1ovs-vswitchd.conf.db(5)       Open vSwitch Manual      ovs-vswitchd.conf.db(5)
2
3
4

NAME

6       ovs-vswitchd.conf.db - Open_vSwitch database schema
7
8       A  database  with  this  schema  holds  the  configuration for one Open
9       vSwitch daemon. The top-level  configuration  for  the  daemon  is  the
10       Open_vSwitch  table,  which  must  have  exactly one record. Records in
11       other tables are significant only when they can be reached directly  or
12       indirectly  from the Open_vSwitch table. Records that are not reachable
13       from the Open_vSwitch table are automatically deleted  from  the  data‐
14       base, except for records in a few distinguished ``root set’’ tables.
15
16   Common Columns
17       Most  tables contain two special columns, named other_config and exter‐
18       nal_ids. These columns have the same form and purpose each  place  that
19       they appear, so we describe them here to save space later.
20
21              other_config: map of string-string pairs
22                     Key-value  pairs  for  configuring  rarely used features.
23                     Supported keys, along with the forms taken by their  val‐
24                     ues, are documented individually for each table.
25
26                     A  few tables do not have other_config columns because no
27                     key-value pairs have yet been defined for them.
28
29              external_ids: map of string-string pairs
30                     Key-value pairs for use by external frameworks that inte‐
31                     grate  with  Open  vSwitch,  rather  than by Open vSwitch
32                     itself. System integrators should  either  use  the  Open
33                     vSwitch  development mailing list to coordinate on common
34                     key-value definitions,  or  choose  key  names  that  are
35                     likely to be unique. In some cases, where key-value pairs
36                     have been defined that are likely to  be  widely  useful,
37                     they are documented individually for each table.
38

TABLE SUMMARY

40       The  following list summarizes the purpose of each of the tables in the
41       Open_vSwitch database.  Each table is described in  more  detail  on  a
42       later page.
43
44       Table     Purpose
45       Open_vSwitch
46                 Open vSwitch configuration.
47       Bridge    Bridge configuration.
48       Port      Port configuration.
49       Interface One physical network device in a Port.
50       Flow_Table
51                 OpenFlow table configuration
52       QoS       Quality of Service configuration
53       Queue     QoS output queue.
54       Mirror    Port mirroring.
55       Controller
56                 OpenFlow controller configuration.
57       Manager   OVSDB management connection.
58       NetFlow   NetFlow configuration.
59       SSL       SSL configuration.
60       sFlow     sFlow configuration.
61       IPFIX     IPFIX configuration.
62       Flow_Sample_Collector_Set
63                 Flow_Sample_Collector_Set configuration.
64       AutoAttach
65                 AutoAttach configuration.
66

Open_vSwitch TABLE

68       Configuration  for  an  Open  vSwitch daemon. There must be exactly one
69       record in the Open_vSwitch table.
70
71   Summary:
72       Configuration:
73         bridges                     set of Bridges
74         ssl                         optional SSL
75         external_ids : system-id    optional string
76         external_ids : xs-system-uuid
77                                     optional string
78         external_ids : hostname     optional string
79         external_ids : rundir       optional string
80         other_config : stats-update-interval
81                                     optional string, containing  an  integer,
82                                     at least 5,000
83         other_config : flow-restore-wait
84                                     optional string, either true or false
85         other_config : flow-limit   optional  string,  containing an integer,
86                                     at least 0
87         other_config : max-idle     optional string, containing  an  integer,
88                                     at least 500
89         other_config : hw-offload   optional string, either true or false
90         other_config : tc-policy    optional string, one of none, skip_hw, or
91                                     skip_sw
92         other_config : dpdk-init    optional string, one of false,  true,  or
93                                     try
94         other_config : dpdk-lcore-mask
95                                     optional  string,  containing an integer,
96                                     at least 1
97         other_config : pmd-cpu-mask
98                                     optional string
99         other_config : dpdk-alloc-mem
100                                     optional string, containing  an  integer,
101                                     at least 0
102         other_config : dpdk-socket-mem
103                                     optional string
104         other_config : dpdk-socket-limit
105                                     optional string
106         other_config : dpdk-hugepage-dir
107                                     optional string
108         other_config : dpdk-extra   optional string
109         other_config : vhost-sock-dir
110                                     optional string
111         other_config : vhost-iommu-support
112                                     optional string, either true or false
113         other_config : vhost-postcopy-support
114                                     optional string, either true or false
115         other_config : per-port-memory
116                                     optional string, either true or false
117         other_config : tx-flush-interval
118                                     optional  string,  containing an integer,
119                                     in range 0 to 1,000,000
120         other_config : pmd-perf-metrics
121                                     optional string, either true or false
122         other_config : smc-enable   optional string, either true or false
123         other_config : pmd-rxq-assign
124                                     optional   string,   either   cycles   or
125                                     roundrobin
126         other_config : n-handler-threads
127                                     optional  string,  containing an integer,
128                                     at least 1
129         other_config : n-revalidator-threads
130                                     optional string, containing  an  integer,
131                                     at least 1
132         other_config : emc-insert-inv-prob
133                                     optional  string,  containing an integer,
134                                     in range 0 to 4,294,967,295
135         other_config : vlan-limit   optional string, containing  an  integer,
136                                     at least 0
137         other_config : bundle-idle-timeout
138                                     optional  string,  containing an integer,
139                                     at least 1
140         other_config : offload-rebalance
141                                     optional string, either true or false
142         other_config : pmd-auto-lb  optional string, either true or false
143         other_config : pmd-auto-lb-rebal-interval
144                                     optional string, containing  an  integer,
145                                     in range 0 to 20,000
146       Status:
147         next_cfg                    integer
148         cur_cfg                     integer
149         dpdk_initialized            boolean
150         Statistics:
151            other_config : enable-statistics
152                                     optional string, either true or false
153            statistics : cpu         optional  string,  containing an integer,
154                                     at least 1
155            statistics : load_average
156                                     optional string
157            statistics : memory      optional string
158            statistics : process_NAME
159                                     optional string
160            statistics : file_systems
161                                     optional string
162       Version Reporting:
163         ovs_version                 optional string
164         db_version                  optional string
165         system_type                 optional string
166         system_version              optional string
167         dpdk_version                optional string
168       Capabilities:
169         datapath_types              set of strings
170         iface_types                 set of strings
171       Database Configuration:
172         manager_options             set of Managers
173       IPsec:
174         other_config : private_key  optional string
175         other_config : certificate  optional string
176         other_config : ca_cert      optional string
177         Plaintext Tunnel Policy:
178            other_config : ipsec_skb_mark
179                                     optional string
180       Common Columns:
181         other_config                map of string-string pairs
182         external_ids                map of string-string pairs
183
184   Details:
185     Configuration:
186
187       bridges: set of Bridges
188              Set of bridges managed by the daemon.
189
190       ssl: optional SSL
191              SSL used globally by the daemon.
192
193       external_ids : system-id: optional string
194              A unique identifier for the Open vSwitch’s  physical  host.  The
195              form  of  the  identifier  depends on the type of the host. On a
196              Citrix XenServer,  this  will  likely  be  the  same  as  exter‐
197              nal_ids:xs-system-uuid.
198
199       external_ids : xs-system-uuid: optional string
200              The Citrix XenServer universally unique identifier for the phys‐
201              ical host as displayed by xe host-list.
202
203       external_ids : hostname: optional string
204              The hostname for the host running Open vSwitch. This is a  fully
205              qualified domain name since version 2.6.2.
206
207       external_ids : rundir: optional string
208              In  Open vSwitch 2.8 and later, the run directory of the running
209              Open vSwitch daemon. This directory is used  for  runtime  state
210              such  as control and management sockets. The value of other_con‐
211              fig:vhost-sock-dir is relative to this directory.
212
213       other_config : stats-update-interval: optional  string,  containing  an
214       integer, at least 5,000
215              Interval  for  updating statistics to the database, in millisec‐
216              onds. This option will affect the update of the statistics  col‐
217              umn in the following tables: Port, Interface , Mirror.
218
219              Default value is 5000 ms.
220
221              Getting statistics more frequently can be achieved via OpenFlow.
222
223       other_config : flow-restore-wait: optional string, either true or false
224              When  ovs-vswitchd  starts  up,  it  has an empty flow table and
225              therefore it handles all arriving packets in its default fashion
226              according to its configuration, by dropping them or sending them
227              to an OpenFlow controller or  switching  them  as  a  standalone
228              switch.  This  behavior  is  ordinarily  desirable.  However, if
229              ovs-vswitchd is restarting as part of  a  ``hot-upgrade,’’  then
230              this  leads to a relatively long period during which packets are
231              mishandled.
232
233              This option allows for  improvement.  When  ovs-vswitchd  starts
234              with  this  value  set  as true, it will neither flush or expire
235              previously set datapath flows nor will it send and  receive  any
236              packets to or from the datapath. When this value is later set to
237              false, ovs-vswitchd will start receiving packets from the  data‐
238              path and re-setup the flows.
239
240              Additionally,  ovs-vswitchd is prevented from connecting to con‐
241              trollers when this value is set  to  true.  This  prevents  con‐
242              trollers  from making changes to the flow table in the middle of
243              flow restoration, which could result in undesirable intermediate
244              states.  Once  this  value has been set to false and the desired
245              flow state has been  restored,  ovs-vswitchd  will  be  able  to
246              reconnect  to controllers and process any new flow table modifi‐
247              cations.
248
249              Thus, with this option,  the  procedure  for  a  hot-upgrade  of
250              ovs-vswitchd becomes roughly the following:
251
252              1.  Stop ovs-vswitchd.
253
254              2.  Set other_config:flow-restore-wait to true.
255
256              3.  Start ovs-vswitchd.
257
258              4.  Use  ovs-ofctl  (or  some other program, such as an OpenFlow
259                  controller) to  restore  the  OpenFlow  flow  table  to  the
260                  desired state.
261
262              5.  Set  other_config:flow-restore-wait  to  false (or remove it
263                  entirely from the database).
264
265              The ovs-ctl’s ``restart’’  and  ``force-reload-kmod’’  functions
266              use the above config option during hot upgrades.
267
268       other_config  :  flow-limit: optional string, containing an integer, at
269       least 0
270              The maximum number of flows allowed in the datapath flow  table.
271              Internally  OVS  will  choose  a flow limit which will likely be
272              lower than this number, based on real time  network  conditions.
273              Tweaking  this value is discouraged unless you know exactly what
274              you’re doing.
275
276              The default is 200000.
277
278       other_config : max-idle: optional string,  containing  an  integer,  at
279       least 500
280              The  maximum  time (in ms) that idle flows will remain cached in
281              the datapath. Internally OVS will check the validity and  activ‐
282              ity  for  datapath  flows regularly and may expire flows quicker
283              than this number, based on real time network conditions.  Tweak‐
284              ing  this  value  is  discouraged  unless  you know exactly what
285              you’re doing.
286
287              The default is 10000.
288
289       other_config : hw-offload: optional string, either true or false
290              Set this value to true to enable netdev flow offload.
291
292              The  default  value  is  false.  Changing  this  value  requires
293              restarting the daemon
294
295              Currently  Open  vSwitch  supports  hardware offloading on Linux
296              systems. On other systems, this value is ignored. This function‐
297              ality  is considered ’experimental’. Depending on which OpenFlow
298              matches and actions are  configured,  which  kernel  version  is
299              used,  and  what  hardware is available, Open vSwitch may not be
300              able to offload functionality to hardware.
301
302              In  order  to   dump   HW   offloaded   flows   use   ovs-appctl
303              dpctl/dump-flows,  ovs-dpctl doesn’t support this functionality.
304              See ovs-vswitchd(8) for details.
305
306       other_config : tc-policy: optional string, one  of  none,  skip_hw,  or
307       skip_sw
308              Specified the policy used with HW offloading. Options:
309
310              none   Add software rule and offload rule to HW.
311
312              skip_sw
313                     Offload rule to HW only.
314
315              skip_hw
316                     Add software rule without offloading rule to HW.
317
318              This is only relevant if other_config:hw-offload is enabled.
319
320              The default value is none.
321
322       other_config : dpdk-init: optional string, one of false, true, or try
323              Set this value to true or try to enable runtime support for DPDK
324              ports. The vswitch must have compile-time support  for  DPDK  as
325              well.
326
327              A  value of true will cause the ovs-vswitchd process to abort if
328              DPDK cannot be initialized. A value of try will allow  the  ovs-
329              vswitchd process to continue running even if DPDK cannot be ini‐
330              tialized.
331
332              The  default  value  is  false.  Changing  this  value  requires
333              restarting the daemon
334
335              If this value is false at startup, any dpdk ports which are con‐
336              figured in the bridge will fail due to memory errors.
337
338       other_config : dpdk-lcore-mask: optional string, containing an integer,
339       at least 1
340              Specifies  the  CPU  cores  where  dpdk  lcore threads should be
341              spawned. The DPDK lcore threads are used for DPDK library tasks,
342              such as library internal message processing, logging, etc. Value
343              should be in the form of a hex string (so  ’0x123’)  similar  to
344              the ’taskset’ mask input.
345
346              The  lowest  order  bit corresponds to the first CPU core. A set
347              bit means the corresponding  core  is  available  and  an  lcore
348              thread  will  be created and pinned to it. If the input does not
349              cover all cores, those uncovered cores are considered not set.
350
351              For performance reasons, it is best to set this to a single core
352              on the system, rather than allow lcore threads to float.
353
354              If  not  specified, the value will be determined by choosing the
355              lowest CPU core from initial cpu affinity list.  Otherwise,  the
356              value will be passed directly to the DPDK library.
357
358       other_config : pmd-cpu-mask: optional string
359              Specifies  CPU  mask  for  setting the cpu affinity of PMD (Poll
360              Mode Driver) threads. Value should be in the form of hex string,
361              similar  to  the  dpdk  EAL  ’-c  COREMASK’  option input or the
362              ’taskset’ mask input.
363
364              The lowest order bit corresponds to the first CPU  core.  A  set
365              bit  means  the corresponding core is available and a pmd thread
366              will be created and pinned to it. If the input  does  not  cover
367              all cores, those uncovered cores are considered not set.
368
369              If  not  specified, one pmd thread will be created for each numa
370              node and pinned to any  available  core  on  the  numa  node  by
371              default.
372
373       other_config  : dpdk-alloc-mem: optional string, containing an integer,
374       at least 0
375              Specifies the amount of memory to preallocate from the  hugepage
376              pool,  regardless of socket. It is recommended that dpdk-socket-
377              mem is used instead.
378
379       other_config : dpdk-socket-mem: optional string
380              Specifies the amount of memory to preallocate from the  hugepage
381              pool, on a per-socket basis.
382
383              The specifier is a comma-separated string, in ascending order of
384              CPU socket. E.g. On a four socket system 1024,0,2048  would  set
385              socket  0  to  preallocate  1024MB, socket 1 to preallocate 0MB,
386              socket 2 to preallocate 2048MB and socket 3 (no value given)  to
387              preallocate 0MB.
388
389              If  dpdk-socket-mem  and dpdk-alloc-mem are not specified, dpdk-
390              socket-mem will be used and the default value is 1024  for  each
391              numa  node.  If dpdk-socket-mem and dpdk-alloc-mem are specified
392              at same time, dpdk-socket-mem will be used as default.  Changing
393              this value requires restarting the daemon.
394
395       other_config : dpdk-socket-limit: optional string
396              Limits  the  maximum  amount of memory that can be used from the
397              hugepage pool, on a per-socket basis.
398
399              The specifier is a comma-separated list  of  memory  limits  per
400              socket. 0 will disable the limit for a particular socket.
401
402              If  not specified, OVS will configure limits equal to the amount
403              of preallocated memory specified by other_config:dpdk-socket-mem
404              or --socket-mem in other_config:dpdk-extra. If none of the above
405              options specified or --legacy-mem provided in other_config:dpdk-
406              extra,  limits will not be applied. Changing this value requires
407              restarting the daemon.
408
409       other_config : dpdk-hugepage-dir: optional string
410              Specifies the path to the hugetlbfs mount point.
411
412              If not specified, this will  be  guessed  by  the  DPDK  library
413              (default   is  /dev/hugepages).  Changing  this  value  requires
414              restarting the daemon.
415
416       other_config : dpdk-extra: optional string
417              Specifies additional eal command line arguments for DPDK.
418
419              The default is empty. Changing this  value  requires  restarting
420              the daemon
421
422       other_config : vhost-sock-dir: optional string
423              Specifies a relative path from external_ids:rundir to the vhost-
424              user unix domain socket files. If this value is unset, the sock‐
425              ets are put directly in external_ids:rundir.
426
427              Changing this value requires restarting the daemon.
428
429       other_config  :  vhost-iommu-support:  optional  string, either true or
430       false
431              vHost IOMMU is a security feature,  which  restricts  the  vhost
432              memory  that  a virtio device may access. vHost IOMMU support is
433              disabled by default, due to a bug in QEMU implementations of the
434              vhost REPLY_ACK protocol, (on which vHost IOMMU relies) prior to
435              v2.9.1. Setting this value to true enables vHost  IOMMU  support
436              for  vHost  User  Client  ports  in OvS-DPDK, starting from DPDK
437              v17.11.
438
439              Changing this value requires restarting the daemon.
440
441       other_config : vhost-postcopy-support: optional string, either true  or
442       false
443              vHost  post-copy is a feature which allows switching live migra‐
444              tion of VM attached to  dpdkvhostuserclient  port  to  post-copy
445              mode if default pre-copy migration can not be converged or takes
446              too long to converge. Setting this value to true  enables  vHost
447              post-copy  support  for all dpdkvhostuserclient ports. Available
448              starting from DPDK v18.11 and QEMU 2.12.
449
450              Changing this value requires restarting the daemon.
451
452       other_config : per-port-memory: optional string, either true or false
453              By default OVS DPDK uses a shared memory model  wherein  devices
454              that have the same MTU and socket values can share the same mem‐
455              pool. Setting this value to true  changes  this  behaviour.  Per
456              port memory allow DPDK devices to use private memory per device.
457              This can provide greater transparency as  regards  memory  usage
458              but potentially at the cost of greater memory requirements.
459
460              Changing  this value requires restarting the daemon if dpdk-init
461              has already been set to true.
462
463       other_config : tx-flush-interval: optional string, containing an  inte‐
464       ger, in range 0 to 1,000,000
465              Specifies  the  time  in  microseconds that a packet can wait in
466              output batch for sending i.e. amount of  time  that  packet  can
467              spend  in an intermediate output queue before sending to netdev.
468              This option can be used to configure balance between  throughput
469              and  latency. Lower values decreases latency while higher values
470              may be useful to achieve higher performance.
471
472              Defaults to 0 i.e. instant packet sending (latency optimized).
473
474       other_config : pmd-perf-metrics: optional string, either true or false
475              Enables recording of detailed PMD performance metrics for analy‐
476              sis  and trouble-shooting. This can have a performance impact in
477              the order of 1%.
478
479              Defaults to false but can be changed at any time.
480
481       other_config : smc-enable: optional string, either true or false
482              Signature match cache or SMC is a cache between EMC and megaflow
483              cache. It does not store the full key of the flow, so it is more
484              memory efficient comparing to EMC cache. SMC is especially  use‐
485              ful when flow count is larger than EMC capacity.
486
487              Defaults to false but can be changed at any time.
488
489       other_config  :  pmd-rxq-assign:  optional  string,  either  cycles  or
490       roundrobin
491              Specifies how RX queues will be automatically  assigned  to  CPU
492              cores. Options:
493
494              cycles Rxqs  will  be  sorted  by  order  of measured processing
495                     cycles before being assigned to CPU cores.
496
497              roundrobin
498                     Rxqs will be round-robined across CPU cores.
499
500              The default value is cycles.
501
502              Changing this value will affect an  automatic  re-assignment  of
503              Rxqs to CPUs. Note: Rxqs mapped to CPU cores with pmd-rxq-affin‐
504              ity are unaffected.
505
506       other_config : n-handler-threads: optional string, containing an  inte‐
507       ger, at least 1
508              Specifies  the  number  of threads for software datapaths to use
509              for handling new flows. The default the  number  of  online  CPU
510              cores minus the number of revalidators.
511
512              This  configuration  is  per datapath. If you have more than one
513              software datapath (e.g. some  system  bridges  and  some  netdev
514              bridges),  then the total number of threads is n-handler-threads
515              times the number of software datapaths.
516
517       other_config : n-revalidator-threads: optional  string,  containing  an
518       integer, at least 1
519              Specifies  the  number  of threads for software datapaths to use
520              for revalidating flows in the datapath. Typically,  there  is  a
521              direct  correlation  between  the number of revalidator threads,
522              and the number of flows allowed in the datapath. The default  is
523              the  number  of  cpu  cores  divided by four plus one. If n-han‐
524              dler-threads is set, the default changes to the  number  of  cpu
525              cores minus the number of handler threads.
526
527              This  configuration  is  per datapath. If you have more than one
528              software datapath (e.g. some  system  bridges  and  some  netdev
529              bridges),  then the total number of threads is n-handler-threads
530              times the number of software datapaths.
531
532       other_config :  emc-insert-inv-prob:  optional  string,  containing  an
533       integer, in range 0 to 4,294,967,295
534              Specifies  the  inverse probability (1/emc-insert-inv-prob) of a
535              flow being inserted into the Exact Match Cache (EMC). On average
536              one  in every emc-insert-inv-prob packets that generate a unique
537              flow will cause an insertion into the EMC. A  value  of  1  will
538              result  in  an  insertion  for every flow (1/1 = 100%) whereas a
539              value of zero will result in no insertions and essentially  dis‐
540              able the EMC.
541
542              Defaults  to  100 ie. there is (1/100 =) 1% chance of EMC inser‐
543              tion.
544
545       other_config : vlan-limit: optional string, containing an  integer,  at
546       least 0
547              Limits  the  number  of  VLAN headers that can be matched to the
548              specified number. Further VLAN headers will be treated  as  pay‐
549              load, e.g. a packet with more 802.1q headers will match Ethernet
550              type 0x8100.
551
552              Open vSwitch userspace currently supports at most 2  VLANs,  and
553              each  datapath  has  its own limit. If vlan-limit is nonzero, it
554              acts as a further limit.
555
556              If this value is absent, the default is currently 1. This  main‐
557              tains backward compatibility with controllers that were designed
558              for use with Open vSwitch versions earlier than 2.8, which  only
559              supported one VLAN.
560
561       other_config  :  bundle-idle-timeout:  optional  string,  containing an
562       integer, at least 1
563              The maximum time (in seconds) that idle bundles will wait to  be
564              expired since it was either opened, modified or closed.
565
566              OpenFlow  specification  mandates the timeout to be at least one
567              second. The default is 10 seconds.
568
569       other_config : offload-rebalance: optional string, either true or false
570              Configures HW offload rebalancing, that  allows  to  dynamically
571              offload  and  un-offload flows while an offload-device is out of
572              resources (OOR). This policy allows flows  to  be  selected  for
573              offloading based on the packets-per-second (pps) rate of flows.
574
575              Set this value to true to enable this option.
576
577              The  default  value  is  false.  Changing  this  value  requires
578              restarting the daemon.
579
580              This is only relevant if HW offloading is enabled  (hw-offload).
581              When  this policy is enabled, it also requires ’tc-policy’ to be
582              set to ’skip_sw’.
583
584       other_config : pmd-auto-lb: optional string, either true or false
585              Configures PMD Auto Load Balancing that allows automatic assign‐
586              ment  of  RX  queues  to PMDs if any of PMDs is overloaded (i.e.
587              processing cycles > 95%).
588
589              It uses current scheme of cycle based assignment  of  RX  queues
590              that are not statically pinned to PMDs.
591
592              The default value is false.
593
594              Set  this  value  to true to enable this option. It is currently
595              disabled by default and an experimental feature.
596
597              This only comes in effect if cycle based assignment  is  enabled
598              and  there  are  more  than one non-isolated PMDs present and at
599              least one of it polls more than one queue.
600
601       other_config : pmd-auto-lb-rebal-interval: optional string,  containing
602       an integer, in range 0 to 20,000
603              The  minimum  time (in minutes) 2 consecutive PMD Auto Load Bal‐
604              ancing iterations.
605
606              The defaul value is 1 min. If configured to 0 then it  would  be
607              converted to default value i.e. 1 min
608
609              This  option can be configured to avoid frequent trigger of auto
610              load balancing of PMDs. For e.g. set the  value  (in  min)  such
611              that it occurs once in few hours or a day or a week.
612
613     Status:
614
615       next_cfg: integer
616              Sequence  number for client to increment. When a client modifies
617              any part of the database configuration and wishes  to  wait  for
618              Open  vSwitch  to  finish applying the changes, it may increment
619              this sequence number.
620
621       cur_cfg: integer
622              Sequence number that Open vSwitch sets to the current  value  of
623              next_cfg  after  it  finishes  applying  a  set of configuration
624              changes.
625
626       dpdk_initialized: boolean
627              True if other_config:dpdk-init is  set  to  true  and  the  DPDK
628              library is successfully initialized.
629
630     Statistics:
631
632       The  statistics  column contains key-value pairs that report statistics
633       about a system running an Open vSwitch. These are updated  periodically
634       (currently, every 5 seconds). Key-value pairs that cannot be determined
635       or that do not apply to a platform are omitted.
636
637       other_config : enable-statistics: optional string, either true or false
638              Statistics are disabled by default to avoid overhead in the com‐
639              mon case when statistics gathering is not useful. Set this value
640              to true to enable populating the statistics column or  to  false
641              to explicitly disable it.
642
643       statistics : cpu: optional string, containing an integer, at least 1
644              Number of CPU processors, threads, or cores currently online and
645              available to the operating system on which Open vSwitch is  run‐
646              ning, as an integer. This may be less than the number installed,
647              if some are not online or if they are not available to the oper‐
648              ating system.
649
650              Open  vSwitch userspace processes are not multithreaded, but the
651              Linux kernel-based datapath is.
652
653       statistics : load_average: optional string
654              A comma-separated list of three floating-point  numbers,  repre‐
655              senting  the system load average over the last 1, 5, and 15 min‐
656              utes, respectively.
657
658       statistics : memory: optional string
659              A comma-separated list of integers, each of which  represents  a
660              quantity  of  memory  in  kilobytes that describes the operating
661              system on which Open vSwitch is running.  In  respective  order,
662              these values are:
663
664              1.  Total amount of RAM allocated to the OS.
665
666              2.  RAM allocated to the OS that is in use.
667
668              3.  RAM  that  can be flushed out to disk or otherwise discarded
669                  if that space is needed for another purpose. This number  is
670                  necessarily less than or equal to the previous value.
671
672              4.  Total disk space allocated for swap.
673
674              5.  Swap space currently in use.
675
676              On Linux, all five values can be determined and are included. On
677              other operating systems, only the first two values can be deter‐
678              mined, so the list will only have two values.
679
680       statistics : process_NAME: optional string
681              One  such  key-value pair, with NAME replaced by a process name,
682              will exist for each running Open vSwitch  daemon  process,  with
683              name  replaced by the daemon’s name (e.g. process_ovs-vswitchd).
684              The value is a comma-separated list of  integers.  The  integers
685              represent  the  following, with memory measured in kilobytes and
686              durations in milliseconds:
687
688              1.  The process’s virtual memory size.
689
690              2.  The process’s resident set size.
691
692              3.  The amount of user and  system  CPU  time  consumed  by  the
693                  process.
694
695              4.  The  number  of  times that the process has crashed and been
696                  automatically restarted by the monitor.
697
698              5.  The duration since the process was started.
699
700              6.  The duration for which the process has been running.
701
702              The interpretation of some of these values  depends  on  whether
703              the  process was started with the --monitor. If it was not, then
704              the crash count will always be 0  and  the  two  durations  will
705              always be the same. If --monitor was given, then the crash count
706              may be positive; if it is, the latter duration is the amount  of
707              time since the most recent crash and restart.
708
709              There will be one key-value pair for each file in Open vSwitch’s
710              ``run directory’’ (usually /var/run/openvswitch) whose name ends
711              in .pid, whose contents are a process ID, and which is locked by
712              a running process. The name is taken from the pidfile’s name.
713
714              Currently Open vSwitch is only able to obtain all of  the  above
715              detail  on  Linux  systems. On other systems, the same key-value
716              pairs will be present but the values will always  be  the  empty
717              string.
718
719       statistics : file_systems: optional string
720              A  space-separated  list  of information on local, writable file
721              systems. Each item in the list describes  one  file  system  and
722              consists in turn of a comma-separated list of the following:
723
724              1.  Mount point, e.g. / or /var/log. Any spaces or commas in the
725                  mount point are replaced by underscores.
726
727              2.  Total size, in kilobytes, as an integer.
728
729              3.  Amount of storage in use, in kilobytes, as an integer.
730
731              This key-value pair is omitted if there are no  local,  writable
732              file  systems or if Open vSwitch cannot obtain the needed infor‐
733              mation.
734
735     Version Reporting:
736
737       These columns report the types and versions of the hardware  and  soft‐
738       ware running Open vSwitch. We recommend in general that software should
739       test whether specific features are supported instead of relying on ver‐
740       sion  number  checks. These values are primarily intended for reporting
741       to human administrators.
742
743       ovs_version: optional string
744              The Open vSwitch version number, e.g. 1.1.0.
745
746       db_version: optional string
747              The database schema  version  number,  e.g.  1.2.3.  See  ovsdb-
748              tool(1) for an explanation of the numbering scheme.
749
750              The  schema  version  is  part of the database schema, so it can
751              also be retrieved by fetching the schema using the Open  vSwitch
752              database protocol.
753
754       system_type: optional string
755              An  identifier  for  the  type  of  system  on top of which Open
756              vSwitch runs, e.g. XenServer or KVM.
757
758              System integrators are responsible for choosing and  setting  an
759              appropriate value for this column.
760
761       system_version: optional string
762              The  version  of  the  system  identified  by  system_type, e.g.
763              5.6.100-39265p on XenServer 5.6.100 build 39265.
764
765              System integrators are responsible for choosing and  setting  an
766              appropriate value for this column.
767
768       dpdk_version: optional string
769              The version of the linked DPDK library.
770
771     Capabilities:
772
773       These columns report capabilities of the Open vSwitch instance.
774
775       datapath_types: set of strings
776              This column reports the different dpifs registered with the sys‐
777              tem. These are the values that this  instance  supports  in  the
778              datapath_type column of the Bridge table.
779
780       iface_types: set of strings
781              This  column  reports  the different netdevs registered with the
782              system. These are the values that this instance supports in  the
783              type column of the Interface table.
784
785     Database Configuration:
786
787       These   columns   primarily   configure   the   Open  vSwitch  database
788       (ovsdb-server), not the Open vSwitch switch (ovs-vswitchd).  The  OVSDB
789       database also uses the ssl settings.
790
791       The  Open vSwitch switch does read the database configuration to deter‐
792       mine remote IP addresses to which in-band control should apply.
793
794       manager_options: set of Managers
795              Database clients to  which  the  Open  vSwitch  database  server
796              should  connect or to which it should listen, along with options
797              for how these connections should be configured. See the  Manager
798              table for more information.
799
800              For  this column to serve its purpose, ovsdb-server must be con‐
801              figured to honor it. The easiest way to do  this  is  to  invoke
802              ovsdb-server             with             the             option
803              --remote=db:Open_vSwitch,Open_vSwitch,manager_options        The
804              startup scripts that accompany Open vSwitch do this by default.
805
806     IPsec:
807
808       These  settings  control the global configuration of IPsec tunnels. The
809       options column of the Interface table configures IPsec  for  individual
810       tunnels.
811
812       OVS  IPsec  supports  the following three forms of authentication. Cur‐
813       rently, all IPsec tunnels must use the same form:
814
815              1.  Pre-shared keys: Omit the global settings. On  each  tunnel,
816                  set options:psk.
817
818              2.  Self-signed  certificates:  Set the private_key and certifi‐
819                  cate    global    settings.    On    each    tunnel,     set
820                  options:remote_cert.  The  remote  certificate  can be self-
821                  signed.
822
823              3.  CA-signed certificates: Set all of the global  settings.  On
824                  each tunnel, set options:remote_name to the common name (CN)
825                  of the remote certificate. The remote  certificate  must  be
826                  signed by the CA.
827
828       other_config : private_key: optional string
829              Name  of  a  PEM  file  containing  the  private key used as the
830              switch’s identity for IPsec tunnels.
831
832       other_config : certificate: optional string
833              Name of a PEM file containing a certificate that  certifies  the
834              switch’s  private  key,  and identifies a trustworthy switch for
835              IPsec tunnels. The certificate must be x.509 version 3 and  with
836              the  string in common name (CN) also set in the subject alterna‐
837              tive name (SAN).
838
839       other_config : ca_cert: optional string
840              Name of a PEM file containing the CA certificate used to  verify
841              that a remote switch of the IPsec tunnel is trustworthy.
842
843     Plaintext Tunnel Policy:
844
845       When  an IPsec tunnel is configured in this database, multiple indepen‐
846       dent components take responsibility for implementing  it.  ovs-vswitchd
847       and  its datapath handle packet forwarding to the tunnel and a separate
848       daemon pushes the tunnel’s IPsec policy configuration to the kernel  or
849       other entity that implements it. There is a race: if the former config‐
850       uration completes before the latter, then packets  sent  by  the  local
851       host  over  the tunnel can be transmitted in plaintext. Using this set‐
852       ting, OVS users can avoid this undesirable situation.
853
854       other_config : ipsec_skb_mark: optional string
855              This setting takes the form value/mask. If it is specified, then
856              the  skb_mark  field  in  every outgoing tunneled packet sent in
857              plaintext is compared against it and, if it matches, the  packet
858              is  dropped.  This  is a global setting that is applied to every
859              tunneled packet,  regardless  of  whether  IPsec  encryption  is
860              enabled  for  the  tunnel, the type of tunnel, or whether OVS is
861              involved.
862
863              Example policies:
864
865              1/1    Drop all unencrypted tunneled packets in which the least-
866                     significant  bit of skb_mark is 1. This would be a useful
867                     policy given an OpenFlow flow table that sets skb_mark to
868                     1  for  traffic  that  should  be  encrypted. The default
869                     skb_mark is 0, so this would not affect other traffic.
870
871              0/1    Drop all unencrypted tunneled packets in which the least-
872                     significant  bit of skb_mark is 0. This would be a useful
873                     policy if no unencrypted tunneled traffic should exit the
874                     system  without  being  specially  whitelisted by setting
875                     skb_mark to 1.
876
877              (empty)
878                     If this setting is empty or unset, then  all  unencrypted
879                     tunneled packets are transmitted in the usual way.
880
881     Common Columns:
882
883       The  overall purpose of these columns is described under Common Columns
884       at the beginning of this document.
885
886       other_config: map of string-string pairs
887
888       external_ids: map of string-string pairs
889

