1ovs-vswitchd.conf.db(5)       Open vSwitch Manual      ovs-vswitchd.conf.db(5)
2
3
4

NAME

6       ovs-vswitchd.conf.db - Open_vSwitch database schema
7
8       A  database  with  this  schema  holds  the  configuration for one Open
9       vSwitch daemon. The top-level  configuration  for  the  daemon  is  the
10       Open_vSwitch  table,  which  must  have  exactly one record. Records in
11       other tables are significant only when they can be reached directly  or
12       indirectly  from the Open_vSwitch table. Records that are not reachable
13       from the Open_vSwitch table are automatically deleted  from  the  data‐
14       base, except for records in a few distinguished ``root set’’ tables.
15
16   Common Columns
17       Most  tables contain two special columns, named other_config and exter‐
18       nal_ids. These columns have the same form and purpose each  place  that
19       they appear, so we describe them here to save space later.
20
21              other_config: map of string-string pairs
22                     Key-value  pairs  for  configuring  rarely used features.
23                     Supported keys, along with the forms taken by their  val‐
24                     ues, are documented individually for each table.
25
26                     A  few tables do not have other_config columns because no
27                     key-value pairs have yet been defined for them.
28
29              external_ids: map of string-string pairs
30                     Key-value pairs for use by external frameworks that inte‐
31                     grate  with  Open  vSwitch,  rather  than by Open vSwitch
32                     itself. System integrators should  either  use  the  Open
33                     vSwitch  development mailing list to coordinate on common
34                     key-value definitions,  or  choose  key  names  that  are
35                     likely to be unique. In some cases, where key-value pairs
36                     have been defined that are likely to  be  widely  useful,
37                     they are documented individually for each table.
38

TABLE SUMMARY

40       The  following list summarizes the purpose of each of the tables in the
41       Open_vSwitch database.  Each table is described in  more  detail  on  a
42       later page.
43
44       Table     Purpose
45       Open_vSwitch
46                 Open vSwitch configuration.
47       Bridge    Bridge configuration.
48       Port      Port configuration.
49       Interface One physical network device in a Port.
50       Flow_Table
51                 OpenFlow table configuration
52       QoS       Quality of Service configuration
53       Queue     QoS output queue.
54       Mirror    Port mirroring.
55       Controller
56                 OpenFlow controller configuration.
57       Manager   OVSDB management connection.
58       NetFlow   NetFlow configuration.
59       Datapath  Datapath configuration.
60       CT_Zone   CT_Zone configuration.
61       CT_Timeout_Policy
62                 CT_Timeout_Policy configuration.
63       SSL       SSL configuration.
64       sFlow     sFlow configuration.
65       IPFIX     IPFIX configuration.
66       Flow_Sample_Collector_Set
67                 Flow_Sample_Collector_Set configuration.
68       AutoAttach
69                 AutoAttach configuration.
70

Open_vSwitch TABLE

72       Configuration  for  an  Open  vSwitch daemon. There must be exactly one
73       record in the Open_vSwitch table.
74
75   Summary:
76       Configuration:
77         datapaths                   map of string-Datapath pairs
78         bridges                     set of Bridges
79         ssl                         optional SSL
80         external_ids : system-id    optional string
81         external_ids : xs-system-uuid
82                                     optional string
83         external_ids : hostname     optional string
84         external_ids : rundir       optional string
85         other_config : stats-update-interval
86                                     optional string, containing  an  integer,
87                                     at least 5,000
88         other_config : flow-restore-wait
89                                     optional string, either true or false
90         other_config : flow-limit   optional  string,  containing an integer,
91                                     at least 0
92         other_config : max-idle     optional string, containing  an  integer,
93                                     at least 500
94         other_config : max-revalidator
95                                     optional  string,  containing an integer,
96                                     at least 100
97         other_config : min-revalidate-pps
98                                     optional string, containing  an  integer,
99                                     at least 1
100         other_config : hw-offload   optional string, either true or false
101         other_config : tc-policy    optional string, one of none, skip_hw, or
102                                     skip_sw
103         other_config : dpdk-init    optional string, one of false,  true,  or
104                                     try
105         other_config : dpdk-lcore-mask
106                                     optional  string,  containing an integer,
107                                     at least 1
108         other_config : pmd-cpu-mask
109                                     optional string
110         other_config : dpdk-alloc-mem
111                                     optional string, containing  an  integer,
112                                     at least 0
113         other_config : dpdk-socket-mem
114                                     optional string
115         other_config : dpdk-socket-limit
116                                     optional string
117         other_config : dpdk-hugepage-dir
118                                     optional string
119         other_config : dpdk-extra   optional string
120         other_config : vhost-sock-dir
121                                     optional string
122         other_config : vhost-iommu-support
123                                     optional string, either true or false
124         other_config : vhost-postcopy-support
125                                     optional string, either true or false
126         other_config : per-port-memory
127                                     optional string, either true or false
128         other_config : tx-flush-interval
129                                     optional  string,  containing an integer,
130                                     in range 0 to 1,000,000
131         other_config : pmd-perf-metrics
132                                     optional string, either true or false
133         other_config : smc-enable   optional string, either true or false
134         other_config : pmd-rxq-assign
135                                     optional   string,   either   cycles   or
136                                     roundrobin
137         other_config : n-handler-threads
138                                     optional  string,  containing an integer,
139                                     at least 1
140         other_config : n-revalidator-threads
141                                     optional string, containing  an  integer,
142                                     at least 1
143         other_config : emc-insert-inv-prob
144                                     optional  string,  containing an integer,
145                                     in range 0 to 4,294,967,295
146         other_config : vlan-limit   optional string, containing  an  integer,
147                                     at least 0
148         other_config : bundle-idle-timeout
149                                     optional  string,  containing an integer,
150                                     at least 1
151         other_config : offload-rebalance
152                                     optional string, either true or false
153         other_config : pmd-auto-lb  optional string, either true or false
154         other_config : pmd-auto-lb-rebal-interval
155                                     optional string, containing  an  integer,
156                                     in range 0 to 20,000
157         other_config : pmd-auto-lb-load-threshold
158                                     optional  string,  containing an integer,
159                                     in range 0 to 100
160         other_config : pmd-auto-lb-improvement-threshold
161                                     optional string, containing  an  integer,
162                                     in range 0 to 100
163         other_config : userspace-tso-enable
164                                     optional string, either true or false
165       Status:
166         next_cfg                    integer
167         cur_cfg                     integer
168         dpdk_initialized            boolean
169         Statistics:
170            other_config : enable-statistics
171                                     optional string, either true or false
172            statistics : cpu         optional  string,  containing an integer,
173                                     at least 1
174            statistics : load_average
175                                     optional string
176            statistics : memory      optional string
177            statistics : process_NAME
178                                     optional string
179            statistics : file_systems
180                                     optional string
181       Version Reporting:
182         ovs_version                 optional string
183         db_version                  optional string
184         system_type                 optional string
185         system_version              optional string
186         dpdk_version                optional string
187       Capabilities:
188         datapath_types              set of strings
189         iface_types                 set of strings
190       Database Configuration:
191         manager_options             set of Managers
192       IPsec:
193         other_config : private_key  optional string
194         other_config : certificate  optional string
195         other_config : ca_cert      optional string
196         Plaintext Tunnel Policy:
197            other_config : ipsec_skb_mark
198                                     optional string
199       Common Columns:
200         other_config                map of string-string pairs
201         external_ids                map of string-string pairs
202
203   Details:
204     Configuration:
205
206       datapaths: map of string-Datapath pairs
207              Map of datapath types to datapaths. The datapath_type column  of
208              the Bridge table is used as a key for this map. The value points
209              to a row in the Datapath table.
210
211       bridges: set of Bridges
212              Set of bridges managed by the daemon.
213
214       ssl: optional SSL
215              SSL used globally by the daemon.
216
217       external_ids : system-id: optional string
218              A unique identifier for the Open vSwitch’s  physical  host.  The
219              form  of  the  identifier  depends on the type of the host. On a
220              Citrix XenServer,  this  will  likely  be  the  same  as  exter‐
221              nal_ids:xs-system-uuid.
222
223       external_ids : xs-system-uuid: optional string
224              The Citrix XenServer universally unique identifier for the phys‐
225              ical host as displayed by xe host-list.
226
227       external_ids : hostname: optional string
228              The hostname for the host running Open vSwitch. This is a  fully
229              qualified domain name since version 2.6.2.
230
231       external_ids : rundir: optional string
232              In  Open vSwitch 2.8 and later, the run directory of the running
233              Open vSwitch daemon. This directory is used  for  runtime  state
234              such  as control and management sockets. The value of other_con‐
235              fig:vhost-sock-dir is relative to this directory.
236
237       other_config : stats-update-interval: optional  string,  containing  an
238       integer, at least 5,000
239              Interval  for  updating statistics to the database, in millisec‐
240              onds. This option will affect the update of the statistics  col‐
241              umn in the following tables: Port, Interface , Mirror.
242
243              Default value is 5000 ms.
244
245              Getting statistics more frequently can be achieved via OpenFlow.
246
247       other_config : flow-restore-wait: optional string, either true or false
248              When  ovs-vswitchd  starts  up,  it  has an empty flow table and
249              therefore it handles all arriving packets in its default fashion
250              according to its configuration, by dropping them or sending them
251              to an OpenFlow controller or  switching  them  as  a  standalone
252              switch.  This  behavior  is  ordinarily  desirable.  However, if
253              ovs-vswitchd is restarting as part of  a  ``hot-upgrade,’’  then
254              this  leads to a relatively long period during which packets are
255              mishandled.
256
257              This option allows for  improvement.  When  ovs-vswitchd  starts
258              with  this  value  set  as true, it will neither flush or expire
259              previously set datapath flows nor will it send and  receive  any
260              packets to or from the datapath. When this value is later set to
261              false, ovs-vswitchd will start receiving packets from the  data‐
262              path and re-setup the flows.
263
264              Additionally,  ovs-vswitchd is prevented from connecting to con‐
265              trollers when this value is set  to  true.  This  prevents  con‐
266              trollers  from making changes to the flow table in the middle of
267              flow restoration, which could result in undesirable intermediate
268              states.  Once  this  value has been set to false and the desired
269              flow state has been  restored,  ovs-vswitchd  will  be  able  to
270              reconnect  to controllers and process any new flow table modifi‐
271              cations.
272
273              Thus, with this option,  the  procedure  for  a  hot-upgrade  of
274              ovs-vswitchd becomes roughly the following:
275
276              1.  Stop ovs-vswitchd.
277
278              2.  Set other_config:flow-restore-wait to true.
279
280              3.  Start ovs-vswitchd.
281
282              4.  Use  ovs-ofctl  (or  some other program, such as an OpenFlow
283                  controller) to  restore  the  OpenFlow  flow  table  to  the
284                  desired state.
285
286              5.  Set  other_config:flow-restore-wait  to  false (or remove it
287                  entirely from the database).
288
289              The ovs-ctl’s ``restart’’  and  ``force-reload-kmod’’  functions
290              use the above config option during hot upgrades.
291
292       other_config  :  flow-limit: optional string, containing an integer, at
293       least 0
294              The maximum number of flows allowed in the datapath flow  table.
295              Internally  OVS  will  choose  a flow limit which will likely be
296              lower than this number, based on real time  network  conditions.
297              Tweaking  this value is discouraged unless you know exactly what
298              you’re doing.
299
300              The default is 200000.
301
302       other_config : max-idle: optional string,  containing  an  integer,  at
303       least 500
304              The  maximum  time (in ms) that idle flows will remain cached in
305              the datapath. Internally OVS will check the validity and  activ‐
306              ity  for  datapath  flows regularly and may expire flows quicker
307              than this number, based on real time network conditions.  Tweak‐
308              ing  this  value  is  discouraged  unless  you know exactly what
309              you’re doing.
310
311              The default is 10000.
312
313       other_config : max-revalidator: optional string, containing an integer,
314       at least 100
315              The  maximum  time  (in  ms)  that revalidator threads will wait
316              before executing flow revalidation. Note that  this  is  maximum
317              allowed value. Actual timeout used by OVS is minimum of max-idle
318              and max-revalidator values. Tweaking this value  is  discouraged
319              unless you know exactly what you’re doing.
320
321              The default is 500.
322
323       other_config : min-revalidate-pps: optional string, containing an inte‐
324       ger, at least 1
325              Set minimum pps that flow must have in order to  be  revalidated
326              when  revalidation duration exceeds half of max-revalidator con‐
327              fig variable.
328
329              The default is 5.
330
331       other_config : hw-offload: optional string, either true or false
332              Set this value to true to enable netdev flow offload.
333
334              The  default  value  is  false.  Changing  this  value  requires
335              restarting the daemon
336
337              Currently  Open  vSwitch  supports  hardware offloading on Linux
338              systems. On other systems, this value is ignored. This function‐
339              ality  is considered ’experimental’. Depending on which OpenFlow
340              matches and actions are  configured,  which  kernel  version  is
341              used,  and  what  hardware is available, Open vSwitch may not be
342              able to offload functionality to hardware.
343
344              In  order  to   dump   HW   offloaded   flows   use   ovs-appctl
345              dpctl/dump-flows,  ovs-dpctl doesn’t support this functionality.
346              See ovs-vswitchd(8) for details.
347
348       other_config : tc-policy: optional string, one  of  none,  skip_hw,  or
349       skip_sw
350              Specified the policy used with HW offloading. Options:
351
352              none   Add software rule and offload rule to HW.
353
354              skip_sw
355                     Offload rule to HW only.
356
357              skip_hw
358                     Add software rule without offloading rule to HW.
359
360              This is only relevant if other_config:hw-offload is enabled.
361
362              The default value is none.
363
364       other_config : dpdk-init: optional string, one of false, true, or try
365              Set this value to true or try to enable runtime support for DPDK
366              ports. The vswitch must have compile-time support  for  DPDK  as
367              well.
368
369              A  value of true will cause the ovs-vswitchd process to abort if
370              DPDK cannot be initialized. A value of try will allow  the  ovs-
371              vswitchd process to continue running even if DPDK cannot be ini‐
372              tialized.
373
374              The  default  value  is  false.  Changing  this  value  requires
375              restarting the daemon
376
377              If this value is false at startup, any dpdk ports which are con‐
378              figured in the bridge will fail due to memory errors.
379
380       other_config : dpdk-lcore-mask: optional string, containing an integer,
381       at least 1
382              Specifies  the  CPU  cores  where  dpdk  lcore threads should be
383              spawned. The DPDK lcore threads are used for DPDK library tasks,
384              such as library internal message processing, logging, etc. Value
385              should be in the form of a hex string (so  ’0x123’)  similar  to
386              the ’taskset’ mask input.
387
388              The  lowest  order  bit corresponds to the first CPU core. A set
389              bit means the corresponding  core  is  available  and  an  lcore
390              thread  will  be created and pinned to it. If the input does not
391              cover all cores, those uncovered cores are considered not set.
392
393              For performance reasons, it is best to set this to a single core
394              on the system, rather than allow lcore threads to float.
395
396              If  not  specified, the value will be determined by choosing the
397              lowest CPU core from initial cpu affinity list.  Otherwise,  the
398              value will be passed directly to the DPDK library.
399
400       other_config : pmd-cpu-mask: optional string
401              Specifies  CPU  mask  for  setting the cpu affinity of PMD (Poll
402              Mode Driver) threads. Value should be in the form of hex string,
403              similar  to  the  dpdk  EAL  ’-c  COREMASK’  option input or the
404              ’taskset’ mask input.
405
406              The lowest order bit corresponds to the first CPU  core.  A  set
407              bit  means  the corresponding core is available and a pmd thread
408              will be created and pinned to it. If the input  does  not  cover
409              all cores, those uncovered cores are considered not set.
410
411              If  not  specified, one pmd thread will be created for each numa
412              node and pinned to any  available  core  on  the  numa  node  by
413              default.
414
415       other_config  : dpdk-alloc-mem: optional string, containing an integer,
416       at least 0
417              Specifies the amount of memory to preallocate from the  hugepage
418              pool,  regardless of socket. It is recommended that dpdk-socket-
419              mem is used instead.
420
421       other_config : dpdk-socket-mem: optional string
422              Specifies the amount of memory to preallocate from the  hugepage
423              pool, on a per-socket basis.
424
425              The specifier is a comma-separated string, in ascending order of
426              CPU socket. E.g. On a four socket system 1024,0,2048  would  set
427              socket  0  to  preallocate  1024MB, socket 1 to preallocate 0MB,
428              socket 2 to preallocate 2048MB and socket 3 (no value given)  to
429              preallocate 0MB.
430
431              If  dpdk-socket-mem  and dpdk-alloc-mem are not specified, dpdk-
432              socket-mem will be used and the default value is 1024  for  each
433              numa  node.  If dpdk-socket-mem and dpdk-alloc-mem are specified
434              at same time, dpdk-socket-mem will be used as default.  Changing
435              this value requires restarting the daemon.
436
437       other_config : dpdk-socket-limit: optional string
438              Limits  the  maximum  amount of memory that can be used from the
439              hugepage pool, on a per-socket basis.
440
441              The specifier is a comma-separated list  of  memory  limits  per
442              socket. 0 will disable the limit for a particular socket.
443
444              If  not specified, OVS will configure limits equal to the amount
445              of preallocated memory specified by other_config:dpdk-socket-mem
446              or --socket-mem in other_config:dpdk-extra. If none of the above
447              options specified or --legacy-mem provided in other_config:dpdk-
448              extra,  limits will not be applied. Changing this value requires
449              restarting the daemon.
450
451       other_config : dpdk-hugepage-dir: optional string
452              Specifies the path to the hugetlbfs mount point.
453
454              If not specified, this will  be  guessed  by  the  DPDK  library
455              (default   is  /dev/hugepages).  Changing  this  value  requires
456              restarting the daemon.
457
458       other_config : dpdk-extra: optional string
459              Specifies additional eal command line arguments for DPDK.
460
461              The default is empty. Changing this  value  requires  restarting
462              the daemon
463
464       other_config : vhost-sock-dir: optional string
465              Specifies a relative path from external_ids:rundir to the vhost-
466              user unix domain socket files. If this value is unset, the sock‐
467              ets are put directly in external_ids:rundir.
468
469              Changing this value requires restarting the daemon.
470
471       other_config  :  vhost-iommu-support:  optional  string, either true or
472       false
473              vHost IOMMU is a security feature,  which  restricts  the  vhost
474              memory  that  a virtio device may access. vHost IOMMU support is
475              disabled by default, due to a bug in QEMU implementations of the
476              vhost REPLY_ACK protocol, (on which vHost IOMMU relies) prior to
477              v2.9.1. Setting this value to true enables vHost  IOMMU  support
478              for  vHost  User  Client  ports  in OvS-DPDK, starting from DPDK
479              v17.11.
480
481              Changing this value requires restarting the daemon.
482
483       other_config : vhost-postcopy-support: optional string, either true  or
484       false
485              vHost  post-copy is a feature which allows switching live migra‐
486              tion of VM attached to  dpdkvhostuserclient  port  to  post-copy
487              mode if default pre-copy migration can not be converged or takes
488              too long to converge. Setting this value to true  enables  vHost
489              post-copy  support  for all dpdkvhostuserclient ports. Available
490              starting from DPDK v18.11 and QEMU 2.12.
491
492              Changing this value requires restarting the daemon.
493
494       other_config : per-port-memory: optional string, either true or false
495              By default OVS DPDK uses a shared memory model  wherein  devices
496              that have the same MTU and socket values can share the same mem‐
497              pool. Setting this value to true  changes  this  behaviour.  Per
498              port memory allow DPDK devices to use private memory per device.
499              This can provide greater transparency as  regards  memory  usage
500              but potentially at the cost of greater memory requirements.
501
502              Changing  this value requires restarting the daemon if dpdk-init
503              has already been set to true.
504
505       other_config : tx-flush-interval: optional string, containing an  inte‐
506       ger, in range 0 to 1,000,000
507              Specifies  the  time  in  microseconds that a packet can wait in
508              output batch for sending i.e. amount of  time  that  packet  can
509              spend  in an intermediate output queue before sending to netdev.
510              This option can be used to configure balance between  throughput
511              and  latency. Lower values decreases latency while higher values
512              may be useful to achieve higher performance.
513
514              Defaults to 0 i.e. instant packet sending (latency optimized).
515
516       other_config : pmd-perf-metrics: optional string, either true or false
517              Enables recording of detailed PMD performance metrics for analy‐
518              sis  and trouble-shooting. This can have a performance impact in
519              the order of 1%.
520
521              Defaults to false but can be changed at any time.
522
523       other_config : smc-enable: optional string, either true or false
524              Signature match cache or SMC is a cache between EMC and megaflow
525              cache. It does not store the full key of the flow, so it is more
526              memory efficient comparing to EMC cache. SMC is especially  use‐
527              ful when flow count is larger than EMC capacity.
528
529              Defaults to false but can be changed at any time.
530
531       other_config  :  pmd-rxq-assign:  optional  string,  either  cycles  or
532       roundrobin
533              Specifies how RX queues will be automatically  assigned  to  CPU
534              cores. Options:
535
536              cycles Rxqs  will  be  sorted  by  order  of measured processing
537                     cycles before being assigned to CPU cores.
538
539              roundrobin
540                     Rxqs will be round-robined across CPU cores.
541
542              The default value is cycles.
543
544              Changing this value will affect an  automatic  re-assignment  of
545              Rxqs to CPUs. Note: Rxqs mapped to CPU cores with pmd-rxq-affin‐
546              ity are unaffected.
547
548       other_config : n-handler-threads: optional string, containing an  inte‐
549       ger, at least 1
550              Specifies  the  number  of threads for software datapaths to use
551              for handling new flows. The default the  number  of  online  CPU
552              cores minus the number of revalidators.
553
554              This  configuration  is  per datapath. If you have more than one
555              software datapath (e.g. some  system  bridges  and  some  netdev
556              bridges),  then the total number of threads is n-handler-threads
557              times the number of software datapaths.
558
559       other_config : n-revalidator-threads: optional  string,  containing  an
560       integer, at least 1
561              Specifies  the  number  of threads for software datapaths to use
562              for revalidating flows in the datapath. Typically,  there  is  a
563              direct  correlation  between  the number of revalidator threads,
564              and the number of flows allowed in the datapath. The default  is
565              the  number  of  cpu  cores  divided by four plus one. If n-han‐
566              dler-threads is set, the default changes to the  number  of  cpu
567              cores minus the number of handler threads.
568
569              This  configuration  is  per datapath. If you have more than one
570              software datapath (e.g. some  system  bridges  and  some  netdev
571              bridges),  then the total number of threads is n-handler-threads
572              times the number of software datapaths.
573
574       other_config :  emc-insert-inv-prob:  optional  string,  containing  an
575       integer, in range 0 to 4,294,967,295
576              Specifies  the  inverse probability (1/emc-insert-inv-prob) of a
577              flow being inserted into the Exact Match Cache (EMC). On average
578              one  in every emc-insert-inv-prob packets that generate a unique
579              flow will cause an insertion into the EMC. A  value  of  1  will
580              result  in  an  insertion  for every flow (1/1 = 100%) whereas a
581              value of zero will result in no insertions and essentially  dis‐
582              able the EMC.
583
584              Defaults  to  100 ie. there is (1/100 =) 1% chance of EMC inser‐
585              tion.
586
587       other_config : vlan-limit: optional string, containing an  integer,  at
588       least 0
589              Limits  the  number  of  VLAN headers that can be matched to the
590              specified number. Further VLAN headers will be treated  as  pay‐
591              load, e.g. a packet with more 802.1q headers will match Ethernet
592              type 0x8100.
593
594              Open vSwitch userspace currently supports at most 2  VLANs,  and
595              each  datapath  has  its own limit. If vlan-limit is nonzero, it
596              acts as a further limit.
597
598              If this value is absent, the default is currently 1. This  main‐
599              tains backward compatibility with controllers that were designed
600              for use with Open vSwitch versions earlier than 2.8, which  only
601              supported one VLAN.
602
603       other_config  :  bundle-idle-timeout:  optional  string,  containing an
604       integer, at least 1
605              The maximum time (in seconds) that idle bundles will wait to  be
606              expired since it was either opened, modified or closed.
607
608              OpenFlow  specification  mandates the timeout to be at least one
609              second. The default is 10 seconds.
610
611       other_config : offload-rebalance: optional string, either true or false
612              Configures HW offload rebalancing, that  allows  to  dynamically
613              offload  and  un-offload flows while an offload-device is out of
614              resources (OOR). This policy allows flows  to  be  selected  for
615              offloading based on the packets-per-second (pps) rate of flows.
616
617              Set this value to true to enable this option.
618
619              The  default  value  is  false.  Changing  this  value  requires
620              restarting the daemon.
621
622              This is only relevant if HW offloading is enabled  (hw-offload).
623              When  this policy is enabled, it also requires ’tc-policy’ to be
624              set to ’skip_sw’.
625
626       other_config : pmd-auto-lb: optional string, either true or false
627              Configures PMD Auto Load Balancing that allows automatic assign‐
628              ment  of  RX queues to PMDs if any of PMDs is overloaded (i.e. a
629              processing cycles > other_config:pmd-auto-lb-load-threshold).
630
631              It uses current scheme of cycle based assignment  of  RX  queues
632              that are not statically pinned to PMDs.
633
634              The default value is false.
635
636              Set  this  value  to true to enable this option. It is currently
637              disabled by default and an experimental feature.
638
639              This only comes in effect if cycle based assignment  is  enabled
640              and  there  are  more  than one non-isolated PMDs present and at
641              least one of it polls more than one queue.
642
643       other_config : pmd-auto-lb-rebal-interval: optional string,  containing
644       an integer, in range 0 to 20,000
645              The  minimum  time (in minutes) 2 consecutive PMD Auto Load Bal‐
646              ancing iterations.
647
648              The defaul value is 1 min. If configured to 0 then it  would  be
649              converted to default value i.e. 1 min
650
651              This  option can be configured to avoid frequent trigger of auto
652              load balancing of PMDs. For e.g. set the  value  (in  min)  such
653              that it occurs once in few hours or a day or a week.
654
655       other_config  : pmd-auto-lb-load-threshold: optional string, containing
656       an integer, in range 0 to 100
657              Specifies the minimum PMD  thread  load  threshold  (%  of  used
658              cycles)  of  any  non-isolated  PMD threads when a PMD Auto Load
659              Balance may be triggered.
660
661              The default value is 95%.
662
663       other_config : pmd-auto-lb-improvement-threshold: optional string, con‐
664       taining an integer, in range 0 to 100
665              Specifies  the minimum evaluated % improvement in load distribu‐
666              tion across the non-isolated PMD threads that will allow  a  PMD
667              Auto Load Balance to occur.
668
669              Note, setting this parameter to 0 will always allow an auto load
670              balance to occur regardless of estimated improvement or not.
671
672              The default value is 25%.
673
674       other_config : userspace-tso-enable: optional string,  either  true  or
675       false
676              Set  this value to true to enable userspace support for TCP Seg‐
677              mentation Offloading (TSO). When it is enabled,  the  interfaces
678              can  provide  an  oversized  TCP segment to the datapath and the
679              datapath will offload the TCP segmentation and checksum calcula‐
680              tion to the interfaces when necessary.
681
682              The  default  value  is  false.  Changing  this  value  requires
683              restarting the daemon.
684
685              The feature only works if Open vSwitch is built with  DPDK  sup‐
686              port.
687
688              The feature is considered experimental.
689
690     Status:
691
692       next_cfg: integer
693              Sequence  number for client to increment. When a client modifies
694              any part of the database configuration and wishes  to  wait  for
695              Open  vSwitch  to  finish applying the changes, it may increment
696              this sequence number.
697
698       cur_cfg: integer
699              Sequence number that Open vSwitch sets to the current  value  of
700              next_cfg  after  it  finishes  applying  a  set of configuration
701              changes.
702
703       dpdk_initialized: boolean
704              True if other_config:dpdk-init is  set  to  true  and  the  DPDK
705              library is successfully initialized.
706
707     Statistics:
708
709       The  statistics  column contains key-value pairs that report statistics
710       about a system running an Open vSwitch. These are updated  periodically
711       (currently, every 5 seconds). Key-value pairs that cannot be determined
712       or that do not apply to a platform are omitted.
713
714       other_config : enable-statistics: optional string, either true or false
715              Statistics are disabled by default to avoid overhead in the com‐
716              mon case when statistics gathering is not useful. Set this value
717              to true to enable populating the statistics column or  to  false
718              to explicitly disable it.
719
720       statistics : cpu: optional string, containing an integer, at least 1
721              Number of CPU processors, threads, or cores currently online and
722              available to the operating system on which Open vSwitch is  run‐
723              ning, as an integer. This may be less than the number installed,
724              if some are not online or if they are not available to the oper‐
725              ating system.
726
727              Open  vSwitch userspace processes are not multithreaded, but the
728              Linux kernel-based datapath is.
729
730       statistics : load_average: optional string
731              A comma-separated list of three floating-point  numbers,  repre‐
732              senting  the system load average over the last 1, 5, and 15 min‐
733              utes, respectively.
734
735       statistics : memory: optional string
736              A comma-separated list of integers, each of which  represents  a
737              quantity  of  memory  in  kilobytes that describes the operating
738              system on which Open vSwitch is running.  In  respective  order,
739              these values are:
740
741              1.  Total amount of RAM allocated to the OS.
742
743              2.  RAM allocated to the OS that is in use.
744
745              3.  RAM  that  can be flushed out to disk or otherwise discarded
746                  if that space is needed for another purpose. This number  is
747                  necessarily less than or equal to the previous value.
748
749              4.  Total disk space allocated for swap.
750
751              5.  Swap space currently in use.
752
753              On Linux, all five values can be determined and are included. On
754              other operating systems, only the first two values can be deter‐
755              mined, so the list will only have two values.
756
757       statistics : process_NAME: optional string
758              One  such  key-value pair, with NAME replaced by a process name,
759              will exist for each running Open vSwitch  daemon  process,  with
760              name  replaced by the daemon’s name (e.g. process_ovs-vswitchd).
761              The value is a comma-separated list of  integers.  The  integers
762              represent  the  following, with memory measured in kilobytes and
763              durations in milliseconds:
764
765              1.  The process’s virtual memory size.
766
767              2.  The process’s resident set size.
768
769              3.  The amount of user and  system  CPU  time  consumed  by  the
770                  process.
771
772              4.  The  number  of  times that the process has crashed and been
773                  automatically restarted by the monitor.
774
775              5.  The duration since the process was started.
776
777              6.  The duration for which the process has been running.
778
779              The interpretation of some of these values  depends  on  whether
780              the  process was started with the --monitor. If it was not, then
781              the crash count will always be 0  and  the  two  durations  will
782              always be the same. If --monitor was given, then the crash count
783              may be positive; if it is, the latter duration is the amount  of
784              time since the most recent crash and restart.
785
786              There will be one key-value pair for each file in Open vSwitch’s
787              ``run directory’’ (usually /var/run/openvswitch) whose name ends
788              in .pid, whose contents are a process ID, and which is locked by
789              a running process. The name is taken from the pidfile’s name.
790
791              Currently Open vSwitch is only able to obtain all of  the  above
792              detail  on  Linux  systems. On other systems, the same key-value
793              pairs will be present but the values will always  be  the  empty
794              string.
795
796       statistics : file_systems: optional string
797              A  space-separated  list  of information on local, writable file
798              systems. Each item in the list describes  one  file  system  and
799              consists in turn of a comma-separated list of the following:
800
801              1.  Mount point, e.g. / or /var/log. Any spaces or commas in the
802                  mount point are replaced by underscores.
803
804              2.  Total size, in kilobytes, as an integer.
805
806              3.  Amount of storage in use, in kilobytes, as an integer.
807
808              This key-value pair is omitted if there are no  local,  writable
809              file  systems or if Open vSwitch cannot obtain the needed infor‐
810              mation.
811
812     Version Reporting:
813
814       These columns report the types and versions of the hardware  and  soft‐
815       ware running Open vSwitch. We recommend in general that software should
816       test whether specific features are supported instead of relying on ver‐
817       sion  number  checks. These values are primarily intended for reporting
818       to human administrators.
819
820       ovs_version: optional string
821              The Open vSwitch version number, e.g. 1.1.0.
822
823       db_version: optional string
824              The database schema  version  number,  e.g.  1.2.3.  See  ovsdb-
825              tool(1) for an explanation of the numbering scheme.
826
827              The  schema  version  is  part of the database schema, so it can
828              also be retrieved by fetching the schema using the Open  vSwitch
829              database protocol.
830
831       system_type: optional string
832              An  identifier  for  the  type  of  system  on top of which Open
833              vSwitch runs, e.g. XenServer or KVM.
834
835              System integrators are responsible for choosing and  setting  an
836              appropriate value for this column.
837
838       system_version: optional string
839              The  version  of  the  system  identified  by  system_type, e.g.
840              5.6.100-39265p on XenServer 5.6.100 build 39265.
841
842              System integrators are responsible for choosing and  setting  an
843              appropriate value for this column.
844
845       dpdk_version: optional string
846              The version of the linked DPDK library.
847
848     Capabilities:
849
850       These columns report capabilities of the Open vSwitch instance.
851
852       datapath_types: set of strings
853              This column reports the different dpifs registered with the sys‐
854              tem. These are the values that this  instance  supports  in  the
855              datapath_type column of the Bridge table.
856
857       iface_types: set of strings
858              This  column  reports  the different netdevs registered with the
859              system. These are the values that this instance supports in  the
860              type column of the Interface table.
861
862     Database Configuration:
863
864       These   columns   primarily   configure   the   Open  vSwitch  database
865       (ovsdb-server), not the Open vSwitch switch (ovs-vswitchd).  The  OVSDB
866       database also uses the ssl settings.
867
868       The  Open vSwitch switch does read the database configuration to deter‐
869       mine remote IP addresses to which in-band control should apply.
870
871       manager_options: set of Managers
872              Database clients to  which  the  Open  vSwitch  database  server
873              should  connect or to which it should listen, along with options
874              for how these connections should be configured. See the  Manager
875              table for more information.
876
877              For  this column to serve its purpose, ovsdb-server must be con‐
878              figured to honor it. The easiest way to do  this  is  to  invoke
879              ovsdb-server             with             the             option
880              --remote=db:Open_vSwitch,Open_vSwitch,manager_options        The
881              startup scripts that accompany Open vSwitch do this by default.
882
883     IPsec:
884
885       These  settings  control the global configuration of IPsec tunnels. The
886       options column of the Interface table configures IPsec  for  individual
887       tunnels.
888
889       OVS  IPsec  supports  the following three forms of authentication. Cur‐
890       rently, all IPsec tunnels must use the same form:
891
892              1.  Pre-shared keys: Omit the global settings. On  each  tunnel,
893                  set options:psk.
894
895              2.  Self-signed  certificates:  Set the private_key and certifi‐
896                  cate    global    settings.    On    each    tunnel,     set
897                  options:remote_cert.  The  remote  certificate  can be self-
898                  signed.
899
900              3.  CA-signed certificates: Set all of the global  settings.  On
901                  each tunnel, set options:remote_name to the common name (CN)
902                  of the remote certificate. The remote  certificate  must  be
903                  signed by the CA.
904
905       other_config : private_key: optional string
906              Name  of  a  PEM  file  containing  the  private key used as the
907              switch’s identity for IPsec tunnels.
908
909       other_config : certificate: optional string
910              Name of a PEM file containing a certificate that  certifies  the
911              switch’s  private  key,  and identifies a trustworthy switch for
912              IPsec tunnels. The certificate must be x.509 version 3 and  with
913              the  string in common name (CN) also set in the subject alterna‐
914              tive name (SAN).
915
916       other_config : ca_cert: optional string
917              Name of a PEM file containing the CA certificate used to  verify
918              that a remote switch of the IPsec tunnel is trustworthy.
919
920     Plaintext Tunnel Policy:
921
922       When  an IPsec tunnel is configured in this database, multiple indepen‐
923       dent components take responsibility for implementing  it.  ovs-vswitchd
924       and  its datapath handle packet forwarding to the tunnel and a separate
925       daemon pushes the tunnel’s IPsec policy configuration to the kernel  or
926       other entity that implements it. There is a race: if the former config‐
927       uration completes before the latter, then packets  sent  by  the  local
928       host  over  the tunnel can be transmitted in plaintext. Using this set‐
929       ting, OVS users can avoid this undesirable situation.
930
931       other_config : ipsec_skb_mark: optional string
932              This setting takes the form value/mask. If it is specified, then
933              the  skb_mark  field  in  every outgoing tunneled packet sent in
934              plaintext is compared against it and, if it matches, the  packet
935              is  dropped.  This  is a global setting that is applied to every
936              tunneled packet,  regardless  of  whether  IPsec  encryption  is
937              enabled  for  the  tunnel, the type of tunnel, or whether OVS is
938              involved.
939
940              Example policies:
941
942              1/1    Drop all unencrypted tunneled packets in which the least-
943                     significant  bit of skb_mark is 1. This would be a useful
944                     policy given an OpenFlow flow table that sets skb_mark to
945                     1  for  traffic  that  should  be  encrypted. The default
946                     skb_mark is 0, so this would not affect other traffic.
947
948              0/1    Drop all unencrypted tunneled packets in which the least-
949                     significant  bit of skb_mark is 0. This would be a useful
950                     policy if no unencrypted tunneled traffic should exit the
951                     system  without  being  specially  permitted  by  setting
952                     skb_mark to 1.
953
954              (empty)
955                     If this setting is empty or unset, then  all  unencrypted
956                     tunneled packets are transmitted in the usual way.
957
958     Common Columns:
959
960       The  overall purpose of these columns is described under Common Columns
961       at the beginning of this document.
962
963       other_config: map of string-string pairs
964
965       external_ids: map of string-string pairs
966

