicate target values yield unspecified results.
4498 connection_mode: optional string, either in-band or out-of-band
4500 If it is specified, this setting must be one of the following
4501 strings that describes how Open vSwitch contacts this OVSDB
4502 client over the network:
4503 in-band
4505 In this mode, this connection’s traffic travels over a
4506 bridge managed by Open vSwitch. With this setting, Open
4507 vSwitch allows traffic to and from the client regardless
4508 of the contents of the OpenFlow flow table. (Otherwise,
4509 Open vSwitch would never be able to connect to the
4510 client, because it did not have a flow to enable it.)
4511 This is the most common connection mode because it is not
4512 necessary to maintain two independent networks.
4513 out-of-band
4515 In this mode, the client’s traffic uses a control network
4516 separate from that managed by Open vSwitch, that is, Open
4517 vSwitch does not use any of its own network devices to
4518 communicate with the client. The control network must be
4519 configured separately, before or after ovs-vswitchd is
4520 started.
4521 If not specified, the default is implementation-specific.
4523 Client Failure Detection and Handling:
4525 max_backoff: optional integer, at least 1,000
4527 Maximum number of milliseconds to wait between connection
4528 attempts. Default is implementation-specific.
4529 inactivity_probe: optional integer
4531 Maximum number of milliseconds of idle time on connection to the
4532 client before sending an inactivity probe message. If Open
4533 vSwitch does not communicate with the client for the specified
4534 number of seconds, it will send a probe. If a response is not
4535 received for the same additional amount of time, Open vSwitch
4536 assumes the connection has been broken and attempts to recon‐
4537 nect. Default is implementation-specific. A value of 0 disables
4538 inactivity probes.
4539 Status:
4541 Key-value pair of is_connected is always updated. Other key-value pairs
4543 in the status columns may be updated depends on the target type.
4544 When target specifies a connection method that listens for inbound con‐
4546 nections (e.g. ptcp: or punix:), both n_connections and is_connected
4547 may also be updated while the remaining key-value pairs are omitted.
4548 On the other hand, when target specifies an outbound connection, all
4550 key-value pairs may be updated, except the above-mentioned two key-
4551 value pairs associated with inbound connection targets. They are omit‐
4552 ted.
4553 is_connected: boolean
4555 true if currently connected to this manager, false otherwise.
4556 status : last_error: optional string
4558 A human-readable description of the last error on the connection
4559 to the manager; i.e. strerror(errno). This key will exist only
4560 if an error has occurred.
4561 status : state: optional string, one of ACTIVE, BACKOFF, CONNECTING,
4563 IDLE, or VOID
4564 The state of the connection to the manager:
4565 VOID Connection is disabled.
4567 BACKOFF
4569 Attempting to reconnect at an increasing period.
4570 CONNECTING
4572 Attempting to connect.
4573 ACTIVE Connected, remote host responsive.
4575 IDLE Connection is idle. Waiting for response to keep-alive.
4577 These values may change in the future. They are provided only
4579 for human consumption.
4580 status : sec_since_connect: optional string, containing an integer, at
4582 least 0
4583 The amount of time since this manager last successfully con‐
4584 nected to the database (in seconds). Value is empty if manager
4585 has never successfully connected.
4586 status : sec_since_disconnect: optional string, containing an integer,
4588 at least 0
4589 The amount of time since this manager last disconnected from the
4590 database (in seconds). Value is empty if manager has never dis‐
4591 connected.
4592 status : locks_held: optional string
4594 Space-separated list of the names of OVSDB locks that the con‐
4595 nection holds. Omitted if the connection does not hold any
4596 locks.
4597 status : locks_waiting: optional string
4599 Space-separated list of the names of OVSDB locks that the con‐
4600 nection is currently waiting to acquire. Omitted if the connec‐
4601 tion is not waiting for any locks.
4602 status : locks_lost: optional string
4604 Space-separated list of the names of OVSDB locks that the con‐
4605 nection has had stolen by another OVSDB client. Omitted if no
4606 locks have been stolen from this connection.
4607 status : n_connections: optional string, containing an integer, at
4609 least 2
4610 When target specifies a connection method that listens for
4611 inbound connections (e.g. ptcp: or pssl:) and more than one con‐
4612 nection is actually active, the value is the number of active
4613 connections. Otherwise, this key-value pair is omitted.
4614 status : bound_port: optional string, containing an integer
4616 When target is ptcp: or pssl:, this is the TCP port on which the
4617 OVSDB server is listening. (This is particularly useful when
4618 target specifies a port of 0, allowing the kernel to choose any
4619 available port.)