Bridge TABLE

891       Configuration for a bridge within an Open_vSwitch.
892
893       A Bridge  record  represents  an  Ethernet  switch  with  one  or  more
894       ``ports,’’  which are the Port records pointed to by the Bridge’s ports
895       column.
896
897   Summary:
898       Core Features:
899         name                        immutable string (must be  unique  within
900                                     table)
901         ports                       set of Ports
902         mirrors                     set of Mirrors
903         netflow                     optional NetFlow
904         sflow                       optional sFlow
905         ipfix                       optional IPFIX
906         flood_vlans                 set  of  up to 4,096 integers, in range 0
907                                     to 4,095
908         auto_attach                 optional AutoAttach
909       OpenFlow Configuration:
910         controller                  set of Controllers
911         flow_tables                 map of integer-Flow_Table pairs,  key  in
912                                     range 0 to 254
913         fail_mode                   optional  string, either secure or stand‐
914                                     alone
915         datapath_id                 optional string
916         datapath_version            string
917         other_config : datapath-id  optional string
918         other_config : dp-desc      optional string
919         other_config : disable-in-band
920                                     optional string, either true or false
921         other_config : in-band-queue
922                                     optional string, containing  an  integer,
923                                     in range 0 to 4,294,967,295
924         protocols                   set  of strings, one of OpenFlow10, Open‐
925                                     Flow11,  OpenFlow12,  OpenFlow13,   Open‐
926                                     Flow14, or OpenFlow15
927       Spanning Tree Configuration:
928         STP Configuration:
929            stp_enable               boolean
930            other_config : stp-system-id
931                                     optional string
932            other_config : stp-priority
933                                     optional  string,  containing an integer,
934                                     in range 0 to 65,535
935            other_config : stp-hello-time
936                                     optional string, containing  an  integer,
937                                     in range 1 to 10
938            other_config : stp-max-age
939                                     optional  string,  containing an integer,
940                                     in range 6 to 40
941            other_config : stp-forward-delay
942                                     optional string, containing  an  integer,
943                                     in range 4 to 30
944            other_config : mcast-snooping-aging-time
945                                     optional  string,  containing an integer,
946                                     at least 1
947            other_config : mcast-snooping-table-size
948                                     optional string, containing  an  integer,
949                                     at least 1
950            other_config : mcast-snooping-disable-flood-unregistered
951                                     optional string, either true or false
952         STP Status:
953            status : stp_bridge_id   optional string
954            status : stp_designated_root
955                                     optional string
956            status : stp_root_path_cost
957                                     optional string
958       Rapid Spanning Tree:
959         RSTP Configuration:
960            rstp_enable              boolean
961            other_config : rstp-address
962                                     optional string
963            other_config : rstp-priority
964                                     optional  string,  containing an integer,
965                                     in range 0 to 61,440
966            other_config : rstp-ageing-time
967                                     optional string, containing  an  integer,
968                                     in range 10 to 1,000,000
969            other_config : rstp-force-protocol-version
970                                     optional string, containing an integer
971            other_config : rstp-max-age
972                                     optional  string,  containing an integer,
973                                     in range 6 to 40
974            other_config : rstp-forward-delay
975                                     optional string, containing  an  integer,
976                                     in range 4 to 30
977            other_config : rstp-transmit-hold-count
978                                     optional  string,  containing an integer,
979                                     in range 1 to 10
980         RSTP Status:
981            rstp_status : rstp_bridge_id
982                                     optional string
983            rstp_status : rstp_root_id
984                                     optional string
985            rstp_status : rstp_root_path_cost
986                                     optional string, containing  an  integer,
987                                     at least 0
988            rstp_status : rstp_designated_id
989                                     optional string
990            rstp_status : rstp_designated_port_id
991                                     optional string
992            rstp_status : rstp_bridge_port_id
993                                     optional string
994       Multicast Snooping Configuration:
995         mcast_snooping_enable       boolean
996       Other Features:
997         datapath_type               string
998         external_ids : bridge-id    optional string
999         external_ids : xs-network-uuids
1000                                     optional string
1001         other_config : hwaddr       optional string
1002         other_config : forward-bpdu
1003                                     optional string, either true or false
1004         other_config : mac-aging-time
1005                                     optional  string,  containing an integer,
1006                                     at least 1
1007         other_config : mac-table-size
1008                                     optional string, containing  an  integer,
1009                                     at least 1
1010       Common Columns:
1011         other_config                map of string-string pairs
1012         external_ids                map of string-string pairs
1013
1014   Details:
1015     Core Features:
1016
1017       name: immutable string (must be unique within table)
1018              Bridge  identifier.  Must  be  unique  among the names of ports,
1019              interfaces, and bridges on a host.
1020
1021              The name must be alphanumeric and must not  contain  forward  or
1022              backward  slashes.  The  name of a bridge is also the name of an
1023              Interface (and a Port) within the bridge, so the restrictions on
1024              the  name column in the Interface table, particularly on length,
1025              also apply to bridge  names.  Refer  to  the  documentation  for
1026              Interface names for details.
1027
1028       ports: set of Ports
1029              Ports included in the bridge.
1030
1031       mirrors: set of Mirrors
1032              Port mirroring configuration.
1033
1034       netflow: optional NetFlow
1035              NetFlow configuration.
1036
1037       sflow: optional sFlow
1038              sFlow(R) configuration.
1039
1040       ipfix: optional IPFIX
1041              IPFIX configuration.
1042
1043       flood_vlans: set of up to 4,096 integers, in range 0 to 4,095
1044              VLAN  IDs  of VLANs on which MAC address learning should be dis‐
1045              abled, so that packets are flooded instead of being sent to spe‐
1046              cific  ports  that  are believed to contain packets’ destination
1047              MACs. This should ordinarily be used to disable MAC learning  on
1048              VLANs  used  for  mirroring (RSPAN VLANs). It may also be useful
1049              for debugging.
1050
1051              SLB bonding (see the bond_mode column  in  the  Port  table)  is
1052              incompatible  with  flood_vlans.  Consider using another bonding
1053              mode or a different type of mirror instead.
1054
1055       auto_attach: optional AutoAttach
1056              Auto Attach configuration.
1057
1058     OpenFlow Configuration:
1059
1060       controller: set of Controllers
1061              OpenFlow controller set. If unset, then no OpenFlow  controllers
1062              will be used.
1063
1064              If  there  are  primary controllers, removing all of them clears
1065              the OpenFlow flow tables, group table, and meter table. If there
1066              are no primary controllers, adding one also clears these tables.
1067              Other changes to the set  of  controllers,  such  as  adding  or
1068              removing a service controller, adding another primary controller
1069              to supplement an existing primary controller, or  removing  only
1070              one of two primary controllers, have no effect on these tables.
1071
1072       flow_tables: map of integer-Flow_Table pairs, key in range 0 to 254
1073              Configuration  for OpenFlow tables. Each pair maps from an Open‐
1074              Flow table ID to configuration for that table.
1075
1076       fail_mode: optional string, either secure or standalone
1077              When a controller is configured, it is, ordinarily,  responsible
1078              for  setting up all flows on the switch. Thus, if the connection
1079              to the controller fails, no new network connections can  be  set
1080              up.  If the connection to the controller stays down long enough,
1081              no packets can pass through the  switch  at  all.  This  setting
1082              determines  the switch’s response to such a situation. It may be
1083              set to one of the following:
1084
1085              standalone
1086                     If no message is received from the controller  for  three
1087                     times   the   inactivity  probe  interval  (see  inactiv‐
1088                     ity_probe), then Open vSwitch will take over responsibil‐
1089                     ity  for  setting  up  flows.  In this mode, Open vSwitch
1090                     causes the bridge to act like  an  ordinary  MAC-learning
1091                     switch. Open vSwitch will continue to retry connecting to
1092                     the controller in the background and, when the connection
1093                     succeeds, it will discontinue its standalone behavior.
1094
1095              secure Open  vSwitch  will  not set up flows on its own when the
1096                     controller connection fails or when  no  controllers  are
1097                     defined.  The bridge will continue to retry connecting to
1098                     any defined controllers forever.
1099
1100              The default is standalone if the value is unset, but future ver‐
1101              sions of Open vSwitch may change the default.
1102
1103              The standalone mode can create forwarding loops on a bridge that
1104              has more than one uplink port unless STP is  enabled.  To  avoid
1105              loops on such a bridge, configure secure mode or enable STP (see
1106              stp_enable).
1107
1108              The fail_mode setting applies only to primary controllers.  When
1109              more  than  one  primary  controller is configured, fail_mode is
1110              considered only when none of the configured controllers  can  be
1111              contacted.
1112
1113              Changing  fail_mode  when  no primary controllers are configured
1114              clears the OpenFlow flow tables, group table, and meter table.
1115
1116       datapath_id: optional string
1117              Reports the OpenFlow datapath ID in use. Exactly 16 hex  digits.
1118              (Setting  this  column  has  no  useful  effect.  Set other-con‐
1119              fig:datapath-id instead.)
1120
1121       datapath_version: string
1122              Reports the version number of the Open vSwitch datapath in  use.
1123              This  allows management software to detect and report discrepan‐
1124              cies between Open vSwitch userspace and datapath versions.  (The
1125              ovs_version  column in the Open_vSwitch reports the Open vSwitch
1126              userspace version.) The version reported depends on the datapath
1127              in use:
1128
1129              ·      When  the  kernel  module  included  in  the Open vSwitch
1130                     source tree is used, this column reports the Open vSwitch
1131                     version from which the module was taken.
1132
1133              ·      When the kernel module that is part of the upstream Linux
1134                     kernel is used, this column reports <unknown>.
1135
1136              ·      When the datapath is built into the ovs-vswitchd  binary,
1137                     this column reports <built-in>. A built-in datapath is by
1138                     definition the same version  as  the  rest  of  the  Open
1139                     VSwitch userspace.
1140
1141              ·      Other  datapaths  (such  as  the Hyper-V kernel datapath)
1142                     currently report <unknown>.
1143
1144              A version discrepancy between ovs-vswitchd and the  datapath  in
1145              use  is  not  normally  cause for alarm. The Open vSwitch kernel
1146              datapaths for Linux and Hyper-V, in particular, are designed for
1147              maximum inter-version compatibility: any userspace version works
1148              with with any kernel version. Some reasons do exist to insist on
1149              particular  user/kernel  pairings.  First, newer kernel versions
1150              add new features, that can only be used by new-enough userspace,
1151              e.g. VXLAN tunneling requires certain minimal userspace and ker‐
1152              nel versions. Second, as an extension to the first reason,  some
1153              newer kernel versions add new features for enhancing performance
1154              that only new-enough userspace versions can take advantage of.
1155
1156       other_config : datapath-id: optional string
1157              Overrides the default OpenFlow datapath ID, setting  it  to  the
1158              specified  value  specified in hex. The value must either have a
1159              0x prefix or be exactly 16 hex digits long. May not be all-zero.
1160
1161       other_config : dp-desc: optional string
1162              Human readable description of datapath.  It  is  a  maximum  256
1163              byte-long  free-form  string to describe the datapath for debug‐
1164              ging purposes, e.g. switch3 in room 3120.
1165
1166       other_config : disable-in-band: optional string, either true or false
1167              If set to true, disable in-band control on the bridge regardless
1168              of controller and manager settings.
1169
1170       other_config  :  in-band-queue: optional string, containing an integer,
1171       in range 0 to 4,294,967,295
1172              A queue ID as a nonnegative  integer.  This  sets  the  OpenFlow
1173              queue ID that will be used by flows set up by in-band control on
1174              this bridge. If unset, or if the port used by an in-band control
1175              flow  does not have QoS configured, or if the port does not have
1176              a queue with  the  specified  ID,  the  default  queue  is  used
1177              instead.
1178
1179       protocols:  set  of strings, one of OpenFlow10, OpenFlow11, OpenFlow12,
1180       OpenFlow13, OpenFlow14, or OpenFlow15
1181              List of OpenFlow protocols that may be used when  negotiating  a
1182              connection  with a controller. OpenFlow 1.0, 1.1, 1.2, 1.3, 1.4,
1183              and 1.5 are enabled by default if this column is empty.
1184
1185     Spanning Tree Configuration:
1186
1187       The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol that
1188       ensures  loop-free topologies. It allows redundant links to be included
1189       in the network to provide automatic backup paths if  the  active  links
1190       fails.
1191
1192       These  settings  configure the slower-to-converge but still widely sup‐
1193       ported  version  of  Spanning  Tree  Protocol,   sometimes   known   as
1194       802.1D-1998.  Open  vSwitch also supports the newer Rapid Spanning Tree
1195       Protocol (RSTP), documented later in the section titled Rapid  Spanning
1196       Tree Configuration.
1197
1198     STP Configuration:
1199
1200       stp_enable: boolean
1201              Enable  spanning tree on the bridge. By default, STP is disabled
1202              on bridges. Bond, internal, and mirror ports are  not  supported
1203              and will not participate in the spanning tree.
1204
1205              STP  and  RSTP are mutually exclusive. If both are enabled, RSTP
1206              will be used.
1207
1208       other_config : stp-system-id: optional string
1209              The bridge’s STP identifier (the lower 48 bits of the bridge-id)
1210              in the form xx:xx:xx:xx:xx:xx. By default, the identifier is the
1211              MAC address of the bridge.
1212
1213       other_config : stp-priority: optional string, containing an integer, in
1214       range 0 to 65,535
1215              The  bridge’s  relative  priority value for determining the root
1216              bridge (the upper 16 bits of the bridge-id). A bridge  with  the
1217              lowest  bridge-id  is elected the root. By default, the priority
1218              is 0x8000.
1219
1220       other_config : stp-hello-time: optional string, containing an  integer,
1221       in range 1 to 10
1222              The  interval  between transmissions of hello messages by desig‐
1223              nated ports, in seconds. By default the hello interval is 2 sec‐
1224              onds.
1225
1226       other_config  : stp-max-age: optional string, containing an integer, in
1227       range 6 to 40
1228              The maximum age of the information  transmitted  by  the  bridge
1229              when  it is the root bridge, in seconds. By default, the maximum
1230              age is 20 seconds.
1231
1232       other_config : stp-forward-delay: optional string, containing an  inte‐
1233       ger, in range 4 to 30
1234              The  delay  to  wait  between  transitioning root and designated
1235              ports to forwarding, in  seconds.  By  default,  the  forwarding
1236              delay is 15 seconds.
1237
1238       other_config  :  mcast-snooping-aging-time: optional string, containing
1239       an integer, at least 1
1240              The maximum number of seconds to  retain  a  multicast  snooping
1241              entry  for  which no packets have been seen. The default is cur‐
1242              rently 300 seconds (5 minutes).  The  value,  if  specified,  is
1243              forced into a reasonable range, currently 15 to 3600 seconds.
1244
1245       other_config  :  mcast-snooping-table-size: optional string, containing
1246       an integer, at least 1
1247              The maximum number of multicast snooping addresses to learn. The
1248              default  is  currently  2048. The value, if specified, is forced
1249              into a reasonable range, currently 10 to 1,000,000.
1250
1251       other_config  :   mcast-snooping-disable-flood-unregistered:   optional
1252       string, either true or false
1253              If set to false, unregistered multicast packets are forwarded to
1254              all ports. If set to true, unregistered  multicast  packets  are
1255              forwarded to ports connected to multicast routers.
1256
1257     STP Status:
1258
1259       These  key-value  pairs  report  the  status  of  802.1D-1998. They are
1260       present only if STP is enabled (via the stp_enable column).
1261
1262       status : stp_bridge_id: optional string
1263              The bridge ID used in spanning tree advertisements, in the  form
1264              xxxx.yyyyyyyyyyyy  where the xs are the STP priority, the ys are
1265              the STP system ID, and each x and y is a hex digit.
1266
1267       status : stp_designated_root: optional string
1268              The designated root for this spanning tree, in the same form  as
1269              status:stp_bridge_id. If this bridge is the root, this will have
1270              the same value as status:stp_bridge_id, otherwise it  will  dif‐
1271              fer.
1272
1273       status : stp_root_path_cost: optional string
1274              The  path cost of reaching the designated bridge. A lower number
1275              is better. The value is 0 if this bridge is the root,  otherwise
1276              it is higher.
1277
1278     Rapid Spanning Tree:
1279
1280       Rapid  Spanning  Tree  Protocol (RSTP), like STP, is a network protocol
1281       that ensures loop-free topologies. RSTP superseded STP with the  publi‐
1282       cation of 802.1D-2004. Compared to STP, RSTP converges more quickly and
1283       recovers more quickly from failures.
1284
1285     RSTP Configuration:
1286
1287       rstp_enable: boolean
1288              Enable Rapid Spanning Tree on the bridge. By  default,  RSTP  is
1289              disabled  on  bridges.  Bond, internal, and mirror ports are not
1290              supported and will not participate in the spanning tree.
1291
1292              STP and RSTP are mutually exclusive. If both are  enabled,  RSTP
1293              will be used.
1294
1295       other_config : rstp-address: optional string
1296              The  bridge’s  RSTP address (the lower 48 bits of the bridge-id)
1297              in the form xx:xx:xx:xx:xx:xx. By default, the  address  is  the
1298              MAC address of the bridge.
1299
1300       other_config  :  rstp-priority: optional string, containing an integer,
1301       in range 0 to 61,440
1302              The bridge’s relative priority value for  determining  the  root
1303              bridge  (the  upper 16 bits of the bridge-id). A bridge with the
1304              lowest bridge-id is elected the root. By default,  the  priority
1305              is  0x8000  (32768).  This value needs to be a multiple of 4096,
1306              otherwise it’s rounded to the nearest inferior one.
1307
1308       other_config : rstp-ageing-time: optional string, containing  an  inte‐
1309       ger, in range 10 to 1,000,000
1310              The  Ageing  Time parameter for the Bridge. The default value is
1311              300 seconds.
1312
1313       other_config : rstp-force-protocol-version: optional string, containing
1314       an integer
1315              The  Force  Protocol  Version parameter for the Bridge. This can
1316              take the value 0 (STP Compatibility mode)  or  2  (the  default,
1317              normal operation).
1318
1319       other_config : rstp-max-age: optional string, containing an integer, in
1320       range 6 to 40
1321              The maximum age of the information  transmitted  by  the  Bridge
1322              when it is the Root Bridge. The default value is 20.
1323
1324       other_config : rstp-forward-delay: optional string, containing an inte‐
1325       ger, in range 4 to 30
1326              The delay used by STP Bridges to transition Root and  Designated
1327              Ports to Forwarding. The default value is 15.
1328
1329       other_config : rstp-transmit-hold-count: optional string, containing an
1330       integer, in range 1 to 10
1331              The Transmit Hold Count used by the Port Transmit state  machine
1332              to limit transmission rate. The default value is 6.
1333
1334     RSTP Status:
1335
1336       These  key-value  pairs  report  the  status  of  802.1D-2004. They are
1337       present only if RSTP is enabled (via the rstp_enable column).
1338
1339       rstp_status : rstp_bridge_id: optional string
1340              The bridge ID used in rapid spanning tree advertisements, in the
1341              form x.yyy.zzzzzzzzzzzz where x is the RSTP priority, the ys are
1342              a locally assigned system ID extension, the zs are the STP  sys‐
1343              tem ID, and each x, y, or z is a hex digit.
1344
1345       rstp_status : rstp_root_id: optional string
1346              The  root  of  this spanning tree, in the same form as rstp_sta‐
1347              tus:rstp_bridge_id. If this bridge is the root, this  will  have
1348              the  same value as rstp_status:rstp_bridge_id, otherwise it will
1349              differ.
1350
1351       rstp_status : rstp_root_path_cost: optional string, containing an inte‐
1352       ger, at least 0
1353              The  path  cost  of reaching the root. A lower number is better.
1354              The value is 0 if this bridge  is  the  root,  otherwise  it  is
1355              higher.
1356
1357       rstp_status : rstp_designated_id: optional string
1358              The   RSTP   designated  ID,  in  the  same  form  as  rstp_sta‐
1359              tus:rstp_bridge_id.
1360
1361       rstp_status : rstp_designated_port_id: optional string
1362              The RSTP designated port ID, as a 4-digit hex number.
1363
1364       rstp_status : rstp_bridge_port_id: optional string
1365              The RSTP bridge port ID, as a 4-digit hex number.
1366
1367     Multicast Snooping Configuration:
1368
1369       Multicast snooping (RFC 4541) monitors the  Internet  Group  Management
1370       Protocol  (IGMP) and Multicast Listener Discovery traffic between hosts
1371       and multicast routers. The switch  uses  what  IGMP  and  MLD  snooping
1372       learns  to  forward  multicast traffic only to interfaces that are con‐
1373       nected to interested receivers. Currently it supports  IGMPv1,  IGMPv2,
1374       IGMPv3, MLDv1 and MLDv2 protocols.
1375
1376       mcast_snooping_enable: boolean
1377              Enable multicast snooping on the bridge. For now, the default is
1378              disabled.
1379
1380     Other Features:
1381
1382       datapath_type: string
1383              Name of datapath provider. The kernel datapath has type  system.
1384              The  userspace  datapath has type netdev. A manager may refer to
1385              the datapath_types column of the Open_vSwitch table for  a  list
1386              of the types accepted by this Open vSwitch instance.
1387
1388       external_ids : bridge-id: optional string
1389              A unique identifier of the bridge. On Citrix XenServer this will
1390              commonly be the same as external_ids:xs-network-uuids.
1391
1392       external_ids : xs-network-uuids: optional string
1393              Semicolon-delimited set of universally unique identifier(s)  for
1394              the  network  with  which  this bridge is associated on a Citrix
1395              XenServer host. The network identifiers are RFC  4122  UUIDs  as
1396              displayed by, e.g., xe network-list.
1397
1398       other_config : hwaddr: optional string
1399              An  Ethernet  address  in  the form xx:xx:xx:xx:xx:xx to set the
1400              hardware address of the local port and  influence  the  datapath
1401              ID.
1402
1403       other_config : forward-bpdu: optional string, either true or false
1404              Controls  forwarding  of  BPDUs and other network control frames
1405              when NORMAL action is invoked. When  this  option  is  false  or
1406              unset, frames with reserved Ethernet addresses (see table below)
1407              will not be forwarded. When this option  is  true,  such  frames
1408              will not be treated specially.
1409
1410              The above general rule has the following exceptions:
1411
1412              ·      If  STP is enabled on the bridge (see the stp_enable col‐
1413                     umn in  the  Bridge  table),  the  bridge  processes  all
1414                     received STP packets and never passes them to OpenFlow or
1415                     forwards them. This is true even if STP is disabled on an
1416                     individual port.
1417
1418              ·      If  LLDP  is enabled on an interface (see the lldp column
1419                     in the Interface table), the interface processes received
1420                     LLDP  packets  and  never passes them to OpenFlow or for‐
1421                     wards them.
1422
1423              Set this option to true if the Open vSwitch bridge connects dif‐
1424              ferent Ethernet networks and is not configured to participate in
1425              STP.
1426
1427              This option affects packets with the following  destination  MAC
1428              addresses:
1429
1430              01:80:c2:00:00:00
1431                     IEEE 802.1D Spanning Tree Protocol (STP).
1432
1433              01:80:c2:00:00:01
1434                     IEEE Pause frame.
1435
1436              01:80:c2:00:00:0x
1437                     Other reserved protocols.
1438
1439              00:e0:2b:00:00:00
1440                     Extreme Discovery Protocol (EDP).
1441
1442              00:e0:2b:00:00:04 and 00:e0:2b:00:00:06
1443                     Ethernet Automatic Protection Switching (EAPS).
1444
1445              01:00:0c:cc:cc:cc
1446                     Cisco  Discovery  Protocol  (CDP), VLAN Trunking Protocol
1447                     (VTP), Dynamic Trunking Protocol (DTP), Port  Aggregation
1448                     Protocol (PAgP), and others.
1449
1450              01:00:0c:cc:cc:cd
1451                     Cisco Shared Spanning Tree Protocol PVSTP+.
1452
1453              01:00:0c:cd:cd:cd
1454                     Cisco STP Uplink Fast.
1455
1456              01:00:0c:00:00:00
1457                     Cisco Inter Switch Link.
1458
1459              01:00:0c:cc:cc:cx
1460                     Cisco CFM.
1461
1462       other_config  : mac-aging-time: optional string, containing an integer,
1463       at least 1
1464              The maximum number of seconds to retain a MAC learning entry for
1465              which  no  packets  have been seen. The default is currently 300
1466              seconds (5 minutes). The value, if specified, is forced  into  a
1467              reasonable range, currently 15 to 3600 seconds.
1468
1469              A  short  MAC aging time allows a network to more quickly detect
1470              that a host is no longer connected to a switch port. However, it
1471              also  makes it more likely that packets will be flooded unneces‐
1472              sarily, when they are addressed to a connected host that  rarely
1473              transmits packets. To reduce the incidence of unnecessary flood‐
1474              ing, use a MAC aging time longer than the  maximum  interval  at
1475              which a host will ordinarily transmit packets.
1476
1477       other_config  : mac-table-size: optional string, containing an integer,
1478       at least 1
1479              The maximum number of MAC addresses to  learn.  The  default  is
1480              currently  8192.  The value, if specified, is forced into a rea‐
1481              sonable range, currently 10 to 1,000,000.
1482
1483     Common Columns:
1484
1485       The overall purpose of these columns is described under Common  Columns
1486       at the beginning of this document.
1487
1488       other_config: map of string-string pairs
1489
1490       external_ids: map of string-string pairs
1491