Bridge TABLE

968       Configuration for a bridge within an Open_vSwitch.
969
970       A Bridge  record  represents  an  Ethernet  switch  with  one  or  more
971       ``ports,’’  which are the Port records pointed to by the Bridge’s ports
972       column.
973
974   Summary:
975       Core Features:
976         name                        immutable string (must be  unique  within
977                                     table)
978         ports                       set of Ports
979         mirrors                     set of Mirrors
980         netflow                     optional NetFlow
981         sflow                       optional sFlow
982         ipfix                       optional IPFIX
983         flood_vlans                 set  of  up to 4,096 integers, in range 0
984                                     to 4,095
985         auto_attach                 optional AutoAttach
986       OpenFlow Configuration:
987         controller                  set of Controllers
988         flow_tables                 map of integer-Flow_Table pairs,  key  in
989                                     range 0 to 254
990         fail_mode                   optional  string, either secure or stand‐
991                                     alone
992         datapath_id                 optional string
993         datapath_version            string
994         other_config : datapath-id  optional string
995         other_config : dp-desc      optional string
996         other_config : dp-sn        optional string
997         other_config : disable-in-band
998                                     optional string, either true or false
999         other_config : in-band-queue
1000                                     optional string, containing  an  integer,
1001                                     in range 0 to 4,294,967,295
1002         other_config : controller-queue-size
1003                                     optional  string,  containing an integer,
1004                                     in range 1 to 512
1005         protocols                   set of strings, one of OpenFlow10,  Open‐
1006                                     Flow11,   OpenFlow12,  OpenFlow13,  Open‐
1007                                     Flow14, or OpenFlow15
1008       Spanning Tree Configuration:
1009         STP Configuration:
1010            stp_enable               boolean
1011            other_config : stp-system-id
1012                                     optional string
1013            other_config : stp-priority
1014                                     optional string, containing  an  integer,
1015                                     in range 0 to 65,535
1016            other_config : stp-hello-time
1017                                     optional  string,  containing an integer,
1018                                     in range 1 to 10
1019            other_config : stp-max-age
1020                                     optional string, containing  an  integer,
1021                                     in range 6 to 40
1022            other_config : stp-forward-delay
1023                                     optional  string,  containing an integer,
1024                                     in range 4 to 30
1025            other_config : mcast-snooping-aging-time
1026                                     optional string, containing  an  integer,
1027                                     at least 1
1028            other_config : mcast-snooping-table-size
1029                                     optional  string,  containing an integer,
1030                                     at least 1
1031            other_config : mcast-snooping-disable-flood-unregistered
1032                                     optional string, either true or false
1033         STP Status:
1034            status : stp_bridge_id   optional string
1035            status : stp_designated_root
1036                                     optional string
1037            status : stp_root_path_cost
1038                                     optional string
1039       Rapid Spanning Tree:
1040         RSTP Configuration:
1041            rstp_enable              boolean
1042            other_config : rstp-address
1043                                     optional string
1044            other_config : rstp-priority
1045                                     optional string, containing  an  integer,
1046                                     in range 0 to 61,440
1047            other_config : rstp-ageing-time
1048                                     optional  string,  containing an integer,
1049                                     in range 10 to 1,000,000
1050            other_config : rstp-force-protocol-version
1051                                     optional string, containing an integer
1052            other_config : rstp-max-age
1053                                     optional string, containing  an  integer,
1054                                     in range 6 to 40
1055            other_config : rstp-forward-delay
1056                                     optional  string,  containing an integer,
1057                                     in range 4 to 30
1058            other_config : rstp-transmit-hold-count
1059                                     optional string, containing  an  integer,
1060                                     in range 1 to 10
1061         RSTP Status:
1062            rstp_status : rstp_bridge_id
1063                                     optional string
1064            rstp_status : rstp_root_id
1065                                     optional string
1066            rstp_status : rstp_root_path_cost
1067                                     optional  string,  containing an integer,
1068                                     at least 0
1069            rstp_status : rstp_designated_id
1070                                     optional string
1071            rstp_status : rstp_designated_port_id
1072                                     optional string
1073            rstp_status : rstp_bridge_port_id
1074                                     optional string
1075       Multicast Snooping Configuration:
1076         mcast_snooping_enable       boolean
1077       Other Features:
1078         datapath_type               string
1079         external_ids : bridge-id    optional string
1080         external_ids : xs-network-uuids
1081                                     optional string
1082         other_config : hwaddr       optional string
1083         other_config : forward-bpdu
1084                                     optional string, either true or false
1085         other_config : mac-aging-time
1086                                     optional string, containing  an  integer,
1087                                     at least 1
1088         other_config : mac-table-size
1089                                     optional  string,  containing an integer,
1090                                     at least 1
1091       Common Columns:
1092         other_config                map of string-string pairs
1093         external_ids                map of string-string pairs
1094
1095   Details:
1096     Core Features:
1097
1098       name: immutable string (must be unique within table)
1099              Bridge identifier. Must be unique  among  the  names  of  ports,
1100              interfaces, and bridges on a host.
1101
1102              The  name  must  be alphanumeric and must not contain forward or
1103              backward slashes. The name of a bridge is also the  name  of  an
1104              Interface (and a Port) within the bridge, so the restrictions on
1105              the name column in the Interface table, particularly on  length,
1106              also  apply  to  bridge  names.  Refer  to the documentation for
1107              Interface names for details.
1108
1109       ports: set of Ports
1110              Ports included in the bridge.
1111
1112       mirrors: set of Mirrors
1113              Port mirroring configuration.
1114
1115       netflow: optional NetFlow
1116              NetFlow configuration.
1117
1118       sflow: optional sFlow
1119              sFlow(R) configuration.
1120
1121       ipfix: optional IPFIX
1122              IPFIX configuration.
1123
1124       flood_vlans: set of up to 4,096 integers, in range 0 to 4,095
1125              VLAN IDs of VLANs on which MAC address learning should  be  dis‐
1126              abled, so that packets are flooded instead of being sent to spe‐
1127              cific ports that are believed to  contain  packets’  destination
1128              MACs.  This should ordinarily be used to disable MAC learning on
1129              VLANs used for mirroring (RSPAN VLANs). It may  also  be  useful
1130              for debugging.
1131
1132              SLB  bonding  (see  the  bond_mode  column in the Port table) is
1133              incompatible with flood_vlans. Consider  using  another  bonding
1134              mode or a different type of mirror instead.
1135
1136       auto_attach: optional AutoAttach
1137              Auto Attach configuration.
1138
1139     OpenFlow Configuration:
1140
1141       controller: set of Controllers
1142              OpenFlow  controller set. If unset, then no OpenFlow controllers
1143              will be used.
1144
1145              If there are primary controllers, removing all  of  them  clears
1146              the OpenFlow flow tables, group table, and meter table. If there
1147              are no primary controllers, adding one also clears these tables.
1148              Other  changes  to  the  set  of  controllers, such as adding or
1149              removing a service controller, adding another primary controller
1150              to  supplement  an existing primary controller, or removing only
1151              one of two primary controllers, have no effect on these tables.
1152
1153       flow_tables: map of integer-Flow_Table pairs, key in range 0 to 254
1154              Configuration for OpenFlow tables. Each pair maps from an  Open‐
1155              Flow table ID to configuration for that table.
1156
1157       fail_mode: optional string, either secure or standalone
1158              When  a controller is configured, it is, ordinarily, responsible
1159              for setting up all flows on the switch. Thus, if the  connection
1160              to  the  controller fails, no new network connections can be set
1161              up. If the connection to the controller stays down long  enough,
1162              no  packets  can  pass  through  the switch at all. This setting
1163              determines the switch’s response to such a situation. It may  be
1164              set to one of the following:
1165
1166              standalone
1167                     If  no  message is received from the controller for three
1168                     times  the  inactivity  probe  interval   (see   inactiv‐
1169                     ity_probe), then Open vSwitch will take over responsibil‐
1170                     ity for setting up flows.  In  this  mode,  Open  vSwitch
1171                     causes  the  bridge  to act like an ordinary MAC-learning
1172                     switch. Open vSwitch will continue to retry connecting to
1173                     the controller in the background and, when the connection
1174                     succeeds, it will discontinue its standalone behavior.
1175
1176              secure Open vSwitch will not set up flows on its  own  when  the
1177                     controller  connection  fails  or when no controllers are
1178                     defined. The bridge will continue to retry connecting  to
1179                     any defined controllers forever.
1180
1181              The default is standalone if the value is unset, but future ver‐
1182              sions of Open vSwitch may change the default.
1183
1184              The standalone mode can create forwarding loops on a bridge that
1185              has  more  than  one uplink port unless STP is enabled. To avoid
1186              loops on such a bridge, configure secure mode or enable STP (see
1187              stp_enable).
1188
1189              The  fail_mode setting applies only to primary controllers. When
1190              more than one primary controller  is  configured,  fail_mode  is
1191              considered  only  when none of the configured controllers can be
1192              contacted.
1193
1194              Changing fail_mode when no primary  controllers  are  configured
1195              clears the OpenFlow flow tables, group table, and meter table.
1196
1197       datapath_id: optional string
1198              Reports  the OpenFlow datapath ID in use. Exactly 16 hex digits.
1199              (Setting this  column  has  no  useful  effect.  Set  other-con‐
1200              fig:datapath-id instead.)
1201
1202       datapath_version: string
1203              Reports  the  datapath  version.  This  column is maintained for
1204              backwards compatibility. The preferred locatation is  the  data‐
1205              path_id column of the Datapath table. The full documentation for
1206              this column is there.
1207
1208       other_config : datapath-id: optional string
1209              Overrides the default OpenFlow datapath ID, setting  it  to  the
1210              specified  value  specified in hex. The value must either have a
1211              0x prefix or be exactly 16 hex digits long. May not be all-zero.
1212
1213       other_config : dp-desc: optional string
1214              Human readable description of datapath.  It  is  a  maximum  256
1215              byte-long  free-form  string to describe the datapath for debug‐
1216              ging purposes, e.g. switch3 in room 3120. The value is  returned
1217              by  the  switch  as  a  part  of  reply  to  OFPMP_DESC  request
1218              (ofp_desc). The OpenFlow specification  (e.g.  1.3.5)  describes
1219              the  ofp_desc  structure  to  contaion  "NULL  terminated  ASCII
1220              strings". For the compatibility reasons no more than  255  ASCII
1221              characters should be used.
1222
1223       other_config : dp-sn: optional string
1224              Serial  number. It is a maximum 32 byte-long free-form string to
1225              provide  an  additional  switch  identification.  The  value  is
1226              returned  by the switch as a part of reply to OFPMP_DESC request
1227              (ofp_desc). Same as mentioned in the description  of  other-con‐
1228              fig:dp-desc,  the string should be no more than 31 ASCII charac‐
1229              ters for the compatibility.
1230
1231       other_config : disable-in-band: optional string, either true or false
1232              If set to true, disable in-band control on the bridge regardless
1233              of controller and manager settings.
1234
1235       other_config  :  in-band-queue: optional string, containing an integer,
1236       in range 0 to 4,294,967,295
1237              A queue ID as a nonnegative  integer.  This  sets  the  OpenFlow
1238              queue ID that will be used by flows set up by in-band control on
1239              this bridge. If unset, or if the port used by an in-band control
1240              flow  does not have QoS configured, or if the port does not have
1241              a queue with  the  specified  ID,  the  default  queue  is  used
1242              instead.
1243
1244       other_config  :  controller-queue-size:  optional string, containing an
1245       integer, in range 1 to 512
1246              This sets the maximum size of the queue of packets that need  to
1247              be sent to the OpenFlow management controller. The value must be
1248              less than 512. If not specified the queue size is limited to 100
1249              packets by default. Note: increasing the queue size might have a
1250              negative impact on latency.
1251
1252       protocols: set of strings, one of OpenFlow10,  OpenFlow11,  OpenFlow12,
1253       OpenFlow13, OpenFlow14, or OpenFlow15
1254              List  of  OpenFlow protocols that may be used when negotiating a
1255              connection with a controller. OpenFlow 1.0, 1.1, 1.2, 1.3,  1.4,
1256              and 1.5 are enabled by default if this column is empty.
1257
1258     Spanning Tree Configuration:
1259
1260       The IEEE 802.1D Spanning Tree Protocol (STP) is a network protocol that
1261       ensures loop-free topologies. It allows redundant links to be  included
1262       in  the  network  to provide automatic backup paths if the active links
1263       fails.
1264
1265       These settings configure the slower-to-converge but still  widely  sup‐
1266       ported   version   of   Spanning  Tree  Protocol,  sometimes  known  as
1267       802.1D-1998. Open vSwitch also supports the newer Rapid  Spanning  Tree
1268       Protocol  (RSTP), documented later in the section titled Rapid Spanning
1269       Tree Configuration.
1270
1271     STP Configuration:
1272
1273       stp_enable: boolean
1274              Enable spanning tree on the bridge. By default, STP is  disabled
1275              on  bridges.  Bond, internal, and mirror ports are not supported
1276              and will not participate in the spanning tree.
1277
1278              STP and RSTP are mutually exclusive. If both are  enabled,  RSTP
1279              will be used.
1280
1281       other_config : stp-system-id: optional string
1282              The bridge’s STP identifier (the lower 48 bits of the bridge-id)
1283              in the form xx:xx:xx:xx:xx:xx. By default, the identifier is the
1284              MAC address of the bridge.
1285
1286       other_config : stp-priority: optional string, containing an integer, in
1287       range 0 to 65,535
1288              The bridge’s relative priority value for  determining  the  root
1289              bridge  (the  upper 16 bits of the bridge-id). A bridge with the
1290              lowest bridge-id is elected the root. By default,  the  priority
1291              is 0x8000.
1292
1293       other_config  : stp-hello-time: optional string, containing an integer,
1294       in range 1 to 10
1295              The interval between transmissions of hello messages  by  desig‐
1296              nated ports, in seconds. By default the hello interval is 2 sec‐
1297              onds.
1298
1299       other_config : stp-max-age: optional string, containing an integer,  in
1300       range 6 to 40
1301              The  maximum  age  of  the information transmitted by the bridge
1302              when it is the root bridge, in seconds. By default, the  maximum
1303              age is 20 seconds.
1304
1305       other_config  : stp-forward-delay: optional string, containing an inte‐
1306       ger, in range 4 to 30
1307              The delay to wait  between  transitioning  root  and  designated
1308              ports  to  forwarding,  in  seconds.  By default, the forwarding
1309              delay is 15 seconds.
1310
1311       other_config : mcast-snooping-aging-time: optional  string,  containing
1312       an integer, at least 1
1313              The  maximum  number  of  seconds to retain a multicast snooping
1314              entry for which no packets have been seen. The default  is  cur‐
1315              rently  300  seconds  (5  minutes).  The value, if specified, is
1316              forced into a reasonable range, currently 15 to 3600 seconds.
1317
1318       other_config : mcast-snooping-table-size: optional  string,  containing
1319       an integer, at least 1
1320              The maximum number of multicast snooping addresses to learn. The
1321              default is currently 2048. The value, if  specified,  is  forced
1322              into a reasonable range, currently 10 to 1,000,000.
1323
1324       other_config   :   mcast-snooping-disable-flood-unregistered:  optional
1325       string, either true or false
1326              If set to false, unregistered multicast packets are forwarded to
1327              all  ports.  If  set to true, unregistered multicast packets are
1328              forwarded to ports connected to multicast routers.
1329
1330     STP Status:
1331
1332       These key-value pairs  report  the  status  of  802.1D-1998.  They  are
1333       present only if STP is enabled (via the stp_enable column).
1334
1335       status : stp_bridge_id: optional string
1336              The  bridge ID used in spanning tree advertisements, in the form
1337              xxxx.yyyyyyyyyyyy where the xs are the STP priority, the ys  are
1338              the STP system ID, and each x and y is a hex digit.
1339
1340       status : stp_designated_root: optional string
1341              The  designated root for this spanning tree, in the same form as
1342              status:stp_bridge_id. If this bridge is the root, this will have
1343              the  same  value as status:stp_bridge_id, otherwise it will dif‐
1344              fer.
1345
1346       status : stp_root_path_cost: optional string
1347              The path cost of reaching the designated bridge. A lower  number
1348              is  better. The value is 0 if this bridge is the root, otherwise
1349              it is higher.
1350
1351     Rapid Spanning Tree:
1352
1353       Rapid Spanning Tree Protocol (RSTP), like STP, is  a  network  protocol
1354       that  ensures loop-free topologies. RSTP superseded STP with the publi‐
1355       cation of 802.1D-2004. Compared to STP, RSTP converges more quickly and
1356       recovers more quickly from failures.
1357
1358     RSTP Configuration:
1359
1360       rstp_enable: boolean
1361              Enable  Rapid  Spanning  Tree on the bridge. By default, RSTP is
1362              disabled on bridges. Bond, internal, and mirror  ports  are  not
1363              supported and will not participate in the spanning tree.
1364
1365              STP  and  RSTP are mutually exclusive. If both are enabled, RSTP
1366              will be used.
1367
1368       other_config : rstp-address: optional string
1369              The bridge’s RSTP address (the lower 48 bits of  the  bridge-id)
1370              in  the  form  xx:xx:xx:xx:xx:xx. By default, the address is the
1371              MAC address of the bridge.
1372
1373       other_config : rstp-priority: optional string, containing  an  integer,
1374       in range 0 to 61,440
1375              The  bridge’s  relative  priority value for determining the root
1376              bridge (the upper 16 bits of the bridge-id). A bridge  with  the
1377              lowest  bridge-id  is elected the root. By default, the priority
1378              is 0x8000 (32768). This value needs to be a  multiple  of  4096,
1379              otherwise it’s rounded to the nearest inferior one.
1380
1381       other_config  :  rstp-ageing-time: optional string, containing an inte‐
1382       ger, in range 10 to 1,000,000
1383              The Ageing Time parameter for the Bridge. The default  value  is
1384              300 seconds.
1385
1386       other_config : rstp-force-protocol-version: optional string, containing
1387       an integer
1388              The Force Protocol Version parameter for the  Bridge.  This  can
1389              take  the  value  0  (STP Compatibility mode) or 2 (the default,
1390              normal operation).
1391
1392       other_config : rstp-max-age: optional string, containing an integer, in
1393       range 6 to 40
1394              The  maximum  age  of  the information transmitted by the Bridge
1395              when it is the Root Bridge. The default value is 20.
1396
1397       other_config : rstp-forward-delay: optional string, containing an inte‐
1398       ger, in range 4 to 30
1399              The  delay used by STP Bridges to transition Root and Designated
1400              Ports to Forwarding. The default value is 15.
1401
1402       other_config : rstp-transmit-hold-count: optional string, containing an
1403       integer, in range 1 to 10
1404              The  Transmit Hold Count used by the Port Transmit state machine
1405              to limit transmission rate. The default value is 6.
1406
1407     RSTP Status:
1408
1409       These key-value pairs  report  the  status  of  802.1D-2004.  They  are
1410       present only if RSTP is enabled (via the rstp_enable column).
1411
1412       rstp_status : rstp_bridge_id: optional string
1413              The bridge ID used in rapid spanning tree advertisements, in the
1414              form x.yyy.zzzzzzzzzzzz where x is the RSTP priority, the ys are
1415              a  locally assigned system ID extension, the zs are the STP sys‐
1416              tem ID, and each x, y, or z is a hex digit.
1417
1418       rstp_status : rstp_root_id: optional string
1419              The root of this spanning tree, in the same  form  as  rstp_sta‐
1420              tus:rstp_bridge_id.  If  this bridge is the root, this will have
1421              the same value as rstp_status:rstp_bridge_id, otherwise it  will
1422              differ.
1423
1424       rstp_status : rstp_root_path_cost: optional string, containing an inte‐
1425       ger, at least 0
1426              The path cost of reaching the root. A lower  number  is  better.
1427              The  value  is  0  if  this  bridge is the root, otherwise it is
1428              higher.
1429
1430       rstp_status : rstp_designated_id: optional string
1431              The  RSTP  designated  ID,  in  the  same  form   as   rstp_sta‐
1432              tus:rstp_bridge_id.
1433
1434       rstp_status : rstp_designated_port_id: optional string
1435              The RSTP designated port ID, as a 4-digit hex number.
1436
1437       rstp_status : rstp_bridge_port_id: optional string
1438              The RSTP bridge port ID, as a 4-digit hex number.
1439
1440     Multicast Snooping Configuration:
1441
1442       Multicast  snooping  (RFC  4541) monitors the Internet Group Management
1443       Protocol (IGMP) and Multicast Listener Discovery traffic between  hosts
1444       and  multicast  routers.  The  switch  uses  what IGMP and MLD snooping
1445       learns to forward multicast traffic only to interfaces  that  are  con‐
1446       nected  to  interested receivers. Currently it supports IGMPv1, IGMPv2,
1447       IGMPv3, MLDv1 and MLDv2 protocols.
1448
1449       mcast_snooping_enable: boolean
1450              Enable multicast snooping on the bridge. For now, the default is
1451              disabled.
1452
1453     Other Features:
1454
1455       datapath_type: string
1456              Name  of datapath provider. The kernel datapath has type system.
1457              The userspace datapath has type netdev. A manager may  refer  to
1458              the  datapath_types  column of the Open_vSwitch table for a list
1459              of the types accepted by this Open vSwitch instance.
1460
1461       external_ids : bridge-id: optional string
1462              A unique identifier of the bridge. On Citrix XenServer this will
1463              commonly be the same as external_ids:xs-network-uuids.
1464
1465       external_ids : xs-network-uuids: optional string
1466              Semicolon-delimited  set of universally unique identifier(s) for
1467              the network with which this bridge is  associated  on  a  Citrix
1468              XenServer  host.  The  network identifiers are RFC 4122 UUIDs as
1469              displayed by, e.g., xe network-list.
1470
1471       other_config : hwaddr: optional string
1472              An Ethernet address in the form  xx:xx:xx:xx:xx:xx  to  set  the
1473              hardware  address  of  the local port and influence the datapath
1474              ID.
1475
1476       other_config : forward-bpdu: optional string, either true or false
1477              Controls forwarding of BPDUs and other  network  control  frames
1478              when  NORMAL  action  is  invoked.  When this option is false or
1479              unset, frames with reserved Ethernet addresses (see table below)
1480              will  not  be  forwarded.  When this option is true, such frames
1481              will not be treated specially.
1482
1483              The above general rule has the following exceptions:
1484
1485              ·      If STP is enabled on the bridge (see the stp_enable  col‐
1486                     umn  in  the  Bridge  table),  the  bridge  processes all
1487                     received STP packets and never passes them to OpenFlow or
1488                     forwards them. This is true even if STP is disabled on an
1489                     individual port.
1490
1491              ·      If LLDP is enabled on an interface (see the  lldp  column
1492                     in the Interface table), the interface processes received
1493                     LLDP packets and never passes them to  OpenFlow  or  for‐
1494                     wards them.
1495
1496              Set this option to true if the Open vSwitch bridge connects dif‐
1497              ferent Ethernet networks and is not configured to participate in
1498              STP.
1499
1500              This  option  affects packets with the following destination MAC
1501              addresses:
1502
1503              01:80:c2:00:00:00
1504                     IEEE 802.1D Spanning Tree Protocol (STP).
1505
1506              01:80:c2:00:00:01
1507                     IEEE Pause frame.
1508
1509              01:80:c2:00:00:0x
1510                     Other reserved protocols.
1511
1512              00:e0:2b:00:00:00
1513                     Extreme Discovery Protocol (EDP).
1514
1515              00:e0:2b:00:00:04 and 00:e0:2b:00:00:06
1516                     Ethernet Automatic Protection Switching (EAPS).
1517
1518              01:00:0c:cc:cc:cc
1519                     Cisco Discovery Protocol (CDP),  VLAN  Trunking  Protocol
1520                     (VTP),  Dynamic Trunking Protocol (DTP), Port Aggregation
1521                     Protocol (PAgP), and others.
1522
1523              01:00:0c:cc:cc:cd
1524                     Cisco Shared Spanning Tree Protocol PVSTP+.
1525
1526              01:00:0c:cd:cd:cd
1527                     Cisco STP Uplink Fast.
1528
1529              01:00:0c:00:00:00
1530                     Cisco Inter Switch Link.
1531
1532              01:00:0c:cc:cc:cx
1533                     Cisco CFM.
1534
1535       other_config : mac-aging-time: optional string, containing an  integer,
1536       at least 1
1537              The maximum number of seconds to retain a MAC learning entry for
1538              which no packets have been seen. The default  is  currently  300
1539              seconds  (5  minutes). The value, if specified, is forced into a
1540              reasonable range, currently 15 to 3600 seconds.
1541
1542              A short MAC aging time allows a network to more  quickly  detect
1543              that a host is no longer connected to a switch port. However, it
1544              also makes it more likely that packets will be flooded  unneces‐
1545              sarily,  when they are addressed to a connected host that rarely
1546              transmits packets. To reduce the incidence of unnecessary flood‐
1547              ing,  use  a  MAC aging time longer than the maximum interval at
1548              which a host will ordinarily transmit packets.
1549
1550       other_config : mac-table-size: optional string, containing an  integer,
1551       at least 1
1552              The  maximum  number  of  MAC addresses to learn. The default is
1553              currently 8192. The value, if specified, is forced into  a  rea‐
1554              sonable range, currently 10 to 1,000,000.
1555
1556     Common Columns:
1557
1558       The  overall purpose of these columns is described under Common Columns
1559       at the beginning of this document.
1560
1561       other_config: map of string-string pairs
1562
1563       external_ids: map of string-string pairs
1564