4620 Connection Parameters:
4622 Additional configuration for a connection between the manager and the
4624 Open vSwitch Database.
4625 other_config : dscp: optional string, containing an integer
4627 The Differentiated Service Code Point (DSCP) is specified using
4628 6 bits in the Type of Service (TOS) field in the IP header. DSCP
4629 provides a mechanism to classify the network traffic and provide
4630 Quality of Service (QoS) on IP networks. The DSCP value speci‐
4631 fied here is used when establishing the connection between the
4632 manager and the Open vSwitch. If no value is specified, a
4633 default value of 48 is chosen. Valid DSCP values must be in the
4634 range 0 to 63.
4635 Common Columns:
4637 The overall purpose of these columns is described under Common Columns
4639 at the beginning of this document.
4640 external_ids: map of string-string pairs
4642 other_config: map of string-string pairs
4644
4646 A NetFlow target. NetFlow is a protocol that exports a number of
4647 details about terminating IP flows, such as the principals involved and
4648 duration.
4649 Summary:
4651 targets set of 1 or more strings
4652 engine_id optional integer, in range 0 to 255
4653 engine_type optional integer, in range 0 to 255
4654 active_timeout integer, at least -1
4655 add_id_to_interface boolean
4656 Common Columns:
4657 external_ids map of string-string pairs
4658 Details:
4660 targets: set of 1 or more strings
4661 NetFlow targets in the form ip:port. The ip must be specified
4662 numerically, not as a DNS name.
4663 engine_id: optional integer, in range 0 to 255
4665 Engine ID to use in NetFlow messages. Defaults to datapath index
4666 if not specified.
4667 engine_type: optional integer, in range 0 to 255
4669 Engine type to use in NetFlow messages. Defaults to datapath
4670 index if not specified.
4671 active_timeout: integer, at least -1
4673 The interval at which NetFlow records are sent for flows that
4674 are still active, in seconds. A value of 0 requests the default
4675 timeout (currently 600 seconds); a value of -1 disables active
4676 timeouts.
4677 The NetFlow passive timeout, for flows that become inactive, is
4679 not configurable. It will vary depending on the Open vSwitch
4680 version, the forms and contents of the OpenFlow flow tables, CPU
4681 and memory usage, and network activity. A typical passive time‐
4682 out is about a second.
4683 add_id_to_interface: boolean
4685 If this column’s value is false, the ingress and egress inter‐
4686 face fields of NetFlow flow records are derived from OpenFlow
4687 port numbers. When it is true, the 7 most significant bits of
4688 these fields will be replaced by the least significant 7 bits of
4689 the engine id. This is useful because many NetFlow collectors do
4690 not expect multiple switches to be sending messages from the
4691 same host, so they do not store the engine information which
4692 could be used to disambiguate the traffic.
4693 When this option is enabled, a maximum of 508 ports are sup‐
4695 ported.
4696 Common Columns:
4698 The overall purpose of these columns is described under Common Columns
4700 at the beginning of this document.
4701 external_ids: map of string-string pairs
4703
4705 SSL configuration for an Open_vSwitch.
4706 Summary:
4708 private_key string
4709 certificate string
4710 ca_cert string
4711 bootstrap_ca_cert boolean
4712 Common Columns:
4713 external_ids map of string-string pairs
4714 Details:
4716 private_key: string
4717 Name of a PEM file containing the private key used as the
4718 switch’s identity for SSL connections to the controller.
4719 certificate: string
4721 Name of a PEM file containing a certificate, signed by the cer‐
4722 tificate authority (CA) used by the controller and manager, that
4723 certifies the switch’s private key, identifying a trustworthy
4724 switch.
4725 ca_cert: string
4727 Name of a PEM file containing the CA certificate used to verify
4728 that the switch is connected to a trustworthy controller.
4729 bootstrap_ca_cert: boolean
4731 If set to true, then Open vSwitch will attempt to obtain the CA
4732 certificate from the controller on its first SSL connection and
4733 save it to the named PEM file. If it is successful, it will
4734 immediately drop the connection and reconnect, and from then on
4735 all SSL connections must be authenticated by a certificate
4736 signed by the CA certificate thus obtained. This option exposes
4737 the SSL connection to a man-in-the-middle attack obtaining the
4738 initial CA certificate. It may still be useful for bootstrap‐
4739 ping.
4740 Common Columns:
4742 The overall purpose of these columns is described under Common Columns
4744 at the beginning of this document.