Port TABLE

1493       A port within a Bridge.
1494
1495       Most  commonly, a port has exactly one ``interface,’’ pointed to by its
1496       interfaces column. Such a port logically corresponds to  a  port  on  a
1497       physical  Ethernet  switch.  A  port  with more than one interface is a
1498       ``bonded port’’ (see Bonding Configuration).
1499
1500       Some properties that one might think as belonging to a port  are  actu‐
1501       ally part of the port’s Interface members.
1502
1503   Summary:
1504       name                          immutable  string  (must be unique within
1505                                     table)
1506       interfaces                    set of 1 or more Interfaces
1507       VLAN Configuration:
1508         vlan_mode                   optional   string,   one    of    access,
1509                                     dot1q-tunnel,              native-tagged,
1510                                     native-untagged, or trunk
1511         tag                         optional integer, in range 0 to 4,095
1512         trunks                      set of up to 4,096 integers, in  range  0
1513                                     to 4,095
1514         cvlans                      set  of  up to 4,096 integers, in range 0
1515                                     to 4,095
1516         other_config : qinq-ethtype
1517                                     optional string, either 802.1ad or 802.1q
1518         other_config : priority-tags
1519                                     optional   string,   one    of    always,
1520                                     if-nonzero, or never
1521       Bonding Configuration:
1522         bond_mode                   optional  string,  one  of active-backup,
1523                                     balance-slb, or balance-tcp
1524         other_config : bond-hash-basis
1525                                     optional string, containing an integer
1526         Link Failure Detection:
1527            other_config : bond-detect-mode
1528                                     optional string, either carrier or miimon
1529            other_config : bond-miimon-interval
1530                                     optional string, containing an integer
1531            bond_updelay             integer
1532            bond_downdelay           integer
1533         LACP Configuration:
1534            lacp                     optional string, one of active,  off,  or
1535                                     passive
1536            other_config : lacp-system-id
1537                                     optional string
1538            other_config : lacp-system-priority
1539                                     optional  string,  containing an integer,
1540                                     in range 1 to 65,535
1541            other_config : lacp-time optional string, either fast or slow
1542            other_config : lacp-fallback-ab
1543                                     optional string, either true or false
1544         Rebalancing Configuration:
1545            other_config : bond-rebalance-interval
1546                                     optional string, containing  an  integer,
1547                                     in range 0 to 10,000
1548         bond_fake_iface             boolean
1549       Spanning Tree Protocol:
1550         STP Configuration:
1551            other_config : stp-enable
1552                                     optional string, either true or false
1553            other_config : stp-port-num
1554                                     optional  string,  containing an integer,
1555                                     in range 1 to 255
1556            other_config : stp-port-priority
1557                                     optional string, containing  an  integer,
1558                                     in range 0 to 255
1559            other_config : stp-path-cost
1560                                     optional  string,  containing an integer,
1561                                     in range 0 to 65,535
1562         STP Status:
1563            status : stp_port_id     optional string
1564            status : stp_state       optional string, one  of  blocking,  dis‐
1565                                     abled, forwarding, learning, or listening
1566            status : stp_sec_in_state
1567                                     optional  string,  containing an integer,
1568                                     at least 0
1569            status : stp_role        optional string, one of alternate, desig‐
1570                                     nated, or root
1571       Rapid Spanning Tree Protocol:
1572         RSTP Configuration:
1573            other_config : rstp-enable
1574                                     optional string, either true or false
1575            other_config : rstp-port-priority
1576                                     optional  string,  containing an integer,
1577                                     in range 0 to 240
1578            other_config : rstp-port-num
1579                                     optional string, containing  an  integer,
1580                                     in range 1 to 4,095
1581            other_config : rstp-port-path-cost
1582                                     optional string, containing an integer
1583            other_config : rstp-port-admin-edge
1584                                     optional string, either true or false
1585            other_config : rstp-port-auto-edge
1586                                     optional string, either true or false
1587            other_config : rstp-port-mcheck
1588                                     optional string, either true or false
1589         RSTP Status:
1590            rstp_status : rstp_port_id
1591                                     optional string
1592            rstp_status : rstp_port_role
1593                                     optional   string,   one   of  Alternate,
1594                                     Backup, Designated, Disabled, or Root
1595            rstp_status : rstp_port_state
1596                                     optional string, one  of  Disabled,  Dis‐
1597                                     carding, Forwarding, or Learning
1598            rstp_status : rstp_designated_bridge_id
1599                                     optional string
1600            rstp_status : rstp_designated_port_id
1601                                     optional string
1602            rstp_status : rstp_designated_path_cost
1603                                     optional string, containing an integer
1604         RSTP Statistics:
1605            rstp_statistics : rstp_tx_count
1606                                     optional integer
1607            rstp_statistics : rstp_rx_count
1608                                     optional integer
1609            rstp_statistics : rstp_error_count
1610                                     optional integer
1611            rstp_statistics : rstp_uptime
1612                                     optional integer
1613       Multicast Snooping:
1614         other_config : mcast-snooping-flood
1615                                     optional string, either true or false
1616         other_config : mcast-snooping-flood-reports
1617                                     optional string, either true or false
1618       Other Features:
1619         qos                         optional QoS
1620         mac                         optional string
1621         fake_bridge                 boolean
1622         protected                   boolean
1623         external_ids : fake-bridge-id-*
1624                                     optional string
1625         other_config : transient    optional string, either true or false
1626       bond_active_slave             optional string
1627       Port Statistics:
1628         Statistics: STP transmit and receive counters:
1629            statistics : stp_tx_count
1630                                     optional integer
1631            statistics : stp_rx_count
1632                                     optional integer
1633            statistics : stp_error_count
1634                                     optional integer
1635       Common Columns:
1636         other_config                map of string-string pairs
1637         external_ids                map of string-string pairs
1638
1639   Details:
1640       name: immutable string (must be unique within table)
1641              Port name. For a non-bonded port, this should be the same as its
1642              interface’s name. Port names must otherwise be unique among  the
1643              names  of ports, interfaces, and bridges on a host. Because port
1644              and interfaces names are usually the same, the  restrictions  on
1645              the  name column in the Interface table, particularly on length,
1646              also apply to port names. Refer to the documentation for  Inter‐
1647              face names for details.
1648
1649       interfaces: set of 1 or more Interfaces
1650              The  port’s  interfaces.  If  there  is more than one, this is a
1651              bonded Port.
1652
1653     VLAN Configuration:
1654
1655       In short, a VLAN (short for ``virtual LAN’’) is a way  to  partition  a
1656       single switch into multiple switches. VLANs can be confusing, so for an
1657       introduction, please refer to the question ``What’s a  VLAN?’’  in  the
1658       Open vSwitch FAQ.
1659
1660       A  VLAN  is  sometimes  encoded into a packet using a 802.1Q or 802.1ad
1661       VLAN header, but every packet is part of some VLAN whether or not it is
1662       encoded  in  the packet. (A packet that appears to have no VLAN is part
1663       of VLAN 0, by default.) As a result, it’s useful to think of a VLAN  as
1664       a metadata property of a packet, separate from how the VLAN is encoded.
1665       For a given port, this column determines how the encoding of  a  packet
1666       that  ingresses  or egresses the port maps to the packet’s VLAN. When a
1667       packet enters the switch, its VLAN is determined based on  its  setting
1668       in  this  column  and its VLAN headers, if any, and then, conceptually,
1669       the VLAN headers are then stripped off. Conversely, when a packet exits
1670       the  switch,  its  VLAN  and the settings in this column determine what
1671       VLAN headers, if any, are pushed onto the packet before it egresses the
1672       port.
1673
1674       The VLAN configuration in this column affects Open vSwitch only when it
1675       is doing ``normal switching.’’ It does not affect flows set  up  by  an
1676       OpenFlow controller, outside of the OpenFlow ``normal action.’’
1677
1678       Bridge ports support the following types of VLAN configuration:
1679
1680              trunk  A  trunk  port  carries  packets on one or more specified
1681                     VLANs specified in the trunks  column  (often,  on  every
1682                     VLAN).  A packet that ingresses on a trunk port is in the
1683                     VLAN specified in its 802.1Q header, or  VLAN  0  if  the
1684                     packet  has  no  802.1Q  header.  A  packet that egresses
1685                     through a trunk port will have an 802.1Q header if it has
1686                     a nonzero VLAN ID.
1687
1688                     Any  packet  that ingresses on a trunk port tagged with a
1689                     VLAN that the port does not trunk is dropped.
1690
1691              access An access port carries packets on exactly one VLAN speci‐
1692                     fied  in  the  tag column. Packets egressing on an access
1693                     port have no 802.1Q header.
1694
1695                     Any packet with an 802.1Q header with a nonzero  VLAN  ID
1696                     that  ingresses  on an access port is dropped, regardless
1697                     of whether the VLAN ID in the header is the access port’s
1698                     VLAN ID.
1699
1700              native-tagged
1701                     A  native-tagged  port  resembles  a trunk port, with the
1702                     exception that a packet without  an  802.1Q  header  that
1703                     ingresses  on  a  native-tagged  port  is in the ``native
1704                     VLAN’’ (specified in the tag column).
1705
1706              native-untagged
1707                     A native-untagged port resembles  a  native-tagged  port,
1708                     with  the  exception  that  a  packet  that egresses on a
1709                     native-untagged port in the native VLAN will not have  an
1710                     802.1Q header.
1711
1712              dot1q-tunnel
1713                     A dot1q-tunnel port is somewhat like an access port. Like
1714                     an access port, it carries packets  on  the  single  VLAN
1715                     specified  in  the  tag  column and this VLAN, called the
1716                     service VLAN, does not appear in  an  802.1Q  header  for
1717                     packets that ingress or egress on the port. The main dif‐
1718                     ference lies in the behavior when packets that include  a
1719                     802.1Q header ingress on the port. Whereas an access port
1720                     drops such packets, a dot1q-tunnel port treats  these  as
1721                     double-tagged  with  the  outer  service VLAN tag and the
1722                     inner customer VLAN taken from the 802.1Q header.  Corre‐
1723                     spondingly,  to  egress  on the port, a packet outer VLAN
1724                     (or only VLAN) must  be  tag,  which  is  removed  before
1725                     egress, which exposes the inner (customer) VLAN if one is
1726                     present.
1727
1728                     If cvlans is set, only allows packets  in  the  specified
1729                     customer VLANs.
1730
1731       A  packet  will only egress through bridge ports that carry the VLAN of
1732       the packet, as described by the rules above.
1733
1734       vlan_mode: optional string, one of access, dot1q-tunnel, native-tagged,
1735       native-untagged, or trunk
1736              The  VLAN mode of the port, as described above. When this column
1737              is empty, a default mode is selected as follows:
1738
1739              ·      If tag contains a value, the port is an access port.  The
1740                     trunks column should be empty.
1741
1742              ·      Otherwise,  the  port  is a trunk port. The trunks column
1743                     value is honored if it is present.
1744
1745       tag: optional integer, in range 0 to 4,095
1746              For an access port, the port’s implicitly  tagged  VLAN.  For  a
1747              native-tagged  or  native-untagged port, the port’s native VLAN.
1748              Must be empty if this is a trunk port.
1749
1750       trunks: set of up to 4,096 integers, in range 0 to 4,095
1751              For a trunk, native-tagged, or native-untagged port, the  802.1Q
1752              VLAN  or  VLANs  that this port trunks; if it is empty, then the
1753              port trunks all VLANs. Must be empty if this is an access port.
1754
1755              A native-tagged or native-untagged port always trunks its native
1756              VLAN, regardless of whether trunks includes that VLAN.
1757
1758       cvlans: set of up to 4,096 integers, in range 0 to 4,095
1759              For  a  dot1q-tunnel  port,  the  customer  VLANs that this port
1760              includes. If this is  empty,  the  port  includes  all  customer
1761              VLANs.
1762
1763              For other kinds of ports, this setting is ignored.
1764
1765       other_config : qinq-ethtype: optional string, either 802.1ad or 802.1q
1766              For  a  dot1q-tunnel port, this is the TPID for the service tag,
1767              that is, for the 802.1Q header that contains  the  service  VLAN
1768              ID.  Because  packets  that actually ingress and egress a dot1q-
1769              tunnel port do not include an  802.1Q  header  for  the  service
1770              VLAN,  this  does  not  affect  packets on the dot1q-tunnel port
1771              itself. Rather, it determines the service VLAN for a packet that
1772              ingresses on a dot1q-tunnel port and egresses on a trunk port.
1773
1774              The  value  802.1ad  specifies  TPID  0x88a8,  which is also the
1775              default if the setting is omitted. The  value  802.1q  specifies
1776              TPID 0x8100.
1777
1778              For other kinds of ports, this setting is ignored.
1779
1780       other_config   :   priority-tags:   optional  string,  one  of  always,
1781       if-nonzero, or never
1782              An 802.1Q header contains two important pieces of information: a
1783              VLAN  ID  and  a priority. A frame with a zero VLAN ID, called a
1784              ``priority-tagged’’ frame, is supposed to be  treated  the  same
1785              way  as  a frame without an 802.1Q header at all (except for the
1786              priority).
1787
1788              However, some network elements ignore any frame that has  802.1Q
1789              header  at  all,  even  when  the VLAN ID is zero. Therefore, by
1790              default Open vSwitch does  not  output  priority-tagged  frames,
1791              instead  omitting  the  802.1Q header entirely if the VLAN ID is
1792              zero. Set this  key  to  if-nonzero  to  enable  priority-tagged
1793              frames on a port.
1794
1795              For if-nonzero Open vSwitch omits the 802.1Q header on output if
1796              both the VLAN ID and priority would be zero. Set  to  always  to
1797              retain the 802.1Q header in such frames as well.
1798
1799              All frames output to native-tagged ports have a nonzero VLAN ID,
1800              so this setting is not meaningful on native-tagged ports.
1801
1802     Bonding Configuration:
1803
1804       A port that has more than one interface is a ``bonded  port.’’  Bonding
1805       allows for load balancing and fail-over.
1806
1807       The  following  types  of  bonding  will work with any kind of upstream
1808       switch. On the upstream switch, do not configure the  interfaces  as  a
1809       bond:
1810
1811              balance-slb
1812                     Balances  flows  among slaves based on source MAC address
1813                     and output VLAN, with  periodic  rebalancing  as  traffic
1814                     patterns change.
1815
1816              active-backup
1817                     Assigns  all flows to one slave, failing over to a backup
1818                     slave when the active slave is disabled. This is the only
1819                     bonding mode in which interfaces may be plugged into dif‐
1820                     ferent upstream switches.
1821
1822       The following modes require the upstream switch to support 802.3ad with
1823       successful  LACP  negotiation. If LACP negotiation fails and other-con‐
1824       fig:lacp-fallback-ab is true, then active-backup mode is used:
1825
1826              balance-tcp
1827                     Balances flows among slaves based on L3 and  L4  protocol
1828                     information such as IP addresses and TCP/UDP ports.
1829
1830       These  columns  apply  only to bonded ports. Their values are otherwise
1831       ignored.
1832
1833       bond_mode: optional string, one of active-backup, balance-slb, or  bal‐
1834       ance-tcp
1835              The  type  of  bonding  used  for  a  bonded  port.  Defaults to
1836              active-backup if unset.
1837
1838       other_config : bond-hash-basis: optional string, containing an integer
1839              An integer hashed along with flows when choosing  output  slaves
1840              in load balanced bonds. When changed, all flows will be assigned
1841              different hash values possibly causing slave selection decisions
1842              to  change.  Does  not  affect bonding modes which do not employ
1843              load balancing such as active-backup.
1844
1845     Link Failure Detection:
1846
1847       An important part of link bonding is detecting that links are  down  so
1848       that  they  may  be disabled. These settings determine how Open vSwitch
1849       detects link failure.
1850
1851       other_config : bond-detect-mode: optional  string,  either  carrier  or
1852       miimon
1853              The  means  used  to  detect  link failures. Defaults to carrier
1854              which uses each interface’s carrier to detect failures. When set
1855              to  miimon,  will check for failures by polling each interface’s
1856              MII.
1857
1858       other_config : bond-miimon-interval:  optional  string,  containing  an
1859       integer
1860              The  interval,  in  milliseconds, between successive attempts to
1861              poll each interface’s MII. Relevant only when other_config:bond-
1862              detect-mode is miimon.
1863
1864       bond_updelay: integer
1865              The number of milliseconds for which the link must stay up on an
1866              interface before the interface is considered to be up. Specify 0
1867              to enable the interface immediately.
1868
1869              This  setting is honored only when at least one bonded interface
1870              is already enabled. When no interfaces  are  enabled,  then  the
1871              first bond interface to come up is enabled immediately.
1872
1873       bond_downdelay: integer
1874              The  number of milliseconds for which the link must stay down on
1875              an interface before the interface  is  considered  to  be  down.
1876              Specify 0 to disable the interface immediately.
1877
1878     LACP Configuration:
1879
1880       LACP,  the  Link Aggregation Control Protocol, is an IEEE standard that
1881       allows switches to automatically detect that they are connected by mul‐
1882       tiple  links  and  aggregate across those links. These settings control
1883       LACP behavior.
1884
1885       lacp: optional string, one of active, off, or passive
1886              Configures LACP on this port.  LACP  allows  directly  connected
1887              switches  to  negotiate  which  links may be bonded. LACP may be
1888              enabled on non-bonded ports for the benefit of any switches they
1889              may  be  connected to. active ports are allowed to initiate LACP
1890              negotiations. passive ports are allowed to participate  in  LACP
1891              negotiations  initiated  by  a remote switch, but not allowed to
1892              initiate such negotiations themselves. If LACP is enabled  on  a
1893              port  whose  partner switch does not support LACP, the bond will
1894              be disabled,  unless  other-config:lacp-fallback-ab  is  set  to
1895              true. Defaults to off if unset.
1896
1897       other_config : lacp-system-id: optional string
1898              The LACP system ID of this Port. The system ID of a LACP bond is
1899              used to identify itself to its partners. Must be a  nonzero  MAC
1900              address. Defaults to the bridge Ethernet address if unset.
1901
1902       other_config  :  lacp-system-priority:  optional  string, containing an
1903       integer, in range 1 to 65,535
1904              The LACP system priority of this  Port.  In  LACP  negotiations,
1905              link  status  decisions  are made by the system with the numeri‐
1906              cally lower priority.
1907
1908       other_config : lacp-time: optional string, either fast or slow
1909              The LACP timing which should be used on this  Port.  By  default
1910              slow  is  used.  When  configured to be fast LACP heartbeats are
1911              requested at a rate of  once  per  second  causing  connectivity
1912              problems  to  be detected more quickly. In slow mode, heartbeats
1913              are requested at a rate of once every 30 seconds.
1914
1915       other_config : lacp-fallback-ab: optional string, either true or false
1916              Determines the behavior of openvswitch bond in LACP mode. If the
1917              partner  switch  does  not  support LACP, setting this option to
1918              true allows openvswitch to fallback  to  active-backup.  If  the
1919              option  is  set to false, the bond will be disabled. In both the
1920              cases, once the partner switch is configured to LACP  mode,  the
1921              bond will use LACP.
1922
1923     Rebalancing Configuration:
1924
1925       These  settings  control behavior when a bond is in balance-slb or bal‐
1926       ance-tcp mode.
1927
1928       other_config : bond-rebalance-interval: optional string, containing  an
1929       integer, in range 0 to 10,000
1930              For  a  load  balanced  bonded  port, the number of milliseconds
1931              between successive attempts to rebalance the bond, that  is,  to
1932              move  flows  from  one  interface  on  the bond to another in an
1933              attempt to keep usage of each interface roughly equal. If  zero,
1934              load balancing is disabled on the bond (link failure still cause
1935              flows to move). If less than 1000ms, the rebalance interval will
1936              be 1000ms.
1937
1938       bond_fake_iface: boolean
1939              For  a  bonded port, whether to create a fake internal interface
1940              with the name of the  port.  Use  only  for  compatibility  with
1941              legacy software that requires this.
1942
1943     Spanning Tree Protocol:
1944
1945       The configuration here is only meaningful, and the status is only popu‐
1946       lated, when 802.1D-1998 Spanning Tree Protocol is enabled on the port’s
1947       Bridge with its stp_enable column.
1948
1949     STP Configuration:
1950
1951       other_config : stp-enable: optional string, either true or false
1952              When STP is enabled on a bridge, it is enabled by default on all
1953              of the bridge’s ports except bond, internal,  and  mirror  ports
1954              (which  do  not work with STP). If this column’s value is false,
1955              STP is disabled on the port.
1956
1957       other_config : stp-port-num: optional string, containing an integer, in
1958       range 1 to 255
1959              The  port  number  used  for the lower 8 bits of the port-id. By
1960              default, the numbers will  be  assigned  automatically.  If  any
1961              port’s number is manually configured on a bridge, then they must
1962              all be.
1963
1964       other_config : stp-port-priority: optional string, containing an  inte‐
1965       ger, in range 0 to 255
1966              The port’s relative priority value for determining the root port
1967              (the upper 8 bits of the port-id). A port with a  lower  port-id
1968              will  be  chosen  as  the root port. By default, the priority is
1969              0x80.
1970
1971       other_config : stp-path-cost: optional string, containing  an  integer,
1972       in range 0 to 65,535
1973              Spanning tree path cost for the port. A lower number indicates a
1974              faster link. By default, the cost is based on the maximum  speed
1975              of the link.
1976
1977     STP Status:
1978
1979       status : stp_port_id: optional string
1980              The  port ID used in spanning tree advertisements for this port,
1981              as 4 hex digits. Configuring the port ID  is  described  in  the
1982              stp-port-num and stp-port-priority keys of the other_config sec‐
1983              tion earlier.
1984
1985       status : stp_state: optional string, one of  blocking,  disabled,  for‐
1986       warding, learning, or listening
1987              STP state of the port.
1988
1989       status  :  stp_sec_in_state: optional string, containing an integer, at
1990       least 0
1991              The amount of time this port has been in the current STP  state,
1992              in seconds.
1993
1994       status  :  stp_role:  optional string, one of alternate, designated, or
1995       root
1996              STP role of the port.
1997
1998     Rapid Spanning Tree Protocol:
1999
2000       The configuration here is only meaningful, and the status  and  statis‐
2001       tics  are  only  populated,  when 802.1D-1998 Spanning Tree Protocol is
2002       enabled on the port’s Bridge with its stp_enable column.
2003
2004     RSTP Configuration:
2005
2006       other_config : rstp-enable: optional string, either true or false
2007              When RSTP is enabled on a bridge, it is enabled  by  default  on
2008              all  of  the  bridge’s  ports  except bond, internal, and mirror
2009              ports (which do not work with RSTP). If this column’s  value  is
2010              false, RSTP is disabled on the port.
2011
2012       other_config : rstp-port-priority: optional string, containing an inte‐
2013       ger, in range 0 to 240
2014              The port’s relative priority  value  for  determining  the  root
2015              port,  in multiples of 16. By default, the port priority is 0x80
2016              (128). Any value in the lower 4 bits is rounded off. The signif‐
2017              icant  upper  4  bits  become the upper 4 bits of the port-id. A
2018              port with the lowest port-id is elected as the root.
2019
2020       other_config : rstp-port-num: optional string, containing  an  integer,
2021       in range 1 to 4,095
2022              The  local  RSTP  port  number, used as the lower 12 bits of the
2023              port-id. By default the port numbers are assigned automatically,
2024              and typically may not correspond to the OpenFlow port numbers. A
2025              port with the lowest port-id is elected as the root.
2026
2027       other_config :  rstp-port-path-cost:  optional  string,  containing  an
2028       integer
2029              The port path cost. The Port’s contribution, when it is the Root
2030              Port, to the Root Path Cost for the Bridge. By default the  cost
2031              is automatically calculated from the port’s speed.
2032
2033       other_config  :  rstp-port-admin-edge:  optional string, either true or
2034       false
2035              The admin edge port parameter for the Port. Default is false.
2036
2037       other_config : rstp-port-auto-edge: optional  string,  either  true  or
2038       false
2039              The auto edge port parameter for the Port. Default is true.
2040
2041       other_config : rstp-port-mcheck: optional string, either true or false
2042              The mcheck port parameter for the Port. Default is false. May be
2043              set to force the Port Protocol Migration state machine to trans‐
2044              mit  RST BPDUs for a MigrateTime period, to test whether all STP
2045              Bridges on the attached LAN have been removed and the  Port  can
2046              continue to transmit RSTP BPDUs. Setting mcheck has no effect if
2047              the Bridge is operating in STP Compatibility mode.
2048
2049              Changing the value from true to false has no effect,  but  needs
2050              to  be  done if this behavior is to be triggered again by subse‐
2051              quently changing the value from false to true.
2052
2053     RSTP Status:
2054
2055       rstp_status : rstp_port_id: optional string
2056              The port ID used in spanning tree advertisements for this  port,
2057              as  4  hex  digits.  Configuring the port ID is described in the
2058              rstp-port-num and rstp-port-priority keys  of  the  other_config
2059              section earlier.
2060
2061       rstp_status  :  rstp_port_role:  optional  string,  one  of  Alternate,
2062       Backup, Designated, Disabled, or Root
2063              RSTP role of the port.
2064
2065       rstp_status : rstp_port_state: optional string, one of  Disabled,  Dis‐
2066       carding, Forwarding, or Learning
2067              RSTP state of the port.
2068
2069       rstp_status : rstp_designated_bridge_id: optional string
2070              The  port’s  RSTP  designated  bridge  ID,  in  the same form as
2071              rstp_status:rstp_bridge_id in the Bridge table.
2072
2073       rstp_status : rstp_designated_port_id: optional string
2074              The port’s RSTP designated port ID, as 4 hex digits.
2075
2076       rstp_status : rstp_designated_path_cost: optional string, containing an
2077       integer
2078              The port’s RSTP designated path cost. Lower is better.
2079
2080     RSTP Statistics:
2081
2082       rstp_statistics : rstp_tx_count: optional integer
2083              Number of RSTP BPDUs transmitted through this port.
2084
2085       rstp_statistics : rstp_rx_count: optional integer
2086              Number of valid RSTP BPDUs received by this port.
2087
2088       rstp_statistics : rstp_error_count: optional integer
2089              Number of invalid RSTP BPDUs received by this port.
2090
2091       rstp_statistics : rstp_uptime: optional integer
2092              The duration covered by the other RSTP statistics, in seconds.
2093
2094     Multicast Snooping:
2095
2096       other_config  :  mcast-snooping-flood:  optional string, either true or
2097       false
2098              If set to true, multicast packets (except Reports) are  uncondi‐
2099              tionally forwarded to the specific port.
2100
2101       other_config  :  mcast-snooping-flood-reports:  optional string, either
2102       true or false
2103              If set to true, multicast Reports are unconditionally  forwarded
2104              to the specific port.
2105
2106     Other Features:
2107
2108       qos: optional QoS
2109              Quality of Service configuration for this port.
2110
2111       mac: optional string
2112              The MAC address to use for this port for the purpose of choosing
2113              the bridge’s MAC  address.  This  column  does  not  necessarily
2114              reflect  the  port’s  actual  MAC  address,  nor will setting it
2115              change the port’s actual MAC address.
2116
2117       fake_bridge: boolean
2118              Does this port represent a sub-bridge for its tagged VLAN within
2119              the Bridge? See ovs-vsctl(8) for more information.
2120
2121       protected: boolean
2122              The  protected  ports  feature allows certain ports to be desig‐
2123              nated as protected. Traffic between protected ports is  blocked.
2124              Protected  ports  can  send traffic to unprotected ports. Unpro‐
2125              tected ports can send traffic to any port. Default is false.
2126
2127       external_ids : fake-bridge-id-*: optional string
2128              External IDs for a fake bridge (see the fake_bridge column)  are
2129              defined   by   prefixing   a   Bridge   external_ids   key  with
2130              fake-bridge-, e.g. fake-bridge-xs-network-uuids.
2131
2132       other_config : transient: optional string, either true or false
2133              If set to true, the port will  be  removed  when  ovs-ctl  start
2134              --delete-transient-ports is used.
2135
2136       bond_active_slave: optional string
2137              For  a bonded port, record the mac address of the current active
2138              slave.
2139
2140     Port Statistics:
2141
2142       Key-value pairs that report port statistics. The update period is  con‐
2143       trolled  by  other_config:stats-update-interval in the Open_vSwitch ta‐
2144       ble.
2145
2146     Statistics: STP transmit and receive counters:
2147
2148       statistics : stp_tx_count: optional integer
2149              Number of STP BPDUs sent on  this  port  by  the  spanning  tree
2150              library.
2151
2152       statistics : stp_rx_count: optional integer
2153              Number  of  STP  BPDUs received on this port and accepted by the
2154              spanning tree library.
2155
2156       statistics : stp_error_count: optional integer
2157              Number of bad STP BPDUs received on this port. Bad BPDUs include
2158              runt packets and those with an unexpected protocol ID.
2159
2160     Common Columns:
2161
2162       The  overall purpose of these columns is described under Common Columns
2163       at the beginning of this document.
2164
2165       other_config: map of string-string pairs
2166
2167       external_ids: map of string-string pairs
2168