Port TABLE

1566       A port within a Bridge.
1567
1568       Most commonly, a port has exactly one ``interface,’’ pointed to by  its
1569       interfaces  column.  Such  a  port logically corresponds to a port on a
1570       physical Ethernet switch. A port with more  than  one  interface  is  a
1571       ``bonded port’’ (see Bonding Configuration).
1572
1573       Some  properties  that one might think as belonging to a port are actu‐
1574       ally part of the port’s Interface members.
1575
1576   Summary:
1577       name                          immutable string (must be  unique  within
1578                                     table)
1579       interfaces                    set of 1 or more Interfaces
1580       VLAN Configuration:
1581         vlan_mode                   optional    string,    one   of   access,
1582                                     dot1q-tunnel,              native-tagged,
1583                                     native-untagged, or trunk
1584         tag                         optional integer, in range 0 to 4,095
1585         trunks                      set  of  up to 4,096 integers, in range 0
1586                                     to 4,095
1587         cvlans                      set of up to 4,096 integers, in  range  0
1588                                     to 4,095
1589         other_config : qinq-ethtype
1590                                     optional string, either 802.1ad or 802.1q
1591         other_config : priority-tags
1592                                     optional    string,    one   of   always,
1593                                     if-nonzero, or never
1594       Bonding Configuration:
1595         bond_mode                   optional string,  one  of  active-backup,
1596                                     balance-slb, or balance-tcp
1597         other_config : bond-hash-basis
1598                                     optional string, containing an integer
1599         other_config : lb-output-action
1600                                     optional string, either true or false
1601         other_config : bond-primary
1602                                     optional string
1603         Link Failure Detection:
1604            other_config : bond-detect-mode
1605                                     optional string, either carrier or miimon
1606            other_config : bond-miimon-interval
1607                                     optional string, containing an integer
1608            bond_updelay             integer
1609            bond_downdelay           integer
1610         LACP Configuration:
1611            lacp                     optional  string,  one of active, off, or
1612                                     passive
1613            other_config : lacp-system-id
1614                                     optional string
1615            other_config : lacp-system-priority
1616                                     optional string, containing  an  integer,
1617                                     in range 1 to 65,535
1618            other_config : lacp-time optional string, either fast or slow
1619            other_config : lacp-fallback-ab
1620                                     optional string, either true or false
1621         Rebalancing Configuration:
1622            other_config : bond-rebalance-interval
1623                                     optional  string,  containing an integer,
1624                                     in range 0 to 2,147,483,647
1625         bond_fake_iface             boolean
1626       Spanning Tree Protocol:
1627         STP Configuration:
1628            other_config : stp-enable
1629                                     optional string, either true or false
1630            other_config : stp-port-num
1631                                     optional string, containing  an  integer,
1632                                     in range 1 to 255
1633            other_config : stp-port-priority
1634                                     optional  string,  containing an integer,
1635                                     in range 0 to 255
1636            other_config : stp-path-cost
1637                                     optional string, containing  an  integer,
1638                                     in range 0 to 65,535
1639         STP Status:
1640            status : stp_port_id     optional string
1641            status : stp_state       optional  string,  one  of blocking, dis‐
1642                                     abled, forwarding, learning, or listening
1643            status : stp_sec_in_state
1644                                     optional string, containing  an  integer,
1645                                     at least 0
1646            status : stp_role        optional string, one of alternate, desig‐
1647                                     nated, or root
1648       Rapid Spanning Tree Protocol:
1649         RSTP Configuration:
1650            other_config : rstp-enable
1651                                     optional string, either true or false
1652            other_config : rstp-port-priority
1653                                     optional string, containing  an  integer,
1654                                     in range 0 to 240
1655            other_config : rstp-port-num
1656                                     optional  string,  containing an integer,
1657                                     in range 1 to 4,095
1658            other_config : rstp-port-path-cost
1659                                     optional string, containing an integer
1660            other_config : rstp-port-admin-edge
1661                                     optional string, either true or false
1662            other_config : rstp-port-auto-edge
1663                                     optional string, either true or false
1664            other_config : rstp-port-mcheck
1665                                     optional string, either true or false
1666         RSTP Status:
1667            rstp_status : rstp_port_id
1668                                     optional string
1669            rstp_status : rstp_port_role
1670                                     optional  string,   one   of   Alternate,
1671                                     Backup, Designated, Disabled, or Root
1672            rstp_status : rstp_port_state
1673                                     optional  string,  one  of Disabled, Dis‐
1674                                     carding, Forwarding, or Learning
1675            rstp_status : rstp_designated_bridge_id
1676                                     optional string
1677            rstp_status : rstp_designated_port_id
1678                                     optional string
1679            rstp_status : rstp_designated_path_cost
1680                                     optional string, containing an integer
1681         RSTP Statistics:
1682            rstp_statistics : rstp_tx_count
1683                                     optional integer
1684            rstp_statistics : rstp_rx_count
1685                                     optional integer
1686            rstp_statistics : rstp_error_count
1687                                     optional integer
1688            rstp_statistics : rstp_uptime
1689                                     optional integer
1690       Multicast Snooping:
1691         other_config : mcast-snooping-flood
1692                                     optional string, either true or false
1693         other_config : mcast-snooping-flood-reports
1694                                     optional string, either true or false
1695       Other Features:
1696         qos                         optional QoS
1697         mac                         optional string
1698         fake_bridge                 boolean
1699         protected                   boolean
1700         external_ids : fake-bridge-id-*
1701                                     optional string
1702         other_config : transient    optional string, either true or false
1703       bond_active_slave             optional string
1704       Port Statistics:
1705         Statistics: STP transmit and receive counters:
1706            statistics : stp_tx_count
1707                                     optional integer
1708            statistics : stp_rx_count
1709                                     optional integer
1710            statistics : stp_error_count
1711                                     optional integer
1712       Common Columns:
1713         other_config                map of string-string pairs
1714         external_ids                map of string-string pairs
1715
1716   Details:
1717       name: immutable string (must be unique within table)
1718              Port name. For a non-bonded port, this should be the same as its
1719              interface’s  name. Port names must otherwise be unique among the
1720              names of ports, interfaces, and bridges on a host. Because  port
1721              and  interfaces  names are usually the same, the restrictions on
1722              the name column in the Interface table, particularly on  length,
1723              also  apply to port names. Refer to the documentation for Inter‐
1724              face names for details.
1725
1726       interfaces: set of 1 or more Interfaces
1727              The port’s interfaces. If there is more  than  one,  this  is  a
1728              bonded Port.
1729
1730     VLAN Configuration:
1731
1732       In  short,  a  VLAN (short for ``virtual LAN’’) is a way to partition a
1733       single switch into multiple switches. VLANs can be confusing, so for an
1734       introduction,  please  refer  to the question ``What’s a VLAN?’’ in the
1735       Open vSwitch FAQ.
1736
1737       A VLAN is sometimes encoded into a packet using  a  802.1Q  or  802.1ad
1738       VLAN header, but every packet is part of some VLAN whether or not it is
1739       encoded in the packet. (A packet that appears to have no VLAN  is  part
1740       of  VLAN 0, by default.) As a result, it’s useful to think of a VLAN as
1741       a metadata property of a packet, separate from how the VLAN is encoded.
1742       For  a  given port, this column determines how the encoding of a packet
1743       that ingresses or egresses the port maps to the packet’s VLAN.  When  a
1744       packet  enters  the switch, its VLAN is determined based on its setting
1745       in this column and its VLAN headers, if any,  and  then,  conceptually,
1746       the VLAN headers are then stripped off. Conversely, when a packet exits
1747       the switch, its VLAN and the settings in  this  column  determine  what
1748       VLAN headers, if any, are pushed onto the packet before it egresses the
1749       port.
1750
1751       The VLAN configuration in this column affects Open vSwitch only when it
1752       is  doing  ``normal  switching.’’ It does not affect flows set up by an
1753       OpenFlow controller, outside of the OpenFlow ``normal action.’’
1754
1755       Bridge ports support the following types of VLAN configuration:
1756
1757              trunk  A trunk port carries packets on  one  or  more  specified
1758                     VLANs  specified  in  the  trunks column (often, on every
1759                     VLAN). A packet that ingresses on a trunk port is in  the
1760                     VLAN  specified  in  its  802.1Q header, or VLAN 0 if the
1761                     packet has no  802.1Q  header.  A  packet  that  egresses
1762                     through a trunk port will have an 802.1Q header if it has
1763                     a nonzero VLAN ID.
1764
1765                     Any packet that ingresses on a trunk port tagged  with  a
1766                     VLAN that the port does not trunk is dropped.
1767
1768              access An access port carries packets on exactly one VLAN speci‐
1769                     fied in the tag column. Packets egressing  on  an  access
1770                     port have no 802.1Q header.
1771
1772                     Any  packet  with an 802.1Q header with a nonzero VLAN ID
1773                     that ingresses on an access port is  dropped,  regardless
1774                     of whether the VLAN ID in the header is the access port’s
1775                     VLAN ID.
1776
1777              native-tagged
1778                     A native-tagged port resembles a  trunk  port,  with  the
1779                     exception  that  a  packet  without an 802.1Q header that
1780                     ingresses on a native-tagged  port  is  in  the  ``native
1781                     VLAN’’ (specified in the tag column).
1782
1783              native-untagged
1784                     A  native-untagged  port  resembles a native-tagged port,
1785                     with the exception that  a  packet  that  egresses  on  a
1786                     native-untagged  port in the native VLAN will not have an
1787                     802.1Q header.
1788
1789              dot1q-tunnel
1790                     A dot1q-tunnel port is somewhat like an access port. Like
1791                     an  access  port,  it  carries packets on the single VLAN
1792                     specified in the tag column and  this  VLAN,  called  the
1793                     service  VLAN,  does  not  appear in an 802.1Q header for
1794                     packets that ingress or egress on the port. The main dif‐
1795                     ference  lies in the behavior when packets that include a
1796                     802.1Q header ingress on the port. Whereas an access port
1797                     drops  such  packets, a dot1q-tunnel port treats these as
1798                     double-tagged with the outer service  VLAN  tag  and  the
1799                     inner  customer VLAN taken from the 802.1Q header. Corre‐
1800                     spondingly, to egress on the port, a  packet  outer  VLAN
1801                     (or  only  VLAN)  must  be  tag,  which is removed before
1802                     egress, which exposes the inner (customer) VLAN if one is
1803                     present.
1804
1805                     If  cvlans  is  set, only allows packets in the specified
1806                     customer VLANs.
1807
1808       A packet will only egress through bridge ports that carry the  VLAN  of
1809       the packet, as described by the rules above.
1810
1811       vlan_mode: optional string, one of access, dot1q-tunnel, native-tagged,
1812       native-untagged, or trunk
1813              The VLAN mode of the port, as described above. When this  column
1814              is empty, a default mode is selected as follows:
1815
1816              ·      If  tag contains a value, the port is an access port. The
1817                     trunks column should be empty.
1818
1819              ·      Otherwise, the port is a trunk port.  The  trunks  column
1820                     value is honored if it is present.
1821
1822       tag: optional integer, in range 0 to 4,095
1823              For  an  access  port,  the port’s implicitly tagged VLAN. For a
1824              native-tagged or native-untagged port, the port’s  native  VLAN.
1825              Must be empty if this is a trunk port.
1826
1827       trunks: set of up to 4,096 integers, in range 0 to 4,095
1828              For  a trunk, native-tagged, or native-untagged port, the 802.1Q
1829              VLAN or VLANs that this port trunks; if it is  empty,  then  the
1830              port trunks all VLANs. Must be empty if this is an access port.
1831
1832              A native-tagged or native-untagged port always trunks its native
1833              VLAN, regardless of whether trunks includes that VLAN.
1834
1835       cvlans: set of up to 4,096 integers, in range 0 to 4,095
1836              For a dot1q-tunnel port,  the  customer  VLANs  that  this  port
1837              includes.  If  this  is  empty,  the  port includes all customer
1838              VLANs.
1839
1840              For other kinds of ports, this setting is ignored.
1841
1842       other_config : qinq-ethtype: optional string, either 802.1ad or 802.1q
1843              For a dot1q-tunnel port, this is the TPID for the  service  tag,
1844              that  is,  for  the 802.1Q header that contains the service VLAN
1845              ID. Because packets that actually ingress and  egress  a  dot1q-
1846              tunnel  port  do  not  include  an 802.1Q header for the service
1847              VLAN, this does not affect  packets  on  the  dot1q-tunnel  port
1848              itself. Rather, it determines the service VLAN for a packet that
1849              ingresses on a dot1q-tunnel port and egresses on a trunk port.
1850
1851              The value 802.1ad specifies  TPID  0x88a8,  which  is  also  the
1852              default  if  the  setting is omitted. The value 802.1q specifies
1853              TPID 0x8100.
1854
1855              For other kinds of ports, this setting is ignored.
1856
1857       other_config  :  priority-tags:  optional  string,   one   of   always,
1858       if-nonzero, or never
1859              An 802.1Q header contains two important pieces of information: a
1860              VLAN ID and a priority. A frame with a zero VLAN  ID,  called  a
1861              ``priority-tagged’’  frame,  is  supposed to be treated the same
1862              way as a frame without an 802.1Q header at all (except  for  the
1863              priority).
1864
1865              However,  some network elements ignore any frame that has 802.1Q
1866              header at all, even when the VLAN  ID  is  zero.  Therefore,  by
1867              default  Open  vSwitch  does  not output priority-tagged frames,
1868              instead omitting the 802.1Q header entirely if the  VLAN  ID  is
1869              zero.  Set  this  key  to  if-nonzero  to enable priority-tagged
1870              frames on a port.
1871
1872              For if-nonzero Open vSwitch omits the 802.1Q header on output if
1873              both  the  VLAN  ID and priority would be zero. Set to always to
1874              retain the 802.1Q header in such frames as well.
1875
1876              All frames output to native-tagged ports have a nonzero VLAN ID,
1877              so this setting is not meaningful on native-tagged ports.
1878
1879     Bonding Configuration:
1880
1881       A  port  that has more than one interface is a ``bonded port.’’ Bonding
1882       allows for load balancing and fail-over.
1883
1884       The following types of bonding will work  with  any  kind  of  upstream
1885       switch.  On  the  upstream switch, do not configure the interfaces as a
1886       bond:
1887
1888              balance-slb
1889                     Balances flows among members based on source MAC  address
1890                     and  output  VLAN,  with  periodic rebalancing as traffic
1891                     patterns change.
1892
1893              active-backup
1894                     Assigns all flows to one member, failing over to a backup
1895                     member  when  the  active member is disabled. This is the
1896                     only bonding mode in which interfaces may be plugged into
1897                     different upstream switches.
1898
1899       The following modes require the upstream switch to support 802.3ad with
1900       successful LACP negotiation. If LACP negotiation fails  and  other-con‐
1901       fig:lacp-fallback-ab is true, then active-backup mode is used:
1902
1903              balance-tcp
1904                     Balances  flows among members based on L3 and L4 protocol
1905                     information such as IP addresses and TCP/UDP ports.
1906
1907       These columns apply only to bonded ports. Their  values  are  otherwise
1908       ignored.
1909
1910       bond_mode:  optional string, one of active-backup, balance-slb, or bal‐
1911       ance-tcp
1912              The type  of  bonding  used  for  a  bonded  port.  Defaults  to
1913              active-backup if unset.
1914
1915       other_config : bond-hash-basis: optional string, containing an integer
1916              An  integer hashed along with flows when choosing output members
1917              in load balanced bonds. When changed, all flows will be assigned
1918              different  hash  values  possibly causing member selection deci‐
1919              sions to change. Does not affect  bonding  modes  which  do  not
1920              employ load balancing such as active-backup.
1921
1922       other_config : lb-output-action: optional string, either true or false
1923              Enable/disable usage of optimized lb_output action for balancing
1924              flows among output  members  in  load  balanced  bonds  in  bal‐
1925              ance-tcp.  When  enabled, it uses optimized path for balance-tcp
1926              mode by using rss hash and avoids recirculation. This knob  does
1927              not affect other balancing modes.
1928
1929       other_config : bond-primary: optional string
1930              If  a  slave  interface with this name exists in the bond and is
1931              up, it will  be  made  active.  Relevant  only  when  other_con‐
1932              fig:bond_mode  is  active-backup or if balance-tcp falls back to
1933              active-backup  (e.g.,  LACP  negotiation  fails  and  other_con‐
1934              fig:lacp-fallback-ab is true).
1935
1936     Link Failure Detection:
1937
1938       An  important  part of link bonding is detecting that links are down so
1939       that they may be disabled. These settings determine  how  Open  vSwitch
1940       detects link failure.
1941
1942       other_config  :  bond-detect-mode:  optional  string, either carrier or
1943       miimon
1944              The means used to detect  link  failures.  Defaults  to  carrier
1945              which uses each interface’s carrier to detect failures. When set
1946              to miimon, will check for failures by polling  each  interface’s
1947              MII.
1948
1949       other_config  :  bond-miimon-interval:  optional  string, containing an
1950       integer
1951              The interval, in milliseconds, between  successive  attempts  to
1952              poll each interface’s MII. Relevant only when other_config:bond-
1953              detect-mode is miimon.
1954
1955       bond_updelay: integer
1956              The number of milliseconds for which the link must stay up on an
1957              interface before the interface is considered to be up. Specify 0
1958              to enable the interface immediately.
1959
1960              This setting is honored only when at least one bonded  interface
1961              is  already  enabled.  When  no interfaces are enabled, then the
1962              first bond interface to come up is enabled immediately.
1963
1964       bond_downdelay: integer
1965              The number of milliseconds for which the link must stay down  on
1966              an  interface  before  the  interface  is considered to be down.
1967              Specify 0 to disable the interface immediately.
1968
1969     LACP Configuration:
1970
1971       LACP, the Link Aggregation Control Protocol, is an IEEE  standard  that
1972       allows switches to automatically detect that they are connected by mul‐
1973       tiple links and aggregate across those links.  These  settings  control
1974       LACP behavior.
1975
1976       lacp: optional string, one of active, off, or passive
1977              Configures  LACP  on  this  port. LACP allows directly connected
1978              switches to negotiate which links may be  bonded.  LACP  may  be
1979              enabled on non-bonded ports for the benefit of any switches they
1980              may be connected to. active ports are allowed to  initiate  LACP
1981              negotiations.  passive  ports are allowed to participate in LACP
1982              negotiations initiated by a remote switch, but  not  allowed  to
1983              initiate  such  negotiations themselves. If LACP is enabled on a
1984              port whose partner switch does not support LACP, the  bond  will
1985              be  disabled,  unless  other-config:lacp-fallback-ab  is  set to
1986              true. Defaults to off if unset.
1987
1988       other_config : lacp-system-id: optional string
1989              The LACP system ID of this Port. The system ID of a LACP bond is
1990              used  to  identify itself to its partners. Must be a nonzero MAC
1991              address. Defaults to the bridge Ethernet address if unset.
1992
1993       other_config : lacp-system-priority:  optional  string,  containing  an
1994       integer, in range 1 to 65,535
1995              The  LACP  system  priority  of this Port. In LACP negotiations,
1996              link status decisions are made by the system  with  the  numeri‐
1997              cally lower priority.
1998
1999       other_config : lacp-time: optional string, either fast or slow
2000              The  LACP  timing  which should be used on this Port. By default
2001              slow is used. When configured to be  fast  LACP  heartbeats  are
2002              requested  at  a  rate  of  once per second causing connectivity
2003              problems to be detected more quickly. In slow  mode,  heartbeats
2004              are requested at a rate of once every 30 seconds.
2005
2006       other_config : lacp-fallback-ab: optional string, either true or false
2007              Determines the behavior of openvswitch bond in LACP mode. If the
2008              partner switch does not support LACP,  setting  this  option  to
2009              true  allows  openvswitch  to  fallback to active-backup. If the
2010              option is set to false, the bond will be disabled. In  both  the
2011              cases,  once  the partner switch is configured to LACP mode, the
2012              bond will use LACP.
2013
2014     Rebalancing Configuration:
2015
2016       These settings control behavior when a bond is in balance-slb  or  bal‐
2017       ance-tcp mode.
2018
2019       other_config  : bond-rebalance-interval: optional string, containing an
2020       integer, in range 0 to 2,147,483,647
2021              For a load balanced bonded  port,  the  number  of  milliseconds
2022              between  successive  attempts to rebalance the bond, that is, to
2023              move flows from one interface on  the  bond  to  another  in  an
2024              attempt  to keep usage of each interface roughly equal. If zero,
2025              load balancing is disabled on the bond (link failure still cause
2026              flows to move). If less than 1000ms, the rebalance interval will
2027              be 1000ms.
2028
2029       bond_fake_iface: boolean
2030              For a bonded port, whether to create a fake  internal  interface
2031              with  the  name  of  the  port.  Use only for compatibility with
2032              legacy software that requires this.
2033
2034     Spanning Tree Protocol:
2035
2036       The configuration here is only meaningful, and the status is only popu‐
2037       lated, when 802.1D-1998 Spanning Tree Protocol is enabled on the port’s
2038       Bridge with its stp_enable column.
2039
2040     STP Configuration:
2041
2042       other_config : stp-enable: optional string, either true or false
2043              When STP is enabled on a bridge, it is enabled by default on all
2044              of  the  bridge’s  ports except bond, internal, and mirror ports
2045              (which do not work with STP). If this column’s value  is  false,
2046              STP is disabled on the port.
2047
2048       other_config : stp-port-num: optional string, containing an integer, in
2049       range 1 to 255
2050              The port number used for the lower 8 bits  of  the  port-id.  By
2051              default,  the  numbers  will  be  assigned automatically. If any
2052              port’s number is manually configured on a bridge, then they must
2053              all be.
2054
2055       other_config  : stp-port-priority: optional string, containing an inte‐
2056       ger, in range 0 to 255
2057              The port’s relative priority value for determining the root port
2058              (the  upper  8 bits of the port-id). A port with a lower port-id
2059              will be chosen as the root port. By  default,  the  priority  is
2060              0x80.
2061
2062       other_config  :  stp-path-cost: optional string, containing an integer,
2063       in range 0 to 65,535
2064              Spanning tree path cost for the port. A lower number indicates a
2065              faster  link. By default, the cost is based on the maximum speed
2066              of the link.
2067
2068     STP Status:
2069
2070       status : stp_port_id: optional string
2071              The port ID used in spanning tree advertisements for this  port,
2072              as  4  hex  digits.  Configuring the port ID is described in the
2073              stp-port-num and stp-port-priority keys of the other_config sec‐
2074              tion earlier.
2075
2076       status  :  stp_state:  optional string, one of blocking, disabled, for‐
2077       warding, learning, or listening
2078              STP state of the port.
2079
2080       status : stp_sec_in_state: optional string, containing an  integer,  at
2081       least 0
2082              The  amount of time this port has been in the current STP state,
2083              in seconds.
2084
2085       status : stp_role: optional string, one of  alternate,  designated,  or
2086       root
2087              STP role of the port.
2088
2089     Rapid Spanning Tree Protocol:
2090
2091       The  configuration  here is only meaningful, and the status and statis‐
2092       tics are only populated, when 802.1D-1998  Spanning  Tree  Protocol  is
2093       enabled on the port’s Bridge with its stp_enable column.
2094
2095     RSTP Configuration:
2096
2097       other_config : rstp-enable: optional string, either true or false
2098              When  RSTP  is  enabled on a bridge, it is enabled by default on
2099              all of the bridge’s ports  except  bond,  internal,  and  mirror
2100              ports  (which  do not work with RSTP). If this column’s value is
2101              false, RSTP is disabled on the port.
2102
2103       other_config : rstp-port-priority: optional string, containing an inte‐
2104       ger, in range 0 to 240
2105              The  port’s  relative  priority  value  for determining the root
2106              port, in multiples of 16. By default, the port priority is  0x80
2107              (128). Any value in the lower 4 bits is rounded off. The signif‐
2108              icant upper 4 bits become the upper 4 bits  of  the  port-id.  A
2109              port with the lowest port-id is elected as the root.
2110
2111       other_config  :  rstp-port-num: optional string, containing an integer,
2112       in range 1 to 4,095
2113              The local RSTP port number, used as the lower  12  bits  of  the
2114              port-id. By default the port numbers are assigned automatically,
2115              and typically may not correspond to the OpenFlow port numbers. A
2116              port with the lowest port-id is elected as the root.
2117
2118       other_config  :  rstp-port-path-cost:  optional  string,  containing an
2119       integer
2120              The port path cost. The Port’s contribution, when it is the Root
2121              Port,  to the Root Path Cost for the Bridge. By default the cost
2122              is automatically calculated from the port’s speed.
2123
2124       other_config : rstp-port-admin-edge: optional string,  either  true  or
2125       false
2126              The admin edge port parameter for the Port. Default is false.
2127
2128       other_config  :  rstp-port-auto-edge:  optional  string, either true or
2129       false
2130              The auto edge port parameter for the Port. Default is true.
2131
2132       other_config : rstp-port-mcheck: optional string, either true or false
2133              The mcheck port parameter for the Port. Default is false. May be
2134              set to force the Port Protocol Migration state machine to trans‐
2135              mit RST BPDUs for a MigrateTime period, to test whether all  STP
2136              Bridges  on  the attached LAN have been removed and the Port can
2137              continue to transmit RSTP BPDUs. Setting mcheck has no effect if
2138              the Bridge is operating in STP Compatibility mode.
2139
2140              Changing  the  value from true to false has no effect, but needs
2141              to be done if this behavior is to be triggered again  by  subse‐
2142              quently changing the value from false to true.
2143
2144     RSTP Status:
2145
2146       rstp_status : rstp_port_id: optional string
2147              The  port ID used in spanning tree advertisements for this port,
2148              as 4 hex digits. Configuring the port ID  is  described  in  the
2149              rstp-port-num  and  rstp-port-priority  keys of the other_config
2150              section earlier.
2151
2152       rstp_status  :  rstp_port_role:  optional  string,  one  of  Alternate,
2153       Backup, Designated, Disabled, or Root
2154              RSTP role of the port.
2155
2156       rstp_status  :  rstp_port_state: optional string, one of Disabled, Dis‐
2157       carding, Forwarding, or Learning
2158              RSTP state of the port.
2159
2160       rstp_status : rstp_designated_bridge_id: optional string
2161              The port’s RSTP designated  bridge  ID,  in  the  same  form  as
2162              rstp_status:rstp_bridge_id in the Bridge table.
2163
2164       rstp_status : rstp_designated_port_id: optional string
2165              The port’s RSTP designated port ID, as 4 hex digits.
2166
2167       rstp_status : rstp_designated_path_cost: optional string, containing an
2168       integer
2169              The port’s RSTP designated path cost. Lower is better.
2170
2171     RSTP Statistics:
2172
2173       rstp_statistics : rstp_tx_count: optional integer
2174              Number of RSTP BPDUs transmitted through this port.
2175
2176       rstp_statistics : rstp_rx_count: optional integer
2177              Number of valid RSTP BPDUs received by this port.
2178
2179       rstp_statistics : rstp_error_count: optional integer
2180              Number of invalid RSTP BPDUs received by this port.
2181
2182       rstp_statistics : rstp_uptime: optional integer
2183              The duration covered by the other RSTP statistics, in seconds.
2184
2185     Multicast Snooping:
2186
2187       other_config : mcast-snooping-flood: optional string,  either  true  or
2188       false
2189              If  set to true, multicast packets (except Reports) are uncondi‐
2190              tionally forwarded to the specific port.
2191
2192       other_config : mcast-snooping-flood-reports:  optional  string,  either
2193       true or false
2194              If  set to true, multicast Reports are unconditionally forwarded
2195              to the specific port.
2196
2197     Other Features:
2198
2199       qos: optional QoS
2200              Quality of Service configuration for this port.
2201
2202       mac: optional string
2203              The MAC address to use for this port for the purpose of choosing
2204              the  bridge’s  MAC  address.  This  column  does not necessarily
2205              reflect the port’s actual  MAC  address,  nor  will  setting  it
2206              change the port’s actual MAC address.
2207
2208       fake_bridge: boolean
2209              Does this port represent a sub-bridge for its tagged VLAN within
2210              the Bridge? See ovs-vsctl(8) for more information.
2211
2212       protected: boolean
2213              The protected ports feature allows certain ports  to  be  desig‐
2214              nated  as protected. Traffic between protected ports is blocked.
2215              Protected ports can send traffic to  unprotected  ports.  Unpro‐
2216              tected ports can send traffic to any port. Default is false.
2217
2218       external_ids : fake-bridge-id-*: optional string
2219              External  IDs for a fake bridge (see the fake_bridge column) are
2220              defined  by   prefixing   a   Bridge   external_ids   key   with
2221              fake-bridge-, e.g. fake-bridge-xs-network-uuids.
2222
2223       other_config : transient: optional string, either true or false
2224              If  set  to  true,  the  port will be removed when ovs-ctl start
2225              --delete-transient-ports is used.
2226
2227       bond_active_slave: optional string
2228              For a bonded port, record the MAC address of the current  active
2229              member.
2230
2231     Port Statistics:
2232
2233       Key-value  pairs that report port statistics. The update period is con‐
2234       trolled by other_config:stats-update-interval in the  Open_vSwitch  ta‐
2235       ble.
2236
2237     Statistics: STP transmit and receive counters:
2238
2239       statistics : stp_tx_count: optional integer
2240              Number  of  STP  BPDUs  sent  on  this port by the spanning tree
2241              library.
2242
2243       statistics : stp_rx_count: optional integer
2244              Number of STP BPDUs received on this port and  accepted  by  the
2245              spanning tree library.
2246
2247       statistics : stp_error_count: optional integer
2248              Number of bad STP BPDUs received on this port. Bad BPDUs include
2249              runt packets and those with an unexpected protocol ID.
2250
2251     Common Columns:
2252
2253       The overall purpose of these columns is described under Common  Columns
2254       at the beginning of this document.
2255
2256       other_config: map of string-string pairs
2257
2258       external_ids: map of string-string pairs
2259