4745 external_ids: map of string-string pairs
4747
4749 A set of sFlow(R) targets. sFlow is a protocol for remote monitoring of
4750 switches.
4751 Summary:
4753 agent optional string
4754 header optional integer
4755 polling optional integer
4756 sampling optional integer
4757 targets set of 1 or more strings
4758 Common Columns:
4759 external_ids map of string-string pairs
4760 Details:
4762 agent: optional string
4763 Determines the agent address, that is, the IP address reported
4764 to collectors as the source of the sFlow data. It may be an IP
4765 address or the name of a network device. In the latter case, the
4766 network device’s IP address is used,
4767 If not specified, the agent device is figured from the first
4769 target address and the routing table. If the routing table does
4770 not contain a route to the target, the IP address defaults to
4771 the local_ip in the collector’s Controller.
4772 If an agent IP address cannot be determined, sFlow is disabled.
4774 header: optional integer
4776 Number of bytes of a sampled packet to send to the collector. If
4777 not specified, the default is 128 bytes.
4778 polling: optional integer
4780 Polling rate in seconds to send port statistics to the collec‐
4781 tor. If not specified, defaults to 30 seconds.
4782 sampling: optional integer
4784 Rate at which packets should be sampled and sent to the collec‐
4785 tor. If not specified, defaults to 400, which means one out of
4786 400 packets, on average, will be sent to the collector.
4787 targets: set of 1 or more strings
4789 sFlow targets in the form ip:port.
4790 Common Columns:
4792 The overall purpose of these columns is described under Common Columns
4794 at the beginning of this document.
4795 external_ids: map of string-string pairs
4797
4799 Configuration for sending packets to IPFIX collectors.
4800 IPFIX is a protocol that exports a number of details about flows. The
4802 IPFIX implementation in Open vSwitch samples packets at a configurable
4803 rate, extracts flow information from those packets, optionally caches
4804 and aggregates the flow information, and sends the result to one or
4805 more collectors.
4806 IPFIX in Open vSwitch can be configured two different ways:
4808 · With per-bridge sampling, Open vSwitch performs IPFIX
4810 sampling automatically on all packets that pass through a
4811 bridge. To configure per-bridge sampling, create an IPFIX
4812 record and point a Bridge table’s ipfix column to it. The
4813 Flow_Sample_Collector_Set table is not used for per-
4814 bridge sampling.
4815 · With flow-based sampling, sample actions in the OpenFlow
4817 flow table drive IPFIX sampling. See ovs-ofctl(8) for a
4818 description of the sample action.
4819 Flow-based sampling also requires database configuration:
4821 create a IPFIX record that describes the IPFIX configura‐
4822 tion and a Flow_Sample_Collector_Set record that points
4823 to the Bridge whose flow table holds the sample actions
4824 and to IPFIX record. The ipfix in the Bridge table is not
4825 used for flow-based sampling.
4826 Summary:
4828 targets set of strings
4829 cache_active_timeout optional integer, in range 0 to 4,200
4830 cache_max_flows optional integer, in range 0 to
4831 4,294,967,295
4832 other_config : enable-tunnel-sampling
4833 optional string, either true or false
4834 other_config : virtual_obs_id optional string
4835 Per-Bridge Sampling:
4836 sampling optional integer, in range 1 to
4837 4,294,967,295
4838 obs_domain_id optional integer, in range 0 to
4839 4,294,967,295
4840 obs_point_id optional integer, in range 0 to
4841 4,294,967,295
4842 other_config : enable-input-sampling
4843 optional string, either true or false
4844 other_config : enable-output-sampling
4845 optional string, either true or false
4846 Common Columns:
4847 external_ids map of string-string pairs
4848 Details:
4850 targets: set of strings
4851 IPFIX target collectors in the form ip:port.
4852 cache_active_timeout: optional integer, in range 0 to 4,200
4854 The maximum period in seconds for which an IPFIX flow record is
4855 cached and aggregated before being sent. If not specified,
4856 defaults to 0. If 0, caching is disabled.
4857 cache_max_flows: optional integer, in range 0 to 4,294,967,295
4859 The maximum number of IPFIX flow records that can be cached at a
4860 time. If not specified, defaults to 0. If 0, caching is dis‐
4861 abled.
4862 other_config : enable-tunnel-sampling: optional string, either true or
4864 false
4865 Set to true to enable sampling and reporting tunnel header
4866 7-tuples in IPFIX flow records. Tunnel sampling is enabled by
4867 default.