Interface TABLE

2170       An interface within a Port.
2171
2172   Summary:
2173       Core Features:
2174         name                        immutable string (must be  unique  within
2175                                     table)
2176         ifindex                     optional   integer,   in   range   0   to
2177                                     4,294,967,295
2178         mac_in_use                  optional string
2179         mac                         optional string
2180         error                       optional string
2181         OpenFlow Port Number:
2182            ofport                   optional integer
2183            ofport_request           optional integer, in range 1 to 65,279
2184       System-Specific Details:
2185         type                        string
2186       Tunnel Options:
2187         options : remote_ip         optional string
2188         options : local_ip          optional string
2189         options : in_key            optional string
2190         options : out_key           optional string
2191         options : dst_port          optional string
2192         options : key               optional string
2193         options : tos               optional string
2194         options : ttl               optional string
2195         options : df_default        optional string, either true or false
2196         options : egress_pkt_mark   optional string
2197         Tunnel Options: lisp only:
2198            options : packet_type    optional string, either legacy_l3 or ptap
2199         Tunnel Options: vxlan only:
2200            options : exts           optional string
2201            options : packet_type    optional  string,   one   of   legacy_l2,
2202                                     legacy_l3, or ptap
2203         Tunnel Options: gre only:
2204            options : packet_type    optional   string,   one   of  legacy_l2,
2205                                     legacy_l3, or ptap
2206            options : seq            optional string, either true or false
2207         Tunnel Options: gre, ip6gre, geneve, and vxlan:
2208            options : csum           optional string, either true or false
2209         Tunnel Options: IPsec:
2210            options : psk            optional string
2211            options : remote_cert    optional string
2212            options : remote_name    optional string
2213       Tunnel Options: erspan only:
2214         options : erspan_idx        optional string
2215         options : erspan_ver        optional string
2216         options : erspan_dir        optional string
2217         options : erspan_hwid       optional string
2218       Patch Options:
2219         options : peer              optional string
2220       PMD (Poll Mode Driver) Options:
2221         options : n_rxq             optional string, containing  an  integer,
2222                                     at least 1
2223         options : dpdk-devargs      optional string
2224         other_config : pmd-rxq-affinity
2225                                     optional string
2226         other_config : xdpmode      optional string, either drv or skb
2227         options : vhost-server-path
2228                                     optional string
2229         options : dq-zero-copy      optional string, either true or false
2230         options : tx-retries-max    optional  string,  containing an integer,
2231                                     in range 0 to 32
2232         options : n_rxq_desc        optional string, containing  an  integer,
2233                                     in range 1 to 4,096
2234         options : n_txq_desc        optional  string,  containing an integer,
2235                                     in range 1 to 4,096
2236       EMC (Exact Match Cache) Configuration:
2237         other_config : emc-enable   optional string, either true or false
2238       MTU:
2239         mtu                         optional integer
2240         mtu_request                 optional integer, at least 1
2241       Interface Status:
2242         admin_state                 optional string, either down or up
2243         link_state                  optional string, either down or up
2244         link_resets                 optional integer
2245         link_speed                  optional integer
2246         duplex                      optional string, either full or half
2247         lacp_current                optional boolean
2248         status                      map of string-string pairs
2249         status : driver_name        optional string
2250         status : driver_version     optional string
2251         status : firmware_version   optional string
2252         status : source_ip          optional string
2253         status : tunnel_egress_iface
2254                                     optional string
2255         status : tunnel_egress_iface_carrier
2256                                     optional string, either down or up
2257         dpdk:
2258            status : port_no         optional string
2259            status : numa_id         optional string
2260            status : min_rx_bufsize  optional string
2261            status : max_rx_pktlen   optional string
2262            status : max_rx_queues   optional string
2263            status : max_tx_queues   optional string
2264            status : max_mac_addrs   optional string
2265            status : max_hash_mac_addrs
2266                                     optional string
2267            status : max_vfs         optional string
2268            status : max_vmdq_pools  optional string
2269            status : if_type         optional string
2270            status : if_descr        optional string
2271            status : pci-vendor_id   optional string
2272            status : pci-device_id   optional string
2273       Statistics:
2274         Statistics: Successful transmit and receive counters:
2275            statistics : rx_packets  optional integer
2276            statistics : rx_bytes    optional integer
2277            statistics : tx_packets  optional integer
2278            statistics : tx_bytes    optional integer
2279         Statistics: Receive errors:
2280            statistics : rx_dropped  optional integer
2281            statistics : rx_frame_err
2282                                     optional integer
2283            statistics : rx_over_err optional integer
2284            statistics : rx_crc_err  optional integer
2285            statistics : rx_errors   optional integer
2286         Statistics: Transmit errors:
2287            statistics : tx_dropped  optional integer
2288            statistics : collisions  optional integer
2289            statistics : tx_errors   optional integer
2290       Ingress Policing:
2291         ingress_policing_rate       integer, at least 0
2292         ingress_policing_burst      integer, at least 0
2293       Bidirectional Forwarding Detection (BFD):
2294         BFD Configuration:
2295            bfd : enable             optional string, either true or false
2296            bfd : min_rx             optional string, containing  an  integer,
2297                                     at least 1
2298            bfd : min_tx             optional  string,  containing an integer,
2299                                     at least 1
2300            bfd : decay_min_rx       optional string, containing an integer
2301            bfd : forwarding_if_rx   optional string, either true or false
2302            bfd : cpath_down         optional string, either true or false
2303            bfd : check_tnl_key      optional string, either true or false
2304            bfd : bfd_local_src_mac  optional string
2305            bfd : bfd_local_dst_mac  optional string
2306            bfd : bfd_remote_dst_mac optional string
2307            bfd : bfd_src_ip         optional string
2308            bfd : bfd_dst_ip         optional string
2309            bfd : oam                optional string
2310            bfd : mult               optional string, containing  an  integer,
2311                                     in range 1 to 255
2312         BFD Status:
2313            bfd_status : state       optional string, one of admin_down, down,
2314                                     init, or up
2315            bfd_status : forwarding  optional string, either true or false
2316            bfd_status : diagnostic  optional string
2317            bfd_status : remote_state
2318                                     optional string, one of admin_down, down,
2319                                     init, or up
2320            bfd_status : remote_diagnostic
2321                                     optional string
2322            bfd_status : flap_count  optional  string,  containing an integer,
2323                                     at least 0
2324       Connectivity Fault Management:
2325         cfm_mpid                    optional integer
2326         cfm_flap_count              optional integer
2327         cfm_fault                   optional boolean
2328         cfm_fault_status : recv     none
2329         cfm_fault_status : rdi      none
2330         cfm_fault_status : maid     none
2331         cfm_fault_status : loopback
2332                                     none
2333         cfm_fault_status : overflow
2334                                     none
2335         cfm_fault_status : override
2336                                     none
2337         cfm_fault_status : interval
2338                                     none
2339         cfm_remote_opstate          optional string, either down or up
2340         cfm_health                  optional integer, in range 0 to 100
2341         cfm_remote_mpids            set of integers
2342         other_config : cfm_interval
2343                                     optional string, containing an integer
2344         other_config : cfm_extended
2345                                     optional string, either true or false
2346         other_config : cfm_demand   optional string, either true or false
2347         other_config : cfm_opstate  optional string, either down or up
2348         other_config : cfm_ccm_vlan
2349                                     optional string, containing  an  integer,
2350                                     in range 1 to 4,095
2351         other_config : cfm_ccm_pcp  optional  string,  containing an integer,
2352                                     in range 1 to 7
2353       Bonding Configuration:
2354         other_config : lacp-port-id
2355                                     optional string, containing  an  integer,
2356                                     in range 1 to 65,535
2357         other_config : lacp-port-priority
2358                                     optional  string,  containing an integer,
2359                                     in range 1 to 65,535
2360         other_config : lacp-aggregation-key
2361                                     optional string, containing  an  integer,
2362                                     in range 1 to 65,535
2363       Virtual Machine Identifiers:
2364         external_ids : attached-mac
2365                                     optional string
2366         external_ids : iface-id     optional string
2367         external_ids : iface-status
2368                                     optional  string,  either active or inac‐
2369                                     tive
2370         external_ids : xs-vif-uuid  optional string
2371         external_ids : xs-network-uuid
2372                                     optional string
2373         external_ids : vm-id        optional string
2374         external_ids : xs-vm-uuid   optional string
2375       Auto Attach Configuration:
2376         lldp : enable               optional string, either true or false
2377       Flow control Configuration:
2378         options : rx-flow-ctrl      optional string, either true or false
2379         options : tx-flow-ctrl      optional string, either true or false
2380         options : flow-ctrl-autoneg
2381                                     optional string, either true or false
2382       Link State Change detection mode:
2383         options : dpdk-lsc-interrupt
2384                                     optional string, either true or false
2385       Common Columns:
2386         other_config                map of string-string pairs
2387         external_ids                map of string-string pairs
2388
2389   Details:
2390     Core Features:
2391
2392       name: immutable string (must be unique within table)
2393              Interface name. Should be  alphanumeric.  For  non-bonded  port,
2394              this  should  be the same as the port name. It must otherwise be
2395              unique among the names of ports, interfaces, and  bridges  on  a
2396              host.
2397
2398              The  maximum length of an interface name depends on the underly‐
2399              ing datapath:
2400
2401              ·      The names of interfaces implemented as Linux and BSD net‐
2402                     work  devices,  including  interfaces with type internal,
2403                     tap, or system plus the different types of tunnel  ports,
2404                     are  limited  to  15 bytes. Windows limits these names to
2405                     255 bytes.
2406
2407              ·      The names of patch ports are not used in  the  underlying
2408                     datapath,  so operating system restrictions do not apply.
2409                     Thus, they may have arbitrary length.
2410
2411              Regardless of other restrictions, OpenFlow only supports 15-byte
2412              names,  which means that ovs-ofctl and OpenFlow controllers will
2413              show names truncated to 15 bytes.
2414
2415       ifindex: optional integer, in range 0 to 4,294,967,295
2416              A positive interface index as defined for SNMP  MIB-II  in  RFCs
2417              1213  and  2863,  if  the  interface  has  one, otherwise 0. The
2418              ifindex is useful for seamless integration with  protocols  such
2419              as SNMP and sFlow.
2420
2421       mac_in_use: optional string
2422              The MAC address in use by this interface.
2423
2424       mac: optional string
2425              Ethernet  address  to  set for this interface. If unset then the
2426              default MAC address is used:
2427
2428              ·      For the local interface, the default is  the  lowest-num‐
2429                     bered  MAC  address  among the other bridge ports, either
2430                     the value of the mac in its Port record, if set,  or  its
2431                     actual  MAC (for bonded ports, the MAC of its slave whose
2432                     name is first in alphabetical order). Internal ports  and
2433                     bridge ports that are used as port mirroring destinations
2434                     (see the Mirror table) are ignored.
2435
2436              ·      For other internal interfaces, the default  MAC  is  ran‐
2437                     domly generated.
2438
2439              ·      External  interfaces typically have a MAC address associ‐
2440                     ated with their hardware.
2441
2442              Some  interfaces  may  not  have  a  software-controllable   MAC
2443              address. This option only affects internal ports. For other type
2444              ports, you can change the  MAC  address  outside  Open  vSwitch,
2445              using ip command.
2446
2447       error: optional string
2448              If  the  configuration of the port failed, as indicated by -1 in
2449              ofport, Open vSwitch sets this column to an error description in
2450              human readable form. Otherwise, Open vSwitch clears this column.
2451
2452     OpenFlow Port Number:
2453
2454       When  a  client  adds a new interface, Open vSwitch chooses an OpenFlow
2455       port number for the new port. If the client that adds the port fills in
2456       ofport_request,  then  Open vSwitch tries to use its value as the Open‐
2457       Flow port number. Otherwise, or if the requested port number is already
2458       in use or cannot be used for another reason, Open vSwitch automatically
2459       assigns a free port number. Regardless  of  how  the  port  number  was
2460       obtained,  Open vSwitch then reports in ofport the port number actually
2461       assigned.
2462
2463       Open vSwitch limits the port numbers that it automatically  assigns  to
2464       the  range 1 through 32,767, inclusive. Controllers therefore have free
2465       use of ports 32,768 and up.
2466
2467       ofport: optional integer
2468              OpenFlow port number for this interface. Open vSwitch sets  this
2469              column’s value, so other clients should treat it as read-only.
2470
2471              The  OpenFlow  ``local’’  port (OFPP_LOCAL) is 65,534. The other
2472              valid port numbers are in the  range  1  to  65,279,  inclusive.
2473              Value -1 indicates an error adding the interface.
2474
2475       ofport_request: optional integer, in range 1 to 65,279
2476              Requested OpenFlow port number for this interface.
2477
2478              A  client  should  ideally  set  this column’s value in the same
2479              database transaction that it uses to create the interface.  Open
2480              vSwitch  version  2.1 and later will honor a later request for a
2481              specific port  number,  althuogh  it  might  confuse  some  con‐
2482              trollers: OpenFlow does not have a way to announce a port number
2483              change, so Open vSwitch represents it over OpenFlow  as  a  port
2484              deletion followed immediately by a port addition.
2485
2486              If  ofport_request  is set or changed to some other port’s auto‐
2487              matically assigned port number, Open vSwitch chooses a new  port
2488              number for the latter port.
2489
2490     System-Specific Details:
2491
2492       type: string
2493              The interface type. The types supported by a particular instance
2494              of Open vSwitch are listed in  the  iface_types  column  in  the
2495              Open_vSwitch table. The following types are defined:
2496
2497              system An ordinary network device, e.g. eth0 on Linux. Sometimes
2498                     referred to as ``external  interfaces’’  since  they  are
2499                     generally connected to hardware external to that on which
2500                     the Open vSwitch is running. The empty string is  a  syn‐
2501                     onym for system.
2502
2503              internal
2504                     A  simulated network device that sends and receives traf‐
2505                     fic. An internal interface whose name is the same as  its
2506                     bridge’s  name is called the ``local interface.’’ It does
2507                     not make sense to bond  an  internal  interface,  so  the
2508                     terms  ``port’’  and  ``interface’’ are often used impre‐
2509                     cisely for internal interfaces.
2510
2511              tap    A TUN/TAP device managed by Open vSwitch.
2512
2513                     Open vSwitch checks the interface state before send pack‐
2514                     ets  to  the  device.  When  it  is down, the packets are
2515                     dropped and the tx_dropped statistic is  updated  accord‐
2516                     ingly.  Older  versions of Open vSwitch did not check the
2517                     interface state and then the tx_packets  was  incremented
2518                     along with tx_dropped.
2519
2520              geneve An             Ethernet            over            Geneve
2521                     (http://tools.ietf.org/html/draft-ietf-nvo3-geneve)
2522                     IPv4/IPv6  tunnel.  A description of how to match and set
2523                     Geneve options can be found in the ovs-ofctl manual page.
2524
2525              gre    Generic Routing Encapsulation  (GRE)  over  IPv4  tunnel,
2526                     configurable to encapsulate layer 2 or layer 3 traffic.
2527
2528              ip6gre Generic  Routing  Encapsulation  (GRE)  over IPv6 tunnel,
2529                     encapsulate layer 2 traffic.
2530
2531              vxlan  An Ethernet tunnel  over  the  UDP-based  VXLAN  protocol
2532                     described in RFC 7348.
2533
2534                     Open  vSwitch  uses  IANA-assigned  UDP  destination port
2535                     4789. The source port used for VXLAN traffic varies on  a
2536                     per-flow basis and is in the ephemeral port range.
2537
2538              lisp   A  layer  3 tunnel over the experimental, UDP-based Loca‐
2539                     tor/ID Separation Protocol (RFC 6830).
2540
2541                     Only IPv4 and IPv6 packets are supported by the protocol,
2542                     and  they  are  sent  and  received  without  an Ethernet
2543                     header. Traffic to/from LISP ports is expected to be con‐
2544                     figured  explicitly,  and  the  ports are not intended to
2545                     participate in learning based switching.  As  such,  they
2546                     are always excluded from packet flooding.
2547
2548              stt    The  Stateless  TCP  Tunnel  (STT) is particularly useful
2549                     when tunnel endpoints are in end-systems, as it  utilizes
2550                     the  capabilities  of standard network interface cards to
2551                     improve  performance.  STT  utilizes  a  TCP-like  header
2552                     inside  the IP header. It is stateless, i.e., there is no
2553                     TCP connection state of any kind associated with the tun‐
2554                     nel. The TCP-like header is used to leverage the capabil‐
2555                     ities of existing network interface cards, but should not
2556                     be  interpreted  as implying any sort of connection state
2557                     between endpoints. Since the STT protocol does not engage
2558                     in  the usual TCP 3-way handshake, so it will have diffi‐
2559                     culty traversing stateful firewalls. The protocol is doc‐
2560                     umented   at  https://tools.ietf.org/html/draft-davie-stt
2561                     All traffic uses a default destination port of 7471.
2562
2563              patch  A pair of virtual devices that act as a patch cable.
2564
2565     Tunnel Options:
2566
2567       These options apply to interfaces with type  of  geneve,  gre,  ip6gre,
2568       vxlan, lisp and stt.
2569
2570       Each  tunnel  must  be  uniquely identified by the combination of type,
2571       options:remote_ip, options:local_ip, and options:in_key. If  two  ports
2572       are defined that are the same except one has an optional identifier and
2573       the  other  does  not,  the  more  specific  one  is   matched   first.
2574       options:in_key  is  considered more specific than options:local_ip if a
2575       port defines one and another port defines the other.
2576
2577       options : remote_ip: optional string
2578              Required. The remote tunnel endpoint, one of:
2579
2580              ·      An  IPv4  or  IPv6  address  (not  a  DNS   name),   e.g.
2581                     192.168.0.123. Only unicast endpoints are supported.
2582
2583              ·      The word flow. The tunnel accepts packets from any remote
2584                     tunnel endpoint. To process only packets from a  specific
2585                     remote tunnel endpoint, the flow entries may match on the
2586                     tun_src or tun_ipv6_srcfield. When sending packets  to  a
2587                     remote_ip=flow  tunnel,  the flow actions must explicitly
2588                     set the tun_dst or tun_ipv6_dst field to the  IP  address
2589                     of  the  desired  remote  tunnel  endpoint,  e.g.  with a
2590                     set_field action.
2591
2592              The remote tunnel endpoint for any packet received from a tunnel
2593              is  available  in the tun_src field for matching in the flow ta‐
2594              ble.
2595
2596       options : local_ip: optional string
2597              Optional. The tunnel destination IP that received  packets  must
2598              match.  Default  is to match all addresses. If specified, may be
2599              one of:
2600
2601              ·      An IPv4/IPv6 address (not a DNS name), e.g. 192.168.12.3.
2602
2603              ·      The word flow. The tunnel accepts packets sent to any  of
2604                     the  local  IP  addresses  of  the system running OVS. To
2605                     process only packets sent to a specific IP  address,  the
2606                     flow  entries  may  match  on the tun_dst or tun_ipv6_dst
2607                     field. When sending packets to  a  local_ip=flow  tunnel,
2608                     the  flow  actions  may  explicitly  set  the  tun_src or
2609                     tun_ipv6_src field to the desired IP address, e.g. with a
2610                     set_field  action.  However,  while  routing the tunneled
2611                     packet out, the local system may override  the  specified
2612                     address with the local IP address configured for the out‐
2613                     going system interface.
2614
2615                     This option is valid only  for  tunnels  also  configured
2616                     with the remote_ip=flow option.
2617
2618              The tunnel destination IP address for any packet received from a
2619              tunnel is available in the tun_dst  or  tun_ipv6_dst  field  for
2620              matching in the flow table.
2621
2622       options : in_key: optional string
2623              Optional. The key that received packets must contain, one of:
2624
2625              ·      0.  The tunnel receives packets with no key or with a key
2626                     of 0. This is equivalent to specifying no  options:in_key
2627                     at all.
2628
2629              ·      A  positive  24-bit (for Geneve, VXLAN, and LISP), 32-bit
2630                     (for GRE) or 64-bit (for STT) number. The tunnel receives
2631                     only packets with the specified key.
2632
2633              ·      The  word  flow. The tunnel accepts packets with any key.
2634                     The key will be placed in the tun_id field  for  matching
2635                     in the flow table. The ovs-fields(7) manual page contains
2636                     additional information about matching fields in  OpenFlow
2637                     flows.
2638
2639       options : out_key: optional string
2640              Optional. The key to be set on outgoing packets, one of:
2641
2642              ·      0. Packets sent through the tunnel will have no key. This
2643                     is equivalent to specifying no options:out_key at all.
2644
2645              ·      A positive 24-bit (for Geneve, VXLAN  and  LISP),  32-bit
2646                     (for  GRE)  or  64-bit  (for  STT)  number.  Packets sent
2647                     through the tunnel will have the specified key.
2648
2649              ·      The word flow. Packets sent through the tunnel will  have
2650                     the  key  set using the set_tunnel Nicira OpenFlow vendor
2651                     extension (0 is used in the absence of  an  action).  The
2652                     ovs-fields(7) manual page contains additional information
2653                     about the Nicira OpenFlow vendor extensions.
2654
2655       options : dst_port: optional string
2656              Optional. The tunnel transport layer destination port,  for  UDP
2657              and TCP based tunnel protocols (Geneve, VXLAN, LISP, and STT).
2658
2659       options : key: optional string
2660              Optional. Shorthand to set in_key and out_key at the same time.
2661
2662       options : tos: optional string
2663              Optional. The value of the ToS bits to be set on the encapsulat‐
2664              ing packet. ToS is interpreted as DSCP and ECN  bits,  ECN  part
2665              must be zero. It may also be the word inherit, in which case the
2666              ToS will be copied from the inner packet if it is IPv4  or  IPv6
2667              (otherwise  it  will be 0). The ECN fields are always inherited.
2668              Default is 0.
2669
2670       options : ttl: optional string
2671              Optional. The TTL to be set on the encapsulating packet. It  may
2672              also  be  the word inherit, in which case the TTL will be copied
2673              from the inner packet if it is IPv4 or IPv6 (otherwise  it  will
2674              be  the  system  default,  typically  64). Default is the system
2675              default TTL.
2676
2677       options : df_default: optional string, either true or false
2678              Optional. If enabled, the Don’t Fragment bit will be set on tun‐
2679              nel  outer  headers  to  allow  path  MTU  discovery. Default is
2680              enabled; set to false to disable.
2681
2682       options : egress_pkt_mark: optional string
2683              Optional. The pkt_mark to be set on  the  encapsulating  packet.
2684              This  option  sets  packet  mark for the tunnel endpoint for all
2685              tunnel packets including tunnel monitoring.
2686
2687     Tunnel Options: lisp only:
2688
2689       options : packet_type: optional string, either legacy_l3 or ptap
2690              A LISP tunnel sends and receives only  IPv4  and  IPv6  packets.
2691              This  option controls what how the tunnel represents the packets
2692              that it sends and receives:
2693
2694              ·      By default, or if this option is  legacy_l3,  the  tunnel
2695                     represents  packets  as Ethernet frames for compatibility
2696                     with legacy OpenFlow controllers that expect this  behav‐
2697                     ior.
2698
2699              ·      If  this  option  is  ptap, the tunnel represents packets
2700                     using the packet_type mechanism  introduced  in  OpenFlow
2701                     1.5.
2702
2703     Tunnel Options: vxlan only:
2704
2705       options : exts: optional string
2706              Optional.  Comma  separated list of optional VXLAN extensions to
2707              enable. The following extensions are supported:
2708
2709              ·      gbp: VXLAN-GBP allows to transport the group policy  con‐
2710                     text of a packet across the VXLAN tunnel to other network
2711                     peers.   See   the   description   of   tun_gbp_id    and
2712                     tun_gbp_flags  in  ovs-fields(7)  for additional informa‐
2713                     tion.
2714                     (https://tools.ietf.org/html/draft-smith-vxlan-group-pol
2715                     icy)
2716
2717              ·      gpe: Support for Generic Protocol Encapsulation in accor‐
2718                     dance             with             IETF             draft
2719                     https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe.
2720                     Without  this  option, a VXLAN packet always encapsulates
2721                     an Ethernet frame. With this option, an VXLAN packet  may
2722                     also encapsulate an IPv4, IPv6, NSH, or MPLS packet.
2723
2724       options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2725       ptap
2726              This option controls what types of packets the tunnel sends  and
2727              receives and how it represents them:
2728
2729              ·      By  default,  or  if this option is legacy_l2, the tunnel
2730                     sends and receives only Ethernet frames.
2731
2732              ·      If  this  option  is  legacy_l3,  the  tunnel  sends  and
2733                     receives  only  non-Ethernet (L3) packet, but the packets
2734                     are represented as Ethernet frames for compatibility with
2735                     legacy  OpenFlow  controllers  that expect this behavior.
2736                     This requires enabling gpe in options:exts.
2737
2738              ·      If this option is ptap, Open vSwitch  represents  packets
2739                     in  the tunnel using the packet_type mechanism introduced
2740                     in OpenFlow 1.5. This  mechanism  supports  any  kind  of
2741                     packet,  but  actually sending and receiving non-Ethernet
2742                     packets   requires   additionally   enabling    gpe    in
2743                     options:exts.
2744
2745     Tunnel Options: gre only:
2746
2747       gre interfaces support these options.
2748
2749       options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2750       ptap
2751              This option controls what types of packets the tunnel sends  and
2752              receives and how it represents them:
2753
2754              ·      By  default,  or  if this option is legacy_l2, the tunnel
2755                     sends and receives only Ethernet frames.
2756
2757              ·      If  this  option  is  legacy_l3,  the  tunnel  sends  and
2758                     receives  only  non-Ethernet (L3) packet, but the packets
2759                     are represented as Ethernet frames for compatibility with
2760                     legacy OpenFlow controllers that expect this behavior.
2761
2762              ·      The legacy_l3 option is only available via the user space
2763                     datapath.  The  OVS  kernel  datapath  does  not  support
2764                     devices of type ARPHRD_IPGRE which is the requirement for
2765                     legacy_l3 type packets.
2766
2767              ·      If this option is ptap, the tunnel sends and receives any
2768                     kind  of  packet.  Open vSwitch represents packets in the
2769                     tunnel using  the  packet_type  mechanism  introduced  in
2770                     OpenFlow 1.5.
2771
2772       options : seq: optional string, either true or false
2773              Optional.  A  4-byte  sequence number field for GRE tunnel only.
2774              Default is disabled, set to true to enable. Sequence  number  is
2775              incremented by one on each outgoing packet.
2776
2777     Tunnel Options: gre, ip6gre, geneve, and vxlan:
2778
2779       gre, ip6gre, geneve, and vxlan interfaces support these options.
2780
2781       options : csum: optional string, either true or false
2782              Optional.  Compute  encapsulation  header  (either  GRE  or UDP)
2783              checksums on outgoing packets. Default is disabled, set to  true
2784              to  enable.  Checksums present on incoming packets will be vali‐
2785              dated regardless of this setting.
2786
2787              When using the upstream  Linux  kernel  module,  computation  of
2788              checksums for geneve and vxlan requires Linux kernel version 4.0
2789              or higher. gre and ip6gre support checksums for all versions  of
2790              Open  vSwitch  that  support  GRE. The out of tree kernel module
2791              distributed as part of OVS can compute all tunnel  checksums  on
2792              any kernel version that it is compatible with.
2793
2794     Tunnel Options: IPsec:
2795
2796       Setting  any of these options enables IPsec support for a given tunnel.
2797       gre, ip6gre, geneve, vxlan and stt interfaces  support  these  options.
2798       See  the  IPsec  section in the Open_vSwitch table for a description of
2799       each mode.
2800
2801       options : psk: optional string
2802              In PSK mode only, the preshared secret to negotiate tunnel. This
2803              value must match on both tunnel ends.
2804
2805       options : remote_cert: optional string
2806              In  self-signed  certificate  mode only, name of a PEM file con‐
2807              taining a certificate of the remote switch. The certificate must
2808              be  x.509 version 3 and with the string in common name (CN) also
2809              set in the subject alternative name (SAN).
2810
2811       options : remote_name: optional string
2812              In CA-signed certificate mode only,  common  name  (CN)  of  the
2813              remote certificate.
2814
2815     Tunnel Options: erspan only:
2816
2817       Only erspan interfaces support these options.
2818
2819       options : erspan_idx: optional string
2820              20  bit  index/port  number associated with the ERSPAN traffic’s
2821              source port and direction (ingress/egress). This field is  plat‐
2822              form dependent.
2823
2824       options : erspan_ver: optional string
2825              ERSPAN  version:  1  for  version 1 (type II) or 2 for version 2
2826              (type III).
2827
2828       options : erspan_dir: optional string
2829              Specifies the ERSPAN v2  mirrored  traffic’s  direction.  1  for
2830              egress traffic, and 0 for ingress traffic.
2831
2832       options : erspan_hwid: optional string
2833              ERSPAN  hardware ID is a 6-bit unique identifier of an ERSPAN v2
2834              engine within a system.
2835
2836     Patch Options:
2837
2838       These options apply only to patch ports, that is, interfaces whose type
2839       column  is  patch.  Patch  ports  are mainly a way to connect otherwise
2840       independent bridges to one another, similar to how one  might  plug  an
2841       Ethernet  cable  (a ``patch cable’’) into two physical switches to con‐
2842       nect those switches. The effect of  plugging  a  patch  port  into  two
2843       switches  is conceptually similar to that of plugging the two ends of a
2844       Linux veth device into those switches, but the implementation of  patch
2845       ports makes them much more efficient.
2846
2847       Patch  ports  may connect two different bridges (the usual case) or the
2848       same bridge. In the latter case, take special care to avoid loops, e.g.
2849       by programming appropriate flows with OpenFlow. Patch ports do not work
2850       if its ends are attached to bridges on  different  datapaths,  e.g.  to
2851       connect bridges in system and netdev datapaths.
2852
2853       The  following  command  creates and connects patch ports p0 and p1 and
2854       adds them to bridges br0 and br1, respectively:
2855
2856       ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
2857              -- add-port br1 p1 -- set Interface p1 type=patch options:peer=p0
2858
2859
2860       options : peer: optional string
2861              The name of the Interface for the other side of the  patch.  The
2862              named  Interface’s own peer option must specify this Interface’s
2863              name. That is, the two patch interfaces must have reversed  name
2864              and peer values.
2865
2866     PMD (Poll Mode Driver) Options:
2867
2868       Only PMD netdevs support these options.
2869
2870       options : n_rxq: optional string, containing an integer, at least 1
2871              Specifies  the maximum number of rx queues to be created for PMD
2872              netdev. If not specified or specified to 0, one rx queue will be
2873              created by default. Not supported by DPDK vHost interfaces.
2874
2875       options : dpdk-devargs: optional string
2876              Specifies  the PCI address associated with the port for physical
2877              devices, or the virtual driver to be used for the  port  when  a
2878              virtual PMD is intended to be used. For the latter, the argument
2879              string typically  takes  the  form  of  eth_driver_namex,  where
2880              driver_name  is  a valid virtual DPDK PMD driver name and x is a
2881              unique identifier of your choice for the given port.  Only  sup‐
2882              ported by the dpdk port type.
2883
2884       other_config : pmd-rxq-affinity: optional string
2885              Specifies mapping of RX queues of this interface to CPU cores.
2886
2887              Value should be set in the following form:
2888
2889              other_config:pmd-rxq-affinity=<rxq-affinity-list>
2890
2891              where
2892
2893              ·      <rxq-affinity-list> ::= NULL | <non-empty-list>
2894
2895              ·      <non-empty-list>  ::= <affinity-pair> | <affinity-pair> ,
2896                     <non-empty-list>
2897
2898              ·      <affinity-pair> ::= <queue-id> : <core-id>
2899
2900       other_config : xdpmode: optional string, either drv or skb
2901              Specifies the operational mode of the XDP program. If "drv", the
2902              XDP  program  is loaded into the device driver with zero-copy RX
2903              and TX enabled. This mode requires  device  driver  with  AF_XDP