Interface TABLE

2261       An interface within a Port.
2262
2263   Summary:
2264       Core Features:
2265         name                        immutable  string  (must be unique within
2266                                     table)
2267         ifindex                     optional   integer,   in   range   0   to
2268                                     4,294,967,295
2269         mac_in_use                  optional string
2270         mac                         optional string
2271         error                       optional string
2272         OpenFlow Port Number:
2273            ofport                   optional integer
2274            ofport_request           optional integer, in range 1 to 65,279
2275       System-Specific Details:
2276         type                        string
2277       Tunnel Options:
2278         options : remote_ip         optional string
2279         options : local_ip          optional string
2280         options : in_key            optional string
2281         options : out_key           optional string
2282         options : dst_port          optional string
2283         options : key               optional string
2284         options : tos               optional string
2285         options : ttl               optional string
2286         options : df_default        optional string, either true or false
2287         options : egress_pkt_mark   optional string
2288         Tunnel Options: lisp only:
2289            options : packet_type    optional string, either legacy_l3 or ptap
2290         Tunnel Options: vxlan only:
2291            options : exts           optional string
2292            options : packet_type    optional   string,   one   of  legacy_l2,
2293                                     legacy_l3, or ptap
2294         Tunnel Options: gre only:
2295            options : packet_type    optional  string,   one   of   legacy_l2,
2296                                     legacy_l3, or ptap
2297            options : seq            optional string, either true or false
2298         Tunnel Options: gre, ip6gre, geneve, bareudp and vxlan:
2299            options : csum           optional string, either true or false
2300         Tunnel Options: IPsec:
2301            options : psk            optional string
2302            options : remote_cert    optional string
2303            options : remote_name    optional string
2304       Tunnel Options: erspan only:
2305         options : erspan_idx        optional string
2306         options : erspan_ver        optional string
2307         options : erspan_dir        optional string
2308         options : erspan_hwid       optional string
2309       Tunnel Options: Bareudp only:
2310         options : payload_type      optional string
2311       Patch Options:
2312         options : peer              optional string
2313       PMD (Poll Mode Driver) Options:
2314         options : n_rxq             optional  string,  containing an integer,
2315                                     at least 1
2316         options : dpdk-devargs      optional string
2317         other_config : pmd-rxq-affinity
2318                                     optional string
2319         options : xdp-mode          optional  string,  one  of   best-effort,
2320                                     generic, native-with-zerocopy, or native
2321         options : use-need-wakeup   optional string, either true or false
2322         options : vhost-server-path
2323                                     optional string
2324         options : tx-retries-max    optional  string,  containing an integer,
2325                                     in range 0 to 32
2326         options : n_rxq_desc        optional string, containing  an  integer,
2327                                     in range 1 to 4,096
2328         options : n_txq_desc        optional  string,  containing an integer,
2329                                     in range 1 to 4,096
2330         options : dpdk-vf-mac       optional string
2331       EMC (Exact Match Cache) Configuration:
2332         other_config : emc-enable   optional string, either true or false
2333       MTU:
2334         mtu                         optional integer
2335         mtu_request                 optional integer, at least 1
2336       Interface Status:
2337         admin_state                 optional string, either down or up
2338         link_state                  optional string, either down or up
2339         link_resets                 optional integer
2340         link_speed                  optional integer
2341         duplex                      optional string, either full or half
2342         lacp_current                optional boolean
2343         status                      map of string-string pairs
2344         status : driver_name        optional string
2345         status : driver_version     optional string
2346         status : firmware_version   optional string
2347         status : source_ip          optional string
2348         status : tunnel_egress_iface
2349                                     optional string
2350         status : tunnel_egress_iface_carrier
2351                                     optional string, either down or up
2352         dpdk:
2353            status : port_no         optional string
2354            status : numa_id         optional string
2355            status : min_rx_bufsize  optional string
2356            status : max_rx_pktlen   optional string
2357            status : max_rx_queues   optional string
2358            status : max_tx_queues   optional string
2359            status : max_mac_addrs   optional string
2360            status : max_hash_mac_addrs
2361                                     optional string
2362            status : max_vfs         optional string
2363            status : max_vmdq_pools  optional string
2364            status : if_type         optional string
2365            status : if_descr        optional string
2366            status : pci-vendor_id   optional string
2367            status : pci-device_id   optional string
2368       Statistics:
2369         Statistics: Successful transmit and receive counters:
2370            statistics : rx_packets  optional integer
2371            statistics : rx_bytes    optional integer
2372            statistics : tx_packets  optional integer
2373            statistics : tx_bytes    optional integer
2374         Statistics: Receive errors:
2375            statistics : rx_dropped  optional integer
2376            statistics : rx_frame_err
2377                                     optional integer
2378            statistics : rx_over_err optional integer
2379            statistics : rx_crc_err  optional integer
2380            statistics : rx_errors   optional integer
2381         Statistics: Transmit errors:
2382            statistics : tx_dropped  optional integer
2383            statistics : collisions  optional integer
2384            statistics : tx_errors   optional integer
2385       Ingress Policing:
2386         ingress_policing_rate       integer, at least 0
2387         ingress_policing_burst      integer, at least 0
2388       Bidirectional Forwarding Detection (BFD):
2389         BFD Configuration:
2390            bfd : enable             optional string, either true or false
2391            bfd : min_rx             optional string, containing  an  integer,
2392                                     at least 1
2393            bfd : min_tx             optional  string,  containing an integer,
2394                                     at least 1
2395            bfd : decay_min_rx       optional string, containing an integer
2396            bfd : forwarding_if_rx   optional string, either true or false
2397            bfd : cpath_down         optional string, either true or false
2398            bfd : check_tnl_key      optional string, either true or false
2399            bfd : bfd_local_src_mac  optional string
2400            bfd : bfd_local_dst_mac  optional string
2401            bfd : bfd_remote_dst_mac optional string
2402            bfd : bfd_src_ip         optional string
2403            bfd : bfd_dst_ip         optional string
2404            bfd : oam                optional string
2405            bfd : mult               optional string, containing  an  integer,
2406                                     in range 1 to 255
2407         BFD Status:
2408            bfd_status : state       optional string, one of admin_down, down,
2409                                     init, or up
2410            bfd_status : forwarding  optional string, either true or false
2411            bfd_status : diagnostic  optional string
2412            bfd_status : remote_state
2413                                     optional string, one of admin_down, down,
2414                                     init, or up
2415            bfd_status : remote_diagnostic
2416                                     optional string
2417            bfd_status : flap_count  optional  string,  containing an integer,
2418                                     at least 0
2419       Connectivity Fault Management:
2420         cfm_mpid                    optional integer
2421         cfm_flap_count              optional integer
2422         cfm_fault                   optional boolean
2423         cfm_fault_status : recv     none
2424         cfm_fault_status : rdi      none
2425         cfm_fault_status : maid     none
2426         cfm_fault_status : loopback
2427                                     none
2428         cfm_fault_status : overflow
2429                                     none
2430         cfm_fault_status : override
2431                                     none
2432         cfm_fault_status : interval
2433                                     none
2434         cfm_remote_opstate          optional string, either down or up
2435         cfm_health                  optional integer, in range 0 to 100
2436         cfm_remote_mpids            set of integers
2437         other_config : cfm_interval
2438                                     optional string, containing an integer
2439         other_config : cfm_extended
2440                                     optional string, either true or false
2441         other_config : cfm_demand   optional string, either true or false
2442         other_config : cfm_opstate  optional string, either down or up
2443         other_config : cfm_ccm_vlan
2444                                     optional string, containing  an  integer,
2445                                     in range 1 to 4,095
2446         other_config : cfm_ccm_pcp  optional  string,  containing an integer,
2447                                     in range 1 to 7
2448       Bonding Configuration:
2449         other_config : lacp-port-id
2450                                     optional string, containing  an  integer,
2451                                     in range 1 to 65,535
2452         other_config : lacp-port-priority
2453                                     optional  string,  containing an integer,
2454                                     in range 1 to 65,535
2455         other_config : lacp-aggregation-key
2456                                     optional string, containing  an  integer,
2457                                     in range 1 to 65,535
2458       Virtual Machine Identifiers:
2459         external_ids : attached-mac
2460                                     optional string
2461         external_ids : iface-id     optional string
2462         external_ids : iface-status
2463                                     optional  string,  either active or inac‐
2464                                     tive
2465         external_ids : xs-vif-uuid  optional string
2466         external_ids : xs-network-uuid
2467                                     optional string
2468         external_ids : vm-id        optional string
2469         external_ids : xs-vm-uuid   optional string
2470       Auto Attach Configuration:
2471         lldp : enable               optional string, either true or false
2472       Flow control Configuration:
2473         options : rx-flow-ctrl      optional string, either true or false
2474         options : tx-flow-ctrl      optional string, either true or false
2475         options : flow-ctrl-autoneg
2476                                     optional string, either true or false
2477       Link State Change detection mode:
2478         options : dpdk-lsc-interrupt
2479                                     optional string, either true or false
2480       Common Columns:
2481         other_config                map of string-string pairs
2482         external_ids                map of string-string pairs
2483
2484   Details:
2485     Core Features:
2486
2487       name: immutable string (must be unique within table)
2488              Interface name. Should be  alphanumeric.  For  non-bonded  port,
2489              this  should  be the same as the port name. It must otherwise be
2490              unique among the names of ports, interfaces, and  bridges  on  a
2491              host.
2492
2493              The  maximum length of an interface name depends on the underly‐
2494              ing datapath:
2495
2496              ·      The names of interfaces implemented as Linux and BSD net‐
2497                     work  devices,  including  interfaces with type internal,
2498                     tap, or system plus the different types of tunnel  ports,
2499                     are  limited  to  15 bytes. Windows limits these names to
2500                     255 bytes.
2501
2502              ·      The names of patch ports are not used in  the  underlying
2503                     datapath,  so operating system restrictions do not apply.
2504                     Thus, they may have arbitrary length.
2505
2506              Regardless of other restrictions, OpenFlow only supports 15-byte
2507              names,  which means that ovs-ofctl and OpenFlow controllers will
2508              show names truncated to 15 bytes.
2509
2510       ifindex: optional integer, in range 0 to 4,294,967,295
2511              A positive interface index as defined for SNMP  MIB-II  in  RFCs
2512              1213  and  2863,  if  the  interface  has  one, otherwise 0. The
2513              ifindex is useful for seamless integration with  protocols  such
2514              as SNMP and sFlow.
2515
2516       mac_in_use: optional string
2517              The MAC address in use by this interface.
2518
2519       mac: optional string
2520              Ethernet  address  to  set for this interface. If unset then the
2521              default MAC address is used:
2522
2523              ·      For the local interface, the default is  the  lowest-num‐
2524                     bered  MAC  address  among the other bridge ports, either
2525                     the value of the mac in its Port record, if set,  or  its
2526                     actual MAC (for bonded ports, the MAC of its member whose
2527                     name is first in alphabetical order). Internal ports  and
2528                     bridge ports that are used as port mirroring destinations
2529                     (see the Mirror table) are ignored.
2530
2531              ·      For other internal interfaces, the default  MAC  is  ran‐
2532                     domly generated.
2533
2534              ·      External  interfaces typically have a MAC address associ‐
2535                     ated with their hardware.
2536
2537              Some  interfaces  may  not  have  a  software-controllable   MAC
2538              address. This option only affects internal ports. For other type
2539              ports, you can change the  MAC  address  outside  Open  vSwitch,
2540              using ip command.
2541
2542       error: optional string
2543              If  the  configuration of the port failed, as indicated by -1 in
2544              ofport, Open vSwitch sets this column to an error description in
2545              human readable form. Otherwise, Open vSwitch clears this column.
2546
2547     OpenFlow Port Number:
2548
2549       When  a  client  adds a new interface, Open vSwitch chooses an OpenFlow
2550       port number for the new port. If the client that adds the port fills in
2551       ofport_request,  then  Open vSwitch tries to use its value as the Open‐
2552       Flow port number. Otherwise, or if the requested port number is already
2553       in use or cannot be used for another reason, Open vSwitch automatically
2554       assigns a free port number. Regardless  of  how  the  port  number  was
2555       obtained,  Open vSwitch then reports in ofport the port number actually
2556       assigned.
2557
2558       Open vSwitch limits the port numbers that it automatically  assigns  to
2559       the  range 1 through 32,767, inclusive. Controllers therefore have free
2560       use of ports 32,768 and up.
2561
2562       ofport: optional integer
2563              OpenFlow port number for this interface. Open vSwitch sets  this
2564              column’s value, so other clients should treat it as read-only.
2565
2566              The  OpenFlow  ``local’’  port (OFPP_LOCAL) is 65,534. The other
2567              valid port numbers are in the  range  1  to  65,279,  inclusive.
2568              Value -1 indicates an error adding the interface.
2569
2570       ofport_request: optional integer, in range 1 to 65,279
2571              Requested OpenFlow port number for this interface.
2572
2573              A  client  should  ideally  set  this column’s value in the same
2574              database transaction that it uses to create the interface.  Open
2575              vSwitch  version  2.1 and later will honor a later request for a
2576              specific port  number,  althuogh  it  might  confuse  some  con‐
2577              trollers: OpenFlow does not have a way to announce a port number
2578              change, so Open vSwitch represents it over OpenFlow  as  a  port
2579              deletion followed immediately by a port addition.
2580
2581              If  ofport_request  is set or changed to some other port’s auto‐
2582              matically assigned port number, Open vSwitch chooses a new  port
2583              number for the latter port.
2584
2585     System-Specific Details:
2586
2587       type: string
2588              The interface type. The types supported by a particular instance
2589              of Open vSwitch are listed in  the  iface_types  column  in  the
2590              Open_vSwitch table. The following types are defined:
2591
2592              system An ordinary network device, e.g. eth0 on Linux. Sometimes
2593                     referred to as ``external  interfaces’’  since  they  are
2594                     generally connected to hardware external to that on which
2595                     the Open vSwitch is running. The empty string is  a  syn‐
2596                     onym for system.
2597
2598              internal
2599                     A  simulated network device that sends and receives traf‐
2600                     fic. An internal interface whose name is the same as  its
2601                     bridge’s  name is called the ``local interface.’’ It does
2602                     not make sense to bond  an  internal  interface,  so  the
2603                     terms  ``port’’  and  ``interface’’ are often used impre‐
2604                     cisely for internal interfaces.
2605
2606              tap    A TUN/TAP device managed by Open vSwitch.
2607
2608                     Open vSwitch checks the interface state before send pack‐
2609                     ets  to  the  device.  When  it  is down, the packets are
2610                     dropped and the tx_dropped statistic is  updated  accord‐
2611                     ingly.  Older  versions of Open vSwitch did not check the
2612                     interface state and then the tx_packets  was  incremented
2613                     along with tx_dropped.
2614
2615              geneve An             Ethernet            over            Geneve
2616                     (http://tools.ietf.org/html/draft-ietf-nvo3-geneve)
2617                     IPv4/IPv6  tunnel.  A description of how to match and set
2618                     Geneve options can be found in the ovs-ofctl manual page.
2619
2620              gre    Generic Routing Encapsulation  (GRE)  over  IPv4  tunnel,
2621                     configurable to encapsulate layer 2 or layer 3 traffic.
2622
2623              ip6gre Generic  Routing  Encapsulation  (GRE)  over IPv6 tunnel,
2624                     encapsulate layer 2 traffic.
2625
2626              vxlan  An Ethernet tunnel  over  the  UDP-based  VXLAN  protocol
2627                     described in RFC 7348.
2628
2629                     Open  vSwitch  uses  IANA-assigned  UDP  destination port
2630                     4789. The source port used for VXLAN traffic varies on  a
2631                     per-flow basis and is in the ephemeral port range.
2632
2633              lisp   A  layer  3 tunnel over the experimental, UDP-based Loca‐
2634                     tor/ID Separation Protocol (RFC 6830).
2635
2636                     Only IPv4 and IPv6 packets are supported by the protocol,
2637                     and  they  are  sent  and  received  without  an Ethernet
2638                     header. Traffic to/from LISP ports is expected to be con‐
2639                     figured  explicitly,  and  the  ports are not intended to
2640                     participate in learning based switching.  As  such,  they
2641                     are always excluded from packet flooding.
2642
2643              stt    The  Stateless  TCP  Tunnel  (STT) is particularly useful
2644                     when tunnel endpoints are in end-systems, as it  utilizes
2645                     the  capabilities  of standard network interface cards to
2646                     improve  performance.  STT  utilizes  a  TCP-like  header
2647                     inside  the IP header. It is stateless, i.e., there is no
2648                     TCP connection state of any kind associated with the tun‐
2649                     nel. The TCP-like header is used to leverage the capabil‐
2650                     ities of existing network interface cards, but should not
2651                     be  interpreted  as implying any sort of connection state
2652                     between endpoints. Since the STT protocol does not engage
2653                     in  the usual TCP 3-way handshake, so it will have diffi‐
2654                     culty traversing stateful firewalls. The protocol is doc‐
2655                     umented   at  https://tools.ietf.org/html/draft-davie-stt
2656                     All traffic uses a default destination port of 7471.
2657
2658              patch  A pair of virtual devices that act as a patch cable.
2659
2660              gtpu   GPRS Tunneling Protocol (GTP) is a group of IP-based com‐
2661                     munications  protocols used to carry general packet radio
2662                     service (GPRS) within GSM, UMTS and LTE  networks.  GTP-U
2663                     is  used for carrying user data within the GPRS core net‐
2664                     work and between the radio access network  and  the  core
2665                     network.  The user data transported can be packets in any
2666                     of IPv4, IPv6, or PPP formats.
2667
2668                     The protocol is documented at http://www.3gpp.org/DynaRe
2669                     port/29281.htm
2670
2671                     Open  vSwitch  uses UDP destination port 2152. The source
2672                     port used for GTP traffic varies on a per-flow basis  and
2673                     is in the ephemeral port range.
2674
2675              Bareudp
2676                     The  Bareudp  tunnel  provides a generic L3 encapsulation
2677                     support for tunnelling different L3 protocols like  MPLS,
2678                     IP, NSH etc. inside a UDP tunnel.
2679
2680     Tunnel Options:
2681
2682       These  options  apply  to interfaces with type of geneve, bareudp, gre,
2683       ip6gre, vxlan, lisp and stt.
2684
2685       Each tunnel must be uniquely identified by  the  combination  of  type,
2686       options:remote_ip,  options:local_ip,  and options:in_key. If two ports
2687       are defined that are the same except one has an optional identifier and
2688       the   other   does  not,  the  more  specific  one  is  matched  first.
2689       options:in_key is considered more specific than options:local_ip  if  a
2690       port  defines one and another port defines the other. options:in_key is
2691       not applicable for bareudp tunnels. Hence it is  not  considered  while
2692       identifying a bareudp tunnel.
2693
2694       options : remote_ip: optional string
2695              Required. The remote tunnel endpoint, one of:
2696
2697              ·      An   IPv4   or  IPv6  address  (not  a  DNS  name),  e.g.
2698                     192.168.0.123. Only unicast endpoints are supported.
2699
2700              ·      The word flow. The tunnel accepts packets from any remote
2701                     tunnel  endpoint. To process only packets from a specific
2702                     remote tunnel endpoint, the flow entries may match on the
2703                     tun_src  or  tun_ipv6_srcfield. When sending packets to a
2704                     remote_ip=flow tunnel, the flow actions  must  explicitly
2705                     set  the  tun_dst or tun_ipv6_dst field to the IP address
2706                     of the  desired  remote  tunnel  endpoint,  e.g.  with  a
2707                     set_field action.
2708
2709              The remote tunnel endpoint for any packet received from a tunnel
2710              is available in the tun_src field for matching in the  flow  ta‐
2711              ble.
2712
2713       options : local_ip: optional string
2714              Optional.  The  tunnel destination IP that received packets must
2715              match. Default is to match all addresses. If specified,  may  be
2716              one of:
2717
2718              ·      An IPv4/IPv6 address (not a DNS name), e.g. 192.168.12.3.
2719
2720              ·      The  word flow. The tunnel accepts packets sent to any of
2721                     the local IP addresses of  the  system  running  OVS.  To
2722                     process  only  packets sent to a specific IP address, the
2723                     flow entries may match on  the  tun_dst  or  tun_ipv6_dst
2724                     field.  When  sending  packets to a local_ip=flow tunnel,
2725                     the flow  actions  may  explicitly  set  the  tun_src  or
2726                     tun_ipv6_src field to the desired IP address, e.g. with a
2727                     set_field action. However,  while  routing  the  tunneled
2728                     packet  out,  the local system may override the specified
2729                     address with the local IP address configured for the out‐
2730                     going system interface.
2731
2732                     This  option  is  valid  only for tunnels also configured
2733                     with the remote_ip=flow option.
2734
2735              The tunnel destination IP address for any packet received from a
2736              tunnel  is  available  in  the tun_dst or tun_ipv6_dst field for
2737              matching in the flow table.
2738
2739       options : in_key: optional string
2740              Optional, not applicable for  bareudp.  The  key  that  received
2741              packets must contain, one of:
2742
2743              ·      0.  The tunnel receives packets with no key or with a key
2744                     of 0. This is equivalent to specifying no  options:in_key
2745                     at all.
2746
2747              ·      A  positive  24-bit (for Geneve, VXLAN, and LISP), 32-bit
2748                     (for GRE) or 64-bit (for STT) number. The tunnel receives
2749                     only packets with the specified key.
2750
2751              ·      The  word  flow. The tunnel accepts packets with any key.
2752                     The key will be placed in the tun_id field  for  matching
2753                     in the flow table. The ovs-fields(7) manual page contains
2754                     additional information about matching fields in  OpenFlow
2755                     flows.
2756
2757       options : out_key: optional string
2758              Optional,  not applicable for bareudp. The key to be set on out‐
2759              going packets, one of:
2760
2761              ·      0. Packets sent through the tunnel will have no key. This
2762                     is equivalent to specifying no options:out_key at all.
2763
2764              ·      A  positive  24-bit  (for Geneve, VXLAN and LISP), 32-bit
2765                     (for GRE)  or  64-bit  (for  STT)  number.  Packets  sent
2766                     through the tunnel will have the specified key.
2767
2768              ·      The  word flow. Packets sent through the tunnel will have
2769                     the key set using the set_tunnel Nicira  OpenFlow  vendor
2770                     extension  (0  is  used in the absence of an action). The
2771                     ovs-fields(7) manual page contains additional information
2772                     about the Nicira OpenFlow vendor extensions.
2773
2774       options : dst_port: optional string
2775              Optional.  The  tunnel transport layer destination port, for UDP
2776              and TCP based tunnel protocols (Geneve, VXLAN, LISP, and STT).
2777
2778       options : key: optional string
2779              Optional. Shorthand to set in_key and out_key at the same time.
2780
2781       options : tos: optional string
2782              Optional. The value of the ToS bits to be set on the encapsulat‐
2783              ing  packet.  ToS  is interpreted as DSCP and ECN bits, ECN part
2784              must be zero. It may also be the word inherit, in which case the
2785              ToS  will  be copied from the inner packet if it is IPv4 or IPv6
2786              (otherwise it will be 0). The ECN fields are  always  inherited.
2787              Default is 0.
2788
2789       options : ttl: optional string
2790              Optional.  The TTL to be set on the encapsulating packet. It may
2791              also be the word inherit, in which case the TTL will  be  copied
2792              from  the  inner packet if it is IPv4 or IPv6 (otherwise it will
2793              be the system default, typically  64).  Default  is  the  system
2794              default TTL.
2795
2796       options : df_default: optional string, either true or false
2797              Optional. If enabled, the Don’t Fragment bit will be set on tun‐
2798              nel outer headers  to  allow  path  MTU  discovery.  Default  is
2799              enabled; set to false to disable.
2800
2801       options : egress_pkt_mark: optional string
2802              Optional.  The  pkt_mark  to be set on the encapsulating packet.
2803              This option sets packet mark for the  tunnel  endpoint  for  all
2804              tunnel packets including tunnel monitoring.
2805
2806     Tunnel Options: lisp only:
2807
2808       options : packet_type: optional string, either legacy_l3 or ptap
2809              A  LISP  tunnel  sends  and receives only IPv4 and IPv6 packets.
2810              This option controls what how the tunnel represents the  packets
2811              that it sends and receives:
2812
2813              ·      By  default,  or  if this option is legacy_l3, the tunnel
2814                     represents packets as Ethernet frames  for  compatibility
2815                     with  legacy OpenFlow controllers that expect this behav‐
2816                     ior.
2817
2818              ·      If this option is ptap,  the  tunnel  represents  packets
2819                     using  the  packet_type  mechanism introduced in OpenFlow
2820                     1.5.
2821
2822     Tunnel Options: vxlan only:
2823
2824       options : exts: optional string
2825              Optional. Comma separated list of optional VXLAN  extensions  to
2826              enable. The following extensions are supported:
2827
2828              ·      gbp:  VXLAN-GBP allows to transport the group policy con‐
2829                     text of a packet across the VXLAN tunnel to other network
2830                     peers.    See   the   description   of   tun_gbp_id   and
2831                     tun_gbp_flags in ovs-fields(7)  for  additional  informa‐
2832                     tion.
2833                     (https://tools.ietf.org/html/draft-smith-vxlan-group-pol
2834                     icy)
2835
2836              ·      gpe: Support for Generic Protocol Encapsulation in accor‐
2837                     dance             with             IETF             draft
2838                     https://tools.ietf.org/html/draft-ietf-nvo3-vxlan-gpe.
2839                     Without this option, a VXLAN packet  always  encapsulates
2840                     an  Ethernet frame. With this option, an VXLAN packet may
2841                     also encapsulate an IPv4, IPv6, NSH, or MPLS packet.
2842
2843       options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2844       ptap
2845              This  option controls what types of packets the tunnel sends and
2846              receives and how it represents them:
2847
2848              ·      By default, or if this option is  legacy_l2,  the  tunnel
2849                     sends and receives only Ethernet frames.
2850
2851              ·      If  this  option  is  legacy_l3,  the  tunnel  sends  and
2852                     receives only non-Ethernet (L3) packet, but  the  packets
2853                     are represented as Ethernet frames for compatibility with
2854                     legacy OpenFlow controllers that  expect  this  behavior.
2855                     This requires enabling gpe in options:exts.
2856
2857              ·      If  this  option is ptap, Open vSwitch represents packets
2858                     in the tunnel using the packet_type mechanism  introduced
2859                     in  OpenFlow  1.5.  This  mechanism  supports any kind of
2860                     packet, but actually sending and  receiving  non-Ethernet
2861                     packets    requires    additionally   enabling   gpe   in
2862                     options:exts.
2863
2864     Tunnel Options: gre only:
2865
2866       gre interfaces support these options.
2867
2868       options : packet_type: optional string, one of legacy_l2, legacy_l3, or
2869       ptap
2870              This  option controls what types of packets the tunnel sends and
2871              receives and how it represents them:
2872
2873              ·      By default, or if this option is  legacy_l2,  the  tunnel
2874                     sends and receives only Ethernet frames.
2875
2876              ·      If  this  option  is  legacy_l3,  the  tunnel  sends  and
2877                     receives only non-Ethernet (L3) packet, but  the  packets
2878                     are represented as Ethernet frames for compatibility with
2879                     legacy OpenFlow controllers that expect this behavior.
2880
2881              ·      The legacy_l3 option is only available via the user space
2882                     datapath.  The  OVS  kernel  datapath  does  not  support
2883                     devices of type ARPHRD_IPGRE which is the requirement for
2884                     legacy_l3 type packets.
2885
2886              ·      If this option is ptap, the tunnel sends and receives any
2887                     kind of packet. Open vSwitch represents  packets  in  the
2888                     tunnel  using  the  packet_type  mechanism  introduced in
2889                     OpenFlow 1.5.
2890
2891       options : seq: optional string, either true or false
2892              Optional. A 4-byte sequence number field for  GRE  tunnel  only.
2893              Default  is  disabled, set to true to enable. Sequence number is
2894              incremented by one on each outgoing packet.
2895
2896     Tunnel Options: gre, ip6gre, geneve, bareudp and vxlan:
2897
2898       gre,  ip6gre,  geneve,  bareudp  and  vxlan  interfaces  support  these
2899       options.
2900
2901       options : csum: optional string, either true or false
2902              Optional.  Compute  encapsulation  header  (either  GRE  or UDP)
2903              checksums on outgoing packets. Default is disabled, set to  true
2904              to  enable.  Checksums present on incoming packets will be vali‐
2905              dated regardless of this setting.
2906
2907              When using the upstream  Linux  kernel  module,  computation  of
2908              checksums for geneve and vxlan requires Linux kernel version 4.0
2909              or higher. gre and ip6gre support checksums for all versions  of
2910              Open  vSwitch  that  support  GRE. The out of tree kernel module
2911              distributed as part of OVS can compute all tunnel  checksums  on
2912              any kernel version that it is compatible with.
2913
2914     Tunnel Options: IPsec:
2915
2916       Setting  any of these options enables IPsec support for a given tunnel.
2917       gre, geneve, vxlan and stt interfaces support these  options.  See  the
2918       IPsec section in the Open_vSwitch table for a description of each mode.
2919
2920       options : psk: optional string
2921              In PSK mode only, the preshared secret to negotiate tunnel. This
2922              value must match on both tunnel ends.
2923
2924       options : remote_cert: optional string
2925              In self-signed certificate mode only, name of a  PEM  file  con‐
2926              taining a certificate of the remote switch. The certificate must
2927              be x.509 version 3 and with the string in common name (CN)  also
2928              set in the subject alternative name (SAN).
2929
2930       options : remote_name: optional string
2931              In  CA-signed  certificate  mode  only,  common name (CN) of the
2932              remote certificate.
2933
2934     Tunnel Options: erspan only:
2935
2936       Only erspan interfaces support these options.
2937
2938       options : erspan_idx: optional string
2939              20 bit index/port number associated with  the  ERSPAN  traffic’s
2940              source  port and direction (ingress/egress). This field is plat‐
2941              form dependent.
2942
2943       options : erspan_ver: optional string
2944              ERSPAN version: 1 for version 1 (type II) or  2  for  version  2
2945              (type III).
2946
2947       options : erspan_dir: optional string
2948              Specifies  the  ERSPAN  v2  mirrored  traffic’s direction. 1 for
2949              egress traffic, and 0 for ingress traffic.
2950
2951       options : erspan_hwid: optional string
2952              ERSPAN hardware ID is a 6-bit unique identifier of an ERSPAN  v2
2953              engine within a system.
2954
2955     Tunnel Options: Bareudp only:
2956
2957       options : payload_type: optional string
2958              Specifies the ethertype of the l3 protocol the bareudp device is
2959              tunnelling. For the tunnels which supports  multiple  ethertypes
2960              of  a  l3  protocol (IP, MPLS) this field specifies the protocol
2961              name as a string.
2962
2963     Patch Options:
2964
2965       These options apply only to patch ports, that is, interfaces whose type
2966       column  is  patch.  Patch  ports  are mainly a way to connect otherwise
2967       independent bridges to one another, similar to how one  might  plug  an
2968       Ethernet  cable  (a ``patch cable’’) into two physical switches to con‐
2969       nect those switches. The effect of  plugging  a  patch  port  into  two
2970       switches  is conceptually similar to that of plugging the two ends of a
2971       Linux veth device into those switches, but the implementation of  patch
2972       ports makes them much more efficient.
2973
2974       Patch  ports  may connect two different bridges (the usual case) or the
2975       same bridge. In the latter case, take special care to avoid loops, e.g.
2976       by programming appropriate flows with OpenFlow. Patch ports do not work
2977       if its ends are attached to bridges on  different  datapaths,  e.g.  to
2978       connect bridges in system and netdev datapaths.
2979
2980       The  following  command  creates and connects patch ports p0 and p1 and
2981       adds them to bridges br0 and br1, respectively:
2982
2983       ovs-vsctl add-port br0 p0 -- set Interface p0 type=patch options:peer=p1 \
2984              -- add-port br1 p1 -- set Interface p1 type=patch options:peer=p0
2985
2986
2987       options : peer: optional string
2988              The name of the Interface for the other side of the  patch.  The
2989              named  Interface’s own peer option must specify this Interface’s
2990              name. That is, the two patch interfaces must have reversed  name
2991              and peer values.
2992
2993     PMD (Poll Mode Driver) Options:
2994
2995       Only PMD netdevs support these options.
2996
2997       options : n_rxq: optional string, containing an integer, at least 1
2998              Specifies  the maximum number of rx queues to be created for PMD
2999              netdev. If not specified or specified to 0, one rx queue will be
3000              created by default. Not supported by DPDK vHost interfaces.
3001
3002       options : dpdk-devargs: optional string
3003              Specifies  the PCI address associated with the port for physical
3004              devices, or the virtual driver to be used for the  port  when  a
3005              virtual PMD is intended to be used. For the latter, the argument
3006              string typically  takes  the  form  of  eth_driver_namex,  where
3007              driver_name  is  a valid virtual DPDK PMD driver name and x is a
3008              unique identifier of your choice for the given port.  Only  sup‐
3009              ported by the dpdk port type.
3010
3011       other_config : pmd-rxq-affinity: optional string
3012              Specifies mapping of RX queues of this interface to CPU cores.
3013
3014              Value should be set in the following form:
3015
3016              other_config:pmd-rxq-affinity=<rxq-affinity-list>
3017
3018              where
3019
3020              ·      <rxq-affinity-list> ::= NULL | <non-empty-list>
3021
3022              ·      <non-empty-list>  ::= <affinity-pair> | <affinity-pair> ,
3023                     <non-empty-list>
3024
3025              ·      <affinity-pair> ::= <queue-id> : <core-id>
3026
3027       options : xdp-mode:  optional  string,  one  of  best-effort,  generic,