4868 The following enterprise entities report the sampled tunnel
4870 info:
4871 tunnelType:
4873 ID: 891, and enterprise ID 6876 (VMware).
4874 type: unsigned 8-bit integer.
4876 data type semantics: identifier.
4878 description: Identifier of the layer 2 network overlay
4880 network encapsulation type: 0x01 VxLAN, 0x02 GRE, 0x03
4881 LISP, 0x07 GENEVE.
4882 tunnelKey:
4884 ID: 892, and enterprise ID 6876 (VMware).
4885 type: variable-length octetarray.
4887 data type semantics: identifier.
4889 description: Key which is used for identifying an indi‐
4891 vidual traffic flow within a VxLAN (24-bit VNI), GENEVE
4892 (24-bit VNI), GRE (32-bit key), or LISP (24-bit instance
4893 ID) tunnel. The key is encoded in this octetarray as a
4894 3-, 4-, or 8-byte integer ID in network byte order.
4895 tunnelSourceIPv4Address:
4897 ID: 893, and enterprise ID 6876 (VMware).
4898 type: unsigned 32-bit integer.
4900 data type semantics: identifier.
4902 description: The IPv4 source address in the tunnel IP
4904 packet header.
4905 tunnelDestinationIPv4Address:
4907 ID: 894, and enterprise ID 6876 (VMware).
4908 type: unsigned 32-bit integer.
4910 data type semantics: identifier.
4912 description: The IPv4 destination address in the tunnel
4914 IP packet header.
4915 tunnelProtocolIdentifier:
4917 ID: 895, and enterprise ID 6876 (VMware).
4918 type: unsigned 8-bit integer.
4920 data type semantics: identifier.
4922 description: The value of the protocol number in the tun‐
4924 nel IP packet header. The protocol number identifies the
4925 tunnel IP packet payload type.
4926 tunnelSourceTransportPort:
4928 ID: 896, and enterprise ID 6876 (VMware).
4929 type: unsigned 16-bit integer.
4931 data type semantics: identifier.
4933 description: The source port identifier in the tunnel
4935 transport header. For the transport protocols UDP, TCP,
4936 and SCTP, this is the source port number given in the
4937 respective header.
4938 tunnelDestinationTransportPort:
4940 ID: 897, and enterprise ID 6876 (VMware).
4941 type: unsigned 16-bit integer.
4943 data type semantics: identifier.
4945 description: The destination port identifier in the tun‐
4947 nel transport header. For the transport protocols UDP,
4948 TCP, and SCTP, this is the destination port number given
4949 in the respective header.
4950 Before Open vSwitch 2.5.90, other_config:enable-tunnel-sampling
4952 was only supported with per-bridge sampling, and ignored other‐
4953 wise. Open vSwitch 2.5.90 and later support other_config:enable-
4954 tunnel-sampling for per-bridge and per-flow sampling.
4955 other_config : virtual_obs_id: optional string
4957 A string that accompanies each IPFIX flow record. Its intended
4958 use is for the ``virtual observation ID,’’ an identifier of a
4959 virtual observation point that is locally unique in a virtual
4960 network. It describes a location in the virtual network where IP
4961 packets can be observed. The maximum length is 254 bytes. If not
4962 specified, the field is omitted from the IPFIX flow record.
4963 The following enterprise entity reports the specified virtual
4965 observation ID:
4966 virtualObsID:
4968 ID: 898, and enterprise ID 6876 (VMware).
4969 type: variable-length string.
4971 data type semantics: identifier.
4973 description: A virtual observation domain ID that is
4975 locally unique in a virtual network.
4976 This feature was introduced in Open vSwitch 2.5.90.
4978 Per-Bridge Sampling:
4980 These values affect only per-bridge sampling. See above for a descrip‐
4982 tion of the differences between per-bridge and flow-based sampling.
4983 sampling: optional integer, in range 1 to 4,294,967,295
4985 The rate at which packets should be sampled and sent to each
4986 target collector. If not specified, defaults to 400, which means
4987 one out of 400 packets, on average, will be sent to each target
4988 collector.
4989 obs_domain_id: optional integer, in range 0 to 4,294,967,295
4991 The IPFIX Observation Domain ID sent in each IPFIX packet. If
4992 not specified, defaults to 0.
4993 obs_point_id: optional integer, in range 0 to 4,294,967,295
4995 The IPFIX Observation Point ID sent in each IPFIX flow record.
4996 If not specified, defaults to 0.
4997 other_config : enable-input-sampling: optional string, either true or
4999 false
5000 By default, Open vSwitch samples and reports flows at bridge
5001 port input in IPFIX flow records. Set this column to false to
5002 disable input sampling.