2904              support  and has the best performance. If "skb", the XDP program
2905              is using generic XDP mode in  kernel  with  extra  data  copying
2906              between  userspace  and  kernel.  No  device  driver  support is
2907              needed. Note that this is afxdp netdev type  only.  Defaults  to
2908              "skb" mode.
2909
2910       options : vhost-server-path: optional string
2911              The  value  specifies  the  path to the socket associated with a
2912              vHost User client mode device that has been or will  be  created
2913              by QEMU. Only supported by dpdkvhostuserclient interfaces.
2914
2915       options : dq-zero-copy: optional string, either true or false
2916              The  value  specifies whether or not to enable dequeue zero copy
2917              on the given interface. Must be set before vhost-server-path  is
2918              specified. Only supported by dpdkvhostuserclient interfaces. The
2919              feature is considered experimental.
2920
2921       options : tx-retries-max: optional string, containing  an  integer,  in
2922       range 0 to 32
2923              The  value specifies the maximum amount of vhost tx retries that
2924              can be made while trying to send a batch of packets to an inter‐
2925              face. Only supported by dpdkvhostuserclient interfaces.
2926
2927              Default value is 8.
2928
2929       options  : n_rxq_desc: optional string, containing an integer, in range
2930       1 to 4,096
2931              Specifies the rx queue size (number  rx  descriptors)  for  dpdk
2932              ports.  The  value must be a power of 2, less than 4096 and sup‐
2933              ported by the hardware of the device being  configured.  If  not
2934              specified  or  an incorrect value is specified, 2048 rx descrip‐
2935              tors will be used by default.
2936
2937       options : n_txq_desc: optional string, containing an integer, in  range
2938       1 to 4,096
2939              Specifies  the  tx  queue  size (number tx descriptors) for dpdk
2940              ports. The value must be a power of 2, less than 4096  and  sup‐
2941              ported  by  the  hardware of the device being configured. If not
2942              specified or an incorrect value is specified, 2048  tx  descrip‐
2943              tors will be used by default.
2944
2945     EMC (Exact Match Cache) Configuration:
2946
2947       These settings controls behaviour of EMC lookups/insertions for packets
2948       received from the interface.
2949
2950       other_config : emc-enable: optional string, either true or false
2951              Specifies if Exact Match Cache (EMC) should be used  while  pro‐
2952              cessing   packets   received   from  this  interface.  If  true,
2953              other_config:emc-insert-inv-prob will have effect on this inter‐
2954              face.
2955
2956              Defaults to true.
2957
2958     MTU:
2959
2960       The  MTU (maximum transmission unit) is the largest amount of data that
2961       can fit into a single Ethernet frame. The standard Ethernet MTU is 1500
2962       bytes.  Some physical media and many kinds of virtual interfaces can be
2963       configured with higher MTUs.
2964
2965       A client may change an interface MTU by filling  in  mtu_request.  Open
2966       vSwitch then reports in mtu the currently configured value.
2967
2968       mtu: optional integer
2969              The currently configured MTU for the interface.
2970
2971              This column will be empty for an interface that does not have an
2972              MTU as, for example, some kinds of tunnels do not.
2973
2974              Open vSwitch sets this column’s value, so other  clients  should
2975              treat it as read-only.
2976
2977       mtu_request: optional integer, at least 1
2978              Requested  MTU  (Maximum Transmission Unit) for the interface. A
2979              client can fill this column to change the MTU of an interface.
2980
2981              RFC 791 requires every internet module to be able to  forward  a
2982              datagram of 68 octets without further fragmentation. The maximum
2983              size of an IP packet is 65535 bytes.
2984
2985              If this is not set and if the interface has internal type,  Open
2986              vSwitch  will  change  the MTU to match the minimum of the other
2987              interfaces in the bridge.
2988
2989     Interface Status:
2990
2991       Status information about interfaces attached to bridges, updated  every
2992       5  seconds.  Not  all  interfaces have all of these properties; virtual
2993       interfaces don’t have a link speed, for example. Non-applicable columns
2994       will have empty values.
2995
2996       admin_state: optional string, either down or up
2997              The administrative state of the physical network link.
2998
2999       link_state: optional string, either down or up
3000              The  observed  state of the physical network link. This is ordi‐
3001              narily the link’s carrier status. If the interface’s Port  is  a
3002              bond configured for miimon monitoring, it is instead the network
3003              link’s miimon status.
3004
3005       link_resets: optional integer
3006              The number of times Open vSwitch has observed the link_state  of
3007              this Interface change.
3008
3009       link_speed: optional integer
3010              The  negotiated speed of the physical network link. Valid values
3011              are positive integers greater than 0.
3012
3013       duplex: optional string, either full or half
3014              The duplex mode of the physical network link.
3015
3016       lacp_current: optional boolean
3017              Boolean value indicating LACP  status  for  this  interface.  If
3018              true, this interface has current LACP information about its LACP
3019              partner. This information may be used to monitor the  health  of
3020              interfaces  in a LACP enabled port. This column will be empty if
3021              LACP is not enabled.
3022
3023       status: map of string-string pairs
3024              Key-value pairs that report port status. Supported status values
3025              are  type-dependent;  some  interfaces may not have a valid sta‐
3026              tus:driver_name, for example.
3027
3028       status : driver_name: optional string
3029              The name of the device driver controlling the network adapter.
3030
3031       status : driver_version: optional string
3032              The version string of the device driver controlling the  network
3033              adapter.
3034
3035       status : firmware_version: optional string
3036              The  version string of the network adapter’s firmware, if avail‐
3037              able.
3038
3039       status : source_ip: optional string
3040              The source IP address used for an  IPv4/IPv6  tunnel  end-point,
3041              such as gre.
3042
3043       status : tunnel_egress_iface: optional string
3044              Egress  interface  for tunnels. Currently only relevant for tun‐
3045              nels on Linux systems, this column will show  the  name  of  the
3046              interface  which is responsible for routing traffic destined for
3047              the configured options:remote_ip.  This  could  be  an  internal
3048              interface such as a bridge port.
3049
3050       status  :  tunnel_egress_iface_carrier: optional string, either down or
3051       up
3052              Whether carrier is detected on status:tunnel_egress_iface.
3053
3054     dpdk:
3055
3056       DPDK specific interface status options.
3057
3058       status : port_no: optional string
3059              DPDK port ID.
3060
3061       status : numa_id: optional string
3062              NUMA socket ID to which an Ethernet device is connected.
3063
3064       status : min_rx_bufsize: optional string
3065              Minimum size of RX buffer.
3066
3067       status : max_rx_pktlen: optional string
3068              Maximum configurable length of RX pkt.
3069
3070       status : max_rx_queues: optional string
3071              Maximum number of RX queues.
3072
3073       status : max_tx_queues: optional string
3074              Maximum number of TX queues.
3075
3076       status : max_mac_addrs: optional string
3077              Maximum number of MAC addresses.
3078
3079       status : max_hash_mac_addrs: optional string
3080              Maximum number of hash MAC addresses for MTA and UTA.
3081
3082       status : max_vfs: optional string
3083              Maximum number of hash MAC addresses for MTA  and  UTA.  Maximum
3084              number of VFs.
3085
3086       status : max_vmdq_pools: optional string
3087              Maximum number of VMDq pools.
3088
3089       status : if_type: optional string
3090              Interface type ID according to IANA ifTYPE MIB definitions.
3091
3092       status : if_descr: optional string
3093              Interface description string.
3094
3095       status : pci-vendor_id: optional string
3096              Vendor ID of PCI device.
3097
3098       status : pci-device_id: optional string
3099              Device ID of PCI device.
3100
3101     Statistics:
3102
3103       Key-value pairs that report interface statistics. The current implemen‐
3104       tation updates these counters periodically. The update period  is  con‐
3105       trolled  by  other_config:stats-update-interval in the Open_vSwitch ta‐
3106       ble. Future implementations may update them when an interface  is  cre‐
3107       ated, when they are queried (e.g. using an OVSDB select operation), and
3108       just before an interface is deleted due to virtual interface hot-unplug
3109       or  VM  shutdown,  and  perhaps  at other times, but not on any regular
3110       periodic basis.
3111
3112       These are the same  statistics  reported  by  OpenFlow  in  its  struct
3113       ofp_port_stats  structure.  If  an  interface  does not support a given
3114       statistic, then that pair is omitted.
3115
3116     Statistics: Successful transmit and receive counters:
3117
3118       statistics : rx_packets: optional integer
3119              Number of received packets.
3120
3121       statistics : rx_bytes: optional integer
3122              Number of received bytes.
3123
3124       statistics : tx_packets: optional integer
3125              Number of transmitted packets.
3126
3127       statistics : tx_bytes: optional integer
3128              Number of transmitted bytes.
3129
3130     Statistics: Receive errors:
3131
3132       statistics : rx_dropped: optional integer
3133              Number of packets dropped by RX.
3134
3135       statistics : rx_frame_err: optional integer
3136              Number of frame alignment errors.
3137
3138       statistics : rx_over_err: optional integer
3139              Number of packets with RX overrun.
3140
3141       statistics : rx_crc_err: optional integer
3142              Number of CRC errors.
3143
3144       statistics : rx_errors: optional integer
3145              Total number of receive errors, greater than or equal to the sum
3146              of the above.
3147
3148     Statistics: Transmit errors:
3149
3150       statistics : tx_dropped: optional integer
3151              Number of packets dropped by TX.
3152
3153       statistics : collisions: optional integer
3154              Number of collisions.
3155
3156       statistics : tx_errors: optional integer
3157              Total  number  of  transmit errors, greater than or equal to the
3158              sum of the above.
3159
3160     Ingress Policing:
3161
3162       These settings control ingress policing for packets  received  on  this
3163       interface. On a physical interface, this limits the rate at which traf‐
3164       fic is allowed into the system from the outside; on a virtual interface
3165       (one connected to a virtual machine), this limits the rate at which the
3166       VM is able to transmit.
3167
3168       Policing is a simple form of quality-of-service that simply drops pack‐
3169       ets  received  in excess of the configured rate. Due to its simplicity,
3170       policing is usually less accurate and less effective  than  egress  QoS
3171       (which is configured using the QoS and Queue tables).
3172
3173       Policing  is  currently  implemented  on  Linux and OVS with DPDK. Both
3174       implementations use a simple ``token bucket’’ approach:
3175
3176              ·      The size of  the  bucket  corresponds  to  ingress_polic‐
3177                     ing_burst. Initially the bucket is full.
3178
3179              ·      Whenever  a  packet  is  received, its size (converted to
3180                     tokens) is compared to the number of tokens currently  in
3181                     the  bucket.  If the required number of tokens are avail‐
3182                     able, they are removed and the packet is forwarded.  Oth‐
3183                     erwise, the packet is dropped.
3184
3185              ·      Whenever  it  is  not  full,  the bucket is refilled with
3186                     tokens at the rate specified by ingress_policing_rate.
3187
3188       Policing interacts badly with some network  protocols,  and  especially
3189       with fragmented IP packets. Suppose that there is enough network activ‐
3190       ity to keep the bucket nearly empty  all  the  time.  Then  this  token
3191       bucket  algorithm will forward a single packet every so often, with the
3192       period depending on packet size and on the configured rate. All of  the
3193       fragments  of an IP packets are normally transmitted back-to-back, as a
3194       group. In such a situation, therefore, only one of these fragments will
3195       be  forwarded and the rest will be dropped. IP does not provide any way
3196       for the intended recipient to ask for only the remaining fragments.  In
3197       such  a  case  there  are two likely possibilities for what will happen
3198       next: either all of the fragments will eventually be retransmitted  (as
3199       TCP  will do), in which case the same problem will recur, or the sender
3200       will not realize that its packet has been dropped and data will  simply
3201       be lost (as some UDP-based protocols will do). Either way, it is possi‐
3202       ble that no forward progress will ever occur.
3203
3204       ingress_policing_rate: integer, at least 0
3205              Maximum rate for data received on this interface, in kbps.  Data
3206              received  faster  than  this  rate  is  dropped.  Set  to 0 (the
3207              default) to disable policing.
3208
3209       ingress_policing_burst: integer, at least 0
3210              Maximum burst size for data received on this interface,  in  kb.
3211              The  default burst size if set to 0 is 8000 kbit. This value has
3212              no effect if ingress_policing_rate is 0.
3213
3214              Specifying a larger burst size lets the algorithm be  more  for‐
3215              giving, which is important for protocols like TCP that react se‐
3216              verely to dropped packets. The burst size should be at least the
3217              size  of the interface’s MTU. Specifying a value that is numeri‐
3218              cally at least as large as 80%  of  ingress_policing_rate  helps
3219              TCP come closer to achieving the full rate.
3220
3221     Bidirectional Forwarding Detection (BFD):
3222
3223       BFD,  defined in RFC 5880 and RFC 5881, allows point-to-point detection
3224       of connectivity failures by occasional transmission of BFD control mes‐
3225       sages. Open vSwitch implements BFD to serve as a more popular and stan‐
3226       dards compliant alternative to CFM.
3227
3228       BFD operates by regularly transmitting BFD control messages at  a  rate
3229       negotiated independently in each direction. Each endpoint specifies the
3230       rate at which it expects to receive control messages, and the  rate  at
3231       which  it  is willing to transmit them. By default, Open vSwitch uses a
3232       detection multiplier of three, meaning that an endpoint signals a  con‐
3233       nectivity  fault  if  three  consecutive  BFD  control messages fail to
3234       arrive. In the case of a unidirectional connectivity issue, the  system
3235       not  receiving  BFD control messages signals the problem to its peer in
3236       the messages it transmits.
3237
3238       The Open vSwitch implementation of BFD aims to comply  faithfully  with
3239       RFC  5880  requirements.  Open  vSwitch does not implement the optional
3240       Authentication or ``Echo Mode’’ features.
3241
3242     BFD Configuration:
3243
3244       A controller sets up key-value pairs in the bfd column  to  enable  and
3245       configure BFD.
3246
3247       bfd : enable: optional string, either true or false
3248              True to enable BFD on this Interface. If not specified, BFD will
3249              not be enabled by default.
3250
3251       bfd : min_rx: optional string, containing an integer, at least 1
3252              The shortest interval, in milliseconds, at which this  BFD  ses‐
3253              sion offers to receive BFD control messages. The remote endpoint
3254              may choose to send messages at a slower rate. Defaults to 1000.
3255
3256       bfd : min_tx: optional string, containing an integer, at least 1
3257              The shortest interval, in milliseconds, at which this  BFD  ses‐
3258              sion  is willing to transmit BFD control messages. Messages will
3259              actually be transmitted at a slower rate if the remote  endpoint
3260              is  not  willing to receive as quickly as specified. Defaults to
3261              100.
3262
3263       bfd : decay_min_rx: optional string, containing an integer
3264              An alternate receive interval, in  milliseconds,  that  must  be
3265              greater than or equal to bfd:min_rx. The implementation switches
3266              from bfd:min_rx to bfd:decay_min_rx when  there  is  no  obvious
3267              incoming  data  traffic  at the interface, to reduce the CPU and
3268              bandwidth cost of monitoring an idle interface. This feature may
3269              be disabled by setting a value of 0. This feature is reset when‐
3270              ever bfd:decay_min_rx or bfd:min_rx changes.
3271
3272       bfd : forwarding_if_rx: optional string, either true or false
3273              When true, traffic received on the Interface is used to indicate
3274              the  capability  of  packet  I/O.  BFD control packets are still
3275              transmitted and received. At least one BFD control  packet  must
3276              be  received  every  100 * bfd:min_rx amount of time. Otherwise,
3277              even if traffic are received, the bfd:forwarding will be false.
3278
3279       bfd : cpath_down: optional string, either true or false
3280              Set to true to notify the remote endpoint  that  traffic  should
3281              not  be  forwarded  to  this system for some reason other than a
3282              connectivty failure on the interface being monitored. The  typi‐
3283              cal  underlying  reason  is ``concatenated path down,’’ that is,
3284              that connectivity beyond the local system is down.  Defaults  to
3285              false.
3286
3287       bfd : check_tnl_key: optional string, either true or false
3288              Set to true to make BFD accept only control messages with a tun‐
3289              nel key of zero. By default, BFD accepts control  messages  with
3290              any tunnel key.
3291
3292       bfd : bfd_local_src_mac: optional string
3293              Set  to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3294              the MAC used as source for transmitted BFD packets. The  default
3295              is the mac address of the BFD enabled interface.
3296
3297       bfd : bfd_local_dst_mac: optional string
3298              Set  to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3299              the MAC used as destination for  transmitted  BFD  packets.  The
3300              default is 00:23:20:00:00:01.
3301
3302       bfd : bfd_remote_dst_mac: optional string
3303              Set  to an Ethernet address in the form xx:xx:xx:xx:xx:xx to set
3304              the MAC used for checking the destination of received BFD  pack‐
3305              ets.  Packets with different destination MAC will not be consid‐
3306              ered as BFD  packets.  If  not  specified  the  destination  MAC
3307              address of received BFD packets are not checked.
3308
3309       bfd : bfd_src_ip: optional string
3310              Set  to an IPv4 address to set the IP address used as source for
3311              transmitted BFD packets. The default is 169.254.1.1.
3312
3313       bfd : bfd_dst_ip: optional string
3314              Set to an IPv4 address to set the IP address used as destination
3315              for transmitted BFD packets. The default is 169.254.1.0.
3316
3317       bfd : oam: optional string
3318              Some  tunnel  protocols  (such  as  Geneve) include a bit in the
3319              header to indicate that the encapsulated packet is an OAM frame.
3320              By  setting  this  to true, BFD packets will be marked as OAM if
3321              encapsulated in one of these tunnels.
3322
3323       bfd : mult: optional string, containing an integer, in range 1 to 255
3324              The BFD detection multiplier, which defaults to 3.  An  endpoint
3325              signals  a connectivity fault if the given number of consecutive
3326              BFD control messages fail to arrive.
3327
3328     BFD Status:
3329
3330       The switch sets key-value pairs in the bfd_status column to report  the
3331       status  of  BFD  on  this  interface.  When  BFD  is  not enabled, with
3332       bfd:enable, the switch clears all key-value pairs from bfd_status.
3333
3334       bfd_status : state: optional string, one of admin_down, down, init,  or
3335       up
3336              Reports  the  state of the BFD session. The BFD session is fully
3337              healthy and negotiated if UP.
3338
3339       bfd_status : forwarding: optional string, either true or false
3340              Reports whether the BFD session believes this Interface  may  be
3341              used  to forward traffic. Typically this means the local session
3342              is signaling UP, and the remote system isn’t signaling a problem
3343              such as concatenated path down.
3344
3345       bfd_status : diagnostic: optional string
3346              A  diagnostic  code specifying the local system’s reason for the
3347              last change in session state. The error messages are defined  in
3348              section 4.1 of [RFC 5880].
3349
3350       bfd_status  :  remote_state:  optional string, one of admin_down, down,
3351       init, or up
3352              Reports the state of the remote endpoint’s BFD session.
3353
3354       bfd_status : remote_diagnostic: optional string
3355              A diagnostic code specifying the remote system’s reason for  the
3356              last  change in session state. The error messages are defined in
3357              section 4.1 of [RFC 5880].
3358
3359       bfd_status : flap_count: optional string,  containing  an  integer,  at
3360       least 0
3361              Counts  the number of bfd_status:forwarding flaps since start. A
3362              flap is considered as  a  change  of  the  bfd_status:forwarding
3363              value.
3364
3365     Connectivity Fault Management:
3366
3367       802.1ag  Connectivity  Fault Management (CFM) allows a group of Mainte‐
3368       nance Points (MPs) called a Maintenance Association (MA) to detect con‐
3369       nectivity  problems  with  each other. MPs within a MA should have com‐
3370       plete and exclusive interconnectivity. This is verified by occasionally
3371       broadcasting  Continuity Check Messages (CCMs) at a configurable trans‐
3372       mission interval.
3373
3374       According to the 802.1ag specification, each Maintenance  Point  should
3375       be  configured  out-of-band with a list of Remote Maintenance Points it
3376       should have connectivity to. Open vSwitch differs from  the  specifica‐
3377       tion  in  this area. It simply assumes the link is faulted if no Remote
3378       Maintenance Points are reachable, and considers it not  faulted  other‐
3379       wise.
3380
3381       When operating over tunnels which have no in_key, or an in_key of flow.
3382       CFM will only accept CCMs with a tunnel key of zero.
3383
3384       cfm_mpid: optional integer
3385              A Maintenance Point ID (MPID) uniquely identifies each  endpoint
3386              within  a  Maintenance Association. The MPID is used to identify
3387              this endpoint to other Maintenance Points in the MA. Each end of
3388              a  link  being  monitored  should have a different MPID. Must be
3389              configured to enable CFM on this Interface.
3390
3391              According to the 802.1ag specification,  MPIDs  can  only  range
3392              between  [1,  8191].  However,  extended  mode  (see  other_con‐
3393              fig:cfm_extended) supports eight byte MPIDs.
3394
3395       cfm_flap_count: optional integer
3396              Counts the number of cfm fault flapps since boot. A flap is con‐
3397              sidered to be a change of the cfm_fault value.
3398
3399       cfm_fault: optional boolean
3400              Indicates  a  connectivity  fault  triggered  by an inability to
3401              receive heartbeats from any remote endpoint.  When  a  fault  is
3402              triggered  on  Interfaces  participating  in bonds, they will be
3403              disabled.
3404
3405              Faults can be triggered for several  reasons.  Most  importantly
3406              they are triggered when no CCMs are received for a period of 3.5
3407              times the transmission interval. Faults are also triggered  when
3408              any CCMs indicate that a Remote Maintenance Point is not receiv‐
3409              ing CCMs but able to send them. Finally, a fault is triggered if
3410              a  CCM  is  received  which  indicates unexpected configuration.
3411              Notably, this case arises when a CCM is  received  which  adver‐
3412              tises the local MPID.
3413
3414       cfm_fault_status : recv: none
3415              Indicates  a  CFM  fault  was  triggered  due  to a lack of CCMs
3416              received on the Interface.
3417
3418       cfm_fault_status : rdi: none
3419              Indicates a CFM fault was triggered due to the  reception  of  a
3420              CCM with the RDI bit flagged. Endpoints set the RDI bit in their
3421              CCMs when they are not receiving CCMs themselves. This typically
3422              indicates a unidirectional connectivity failure.
3423
3424       cfm_fault_status : maid: none
3425              Indicates  a  CFM  fault was triggered due to the reception of a
3426              CCM with a MAID other than the one Open vSwitch uses. CFM broad‐
3427              casts  are  tagged  with an identification number in addition to
3428              the MPID called the MAID. Open vSwitch only  supports  receiving
3429              CCM broadcasts tagged with the MAID it uses internally.
3430
3431       cfm_fault_status : loopback: none
3432              Indicates  a  CFM  fault was triggered due to the reception of a
3433              CCM advertising the same MPID configured in the cfm_mpid  column
3434              of this Interface. This may indicate a loop in the network.
3435
3436       cfm_fault_status : overflow: none
3437              Indicates  a  CFM  fault  was  triggered  because the CFM module
3438              received CCMs from more remote endpoints than it can keep  track
3439              of.
3440
3441       cfm_fault_status : override: none
3442              Indicates a CFM fault was manually triggered by an administrator
3443              using an ovs-appctl command.
3444
3445       cfm_fault_status : interval: none
3446              Indicates a CFM fault was triggered due to the  reception  of  a
3447              CCM frame having an invalid interval.
3448
3449       cfm_remote_opstate: optional string, either down or up
3450              When  in  extended  mode, indicates the operational state of the
3451              remote  endpoint  as  either  up   or   down.   See   other_con‐
3452              fig:cfm_opstate.
3453
3454       cfm_health: optional integer, in range 0 to 100
3455              Indicates  the  health  of  the interface as a percentage of CCM
3456              frames received over 21 other_config:cfm_intervals.  The  health
3457              of  an  interface  is undefined if it is communicating with more
3458              than one cfm_remote_mpids. It reduces if healthy heartbeats  are
3459              not  received  at  the  expected rate, and gradually improves as
3460              healthy heartbeats are received at the desired  rate.  Every  21
3461              other_config:cfm_intervals,  the  health  of  the  interface  is
3462              refreshed.
3463
3464              As mentioned above, the faults can be triggered for several rea‐
3465              sons.  The  link  health will deteriorate even if heartbeats are
3466              received but they are reported to  be  unhealthy.  An  unhealthy
3467              heartbeat  in  this context is a heartbeat for which either some
3468              fault is set or is out of sequence. The interface health can  be
3469              100 only on receiving healthy heartbeats at the desired rate.
3470
3471       cfm_remote_mpids: set of integers
3472              When  CFM is properly configured, Open vSwitch will occasionally
3473              receive CCM broadcasts. These broadcasts contain the MPID of the
3474              sending  Maintenance  Point.  The  list of MPIDs from which this
3475              Interface is receiving broadcasts from  is  regularly  collected
3476              and written to this column.
3477
3478       other_config : cfm_interval: optional string, containing an integer
3479              The  interval,  in  milliseconds,  between  transmissions of CFM
3480              heartbeats. Three missed heartbeat receptions indicate a connec‐
3481              tivity fault.
3482
3483              In  standard  operation  only  intervals  of  3, 10, 100, 1,000,
3484              10,000, 60,000, or 600,000 ms are supported. Other  values  will
3485              be  rounded down to the nearest value on the list. Extended mode
3486              (see other_config:cfm_extended)  supports  any  interval  up  to
3487              65,535 ms. In either mode, the default is 1000 ms.
3488
3489              We do not recommend using intervals less than 100 ms.
3490
3491       other_config : cfm_extended: optional string, either true or false
3492              When true, the CFM module operates in extended mode. This causes
3493              it to use a nonstandard destination address to avoid conflicting
3494              with compliant implementations which may be running concurrently
3495              on the network. Furthermore, extended mode increases  the  accu‐
3496              racy  of  the  cfm_interval  configuration parameter by breaking
3497              wire compatibility with 802.1ag compliant  implementations.  And
3498              extended mode allows eight byte MPIDs. Defaults to false.
3499
3500       other_config : cfm_demand: optional string, either true or false
3501              When true, and other_config:cfm_extended is true, the CFM module
3502              operates in demand mode. When in demand mode,  traffic  received
3503              on  the  Interface  is used to indicate liveness. CCMs are still
3504              transmitted and received. At least  one  CCM  must  be  received
3505              every 100 * other_config:cfm_interval amount of time. Otherwise,
3506              even if traffic are received, the CFM module will raise the con‐
3507              nectivity fault.
3508
3509              Demand mode has a couple of caveats:
3510
3511              ·      To  ensure that ovs-vswitchd has enough time to pull sta‐
3512                     tistics from the datapath, the fault  detection  interval
3513                     is set to 3.5 * MAX(other_config:cfm_interval, 500) ms.
3514
3515              ·      To  avoid  ambiguity,  demand  mode  disables itself when
3516                     there are multiple remote maintenance points.
3517
3518              ·      If the Interface is heavily  congested,  CCMs  containing
3519                     the  other_config:cfm_opstate status may be dropped caus‐
3520                     ing changes in the operational state to be delayed. Simi‐
3521                     larly,  if  CCMs containing the RDI bit are not received,
3522                     unidirectional link failures may not be detected.
3523
3524       other_config : cfm_opstate: optional string, either down or up
3525              When down, the CFM module marks all CCMs it generates as  opera‐
3526              tionally  down  without  triggering  a fault. This allows remote
3527              maintenance points to choose  not  to  forward  traffic  to  the
3528              Interface  on  which  this  CFM module is running. Currently, in
3529              Open vSwitch, the opdown bit of CCMs affects Interfaces partici‐
3530              pating in bonds, and the bundle OpenFlow action. This setting is
3531              ignored when CFM is not in extended mode. Defaults to up.
3532
3533       other_config : cfm_ccm_vlan: optional string, containing an integer, in
3534       range 1 to 4,095
3535              When  set,  the  CFM module will apply a VLAN tag to all CCMs it
3536              generates with the given value. May  be  the  string  random  in
3537              which  case  each  CCM  will be tagged with a different randomly
3538              generated VLAN.
3539
3540       other_config : cfm_ccm_pcp: optional string, containing an integer,  in
3541       range 1 to 7
3542              When  set,  the  CFM module will apply a VLAN tag to all CCMs it
3543              generates with the given PCP value, the VLAN ID of  the  tag  is
3544              governed   by   the   value   of  other_config:cfm_ccm_vlan.  If
3545              other_config:cfm_ccm_vlan is unset, a VLAN ID of zero is used.
3546
3547     Bonding Configuration:
3548
3549       other_config : lacp-port-id: optional string, containing an integer, in
3550       range 1 to 65,535
3551              The  LACP  port  ID of this Interface. Port IDs are used in LACP
3552              negotiations to identify individual  ports  participating  in  a
3553              bond.
3554
3555       other_config : lacp-port-priority: optional string, containing an inte‐
3556       ger, in range 1 to 65,535
3557              The LACP port priority of this Interface. In  LACP  negotiations
3558              Interfaces  with  numerically lower priorities are preferred for
3559              aggregation.
3560
3561       other_config : lacp-aggregation-key:  optional  string,  containing  an
3562       integer, in range 1 to 65,535
3563              The LACP aggregation key of this Interface. Interfaces with dif‐
3564              ferent aggregation keys may not be active within a given Port at
3565              the same time.
3566
3567     Virtual Machine Identifiers:
3568
3569       These  key-value  pairs  specifically apply to an interface that repre‐
3570       sents a virtual Ethernet interface  connected  to  a  virtual  machine.
3571       These  key-value  pairs should not be present for other types of inter‐
3572       faces. Keys whose names end in -uuid have values that uniquely identify
3573       the entity in question. For a Citrix XenServer hypervisor, these values
3574       are UUIDs in RFC 4122 format. Other hypervisors may use other formats.
3575
3576       external_ids : attached-mac: optional string
3577              The MAC address programmed into  the  ``virtual  hardware’’  for
3578              this  interface,  in  the  form  xx:xx:xx:xx:xx:xx.  For  Citrix
3579              XenServer, this is the value of the MAC field in the VIF  record
3580              for this interface.
3581
3582       external_ids : iface-id: optional string
3583              A system-unique identifier for the interface. On XenServer, this
3584              will commonly be the same as external_ids:xs-vif-uuid.
3585
3586       external_ids : iface-status: optional string, either active or inactive
3587              Hypervisors may sometimes have more than one  interface  associ‐
3588              ated  with  a  given external_ids:iface-id, only one of which is
3589              actually in use at a given time. For example,  in  some  circum‐
3590              stances XenServer has both a ``tap’’ and a ``vif’’ interface for
3591              a single external_ids:iface-id, but only uses one of them  at  a
3592              time. A hypervisor that behaves this way must mark the currently
3593              in use interface active and the others  inactive.  A  hypervisor
3594              that  never  has  more  than  one  interface  for a given exter‐
3595              nal_ids:iface-id may mark that interface active or  omit  exter‐
3596              nal_ids:iface-status entirely.
3597
3598              During  VM  migration, a given external_ids:iface-id might tran‐
3599              siently be marked active on two different hypervisors. That  is,
3600              active  means  that  this  external_ids:iface-id  is  the active
3601              instance within a single hypervisor, not  in  a  broader  scope.
3602              There  is  one exception: some hypervisors support ``migration’’
3603              from a given hypervisor to itself  (most  often  for  test  pur‐
3604              poses).  During  such a ``migration,’’ two instances of a single
3605              external_ids:iface-id might both be briefly marked active  on  a
3606              single hypervisor.
3607
3608       external_ids : xs-vif-uuid: optional string
3609              The virtual interface associated with this interface.
3610
3611       external_ids : xs-network-uuid: optional string
3612              The virtual network to which this interface is attached.
3613
3614       external_ids : vm-id: optional string
3615              The  VM to which this interface belongs. On XenServer, this will
3616              be the same as external_ids:xs-vm-uuid.
3617
3618       external_ids : xs-vm-uuid: optional string
3619              The VM to which this interface belongs.
3620
3621     Auto Attach Configuration:
3622
3623       Auto Attach configuration for a particular interface.
3624
3625       lldp : enable: optional string, either true or false
3626              True to enable LLDP on this Interface. If  not  specified,  LLDP
3627              will be disabled by default.
3628
3629     Flow control Configuration:
3630
3631       Ethernet flow control defined in IEEE 802.1Qbb provides link level flow
3632       control using MAC pause frames. Implemented only  for  interfaces  with
3633       type dpdk.
3634
3635       options : rx-flow-ctrl: optional string, either true or false
3636              Set  to  true  to  enable  Rx flow control on physical ports. By
3637              default, Rx flow control is disabled.
3638
3639       options : tx-flow-ctrl: optional string, either true or false
3640              Set to true to enable Tx flow  control  on  physical  ports.  By
3641              default, Tx flow control is disabled.
3642
3643       options : flow-ctrl-autoneg: optional string, either true or false
3644              Set  to true to enable flow control auto negotiation on physical
3645              ports. By default, auto-neg is disabled.
3646
3647     Link State Change detection mode:
3648
3649       options : dpdk-lsc-interrupt: optional string, either true or false
3650              Set this value to true to  configure  interrupt  mode  for  Link
3651              State  Change  (LSC) detection instead of poll mode for the DPDK
3652              interface.
3653
3654              If this value is not set, poll mode is configured.
3655
3656              This parameter has an effect only on netdev dpdk interfaces.
3657
3658     Common Columns:
3659
3660       The overall purpose of these columns is described under Common  Columns
3661       at the beginning of this document.
3662
3663       other_config: map of string-string pairs
3664
3665       external_ids: map of string-string pairs
3666