3028       native-with-zerocopy, or native
3029              Specifies the operational mode of the XDP program.
3030
3031              In  native-with-zerocopy mode the XDP program is loaded into the
3032              device driver with  zero-copy  RX  and  TX  enabled.  This  mode
3033              requires  device  driver  support  and  has the best performance
3034              because there should be no copying of packets.
3035
3036              native is the same as native-with-zerocopy,  but  without  zero-
3037              copy  capability. This requires at least one copy between kernel
3038              and the userspace. This mode also requires support  from  device
3039              driver.
3040
3041              In  generic case the XDP program in kernel works after skb allo‐
3042              cation on early stages of packet processing inside  the  network
3043              stack.  This  mode  doesn’t require driver support, but has much
3044              lower performance.
3045
3046              best-effort tries to detect and choose the best  (fastest)  from
3047              the available modes for current interface.
3048
3049              Note  that  this option is specific to netdev-afxdp. Defaults to
3050              best-effort mode.
3051
3052       options : use-need-wakeup: optional string, either true or false
3053              Specifies whether to use need_wakeup feature in afxdp netdev. If
3054              enabled,  OVS  explicitly  wakes  up the kernel RX, using poll()
3055              syscall and wakes up TX, using sendto()  syscall.  For  physical
3056              devices,  this  feature  improves  the  performance  by avoiding
3057              unnecessary sendto syscalls. Defaults to true  if  supported  by
3058              libbpf.
3059
3060       options : vhost-server-path: optional string
3061              The  value  specifies  the  path to the socket associated with a
3062              vHost User client mode device that has been or will  be  created
3063              by QEMU. Only supported by dpdkvhostuserclient interfaces.
3064
3065       options  :  tx-retries-max:  optional string, containing an integer, in
3066       range 0 to 32
3067              The value specifies the maximum amount of vhost tx retries  that
3068              can be made while trying to send a batch of packets to an inter‐
3069              face. Only supported by dpdkvhostuserclient interfaces.
3070
3071              Default value is 8.
3072
3073       options : n_rxq_desc: optional string, containing an integer, in  range
3074       1 to 4,096
3075              Specifies  the  rx  queue  size (number rx descriptors) for dpdk
3076              ports. The value must be a power of 2, less than 4096  and  sup‐
3077              ported  by  the  hardware of the device being configured. If not
3078              specified or an incorrect value is specified, 2048  rx  descrip‐
3079              tors will be used by default.
3080
3081       options  : n_txq_desc: optional string, containing an integer, in range
3082       1 to 4,096
3083              Specifies the tx queue size (number  tx  descriptors)  for  dpdk
3084              ports.  The  value must be a power of 2, less than 4096 and sup‐
3085              ported by the hardware of the device being  configured.  If  not
3086              specified  or  an incorrect value is specified, 2048 tx descrip‐
3087              tors will be used by default.
3088
3089       options : dpdk-vf-mac: optional string
3090              Ethernet address to set for this VF interface. If unset then the
3091              default MAC address is used:
3092
3093              ·      For  most  drivers,  the  default MAC address assigned by
3094                     their hardware.
3095
3096              ·      For bifurcated drivers, the MAC  currently  used  by  the
3097                     kernel netdevice.
3098
3099              This option may only be used with dpdk VF representors.
3100
3101     EMC (Exact Match Cache) Configuration:
3102
3103       These settings controls behaviour of EMC lookups/insertions for packets
3104       received from the interface.
3105
3106       other_config : emc-enable: optional string, either true or false
3107              Specifies if Exact Match Cache (EMC) should be used  while  pro‐
3108              cessing   packets   received   from  this  interface.  If  true,
3109              other_config:emc-insert-inv-prob will have effect on this inter‐
3110              face.
3111
3112              Defaults to true.
3113
3114     MTU:
3115
3116       The  MTU (maximum transmission unit) is the largest amount of data that
3117       can fit into a single Ethernet frame. The standard Ethernet MTU is 1500
3118       bytes.  Some physical media and many kinds of virtual interfaces can be
3119       configured with higher MTUs.
3120
3121       A client may change an interface MTU by filling  in  mtu_request.  Open
3122       vSwitch then reports in mtu the currently configured value.
3123
3124       mtu: optional integer
3125              The currently configured MTU for the interface.
3126
3127              This column will be empty for an interface that does not have an
3128              MTU as, for example, some kinds of tunnels do not.
3129
3130              Open vSwitch sets this column’s value, so other  clients  should
3131              treat it as read-only.
3132
3133       mtu_request: optional integer, at least 1
3134              Requested  MTU  (Maximum Transmission Unit) for the interface. A
3135              client can fill this column to change the MTU of an interface.
3136
3137              RFC 791 requires every internet module to be able to  forward  a
3138              datagram of 68 octets without further fragmentation. The maximum
3139              size of an IP packet is 65535 bytes.
3140
3141              If this is not set and if the interface has internal type,  Open
3142              vSwitch  will  change  the MTU to match the minimum of the other
3143              interfaces in the bridge.
3144
3145     Interface Status:
3146
3147       Status information about interfaces attached to bridges, updated  every
3148       5  seconds.  Not  all  interfaces have all of these properties; virtual
3149       interfaces don’t have a link speed, for example. Non-applicable columns
3150       will have empty values.
3151
3152       admin_state: optional string, either down or up
3153              The administrative state of the physical network link.
3154
3155       link_state: optional string, either down or up
3156              The  observed  state of the physical network link. This is ordi‐
3157              narily the link’s carrier status. If the interface’s Port  is  a
3158              bond configured for miimon monitoring, it is instead the network
3159              link’s miimon status.
3160
3161       link_resets: optional integer
3162              The number of times Open vSwitch has observed the link_state  of
3163              this Interface change.
3164
3165       link_speed: optional integer
3166              The  negotiated speed of the physical network link. Valid values
3167              are positive integers greater than 0.
3168
3169       duplex: optional string, either full or half
3170              The duplex mode of the physical network link.
3171
3172       lacp_current: optional boolean
3173              Boolean value indicating LACP  status  for  this  interface.  If
3174              true, this interface has current LACP information about its LACP
3175              partner. This information may be used to monitor the  health  of
3176              interfaces  in a LACP enabled port. This column will be empty if
3177              LACP is not enabled.
3178
3179       status: map of string-string pairs
3180              Key-value pairs that report port status. Supported status values
3181              are  type-dependent;  some  interfaces may not have a valid sta‐
3182              tus:driver_name, for example.
3183
3184       status : driver_name: optional string
3185              The name of the device driver controlling the network adapter.
3186
3187       status : driver_version: optional string
3188              The version string of the device driver controlling the  network
3189              adapter.
3190
3191       status : firmware_version: optional string
3192              The  version string of the network adapter’s firmware, if avail‐
3193              able.
3194
3195       status : source_ip: optional string
3196              The source IP address used for an  IPv4/IPv6  tunnel  end-point,
3197              such as gre.
3198
3199       status : tunnel_egress_iface: optional string
3200              Egress  interface  for tunnels. Currently only relevant for tun‐
3201              nels on Linux systems, this column will show  the  name  of  the
3202              interface  which is responsible for routing traffic destined for
3203              the configured options:remote_ip.  This  could  be  an  internal
3204              interface such as a bridge port.
3205
3206       status  :  tunnel_egress_iface_carrier: optional string, either down or
3207       up
3208              Whether carrier is detected on status:tunnel_egress_iface.
3209
3210     dpdk:
3211
3212       DPDK specific interface status options.
3213
3214       status : port_no: optional string
3215              DPDK port ID.
3216
3217       status : numa_id: optional string
3218              NUMA socket ID to which an Ethernet device is connected.
3219
3220       status : min_rx_bufsize: optional string
3221              Minimum size of RX buffer.
3222
3223       status : max_rx_pktlen: optional string
3224              Maximum configurable length of RX pkt.
3225
3226       status : max_rx_queues: optional string
3227              Maximum number of RX queues.
3228
3229       status : max_tx_queues: optional string
3230              Maximum number of TX queues.
3231
3232       status : max_mac_addrs: optional string
3233              Maximum number of MAC addresses.
3234
3235       status : max_hash_mac_addrs: optional string
3236              Maximum number of hash MAC addresses for MTA and UTA.
3237
3238       status : max_vfs: optional string
3239              Maximum number of hash MAC addresses for MTA  and  UTA.  Maximum
3240              number of VFs.
3241
3242       status : max_vmdq_pools: optional string
3243              Maximum number of VMDq pools.
3244
3245       status : if_type: optional string
3246              Interface type ID according to IANA ifTYPE MIB definitions.
3247
3248       status : if_descr: optional string
3249              Interface description string.
3250
3251       status : pci-vendor_id: optional string
3252              Vendor ID of PCI device.
3253
3254       status : pci-device_id: optional string
3255              Device ID of PCI device.
3256
3257     Statistics:
3258
3259       Key-value pairs that report interface statistics. The current implemen‐
3260       tation updates these counters periodically. The update period  is  con‐
3261       trolled  by  other_config:stats-update-interval in the Open_vSwitch ta‐
3262       ble. Future implementations may update them when an interface  is  cre‐
3263       ated, when they are queried (e.g. using an OVSDB select operation), and
3264       just before an interface is deleted due to virtual interface hot-unplug
3265       or  VM  shutdown,  and  perhaps  at other times, but not on any regular
3266       periodic basis.
3267
3268       These are the same  statistics  reported  by  OpenFlow  in  its  struct
3269       ofp_port_stats  structure.  If  an  interface  does not support a given
3270       statistic, then that pair is omitted.
3271
3272     Statistics: Successful transmit and receive counters:
3273
3274       statistics : rx_packets: optional integer
3275              Number of received packets.
3276
3277       statistics : rx_bytes: optional integer
3278              Number of received bytes.
3279
3280       statistics : tx_packets: optional integer
3281              Number of transmitted packets.
3282
3283       statistics : tx_bytes: optional integer
3284              Number of transmitted bytes.
3285
3286     Statistics: Receive errors:
3287
3288       statistics : rx_dropped: optional integer
3289              Number of packets dropped by RX.
3290
3291       statistics : rx_frame_err: optional integer
3292              Number of frame alignment errors.
3293
3294       statistics : rx_over_err: optional integer
3295              Number of packets with RX overrun.
3296
3297       statistics : rx_crc_err: optional integer
3298              Number of CRC errors.
3299
3300       statistics : rx_errors: optional integer
3301              Total number of receive errors, greater than or equal to the sum
3302              of the above.
3303
3304     Statistics: Transmit errors:
3305
3306       statistics : tx_dropped: optional integer
3307              Number of packets dropped by TX.
3308
3309       statistics : collisions: optional integer
3310              Number of collisions.
3311
3312       statistics : tx_errors: optional integer
3313              Total  number  of  transmit errors, greater than or equal to the
3314              sum of the above.
3315
3316     Ingress Policing:
3317
3318       These settings control ingress policing for packets  received  on  this
3319       interface. On a physical interface, this limits the rate at which traf‐
3320       fic is allowed into the system from the outside; on a virtual interface
3321       (one connected to a virtual machine), this limits the rate at which the
3322       VM is able to transmit.
3323
3324       Policing is a simple form of quality-of-service that simply drops pack‐
3325       ets  received  in excess of the configured rate. Due to its simplicity,
3326       policing is usually less accurate and less effective  than  egress  QoS
3327       (which is configured using the QoS and Queue tables).
3328
3329       Policing  is  currently  implemented  on  Linux and OVS with DPDK. Both
3330       implementations use a simple ``token bucket’’ approach:
3331
3332              ·      The size of  the  bucket  corresponds  to  ingress_polic‐
3333                     ing_burst. Initially the bucket is full.
3334
3335              ·      Whenever  a  packet  is  received, its size (converted to
3336                     tokens) is compared to the number of tokens currently  in
3337                     the  bucket.  If the required number of tokens are avail‐
3338                     able, they are removed and the packet is forwarded.  Oth‐
3339                     erwise, the packet is dropped.
3340
3341              ·      Whenever  it  is  not  full,  the bucket is refilled with
3342                     tokens at the rate specified by ingress_policing_rate.
3343
3344       Policing interacts badly with some network  protocols,  and  especially
3345       with fragmented IP packets. Suppose that there is enough network activ‐
3346       ity to keep the bucket nearly empty  all  the  time.  Then  this  token
3347       bucket  algorithm will forward a single packet every so often, with the
3348       period depending on packet size and on the configured rate. All of  the
3349       fragments  of an IP packets are normally transmitted back-to-back, as a
3350       group. In such a situation, therefore, only one of these fragments will
3351       be  forwarded and the rest will be dropped. IP does not provide any way
3352       for the intended recipient to ask for only the remaining fragments.  In
3353       such  a  case  there  are two likely possibilities for what will happen
3354       next: either all of the fragments will eventually be retransmitted  (as
3355       TCP  will do), in which case the same problem will recur, or the sender
3356       will not realize that its packet has been dropped and data will  simply
3357       be lost (as some UDP-based protocols will do). Either way, it is possi‐
3358       ble that no forward progress will ever occur.
3359
3360       ingress_policing_rate: integer, at least 0
3361              Maximum rate for data received on this interface, in kbps.  Data
3362              received  faster  than  this  rate  is  dropped.  Set  to 0 (the
3363              default) to disable policing.
3364
3365       ingress_policing_burst: integer, at least 0
3366              Maximum burst size for data received on this interface,  in  kb.
3367              The  default burst size if set to 0 is 8000 kbit. This value has
3368              no effect if ingress_policing_rate is 0.
3369
3370              Specifying a larger burst size lets the algorithm be  more  for‐
3371              giving, which is important for protocols like TCP that react se‐
3372              verely to dropped packets. The burst size should be at least the
3373              size  of the interface’s MTU. Specifying a value that is numeri‐
3374              cally at least as large as 80%  of  ingress_policing_rate  helps
3375              TCP come closer to achieving the full rate.
3376
3377     Bidirectional Forwarding Detection (BFD):
3378
3379       BFD,  defined in RFC 5880 and RFC 5881, allows point-to-point detection
3380       of connectivity failures by occasional transmission of BFD control mes‐
3381       sages. Open vSwitch implements BFD to serve as a more popular and stan‐
3382       dards compliant alternative to CFM.
3383
3384       BFD operates by regularly transmitting BFD control messages at  a  rate
3385       negotiated independently in each direction. Each endpoint specifies the
3386       rate at which it expects to receive control messages, and the  rate  at
3387       which  it  is willing to transmit them. By default, Open vSwitch uses a
3388       detection multiplier of three, meaning that an endpoint signals a  con‐
3389       nectivity  fault  if  three  consecutive  BFD  control messages fail to
3390       arrive. In the case of a unidirectional connectivity issue, the  system
3391       not  receiving  BFD control messages signals the problem to its peer in
3392       the messages it transmits.
3393
3394       The Open vSwitch implementation of BFD aims to comply  faithfully  with
3395       RFC  5880  requirements.  Open  vSwitch does not implement the optional
3396       Authentication or ``Echo Mode’’ features.
3397
3398       OVS 2.13 and earlier intercepted and processed  all  BFD  packets.  OVS
3399       2.14  and  later  only  intercept and process BFD packets destined to a
3400       configured BFD instance, and other BFD packets are  made  available  to
3401       the OVS flow table for forwarding.
3402
3403     BFD Configuration:
3404
3405       A  controller  sets  up key-value pairs in the bfd column to enable and
3406       configure BFD.
3407
3408       bfd : enable: optional string, either true or false
3409              True to enable BFD on this Interface. If not specified, BFD will
3410              not be enabled by default.
3411
3412       bfd : min_rx: optional string, containing an integer, at least 1
3413              The  shortest  interval, in milliseconds, at which this BFD ses‐
3414              sion offers to receive BFD control messages. The remote endpoint
3415              may choose to send messages at a slower rate. Defaults to 1000.
3416
3417       bfd : min_tx: optional string, containing an integer, at least 1
3418              The  shortest  interval, in milliseconds, at which this BFD ses‐
3419              sion is willing to transmit BFD control messages. Messages  will
3420              actually  be transmitted at a slower rate if the remote endpoint
3421              is not willing to receive as quickly as specified.  Defaults  to
3422              100.
3423
3424       bfd : decay_min_rx: optional string, containing an integer
3425              An  alternate  receive  interval,  in milliseconds, that must be
3426              greater than or equal to bfd:min_rx. The implementation switches
3427              from  bfd:min_rx  to  bfd:decay_min_rx  when there is no obvious
3428              incoming data traffic at the interface, to reduce  the  CPU  and
3429              bandwidth cost of monitoring an idle interface. This feature may
3430              be disabled by setting a value of 0. This feature is reset when‐
3431              ever bfd:decay_min_rx or bfd:min_rx changes.
3432
3433       bfd : forwarding_if_rx: optional string, either true or false
3434              When true, traffic received on the Interface is used to indicate
3435              the capability of packet I/O.  BFD  control  packets  are  still
3436              transmitted  and  received. At least one BFD control packet must
3437              be received every 100 * bfd:min_rx amount  of  time.  Otherwise,
3438              even if traffic are received, the bfd:forwarding will be false.
3439
3440       bfd : cpath_down: optional string, either true or false
3441              Set  to  true  to notify the remote endpoint that traffic should
3442              not be forwarded to this system for some  reason  other  than  a
3443              connectivty  failure on the interface being monitored. The typi‐
3444              cal underlying reason is ``concatenated path  down,’’  that  is,
3445              that  connectivity  beyond the local system is down. Defaults to
3446              false.
3447
3448       bfd : check_tnl_key: optional string, either true or false
3449              Set to true to make BFD accept only control messages with a tun‐
3450              nel  key  of zero. By default, BFD accepts control messages with
3451              any tunnel key.
3452
3453       bfd : bfd_local_src_mac: optional string
3454              Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to  set
3455              the  MAC used as source for transmitted BFD packets. The default
3456              is the mac address of the BFD enabled interface.
3457
3458       bfd : bfd_local_dst_mac: optional string
3459              Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to  set
3460              the  MAC  used  as  destination for transmitted BFD packets. The
3461              default is 00:23:20:00:00:01.
3462
3463       bfd : bfd_remote_dst_mac: optional string
3464              Set to an Ethernet address in the form xx:xx:xx:xx:xx:xx to  set
3465              the  MAC used for checking the destination of received BFD pack‐
3466              ets. Packets with different destination MAC will not be  consid‐
3467              ered  as  BFD  packets.  If  not  specified  the destination MAC
3468              address of received BFD packets are not checked.
3469
3470       bfd : bfd_src_ip: optional string
3471              Set to an IPv4 address to set the IP address used as source  for
3472              transmitted BFD packets. The default is 169.254.1.1.
3473
3474       bfd : bfd_dst_ip: optional string
3475              Set to an IPv4 address to set the IP address used as destination
3476              for transmitted BFD packets. The default is 169.254.1.0.
3477
3478       bfd : oam: optional string
3479              Some tunnel protocols (such as Geneve)  include  a  bit  in  the
3480              header to indicate that the encapsulated packet is an OAM frame.
3481              By setting this to true, BFD packets will be marked  as  OAM  if
3482              encapsulated in one of these tunnels.
3483
3484       bfd : mult: optional string, containing an integer, in range 1 to 255
3485              The  BFD  detection multiplier, which defaults to 3. An endpoint
3486              signals a connectivity fault if the given number of  consecutive
3487              BFD control messages fail to arrive.
3488
3489     BFD Status:
3490
3491       The  switch sets key-value pairs in the bfd_status column to report the
3492       status of BFD  on  this  interface.  When  BFD  is  not  enabled,  with
3493       bfd:enable, the switch clears all key-value pairs from bfd_status.
3494
3495       bfd_status  : state: optional string, one of admin_down, down, init, or
3496       up
3497              Reports the state of the BFD session. The BFD session  is  fully
3498              healthy and negotiated if UP.
3499
3500       bfd_status : forwarding: optional string, either true or false
3501              Reports  whether  the BFD session believes this Interface may be
3502              used to forward traffic. Typically this means the local  session
3503              is signaling UP, and the remote system isn’t signaling a problem
3504              such as concatenated path down.
3505
3506       bfd_status : diagnostic: optional string
3507              A diagnostic code specifying the local system’s reason  for  the
3508              last  change in session state. The error messages are defined in
3509              section 4.1 of [RFC 5880].
3510
3511       bfd_status : remote_state: optional string, one  of  admin_down,  down,
3512       init, or up
3513              Reports the state of the remote endpoint’s BFD session.
3514
3515       bfd_status : remote_diagnostic: optional string
3516              A  diagnostic code specifying the remote system’s reason for the
3517              last change in session state. The error messages are defined  in
3518              section 4.1 of [RFC 5880].
3519
3520       bfd_status  :  flap_count:  optional  string, containing an integer, at
3521       least 0
3522              Counts the number of bfd_status:forwarding flaps since start.  A
3523              flap  is  considered  as  a  change of the bfd_status:forwarding
3524              value.
3525
3526     Connectivity Fault Management:
3527
3528       802.1ag Connectivity Fault Management (CFM) allows a group  of  Mainte‐
3529       nance Points (MPs) called a Maintenance Association (MA) to detect con‐
3530       nectivity problems with each other. MPs within a MA  should  have  com‐
3531       plete and exclusive interconnectivity. This is verified by occasionally
3532       broadcasting Continuity Check Messages (CCMs) at a configurable  trans‐
3533       mission interval.
3534
3535       According  to  the 802.1ag specification, each Maintenance Point should
3536       be configured out-of-band with a list of Remote Maintenance  Points  it
3537       should  have  connectivity to. Open vSwitch differs from the specifica‐
3538       tion in this area. It simply assumes the link is faulted if  no  Remote
3539       Maintenance  Points  are reachable, and considers it not faulted other‐
3540       wise.
3541
3542       When operating over tunnels which have no in_key, or an in_key of flow.
3543       CFM will only accept CCMs with a tunnel key of zero.
3544
3545       cfm_mpid: optional integer
3546              A  Maintenance Point ID (MPID) uniquely identifies each endpoint
3547              within a Maintenance Association. The MPID is used  to  identify
3548              this endpoint to other Maintenance Points in the MA. Each end of
3549              a link being monitored should have a  different  MPID.  Must  be
3550              configured to enable CFM on this Interface.
3551
3552              According  to  the  802.1ag  specification, MPIDs can only range
3553              between  [1,  8191].  However,  extended  mode  (see  other_con‐
3554              fig:cfm_extended) supports eight byte MPIDs.
3555
3556       cfm_flap_count: optional integer
3557              Counts the number of cfm fault flapps since boot. A flap is con‐
3558              sidered to be a change of the cfm_fault value.
3559
3560       cfm_fault: optional boolean
3561              Indicates a connectivity fault  triggered  by  an  inability  to
3562              receive  heartbeats  from  any  remote endpoint. When a fault is
3563              triggered on Interfaces participating in  bonds,  they  will  be
3564              disabled.
3565
3566              Faults  can  be  triggered for several reasons. Most importantly
3567              they are triggered when no CCMs are received for a period of 3.5
3568              times  the transmission interval. Faults are also triggered when
3569              any CCMs indicate that a Remote Maintenance Point is not receiv‐
3570              ing CCMs but able to send them. Finally, a fault is triggered if
3571              a CCM is  received  which  indicates  unexpected  configuration.
3572              Notably,  this  case  arises when a CCM is received which adver‐
3573              tises the local MPID.
3574
3575       cfm_fault_status : recv: none
3576              Indicates a CFM fault was  triggered  due  to  a  lack  of  CCMs
3577              received on the Interface.
3578
3579       cfm_fault_status : rdi: none
3580              Indicates  a  CFM  fault was triggered due to the reception of a
3581              CCM with the RDI bit flagged. Endpoints set the RDI bit in their
3582              CCMs when they are not receiving CCMs themselves. This typically
3583              indicates a unidirectional connectivity failure.
3584
3585       cfm_fault_status : maid: none
3586              Indicates a CFM fault was triggered due to the  reception  of  a
3587              CCM with a MAID other than the one Open vSwitch uses. CFM broad‐
3588              casts are tagged with an identification number  in  addition  to
3589              the  MPID  called the MAID. Open vSwitch only supports receiving
3590              CCM broadcasts tagged with the MAID it uses internally.
3591
3592       cfm_fault_status : loopback: none
3593              Indicates a CFM fault was triggered due to the  reception  of  a
3594              CCM  advertising the same MPID configured in the cfm_mpid column
3595              of this Interface. This may indicate a loop in the network.
3596
3597       cfm_fault_status : overflow: none
3598              Indicates a CFM fault  was  triggered  because  the  CFM  module
3599              received  CCMs from more remote endpoints than it can keep track
3600              of.
3601
3602       cfm_fault_status : override: none
3603              Indicates a CFM fault was manually triggered by an administrator
3604              using an ovs-appctl command.
3605
3606       cfm_fault_status : interval: none
3607              Indicates  a  CFM  fault was triggered due to the reception of a
3608              CCM frame having an invalid interval.
3609
3610       cfm_remote_opstate: optional string, either down or up
3611              When in extended mode, indicates the operational  state  of  the
3612              remote   endpoint   as   either   up  or  down.  See  other_con‐
3613              fig:cfm_opstate.
3614
3615       cfm_health: optional integer, in range 0 to 100
3616              Indicates the health of the interface as  a  percentage  of  CCM
3617              frames  received  over 21 other_config:cfm_intervals. The health
3618              of an interface is undefined if it is  communicating  with  more
3619              than  one cfm_remote_mpids. It reduces if healthy heartbeats are
3620              not received at the expected rate,  and  gradually  improves  as
3621              healthy  heartbeats  are  received at the desired rate. Every 21
3622              other_config:cfm_intervals,  the  health  of  the  interface  is
3623              refreshed.
3624
3625              As mentioned above, the faults can be triggered for several rea‐
3626              sons. The link health will deteriorate even  if  heartbeats  are
3627              received  but  they  are  reported to be unhealthy. An unhealthy
3628              heartbeat in this context is a heartbeat for which  either  some
3629              fault  is set or is out of sequence. The interface health can be
3630              100 only on receiving healthy heartbeats at the desired rate.
3631
3632       cfm_remote_mpids: set of integers
3633              When CFM is properly configured, Open vSwitch will  occasionally
3634              receive CCM broadcasts. These broadcasts contain the MPID of the
3635              sending Maintenance Point. The list of  MPIDs  from  which  this
3636              Interface  is  receiving  broadcasts from is regularly collected
3637              and written to this column.
3638
3639       other_config : cfm_interval: optional string, containing an integer
3640              The interval, in  milliseconds,  between  transmissions  of  CFM
3641              heartbeats. Three missed heartbeat receptions indicate a connec‐
3642              tivity fault.
3643
3644              In standard operation only  intervals  of  3,  10,  100,  1,000,
3645              10,000,  60,000,  or 600,000 ms are supported. Other values will
3646              be rounded down to the nearest value on the list. Extended  mode
3647              (see  other_config:cfm_extended)  supports  any  interval  up to
3648              65,535 ms. In either mode, the default is 1000 ms.
3649
3650              We do not recommend using intervals less than 100 ms.
3651
3652       other_config : cfm_extended: optional string, either true or false
3653              When true, the CFM module operates in extended mode. This causes
3654              it to use a nonstandard destination address to avoid conflicting
3655              with compliant implementations which may be running concurrently
3656              on  the  network. Furthermore, extended mode increases the accu‐
3657              racy of the cfm_interval  configuration  parameter  by  breaking
3658              wire  compatibility  with 802.1ag compliant implementations. And
3659              extended mode allows eight byte MPIDs. Defaults to false.
3660
3661       other_config : cfm_demand: optional string, either true or false
3662              When true, and other_config:cfm_extended is true, the CFM module
3663              operates  in  demand mode. When in demand mode, traffic received
3664              on the Interface is used to indicate liveness.  CCMs  are  still
3665              transmitted  and  received.  At  least  one CCM must be received
3666              every 100 * other_config:cfm_interval amount of time. Otherwise,
3667              even if traffic are received, the CFM module will raise the con‐
3668              nectivity fault.
3669
3670              Demand mode has a couple of caveats:
3671
3672              ·      To ensure that ovs-vswitchd has enough time to pull  sta‐
3673                     tistics  from  the datapath, the fault detection interval
3674                     is set to 3.5 * MAX(other_config:cfm_interval, 500) ms.
3675
3676              ·      To avoid ambiguity,  demand  mode  disables  itself  when
3677                     there are multiple remote maintenance points.
3678
3679              ·      If  the  Interface  is heavily congested, CCMs containing
3680                     the other_config:cfm_opstate status may be dropped  caus‐
3681                     ing changes in the operational state to be delayed. Simi‐
3682                     larly, if CCMs containing the RDI bit are  not  received,
3683                     unidirectional link failures may not be detected.
3684
3685       other_config : cfm_opstate: optional string, either down or up
3686              When  down, the CFM module marks all CCMs it generates as opera‐
3687              tionally down without triggering a  fault.  This  allows  remote
3688              maintenance  points  to  choose  not  to  forward traffic to the
3689              Interface on which this CFM module  is  running.  Currently,  in
3690              Open vSwitch, the opdown bit of CCMs affects Interfaces partici‐
3691              pating in bonds, and the bundle OpenFlow action. This setting is
3692              ignored when CFM is not in extended mode. Defaults to up.
3693
3694       other_config : cfm_ccm_vlan: optional string, containing an integer, in
3695       range 1 to 4,095
3696              When set, the CFM module will apply a VLAN tag to  all  CCMs  it
3697              generates  with  the  given  value.  May be the string random in
3698              which case each CCM will be tagged  with  a  different  randomly
3699              generated VLAN.
3700
3701       other_config  : cfm_ccm_pcp: optional string, containing an integer, in
3702       range 1 to 7
3703              When set, the CFM module will apply a VLAN tag to  all  CCMs  it
3704              generates  with  the  given PCP value, the VLAN ID of the tag is
3705              governed  by  the   value   of   other_config:cfm_ccm_vlan.   If
3706              other_config:cfm_ccm_vlan is unset, a VLAN ID of zero is used.
3707
3708     Bonding Configuration:
3709
3710       other_config : lacp-port-id: optional string, containing an integer, in
3711       range 1 to 65,535
3712              The LACP port ID of this Interface. Port IDs are  used  in  LACP
3713              negotiations  to  identify  individual  ports participating in a
3714              bond.
3715
3716       other_config : lacp-port-priority: optional string, containing an inte‐
3717       ger, in range 1 to 65,535
3718              The  LACP  port priority of this Interface. In LACP negotiations
3719              Interfaces with numerically lower priorities are  preferred  for
3720              aggregation.
3721
3722       other_config  :  lacp-aggregation-key:  optional  string, containing an
3723       integer, in range 1 to 65,535
3724              The LACP aggregation key of this Interface. Interfaces with dif‐
3725              ferent aggregation keys may not be active within a given Port at
3726              the same time.
3727
3728     Virtual Machine Identifiers:
3729
3730       These key-value pairs specifically apply to an  interface  that  repre‐
3731       sents  a  virtual  Ethernet  interface  connected to a virtual machine.
3732       These key-value pairs should not be present for other types  of  inter‐
3733       faces. Keys whose names end in -uuid have values that uniquely identify
3734       the entity in question. For a Citrix XenServer hypervisor, these values
3735       are UUIDs in RFC 4122 format. Other hypervisors may use other formats.
3736
3737       external_ids : attached-mac: optional string
3738              The  MAC  address  programmed  into the ``virtual hardware’’ for
3739              this  interface,  in  the  form  xx:xx:xx:xx:xx:xx.  For  Citrix
3740              XenServer,  this is the value of the MAC field in the VIF record
3741              for this interface.
3742
3743       external_ids : iface-id: optional string
3744              A system-unique identifier for the interface. On XenServer, this
3745              will commonly be the same as external_ids:xs-vif-uuid.
3746
3747       external_ids : iface-status: optional string, either active or inactive
3748              Hypervisors  may  sometimes have more than one interface associ‐
3749              ated with a given external_ids:iface-id, only one  of  which  is
3750              actually  in  use  at a given time. For example, in some circum‐
3751              stances XenServer has both a ``tap’’ and a ``vif’’ interface for
3752              a  single  external_ids:iface-id, but only uses one of them at a
3753              time. A hypervisor that behaves this way must mark the currently
3754              in  use  interface  active and the others inactive. A hypervisor
3755              that never has more  than  one  interface  for  a  given  exter‐
3756              nal_ids:iface-id  may  mark that interface active or omit exter‐
3757              nal_ids:iface-status entirely.
3758
3759              During VM migration, a given external_ids:iface-id  might  tran‐
3760              siently  be marked active on two different hypervisors. That is,
3761              active means  that  this  external_ids:iface-id  is  the  active
3762              instance  within  a  single  hypervisor, not in a broader scope.
3763              There is one exception: some hypervisors  support  ``migration’’
3764              from  a  given  hypervisor  to  itself (most often for test pur‐
3765              poses). During such a ``migration,’’ two instances of  a  single
3766              external_ids:iface-id  might  both be briefly marked active on a
3767              single hypervisor.
3768
3769       external_ids : xs-vif-uuid: optional string
3770              The virtual interface associated with this interface.
3771
3772       external_ids : xs-network-uuid: optional string
3773              The virtual network to which this interface is attached.
3774
3775       external_ids : vm-id: optional string
3776              The VM to which this interface belongs. On XenServer, this  will
3777              be the same as external_ids:xs-vm-uuid.
3778
3779       external_ids : xs-vm-uuid: optional string
3780              The VM to which this interface belongs.
3781
3782     Auto Attach Configuration:
3783
3784       Auto Attach configuration for a particular interface.
3785
3786       lldp : enable: optional string, either true or false
3787              True  to  enable  LLDP on this Interface. If not specified, LLDP
3788              will be disabled by default.
3789
3790     Flow control Configuration:
3791
3792       Ethernet flow control defined in IEEE 802.1Qbb provides link level flow
3793       control  using  MAC  pause frames. Implemented only for interfaces with
3794       type dpdk.
3795
3796       options : rx-flow-ctrl: optional string, either true or false
3797              Set to true to enable Rx flow  control  on  physical  ports.  By
3798              default, Rx flow control is disabled.
3799
3800       options : tx-flow-ctrl: optional string, either true or false
3801              Set  to  true  to  enable  Tx flow control on physical ports. By
3802              default, Tx flow control is disabled.
3803
3804       options : flow-ctrl-autoneg: optional string, either true or false
3805              Set to true to enable flow control auto negotiation on  physical
3806              ports. By default, auto-neg is disabled.
3807
3808     Link State Change detection mode:
3809
3810       options : dpdk-lsc-interrupt: optional string, either true or false
3811              Set  this  value  to  true  to configure interrupt mode for Link
3812              State Change (LSC) detection instead of poll mode for  the  DPDK
3813              interface.
3814
3815              If this value is not set, poll mode is configured.
3816
3817              This parameter has an effect only on netdev dpdk interfaces.
3818
3819     Common Columns:
3820
3821       The  overall purpose of these columns is described under Common Columns
3822       at the beginning of this document.
3823
3824       other_config: map of string-string pairs
3825
3826       external_ids: map of string-string pairs
3827