5003 other_config : enable-output-sampling: optional string, either true or
5005 false
5006 By default, Open vSwitch samples and reports flows at bridge
5007 port output in IPFIX flow records. Set this column to false to
5008 disable output sampling.
5009 Common Columns:
5011 The overall purpose of these columns is described under Common Columns
5013 at the beginning of this document.
5014 external_ids: map of string-string pairs
5016
5018 A set of IPFIX collectors of packet samples generated by OpenFlow sam‐
5019 ple actions. This table is used only for IPFIX flow-based sampling, not
5020 for per-bridge sampling (see the IPFIX table for a description of the
5021 two forms).
5022 Summary:
5024 id integer, in range 0 to 4,294,967,295
5025 bridge Bridge
5026 ipfix optional IPFIX
5027 Common Columns:
5028 external_ids map of string-string pairs
5029 Details:
5031 id: integer, in range 0 to 4,294,967,295
5032 The ID of this collector set, unique among the bridge’s collec‐
5033 tor sets, to be used as the collector_set_id in OpenFlow sample
5034 actions.
5035 bridge: Bridge
5037 The bridge into which OpenFlow sample actions can be added to
5038 send packet samples to this set of IPFIX collectors.
5039 ipfix: optional IPFIX
5041 Configuration of the set of IPFIX collectors to send one flow
5042 record per sampled packet to.
5043 Common Columns:
5045 The overall purpose of these columns is described under Common Columns
5047 at the beginning of this document.
5048 external_ids: map of string-string pairs
5050
5052 Auto Attach configuration within a bridge. The IETF Auto-Attach SPBM
5053 draft standard describes a compact method of using IEEE 802.1AB Link
5054 Layer Discovery Protocol (LLDP) together with a IEEE 802.1aq Shortest
5055 Path Bridging (SPB) network to automatically attach network devices to
5056 individual services in a SPB network. The intent here is to allow net‐
5057 work applications and devices using OVS to be able to easily take
5058 advantage of features offered by industry standard SPB networks.
5059 Auto Attach (AA) uses LLDP to communicate between a directly connected
5061 Auto Attach Client (AAC) and Auto Attach Server (AAS). The LLDP proto‐
5062 col is extended to add two new Type-Length-Value tuples (TLVs). The
5063 first new TLV supports the ongoing discovery of directly connected AA
5064 correspondents. Auto Attach operates by regularly transmitting AA dis‐
5065 covery TLVs between the AA client and AA server. By exchanging these
5066 discovery messages, both the AAC and AAS learn the system name and sys‐
5067 tem description of their peer. In the OVS context, OVS operates as the
5068 AA client and the AA server resides on a switch at the edge of the SPB
5069 network.
5070 Once AA discovery has been completed the AAC then uses the second new
5072 TLV to deliver identifier mappings from the AAC to the AAS. A primary
5073 feature of Auto Attach is to facilitate the mapping of VLANs defined
5074 outside the SPB network onto service ids (ISIDs) defined within the SPM
5075 network. By doing so individual external VLANs can be mapped onto spe‐
5076 cific SPB network services. These VLAN id to ISID mappings can be con‐
5077 figured and managed locally using new options added to the ovs-vsctl
5078 command.
5079 The Auto Attach OVS feature does not provide a full implementation of
5081 the LLDP protocol. Support for the mandatory TLVs as defined by the
5082 LLDP standard and support for the AA TLV extensions is provided. LLDP
5083 protocol support in OVS can be enabled or disabled on a port by port
5084 basis. LLDP support is disabled by default.
5085 Summary:
5087 system_name string
5088 system_description string
5089 mappings map of integer-integer pairs, key in
5090 range 0 to 16,777,215, value in range 0
5091 to 4,095
5092 Details:
5094 system_name: string
5095 The system_name string is exported in LLDP messages. It should
5096 uniquely identify the bridge in the network.
5097 system_description: string
5099 The system_description string is exported in LLDP messages. It
5100 should describe the type of software and hardware.
5101 mappings: map of integer-integer pairs, key in range 0 to 16,777,215,
5103 value in range 0 to 4,095
5104 A mapping from SPB network Individual Service Identifier (ISID)
5105 to VLAN id.
5106Open vSwitch 2.10.1 DB Schema 7.16.1 ovs-vswitchd.conf.db(5)