Flow_Table TABLE

3668       Configuration for a particular OpenFlow table.
3669
3670   Summary:
3671       name                          optional string
3672       Eviction Policy:
3673         flow_limit                  optional integer, at least 0
3674         overflow_policy             optional string, either evict or refuse
3675         groups                      set of strings
3676       Classifier Optimization:
3677         prefixes                    set of up to 3 strings
3678       Common Columns:
3679         external_ids                map of string-string pairs
3680
3681   Details:
3682       name: optional string
3683              The  table’s  name. Set this column to change the name that con‐
3684              trollers will receive when they request table  statistics,  e.g.
3685              ovs-ofctl dump-tables. The name does not affect switch behavior.
3686
3687     Eviction Policy:
3688
3689       Open  vSwitch  supports  limiting  the  number  of  flows  that  may be
3690       installed in a flow table, via the flow_limit  column.  When  adding  a
3691       flow would exceed this limit, by default Open vSwitch reports an error,
3692       but there are two ways to configure  Open  vSwitch  to  instead  delete
3693       (``evict’’) a flow to make room for the new one:
3694
3695              ·      Set the overflow_policy column to evict.
3696
3697              ·      Send  an  OpenFlow  1.4+  ``table mod request’’ to enable
3698                     eviction for the flow table (e.g. ovs-ofctl -O OpenFlow14
3699                     mod-table  br0 0 evict to enable eviction on flow table 0
3700                     of bridge br0).
3701
3702       When a flow must be evicted due to overflow, the flow to evict is  cho‐
3703       sen through an approximation of the following algorithm. This algorithm
3704       is used regardless of how eviction was enabled:
3705
3706              1.  Divide the flows in the table into groups based on the  val‐
3707                  ues  of the fields or subfields specified in the groups col‐
3708                  umn, so that all of the flows in a given group have the same
3709                  values  for those fields. If a flow does not specify a given
3710                  field, that field’s value is treated  as  0.  If  groups  is
3711                  empty,  then  all of the flows in the flow table are treated
3712                  as a single group.
3713
3714              2.  Consider the flows in the largest group, that is, the  group
3715                  that  contains  the greatest number of flows. If two or more
3716                  groups all have the same largest number of  flows,  consider
3717                  the flows in all of those groups.
3718
3719              3.  If  the  flows under consideration have different importance
3720                  values, eliminate from consideration any flows except  those
3721                  with  the lowest importance. (``Importance,’’ a 16-bit inte‐
3722                  ger value attached to each flow, was introduced in  OpenFlow
3723                  1.4.  Flows  inserted with older versions of OpenFlow always
3724                  have an importance of 0.)
3725
3726              4.  Among the flows under consideration, choose  the  flow  that
3727                  expires soonest for eviction.
3728
3729       The  eviction process only considers flows that have an idle timeout or
3730       a hard timeout. That is, eviction never deletes permanent flows.  (Per‐
3731       manent flows do count against flow_limit.)
3732
3733       flow_limit: optional integer, at least 0
3734              If  set, limits the number of flows that may be added to the ta‐
3735              ble. Open vSwitch may limit the number of flows in a  table  for
3736              other  reasons, e.g. due to hardware limitations or for resource
3737              availability or performance reasons.
3738
3739       overflow_policy: optional string, either evict or refuse
3740              Controls the switch’s behavior when an OpenFlow flow table modi‐
3741              fication  request  would  add flows in excess of flow_limit. The
3742              supported values are:
3743
3744              refuse Refuse to add the flow or flows. This is also the default
3745                     policy when overflow_policy is unset.
3746
3747              evict  Delete a flow chosen according to the algorithm described
3748                     above.
3749
3750       groups: set of strings
3751              When overflow_policy is evict, this controls how flows are  cho‐
3752              sen  for  eviction  when  the  flow table would otherwise exceed
3753              flow_limit flows. Its value is a  set  of  NXM  fields  or  sub-
3754              fields,  each  of  which  takes  one  of  the  forms  field[] or
3755              field[start..end], e.g. NXM_OF_IN_PORT[]. Please see meta-flow.h
3756              for a complete list of NXM field names.
3757
3758              Open  vSwitch  ignores  any  invalid or unknown field specifica‐
3759              tions.
3760
3761              When eviction is not enabled, via overflow_policy or an OpenFlow
3762              1.4+ ``table mod,’’ this column has no effect.
3763
3764     Classifier Optimization:
3765
3766       prefixes: set of up to 3 strings
3767              This  string  set  specifies  which  fields  should  be used for
3768              address prefix tracking. Prefix tracking allows  the  classifier
3769              to  skip rules with longer than necessary prefixes, resulting in
3770              better wildcarding for datapath flows.
3771
3772              Prefix tracking may be beneficial when  a  flow  table  contains
3773              matches  on IP address fields with different prefix lengths. For
3774              example, when a flow table contains IP address matches  on  both
3775              full  addresses  and  proper  prefixes, the full address matches
3776              will typically cause the datapath flow to un-wildcard the  whole
3777              address field (depending on flow entry priorities). In this case
3778              each  packet  with  a  different  address  gets  handed  to  the
3779              userspace  for  flow  processing  and generates its own datapath
3780              flow. With prefix tracking enabled  for  the  address  field  in
3781              question  packets with addresses matching shorter prefixes would
3782              generate datapath flows where the irrelevant  address  bits  are
3783              wildcarded,  allowing  the  same datapath flow to handle all the
3784              packets within  the  prefix  in  question.  In  this  case  many
3785              userspace upcalls can be avoided and the overall performance can
3786              be better.
3787
3788              This is a performance optimization only, so packets will receive
3789              the same treatment with or without prefix tracking.
3790
3791              The    supported   fields   are:   tun_id,   tun_src,   tun_dst,
3792              tun_ipv6_src, tun_ipv6_dst, nw_src, nw_dst  (or  aliases  ip_src
3793              and  ip_dst),  ipv6_src,  and  ipv6_dst. (Using this feature for
3794              tun_id would only make sense  if  the  tunnel  IDs  have  prefix
3795              structure similar to IP addresses.)
3796
3797              By default, the prefixes=ip_dst,ip_src are used on each flow ta‐
3798              ble. This instructs the flow classifier to track the IP destina‐
3799              tion  and  source  addresses  used by the rules in this specific
3800              flow table.
3801
3802              The keyword none is recognized as an explicit  override  of  the
3803              default values, causing no prefix fields to be tracked.
3804
3805              To set the prefix fields, the flow table record needs to exist:
3806
3807              ovs-vsctl  set  Bridge  br0 flow_tables:0=@N1 -- --id=@N1 create
3808              Flow_Table name=table0
3809                     Creates a flow table record for the OpenFlow table number
3810                     0.
3811
3812              ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
3813                     Enables  prefix  tracking  for  IP source and destination
3814                     address fields.
3815
3816              There is a maximum number of fields that can be enabled for  any
3817              one flow table. Currently this limit is 3.
3818
3819     Common Columns:
3820
3821       The  overall purpose of these columns is described under Common Columns
3822       at the beginning of this document.
3823
3824       external_ids: map of string-string pairs
3825

QoS TABLE

3827       Quality of Service (QoS) configuration for each  Port  that  references
3828       it.
3829
3830   Summary:
3831       type                          string
3832       queues                        map  of integer-Queue pairs, key in range
3833                                     0 to 4,294,967,295
3834       Configuration for linux-htb and linux-hfsc:
3835         other_config : max-rate     optional string, containing an integer
3836       Configuration for egress-policer QoS:
3837         other_config : cir          optional string, containing an integer
3838         other_config : cbs          optional string, containing an integer
3839       Configuration for linux-sfq:
3840         other_config : perturb      optional string, containing an integer
3841         other_config : quantum      optional string, containing an integer
3842       Configuration for linux-netem:
3843         other_config : latency      optional string, containing an integer
3844         other_config : limit        optional string, containing an integer
3845         other_config : loss         optional string, containing an integer
3846       Common Columns:
3847         other_config                map of string-string pairs
3848         external_ids                map of string-string pairs
3849
3850   Details:
3851       type: string
3852              The type of QoS to implement. The currently  defined  types  are
3853              listed below:
3854
3855              linux-htb
3856                     Linux  ``hierarchy  token  bucket’’  classifier.  See tc-
3857                     htb(8) (also  at  http://linux.die.net/man/8/tc-htb)  and
3858                     the  HTB  manual (http://luxik.cdi.cz/~devik/qos/htb/man‐
3859                     ual/userg.htm) for information  on  how  this  classifier
3860                     works and how to configure it.
3861
3862              linux-hfsc
3863                     Linux  "Hierarchical  Fair Service Curve" classifier. See
3864                     http://linux-ip.net/articles/hfsc.en/ for information  on
3865                     how this classifier works.
3866
3867              linux-sfq
3868                     Linux  ``Stochastic  Fairness  Queueing’’ classifier. See
3869                     tc-sfq(8) (also at http://linux.die.net/man/8/tc-sfq) for
3870                     information on how this classifier works.
3871
3872              linux-codel
3873                     Linux  ``Controlled  Delay’’  classifier. See tc-codel(8)
3874                     (also                                                  at
3875                     http://man7.org/linux/man-pages/man8/tc-codel.8.html) for
3876                     information on how this classifier works.
3877
3878              linux-fq_codel
3879                     Linux ``Fair Queuing with Controlled Delay’’  classifier.
3880                     See           tc-fq_codel(8)           (also           at
3881                     http://man7.org/linux/man-pages/man8/tc-fq_codel.8.html)
3882                     for information on how this classifier works.
3883
3884              linux-netem
3885                     Linux  ``Network  Emulator’’  classifier. See tc-netem(8)
3886                     (also                                                  at
3887                     http://man7.org/linux/man-pages/man8/tc-netem.8.html) for
3888                     information on how this classifier works.
3889
3890              linux-noop
3891                     Linux ``No operation.’’ By default, Open vSwitch  manages
3892                     quality  of  service on all of its configured ports. This
3893                     can be helpful, but sometimes  administrators  prefer  to
3894                     use other software to manage QoS. This type prevents Open
3895                     vSwitch from changing the QoS configuration for a port.
3896
3897              egress-policer
3898                     A DPDK egress policer algorithm using the DPDK  rte_meter
3899                     library. The rte_meter library provides an implementation
3900                     which allows the metering and policing  of  traffic.  The
3901                     implementation  in OVS essentially creates a single token
3902                     bucket used to police traffic. It should  be  noted  that
3903                     when  the  rte_meter  is  configured as part of QoS there
3904                     will be a performance overhead as  the  rte_meter  itself
3905                     will consume CPU cycles in order to police traffic. These
3906                     CPU cycles ordinarily are used for packet proccessing. As
3907                     such  the drop in performance will be noticed in terms of
3908                     overall aggregate traffic throughput.
3909
3910       queues: map of integer-Queue pairs, key in range 0 to 4,294,967,295
3911              A map from queue numbers to Queue records. The  supported  range
3912              of  queue numbers depend on type. The queue numbers are the same
3913              as the queue_id used in OpenFlow  in  struct  ofp_action_enqueue
3914              and other structures.
3915
3916              Queue  0 is the ``default queue.’’ It is used by OpenFlow output
3917              actions when no specific queue has been set. When no  configura‐
3918              tion  for  queue 0 is present, it is automatically configured as
3919              if a Queue record with empty dscp and other_config  columns  had
3920              been  specified.  (Before  version 1.6, Open vSwitch would leave
3921              queue 0 unconfigured in this  case.  With  some  queuing  disci‐
3922              plines,  this  dropped  all  packets  destined  for  the default
3923              queue.)
3924
3925     Configuration for linux-htb and linux-hfsc:
3926
3927       The linux-htb and linux-hfsc classes support  the  following  key-value
3928       pair:
3929
3930       other_config : max-rate: optional string, containing an integer
3931              Maximum  rate  shared by all queued traffic, in bit/s. Optional.
3932              If not specified, for physical interfaces, the  default  is  the
3933              link  rate.  For  other interfaces or if the link rate cannot be
3934              determined, the default is currently 100 Mbps.
3935
3936     Configuration for egress-policer QoS:
3937
3938       QoS type egress-policer provides egress  policing  for  userspace  port
3939       types with DPDK. It has the following key-value pairs defined.
3940
3941       other_config : cir: optional string, containing an integer
3942              The  Committed Information Rate (CIR) is measured in bytes of IP
3943              packets per second, i.e. it includes the IP header, but not link
3944              specific  (e.g. Ethernet) headers. This represents the bytes per
3945              second rate at which the token bucket will be updated.  The  cir
3946              value  is  calculated  by  (pps x packet data size). For example
3947              assuming a user wishes to limit a stream consisting of  64  byte
3948              packets  to 1 million packets per second the CIR would be set to
3949              to to 46000000. This value can be broken into ’1,000,000 x  46’.
3950              Where  1,000,000  is the policing rate for the number of packets
3951              per second and 46 represents the size of the packet data  for  a
3952              64 byte ip packet.
3953
3954       other_config : cbs: optional string, containing an integer
3955              The  Committed  Burst Size (CBS) is measured in bytes and repre‐
3956              sents a token bucket. At a minimum this value should be  be  set
3957              to  the  expected  largest size packet in the traffic stream. In
3958              practice larger values may be used to increase the size  of  the
3959              token  bucket.  If a packet can be transmitted then the cbs will
3960              be decremented by the number of bytes/tokens of the  packet.  If
3961              there are not enough tokens in the cbs bucket the packet will be
3962              dropped.
3963
3964     Configuration for linux-sfq:
3965
3966       The linux-sfq QoS supports the following key-value pairs:
3967
3968       other_config : perturb: optional string, containing an integer
3969              Number of seconds between consecutive perturbations  in  hashing
3970              algorithm.  Different  flows  can end up in the same hash bucket
3971              causing unfairness. Perturbation’s goal is  to  remove  possible
3972              unfairness.  The  default and recommended value is 10. Too low a
3973              value is discouraged because each perturbation can cause  packet
3974              reordering.
3975
3976       other_config : quantum: optional string, containing an integer
3977              Number  of bytes linux-sfq QoS can dequeue in one turn in round-
3978              robin from one flow. The default and recommended value is  equal
3979              to interface’s MTU.
3980
3981     Configuration for linux-netem:
3982
3983       The linux-netem QoS supports the following key-value pairs:
3984
3985       other_config : latency: optional string, containing an integer
3986              Adds  the chosen delay to the packets outgoing to chosen network
3987              interface. The latency value expressed in us.
3988
3989       other_config : limit: optional string, containing an integer
3990              Maximum number of packets the qdisc may hold queued at  a  time.
3991              The default value is 1000.
3992
3993       other_config : loss: optional string, containing an integer
3994              Adds  an  independent  loss  probability to the packets outgoing
3995              from the chosen network interface.
3996
3997     Common Columns:
3998
3999       The overall purpose of these columns is described under Common  Columns
4000       at the beginning of this document.
4001
4002       other_config: map of string-string pairs
4003
4004       external_ids: map of string-string pairs
4005