Flow_Table TABLE

3829       Configuration for a particular OpenFlow table.
3830
3831   Summary:
3832       name                          optional string
3833       Eviction Policy:
3834         flow_limit                  optional integer, at least 0
3835         overflow_policy             optional string, either evict or refuse
3836         groups                      set of strings
3837       Classifier Optimization:
3838         prefixes                    set of up to 3 strings
3839       Common Columns:
3840         external_ids                map of string-string pairs
3841
3842   Details:
3843       name: optional string
3844              The table’s name. Set this column to change the name  that  con‐
3845              trollers  will  receive when they request table statistics, e.g.
3846              ovs-ofctl dump-tables. The name does not affect switch behavior.
3847
3848     Eviction Policy:
3849
3850       Open vSwitch  supports  limiting  the  number  of  flows  that  may  be
3851       installed  in  a  flow  table, via the flow_limit column. When adding a
3852       flow would exceed this limit, by default Open vSwitch reports an error,
3853       but  there  are  two  ways  to configure Open vSwitch to instead delete
3854       (``evict’’) a flow to make room for the new one:
3855
3856              ·      Set the overflow_policy column to evict.
3857
3858              ·      Send an OpenFlow 1.4+ ``table  mod  request’’  to  enable
3859                     eviction for the flow table (e.g. ovs-ofctl -O OpenFlow14
3860                     mod-table br0 0 evict to enable eviction on flow table  0
3861                     of bridge br0).
3862
3863       When  a flow must be evicted due to overflow, the flow to evict is cho‐
3864       sen through an approximation of the following algorithm. This algorithm
3865       is used regardless of how eviction was enabled:
3866
3867              1.  Divide  the flows in the table into groups based on the val‐
3868                  ues of the fields or subfields specified in the groups  col‐
3869                  umn, so that all of the flows in a given group have the same
3870                  values for those fields. If a flow does not specify a  given
3871                  field,  that  field’s  value  is  treated as 0. If groups is
3872                  empty, then all of the flows in the flow table  are  treated
3873                  as a single group.
3874
3875              2.  Consider  the flows in the largest group, that is, the group
3876                  that contains the greatest number of flows. If two  or  more
3877                  groups  all  have the same largest number of flows, consider
3878                  the flows in all of those groups.
3879
3880              3.  If the flows under consideration have  different  importance
3881                  values,  eliminate from consideration any flows except those
3882                  with the lowest importance. (``Importance,’’ a 16-bit  inte‐
3883                  ger  value attached to each flow, was introduced in OpenFlow
3884                  1.4. Flows inserted with older versions of  OpenFlow  always
3885                  have an importance of 0.)
3886
3887              4.  Among  the  flows  under consideration, choose the flow that
3888                  expires soonest for eviction.
3889
3890       The eviction process only considers flows that have an idle timeout  or
3891       a  hard timeout. That is, eviction never deletes permanent flows. (Per‐
3892       manent flows do count against flow_limit.)
3893
3894       flow_limit: optional integer, at least 0
3895              If set, limits the number of flows that may be added to the  ta‐
3896              ble.  Open  vSwitch may limit the number of flows in a table for
3897              other reasons, e.g. due to hardware limitations or for  resource
3898              availability or performance reasons.
3899
3900       overflow_policy: optional string, either evict or refuse
3901              Controls the switch’s behavior when an OpenFlow flow table modi‐
3902              fication request would add flows in excess  of  flow_limit.  The
3903              supported values are:
3904
3905              refuse Refuse to add the flow or flows. This is also the default
3906                     policy when overflow_policy is unset.
3907
3908              evict  Delete a flow chosen according to the algorithm described
3909                     above.
3910
3911       groups: set of strings
3912              When  overflow_policy is evict, this controls how flows are cho‐
3913              sen for eviction when the  flow  table  would  otherwise  exceed
3914              flow_limit  flows.  Its  value  is  a  set of NXM fields or sub-
3915              fields, each  of  which  takes  one  of  the  forms  field[]  or
3916              field[start..end], e.g. NXM_OF_IN_PORT[]. Please see meta-flow.h
3917              for a complete list of NXM field names.
3918
3919              Open vSwitch ignores any invalid  or  unknown  field  specifica‐
3920              tions.
3921
3922              When eviction is not enabled, via overflow_policy or an OpenFlow
3923              1.4+ ``table mod,’’ this column has no effect.
3924
3925     Classifier Optimization:
3926
3927       prefixes: set of up to 3 strings
3928              This string set  specifies  which  fields  should  be  used  for
3929              address  prefix  tracking. Prefix tracking allows the classifier
3930              to skip rules with longer than necessary prefixes, resulting  in
3931              better wildcarding for datapath flows.
3932
3933              Prefix  tracking  may  be  beneficial when a flow table contains
3934              matches on IP address fields with different prefix lengths.  For
3935              example,  when  a flow table contains IP address matches on both
3936              full addresses and proper prefixes,  the  full  address  matches
3937              will  typically cause the datapath flow to un-wildcard the whole
3938              address field (depending on flow entry priorities). In this case
3939              each  packet  with  a  different  address  gets  handed  to  the
3940              userspace for flow processing and  generates  its  own  datapath
3941              flow.  With  prefix  tracking  enabled  for the address field in
3942              question packets with addresses matching shorter prefixes  would
3943              generate  datapath  flows  where the irrelevant address bits are
3944              wildcarded, allowing the same datapath flow to  handle  all  the
3945              packets  within  the  prefix  in  question.  In  this  case many
3946              userspace upcalls can be avoided and the overall performance can
3947              be better.
3948
3949              This is a performance optimization only, so packets will receive
3950              the same treatment with or without prefix tracking.
3951
3952              The   supported   fields   are:   tun_id,   tun_src,    tun_dst,
3953              tun_ipv6_src,  tun_ipv6_dst,  nw_src,  nw_dst (or aliases ip_src
3954              and ip_dst), ipv6_src, and ipv6_dst.  (Using  this  feature  for
3955              tun_id  would  only  make  sense  if  the tunnel IDs have prefix
3956              structure similar to IP addresses.)
3957
3958              By default, the prefixes=ip_dst,ip_src are used on each flow ta‐
3959              ble. This instructs the flow classifier to track the IP destina‐
3960              tion and source addresses used by the  rules  in  this  specific
3961              flow table.
3962
3963              The  keyword  none  is recognized as an explicit override of the
3964              default values, causing no prefix fields to be tracked.
3965
3966              To set the prefix fields, the flow table record needs to exist:
3967
3968              ovs-vsctl set Bridge br0 flow_tables:0=@N1  --  --id=@N1  create
3969              Flow_Table name=table0
3970                     Creates a flow table record for the OpenFlow table number
3971                     0.
3972
3973              ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src
3974                     Enables prefix tracking for  IP  source  and  destination
3975                     address fields.
3976
3977              There  is a maximum number of fields that can be enabled for any
3978              one flow table. Currently this limit is 3.
3979
3980     Common Columns:
3981
3982       The overall purpose of these columns is described under Common  Columns
3983       at the beginning of this document.
3984
3985       external_ids: map of string-string pairs
3986

QoS TABLE

3988       Quality  of  Service  (QoS) configuration for each Port that references
3989       it.
3990
3991   Summary:
3992       type                          string
3993       queues                        map of integer-Queue pairs, key in  range
3994                                     0 to 4,294,967,295
3995       Configuration for linux-htb and linux-hfsc:
3996         other_config : max-rate     optional string, containing an integer
3997       Configuration for egress-policer QoS:
3998         other_config : cir          optional string, containing an integer
3999         other_config : cbs          optional string, containing an integer
4000         other_config : eir          optional string, containing an integer
4001         other_config : ebs          optional string, containing an integer
4002       Configuration for linux-sfq:
4003         other_config : perturb      optional string, containing an integer
4004         other_config : quantum      optional string, containing an integer
4005       Configuration for linux-netem:
4006         other_config : latency      optional string, containing an integer
4007         other_config : limit        optional string, containing an integer
4008         other_config : loss         optional string, containing an integer
4009       Common Columns:
4010         other_config                map of string-string pairs
4011         external_ids                map of string-string pairs
4012
4013   Details:
4014       type: string
4015              The  type  of  QoS to implement. The currently defined types are
4016              listed below:
4017
4018              linux-htb
4019                     Linux ``hierarchy  token  bucket’’  classifier.  See  tc-
4020                     htb(8)  (also  at  http://linux.die.net/man/8/tc-htb) and
4021                     the HTB  manual  (http://luxik.cdi.cz/~devik/qos/htb/man‐
4022                     ual/userg.htm)  for  information  on  how this classifier
4023                     works and how to configure it.
4024
4025              linux-hfsc
4026                     Linux "Hierarchical Fair Service Curve"  classifier.  See
4027                     http://linux-ip.net/articles/hfsc.en/  for information on
4028                     how this classifier works.
4029
4030              linux-sfq
4031                     Linux ``Stochastic Fairness  Queueing’’  classifier.  See
4032                     tc-sfq(8) (also at http://linux.die.net/man/8/tc-sfq) for
4033                     information on how this classifier works.
4034
4035              linux-codel
4036                     Linux ``Controlled Delay’’  classifier.  See  tc-codel(8)
4037                     (also                                                  at
4038                     http://man7.org/linux/man-pages/man8/tc-codel.8.html) for
4039                     information on how this classifier works.
4040
4041              linux-fq_codel
4042                     Linux  ``Fair Queuing with Controlled Delay’’ classifier.
4043                     See           tc-fq_codel(8)           (also           at
4044                     http://man7.org/linux/man-pages/man8/tc-fq_codel.8.html)
4045                     for information on how this classifier works.
4046
4047              linux-netem
4048                     Linux ``Network Emulator’’  classifier.  See  tc-netem(8)
4049                     (also                                                  at
4050                     http://man7.org/linux/man-pages/man8/tc-netem.8.html) for
4051                     information on how this classifier works.
4052
4053              linux-noop
4054                     Linux  ``No operation.’’ By default, Open vSwitch manages
4055                     quality of service on all of its configured  ports.  This
4056                     can  be  helpful,  but sometimes administrators prefer to
4057                     use other software to manage QoS. This type prevents Open
4058                     vSwitch from changing the QoS configuration for a port.
4059
4060              egress-policer
4061                     A  DPDK egress policer algorithm using the DPDK rte_meter
4062                     library. The rte_meter library provides an implementation
4063                     which  allows  the  metering and policing of traffic. The
4064                     implementation in OVS essentially creates a single  token
4065                     bucket  used  to  police traffic. It should be noted that
4066                     when the rte_meter is configured as  part  of  QoS  there
4067                     will  be  a  performance overhead as the rte_meter itself
4068                     will consume CPU cycles in order to police traffic. These
4069                     CPU cycles ordinarily are used for packet proccessing. As
4070                     such the drop in performance will be noticed in terms  of
4071                     overall aggregate traffic throughput.
4072
4073              trtcm-policer
4074                     A  DPDK  egress  policer  algorithm using RFC 4115’s Two-
4075                     Rate, Three-Color marker. It’s a  two-level  hierarchical
4076                     policer  which  first  does  a color-blind marking of the
4077                     traffic at the queue level,  followed  by  a  color-aware
4078                     marking  at  the port level. At the end traffic marked as
4079                     Green or Yellow is forwarded, Red is dropped. For details
4080                     on  how traffic is marked, see RFC 4115. If the ``default
4081                     queue’’, 0, is not configured it’s automatically  created
4082                     with the same other_config values as the physical port.
4083
4084       queues: map of integer-Queue pairs, key in range 0 to 4,294,967,295
4085              A  map  from queue numbers to Queue records. The supported range
4086              of queue numbers depend on type. The queue numbers are the  same
4087              as  the  queue_id  used in OpenFlow in struct ofp_action_enqueue
4088              and other structures.
4089
4090              Queue 0 is the ``default queue.’’ It is used by OpenFlow  output
4091              actions  when no specific queue has been set. When no configura‐
4092              tion for queue 0 is present, it is automatically  configured  as
4093              if  a  Queue record with empty dscp and other_config columns had
4094              been specified. (Before version 1.6, Open  vSwitch  would  leave
4095              queue  0  unconfigured  in  this  case. With some queuing disci‐
4096              plines, this  dropped  all  packets  destined  for  the  default
4097              queue.)
4098
4099     Configuration for linux-htb and linux-hfsc:
4100
4101       The  linux-htb  and  linux-hfsc classes support the following key-value
4102       pair:
4103
4104       other_config : max-rate: optional string, containing an integer
4105              Maximum rate shared by all queued traffic, in  bit/s.  Optional.
4106              If  not  specified,  for physical interfaces, the default is the
4107              link rate. For other interfaces or if the link  rate  cannot  be
4108              determined, the default is currently 100 Mbps.
4109
4110     Configuration for egress-policer QoS:
4111
4112       QoS  type  egress-policer  provides  egress policing for userspace port
4113       types with DPDK. It has the following key-value pairs defined.
4114
4115       other_config : cir: optional string, containing an integer
4116              The Committed Information Rate (CIR) is measured in bytes of  IP
4117              packets per second, i.e. it includes the IP header, but not link
4118              specific (e.g. Ethernet) headers. This represents the bytes  per
4119              second  rate  at which the token bucket will be updated. The cir
4120              value is calculated by (pps x packet  data  size).  For  example
4121              assuming  a  user wishes to limit a stream consisting of 64 byte
4122              packets to 1 million packets per second the CIR would be set  to
4123              to  to 46000000. This value can be broken into ’1,000,000 x 46’.
4124              Where 1,000,000 is the policing rate for the number  of  packets
4125              per  second  and 46 represents the size of the packet data for a
4126              64 byte ip packet.
4127
4128       other_config : cbs: optional string, containing an integer
4129              The Committed Burst Size (CBS) is measured in bytes  and  repre‐
4130              sents  a  token bucket. At a minimum this value should be be set
4131              to the expected largest size packet in the  traffic  stream.  In
4132              practice  larger  values may be used to increase the size of the
4133              token bucket. If a packet can be transmitted then the  cbs  will
4134              be  decremented  by the number of bytes/tokens of the packet. If
4135              there are not enough tokens in the cbs bucket the packet will be
4136              dropped.
4137
4138       other_config : eir: optional string, containing an integer
4139              The  Excess  Information  Rate  (EIR) is measured in bytes of IP
4140              packets per second, i.e. it includes the IP header, but not link
4141              specific  (e.g. Ethernet) headers. This represents the bytes per
4142              second rate at which the token bucket will be updated.  The  eir
4143              value  is  calculated  by  (pps x packet data size). For example
4144              assuming a user wishes to limit a stream consisting of  64  byte
4145              packets  to 1 million packets per second the EIR would be set to
4146              to to 46000000. This value can be broken into ’1,000,000 x  46’.
4147              Where  1,000,000  is the policing rate for the number of packets
4148              per second and 46 represents the size of the packet data  for  a
4149              64 byte ip packet.
4150
4151       other_config : ebs: optional string, containing an integer
4152              The  Excess Burst Size (EBS) is measured in bytes and represents
4153              a token bucket. At a minimum this value should be be set to  the
4154              expected  largest size packet in the traffic stream. In practice
4155              larger values may be used to increase  the  size  of  the  token
4156              bucket.  If  a  packet  can  be transmitted then the ebs will be
4157              decremented by the number of  bytes/tokens  of  the  packet.  If
4158              there  are  not enough tokens in the cbs bucket the packet might
4159              be dropped.
4160
4161     Configuration for linux-sfq:
4162
4163       The linux-sfq QoS supports the following key-value pairs:
4164
4165       other_config : perturb: optional string, containing an integer
4166              Number of seconds between consecutive perturbations  in  hashing
4167              algorithm.  Different  flows  can end up in the same hash bucket
4168              causing unfairness. Perturbation’s goal is  to  remove  possible
4169              unfairness.  The  default and recommended value is 10. Too low a
4170              value is discouraged because each perturbation can cause  packet
4171              reordering.
4172
4173       other_config : quantum: optional string, containing an integer
4174              Number  of bytes linux-sfq QoS can dequeue in one turn in round-
4175              robin from one flow. The default and recommended value is  equal
4176              to interface’s MTU.
4177
4178     Configuration for linux-netem:
4179
4180       The linux-netem QoS supports the following key-value pairs:
4181
4182       other_config : latency: optional string, containing an integer
4183              Adds  the chosen delay to the packets outgoing to chosen network
4184              interface. The latency value expressed in us.
4185
4186       other_config : limit: optional string, containing an integer
4187              Maximum number of packets the qdisc may hold queued at  a  time.
4188              The default value is 1000.
4189
4190       other_config : loss: optional string, containing an integer
4191              Adds  an  independent  loss  probability to the packets outgoing
4192              from the chosen network interface.
4193
4194     Common Columns:
4195
4196       The overall purpose of these columns is described under Common  Columns
4197       at the beginning of this document.
4198
4199       other_config: map of string-string pairs
4200
4201       external_ids: map of string-string pairs
4202

Queue TABLE

4204       A configuration for a port output queue, used in configuring Quality of
4205       Service (QoS) features. May be referenced by queues column in  QoS  ta‐
4206       ble.
4207
4208   Summary:
4209       dscp                          optional integer, in range 0 to 63
4210       Configuration for linux-htb QoS:
4211         other_config : min-rate     optional  string,  containing an integer,
4212                                     at least 1
4213         other_config : max-rate     optional string, containing  an  integer,
4214                                     at least 1
4215         other_config : burst        optional  string,  containing an integer,
4216                                     at least 1
4217         other_config : priority     optional string, containing  an  integer,
4218                                     in range 0 to 4,294,967,295
4219       Configuration for linux-hfsc QoS:
4220         other_config : min-rate     optional  string,  containing an integer,
4221                                     at least 1
4222         other_config : max-rate     optional string, containing  an  integer,
4223                                     at least 1
4224       Common Columns:
4225         other_config                map of string-string pairs
4226         external_ids                map of string-string pairs
4227
4228   Details:
4229       dscp: optional integer, in range 0 to 63
4230              If  set, Open vSwitch will mark all traffic egressing this Queue
4231              with the given DSCP bits. Traffic egressing the default Queue is
4232              only  marked  if  it was explicitly selected as the Queue at the
4233              time the packet was output. If unset, the DSCP bits  of  traffic
4234              egressing this Queue will remain unchanged.
4235
4236     Configuration for linux-htb QoS:
4237
4238       QoS  type  linux-htb may use queue_ids less than 61440. It has the fol‐
4239       lowing key-value pairs defined.
4240
4241       other_config : min-rate: optional string,  containing  an  integer,  at
4242       least 1
4243              Minimum guaranteed bandwidth, in bit/s.
4244
4245       other_config  :  max-rate:  optional  string, containing an integer, at
4246       least 1
4247              Maximum allowed bandwidth, in bit/s. Optional. If specified, the
4248              queue’s  rate will not be allowed to exceed the specified value,
4249              even if excess bandwidth is available. If unspecified,  defaults
4250              to no limit.
4251
4252       other_config  : burst: optional string, containing an integer, at least
4253       1
4254              Burst size, in bits. This is the maximum amount  of  ``credits’’
4255              that  a queue can accumulate while it is idle. Optional. Details
4256              of the linux-htb implementation require a minimum burst size, so
4257              a too-small burst will be silently ignored.
4258
4259       other_config  :  priority:  optional  string, containing an integer, in
4260       range 0 to 4,294,967,295
4261              A queue with a smaller priority  will  receive  all  the  excess
4262              bandwidth  that  it  can  use before a queue with a larger value
4263              receives any. Specific priority  values  are  unimportant;  only
4264              relative ordering matters. Defaults to 0 if unspecified.
4265
4266     Configuration for linux-hfsc QoS:
4267
4268       QoS  type linux-hfsc may use queue_ids less than 61440. It has the fol‐
4269       lowing key-value pairs defined.
4270
4271       other_config : min-rate: optional string,  containing  an  integer,  at
4272       least 1
4273              Minimum guaranteed bandwidth, in bit/s.
4274
4275       other_config  :  max-rate:  optional  string, containing an integer, at
4276       least 1
4277              Maximum allowed bandwidth, in bit/s. Optional. If specified, the
4278              queue’s  rate will not be allowed to exceed the specified value,
4279              even if excess bandwidth is available. If unspecified,  defaults
4280              to no limit.
4281
4282     Common Columns:
4283
4284       The  overall purpose of these columns is described under Common Columns
4285       at the beginning of this document.
4286
4287       other_config: map of string-string pairs
4288
4289       external_ids: map of string-string pairs
4290

Mirror TABLE

4292       A port mirror within a Bridge.
4293
4294       A port mirror configures a bridge to send selected  frames  to  special
4295       ``mirrored’’ ports, in addition to their normal destinations. Mirroring
4296       traffic may also be referred to as SPAN or RSPAN, depending on how  the
4297       mirrored traffic is sent.
4298
4299       When  a  packet  enters an Open vSwitch bridge, it becomes eligible for
4300       mirroring based on its ingress port and VLAN.  As  the  packet  travels
4301       through  the  flow tables, each time it is output to a port, it becomes
4302       eligible for mirroring based on the  egress  port  and  VLAN.  In  Open
4303       vSwitch  2.5  and  later,  mirroring  occurs  just after a packet first
4304       becomes eligible, using the packet as it exists at that point; in  Open
4305       vSwitch  2.4 and earlier, mirroring occurs only after a packet has tra‐
4306       versed all the flow tables, using the original packet as it entered the
4307       bridge.  This  makes a difference only when the flow table modifies the
4308       packet: in Open vSwitch 2.4, the modifications  are  never  visible  to
4309       mirrors,  whereas  in  Open  vSwitch  2.5  and later modifications made
4310       before the first output that makes it eligible for mirroring to a  par‐
4311       ticular destination are visible.
4312
4313       A packet that enters an Open vSwitch bridge is mirrored to a particular
4314       destination only once, even if it is eligible for multiple reasons. For
4315       example,  a  packet  would be mirrored to a particular output_port only
4316       once,  even  if  it  is  selected  for  mirroring  to  that   port   by
4317       select_dst_port  and  select_src_port  in  the same or different Mirror
4318       records.
4319
4320   Summary:
4321       name                          string
4322       Selecting Packets for Mirroring:
4323         select_all                  boolean
4324         select_dst_port             set of weak reference to Ports
4325         select_src_port             set of weak reference to Ports
4326         select_vlan                 set of up to 4,096 integers, in  range  0
4327                                     to 4,095
4328       Mirroring Destination Configuration:
4329         output_port                 optional weak reference to Port
4330         output_vlan                 optional integer, in range 1 to 4,095
4331         snaplen                     optional integer, in range 14 to 65,535
4332       Statistics: Mirror counters:
4333         statistics : tx_packets     optional integer
4334         statistics : tx_bytes       optional integer
4335       Common Columns:
4336         external_ids                map of string-string pairs
4337
4338   Details:
4339       name: string
4340              Arbitrary identifier for the Mirror.
4341
4342     Selecting Packets for Mirroring:
4343
4344       To  be  selected  for mirroring, a given packet must enter or leave the
4345       bridge through a selected port and it  must  also  be  in  one  of  the
4346       selected VLANs.
4347
4348       select_all: boolean
4349              If  true,  every  packet  arriving  or  departing on any port is
4350              selected for mirroring.
4351
4352       select_dst_port: set of weak reference to Ports
4353              Ports on which departing packets are selected for mirroring.
4354
4355       select_src_port: set of weak reference to Ports
4356              Ports on which arriving packets are selected for mirroring.
4357
4358       select_vlan: set of up to 4,096 integers, in range 0 to 4,095
4359              VLANs on which packets are selected for mirroring. An empty  set
4360              selects packets on all VLANs.
4361
4362     Mirroring Destination Configuration:
4363
4364       These  columns  are  mutually  exclusive.  Exactly  one of them must be
4365       nonempty.
4366
4367       output_port: optional weak reference to Port
4368              Output port for selected packets, if nonempty.
4369
4370              Specifying a port for mirror output reserves  that  port  exclu‐
4371              sively  for  mirroring.  No frames other than those selected for
4372              mirroring via this column will be forwarded to the port, and any
4373              frames received on the port will be discarded.
4374
4375              The  output  port  may  be  any  kind  of port supported by Open
4376              vSwitch. It may be, for  example,  a  physical  port  (sometimes
4377              called SPAN) or a GRE tunnel.
4378
4379       output_vlan: optional integer, in range 1 to 4,095
4380              Output VLAN for selected packets, if nonempty.
4381
4382              The frames will be sent out all ports that trunk output_vlan, as
4383              well as any ports with implicit VLAN output_vlan.  When  a  mir‐
4384              rored  frame is sent out a trunk port, the frame’s VLAN tag will
4385              be set to output_vlan, replacing any existing tag;  when  it  is
4386              sent  out  an  implicit VLAN port, the frame will not be tagged.
4387              This type of mirroring is sometimes called RSPAN.
4388
4389              See  the  documentation  for  other_config:forward-bpdu  in  the
4390              Interface  table  for  a list of destination MAC addresses which
4391              will not be mirrored to a VLAN to avoid confusing switches  that
4392              interpret the protocols that they represent.
4393
4394              Please note: Mirroring to a VLAN can disrupt a network that con‐
4395              tains unmanaged switches. Consider an unmanaged physical  switch
4396              with  two  ports:  port 1, connected to an end host, and port 2,
4397              connected to an Open vSwitch configured to mirror received pack‐
4398              ets  into  VLAN 123 on port 2. Suppose that the end host sends a
4399              packet on port 1 that the physical switch forwards  to  port  2.
4400              The  Open  vSwitch  forwards  this packet to its destination and
4401              then reflects it back on port 2  in  VLAN  123.  This  reflected
4402              packet  causes  the unmanaged physical switch to replace the MAC
4403              learning table entry, which correctly pointed to  port  1,  with
4404              one  that  incorrectly points to port 2. Afterward, the physical
4405              switch will direct packets destined for the end host to the Open
4406              vSwitch  on  port  2, instead of to the end host on port 1, dis‐
4407              rupting connectivity. If mirroring to a VLAN is desired in  this
4408              scenario,  then the physical switch must be replaced by one that
4409              learns Ethernet addresses on  a  per-VLAN  basis.  In  addition,
4410              learning  should  be  disabled  on  the VLAN containing mirrored
4411              traffic. If this is not done  then  intermediate  switches  will
4412              learn  the  MAC address of each end host from the mirrored traf‐
4413              fic. If packets being sent to that end host are  also  mirrored,
4414              then  they will be dropped since the switch will attempt to send
4415              them out the input port. Disabling learning for  the  VLAN  will
4416              cause the switch to correctly send the packet out all ports con‐
4417              figured for that VLAN. If Open  vSwitch  is  being  used  as  an
4418              intermediate switch, learning can be disabled by adding the mir‐
4419              rored VLAN to flood_vlans in the  appropriate  Bridge  table  or
4420              tables.
4421
4422              Mirroring  to a GRE tunnel has fewer caveats than mirroring to a
4423              VLAN and should generally be preferred.
4424
4425       snaplen: optional integer, in range 14 to 65,535
4426              Maximum per-packet number of bytes to mirror.
4427
4428              A mirrored packet with size larger than snaplen  will  be  trun‐
4429              cated  in datapath to snaplen bytes before sending to the mirror
4430              output port. If omitted, packets are not truncated.
4431
4432     Statistics: Mirror counters:
4433
4434       Key-value pairs that report mirror statistics.  The  update  period  is
4435       controlled  by  other_config:stats-update-interval  in the Open_vSwitch
4436       table.
4437
4438       statistics : tx_packets: optional integer
4439              Number of packets transmitted through this mirror.
4440
4441       statistics : tx_bytes: optional integer
4442              Number of bytes transmitted through this mirror.
4443
4444     Common Columns:
4445
4446       The overall purpose of these columns is described under Common  Columns
4447       at the beginning of this document.
4448
4449       external_ids: map of string-string pairs
4450