Queue TABLE

4007       A configuration for a port output queue, used in configuring Quality of
4008       Service (QoS) features. May be referenced by queues column in  QoS  ta‐
4009       ble.
4010
4011   Summary:
4012       dscp                          optional integer, in range 0 to 63
4013       Configuration for linux-htb QoS:
4014         other_config : min-rate     optional  string,  containing an integer,
4015                                     at least 1
4016         other_config : max-rate     optional string, containing  an  integer,
4017                                     at least 1
4018         other_config : burst        optional  string,  containing an integer,
4019                                     at least 1
4020         other_config : priority     optional string, containing  an  integer,
4021                                     in range 0 to 4,294,967,295
4022       Configuration for linux-hfsc QoS:
4023         other_config : min-rate     optional  string,  containing an integer,
4024                                     at least 1
4025         other_config : max-rate     optional string, containing  an  integer,
4026                                     at least 1
4027       Common Columns:
4028         other_config                map of string-string pairs
4029         external_ids                map of string-string pairs
4030
4031   Details:
4032       dscp: optional integer, in range 0 to 63
4033              If  set, Open vSwitch will mark all traffic egressing this Queue
4034              with the given DSCP bits. Traffic egressing the default Queue is
4035              only  marked  if  it was explicitly selected as the Queue at the
4036              time the packet was output. If unset, the DSCP bits  of  traffic
4037              egressing this Queue will remain unchanged.
4038
4039     Configuration for linux-htb QoS:
4040
4041       QoS  type  linux-htb may use queue_ids less than 61440. It has the fol‐
4042       lowing key-value pairs defined.
4043
4044       other_config : min-rate: optional string,  containing  an  integer,  at
4045       least 1
4046              Minimum guaranteed bandwidth, in bit/s.
4047
4048       other_config  :  max-rate:  optional  string, containing an integer, at
4049       least 1
4050              Maximum allowed bandwidth, in bit/s. Optional. If specified, the
4051              queue’s  rate will not be allowed to exceed the specified value,
4052              even if excess bandwidth is available. If unspecified,  defaults
4053              to no limit.
4054
4055       other_config  : burst: optional string, containing an integer, at least
4056       1
4057              Burst size, in bits. This is the maximum amount  of  ``credits’’
4058              that  a queue can accumulate while it is idle. Optional. Details
4059              of the linux-htb implementation require a minimum burst size, so
4060              a too-small burst will be silently ignored.
4061
4062       other_config  :  priority:  optional  string, containing an integer, in
4063       range 0 to 4,294,967,295
4064              A queue with a smaller priority  will  receive  all  the  excess
4065              bandwidth  that  it  can  use before a queue with a larger value
4066              receives any. Specific priority  values  are  unimportant;  only
4067              relative ordering matters. Defaults to 0 if unspecified.
4068
4069     Configuration for linux-hfsc QoS:
4070
4071       QoS  type linux-hfsc may use queue_ids less than 61440. It has the fol‐
4072       lowing key-value pairs defined.
4073
4074       other_config : min-rate: optional string,  containing  an  integer,  at
4075       least 1
4076              Minimum guaranteed bandwidth, in bit/s.
4077
4078       other_config  :  max-rate:  optional  string, containing an integer, at
4079       least 1
4080              Maximum allowed bandwidth, in bit/s. Optional. If specified, the
4081              queue’s  rate will not be allowed to exceed the specified value,
4082              even if excess bandwidth is available. If unspecified,  defaults
4083              to no limit.
4084
4085     Common Columns:
4086
4087       The  overall purpose of these columns is described under Common Columns
4088       at the beginning of this document.
4089
4090       other_config: map of string-string pairs
4091
4092       external_ids: map of string-string pairs
4093

Mirror TABLE

4095       A port mirror within a Bridge.
4096
4097       A port mirror configures a bridge to send selected  frames  to  special
4098       ``mirrored’’ ports, in addition to their normal destinations. Mirroring
4099       traffic may also be referred to as SPAN or RSPAN, depending on how  the
4100       mirrored traffic is sent.
4101
4102       When  a  packet  enters an Open vSwitch bridge, it becomes eligible for
4103       mirroring based on its ingress port and VLAN.  As  the  packet  travels
4104       through  the  flow tables, each time it is output to a port, it becomes
4105       eligible for mirroring based on the  egress  port  and  VLAN.  In  Open
4106       vSwitch  2.5  and  later,  mirroring  occurs  just after a packet first
4107       becomes eligible, using the packet as it exists at that point; in  Open
4108       vSwitch  2.4 and earlier, mirroring occurs only after a packet has tra‐
4109       versed all the flow tables, using the original packet as it entered the
4110       bridge.  This  makes a difference only when the flow table modifies the
4111       packet: in Open vSwitch 2.4, the modifications  are  never  visible  to
4112       mirrors,  whereas  in  Open  vSwitch  2.5  and later modifications made
4113       before the first output that makes it eligible for mirroring to a  par‐
4114       ticular destination are visible.
4115
4116       A packet that enters an Open vSwitch bridge is mirrored to a particular
4117       destination only once, even if it is eligible for multiple reasons. For
4118       example,  a  packet  would be mirrored to a particular output_port only
4119       once,  even  if  it  is  selected  for  mirroring  to  that   port   by
4120       select_dst_port  and  select_src_port  in  the same or different Mirror
4121       records.
4122
4123   Summary:
4124       name                          string
4125       Selecting Packets for Mirroring:
4126         select_all                  boolean
4127         select_dst_port             set of weak reference to Ports
4128         select_src_port             set of weak reference to Ports
4129         select_vlan                 set of up to 4,096 integers, in  range  0
4130                                     to 4,095
4131       Mirroring Destination Configuration:
4132         output_port                 optional weak reference to Port
4133         output_vlan                 optional integer, in range 1 to 4,095
4134         snaplen                     optional integer, in range 14 to 65,535
4135       Statistics: Mirror counters:
4136         statistics : tx_packets     optional integer
4137         statistics : tx_bytes       optional integer
4138       Common Columns:
4139         external_ids                map of string-string pairs
4140
4141   Details:
4142       name: string
4143              Arbitrary identifier for the Mirror.
4144
4145     Selecting Packets for Mirroring:
4146
4147       To  be  selected  for mirroring, a given packet must enter or leave the
4148       bridge through a selected port and it  must  also  be  in  one  of  the
4149       selected VLANs.
4150
4151       select_all: boolean
4152              If  true,  every  packet  arriving  or  departing on any port is
4153              selected for mirroring.
4154
4155       select_dst_port: set of weak reference to Ports
4156              Ports on which departing packets are selected for mirroring.
4157
4158       select_src_port: set of weak reference to Ports
4159              Ports on which arriving packets are selected for mirroring.
4160
4161       select_vlan: set of up to 4,096 integers, in range 0 to 4,095
4162              VLANs on which packets are selected for mirroring. An empty  set
4163              selects packets on all VLANs.
4164
4165     Mirroring Destination Configuration:
4166
4167       These  columns  are  mutually  exclusive.  Exactly  one of them must be
4168       nonempty.
4169
4170       output_port: optional weak reference to Port
4171              Output port for selected packets, if nonempty.
4172
4173              Specifying a port for mirror output reserves  that  port  exclu‐
4174              sively  for  mirroring.  No frames other than those selected for
4175              mirroring via this column will be forwarded to the port, and any
4176              frames received on the port will be discarded.
4177
4178              The  output  port  may  be  any  kind  of port supported by Open
4179              vSwitch. It may be, for  example,  a  physical  port  (sometimes
4180              called SPAN) or a GRE tunnel.
4181
4182       output_vlan: optional integer, in range 1 to 4,095
4183              Output VLAN for selected packets, if nonempty.
4184
4185              The frames will be sent out all ports that trunk output_vlan, as
4186              well as any ports with implicit VLAN output_vlan.  When  a  mir‐
4187              rored  frame is sent out a trunk port, the frame’s VLAN tag will
4188              be set to output_vlan, replacing any existing tag;  when  it  is
4189              sent  out  an  implicit VLAN port, the frame will not be tagged.
4190              This type of mirroring is sometimes called RSPAN.
4191
4192              See  the  documentation  for  other_config:forward-bpdu  in  the
4193              Interface  table  for  a list of destination MAC addresses which
4194              will not be mirrored to a VLAN to avoid confusing switches  that
4195              interpret the protocols that they represent.
4196
4197              Please note: Mirroring to a VLAN can disrupt a network that con‐
4198              tains unmanaged switches. Consider an unmanaged physical  switch
4199              with  two  ports:  port 1, connected to an end host, and port 2,
4200              connected to an Open vSwitch configured to mirror received pack‐
4201              ets  into  VLAN 123 on port 2. Suppose that the end host sends a
4202              packet on port 1 that the physical switch forwards  to  port  2.
4203              The  Open  vSwitch  forwards  this packet to its destination and
4204              then reflects it back on port 2  in  VLAN  123.  This  reflected
4205              packet  causes  the unmanaged physical switch to replace the MAC
4206              learning table entry, which correctly pointed to  port  1,  with
4207              one  that  incorrectly points to port 2. Afterward, the physical
4208              switch will direct packets destined for the end host to the Open
4209              vSwitch  on  port  2, instead of to the end host on port 1, dis‐
4210              rupting connectivity. If mirroring to a VLAN is desired in  this
4211              scenario,  then the physical switch must be replaced by one that
4212              learns Ethernet addresses on  a  per-VLAN  basis.  In  addition,
4213              learning  should  be  disabled  on  the VLAN containing mirrored
4214              traffic. If this is not done  then  intermediate  switches  will
4215              learn  the  MAC address of each end host from the mirrored traf‐
4216              fic. If packets being sent to that end host are  also  mirrored,
4217              then  they will be dropped since the switch will attempt to send
4218              them out the input port. Disabling learning for  the  VLAN  will
4219              cause the switch to correctly send the packet out all ports con‐
4220              figured for that VLAN. If Open  vSwitch  is  being  used  as  an
4221              intermediate switch, learning can be disabled by adding the mir‐
4222              rored VLAN to flood_vlans in the  appropriate  Bridge  table  or
4223              tables.
4224
4225              Mirroring  to a GRE tunnel has fewer caveats than mirroring to a
4226              VLAN and should generally be preferred.
4227
4228       snaplen: optional integer, in range 14 to 65,535
4229              Maximum per-packet number of bytes to mirror.
4230
4231              A mirrored packet with size larger than snaplen  will  be  trun‐
4232              cated  in datapath to snaplen bytes before sending to the mirror
4233              output port. If omitted, packets are not truncated.
4234
4235     Statistics: Mirror counters:
4236
4237       Key-value pairs that report mirror statistics.  The  update  period  is
4238       controlled  by  other_config:stats-update-interval  in the Open_vSwitch
4239       table.
4240
4241       statistics : tx_packets: optional integer
4242              Number of packets transmitted through this mirror.
4243
4244       statistics : tx_bytes: optional integer
4245              Number of bytes transmitted through this mirror.
4246
4247     Common Columns:
4248
4249       The overall purpose of these columns is described under Common  Columns
4250       at the beginning of this document.
4251
4252       external_ids: map of string-string pairs
4253

Controller TABLE

4255       An OpenFlow controller.
4256
4257   Summary:
4258       Core Features:
4259         type                        optional  string,  either primary or ser‐
4260                                     vice
4261         target                      string
4262         connection_mode             optional  string,   either   in-band   or
4263                                     out-of-band
4264       Controller Failure Detection and Handling:
4265         max_backoff                 optional integer, at least 1,000
4266         inactivity_probe            optional integer
4267       Asynchronous Messages:
4268         enable_async_messages       optional boolean
4269         Controller Rate Limiting:
4270            controller_rate_limit    optional integer, at least 100
4271            controller_burst_limit   optional integer, at least 25
4272            Controller Rate Limiting Statistics:
4273              status : packet-in-TYPE-bypassed
4274                                     optional  string,  containing an integer,
4275                                     at least 0
4276              status : packet-in-TYPE-queued
4277                                     optional string, containing  an  integer,
4278                                     at least 0
4279              status : packet-in-TYPE-dropped
4280                                     optional  string,  containing an integer,
4281                                     at least 0
4282              status : packet-in-TYPE-backlog
4283                                     optional string, containing  an  integer,
4284                                     at least 0
4285       Additional In-Band Configuration:
4286         local_ip                    optional string
4287         local_netmask               optional string
4288         local_gateway               optional string
4289       Controller Status:
4290         is_connected                boolean
4291         role                        optional string, one of master, other, or
4292                                     slave
4293         status : last_error         optional string
4294         status : state              optional string, one of ACTIVE,  BACKOFF,
4295                                     CONNECTING, IDLE, or VOID
4296         status : sec_since_connect  optional  string,  containing an integer,
4297                                     at least 0
4298         status : sec_since_disconnect
4299                                     optional string, containing  an  integer,
4300                                     at least 1
4301       Connection Parameters:
4302         other_config : dscp         optional string, containing an integer
4303       Common Columns:
4304         external_ids                map of string-string pairs
4305         other_config                map of string-string pairs
4306
4307   Details:
4308     Core Features:
4309
4310       type: optional string, either primary or service
4311              Open  vSwitch  supports  two  kinds  of  OpenFlow controllers. A
4312              bridge may have any number of each kind:
4313
4314              Primary controllers
4315                     This is the kind of controller envisioned by the OpenFlow
4316                     specifications.  Usually, a primary controller implements
4317                     a network policy by taking charge of  the  switch’s  flow
4318                     table.
4319
4320                     The  fail_mode column in the Bridge table applies to pri‐
4321                     mary controllers.
4322
4323                     When multiple primary controllers  are  configured,  Open
4324                     vSwitch  connects to all of them simultaneously. OpenFlow
4325                     provides few facilities to allow multiple controllers  to
4326                     coordinate  in  interacting with a single switch, so more
4327                     than one primary controller should be specified  only  if
4328                     the  controllers  are  themselves  designed to coordinate
4329                     with each other.
4330
4331              Service controllers
4332                     These  kinds  of  OpenFlow  controller  connections   are
4333                     intended for occasional support and maintenance use, e.g.
4334                     with ovs-ofctl. Usually  a  service  controller  connects
4335                     only  briefly  to  inspect  or  modify some of a switch’s
4336                     state.
4337
4338                     The fail_mode column in the Bridge table does  not  apply
4339                     to service controllers.
4340
4341              By  default, Open vSwitch treats controllers with active connec‐
4342              tion methods as primary controllers and those with passive  con‐
4343              nection  methods  as service controllers. Set this column to the
4344              desired type to override this default.
4345
4346       target: string
4347              Connection method for controller.
4348
4349              The following active connection methods are currently supported:
4350
4351              ssl:host[:port]
4352                     The specified SSL port on the host  at  the  given  host,
4353                     which  can  either  be  a DNS name (if built with unbound
4354                     library)  or  an  IP  address.  The  ssl  column  in  the
4355                     Open_vSwitch  table  must point to a valid SSL configura‐
4356                     tion when this form is used.
4357
4358                     If port is not specified, it defaults to 6653.
4359
4360                     SSL support is an optional feature  that  is  not  always
4361                     built as part of Open vSwitch.
4362
4363              tcp:host[:port]
4364                     The  specified  TCP  port  on the host at the given host,
4365                     which can either be a DNS name  (if  built  with  unbound
4366                     library)  or  an IP address (IPv4 or IPv6). If host is an
4367                     IPv6  address,  wrap  it   in   square   brackets,   e.g.
4368                     tcp:[::1]:6653.
4369
4370                     If port is not specified, it defaults to 6653.
4371
4372              The  following  passive  connection  methods  are currently sup‐
4373              ported:
4374
4375              pssl:[port][:host]
4376                     Listens for SSL connections on the specified TCP port. If
4377                     host,  which  can  either  be  a  DNS name (if built with
4378                     unbound library) or an IP  address,  is  specified,  then
4379                     connections  are  restricted to the resolved or specified
4380                     local IP address (either IPv4 or IPv6).  If  host  is  an
4381                     IPv6   address,   wrap   it   in  square  brackets,  e.g.
4382                     pssl:6653:[::1].
4383
4384                     If port is not specified, it defaults to 6653. If host is
4385                     not specified then it listens only on IPv4 (but not IPv6)
4386                     addresses. The ssl column in the Open_vSwitch table  must
4387                     point  to  a  valid  SSL  configuration when this form is
4388                     used.
4389
4390                     If port is not specified, it currently to 6653.
4391
4392                     SSL support is an optional feature  that  is  not  always
4393                     built as part of Open vSwitch.
4394
4395              ptcp:[port][:host]
4396                     Listens  for  connections  on  the specified TCP port. If
4397                     host, which can either be  a  DNS  name  (if  built  with
4398                     unbound  library)  or  an  IP address, is specified, then
4399                     connections are restricted to the resolved  or  specified
4400                     local  IP  address  (either  IPv4 or IPv6). If host is an
4401                     IPv6  address,  wrap  it   in   square   brackets,   e.g.
4402                     ptcp:6653:[::1]. If host is not specified then it listens
4403                     only on IPv4 addresses.
4404
4405                     If port is not specified, it defaults to 6653.
4406
4407              When multiple controllers are configured for  a  single  bridge,
4408              the  target values must be unique. Duplicate target values yield
4409              unspecified results.
4410
4411       connection_mode: optional string, either in-band or out-of-band
4412              If it is specified, this setting must be one  of  the  following
4413              strings  that  describes how Open vSwitch contacts this OpenFlow
4414              controller over the network:
4415
4416              in-band
4417                     In this mode, this controller’s OpenFlow traffic  travels
4418                     over the bridge associated with the controller. With this
4419                     setting, Open vSwitch allows traffic to and from the con‐
4420                     troller  regardless  of the contents of the OpenFlow flow
4421                     table. (Otherwise, Open vSwitch would never  be  able  to
4422                     connect to the controller, because it did not have a flow
4423                     to enable it.) This is the most  common  connection  mode
4424                     because  it  is not necessary to maintain two independent
4425                     networks.
4426
4427              out-of-band
4428                     In this mode, OpenFlow traffic  uses  a  control  network
4429                     separate from the bridge associated with this controller,
4430                     that is, the bridge does not use any of its  own  network
4431                     devices  to  communicate with the controller. The control
4432                     network must be configured separately,  before  or  after
4433                     ovs-vswitchd is started.
4434
4435              If not specified, the default is implementation-specific.
4436
4437     Controller Failure Detection and Handling:
4438
4439       max_backoff: optional integer, at least 1,000
4440              Maximum  number  of  milliseconds  to  wait  between  connection
4441              attempts. Default is implementation-specific.
4442
4443       inactivity_probe: optional integer
4444              Maximum number of milliseconds of idle  time  on  connection  to
4445              controller  before  sending an inactivity probe message. If Open
4446              vSwitch does not communicate with the controller for the  speci‐
4447              fied  number  of seconds, it will send a probe. If a response is
4448              not received for  the  same  additional  amount  of  time,  Open
4449              vSwitch  assumes  the connection has been broken and attempts to
4450              reconnect. Default is implementation-specific. A value of 0 dis‐
4451              ables inactivity probes.
4452
4453     Asynchronous Messages:
4454
4455       OpenFlow  switches send certain messages to controllers spontanenously,
4456       that is, not in response to any request from the controller. These mes‐
4457       sages  are  called ``asynchronous messages.’’ These columns allow asyn‐
4458       chronous messages to be limited or disabled to ensure the best  use  of
4459       network resources.
4460
4461       enable_async_messages: optional boolean
4462              The  OpenFlow  protocol enables asynchronous messages at time of
4463              connection establishment, which  means  that  a  controller  can
4464              receive asynchronous messages, potentially many of them, even if
4465              it turns them off immediately after connecting. Set this  column
4466              to false to change Open vSwitch behavior to disable, by default,
4467              all  asynchronous  messages.  The   controller   can   use   the
4468              NXT_SET_ASYNC_CONFIG Nicira extension to OpenFlow to turn on any
4469              messages that it does want to receive, if any.
4470
4471     Controller Rate Limiting:
4472
4473       A switch can forward packets to a controller over the  OpenFlow  proto‐
4474       col.  Forwarding  packets  this  way at too high a rate can overwhelm a
4475       controller, frustrate use of the OpenFlow  connection  for  other  pur‐
4476       poses,  increase  the  latency  of  flow setup, and use an unreasonable
4477       amount of bandwidth. Therefore, Open vSwitch supports limiting the rate
4478       of packet forwarding to a controller.
4479
4480       There  are  two  main  reasons in OpenFlow for a packet to be sent to a
4481       controller: either the packet ``misses’’ in the flow  table,  that  is,
4482       there  is  no  matching  flow,  or a flow table action says to send the
4483       packet to the controller. Open vSwitch limits the rate of each kind  of
4484       packet  separately  at  the configured rate. Therefore, the actual rate
4485       that packets are sent to the controller can be up to twice the  config‐
4486       ured rate, when packets are sent for both reasons.
4487
4488       This feature is specific to forwarding packets over an OpenFlow connec‐
4489       tion. It is not general-purpose QoS. See the QoS table for  quality  of
4490       service configuration, and ingress_policing_rate in the Interface table
4491       for ingress policing configuration.
4492
4493       controller_rate_limit: optional integer, at least 100
4494              The maximum rate at which the switch will forward packets to the
4495              OpenFlow controller, in packets per second. If no value is spec‐
4496              ified, rate limiting is disabled.
4497
4498       controller_burst_limit: optional integer, at least 25
4499              When a high rate triggers  rate-limiting,  Open  vSwitch  queues
4500              packets  to  the  controller for each port and transmits them to
4501              the controller at the configured rate.  This  value  limits  the
4502              number  of  queued  packets.  Ports on a bridge share the packet
4503              queue fairly.
4504
4505              This value has no effect unless controller_rate_limit is config‐
4506              ured.  The  current  default when this value is not specified is
4507              one-quarter of controller_rate_limit, meaning that  queuing  can
4508              delay forwarding a packet to the controller by up to 250 ms.
4509
4510     Controller Rate Limiting Statistics:
4511
4512       These values report the effects of rate limiting. Their values are rel‐
4513       ative to establishment of the most recent OpenFlow connection, or since
4514       rate  limiting was enabled, whichever happened more recently. Each con‐
4515       sists of two values, one with TYPE replaced by miss for  rate  limiting
4516       flow  table misses, and the other with TYPE replaced by action for rate
4517       limiting packets sent by OpenFlow actions.
4518
4519       These statistics are reported only when  controller  rate  limiting  is
4520       enabled.
4521
4522       status  : packet-in-TYPE-bypassed: optional string, containing an inte‐
4523       ger, at least 0
4524              Number of packets sent directly to the controller, without queu‐
4525              ing, because the rate did not exceed the configured maximum.
4526
4527       status : packet-in-TYPE-queued: optional string, containing an integer,
4528       at least 0
4529              Number of packets added to the queue to send later.
4530
4531       status : packet-in-TYPE-dropped: optional string, containing  an  inte‐
4532       ger, at least 0
4533              Number of packets added to the queue that were later dropped due
4534              to overflow. This value is less than or equal to  status:packet-
4535              in-TYPE-queued.
4536
4537       status  :  packet-in-TYPE-backlog: optional string, containing an inte‐
4538       ger, at least 0
4539              Number  of  packets  currently  queued.  The  other   statistics
4540              increase  monotonically,  but  this one fluctuates between 0 and
4541              the controller_burst_limit as conditions change.
4542
4543     Additional In-Band Configuration:
4544
4545       These values are considered only in in-band control mode  (see  connec‐
4546       tion_mode).
4547
4548       When  multiple  controllers  are  configured  on a single bridge, there
4549       should be only one set of unique values in these columns. If  different
4550       values  are  set for these columns in different controllers, the effect
4551       is unspecified.
4552
4553       local_ip: optional string
4554              The  IP  address  to  configure  on   the   local   port,   e.g.
4555              192.168.0.123.  If  this  value is unset, then local_netmask and
4556              local_gateway are ignored.
4557
4558       local_netmask: optional string
4559              The  IP  netmask  to  configure  on   the   local   port,   e.g.
4560              255.255.255.0.  If local_ip is set but this value is unset, then
4561              the default is chosen based on whether the IP address  is  class
4562              A, B, or C.
4563
4564       local_gateway: optional string
4565              The IP address of the gateway to configure on the local port, as
4566              a string, e.g. 192.168.0.1. Leave this column unset if this net‐
4567              work has no gateway.
4568
4569     Controller Status:
4570
4571       is_connected: boolean
4572              true if currently connected to this controller, false otherwise.
4573
4574       role: optional string, one of master, other, or slave
4575              The  level  of  authority  this controller has on the associated
4576              bridge. Possible values are:
4577
4578              other  Allows the controller access to all OpenFlow features.
4579
4580              master Equivalent to other, except that there may be at most one
4581                     master controller at a time. When a controller configures
4582                     itself as master, any existing master is demoted  to  the
4583                     slave role.
4584
4585              slave  Allows  the  controller read-only access to OpenFlow fea‐
4586                     tures. Attempts to modify the flow table will be rejected
4587                     with   an   error.   Slave  controllers  do  not  receive
4588                     OFPT_PACKET_IN or OFPT_FLOW_REMOVED messages, but they do
4589                     receive OFPT_PORT_STATUS messages.
4590
4591       status : last_error: optional string
4592              A human-readable description of the last error on the connection
4593              to the controller; i.e. strerror(errno).  This  key  will  exist
4594              only if an error has occurred.
4595
4596       status  :  state:  optional string, one of ACTIVE, BACKOFF, CONNECTING,
4597       IDLE, or VOID
4598              The state of the connection to the controller:
4599
4600              VOID   Connection is disabled.
4601
4602              BACKOFF
4603                     Attempting to reconnect at an increasing period.
4604
4605              CONNECTING
4606                     Attempting to connect.
4607
4608              ACTIVE Connected, remote host responsive.
4609
4610              IDLE   Connection is idle. Waiting for response to keep-alive.
4611
4612              These values may change in the future. They  are  provided  only
4613              for human consumption.
4614
4615       status  : sec_since_connect: optional string, containing an integer, at
4616       least 0
4617              The amount of time since this controller last successfully  con‐
4618              nected  to the switch (in seconds). Value is empty if controller
4619              has never successfully connected.
4620
4621       status : sec_since_disconnect: optional string, containing an  integer,
4622       at least 1
4623              The  amount of time since this controller last disconnected from
4624              the switch (in seconds). Value is empty if controller has  never
4625              disconnected.
4626
4627     Connection Parameters:
4628
4629       Additional  configuration  for  a connection between the controller and
4630       the Open vSwitch.
4631
4632       other_config : dscp: optional string, containing an integer
4633              The Differentiated Service Code Point (DSCP) is specified  using
4634              6 bits in the Type of Service (TOS) field in the IP header. DSCP
4635              provides a mechanism to classify the network traffic and provide
4636              Quality  of  Service (QoS) on IP networks. The DSCP value speci‐
4637              fied here is used when establishing the connection  between  the
4638              controller  and  the  Open  vSwitch. If no value is specified, a
4639              default value of 48 is chosen. Valid DSCP values must be in  the
4640              range 0 to 63.
4641
4642     Common Columns:
4643
4644       The  overall purpose of these columns is described under Common Columns
4645       at the beginning of this document.
4646
4647       external_ids: map of string-string pairs
4648
4649       other_config: map of string-string pairs
4650