Controller TABLE

4452       An OpenFlow controller.
4453
4454   Summary:
4455       Core Features:
4456         type                        optional  string,  either primary or ser‐
4457                                     vice
4458         target                      string
4459         connection_mode             optional  string,   either   in-band   or
4460                                     out-of-band
4461       Controller Failure Detection and Handling:
4462         max_backoff                 optional integer, at least 1,000
4463         inactivity_probe            optional integer
4464       Asynchronous Messages:
4465         enable_async_messages       optional boolean
4466         Controller Rate Limiting:
4467            controller_queue_size    optional integer, in range 1 to 512
4468            controller_rate_limit    optional integer, at least 100
4469            controller_burst_limit   optional integer, at least 25
4470            Controller Rate Limiting Statistics:
4471              status : packet-in-TYPE-bypassed
4472                                     optional  string,  containing an integer,
4473                                     at least 0
4474              status : packet-in-TYPE-queued
4475                                     optional string, containing  an  integer,
4476                                     at least 0
4477              status : packet-in-TYPE-dropped
4478                                     optional  string,  containing an integer,
4479                                     at least 0
4480              status : packet-in-TYPE-backlog
4481                                     optional string, containing  an  integer,
4482                                     at least 0
4483       Additional In-Band Configuration:
4484         local_ip                    optional string
4485         local_netmask               optional string
4486         local_gateway               optional string
4487       Controller Status:
4488         is_connected                boolean
4489         role                        optional string, one of master, other, or
4490                                     slave
4491         status : last_error         optional string
4492         status : state              optional string, one of ACTIVE,  BACKOFF,
4493                                     CONNECTING, IDLE, or VOID
4494         status : sec_since_connect  optional  string,  containing an integer,
4495                                     at least 0
4496         status : sec_since_disconnect
4497                                     optional string, containing  an  integer,
4498                                     at least 1
4499       Connection Parameters:
4500         other_config : dscp         optional string, containing an integer
4501       Common Columns:
4502         external_ids                map of string-string pairs
4503         other_config                map of string-string pairs
4504
4505   Details:
4506     Core Features:
4507
4508       type: optional string, either primary or service
4509              Open  vSwitch  supports  two  kinds  of  OpenFlow controllers. A
4510              bridge may have any number of each kind:
4511
4512              Primary controllers
4513                     This is the kind of controller envisioned by the OpenFlow
4514                     specifications.  Usually, a primary controller implements
4515                     a network policy by taking charge of  the  switch’s  flow
4516                     table.
4517
4518                     The  fail_mode column in the Bridge table applies to pri‐
4519                     mary controllers.
4520
4521                     When multiple primary controllers  are  configured,  Open
4522                     vSwitch  connects to all of them simultaneously. OpenFlow
4523                     provides few facilities to allow multiple controllers  to
4524                     coordinate  in  interacting with a single switch, so more
4525                     than one primary controller should be specified  only  if
4526                     the  controllers  are  themselves  designed to coordinate
4527                     with each other.
4528
4529              Service controllers
4530                     These  kinds  of  OpenFlow  controller  connections   are
4531                     intended for occasional support and maintenance use, e.g.
4532                     with ovs-ofctl. Usually  a  service  controller  connects
4533                     only  briefly  to  inspect  or  modify some of a switch’s
4534                     state.
4535
4536                     The fail_mode column in the Bridge table does  not  apply
4537                     to service controllers.
4538
4539              By  default, Open vSwitch treats controllers with active connec‐
4540              tion methods as primary controllers and those with passive  con‐
4541              nection  methods  as service controllers. Set this column to the
4542              desired type to override this default.
4543
4544       target: string
4545              Connection method for controller.
4546
4547              The following active connection methods are currently supported:
4548
4549              ssl:host[:port]
4550                     The specified SSL port on the host  at  the  given  host,
4551                     which  can  either  be  a DNS name (if built with unbound
4552                     library)  or  an  IP  address.  The  ssl  column  in  the
4553                     Open_vSwitch  table  must point to a valid SSL configura‐
4554                     tion when this form is used.
4555
4556                     If port is not specified, it defaults to 6653.
4557
4558                     SSL support is an optional feature  that  is  not  always
4559                     built as part of Open vSwitch.
4560
4561              tcp:host[:port]
4562                     The  specified  TCP  port  on the host at the given host,
4563                     which can either be a DNS name  (if  built  with  unbound
4564                     library)  or  an IP address (IPv4 or IPv6). If host is an
4565                     IPv6  address,  wrap  it   in   square   brackets,   e.g.
4566                     tcp:[::1]:6653.
4567
4568                     If port is not specified, it defaults to 6653.
4569
4570              The  following  passive  connection  methods  are currently sup‐
4571              ported:
4572
4573              pssl:[port][:host]
4574                     Listens for SSL connections on the specified TCP port. If
4575                     host,  which  can  either  be  a  DNS name (if built with
4576                     unbound library) or an IP  address,  is  specified,  then
4577                     connections  are  restricted to the resolved or specified
4578                     local IP address (either IPv4 or IPv6).  If  host  is  an
4579                     IPv6   address,   wrap   it   in  square  brackets,  e.g.
4580                     pssl:6653:[::1].
4581
4582                     If port is not specified, it defaults to 6653. If host is
4583                     not specified then it listens only on IPv4 (but not IPv6)
4584                     addresses. The ssl column in the Open_vSwitch table  must
4585                     point  to  a  valid  SSL  configuration when this form is
4586                     used.
4587
4588                     If port is not specified, it currently to 6653.
4589
4590                     SSL support is an optional feature  that  is  not  always
4591                     built as part of Open vSwitch.
4592
4593              ptcp:[port][:host]
4594                     Listens  for  connections  on  the specified TCP port. If
4595                     host, which can either be  a  DNS  name  (if  built  with
4596                     unbound  library)  or  an  IP address, is specified, then
4597                     connections are restricted to the resolved  or  specified
4598                     local  IP  address  (either  IPv4 or IPv6). If host is an
4599                     IPv6  address,  wrap  it   in   square   brackets,   e.g.
4600                     ptcp:6653:[::1]. If host is not specified then it listens
4601                     only on IPv4 addresses.
4602
4603                     If port is not specified, it defaults to 6653.
4604
4605              When multiple controllers are configured for  a  single  bridge,
4606              the  target values must be unique. Duplicate target values yield
4607              unspecified results.
4608
4609       connection_mode: optional string, either in-band or out-of-band
4610              If it is specified, this setting must be one  of  the  following
4611              strings  that  describes how Open vSwitch contacts this OpenFlow
4612              controller over the network:
4613
4614              in-band
4615                     In this mode, this controller’s OpenFlow traffic  travels
4616                     over the bridge associated with the controller. With this
4617                     setting, Open vSwitch allows traffic to and from the con‐
4618                     troller  regardless  of the contents of the OpenFlow flow
4619                     table. (Otherwise, Open vSwitch would never  be  able  to
4620                     connect to the controller, because it did not have a flow
4621                     to enable it.) This is the most  common  connection  mode
4622                     because  it  is not necessary to maintain two independent
4623                     networks.
4624
4625              out-of-band
4626                     In this mode, OpenFlow traffic  uses  a  control  network
4627                     separate from the bridge associated with this controller,
4628                     that is, the bridge does not use any of its  own  network
4629                     devices  to  communicate with the controller. The control
4630                     network must be configured separately,  before  or  after
4631                     ovs-vswitchd is started.
4632
4633              If not specified, the default is implementation-specific.
4634
4635     Controller Failure Detection and Handling:
4636
4637       max_backoff: optional integer, at least 1,000
4638              Maximum  number  of  milliseconds  to  wait  between  connection
4639              attempts. Default is implementation-specific.
4640
4641       inactivity_probe: optional integer
4642              Maximum number of milliseconds of idle  time  on  connection  to
4643              controller  before  sending an inactivity probe message. If Open
4644              vSwitch does not communicate with the controller for the  speci‐
4645              fied  number  of seconds, it will send a probe. If a response is
4646              not received for  the  same  additional  amount  of  time,  Open
4647              vSwitch  assumes  the connection has been broken and attempts to
4648              reconnect. Default is implementation-specific. A value of 0 dis‐
4649              ables inactivity probes.
4650
4651     Asynchronous Messages:
4652
4653       OpenFlow  switches send certain messages to controllers spontanenously,
4654       that is, not in response to any request from the controller. These mes‐
4655       sages  are  called ``asynchronous messages.’’ These columns allow asyn‐
4656       chronous messages to be limited or disabled to ensure the best  use  of
4657       network resources.
4658
4659       enable_async_messages: optional boolean
4660              The  OpenFlow  protocol enables asynchronous messages at time of
4661              connection establishment, which  means  that  a  controller  can
4662              receive asynchronous messages, potentially many of them, even if
4663              it turns them off immediately after connecting. Set this  column
4664              to false to change Open vSwitch behavior to disable, by default,
4665              all  asynchronous  messages.  The   controller   can   use   the
4666              NXT_SET_ASYNC_CONFIG Nicira extension to OpenFlow to turn on any
4667              messages that it does want to receive, if any.
4668
4669     Controller Rate Limiting:
4670
4671       A switch can forward packets to a controller over the  OpenFlow  proto‐
4672       col.  Forwarding  packets  this  way at too high a rate can overwhelm a
4673       controller, frustrate use of the OpenFlow  connection  for  other  pur‐
4674       poses,  increase  the  latency  of  flow setup, and use an unreasonable
4675       amount of bandwidth. Therefore, Open vSwitch supports limiting the rate
4676       of packet forwarding to a controller.
4677
4678       There  are  two  main  reasons in OpenFlow for a packet to be sent to a
4679       controller: either the packet ``misses’’ in the flow  table,  that  is,
4680       there  is  no  matching  flow,  or a flow table action says to send the
4681       packet to the controller. Open vSwitch limits the rate of each kind  of
4682       packet  separately  at  the configured rate. Therefore, the actual rate
4683       that packets are sent to the controller can be up to twice the  config‐
4684       ured rate, when packets are sent for both reasons.
4685
4686       This feature is specific to forwarding packets over an OpenFlow connec‐
4687       tion. It is not general-purpose QoS. See the QoS table for  quality  of
4688       service configuration, and ingress_policing_rate in the Interface table
4689       for ingress policing configuration.
4690
4691       controller_queue_size: optional integer, in range 1 to 512
4692              This sets the maximum size of the queue of packets that need  to
4693              be sent to this OpenFlow controller. The value must be less than
4694              512. If not specified the queue size is limited to the value set
4695              for  the management controller in other_config:controller-queue-
4696              size if present or 100 packets by default. Note: increasing  the
4697              queue size might have a negative impact on latency.
4698
4699       controller_rate_limit: optional integer, at least 100
4700              The maximum rate at which the switch will forward packets to the
4701              OpenFlow controller, in packets per second. If no value is spec‐
4702              ified, rate limiting is disabled.
4703
4704       controller_burst_limit: optional integer, at least 25
4705              When  a  high  rate  triggers rate-limiting, Open vSwitch queues
4706              packets to the controller for each port and  transmits  them  to
4707              the  controller  at  the  configured rate. This value limits the
4708              number of queued packets. Ports on a  bridge  share  the  packet
4709              queue fairly.
4710
4711              This value has no effect unless controller_rate_limit is config‐
4712              ured. The current default when this value is  not  specified  is
4713              one-quarter  of  controller_rate_limit, meaning that queuing can
4714              delay forwarding a packet to the controller by up to 250 ms.
4715
4716     Controller Rate Limiting Statistics:
4717
4718       These values report the effects of rate limiting. Their values are rel‐
4719       ative to establishment of the most recent OpenFlow connection, or since
4720       rate limiting was enabled, whichever happened more recently. Each  con‐
4721       sists  of  two values, one with TYPE replaced by miss for rate limiting
4722       flow table misses, and the other with TYPE replaced by action for  rate
4723       limiting packets sent by OpenFlow actions.
4724
4725       These  statistics  are  reported  only when controller rate limiting is
4726       enabled.
4727
4728       status : packet-in-TYPE-bypassed: optional string, containing an  inte‐
4729       ger, at least 0
4730              Number of packets sent directly to the controller, without queu‐
4731              ing, because the rate did not exceed the configured maximum.
4732
4733       status : packet-in-TYPE-queued: optional string, containing an integer,
4734       at least 0
4735              Number of packets added to the queue to send later.
4736
4737       status  :  packet-in-TYPE-dropped: optional string, containing an inte‐
4738       ger, at least 0
4739              Number of packets added to the queue that were later dropped due
4740              to  overflow. This value is less than or equal to status:packet-
4741              in-TYPE-queued.
4742
4743       status : packet-in-TYPE-backlog: optional string, containing  an  inte‐
4744       ger, at least 0
4745              Number   of  packets  currently  queued.  The  other  statistics
4746              increase monotonically, but this one fluctuates  between  0  and
4747              the controller_burst_limit as conditions change.
4748
4749     Additional In-Band Configuration:
4750
4751       These  values  are considered only in in-band control mode (see connec‐
4752       tion_mode).
4753
4754       When multiple controllers are configured  on  a  single  bridge,  there
4755       should  be only one set of unique values in these columns. If different
4756       values are set for these columns in different controllers,  the  effect
4757       is unspecified.
4758
4759       local_ip: optional string
4760              The   IP   address   to   configure  on  the  local  port,  e.g.
4761              192.168.0.123. If this value is unset,  then  local_netmask  and
4762              local_gateway are ignored.
4763
4764       local_netmask: optional string
4765              The   IP   netmask   to   configure  on  the  local  port,  e.g.
4766              255.255.255.0. If local_ip is set but this value is unset,  then
4767              the  default  is chosen based on whether the IP address is class
4768              A, B, or C.
4769
4770       local_gateway: optional string
4771              The IP address of the gateway to configure on the local port, as
4772              a string, e.g. 192.168.0.1. Leave this column unset if this net‐
4773              work has no gateway.
4774
4775     Controller Status:
4776
4777       is_connected: boolean
4778              true if currently connected to this controller, false otherwise.
4779
4780       role: optional string, one of master, other, or slave
4781              The level of authority this controller  has  on  the  associated
4782              bridge. Possible values are:
4783
4784              other  Allows the controller access to all OpenFlow features.
4785
4786              master Equivalent to other, except that there may be at most one
4787                     such controller at a time. If a given controller promotes
4788                     itself  to  this  role, ovs-vswitchd demotes any existing
4789                     controller with the role to slave.
4790
4791              slave  Allows the controller read-only access to  OpenFlow  fea‐
4792                     tures. Attempts to modify the flow table will be rejected
4793                     with  an  error.  Such   controllers   do   not   receive
4794                     OFPT_PACKET_IN or OFPT_FLOW_REMOVED messages, but they do
4795                     receive OFPT_PORT_STATUS messages.
4796
4797       status : last_error: optional string
4798              A human-readable description of the last error on the connection
4799              to  the  controller;  i.e.  strerror(errno). This key will exist
4800              only if an error has occurred.
4801
4802       status : state: optional string, one of  ACTIVE,  BACKOFF,  CONNECTING,
4803       IDLE, or VOID
4804              The state of the connection to the controller:
4805
4806              VOID   Connection is disabled.
4807
4808              BACKOFF
4809                     Attempting to reconnect at an increasing period.
4810
4811              CONNECTING
4812                     Attempting to connect.
4813
4814              ACTIVE Connected, remote host responsive.
4815
4816              IDLE   Connection is idle. Waiting for response to keep-alive.
4817
4818              These  values  may  change in the future. They are provided only
4819              for human consumption.
4820
4821       status : sec_since_connect: optional string, containing an integer,  at
4822       least 0
4823              The  amount of time since this controller last successfully con‐
4824              nected to the switch (in seconds). Value is empty if  controller
4825              has never successfully connected.
4826
4827       status  : sec_since_disconnect: optional string, containing an integer,
4828       at least 1
4829              The amount of time since this controller last disconnected  from
4830              the  switch (in seconds). Value is empty if controller has never
4831              disconnected.
4832
4833     Connection Parameters:
4834
4835       Additional configuration for a connection between  the  controller  and
4836       the Open vSwitch.
4837
4838       other_config : dscp: optional string, containing an integer
4839              The  Differentiated Service Code Point (DSCP) is specified using
4840              6 bits in the Type of Service (TOS) field in the IP header. DSCP
4841              provides a mechanism to classify the network traffic and provide
4842              Quality of Service (QoS) on IP networks. The DSCP  value  speci‐
4843              fied  here  is used when establishing the connection between the
4844              controller and the Open vSwitch. If no  value  is  specified,  a
4845              default  value of 48 is chosen. Valid DSCP values must be in the
4846              range 0 to 63.
4847
4848     Common Columns:
4849
4850       The overall purpose of these columns is described under Common  Columns
4851       at the beginning of this document.
4852
4853       external_ids: map of string-string pairs
4854
4855       other_config: map of string-string pairs
4856

Manager TABLE

4858       Configuration  for  a  database  connection to an Open vSwitch database
4859       (OVSDB) client.
4860
4861       This   table   primarily   configures   the   Open   vSwitch   database
4862       (ovsdb-server),  not the Open vSwitch switch (ovs-vswitchd). The switch
4863       does read the table to determine what connections should be treated  as
4864       in-band.
4865
4866       The  Open vSwitch database server can initiate and maintain active con‐
4867       nections to remote clients. It can also  listen  for  database  connec‐
4868       tions.
4869
4870   Summary:
4871       Core Features:
4872         target                      string (must be unique within table)
4873         connection_mode             optional   string,   either   in-band  or
4874                                     out-of-band
4875       Client Failure Detection and Handling:
4876         max_backoff                 optional integer, at least 1,000
4877         inactivity_probe            optional integer
4878       Status:
4879         is_connected                boolean
4880         status : last_error         optional string
4881         status : state              optional string, one of ACTIVE,  BACKOFF,
4882                                     CONNECTING, IDLE, or VOID
4883         status : sec_since_connect  optional  string,  containing an integer,
4884                                     at least 0
4885         status : sec_since_disconnect
4886                                     optional string, containing  an  integer,
4887                                     at least 0
4888         status : locks_held         optional string
4889         status : locks_waiting      optional string
4890         status : locks_lost         optional string
4891         status : n_connections      optional  string,  containing an integer,
4892                                     at least 2
4893         status : bound_port         optional string, containing an integer
4894       Connection Parameters:
4895         other_config : dscp         optional string, containing an integer
4896       Common Columns:
4897         external_ids                map of string-string pairs
4898         other_config                map of string-string pairs
4899
4900   Details:
4901     Core Features:
4902
4903       target: string (must be unique within table)
4904              Connection method for managers.
4905
4906              The following connection methods are currently supported:
4907
4908              ssl:host[:port]
4909                     The specified SSL port on the host  at  the  given  host,
4910                     which  can  either  be  a DNS name (if built with unbound
4911                     library)  or  an  IP  address.  The  ssl  column  in  the
4912                     Open_vSwitch  table  must point to a valid SSL configura‐
4913                     tion when this form is used.
4914
4915                     If port is not specified, it defaults to 6640.
4916
4917                     SSL support is an optional feature  that  is  not  always
4918                     built as part of Open vSwitch.
4919
4920              tcp:host[:port]
4921                     The  specified  TCP  port  on the host at the given host,
4922                     which can either be a DNS name  (if  built  with  unbound
4923                     library)  or  an IP address (IPv4 or IPv6). If host is an
4924                     IPv6  address,  wrap  it   in   square   brackets,   e.g.
4925                     tcp:[::1]:6640.
4926
4927                     If port is not specified, it defaults to 6640.
4928
4929              pssl:[port][:host]
4930                     Listens  for  SSL  connections on the specified TCP port.
4931                     Specify 0 for  port  to  have  the  kernel  automatically
4932                     choose  an available port. If host, which can either be a
4933                     DNS name  (if  built  with  unbound  library)  or  an  IP
4934                     address, is specified, then connections are restricted to
4935                     the resolved or specified local IP address  (either  IPv4
4936                     or  IPv6  address).  If  host is an IPv6 address, wrap in
4937                     square brackets, e.g. pssl:6640:[::1].  If  host  is  not
4938                     specified  then  it  listens  only on IPv4 (but not IPv6)
4939                     addresses. The ssl column in the Open_vSwitch table  must
4940                     point  to  a  valid  SSL  configuration when this form is
4941                     used.
4942
4943                     If port is not specified, it defaults to 6640.
4944
4945                     SSL support is an optional feature  that  is  not  always
4946                     built as part of Open vSwitch.
4947
4948              ptcp:[port][:host]
4949                     Listens  for connections on the specified TCP port. Spec‐
4950                     ify 0 for port to have the kernel automatically choose an
4951                     available  port.  If host, which can either be a DNS name
4952                     (if built with unbound library)  or  an  IP  address,  is
4953                     specified,   then   connections  are  restricted  to  the
4954                     resolved or specified local IP address  (either  IPv4  or
4955                     IPv6  address).  If  host  is an IPv6 address, wrap it in
4956                     square brackets, e.g. ptcp:6640:[::1].  If  host  is  not
4957                     specified then it listens only on IPv4 addresses.
4958
4959                     If port is not specified, it defaults to 6640.
4960
4961              When multiple managers are configured, the target values must be
4962              unique. Duplicate target values yield unspecified results.
4963
4964       connection_mode: optional string, either in-band or out-of-band
4965              If it is specified, this setting must be one  of  the  following
4966              strings  that  describes  how  Open  vSwitch contacts this OVSDB
4967              client over the network:
4968
4969              in-band
4970                     In this mode, this connection’s traffic  travels  over  a
4971                     bridge  managed  by Open vSwitch. With this setting, Open
4972                     vSwitch allows traffic to and from the client  regardless
4973                     of  the  contents of the OpenFlow flow table. (Otherwise,
4974                     Open vSwitch would  never  be  able  to  connect  to  the
4975                     client,  because  it  did  not have a flow to enable it.)
4976                     This is the most common connection mode because it is not
4977                     necessary to maintain two independent networks.
4978
4979              out-of-band
4980                     In this mode, the client’s traffic uses a control network
4981                     separate from that managed by Open vSwitch, that is, Open
4982                     vSwitch  does  not  use any of its own network devices to
4983                     communicate with the client. The control network must  be
4984                     configured  separately,  before  or after ovs-vswitchd is
4985                     started.
4986
4987              If not specified, the default is implementation-specific.
4988
4989     Client Failure Detection and Handling:
4990
4991       max_backoff: optional integer, at least 1,000
4992              Maximum  number  of  milliseconds  to  wait  between  connection
4993              attempts. Default is implementation-specific.
4994
4995       inactivity_probe: optional integer
4996              Maximum number of milliseconds of idle time on connection to the
4997              client before sending  an  inactivity  probe  message.  If  Open
4998              vSwitch  does  not communicate with the client for the specified
4999              number of seconds, it will send a probe. If a  response  is  not
5000              received  for  the  same additional amount of time, Open vSwitch
5001              assumes the connection has been broken and  attempts  to  recon‐
5002              nect.  Default is implementation-specific. A value of 0 disables
5003              inactivity probes.
5004
5005     Status:
5006
5007       Key-value pair of is_connected is always updated. Other key-value pairs
5008       in the status columns may be updated depends on the target type.
5009
5010       When target specifies a connection method that listens for inbound con‐
5011       nections (e.g. ptcp: or punix:), both  n_connections  and  is_connected
5012       may also be updated while the remaining key-value pairs are omitted.
5013
5014       On  the  other  hand, when target specifies an outbound connection, all
5015       key-value pairs may be updated, except  the  above-mentioned  two  key-
5016       value  pairs associated with inbound connection targets. They are omit‐
5017       ted.
5018
5019       is_connected: boolean
5020              true if currently connected to this manager, false otherwise.
5021
5022       status : last_error: optional string
5023              A human-readable description of the last error on the connection
5024              to  the  manager; i.e. strerror(errno). This key will exist only
5025              if an error has occurred.
5026
5027       status : state: optional string, one of  ACTIVE,  BACKOFF,  CONNECTING,
5028       IDLE, or VOID
5029              The state of the connection to the manager:
5030
5031              VOID   Connection is disabled.
5032
5033              BACKOFF
5034                     Attempting to reconnect at an increasing period.
5035
5036              CONNECTING
5037                     Attempting to connect.
5038
5039              ACTIVE Connected, remote host responsive.
5040
5041              IDLE   Connection is idle. Waiting for response to keep-alive.
5042
5043              These  values  may  change in the future. They are provided only
5044              for human consumption.
5045
5046       status : sec_since_connect: optional string, containing an integer,  at
5047       least 0
5048              The  amount  of  time  since this manager last successfully con‐
5049              nected to the database (in seconds). Value is empty  if  manager
5050              has never successfully connected.
5051
5052       status  : sec_since_disconnect: optional string, containing an integer,
5053       at least 0
5054              The amount of time since this manager last disconnected from the
5055              database  (in seconds). Value is empty if manager has never dis‐
5056              connected.
5057
5058       status : locks_held: optional string
5059              Space-separated list of the names of OVSDB locks that  the  con‐
5060              nection  holds.  Omitted  if  the  connection  does not hold any
5061              locks.
5062
5063       status : locks_waiting: optional string
5064              Space-separated list of the names of OVSDB locks that  the  con‐
5065              nection  is currently waiting to acquire. Omitted if the connec‐
5066              tion is not waiting for any locks.
5067
5068       status : locks_lost: optional string
5069              Space-separated list of the names of OVSDB locks that  the  con‐
5070              nection  has  had  stolen by another OVSDB client. Omitted if no
5071              locks have been stolen from this connection.
5072
5073       status : n_connections: optional  string,  containing  an  integer,  at
5074       least 2
5075              When  target  specifies  a  connection  method  that listens for
5076              inbound connections (e.g. ptcp: or pssl:) and more than one con‐
5077              nection  is  actually  active, the value is the number of active
5078              connections. Otherwise, this key-value pair is omitted.
5079
5080       status : bound_port: optional string, containing an integer
5081              When target is ptcp: or pssl:, this is the TCP port on which the
5082              OVSDB  server  is  listening.  (This is particularly useful when
5083              target specifies a port of 0, allowing the kernel to choose  any
5084              available port.)
5085
5086     Connection Parameters:
5087
5088       Additional  configuration  for a connection between the manager and the
5089       Open vSwitch Database.
5090
5091       other_config : dscp: optional string, containing an integer
5092              The Differentiated Service Code Point (DSCP) is specified  using
5093              6 bits in the Type of Service (TOS) field in the IP header. DSCP
5094              provides a mechanism to classify the network traffic and provide
5095              Quality  of  Service (QoS) on IP networks. The DSCP value speci‐
5096              fied here is used when establishing the connection  between  the
5097              manager  and  the  Open  vSwitch.  If  no  value is specified, a
5098              default value of 48 is chosen. Valid DSCP values must be in  the
5099              range 0 to 63.
5100
5101     Common Columns:
5102
5103       The  overall purpose of these columns is described under Common Columns
5104       at the beginning of this document.
5105
5106       external_ids: map of string-string pairs
5107
5108       other_config: map of string-string pairs
5109

NetFlow TABLE

5111       A NetFlow target. NetFlow is  a  protocol  that  exports  a  number  of
5112       details about terminating IP flows, such as the principals involved and
5113       duration.
5114
5115   Summary:
5116       targets                       set of 1 or more strings
5117       engine_id                     optional integer, in range 0 to 255
5118       engine_type                   optional integer, in range 0 to 255
5119       active_timeout                integer, at least -1
5120       add_id_to_interface           boolean
5121       Common Columns:
5122         external_ids                map of string-string pairs
5123
5124   Details:
5125       targets: set of 1 or more strings
5126              NetFlow targets in the form ip:port. The ip  must  be  specified
5127              numerically, not as a DNS name.
5128
5129       engine_id: optional integer, in range 0 to 255
5130              Engine ID to use in NetFlow messages. Defaults to datapath index
5131              if not specified.
5132
5133       engine_type: optional integer, in range 0 to 255
5134              Engine type to use in NetFlow  messages.  Defaults  to  datapath
5135              index if not specified.
5136
5137       active_timeout: integer, at least -1
5138              The  interval  at  which NetFlow records are sent for flows that
5139              are still active, in seconds. A value of 0 requests the  default
5140              timeout  (currently  600 seconds); a value of -1 disables active
5141              timeouts.
5142
5143              The NetFlow passive timeout, for flows that become inactive,  is
5144              not  configurable.  It  will  vary depending on the Open vSwitch
5145              version, the forms and contents of the OpenFlow flow tables, CPU
5146              and  memory usage, and network activity. A typical passive time‐
5147              out is about a second.
5148
5149       add_id_to_interface: boolean
5150              If this column’s value is false, the ingress and  egress  inter‐
5151              face  fields  of  NetFlow flow records are derived from OpenFlow
5152              port numbers. When it is true, the 7 most  significant  bits  of
5153              these fields will be replaced by the least significant 7 bits of
5154              the engine id. This is useful because many NetFlow collectors do
5155              not  expect  multiple  switches  to be sending messages from the
5156              same host, so they do not store  the  engine  information  which
5157              could be used to disambiguate the traffic.
5158
5159              When  this  option  is  enabled, a maximum of 508 ports are sup‐
5160              ported.
5161
5162     Common Columns:
5163
5164       The overall purpose of these columns is described under Common  Columns
5165       at the beginning of this document.
5166
5167       external_ids: map of string-string pairs
5168