Manager TABLE

4652       Configuration for a database connection to  an  Open  vSwitch  database
4653       (OVSDB) client.
4654
4655       This   table   primarily   configures   the   Open   vSwitch   database
4656       (ovsdb-server), not the Open vSwitch switch (ovs-vswitchd). The  switch
4657       does  read the table to determine what connections should be treated as
4658       in-band.
4659
4660       The Open vSwitch database server can initiate and maintain active  con‐
4661       nections  to  remote  clients.  It can also listen for database connec‐
4662       tions.
4663
4664   Summary:
4665       Core Features:
4666         target                      string (must be unique within table)
4667         connection_mode             optional  string,   either   in-band   or
4668                                     out-of-band
4669       Client Failure Detection and Handling:
4670         max_backoff                 optional integer, at least 1,000
4671         inactivity_probe            optional integer
4672       Status:
4673         is_connected                boolean
4674         status : last_error         optional string
4675         status : state              optional  string, one of ACTIVE, BACKOFF,
4676                                     CONNECTING, IDLE, or VOID
4677         status : sec_since_connect  optional string, containing  an  integer,
4678                                     at least 0
4679         status : sec_since_disconnect
4680                                     optional  string,  containing an integer,
4681                                     at least 0
4682         status : locks_held         optional string
4683         status : locks_waiting      optional string
4684         status : locks_lost         optional string
4685         status : n_connections      optional string, containing  an  integer,
4686                                     at least 2
4687         status : bound_port         optional string, containing an integer
4688       Connection Parameters:
4689         other_config : dscp         optional string, containing an integer
4690       Common Columns:
4691         external_ids                map of string-string pairs
4692         other_config                map of string-string pairs
4693
4694   Details:
4695     Core Features:
4696
4697       target: string (must be unique within table)
4698              Connection method for managers.
4699
4700              The following connection methods are currently supported:
4701
4702              ssl:host[:port]
4703                     The  specified  SSL  port  on the host at the given host,
4704                     which can either be a DNS name  (if  built  with  unbound
4705                     library)  or  an  IP  address.  The  ssl  column  in  the
4706                     Open_vSwitch table must point to a valid  SSL  configura‐
4707                     tion when this form is used.
4708
4709                     If port is not specified, it defaults to 6640.
4710
4711                     SSL  support  is  an  optional feature that is not always
4712                     built as part of Open vSwitch.
4713
4714              tcp:host[:port]
4715                     The specified TCP port on the host  at  the  given  host,
4716                     which  can  either  be  a DNS name (if built with unbound
4717                     library) or an IP address (IPv4 or IPv6). If host  is  an
4718                     IPv6   address,   wrap   it   in  square  brackets,  e.g.
4719                     tcp:[::1]:6640.
4720
4721                     If port is not specified, it defaults to 6640.
4722
4723              pssl:[port][:host]
4724                     Listens for SSL connections on the  specified  TCP  port.
4725                     Specify  0  for  port  to  have  the kernel automatically
4726                     choose an available port. If host, which can either be  a
4727                     DNS  name  (if  built  with  unbound  library)  or  an IP
4728                     address, is specified, then connections are restricted to
4729                     the  resolved  or specified local IP address (either IPv4
4730                     or IPv6 address). If host is an  IPv6  address,  wrap  in
4731                     square  brackets,  e.g.  pssl:6640:[::1].  If host is not
4732                     specified then it listens only on  IPv4  (but  not  IPv6)
4733                     addresses.  The ssl column in the Open_vSwitch table must
4734                     point to a valid SSL  configuration  when  this  form  is
4735                     used.
4736
4737                     If port is not specified, it defaults to 6640.
4738
4739                     SSL  support  is  an  optional feature that is not always
4740                     built as part of Open vSwitch.
4741
4742              ptcp:[port][:host]
4743                     Listens for connections on the specified TCP port.  Spec‐
4744                     ify 0 for port to have the kernel automatically choose an
4745                     available port. If host, which can either be a  DNS  name
4746                     (if  built  with  unbound  library)  or an IP address, is
4747                     specified,  then  connections  are  restricted   to   the
4748                     resolved  or  specified  local IP address (either IPv4 or
4749                     IPv6 address). If host is an IPv6  address,  wrap  it  in
4750                     square  brackets,  e.g.  ptcp:6640:[::1].  If host is not
4751                     specified then it listens only on IPv4 addresses.
4752
4753                     If port is not specified, it defaults to 6640.
4754
4755              When multiple managers are configured, the target values must be
4756              unique. Duplicate target values yield unspecified results.
4757
4758       connection_mode: optional string, either in-band or out-of-band
4759              If  it  is  specified, this setting must be one of the following
4760              strings that describes how  Open  vSwitch  contacts  this  OVSDB
4761              client over the network:
4762
4763              in-band
4764                     In  this  mode,  this connection’s traffic travels over a
4765                     bridge managed by Open vSwitch. With this  setting,  Open
4766                     vSwitch  allows traffic to and from the client regardless
4767                     of the contents of the OpenFlow flow  table.  (Otherwise,
4768                     Open  vSwitch  would  never  be  able  to  connect to the
4769                     client, because it did not have a  flow  to  enable  it.)
4770                     This is the most common connection mode because it is not
4771                     necessary to maintain two independent networks.
4772
4773              out-of-band
4774                     In this mode, the client’s traffic uses a control network
4775                     separate from that managed by Open vSwitch, that is, Open
4776                     vSwitch does not use any of its own  network  devices  to
4777                     communicate  with the client. The control network must be
4778                     configured separately, before or  after  ovs-vswitchd  is
4779                     started.
4780
4781              If not specified, the default is implementation-specific.
4782
4783     Client Failure Detection and Handling:
4784
4785       max_backoff: optional integer, at least 1,000
4786              Maximum  number  of  milliseconds  to  wait  between  connection
4787              attempts. Default is implementation-specific.
4788
4789       inactivity_probe: optional integer
4790              Maximum number of milliseconds of idle time on connection to the
4791              client  before  sending  an  inactivity  probe  message. If Open
4792              vSwitch does not communicate with the client for  the  specified
4793              number  of  seconds,  it will send a probe. If a response is not
4794              received for the same additional amount of  time,  Open  vSwitch
4795              assumes  the  connection  has been broken and attempts to recon‐
4796              nect. Default is implementation-specific. A value of 0  disables
4797              inactivity probes.
4798
4799     Status:
4800
4801       Key-value pair of is_connected is always updated. Other key-value pairs
4802       in the status columns may be updated depends on the target type.
4803
4804       When target specifies a connection method that listens for inbound con‐
4805       nections  (e.g.  ptcp:  or punix:), both n_connections and is_connected
4806       may also be updated while the remaining key-value pairs are omitted.
4807
4808       On the other hand, when target specifies an  outbound  connection,  all
4809       key-value  pairs  may  be  updated, except the above-mentioned two key-
4810       value pairs associated with inbound connection targets. They are  omit‐
4811       ted.
4812
4813       is_connected: boolean
4814              true if currently connected to this manager, false otherwise.
4815
4816       status : last_error: optional string
4817              A human-readable description of the last error on the connection
4818              to the manager; i.e. strerror(errno). This key will  exist  only
4819              if an error has occurred.
4820
4821       status  :  state:  optional string, one of ACTIVE, BACKOFF, CONNECTING,
4822       IDLE, or VOID
4823              The state of the connection to the manager:
4824
4825              VOID   Connection is disabled.
4826
4827              BACKOFF
4828                     Attempting to reconnect at an increasing period.
4829
4830              CONNECTING
4831                     Attempting to connect.
4832
4833              ACTIVE Connected, remote host responsive.
4834
4835              IDLE   Connection is idle. Waiting for response to keep-alive.
4836
4837              These values may change in the future. They  are  provided  only
4838              for human consumption.
4839
4840       status  : sec_since_connect: optional string, containing an integer, at
4841       least 0
4842              The amount of time since this  manager  last  successfully  con‐
4843              nected  to  the database (in seconds). Value is empty if manager
4844              has never successfully connected.
4845
4846       status : sec_since_disconnect: optional string, containing an  integer,
4847       at least 0
4848              The amount of time since this manager last disconnected from the
4849              database (in seconds). Value is empty if manager has never  dis‐
4850              connected.
4851
4852       status : locks_held: optional string
4853              Space-separated  list  of the names of OVSDB locks that the con‐
4854              nection holds. Omitted if  the  connection  does  not  hold  any
4855              locks.
4856
4857       status : locks_waiting: optional string
4858              Space-separated  list  of the names of OVSDB locks that the con‐
4859              nection is currently waiting to acquire. Omitted if the  connec‐
4860              tion is not waiting for any locks.
4861
4862       status : locks_lost: optional string
4863              Space-separated  list  of the names of OVSDB locks that the con‐
4864              nection has had stolen by another OVSDB client.  Omitted  if  no
4865              locks have been stolen from this connection.
4866
4867       status  :  n_connections:  optional  string,  containing an integer, at
4868       least 2
4869              When target specifies  a  connection  method  that  listens  for
4870              inbound connections (e.g. ptcp: or pssl:) and more than one con‐
4871              nection is actually active, the value is the  number  of  active
4872              connections. Otherwise, this key-value pair is omitted.
4873
4874       status : bound_port: optional string, containing an integer
4875              When target is ptcp: or pssl:, this is the TCP port on which the
4876              OVSDB server is listening. (This  is  particularly  useful  when
4877              target  specifies a port of 0, allowing the kernel to choose any
4878              available port.)
4879
4880     Connection Parameters:
4881
4882       Additional configuration for a connection between the manager  and  the
4883       Open vSwitch Database.
4884
4885       other_config : dscp: optional string, containing an integer
4886              The  Differentiated Service Code Point (DSCP) is specified using
4887              6 bits in the Type of Service (TOS) field in the IP header. DSCP
4888              provides a mechanism to classify the network traffic and provide
4889              Quality of Service (QoS) on IP networks. The DSCP  value  speci‐
4890              fied  here  is used when establishing the connection between the
4891              manager and the Open  vSwitch.  If  no  value  is  specified,  a
4892              default  value of 48 is chosen. Valid DSCP values must be in the
4893              range 0 to 63.
4894
4895     Common Columns:
4896
4897       The overall purpose of these columns is described under Common  Columns
4898       at the beginning of this document.
4899
4900       external_ids: map of string-string pairs
4901
4902       other_config: map of string-string pairs
4903

NetFlow TABLE

4905       A  NetFlow  target.  NetFlow  is  a  protocol  that exports a number of
4906       details about terminating IP flows, such as the principals involved and
4907       duration.
4908
4909   Summary:
4910       targets                       set of 1 or more strings
4911       engine_id                     optional integer, in range 0 to 255
4912       engine_type                   optional integer, in range 0 to 255
4913       active_timeout                integer, at least -1
4914       add_id_to_interface           boolean
4915       Common Columns:
4916         external_ids                map of string-string pairs
4917
4918   Details:
4919       targets: set of 1 or more strings
4920              NetFlow  targets  in  the form ip:port. The ip must be specified
4921              numerically, not as a DNS name.
4922
4923       engine_id: optional integer, in range 0 to 255
4924              Engine ID to use in NetFlow messages. Defaults to datapath index
4925              if not specified.
4926
4927       engine_type: optional integer, in range 0 to 255
4928              Engine  type  to  use  in NetFlow messages. Defaults to datapath
4929              index if not specified.
4930
4931       active_timeout: integer, at least -1
4932              The interval at which NetFlow records are sent  for  flows  that
4933              are  still active, in seconds. A value of 0 requests the default
4934              timeout (currently 600 seconds); a value of -1  disables  active
4935              timeouts.
4936
4937              The  NetFlow passive timeout, for flows that become inactive, is
4938              not configurable. It will vary depending  on  the  Open  vSwitch
4939              version, the forms and contents of the OpenFlow flow tables, CPU
4940              and memory usage, and network activity. A typical passive  time‐
4941              out is about a second.
4942
4943       add_id_to_interface: boolean
4944              If  this  column’s value is false, the ingress and egress inter‐
4945              face fields of NetFlow flow records are  derived  from  OpenFlow
4946              port  numbers.  When  it is true, the 7 most significant bits of
4947              these fields will be replaced by the least significant 7 bits of
4948              the engine id. This is useful because many NetFlow collectors do
4949              not expect multiple switches to be  sending  messages  from  the
4950              same  host,  so  they  do not store the engine information which
4951              could be used to disambiguate the traffic.
4952
4953              When this option is enabled, a maximum of  508  ports  are  sup‐
4954              ported.
4955
4956     Common Columns:
4957
4958       The  overall purpose of these columns is described under Common Columns
4959       at the beginning of this document.
4960
4961       external_ids: map of string-string pairs
4962

SSL TABLE

4964       SSL configuration for an Open_vSwitch.
4965
4966   Summary:
4967       private_key                   string
4968       certificate                   string
4969       ca_cert                       string
4970       bootstrap_ca_cert             boolean
4971       Common Columns:
4972         external_ids                map of string-string pairs
4973
4974   Details:
4975       private_key: string
4976              Name of a PEM file  containing  the  private  key  used  as  the
4977              switch’s identity for SSL connections to the controller.
4978
4979       certificate: string
4980              Name  of a PEM file containing a certificate, signed by the cer‐
4981              tificate authority (CA) used by the controller and manager, that
4982              certifies  the  switch’s  private key, identifying a trustworthy
4983              switch.
4984
4985       ca_cert: string
4986              Name of a PEM file containing the CA certificate used to  verify
4987              that the switch is connected to a trustworthy controller.
4988
4989       bootstrap_ca_cert: boolean
4990              If  set to true, then Open vSwitch will attempt to obtain the CA
4991              certificate from the controller on its first SSL connection  and
4992              save  it  to  the  named  PEM file. If it is successful, it will
4993              immediately drop the connection and reconnect, and from then  on
4994              all  SSL  connections  must  be  authenticated  by a certificate
4995              signed by the CA certificate thus obtained. This option  exposes
4996              the  SSL  connection to a man-in-the-middle attack obtaining the
4997              initial CA certificate. It may still be  useful  for  bootstrap‐
4998              ping.
4999
5000     Common Columns:
5001
5002       The  overall purpose of these columns is described under Common Columns
5003       at the beginning of this document.
5004
5005       external_ids: map of string-string pairs
5006

sFlow TABLE

5008       A set of sFlow(R) targets. sFlow is a protocol for remote monitoring of
5009       switches.
5010
5011   Summary:
5012       agent                         optional string
5013       header                        optional integer
5014       polling                       optional integer
5015       sampling                      optional integer
5016       targets                       set of 1 or more strings
5017       Common Columns:
5018         external_ids                map of string-string pairs
5019
5020   Details:
5021       agent: optional string
5022              Determines  the  agent address, that is, the IP address reported
5023              to collectors as the source of the sFlow data. It may be  an  IP
5024              address or the name of a network device. In the latter case, the
5025              network device’s IP address is used,
5026
5027              If not specified, the agent device is  figured  from  the  first
5028              target  address and the routing table. If the routing table does
5029              not contain a route to the target, the IP  address  defaults  to
5030              the local_ip in the collector’s Controller.
5031
5032              If an agent IP address cannot be determined, sFlow is disabled.
5033
5034       header: optional integer
5035              Number of bytes of a sampled packet to send to the collector. If
5036              not specified, the default is 128 bytes.
5037
5038       polling: optional integer
5039              Polling rate in seconds to send port statistics to  the  collec‐
5040              tor. If not specified, defaults to 30 seconds.
5041
5042       sampling: optional integer
5043              Rate  at which packets should be sampled and sent to the collec‐
5044              tor. If not specified, defaults to 400, which means one  out  of
5045              400 packets, on average, will be sent to the collector.
5046
5047       targets: set of 1 or more strings
5048              sFlow targets in the form ip:port.
5049
5050     Common Columns:
5051
5052       The  overall purpose of these columns is described under Common Columns
5053       at the beginning of this document.
5054
5055       external_ids: map of string-string pairs
5056

IPFIX TABLE

5058       Configuration for sending packets to IPFIX collectors.
5059
5060       IPFIX is a protocol that exports a number of details about  flows.  The
5061       IPFIX  implementation in Open vSwitch samples packets at a configurable
5062       rate, extracts flow information from those packets,  optionally  caches
5063       and  aggregates  the  flow  information, and sends the result to one or
5064       more collectors.
5065
5066       IPFIX in Open vSwitch can be configured two different ways:
5067
5068              ·      With per-bridge sampling,  Open  vSwitch  performs  IPFIX
5069                     sampling automatically on all packets that pass through a
5070                     bridge. To configure per-bridge sampling, create an IPFIX
5071                     record and point a Bridge table’s ipfix column to it. The
5072                     Flow_Sample_Collector_Set table  is  not  used  for  per-
5073                     bridge sampling.
5074
5075              ·      With  flow-based sampling, sample actions in the OpenFlow
5076                     flow table drive IPFIX sampling. See ovs-actions(7) for a
5077                     description of the sample action.
5078
5079                     Flow-based sampling also requires database configuration:
5080                     create a IPFIX record that describes the IPFIX configura‐
5081                     tion  and  a Flow_Sample_Collector_Set record that points
5082                     to the Bridge whose flow table holds the  sample  actions
5083                     and to IPFIX record. The ipfix in the Bridge table is not
5084                     used for flow-based sampling.
5085
5086   Summary:
5087       targets                       set of strings
5088       cache_active_timeout          optional integer, in range 0 to 4,200
5089       cache_max_flows               optional   integer,   in   range   0   to
5090                                     4,294,967,295
5091       other_config : enable-tunnel-sampling
5092                                     optional string, either true or false
5093       other_config : virtual_obs_id optional string
5094       Per-Bridge Sampling:
5095         sampling                    optional   integer,   in   range   1   to
5096                                     4,294,967,295
5097         obs_domain_id               optional   integer,   in   range   0   to
5098                                     4,294,967,295
5099         obs_point_id                optional   integer,   in   range   0   to
5100                                     4,294,967,295
5101         other_config : enable-input-sampling
5102                                     optional string, either true or false
5103         other_config : enable-output-sampling
5104                                     optional string, either true or false
5105       Common Columns:
5106         external_ids                map of string-string pairs
5107
5108   Details:
5109       targets: set of strings
5110              IPFIX target collectors in the form ip:port.
5111
5112       cache_active_timeout: optional integer, in range 0 to 4,200
5113              The maximum period in seconds for which an IPFIX flow record  is
5114              cached  and  aggregated  before  being  sent.  If not specified,
5115              defaults to 0. If 0, caching is disabled.
5116
5117       cache_max_flows: optional integer, in range 0 to 4,294,967,295
5118              The maximum number of IPFIX flow records that can be cached at a
5119              time.  If  not  specified,  defaults to 0. If 0, caching is dis‐
5120              abled.
5121
5122       other_config : enable-tunnel-sampling: optional string, either true  or
5123       false
5124              Set  to  true  to  enable  sampling  and reporting tunnel header
5125              7-tuples in IPFIX flow records. Tunnel sampling  is  enabled  by
5126              default.
5127
5128              The  following  enterprise  entities  report  the sampled tunnel
5129              info:
5130
5131              tunnelType:
5132                     ID: 891, and enterprise ID 6876 (VMware).
5133
5134                     type: unsigned 8-bit integer.
5135
5136                     data type semantics: identifier.
5137
5138                     description: Identifier of the layer  2  network  overlay
5139                     network  encapsulation  type:  0x01 VxLAN, 0x02 GRE, 0x03
5140                     LISP, 0x07 GENEVE.
5141
5142              tunnelKey:
5143                     ID: 892, and enterprise ID 6876 (VMware).
5144
5145                     type: variable-length octetarray.
5146
5147                     data type semantics: identifier.
5148
5149                     description: Key which is used for identifying  an  indi‐
5150                     vidual  traffic  flow within a VxLAN (24-bit VNI), GENEVE
5151                     (24-bit VNI), GRE (32-bit key), or LISP (24-bit  instance
5152                     ID)  tunnel.  The  key is encoded in this octetarray as a
5153                     3-, 4-, or 8-byte integer ID in network byte order.
5154
5155              tunnelSourceIPv4Address:
5156                     ID: 893, and enterprise ID 6876 (VMware).
5157
5158                     type: unsigned 32-bit integer.
5159
5160                     data type semantics: identifier.
5161
5162                     description: The IPv4 source address  in  the  tunnel  IP
5163                     packet header.
5164
5165              tunnelDestinationIPv4Address:
5166                     ID: 894, and enterprise ID 6876 (VMware).
5167
5168                     type: unsigned 32-bit integer.
5169
5170                     data type semantics: identifier.
5171
5172                     description:  The  IPv4 destination address in the tunnel
5173                     IP packet header.
5174
5175              tunnelProtocolIdentifier:
5176                     ID: 895, and enterprise ID 6876 (VMware).
5177
5178                     type: unsigned 8-bit integer.
5179
5180                     data type semantics: identifier.
5181
5182                     description: The value of the protocol number in the tun‐
5183                     nel  IP packet header. The protocol number identifies the
5184                     tunnel IP packet payload type.
5185
5186              tunnelSourceTransportPort:
5187                     ID: 896, and enterprise ID 6876 (VMware).
5188
5189                     type: unsigned 16-bit integer.
5190
5191                     data type semantics: identifier.
5192
5193                     description: The source port  identifier  in  the  tunnel
5194                     transport  header.  For the transport protocols UDP, TCP,
5195                     and SCTP, this is the source port  number  given  in  the
5196                     respective header.
5197
5198              tunnelDestinationTransportPort:
5199                     ID: 897, and enterprise ID 6876 (VMware).
5200
5201                     type: unsigned 16-bit integer.
5202
5203                     data type semantics: identifier.
5204
5205                     description:  The destination port identifier in the tun‐
5206                     nel transport header. For the  transport  protocols  UDP,
5207                     TCP,  and SCTP, this is the destination port number given
5208                     in the respective header.
5209
5210              Before Open vSwitch 2.5.90,  other_config:enable-tunnel-sampling
5211              was  only supported with per-bridge sampling, and ignored other‐
5212              wise. Open vSwitch 2.5.90 and later support other_config:enable-
5213              tunnel-sampling for per-bridge and per-flow sampling.
5214
5215       other_config : virtual_obs_id: optional string
5216              A  string  that accompanies each IPFIX flow record. Its intended
5217              use is for the ``virtual observation ID,’’ an  identifier  of  a
5218              virtual  observation  point  that is locally unique in a virtual
5219              network. It describes a location in the virtual network where IP
5220              packets can be observed. The maximum length is 254 bytes. If not
5221              specified, the field is omitted from the IPFIX flow record.
5222
5223              The following enterprise entity reports  the  specified  virtual
5224              observation ID:
5225
5226              virtualObsID:
5227                     ID: 898, and enterprise ID 6876 (VMware).
5228
5229                     type: variable-length string.
5230
5231                     data type semantics: identifier.
5232
5233                     description:  A  virtual  observation  domain  ID that is
5234                     locally unique in a virtual network.
5235
5236              This feature was introduced in Open vSwitch 2.5.90.
5237
5238     Per-Bridge Sampling:
5239
5240       These values affect only per-bridge sampling. See above for a  descrip‐
5241       tion of the differences between per-bridge and flow-based sampling.
5242
5243       sampling: optional integer, in range 1 to 4,294,967,295
5244              The  rate  at  which  packets should be sampled and sent to each
5245              target collector. If not specified, defaults to 400, which means
5246              one  out of 400 packets, on average, will be sent to each target
5247              collector.
5248
5249       obs_domain_id: optional integer, in range 0 to 4,294,967,295
5250              The IPFIX Observation Domain ID sent in each  IPFIX  packet.  If
5251              not specified, defaults to 0.
5252
5253       obs_point_id: optional integer, in range 0 to 4,294,967,295
5254              The  IPFIX  Observation Point ID sent in each IPFIX flow record.
5255              If not specified, defaults to 0.
5256
5257       other_config : enable-input-sampling: optional string, either  true  or
5258       false
5259              By  default,  Open  vSwitch  samples and reports flows at bridge
5260              port input in IPFIX flow records. Set this column  to  false  to
5261              disable input sampling.
5262
5263       other_config  : enable-output-sampling: optional string, either true or
5264       false
5265              By default, Open vSwitch samples and  reports  flows  at  bridge
5266              port  output  in IPFIX flow records. Set this column to false to
5267              disable output sampling.
5268
5269     Common Columns:
5270
5271       The overall purpose of these columns is described under Common  Columns
5272       at the beginning of this document.
5273
5274       external_ids: map of string-string pairs
5275

Flow_Sample_Collector_Set TABLE

5277       A  set of IPFIX collectors of packet samples generated by OpenFlow sam‐
5278       ple actions. This table is used only for IPFIX flow-based sampling, not
5279       for  per-bridge  sampling (see the IPFIX table for a description of the
5280       two forms).
5281
5282   Summary:
5283       id                            integer, in range 0 to 4,294,967,295
5284       bridge                        Bridge
5285       ipfix                         optional IPFIX
5286       Common Columns:
5287         external_ids                map of string-string pairs
5288
5289   Details:
5290       id: integer, in range 0 to 4,294,967,295
5291              The ID of this collector set, unique among the bridge’s  collec‐
5292              tor  sets, to be used as the collector_set_id in OpenFlow sample
5293              actions.
5294
5295       bridge: Bridge
5296              The bridge into which OpenFlow sample actions can  be  added  to
5297              send packet samples to this set of IPFIX collectors.
5298
5299       ipfix: optional IPFIX
5300              Configuration  of  the  set of IPFIX collectors to send one flow
5301              record per sampled packet to.
5302
5303     Common Columns:
5304
5305       The overall purpose of these columns is described under Common  Columns
5306       at the beginning of this document.
5307
5308       external_ids: map of string-string pairs
5309

AutoAttach TABLE

5311       Auto  Attach  configuration  within a bridge. The IETF Auto-Attach SPBM
5312       draft standard describes a compact method of using  IEEE  802.1AB  Link
5313       Layer  Discovery  Protocol (LLDP) together with a IEEE 802.1aq Shortest
5314       Path Bridging (SPB) network to automatically attach network devices  to
5315       individual  services in a SPB network. The intent here is to allow net‐
5316       work applications and devices using OVS  to  be  able  to  easily  take
5317       advantage of features offered by industry standard SPB networks.
5318
5319       Auto  Attach (AA) uses LLDP to communicate between a directly connected
5320       Auto Attach Client (AAC) and Auto Attach Server (AAS). The LLDP  proto‐
5321       col  is  extended  to  add two new Type-Length-Value tuples (TLVs). The
5322       first new TLV supports the ongoing discovery of directly  connected  AA
5323       correspondents.  Auto Attach operates by regularly transmitting AA dis‐
5324       covery TLVs between the AA client and AA server.  By  exchanging  these
5325       discovery messages, both the AAC and AAS learn the system name and sys‐
5326       tem description of their peer. In the OVS context, OVS operates as  the
5327       AA  client and the AA server resides on a switch at the edge of the SPB
5328       network.
5329
5330       Once AA discovery has been completed the AAC then uses the  second  new
5331       TLV  to  deliver identifier mappings from the AAC to the AAS. A primary
5332       feature of Auto Attach is to facilitate the mapping  of  VLANs  defined
5333       outside the SPB network onto service ids (ISIDs) defined within the SPM
5334       network. By doing so individual external VLANs can be mapped onto  spe‐
5335       cific  SPB network services. These VLAN id to ISID mappings can be con‐
5336       figured and managed locally using new options added  to  the  ovs-vsctl
5337       command.
5338
5339       The  Auto  Attach OVS feature does not provide a full implementation of
5340       the LLDP protocol. Support for the mandatory TLVs  as  defined  by  the
5341       LLDP  standard  and support for the AA TLV extensions is provided. LLDP
5342       protocol support in OVS can be enabled or disabled on a  port  by  port
5343       basis. LLDP support is disabled by default.
5344
5345   Summary:
5346       system_name                   string
5347       system_description            string
5348       mappings                      map  of  integer-integer  pairs,  key  in
5349                                     range 0 to 16,777,215, value in  range  0
5350                                     to 4,095
5351
5352   Details:
5353       system_name: string
5354              The  system_name  string is exported in LLDP messages. It should
5355              uniquely identify the bridge in the network.
5356
5357       system_description: string
5358              The system_description string is exported in LLDP  messages.  It
5359              should describe the type of software and hardware.
5360
5361       mappings:  map  of integer-integer pairs, key in range 0 to 16,777,215,
5362       value in range 0 to 4,095
5363              A mapping from SPB network Individual Service Identifier  (ISID)
5364              to VLAN id.
5365
5366
5367
5368Open vSwitch 2.12.0             DB Schema 8.0.0        ovs-vswitchd.conf.db(5)
Impressum