Datapath TABLE

5170       Configuration for a datapath within Open_vSwitch.
5171
5172       A  datapath  is  responsible  for providing the packet handling in Open
5173       vSwitch. There are two primary datapath implementations  used  by  Open
5174       vSwitch:  kernel  and  userspace.  Kernel  datapath implementations are
5175       available for Linux and Hyper-V, and selected as system  in  the  data‐
5176       path_type column of the Bridge table. The userspace datapath is used by
5177       DPDK and AF-XDP, and is selected as netdev in the datapath_type  column
5178       of the Bridge table.
5179
5180       A  datapath  of a particular type is shared by all the bridges that use
5181       that datapath. Thus, configurations applied to this  table  affect  all
5182       bridges that use this datapath.
5183
5184   Summary:
5185       datapath_version              string
5186       ct_zones                      map  of  integer-CT_Zone  pairs,  key  in
5187                                     range 0 to 65,535
5188       Capabilities:
5189         capabilities : max_vlan_headers
5190                                     optional string, containing  an  integer,
5191                                     at least 0
5192         capabilities : recirc       optional string, either true or false
5193         capabilities : lb_output_action
5194                                     optional string, either true or false
5195         Connection-Tracking Capabilities:
5196            capabilities : ct_state  optional string, either true or false
5197            capabilities : ct_state_nat
5198                                     optional string, either true or false
5199            capabilities : ct_zone   optional string, either true or false
5200            capabilities : ct_mark   optional string, either true or false
5201            capabilities : ct_label  optional string, either true or false
5202            capabilities : ct_orig_tuple
5203                                     optional string, either true or false
5204            capabilities : ct_orig_tuple6
5205                                     optional string, either true or false
5206         capabilities : masked_set_action
5207                                     optional string, either true or false
5208         capabilities : tnl_push_pop
5209                                     optional string, either true or false
5210         capabilities : ufid         optional string, either true or false
5211         capabilities : trunc        optional string, either true or false
5212         capabilities : nd_ext       optional string, either true or false
5213         Clone Actions:
5214            capabilities : clone     optional string, either true or false
5215            capabilities : sample_nesting
5216                                     optional  string,  containing an integer,
5217                                     at least 0
5218         capabilities : ct_eventmask
5219                                     optional string, either true or false
5220         capabilities : ct_clear     optional string, either true or false
5221         capabilities : max_hash_alg
5222                                     optional string, containing  an  integer,
5223                                     at least 0
5224         capabilities : check_pkt_len
5225                                     optional string, either true or false
5226         capabilities : ct_timeout   optional string, either true or false
5227         capabilities : explicit_drop_action
5228                                     optional string, either true or false
5229       Common Columns:
5230         external_ids                map of string-string pairs
5231
5232   Details:
5233       datapath_version: string
5234              Reports  the version number of the Open vSwitch datapath in use.
5235              This allows management software to detect and report  discrepan‐
5236              cies  between Open vSwitch userspace and datapath versions. (The
5237              ovs_version column in the Open_vSwitch reports the Open  vSwitch
5238              userspace version.) The version reported depends on the datapath
5239              in use:
5240
5241              ·      When the kernel  module  included  in  the  Open  vSwitch
5242                     source tree is used, this column reports the Open vSwitch
5243                     version from which the module was taken.
5244
5245              ·      When the kernel module that is part of the upstream Linux
5246                     kernel is used, this column reports <unknown>.
5247
5248              ·      When  the datapath is built into the ovs-vswitchd binary,
5249                     this column reports <built-in>. A built-in datapath is by
5250                     definition  the  same  version  as  the  rest of the Open
5251                     vSwitch userspace.
5252
5253              ·      Other datapaths (such as  the  Hyper-V  kernel  datapath)
5254                     currently report <unknown>.
5255
5256              A  version  discrepancy between ovs-vswitchd and the datapath in
5257              use is not normally cause for alarm.  The  Open  vSwitch  kernel
5258              datapaths for Linux and Hyper-V, in particular, are designed for
5259              maximum inter-version compatibility: any userspace version works
5260              with with any kernel version. Some reasons do exist to insist on
5261              particular user/kernel pairings. First,  newer  kernel  versions
5262              add new features, that can only be used by new-enough userspace,
5263              e.g. VXLAN tunneling requires certain minimal userspace and ker‐
5264              nel  versions. Second, as an extension to the first reason, some
5265              newer kernel versions add new features for enhancing performance
5266              that only new-enough userspace versions can take advantage of.
5267
5268       ct_zones: map of integer-CT_Zone pairs, key in range 0 to 65,535
5269              Configuration for connection tracking zones. Each pair maps from
5270              a zone id to a configuration for that zone. Zone  0  applies  to
5271              the default zone (ie, the one used if a zone is not specified in
5272              connection tracking-related OpenFlow matches and actions).
5273
5274     Capabilities:
5275
5276       The capabilities column reports a datapath’s features. For  the  netdev
5277       datapath,  the  capabilities  are  fixed  for  a  given version of Open
5278       vSwitch because this datapath is built into  the  ovs-vswitchd  binary.
5279       The Linux kernel and Windows and other datapaths, which are external to
5280       OVS userspace, can vary in version and capabilities independently  from
5281       ovs-vswitchd.
5282
5283       Some  of these features indicate whether higher-level Open vSwitch fea‐
5284       tures are available. For example,  OpenFlow  features  for  connection-
5285       tracking  are available only when capabilities:ct_state is true. A con‐
5286       troller that wishes to determine whether a feature is supported  could,
5287       therefore, consult the relevant capabilities in this table. However, as
5288       a general rule, it is better for a controller to try to use the higher-
5289       level feature and use the result as an indication of support, since the
5290       low-level capabilities are more likely to  shift  over  time  than  the
5291       high-level features that rely on them.
5292
5293       capabilities  :  max_vlan_headers: optional string, containing an inte‐
5294       ger, at least 0
5295              Number of 802.1q VLAN headers  supported  by  the  datapath,  as
5296              probed  by  the ovs-vswitchd slow path. If the datapath supports
5297              more VLAN headers than the slow  path,  this  reports  the  slow
5298              path’s  limit.  The  value  of  other-config:vlan-limit  in  the
5299              Open_vSwitch table does not influence the number reported here.
5300
5301       capabilities : recirc: optional string, either true or false
5302              If this is  true,  then  the  datapath  supports  recirculation,
5303              specifically   OVS_KEY_ATTR_RECIRC_ID.   Recirculation   enables
5304              higher performance for MPLS  and  active-active  load  balancing
5305              bonding modes.
5306
5307       capabilities : lb_output_action: optional string, either true or false
5308              If  this  is true, then the datapath supports optimized balance-
5309              tcp bond mode. This capability replaces existing hash and recirc
5310              actions  with  new  action lb_output and avoids recirculation of
5311              packet in datapath. It is supported only  for  balance-tcp  bond
5312              mode  in netdev datapath. The new action gives higer performance
5313              by using bond buckets instead of post  recirculation  flows  for
5314              selection of slave port from bond. By default this new action is
5315              disabled, however it can be enabled by setting  other-config:lb-
5316              output-action in Port table.
5317
5318     Connection-Tracking Capabilities:
5319
5320       These  capabilities are granular because Open vSwitch and its datapaths
5321       added support for connection tracking over several releases, with  fea‐
5322       tures added individually over that time.
5323
5324       capabilities : ct_state: optional string, either true or false
5325              If  true,  datapath  supports OVS_KEY_ATTR_CT_STATE, which indi‐
5326              cates support for the bits in the OpenFlow ct_state  field  (see
5327              ovs-fields(7))  other  than snat and dnat, which have a separate
5328              capability.
5329
5330              If this is false, the  datapath  does  not  support  connection-
5331              tracking  at all and the remaining connection-tracking capabili‐
5332              ties should all be false. In this case, Open vSwitch will reject
5333              flows that match on the ct_state field or use the ct action.
5334
5335       capabilities : ct_state_nat: optional string, either true or false
5336              If  true,  it means that the datapath supports the snat and dnat
5337              flags in the OpenFlow ct_state field.  The  ct_state  capability
5338              must be true for this to make sense.
5339
5340              If  false, Open vSwitch will reject flows that match on the snat
5341              or dnat bits in ct_state or use nat in the ct action.
5342
5343       capabilities : ct_zone: optional string, either true or false
5344              If true, datapath supports OVS_KEY_ATTR_CT_ZONE. If false,  Open
5345              vSwitch  rejects  flows  that match on the ct_zone field or that
5346              specify a nonzero zone or a zone field on the ct action.
5347
5348       capabilities : ct_mark: optional string, either true or false
5349              If true, datapath supports OVS_KEY_ATTR_CT_MARK. If false,  Open
5350              vSwitch  rejects  flows  that match on the ct_mark field or that
5351              set ct_mark in the ct action.
5352
5353       capabilities : ct_label: optional string, either true or false
5354              If true, datapath supports OVS_KEY_ATTR_CT_LABEL. If false, Open
5355              vSwitch  rejects  flows that match on the ct_label field or that
5356              set ct_label in the ct action.
5357
5358       capabilities : ct_orig_tuple: optional string, either true or false
5359              If true, the datapath supports matching  the  5-tuple  from  the
5360              connection’s original direction for IPv4 traffic. If false, Open
5361              vSwitch rejects flows that match on ct_nw_src or ct_nw_dst, that
5362              use  the ct feature of the resubmit action, or the force keyword
5363              in the ct action. (The latter isn’t tied to connection  tracking
5364              support  of  original tuples in any technical way. They are con‐
5365              flated because all current datapaths implemented  the  two  fea‐
5366              tures at the same time.)
5367
5368              If  this  and  capabilities:ct_orig_tuple6  are both false, Open
5369              vSwitch rejects flows that match on ct_nw_proto,  ct_tp_src,  or
5370              ct_tp_dst.
5371
5372       capabilities : ct_orig_tuple6: optional string, either true or false
5373              If  true,  the  datapath  supports matching the 5-tuple from the
5374              connection’s original direction for IPv6 traffic. If false, Open
5375              vSwitch rejects flows that match on ct_ipv6_src or ct_ipv6_dst.
5376
5377       capabilities : masked_set_action: optional string, either true or false
5378              True if the datapath supports masked data in OVS_ACTION_ATTR_SET
5379              actions.  Masked  data  can  improve  performance  by   allowing
5380              megaflows to match on fewer fields.
5381
5382       capabilities : tnl_push_pop: optional string, either true or false
5383              True  if the datapath supports tnl_push and pop actions. This is
5384              a prerequisite for a datapath to support native tunneling.
5385
5386       capabilities : ufid: optional string, either true or false
5387              True if the datapath supports OVS_FLOW_ATTR_UFID.  UFID  support
5388              improves  revalidation  performance  by  transferring  less data
5389              between the slow path and the datapath.
5390
5391       capabilities : trunc: optional string, either true or false
5392              True if the datapath supports OVS_ACTION_ATTR_TRUNC  action.  If
5393              false,  the  output action with packet truncation requires every
5394              packet to be sent to the Open vSwitch slow path, which is likely
5395              to make it too slow for mirroring traffic in bulk.
5396
5397       capabilities : nd_ext: optional string, either true or false
5398              True  if  the  datapath  supports  OVS_KEY_ATTR_ND_EXTENSIONS to
5399              match on ICMPv6  "ND  reserved"  and  "ND  option  type"  header
5400              fields.  If  false, the datapath reports error if the feature is
5401              used.
5402
5403     Clone Actions:
5404
5405       When Open vSwitch translates actions from OpenFlow  into  the  datapath
5406       representation,  some  of the datapath actions may modify the packet or
5407       have other side effects that later datapath  actions  can’t  undo.  The
5408       OpenFlow   ct,   meter,  output  with  truncation,  encap,  decap,  and
5409       dec_nsh_ttl actions fall into this category. Often, this is not a prob‐
5410       lem because nothing later on needs the original packet.
5411
5412       Such actions can, however, occur in circumstances where the translation
5413       does require the original  packet.  For  example,  an  OpenFlow  output
5414       action  might direct a packet to a patch port, which might in turn lead
5415       to a ct action that NATs the packet (which cannot be undone), and  then
5416       afterward  when control flow pops back across the patch port some other
5417       action might need to act on the original packet.
5418
5419       Open vSwitch has two  different  ways  to  implement  this  ``save  and
5420       restore’’  via  datapath actions. These capabilities indicate which one
5421       Open vSwitch will choose. When neither is available, Open vSwitch  sim‐
5422       ply fails in situations that require this feature.
5423
5424       capabilities : clone: optional string, either true or false
5425              True if the datapath supports OVS_ACTION_ATTR_CLONE action. This
5426              is the preferred option for saving and restoring packets,  since
5427              it is intended for the purpose, but old datapaths do not support
5428              it. Open vSwitch will use it whenever it is available.
5429
5430              (The  OpenFlow  clone   action   does   not   always   yield   a
5431              OVS_ACTION_ATTR_CLONE  action. It only does so when the datapath
5432              supports it and the clone brackets actions that otherwise cannot
5433              be undone.)
5434
5435       capabilities  : sample_nesting: optional string, containing an integer,
5436       at least 0
5437              Maximum  level  of  nesting  allowed  by  OVS_ACTION_ATTR_SAMPLE
5438              action.  Open vSwitch misuses this action for saving and restor‐
5439              ing packets when the datapath supports more  than  3  levels  of
5440              nesting and OVS_ACTION_ATTR_CLONE is not available.
5441
5442       capabilities : ct_eventmask: optional string, either true or false
5443              True  if the datapath’s OVS_ACTION_ATTR_CT action implements the
5444              OVS_CT_ATTR_EVENTMASK attribute. When this is true, Open vSwitch
5445              uses  the  event  mask  feature  to  limit  the  kinds of events
5446              reported  to  conntrack  update  listeners.  When  Open  vSwitch
5447              doesn’t  limit  the  event  mask,  listeners  receive reports of
5448              numerous usually unimportant events, such as TCP  state  machine
5449              changes, which can waste CPU time.
5450
5451       capabilities : ct_clear: optional string, either true or false
5452              True  if  the datapath supports OVS_ACTION_ATTR_CT_CLEAR action.
5453              If false, the OpenFlow ct_clear action  has  no  effect  on  the
5454              datapath.
5455
5456       capabilities : max_hash_alg: optional string, containing an integer, at
5457       least 0
5458              Highest supported dp_hash algorithm. This allows Open vSwitch to
5459              avoid  requesting  a packet hash that the datapath does not sup‐
5460              port.
5461
5462       capabilities : check_pkt_len: optional string, either true or false
5463              True if the datapath supports OVS_ACTION_ATTR_CHECK_PKT_LEN.  If
5464              false,  Open  vSwitch  implements the check_pkt_larger action by
5465              sending every packet through the Open vSwitch slow  path,  which
5466              is likely to make it too slow for handling traffic in bulk.
5467
5468       capabilities : ct_timeout: optional string, either true or false
5469              True   if  the  datapath  supports  OVS_CT_ATTR_TIMEOUT  in  the
5470              OVS_ACTION_ATTR_CT action. If false, Open vswitch cannot  imple‐
5471              ment  timeout  policies  based  on connection tracking zones, as
5472              configured through the CT_Timeout_Policy table.
5473
5474       capabilities : explicit_drop_action: optional string,  either  true  or
5475       false
5476              True  if  the  datapath supports OVS_ACTION_ATTR_DROP. If false,
5477              explicit drop action will not be sent to the datapath.
5478
5479     Common Columns:
5480
5481       The overall purpose of these columns is described under Common  Columns
5482       at the beginning of this document.
5483
5484       external_ids: map of string-string pairs
5485

CT_Zone TABLE

5487       Connection tracking zone configuration
5488
5489   Summary:
5490       timeout_policy                optional CT_Timeout_Policy
5491       Common Columns:
5492         external_ids                map of string-string pairs
5493
5494   Details:
5495       timeout_policy: optional CT_Timeout_Policy
5496              Connection  tracking  timeout policy for this zone. If a timeout
5497              policy is not specified, it defaults to the  timeout  policy  in
5498              the system.
5499
5500     Common Columns:
5501
5502       The  overall purpose of these columns is described under Common Columns
5503       at the beginning of this document.
5504
5505       external_ids: map of string-string pairs
5506

CT_Timeout_Policy TABLE

5508       Connection tracking timeout policy configuration
5509
5510   Summary:
5511       Timeouts:
5512         timeouts                    map of string-integer pairs, key  one  of
5513                                     icmp_first,     icmp_reply,    tcp_close,
5514                                     tcp_close_wait,          tcp_established,
5515                                     tcp_fin_wait,  tcp_last_ack, tcp_retrans‐
5516                                     mit,     tcp_syn_recv,     tcp_syn_sent2,
5517                                     tcp_syn_sent,  tcp_time_wait,  tcp_unack,
5518                                     udp_first, udp_multiple,  or  udp_single,
5519                                     value in range 0 to 4,294,967,295
5520         TCP Timeouts:
5521            timeouts : tcp_syn_sent  optional   integer,   in   range   0   to
5522                                     4,294,967,295
5523            timeouts : tcp_syn_recv  optional   integer,   in   range   0   to
5524                                     4,294,967,295
5525            timeouts : tcp_established
5526                                     optional   integer,   in   range   0   to
5527                                     4,294,967,295
5528            timeouts : tcp_fin_wait  optional   integer,   in   range   0   to
5529                                     4,294,967,295
5530            timeouts : tcp_close_wait
5531                                     optional   integer,   in   range   0   to
5532                                     4,294,967,295
5533            timeouts : tcp_last_ack  optional   integer,   in   range   0   to
5534                                     4,294,967,295
5535            timeouts : tcp_time_wait optional   integer,   in   range   0   to
5536                                     4,294,967,295
5537            timeouts : tcp_close     optional   integer,   in   range   0   to
5538                                     4,294,967,295
5539            timeouts : tcp_syn_sent2 optional   integer,   in   range   0   to
5540                                     4,294,967,295
5541            timeouts : tcp_retransmit
5542                                     optional   integer,   in   range   0   to
5543                                     4,294,967,295
5544            timeouts : tcp_unack     optional   integer,   in   range   0   to
5545                                     4,294,967,295
5546         UDP Timeouts:
5547            timeouts : udp_first     optional   integer,   in   range   0   to
5548                                     4,294,967,295
5549            timeouts : udp_single    optional   integer,   in   range   0   to
5550                                     4,294,967,295
5551            timeouts : udp_multiple  optional   integer,   in   range   0   to
5552                                     4,294,967,295
5553         ICMP Timeouts:
5554            timeouts : icmp_first    optional   integer,   in   range   0   to
5555                                     4,294,967,295
5556            timeouts : icmp_reply    optional   integer,   in   range   0   to
5557                                     4,294,967,295
5558       Common Columns:
5559         external_ids                map of string-string pairs
5560
5561   Details:
5562     Timeouts:
5563
5564       timeouts:   map   of  string-integer  pairs,  key  one  of  icmp_first,
5565       icmp_reply, tcp_close, tcp_close_wait,  tcp_established,  tcp_fin_wait,
5566       tcp_last_ack,      tcp_retransmit,     tcp_syn_recv,     tcp_syn_sent2,
5567       tcp_syn_sent, tcp_time_wait,  tcp_unack,  udp_first,  udp_multiple,  or
5568       udp_single, value in range 0 to 4,294,967,295
5569              The  timeouts  column contains key-value pairs used to configure
5570              connection tracking timeouts in a datapath. Key-value pairs that
5571              are  not  supported by a datapath are ignored. The timeout value
5572              is in seconds.
5573
5574     TCP Timeouts:
5575
5576       timeouts : tcp_syn_sent: optional integer, in range 0 to 4,294,967,295
5577              The timeout for the connection after the first  TCP  SYN  packet
5578              has been seen by conntrack.
5579
5580       timeouts : tcp_syn_recv: optional integer, in range 0 to 4,294,967,295
5581              The timeout of the connection after the first TCP SYN-ACK packet
5582              has been seen by conntrack.
5583
5584       timeouts  :  tcp_established:  optional  integer,   in   range   0   to
5585       4,294,967,295
5586              The  timeout  of  the  connection  after the connection has been
5587              fully established.
5588
5589       timeouts : tcp_fin_wait: optional integer, in range 0 to 4,294,967,295
5590              The timeout of the connection after the first TCP FIN packet has
5591              been seen by conntrack.
5592
5593       timeouts   :   tcp_close_wait:   optional   integer,   in  range  0  to
5594       4,294,967,295
5595              The timeout of the connection after the first TCP ACK packet has
5596              been seen after it receives TCP FIN packet. This timeout is only
5597              supported by the Linux kernel datapath.
5598
5599       timeouts : tcp_last_ack: optional integer, in range 0 to 4,294,967,295
5600              The timeout of the connection after TCP FIN  packets  have  been
5601              seen  by  conntrack  from  both directions. This timeout is only
5602              supported by the Linux kernel datapath.
5603
5604       timeouts : tcp_time_wait: optional integer, in range 0 to 4,294,967,295
5605              The timeout of the connection after conntrack has seen  the  TCP
5606              ACK packet for the second TCP FIN packet.
5607
5608       timeouts : tcp_close: optional integer, in range 0 to 4,294,967,295
5609              The timeout of the connection after the first TCP RST packet has
5610              been seen by conntrack.
5611
5612       timeouts : tcp_syn_sent2: optional integer, in range 0 to 4,294,967,295
5613              The timeout of the connection when only a  TCP  SYN  packet  has
5614              been seen by conntrack from both directions (simultaneous open).
5615              This timeout is only supported by the Linux kernel datapath.
5616
5617       timeouts  :  tcp_retransmit:  optional   integer,   in   range   0   to
5618       4,294,967,295
5619              The timeout of the connection when it exceeds the maximum number
5620              of retransmissions. This timeout is only supported by the  Linux
5621              kernel datapath.
5622
5623       timeouts : tcp_unack: optional integer, in range 0 to 4,294,967,295
5624              The  timeout  of  the  connection when non-SYN packets create an
5625              established connection in TCP loose tracking mode. This  timeout
5626              is only supported by the Linux kernel datapath.
5627
5628     UDP Timeouts:
5629
5630       timeouts : udp_first: optional integer, in range 0 to 4,294,967,295
5631              The  timeout  of  the  connection after the first UDP packet has
5632              been seen by conntrack. This timeout is only  supported  by  the
5633              userspace datapath.
5634
5635       timeouts : udp_single: optional integer, in range 0 to 4,294,967,295
5636              The  timeout  of  the  connection  when  conntrack only seen UDP
5637              packet from the source host, but the destination host has  never
5638              sent one back.
5639
5640       timeouts : udp_multiple: optional integer, in range 0 to 4,294,967,295
5641              The timeout of the connection when UDP packets have been seen in
5642              both directions.
5643
5644     ICMP Timeouts:
5645
5646       timeouts : icmp_first: optional integer, in range 0 to 4,294,967,295
5647              The timeout of the connection after the first  ICMP  packet  has
5648              been seen by conntrack.
5649
5650       timeouts : icmp_reply: optional integer, in range 0 to 4,294,967,295
5651              The  timeout  of the connection when ICMP packets have been seen
5652              in both  direction.  This  timeout  is  only  supported  by  the
5653              userspace datapath.
5654
5655     Common Columns:
5656
5657       The  overall purpose of these columns is described under Common Columns
5658       at the beginning of this document.
5659
5660       external_ids: map of string-string pairs
5661

SSL TABLE

5663       SSL configuration for an Open_vSwitch.
5664
5665   Summary:
5666       private_key                   string
5667       certificate                   string
5668       ca_cert                       string
5669       bootstrap_ca_cert             boolean
5670       Common Columns:
5671         external_ids                map of string-string pairs
5672
5673   Details:
5674       private_key: string
5675              Name of a PEM file  containing  the  private  key  used  as  the
5676              switch’s identity for SSL connections to the controller.
5677
5678       certificate: string
5679              Name  of a PEM file containing a certificate, signed by the cer‐
5680              tificate authority (CA) used by the controller and manager, that
5681              certifies  the  switch’s  private key, identifying a trustworthy
5682              switch.
5683
5684       ca_cert: string
5685              Name of a PEM file containing the CA certificate used to  verify
5686              that the switch is connected to a trustworthy controller.
5687
5688       bootstrap_ca_cert: boolean
5689              If  set to true, then Open vSwitch will attempt to obtain the CA
5690              certificate from the controller on its first SSL connection  and
5691              save  it  to  the  named  PEM file. If it is successful, it will
5692              immediately drop the connection and reconnect, and from then  on
5693              all  SSL  connections  must  be  authenticated  by a certificate
5694              signed by the CA certificate thus obtained. This option  exposes
5695              the  SSL  connection to a man-in-the-middle attack obtaining the
5696              initial CA certificate. It may still be  useful  for  bootstrap‐
5697              ping.
5698
5699     Common Columns:
5700
5701       The  overall purpose of these columns is described under Common Columns
5702       at the beginning of this document.
5703
5704       external_ids: map of string-string pairs
5705

sFlow TABLE

5707       A set of sFlow(R) targets. sFlow is a protocol for remote monitoring of
5708       switches.
5709
5710   Summary:
5711       agent                         optional string
5712       header                        optional integer
5713       polling                       optional integer
5714       sampling                      optional integer
5715       targets                       set of 1 or more strings
5716       Common Columns:
5717         external_ids                map of string-string pairs
5718
5719   Details:
5720       agent: optional string
5721              Determines  the  agent address, that is, the IP address reported
5722              to collectors as the source of the sFlow data. It may be  an  IP
5723              address or the name of a network device. In the latter case, the
5724              network device’s IP address is used,
5725
5726              If not specified, the agent device is  figured  from  the  first
5727              target  address and the routing table. If the routing table does
5728              not contain a route to the target, the IP  address  defaults  to
5729              the local_ip in the collector’s Controller.
5730
5731              If an agent IP address cannot be determined, sFlow is disabled.
5732
5733       header: optional integer
5734              Number of bytes of a sampled packet to send to the collector. If
5735              not specified, the default is 128 bytes.
5736
5737       polling: optional integer
5738              Polling rate in seconds to send port statistics to  the  collec‐
5739              tor. If not specified, defaults to 30 seconds.
5740
5741       sampling: optional integer
5742              Rate  at which packets should be sampled and sent to the collec‐
5743              tor. If not specified, defaults to 400, which means one  out  of
5744              400 packets, on average, will be sent to the collector.
5745
5746       targets: set of 1 or more strings
5747              sFlow targets in the form ip:port.
5748
5749     Common Columns:
5750
5751       The  overall purpose of these columns is described under Common Columns
5752       at the beginning of this document.
5753
5754       external_ids: map of string-string pairs
5755

IPFIX TABLE

5757       Configuration for sending packets to IPFIX collectors.
5758
5759       IPFIX is a protocol that exports a number of details about  flows.  The
5760       IPFIX  implementation in Open vSwitch samples packets at a configurable
5761       rate, extracts flow information from those packets,  optionally  caches
5762       and  aggregates  the  flow  information, and sends the result to one or
5763       more collectors.
5764
5765       IPFIX in Open vSwitch can be configured two different ways:
5766
5767              ·      With per-bridge sampling,  Open  vSwitch  performs  IPFIX
5768                     sampling automatically on all packets that pass through a
5769                     bridge. To configure per-bridge sampling, create an IPFIX
5770                     record and point a Bridge table’s ipfix column to it. The
5771                     Flow_Sample_Collector_Set table  is  not  used  for  per-
5772                     bridge sampling.
5773
5774              ·      With  flow-based sampling, sample actions in the OpenFlow
5775                     flow table drive IPFIX sampling. See ovs-actions(7) for a
5776                     description of the sample action.
5777
5778                     Flow-based sampling also requires database configuration:
5779                     create a IPFIX record that describes the IPFIX configura‐
5780                     tion  and  a Flow_Sample_Collector_Set record that points
5781                     to the Bridge whose flow table holds the  sample  actions
5782                     and to IPFIX record. The ipfix in the Bridge table is not
5783                     used for flow-based sampling.
5784
5785   Summary:
5786       targets                       set of strings
5787       cache_active_timeout          optional integer, in range 0 to 4,200
5788       cache_max_flows               optional   integer,   in   range   0   to
5789                                     4,294,967,295
5790       other_config : enable-tunnel-sampling
5791                                     optional string, either true or false
5792       other_config : virtual_obs_id optional string
5793       Per-Bridge Sampling:
5794         sampling                    optional   integer,   in   range   1   to
5795                                     4,294,967,295
5796         obs_domain_id               optional   integer,   in   range   0   to
5797                                     4,294,967,295
5798         obs_point_id                optional   integer,   in   range   0   to
5799                                     4,294,967,295
5800         other_config : enable-input-sampling
5801                                     optional string, either true or false
5802         other_config : enable-output-sampling
5803                                     optional string, either true or false
5804       Common Columns:
5805         external_ids                map of string-string pairs
5806
5807   Details:
5808       targets: set of strings
5809              IPFIX target collectors in the form ip:port.
5810
5811       cache_active_timeout: optional integer, in range 0 to 4,200
5812              The maximum period in seconds for which an IPFIX flow record  is
5813              cached  and  aggregated  before  being  sent.  If not specified,
5814              defaults to 0. If 0, caching is disabled.
5815
5816       cache_max_flows: optional integer, in range 0 to 4,294,967,295
5817              The maximum number of IPFIX flow records that can be cached at a
5818              time.  If  not  specified,  defaults to 0. If 0, caching is dis‐
5819              abled.
5820
5821       other_config : enable-tunnel-sampling: optional string, either true  or
5822       false
5823              Set  to  true  to  enable  sampling  and reporting tunnel header
5824              7-tuples in IPFIX flow records. Tunnel sampling  is  enabled  by
5825              default.
5826
5827              The  following  enterprise  entities  report  the sampled tunnel
5828              info:
5829
5830              tunnelType:
5831                     ID: 891, and enterprise ID 6876 (VMware).
5832
5833                     type: unsigned 8-bit integer.
5834
5835                     data type semantics: identifier.
5836
5837                     description: Identifier of the layer  2  network  overlay
5838                     network  encapsulation  type:  0x01 VxLAN, 0x02 GRE, 0x03
5839                     LISP, 0x07 GENEVE.
5840
5841              tunnelKey:
5842                     ID: 892, and enterprise ID 6876 (VMware).
5843
5844                     type: variable-length octetarray.
5845
5846                     data type semantics: identifier.
5847
5848                     description: Key which is used for identifying  an  indi‐
5849                     vidual  traffic  flow within a VxLAN (24-bit VNI), GENEVE
5850                     (24-bit VNI), GRE (32-bit key), or LISP (24-bit  instance
5851                     ID)  tunnel.  The  key is encoded in this octetarray as a
5852                     3-, 4-, or 8-byte integer ID in network byte order.
5853
5854              tunnelSourceIPv4Address:
5855                     ID: 893, and enterprise ID 6876 (VMware).
5856
5857                     type: unsigned 32-bit integer.
5858
5859                     data type semantics: identifier.
5860
5861                     description: The IPv4 source address  in  the  tunnel  IP
5862                     packet header.
5863
5864              tunnelDestinationIPv4Address:
5865                     ID: 894, and enterprise ID 6876 (VMware).
5866
5867                     type: unsigned 32-bit integer.
5868
5869                     data type semantics: identifier.
5870
5871                     description:  The  IPv4 destination address in the tunnel
5872                     IP packet header.
5873
5874              tunnelProtocolIdentifier:
5875                     ID: 895, and enterprise ID 6876 (VMware).
5876
5877                     type: unsigned 8-bit integer.
5878
5879                     data type semantics: identifier.
5880
5881                     description: The value of the protocol number in the tun‐
5882                     nel  IP packet header. The protocol number identifies the
5883                     tunnel IP packet payload type.
5884
5885              tunnelSourceTransportPort:
5886                     ID: 896, and enterprise ID 6876 (VMware).
5887
5888                     type: unsigned 16-bit integer.
5889
5890                     data type semantics: identifier.
5891
5892                     description: The source port  identifier  in  the  tunnel
5893                     transport  header.  For the transport protocols UDP, TCP,
5894                     and SCTP, this is the source port  number  given  in  the
5895                     respective header.
5896
5897              tunnelDestinationTransportPort:
5898                     ID: 897, and enterprise ID 6876 (VMware).
5899
5900                     type: unsigned 16-bit integer.
5901
5902                     data type semantics: identifier.
5903
5904                     description:  The destination port identifier in the tun‐
5905                     nel transport header. For the  transport  protocols  UDP,
5906                     TCP,  and SCTP, this is the destination port number given
5907                     in the respective header.
5908
5909              Before Open vSwitch 2.5.90,  other_config:enable-tunnel-sampling
5910              was  only supported with per-bridge sampling, and ignored other‐
5911              wise. Open vSwitch 2.5.90 and later support other_config:enable-
5912              tunnel-sampling for per-bridge and per-flow sampling.
5913
5914       other_config : virtual_obs_id: optional string
5915              A  string  that accompanies each IPFIX flow record. Its intended
5916              use is for the ``virtual observation ID,’’ an  identifier  of  a
5917              virtual  observation  point  that is locally unique in a virtual
5918              network. It describes a location in the virtual network where IP
5919              packets can be observed. The maximum length is 254 bytes. If not
5920              specified, the field is omitted from the IPFIX flow record.
5921
5922              The following enterprise entity reports  the  specified  virtual
5923              observation ID:
5924
5925              virtualObsID:
5926                     ID: 898, and enterprise ID 6876 (VMware).
5927
5928                     type: variable-length string.
5929
5930                     data type semantics: identifier.
5931
5932                     description:  A  virtual  observation  domain  ID that is
5933                     locally unique in a virtual network.
5934
5935              This feature was introduced in Open vSwitch 2.5.90.
5936
5937     Per-Bridge Sampling:
5938
5939       These values affect only per-bridge sampling. See above for a  descrip‐
5940       tion of the differences between per-bridge and flow-based sampling.
5941
5942       sampling: optional integer, in range 1 to 4,294,967,295
5943              The  rate  at  which  packets should be sampled and sent to each
5944              target collector. If not specified, defaults to 400, which means
5945              one  out of 400 packets, on average, will be sent to each target
5946              collector.
5947
5948       obs_domain_id: optional integer, in range 0 to 4,294,967,295
5949              The IPFIX Observation Domain ID sent in each  IPFIX  packet.  If
5950              not specified, defaults to 0.
5951
5952       obs_point_id: optional integer, in range 0 to 4,294,967,295
5953              The  IPFIX  Observation Point ID sent in each IPFIX flow record.
5954              If not specified, defaults to 0.
5955
5956       other_config : enable-input-sampling: optional string, either  true  or
5957       false
5958              By  default,  Open  vSwitch  samples and reports flows at bridge
5959              port input in IPFIX flow records. Set this column  to  false  to
5960              disable input sampling.
5961
5962       other_config  : enable-output-sampling: optional string, either true or
5963       false
5964              By default, Open vSwitch samples and  reports  flows  at  bridge
5965              port  output  in IPFIX flow records. Set this column to false to
5966              disable output sampling.
5967
5968     Common Columns:
5969
5970       The overall purpose of these columns is described under Common  Columns
5971       at the beginning of this document.
5972
5973       external_ids: map of string-string pairs
5974

Flow_Sample_Collector_Set TABLE

5976       A  set of IPFIX collectors of packet samples generated by OpenFlow sam‐
5977       ple actions. This table is used only for IPFIX flow-based sampling, not
5978       for  per-bridge  sampling (see the IPFIX table for a description of the
5979       two forms).
5980
5981   Summary:
5982       id                            integer, in range 0 to 4,294,967,295
5983       bridge                        Bridge
5984       ipfix                         optional IPFIX
5985       Common Columns:
5986         external_ids                map of string-string pairs
5987
5988   Details:
5989       id: integer, in range 0 to 4,294,967,295
5990              The ID of this collector set, unique among the bridge’s  collec‐
5991              tor  sets, to be used as the collector_set_id in OpenFlow sample
5992              actions.
5993
5994       bridge: Bridge
5995              The bridge into which OpenFlow sample actions can  be  added  to
5996              send packet samples to this set of IPFIX collectors.
5997
5998       ipfix: optional IPFIX
5999              Configuration  of  the  set of IPFIX collectors to send one flow
6000              record per sampled packet to.
6001
6002     Common Columns:
6003
6004       The overall purpose of these columns is described under Common  Columns
6005       at the beginning of this document.
6006
6007       external_ids: map of string-string pairs
6008

AutoAttach TABLE

6010       Auto  Attach  configuration  within a bridge. The IETF Auto-Attach SPBM
6011       draft standard describes a compact method of using  IEEE  802.1AB  Link
6012       Layer  Discovery  Protocol (LLDP) together with a IEEE 802.1aq Shortest
6013       Path Bridging (SPB) network to automatically attach network devices  to
6014       individual  services in a SPB network. The intent here is to allow net‐
6015       work applications and devices using OVS  to  be  able  to  easily  take
6016       advantage of features offered by industry standard SPB networks.
6017
6018       Auto  Attach (AA) uses LLDP to communicate between a directly connected
6019       Auto Attach Client (AAC) and Auto Attach Server (AAS). The LLDP  proto‐
6020       col  is  extended  to  add two new Type-Length-Value tuples (TLVs). The
6021       first new TLV supports the ongoing discovery of directly  connected  AA
6022       correspondents.  Auto Attach operates by regularly transmitting AA dis‐
6023       covery TLVs between the AA client and AA server.  By  exchanging  these
6024       discovery messages, both the AAC and AAS learn the system name and sys‐
6025       tem description of their peer. In the OVS context, OVS operates as  the
6026       AA  client and the AA server resides on a switch at the edge of the SPB
6027       network.
6028
6029       Once AA discovery has been completed the AAC then uses the  second  new
6030       TLV  to  deliver identifier mappings from the AAC to the AAS. A primary
6031       feature of Auto Attach is to facilitate the mapping  of  VLANs  defined
6032       outside the SPB network onto service ids (ISIDs) defined within the SPM
6033       network. By doing so individual external VLANs can be mapped onto  spe‐
6034       cific  SPB network services. These VLAN id to ISID mappings can be con‐
6035       figured and managed locally using new options added  to  the  ovs-vsctl
6036       command.
6037
6038       The  Auto  Attach OVS feature does not provide a full implementation of
6039       the LLDP protocol. Support for the mandatory TLVs  as  defined  by  the
6040       LLDP  standard  and support for the AA TLV extensions is provided. LLDP
6041       protocol support in OVS can be enabled or disabled on a  port  by  port
6042       basis. LLDP support is disabled by default.
6043
6044   Summary:
6045       system_name                   string
6046       system_description            string
6047       mappings                      map  of  integer-integer  pairs,  key  in
6048                                     range 0 to 16,777,215, value in  range  0
6049                                     to 4,095
6050
6051   Details:
6052       system_name: string
6053              The  system_name  string is exported in LLDP messages. It should
6054              uniquely identify the bridge in the network.
6055
6056       system_description: string
6057              The system_description string is exported in LLDP  messages.  It
6058              should describe the type of software and hardware.
6059
6060       mappings:  map  of integer-integer pairs, key in range 0 to 16,777,215,
6061       value in range 0 to 4,095
6062              A mapping from SPB network Individual Service Identifier  (ISID)
6063              to VLAN id.
6064
6065
6066
6067Open vSwitch 2.15.0             DB Schema 8.2.0        ovs-vswitchd.conf.db(5)
Impressum